I think the reason they keep around is so that we can all feel superior to his obvious mistakes.
They are just movies. Every couple years a new summar blockbuster will unseat all previous records; this is just they way things work; their is nothing momentous behind it.
Spiderman was hyped more than Star Wars:AOTC. There are more movie commercials, product tie ins, billboards, the lot. Just look around you.
Katz uses the opening weekend's receipts to prove that Spiderman is a better film. Um, opening weekend is to0 quick for word of mouth; it is really more of a measure of the hype leading up to the opening than the quality of the film. In any event, the money earned in American theatres represents about 10% of what a film earns (international, video, TV, etc.) making up the rest.
Lucas is not in it for the money. This is precisely the problem with the Episode I and Jar Jar: Lucas is not trying to appeal to the masses but is instead trying to achieve his artistic vision. (Of course, people lob millions his way, his only crime is not rejecting more of it).
Do we really care precisely how Anakin Skywalker got pissed off and turned to the Dark Side? Um, YES! Lucas's vision was a rich backstory that we saw only a couple of episodes in the middle of. The public has put huge demands on him to develop that backstory.
When Episode III comes out, Katz will be describing how that summer's blockbuster narrowly edges it out. Nobody will care who beats SpiderMan2 on opening weekend. Ten years from now, interest in Star Wars will be high; interest in SpiderMan won't.
This doesn't leash Carnivore. The creator doesn't understand Carnivore.
First of all, the FBI gets a warrant for the DATA. If the ISP is unable to get the DATA themselves, the FBI can then insist that they install the Carnivore box. On the other hand, courts have ruled that if the ISP can indeed get the data, then Carnivore isn't needed.
Second of all, the reason the FBI created Carnivore was because existing tools could not get the data. This encryption device is based upon existing tools, and therefore does not help get the data at all. For example, if the warrant requires the ISP to deliver copies of the suspect's e-mail, this device cannot do it.
Third, people persist in believing that Carnivore is a keyword search engine like the rumored Echelon. This is false: no judge would grant a court order allowing the FBI the ability to search for keywords. (This encryption device is based upon a keyword search engine). A typical court order would be one that allows the FBI to get all e-mail to/from a named e-mail account. Another example would be a lesser court order allowing the FBI to record the e-mail addresses to/from the specified account, but not the contents.
The advisories contain a link to a tool that will test the vulnerability. There are no secrets being kept, it's all out in the open. The problem is that no "easy-to-use" tool has been created (except for checks that have been added to scanners).
Re:Another article in the stark raving obvious....
on
Browsing Alone
·
· Score: 2
"1460 - Europe"
Researchers are lamenting the rise of books and journals produced by the new invention, Gutenburg's so-called "printing-press". Studies have shown that people who spend more time reading spend less time interacting with their peers.
Many promised that the "printing-press" would help people stay up to date with the important events of the day, but people are increasingly reading books with out-dated, irrelavent information. Dead Greeks, such as Socrates and Aristotle are especially popular - what relavance does this have with today's society? Moreover, rather than being important events, daily "news" journals are mostly filled with frivolous information such as births/deaths, marriages, graphical cartoons, and political messages.
--------
The thing that really disturbs me about Katz is that he is an authoritarian communist. Much of his comments reduce to: people shouldn't do what they want. People want to filter news according to what they are interested in. The leftist, authoritarian view is that whatever people want is bad; they should be coerced into always thinking about what society wants. (The libertarian view is, of course, if that's what people want, then that's what's good for society).
In the Scarfo case, the FBI entered in a "black-bag" operation (breaking-and-entering the building) and found the encrypted file when they physically accessed the computer. They broke in a second time to install the keylogger. They had valid warrants under current U.S. law in order to do this.
In the Magic Lantern system, they propose either hacking into the machine from the Internet, or more likely, install a transparent proxy at the ISP that attaches a trojan to any.exe the user downloads from the Internet.
The ruling centers around the question whether this was a wiretap of the phone line. The FBI had search warrants to obtain the passwords, but they did not have a wiretap order for his phone (Scarfo used AOL dialup). Thus, if the keystroke monitor was active while he was chatting on IRC, then it would be the equivalent to a phone wiretap of his AOL communications.
In order to combat this, the FBI designed their keylogger to go innactive while the modem was connected. I still have some lingering questions about this. E-mail is asynchronous. With many e-mail services (Eudora, Outlook, and AOL), the underlying software lets you compose e-mail offline and store it to disk, automatically transferring it at a later date. Personally, I compose a lot of my e-mail when my computer is offline -- these days, I spend half my time on airplanes, it is when I get the most e-mail written, I sync when I land at the next destination.
Another worrisome trend is that the hearings were "ex parte in camera" -- meaning in the judges private chambers without the presence of defense attornies. The FBI claims the details must remain a secret for national security reasons. The defense attornies are only provided a sanitized summary of the keylogging features, not the full details. This is worrisome because it prevents the public from understanding the details of what is really going on. As we saw in the Carnivore case, the FBI was free to define its own boundaries. For example, when Carnivore grabs e-mail summaries, I would interpret the court order as allowing capture of only the SMTP "envelope" containing the TO/FROM addresses -- the FBI interprets this as capturing the full e-mail headers. I think this is a gross violation of civil liberties, but there is no way to challenge this. Likewise, the keylogger details may show similar gross violations of civil liberties, but the FBI hides behind its cloak of "national security".
The thing is, there are no important details to keylogging. You can go to http://www.keyghost.com for your own hardware-based keylogger, or you can download numerous keyloggers off the Internet. There are some difficult problems. For example, PGP 6.0 introduced a keyboard driver that intercepts your keystrokes: when you type your password, this driver routes them around Windows. Thus, while it appears that you are typing in a dialog box, this is only an illusion. Standard software keyloggers for Windows will not capture the passwords. (This is why PGP 6 doesn't work well with Win2k -- it doesn't have the power management features, so it prevents Win2k from going into "suspend/hibernate" mode).
Anyway, I'll be posting some more detailed analysis later this month on my personal website. In addition, I'm providing a $10,000 bounty for anybody PC containing an "interesting" keylogger -- maybe one from the mafia doing industrial espionage, maybe one from the FBI, I don't care. I'll be posting the full details to my website (http://www.robertgraham.com).
USB defines a generic storage device. A wide range of products, from actual harddrives to pseudo-drives can be used without any *additional* device drivers. This is why Win98 needs an update -- it didn't come with the generic storage device drivers.
Much of what he writes is the Network ICE business plan from three years ago:
To combat switches, we created the concept of putting network-IDS on the host.
We also produced the first gigabit IDS (several customers are running today at a full 1-gbps, many are above 500-mbps).
The issue of "noise" is always an issue (especially "true positives" -- how many care about port 80 probes from the Internet these days?), but BlackICE has exceedingly few false positives -- it is not a major issue our customers complain about (the "protocol-analysis" technique we use results in a fraction of false-positives that "pattern-search" technology most other IDSs use).
The author claims "more rules hurts performance". Nope, BlackICE doesn't have that problem -- it doesn't even have the ability to turn off rules. You can either disable protocol-analysis modules (like HTTP, FTP, etc.), or you can ignore events after they trigger (like PHF), but you can't really turn off individual rules from triggering in the first place.
The future of networking is IPsec. BlackICE already integrates well with virtually all VPN engines, and we are working tightly with Microsoft to make sure that we can always decrypted traffic (making sure APIs are always available). We are doing nifty stuff with SSL integration with web-servers as well. Again, this is part of the idea of putting network-IDS on the host.
The author mentions Hogwash, which is inline Snort. He isn't aware that BlackICE Guard inline IDS has been shipping for much longer.
As I said, this was the Network ICE business plan from three years ago. We built a product to address these issues, we shipped it, we were successful, and this product is being mixed with the rest of ISS's technologies to become RealSecure 7.
I hate to come out with a "vendor" message, it is just that the author is most familiar with Snort, where these things are issues. He makes the assumption that other products are just commercialized versions of Snort. This isn't true -- at least in the case of our commercial product, it isn't related to Snort at all. He is maybe describing "The Future of Snort", but this is three years old for BlackICE.
You may find it boring, but here are some of my cyberanarchy papers: http://www.robertgraham.com/cyberanarchy/. I put a lot of work into the speaker notes for this presentation.
Sports competition is already "win at all costs". Right now people sacrifice family life, friends, and education in order to become the top in the field. Top athletes will often train more per day than the average person works at an 40-hour/week job. This is why they need sponsorship, which means only the rich can compete, or at least, those who can get money from rich people.
It's already a technology game. Of course, we don't look at training methodologies as technology, but it is. We have been developing better and better training techniques over the years, which has been showing up as better and better sports performance.
It's already about genetic advantage. Certain people are born with better genes for sports competition. Gene therapy just levels the playing field. Heck, it also relieves the pressure from parents who want to improve their child in the womb -- they can just wait until the kid is born, who can then choose their genetic attributes themselves:-).
I think the real issue here is that people believe that sports competition is something noble. Certainly, this is how the multi-billion $$$ Olympics.com sports corporation markets it. I just don't see it that way. I'm not saying its ignoble, its just that the NobleAthlete(tm) is a product. E.g. in the past, only "amateurs" could compete in order to maintain this mythical image, but now professional athletes can compete -- pros were allowed only when it didn't weaken the image the Olympics.com is trying to sell.
It would be pointless for the FBI to contact anti-virus vendors: anti-virus programs cannot detect Magic Lantern, they can only detect widespread viruses.
On the other hand, the FBI would be interested in contacting the PGP division. PGP 6.0.2 (and above) defeats keyloggers. E.g. if you were infected with the BadTrans.B virus/worm and you used PGP to encrypt your files, the h4x0r would not discover your passwords. (And yes, I've tried it.). [BTW, this is why 6.0.2 didn't work well on Win2k, PGP installs a keybaord sniffing driver to accomplish this trick, and it wasn't compatible with Win2k power management].
Host-based IDS (e.g. BlackICE) will likely detect Magic Lantern. The next version of BlackICE will detect the keyloggers like that in BadTrans or trojans like SubSeven. Unless Magic Lantern is a complete departure from today's technology, such an IDS will likely pick it up. I've already got a keylogger detection system up and running on my machine (now I need to test the darn thing on all versions of Windows).
An interesting sidenote, BadTrans is exactly what Magic Lantern wants to be. It could be a worm created by the FBI in order to hopefully catch some info about the 9/11 terrorists. Maybe it's an evil corporation out to find info on competitors.
The question is not "why did they fail" but "why anybody thought they would succeed".
In other words, the word "fail" sorta implies that there was a snowball's chance you would succeed. I mean, let's say that I'm going to create a business that will build rockets and provide vacations on the moon. When the business fails, you don't do a post-mortem and ask why it failed. It doesn't take a genius to figure that out.
The same was true of the dot-com era. There was a suspension of disbelief -- people actually thought we really could provide moon vacations. BTW, I use "rockets" because I suspect that the next overhyped tech bubble is going to space (that, or biotech).
We geeks are often frusterated by websites that come up blank because we use Netscape on Linux without Flash. This isn't the cause of their failure, but a symptom that businesses were run by people that didn't understand business.
For example, in order to tested out the famous flop "boo.com", I attempted to buy something from their website. It was very pretty and artistic, but no matter which browser combination I tried, I simply could not get the website to work. To the business owners, actually fulfilling customer wishes was a minor details that the techies could work out. Like building rockets, business owners couldn't build what they were promising -- an much of what they were promising would be impossible to build.
BTW, I created an enormously successful new-economy business that was profitable for 3 years. We had to be profitable. We went to the VCs with the business model that we were going to build a better mouse-trap, and leverage word-of-mouth. They laughed at us and told us it wasn't about product, but "branding", and how naive we were. Since we got no VC funding, we didn't have the luxary of building a loss making business.
There are no lessons to be learned from the failed dot-coms, any more than lessons to be learned from a failed moon vacation business. This means that there is no magic formula for building a successful new economy business.
PS: The funny thing is, despite the lack of super bowl commercials and absolutely zero advertising, we built a strong brand. The VCs are right -- you do need branding, it's just that vapid commercials don't build strong brands -- satisfied customers do.
I guess I'm a little skeptical of all technology that attempts to supply "old" paradigms to new problems.
The most important thing about the Internet is "bandwidth". I'm not talking bits on the wire, I'm talking how fast information flows into my brain. Speech is vastly slower than text as a medium for transfering information into my brain. I'm so accustomed to Internet speeds for information, I can no longer watch TV news -- the bandwidth is too slow. I'm glad I don't go to school anymore -- I could barely stand lectures when I was a kid, I would never be able to sit through them as an adult.
Five years ago everyone in Japan walked around with their phone to their ears. These days, everyone in Japan walks around looking at their phone (instant messaging, etc.). I'm not sure if people "get" the bandwidth problem. Sound must be multiplexed into half-bandwidth, serialized communication. By this I mean you can only input or output at the same time, but not both. Also, incoming messages must arrive separately, not in parallel. With audio, I can only talk to one person at a time, with messaging, I can carry on multiple text-based conversations simultaneously. I mean, text-to-voice has long been availabe on PCs, but nobody uses it for ICQ/AIM/YahooIM/MSIM.
As far as I can tell, audio is dead. Maybe somebody will invent some sort of hyperfast language (didn't Heinlein describe something like that in a book?), but I think the next wave is going to be something new that replaces reading text, not something that goes backwards to audio.
Re:Contrast: The Economist
on
Globalization
·
· Score: 2
it is one of the brashest proponents of the free market system, and very much has an axe to grind
There is a slight difference. JonKatz doesn't have a firm grasp of the subject matter -- all he has is strong opinions. The Economist certainly has a pro-business slant, but this is based upon a firm grasp of the subject matter.
This is why JonKatz engenders passionate dislike -- whether we are talking technology, economics, or any other field, his grasp of the subject matter is lower than his readership, yet he makes strong pronouncements based upon his ignorance.
JonKatz appeals to young geeks who share is values and ignorance. I think it is a rite-of-passage: at some point, people mature and become educated and realize what JonKatz is all about (he certainly would have appealed to me when I was 15 years old).
Contrast: The Economist
on
Globalization
·
· Score: 5, Insightful
The Economist recently had an entire issue devoted to globalism. Some of these articles are at http://www.economist.com. The Economist is a weekly news magazine, much like Time/Newsweek/USNews, though it appeals to more educated people.
JonKatz has an axe to grind; The Economist doesn't. JonKatz will certainly feed your paranoia that the big bad multinationals are out to get you, The Economist will provide a fairer, ballanced set of information.
Like most JonKatz articles, you can't get past the first paragraph with tripping over widely inaccurate claims:
some of the media and political institutions responsible for providing clarity and coherent information appear to be unraveling under the stress of coping with terrorist attacks
He claims that the media and government is responsible for providing clarity and coherent information. I'm sorry, I've read the U.S. constitution, and I don't see anything that gives them that responsibility.
JonKatz doesn't believe in this theory called "economics". It is a simple theory, really; it just states that people pay for things that they want. People are paying a lot of money right now to dredge up every last bit of information related to the Sept11 attacks, regardless whether it is substantiated, relavent, or "coherent". For example, people are tuning in to CNN to see the latest details. Unfortunately, there is about 5 minutes of "coherent" news each day, so in order to satisfy the viewer's wishes, CNN fills in the remaining time with the "non-coherent" stuff.
This is where the idea of "responsibility" comes in. It is the consumers who are irresponsible: they will keep searching for more news related to Sept11, and when they hear an unsubstantiated rumor, they treat it as fact rather than as a rumor. If all the "responsible" journalistic outlets refused to give it to them, they will continue searching until they find irresponsible providers. I guess this is why hypermedia is bad -- it doesn't impose any limits on how far you can search. Actually, if you were to stick to a single news source, you actually would find a nice coherent synapsis. It is just that consumers aren't sticking with one news source, but hoping around through all of them.
I'm always at a loss to understand JonKatz. On one hand, he believes that there is some sort of Big Conspiracy that hides information from the Populace, giving Us only the information They think We should have. On the other hand, he is critizing Media and Government for NOT doing that: he wants the Media/Government to be responsible and give us only the coherent news They think We should have, hiding from us all the other details.
Anyway, the choice is yours. You can be a whiner like JonKatz and demand flimsy news and then complain it's flimsy, or you could choose better news sources (WallStreetJournal,Slate) and interpret the news responsibly.
I owned a Dell Lattitude 133MHz Pentium notebook. It never worked correctly, despite multiple attempts to fix it.. The problem was that keyboard controller would ignore any input characters for a half-second about once a minute. This might not sound like a major problem, but when you are a touch typist that is trying to type a lot of text, this problem is huge. It is a huge amount of frusteration. Also note that it makes playing fast-twitch games impossible. Pretty much any use I had for the notebook was made impossible by this bug.
I didn't realize there was a bug in the notebook until after the 60 day return policy. It was very hard to prove that something was actually wrong with the notebook -- I thought it was me not hitting the keys hard enough.
The thing is, Dell knew about the problem long before I purchased the notebook. I sent my notebook in three times specifically to fix this problem. The first two times they simply flashed the BIOS with a new version, which didn't fix the problem. On the third time, they did change the window where it ignored the characters from a half second down to a quarter of a second.
Ultimately, after a lot of frusteration, I was simply out the $2000 I spent on the notebook. I never could use it for anything.
I heard stories about a big company that had thousands of these lemons; Dell wasn't willing to refund their money or fix their problem, either. I never heard what the end result was. I think this is why they refused to refund my purchase -- they would have had to refund a lot of people's money, which would have had a huge effect on their bottom line.
>Does the average entry-level IT person need to make the sort of decisions a CEO or CIO needs to make?
The entry-level IT person needs to understand the decisions a CEO or CIO makes.
Young people are a pain in the neck because they are not well-rounded. They come into companies thinking they have all the answers, but they don't understand what all the questions are. BTW, I'm describing myself here - I would not hire the person I was at 22.
Take the example you mention. What happens when management wants to only invest in creating content for Internet Explorer on Windows? A typical kid out of school will fight for making it work on Macintoshes, Mozilla on Linux, and possibly Lynx. The kid thinks management doesn't understand the Big Picture, but the reverse is true. It is the kid that doesn't understand all the data that management is using to make their decision. Another example is Linux within IT. There are Big Picture issues why management is afraid of using it.
Note that when I ran my own business (which eventually grew to 100 people in size), I made sure that our webpages worked on Lynx (Opera, HotJava, etc.) and I our poor little 486 running RedHat 5.2 handled huge volumes of e-mail. However, I also understand the big picture - I know why the decisions I made here do not apply to others. (The company has been bought out, we are using MS Exchange e-mail, which I find loathsome, but I don't dispute the decision, because I understand the big-picture).
>Do companies really want me to spend more time diagramming a program than I need to program it in the first place?
Yes. This is exactly the point. The company doesn't care about the code you right, they only care about whether others can fix bugs or make enhancements to your code 5 years from now. The "design" of the code is far more important than the implementation. It is actually far more complicated than that (heck, I've watched company's so afraid of actual coding that they get into design-paralysis, but that's a different issue). The point is simply that what your employer wants out of you is often different from what you want to do - that's why they pay you.
>My question for Slashdot readers is: Is this really what companies want of today's graduates?"
First, as an employer, I want somebody who will do what I want them to do. If that means writing content only for Internet Explorer, then so be it. Second, I want them to understand what is valuable to me. If I want Internet Explorer specific content, I don't want them to meekly submit and do it, I want them to understand why it is important to me. Fresh perspectives that youth tends to have are indeed valuable, but only when they can fit within my existing framework.
Finally, there is the general question of being "well-rounded". This is indeed the definition of a "university": its goal is not to educate you so much as prevent you from being ignorant. It depends upon your values. Some people find that ignorance is bliss. Do you want to be a raving ignorant paranoid (*cough* JonKatz *cough*) that thinks they always have the right answers? Or do you want to be somebody who knows enough of the Big Picture that never has all the answers?
Xmas is coming up; are these too complex for my 3-year old niece?
BTW, I think I would have liked these much more as a child. Some people might think that Legos are better because they have more variety of pieces. I think the reverse is true: the reason I liked Legos as a child was because I figured out how to build things that were not drawn for me. I NEVER attempted to build the demonstrations they had pictured on the box. With these things, I would have been able to express even more creativity.
I think Legos were a significant contributer to my geek status: now I put together code in much the same way that I put Legos together. I enjoy building things that nobody has ever thought of.
Am I wrong trying to pass these values onto my niece? I think I would rather buy her geek things that stretch the mind rather than clothes or dolls, but then, am I just passing my values onto her?
The question in the article was: VRML plugins have been around a while -- yet they do not seem to be successful. Why is that?
This isn't a flame, but the answer is simply that nobody likes VRML. People think that things are successful because of some other force than people like something. This can be true in rare cases (huge marketing campaigns like Nike's can change what people want), but ultimately, if something isn't successful, then it is because people don't want it.
The real question is: why don't people like VRML? Well, load it up yourself and view 3D worlds. Now play Quake. The VRML experience is unsatisfying, but Quake is fun.
Here are some basic reasons why VRML fails to stimulate people:
Navigation sucks. The controls were built for people who wanted to model 3D objects from the outside, they weren't built for people who wanted to navigate the intireors of dungeons. Few people wanted to look at the 3D objects, most people want to fly through objects.
VRML worlds sucked. Because of (or causing) the navigation problems, most VRML were objects you attempted to manipulate rather than 3D worls you could fly through.
VRML didn't grok "cyberspace". Go to old VRML design documents and read the description of how they define "cyberspace", then read William Gibson's defition (or any cyberpunk definition). The VRML group was trying to model the real 3D world and objects, trying to make the PC model reality. People don't want this -- they want the computer to do stuff that you can't do in the real world. Doing real world stuff is easier in the real world -- VRML brought nothing new that the real world didn't have to offer. (This is why Quake is fun: it isn't the real world -- I love the low-grave levels:-)
Poor leadership. Read Mark Piesce's old writings and contrast with Linus/ESR's writings. Piesce is a petulant child compared to the maturity of Linus/ESR/Cox/etc. Emotional ranting is popular in forums like Slashdot, but leaders who behave that way hurt their projects.
The real answer is that 3D has taken over the world and become the driving force behind computers (e.g. 3D cards in computers have more gates than CPUs). The 3D market has expanded hugely fast. There are those that figured out how to catch the wave (John Carmack @ Id) and those that failed to grok what was going on (Mark Piesce w/ VRML). One of these days we'll see some interesting 3D technology added to browsers; it won't look like VRML, it might look like Quake/Doom or Flight Simulator, or it might be something completely different.
Token Ring came out in the late 1980s as a more "reliable" technology because it replaced the old "bus" topology of coax Ethernet with a "star" topology that isolated errors to a single port. Adapters even had the ability to detect that they were causing errors and would automatically pull themselves off the network.
The promised reliability never materialized. In the early days, the TR connector was the same as that for DB9 serial ports and EGA (pre-VGA) video. L-users would frequently connect the cables incorrectly, taking down the entire LAN. In the later days, 10BaseT Ethernet replaced coax, and became slightly more reliable than Token Ring. These days, we used switched Ethernet, which is infinitely more reliable than Token Ring.
Keeping Token Ring networks running has become like voodoo management. Stories like yours are common. Nobody knows exactly WHY things are going wrong, so they are quick to point the finger at oddball stuff. There is so little support for Token Ring that nobody can figure out how to solve even basic problems. The only solution is to remove the offending products from the network.
Here is some background for what might be going wrong. First of all, your card has its own microprocessor. As a kid in the early 1980s I owned a TI-99/4a home computer/game-console: it is roughly the same CPU in your card. It runs its own embedded OS. This means that under normal conditions, your card will run fine, regardless of the driver: all the intelligence is on the adapter, not in the driver.
I point this out because you never specified exactly the types of errors you are receiving. In theory, all such errors are related to the hardware, and there is nothing the driver can do to cause them. Specifically, I don't know how it can be possible for something to "cause ring errors that eventually bring down the entire net". There are really no progressive failures like this in Token Ring.
If you mentioned the precise ring error and/or the method in which the ring goes down, it might be helpful. Here are some possible ring erors.
A burst-error is caused when an adapter inserts itself into or removes itself from the ring. This might be caused because, for some reason, Linux might be re-initializing the card. For example, you may have DHCP set to renew the lease every minute which may cause this to happen. I have no knowledge of how Linux deals with Token Ring, but if the problem is "Burst Errors", then it is because of some higher-layer interaction like this.
A "receiver congestion" error is caused when the Linux driver doesn't remove packets from the card's buffers fast enough. In theory, they are suppose to indicate that packets are coming in too fast for the machine to handle. In practice, you see this happen when machines "hang" and fail to empty their queues. You might be running some sort of libpcap packet-sniffer on the system or have the adapter running in promiscuous mode (do an ifconfig to check) that is having some sort of pathelogical condition.
Maybe you are getting "FC errors" which indicate that somebody has the same MAC address as you. This won't happen if you use the standard MAC address built into the card, but it could happen if the Linux driver has a bug setting a locally administered address. Maybe it's setting it to all zeroes, causing a conflict with some other card that has a similar bug.
None of these errors really cause problems. Burst errors will nuke a frame as it passes by (maybe one out of a thousand) -- the hardware auto-retransmits, so it doesn't cause performance problems. Receiver congestion errors only cause problems for YOU and nobody else on the ring. A duplicate address will only cause problems with the other machine that shares your MAC address.
My guess is that your admins are just getting testy over the fact that your Linux box re-inserts itself more often than Windows boxen, causing a higher number of relatively harmless burst-errors. When they diagnose problems with the ring, they notice that your machine causes the highest number of errors, and therefore blamr any ring failure on you.
If your machine is truly causing a problem, the only thing I can think of is that your port on the hub gets "stuck" (this happens a lot). The process of re-inserting has a small chance of getting stuck, so if your Linux box re-inserts 100 times more often than Windows, you'd see this.
BTW, Token Ring is a good lesson in Zen. A burst-error is defined as 5 half-bit times without a transition. What this really means is that a station has entered or left the ring. I point this out because if you try to debug this problem yourself, you'll have to hunt down Token Ring references. Go quickly to the definition of burst-errors: if it has the "technical" definition, discard the reference and move on. If it has the "practical" definition, then you'll be in luck.
I created a program that automatically checked for the backdoor upon receipt of a/default.ida attack (/scripts/root.exe?). It didn't work: the CodeRedII worm is DoSing itself - after enough reinfections, the server stops being able to respond with requests.
As a more casual defense, I've written stuff that causes the worm to hang in its receive function: http://robertgraham.com/tools/deredoc. It's kind fun, I've got hundreds of worm threads waiting for me to respond back to them.
You can create benign anti-worms. You can setup a worm to only counterattack when attacked itself. Such a worm would not bother innocents, and would only spread to infected systems, cleaning as it went. In other words, it wouldn't be 'scanning' -- it only responds upstream to infected systems. There are two problems to that approach: the first is that CodeRedII self-DoS itself, so the systems cannot be exploited, either with the.ida attack or the backdoor. The second problem is that a heck of a lot of these systems are behind firewalls, and you cannot directly contact them on port 80 (CodeRedII has been extremely effective about worming its way around firewalls).
You can evade legal constraints. Post the source of your anti-worm to Usenet as an example how an anti-worm is constructed. This is legal free-speech -- as long as you don't encourage others to run it.
CodeRedII is raging inside corporations. It would be extremely ethical to put something on your own machine to help stop it. One example would be a script (CGI, PERL, PHP, ASP) named/default.ida on your system that did something like "/scripts/root.exe?/c+net+stop+w3svc" back at the attacker.
It's not an attempt to flog the product; it is coincident on the fact that I'm likely to post where my expertise is, and my expertise is what I've been doing for the last several years. The problem of "multiple-encodings" is a BIG one in security. There are addendums to both ASN.1 and the Unicode standard. Actually, the reason for DER is to get rid of the ambiguity in BER because of security reasons (that's why DER is always specified for security-related ASN.1). There are other papers that describe the how multiple encodings are a big problem for security, the only thing I had handy was my own research.
Preface: I've written parsers for ASN.1 (esp. SNMP MIBs, but also generic), BER/DER (same thing), PER, HTML, XML, and while we are at it, XDR and CORBA IDL. I've written a BER decoder that can decode SNMP at gigabit/second speeds.
There are a vast number of differences between ASN.1 and XML. To think that ASN.1 is in any way related to XML demonstrates that they just don't "get it".
1. Why not XDR or just raw binary?
Why not just specify your own binary format for you application? The thing that the ASN.1 bigots don't understand is that in most real-world applications, the ASN.1 formatting provides only overhead but no realworld value. This happens in XML, too, but the value proposition for XML is much clearer. A good example is the H.323 series PER encoding which is just plain wrong: well-documented custom encoding would have been tons better.
2. DTD or no DTD
The ASN.1 language is essentially a DTD; it gets encoded in things like BER. The trick is that I can parse "well-formed" XML content without knowing the DTD. This is impossible with current ASN.1 encoding. The idea of DTD-free "well-formed" input and DTD-based "valid" input is at the core of XML. Yes, both ASN.1 and XML both format data, but proposing ASN.1 as being a valid substitute means you just don't grok what XML is all about
3. Interoperability
The Internet grew up in an environment that parsers should be liberal in what they receive. This was important in early interoperability, but now is a detriment. For example, it is impossible to write an interoperable HTML parser. XML took the radical zen approach of mandating that any parser that excepts malformed input is BAD. As a result, anybody writing an parser knows the input will be well-formed. There is one-and-only-one way to represent input (barring whitespace), so writing parsers is easy. ASN.1 has taken the opposite approach, there are a zillion ways to represent input.
As a result, non-interoperable ASN.1 implementations abound. For example, most SNMP implementations are incompatible. They work only "most" of the time. Go to a standard SNMP MIB repository and you'll find that the same MIB must be published multiple times to handle different ASN.1 compilers.
The long and the short of it is that ASN.1 implementations today are extremely incompatible with each other, whereas XML libraries have proving to extremely interoperable. Right now, XML has proven the MOST interoperable way to format data, and ASN.1 has proven to be the LEAST.
4. Bugs
Most XML parsers have proven to be robust, most ASN.1 parsers have proven to be buggy. You can DoS a lot of devices today by carefully crafting malformed SNMP BER packets.
5. Security
You can leverage ASN.1's multiple encodings to hack. For example, my SideStep program shows how to play with SNMP and evade network intrusion detection systems:
http://robertgraham.com/tmp/sidestep.html
At the same time, ASN.1 parsers are riddled with buffer-overflows.
Anyway, sorry for ranting. I think XML advocates are a little overzealous (watch carefully your possessions or some XMLite will come along and encode it), but ASN.1 is just plain wrong. The rumor is that somebody through it together as a sample to point out problems, but it was accidentally standardized. It is riddled with problems, it should be abandoned. An encoding system is rarely needed, but if you need one, pick XDR for gosh sakes.
Slashdot Mirror
First of all, the FBI gets a warrant for the DATA. If the ISP is unable to get the DATA themselves, the FBI can then insist that they install the Carnivore box. On the other hand, courts have ruled that if the ISP can indeed get the data, then Carnivore isn't needed.
Second of all, the reason the FBI created Carnivore was because existing tools could not get the data. This encryption device is based upon existing tools, and therefore does not help get the data at all. For example, if the warrant requires the ISP to deliver copies of the suspect's e-mail, this device cannot do it.
Third, people persist in believing that Carnivore is a keyword search engine like the rumored Echelon. This is false: no judge would grant a court order allowing the FBI the ability to search for keywords. (This encryption device is based upon a keyword search engine). A typical court order would be one that allows the FBI to get all e-mail to/from a named e-mail account. Another example would be a lesser court order allowing the FBI to record the e-mail addresses to/from the specified account, but not the contents.
I have written a Carnivore engine that has previously been written up in /. It, and a Carnivore FAQ, is at: http://www.robertgraham.com/altivore/.
The advisories contain a link to a tool that will test the vulnerability. There are no secrets being kept, it's all out in the open. The problem is that no "easy-to-use" tool has been created (except for checks that have been added to scanners).
Researchers are lamenting the rise of books and journals produced by the new invention, Gutenburg's so-called "printing-press". Studies have shown that people who spend more time reading spend less time interacting with their peers.
Many promised that the "printing-press" would help people stay up to date with the important events of the day, but people are increasingly reading books with out-dated, irrelavent information. Dead Greeks, such as Socrates and Aristotle are especially popular - what relavance does this have with today's society? Moreover, rather than being important events, daily "news" journals are mostly filled with frivolous information such as births/deaths, marriages, graphical cartoons, and political messages.
--------
The thing that really disturbs me about Katz is that he is an authoritarian communist. Much of his comments reduce to: people shouldn't do what they want. People want to filter news according to what they are interested in. The leftist, authoritarian view is that whatever people want is bad; they should be coerced into always thinking about what society wants. (The libertarian view is, of course, if that's what people want, then that's what's good for society).
In the Magic Lantern system, they propose either hacking into the machine from the Internet, or more likely, install a transparent proxy at the ISP that attaches a trojan to any .exe the user downloads from the Internet.
In order to combat this, the FBI designed their keylogger to go innactive while the modem was connected. I still have some lingering questions about this. E-mail is asynchronous. With many e-mail services (Eudora, Outlook, and AOL), the underlying software lets you compose e-mail offline and store it to disk, automatically transferring it at a later date. Personally, I compose a lot of my e-mail when my computer is offline -- these days, I spend half my time on airplanes, it is when I get the most e-mail written, I sync when I land at the next destination.
Another worrisome trend is that the hearings were "ex parte in camera" -- meaning in the judges private chambers without the presence of defense attornies. The FBI claims the details must remain a secret for national security reasons. The defense attornies are only provided a sanitized summary of the keylogging features, not the full details. This is worrisome because it prevents the public from understanding the details of what is really going on. As we saw in the Carnivore case, the FBI was free to define its own boundaries. For example, when Carnivore grabs e-mail summaries, I would interpret the court order as allowing capture of only the SMTP "envelope" containing the TO/FROM addresses -- the FBI interprets this as capturing the full e-mail headers. I think this is a gross violation of civil liberties, but there is no way to challenge this. Likewise, the keylogger details may show similar gross violations of civil liberties, but the FBI hides behind its cloak of "national security".
The thing is, there are no important details to keylogging. You can go to http://www.keyghost.com for your own hardware-based keylogger, or you can download numerous keyloggers off the Internet. There are some difficult problems. For example, PGP 6.0 introduced a keyboard driver that intercepts your keystrokes: when you type your password, this driver routes them around Windows. Thus, while it appears that you are typing in a dialog box, this is only an illusion. Standard software keyloggers for Windows will not capture the passwords. (This is why PGP 6 doesn't work well with Win2k -- it doesn't have the power management features, so it prevents Win2k from going into "suspend/hibernate" mode).
Anyway, I'll be posting some more detailed analysis later this month on my personal website. In addition, I'm providing a $10,000 bounty for anybody PC containing an "interesting" keylogger -- maybe one from the mafia doing industrial espionage, maybe one from the FBI, I don't care. I'll be posting the full details to my website (http://www.robertgraham.com).
USB defines a generic storage device. A wide range of products, from actual harddrives to pseudo-drives can be used without any *additional* device drivers. This is why Win98 needs an update -- it didn't come with the generic storage device drivers.
As I said, this was the Network ICE business plan from three years ago. We built a product to address these issues, we shipped it, we were successful, and this product is being mixed with the rest of ISS's technologies to become RealSecure 7.
I hate to come out with a "vendor" message, it is just that the author is most familiar with Snort, where these things are issues. He makes the assumption that other products are just commercialized versions of Snort. This isn't true -- at least in the case of our commercial product, it isn't related to Snort at all. He is maybe describing "The Future of Snort", but this is three years old for BlackICE.
You may find it boring, but here are some of my cyberanarchy papers: http://www.robertgraham.com/cyberanarchy/. I put a lot of work into the speaker notes for this presentation.
It's already a technology game. Of course, we don't look at training methodologies as technology, but it is. We have been developing better and better training techniques over the years, which has been showing up as better and better sports performance.
It's already about genetic advantage. Certain people are born with better genes for sports competition. Gene therapy just levels the playing field. Heck, it also relieves the pressure from parents who want to improve their child in the womb -- they can just wait until the kid is born, who can then choose their genetic attributes themselves :-).
I think the real issue here is that people believe that sports competition is something noble. Certainly, this is how the multi-billion $$$ Olympics.com sports corporation markets it. I just don't see it that way. I'm not saying its ignoble, its just that the NobleAthlete(tm) is a product. E.g. in the past, only "amateurs" could compete in order to maintain this mythical image, but now professional athletes can compete -- pros were allowed only when it didn't weaken the image the Olympics.com is trying to sell.
On the other hand, the FBI would be interested in contacting the PGP division. PGP 6.0.2 (and above) defeats keyloggers. E.g. if you were infected with the BadTrans.B virus/worm and you used PGP to encrypt your files, the h4x0r would not discover your passwords. (And yes, I've tried it.). [BTW, this is why 6.0.2 didn't work well on Win2k, PGP installs a keybaord sniffing driver to accomplish this trick, and it wasn't compatible with Win2k power management].
Host-based IDS (e.g. BlackICE) will likely detect Magic Lantern. The next version of BlackICE will detect the keyloggers like that in BadTrans or trojans like SubSeven. Unless Magic Lantern is a complete departure from today's technology, such an IDS will likely pick it up. I've already got a keylogger detection system up and running on my machine (now I need to test the darn thing on all versions of Windows).
An interesting sidenote, BadTrans is exactly what Magic Lantern wants to be. It could be a worm created by the FBI in order to hopefully catch some info about the 9/11 terrorists. Maybe it's an evil corporation out to find info on competitors.
In other words, the word "fail" sorta implies that there was a snowball's chance you would succeed. I mean, let's say that I'm going to create a business that will build rockets and provide vacations on the moon. When the business fails, you don't do a post-mortem and ask why it failed. It doesn't take a genius to figure that out.
The same was true of the dot-com era. There was a suspension of disbelief -- people actually thought we really could provide moon vacations. BTW, I use "rockets" because I suspect that the next overhyped tech bubble is going to space (that, or biotech).
We geeks are often frusterated by websites that come up blank because we use Netscape on Linux without Flash. This isn't the cause of their failure, but a symptom that businesses were run by people that didn't understand business.
For example, in order to tested out the famous flop "boo.com", I attempted to buy something from their website. It was very pretty and artistic, but no matter which browser combination I tried, I simply could not get the website to work. To the business owners, actually fulfilling customer wishes was a minor details that the techies could work out. Like building rockets, business owners couldn't build what they were promising -- an much of what they were promising would be impossible to build.
BTW, I created an enormously successful new-economy business that was profitable for 3 years. We had to be profitable. We went to the VCs with the business model that we were going to build a better mouse-trap, and leverage word-of-mouth. They laughed at us and told us it wasn't about product, but "branding", and how naive we were. Since we got no VC funding, we didn't have the luxary of building a loss making business.
There are no lessons to be learned from the failed dot-coms, any more than lessons to be learned from a failed moon vacation business. This means that there is no magic formula for building a successful new economy business.
PS: The funny thing is, despite the lack of super bowl commercials and absolutely zero advertising, we built a strong brand. The VCs are right -- you do need branding, it's just that vapid commercials don't build strong brands -- satisfied customers do.
The most important thing about the Internet is "bandwidth". I'm not talking bits on the wire, I'm talking how fast information flows into my brain. Speech is vastly slower than text as a medium for transfering information into my brain. I'm so accustomed to Internet speeds for information, I can no longer watch TV news -- the bandwidth is too slow. I'm glad I don't go to school anymore -- I could barely stand lectures when I was a kid, I would never be able to sit through them as an adult.
Five years ago everyone in Japan walked around with their phone to their ears. These days, everyone in Japan walks around looking at their phone (instant messaging, etc.). I'm not sure if people "get" the bandwidth problem. Sound must be multiplexed into half-bandwidth, serialized communication. By this I mean you can only input or output at the same time, but not both. Also, incoming messages must arrive separately, not in parallel. With audio, I can only talk to one person at a time, with messaging, I can carry on multiple text-based conversations simultaneously. I mean, text-to-voice has long been availabe on PCs, but nobody uses it for ICQ/AIM/YahooIM/MSIM.
As far as I can tell, audio is dead. Maybe somebody will invent some sort of hyperfast language (didn't Heinlein describe something like that in a book?), but I think the next wave is going to be something new that replaces reading text, not something that goes backwards to audio.
There is a slight difference. JonKatz doesn't have a firm grasp of the subject matter -- all he has is strong opinions. The Economist certainly has a pro-business slant, but this is based upon a firm grasp of the subject matter.
This is why JonKatz engenders passionate dislike -- whether we are talking technology, economics, or any other field, his grasp of the subject matter is lower than his readership, yet he makes strong pronouncements based upon his ignorance.
JonKatz appeals to young geeks who share is values and ignorance. I think it is a rite-of-passage: at some point, people mature and become educated and realize what JonKatz is all about (he certainly would have appealed to me when I was 15 years old).
JonKatz has an axe to grind; The Economist doesn't. JonKatz will certainly feed your paranoia that the big bad multinationals are out to get you, The Economist will provide a fairer, ballanced set of information.
He claims that the media and government is responsible for providing clarity and coherent information. I'm sorry, I've read the U.S. constitution, and I don't see anything that gives them that responsibility.
JonKatz doesn't believe in this theory called "economics". It is a simple theory, really; it just states that people pay for things that they want. People are paying a lot of money right now to dredge up every last bit of information related to the Sept11 attacks, regardless whether it is substantiated, relavent, or "coherent". For example, people are tuning in to CNN to see the latest details. Unfortunately, there is about 5 minutes of "coherent" news each day, so in order to satisfy the viewer's wishes, CNN fills in the remaining time with the "non-coherent" stuff.
This is where the idea of "responsibility" comes in. It is the consumers who are irresponsible: they will keep searching for more news related to Sept11, and when they hear an unsubstantiated rumor, they treat it as fact rather than as a rumor. If all the "responsible" journalistic outlets refused to give it to them, they will continue searching until they find irresponsible providers. I guess this is why hypermedia is bad -- it doesn't impose any limits on how far you can search. Actually, if you were to stick to a single news source, you actually would find a nice coherent synapsis. It is just that consumers aren't sticking with one news source, but hoping around through all of them.
I'm always at a loss to understand JonKatz. On one hand, he believes that there is some sort of Big Conspiracy that hides information from the Populace, giving Us only the information They think We should have. On the other hand, he is critizing Media and Government for NOT doing that: he wants the Media/Government to be responsible and give us only the coherent news They think We should have, hiding from us all the other details.
Anyway, the choice is yours. You can be a whiner like JonKatz and demand flimsy news and then complain it's flimsy, or you could choose better news sources (WallStreetJournal,Slate) and interpret the news responsibly.
I didn't realize there was a bug in the notebook until after the 60 day return policy. It was very hard to prove that something was actually wrong with the notebook -- I thought it was me not hitting the keys hard enough.
The thing is, Dell knew about the problem long before I purchased the notebook. I sent my notebook in three times specifically to fix this problem. The first two times they simply flashed the BIOS with a new version, which didn't fix the problem. On the third time, they did change the window where it ignored the characters from a half second down to a quarter of a second.
Ultimately, after a lot of frusteration, I was simply out the $2000 I spent on the notebook. I never could use it for anything.
I heard stories about a big company that had thousands of these lemons; Dell wasn't willing to refund their money or fix their problem, either. I never heard what the end result was. I think this is why they refused to refund my purchase -- they would have had to refund a lot of people's money, which would have had a huge effect on their bottom line.
>Does the average entry-level IT person need to make the sort of decisions a CEO or CIO needs to make?
The entry-level IT person needs to understand the decisions a CEO or CIO makes.
Young people are a pain in the neck because they are not well-rounded. They come into companies thinking they have all the answers, but they don't understand what all the questions are. BTW, I'm describing myself here - I would not hire the person I was at 22.
Take the example you mention. What happens when management wants to only invest in creating content for Internet Explorer on Windows? A typical kid out of school will fight for making it work on Macintoshes, Mozilla on Linux, and possibly Lynx. The kid thinks management doesn't understand the Big Picture, but the reverse is true. It is the kid that doesn't understand all the data that management is using to make their decision. Another example is Linux within IT. There are Big Picture issues why management is afraid of using it.
Note that when I ran my own business (which eventually grew to 100 people in size), I made sure that our webpages worked on Lynx (Opera, HotJava, etc.) and I our poor little 486 running RedHat 5.2 handled huge volumes of e-mail. However, I also understand the big picture - I know why the decisions I made here do not apply to others. (The company has been bought out, we are using MS Exchange e-mail, which I find loathsome, but I don't dispute the decision, because I understand the big-picture).
>Do companies really want me to spend more time diagramming a program than I need to program it in the first place?
Yes. This is exactly the point. The company doesn't care about the code you right, they only care about whether others can fix bugs or make enhancements to your code 5 years from now. The "design" of the code is far more important than the implementation. It is actually far more complicated than that (heck, I've watched company's so afraid of actual coding that they get into design-paralysis, but that's a different issue). The point is simply that what your employer wants out of you is often different from what you want to do - that's why they pay you.
>My question for Slashdot readers is: Is this really what companies want of today's graduates?"
First, as an employer, I want somebody who will do what I want them to do. If that means writing content only for Internet Explorer, then so be it. Second, I want them to understand what is valuable to me. If I want Internet Explorer specific content, I don't want them to meekly submit and do it, I want them to understand why it is important to me. Fresh perspectives that youth tends to have are indeed valuable, but only when they can fit within my existing framework.
Finally, there is the general question of being "well-rounded". This is indeed the definition of a "university": its goal is not to educate you so much as prevent you from being ignorant. It depends upon your values. Some people find that ignorance is bliss. Do you want to be a raving ignorant paranoid (*cough* JonKatz *cough*) that thinks they always have the right answers? Or do you want to be somebody who knows enough of the Big Picture that never has all the answers?
BTW, I think I would have liked these much more as a child. Some people might think that Legos are better because they have more variety of pieces. I think the reverse is true: the reason I liked Legos as a child was because I figured out how to build things that were not drawn for me. I NEVER attempted to build the demonstrations they had pictured on the box. With these things, I would have been able to express even more creativity.
I think Legos were a significant contributer to my geek status: now I put together code in much the same way that I put Legos together. I enjoy building things that nobody has ever thought of.
Am I wrong trying to pass these values onto my niece? I think I would rather buy her geek things that stretch the mind rather than clothes or dolls, but then, am I just passing my values onto her?
This isn't a flame, but the answer is simply that nobody likes VRML. People think that things are successful because of some other force than people like something. This can be true in rare cases (huge marketing campaigns like Nike's can change what people want), but ultimately, if something isn't successful, then it is because people don't want it.
The real question is: why don't people like VRML? Well, load it up yourself and view 3D worlds. Now play Quake. The VRML experience is unsatisfying, but Quake is fun.
Here are some basic reasons why VRML fails to stimulate people:
The real answer is that 3D has taken over the world and become the driving force behind computers (e.g. 3D cards in computers have more gates than CPUs). The 3D market has expanded hugely fast. There are those that figured out how to catch the wave (John Carmack @ Id) and those that failed to grok what was going on (Mark Piesce w/ VRML). One of these days we'll see some interesting 3D technology added to browsers; it won't look like VRML, it might look like Quake/Doom or Flight Simulator, or it might be something completely different.
The promised reliability never materialized. In the early days, the TR connector was the same as that for DB9 serial ports and EGA (pre-VGA) video. L-users would frequently connect the cables incorrectly, taking down the entire LAN. In the later days, 10BaseT Ethernet replaced coax, and became slightly more reliable than Token Ring. These days, we used switched Ethernet, which is infinitely more reliable than Token Ring.
Keeping Token Ring networks running has become like voodoo management. Stories like yours are common. Nobody knows exactly WHY things are going wrong, so they are quick to point the finger at oddball stuff. There is so little support for Token Ring that nobody can figure out how to solve even basic problems. The only solution is to remove the offending products from the network.
Here is some background for what might be going wrong. First of all, your card has its own microprocessor. As a kid in the early 1980s I owned a TI-99/4a home computer/game-console: it is roughly the same CPU in your card. It runs its own embedded OS. This means that under normal conditions, your card will run fine, regardless of the driver: all the intelligence is on the adapter, not in the driver.
I point this out because you never specified exactly the types of errors you are receiving. In theory, all such errors are related to the hardware, and there is nothing the driver can do to cause them. Specifically, I don't know how it can be possible for something to "cause ring errors that eventually bring down the entire net". There are really no progressive failures like this in Token Ring.
If you mentioned the precise ring error and/or the method in which the ring goes down, it might be helpful. Here are some possible ring erors.
A burst-error is caused when an adapter inserts itself into or removes itself from the ring. This might be caused because, for some reason, Linux might be re-initializing the card. For example, you may have DHCP set to renew the lease every minute which may cause this to happen. I have no knowledge of how Linux deals with Token Ring, but if the problem is "Burst Errors", then it is because of some higher-layer interaction like this.
A "receiver congestion" error is caused when the Linux driver doesn't remove packets from the card's buffers fast enough. In theory, they are suppose to indicate that packets are coming in too fast for the machine to handle. In practice, you see this happen when machines "hang" and fail to empty their queues. You might be running some sort of libpcap packet-sniffer on the system or have the adapter running in promiscuous mode (do an ifconfig to check) that is having some sort of pathelogical condition.
Maybe you are getting "FC errors" which indicate that somebody has the same MAC address as you. This won't happen if you use the standard MAC address built into the card, but it could happen if the Linux driver has a bug setting a locally administered address. Maybe it's setting it to all zeroes, causing a conflict with some other card that has a similar bug.
None of these errors really cause problems. Burst errors will nuke a frame as it passes by (maybe one out of a thousand) -- the hardware auto-retransmits, so it doesn't cause performance problems. Receiver congestion errors only cause problems for YOU and nobody else on the ring. A duplicate address will only cause problems with the other machine that shares your MAC address.
My guess is that your admins are just getting testy over the fact that your Linux box re-inserts itself more often than Windows boxen, causing a higher number of relatively harmless burst-errors. When they diagnose problems with the ring, they notice that your machine causes the highest number of errors, and therefore blamr any ring failure on you.
If your machine is truly causing a problem, the only thing I can think of is that your port on the hub gets "stuck" (this happens a lot). The process of re-inserting has a small chance of getting stuck, so if your Linux box re-inserts 100 times more often than Windows, you'd see this.
BTW, Token Ring is a good lesson in Zen. A burst-error is defined as 5 half-bit times without a transition. What this really means is that a station has entered or left the ring. I point this out because if you try to debug this problem yourself, you'll have to hunt down Token Ring references. Go quickly to the definition of burst-errors: if it has the "technical" definition, discard the reference and move on. If it has the "practical" definition, then you'll be in luck.
Source compiles on Windows and Linux, binaries available, works with libpcap, can respond back to a range of addressses.
BTW, this technique has been used since the early-1990s (i.e. I wrote a plugin for the ProTools sniffer that did something like this).
As a more casual defense, I've written stuff that causes the worm to hang in its receive function: http://robertgraham.com/tools/deredoc. It's kind fun, I've got hundreds of worm threads waiting for me to respond back to them.
You can create benign anti-worms. You can setup a worm to only counterattack when attacked itself. Such a worm would not bother innocents, and would only spread to infected systems, cleaning as it went. In other words, it wouldn't be 'scanning' -- it only responds upstream to infected systems. There are two problems to that approach: the first is that CodeRedII self-DoS itself, so the systems cannot be exploited, either with the .ida attack or the backdoor. The second problem is that a heck of a lot of these systems are behind firewalls, and you cannot directly contact them on port 80 (CodeRedII has been extremely effective about worming its way around firewalls).
You can evade legal constraints. Post the source of your anti-worm to Usenet as an example how an anti-worm is constructed. This is legal free-speech -- as long as you don't encourage others to run it.
CodeRedII is raging inside corporations. It would be extremely ethical to put something on your own machine to help stop it. One example would be a script (CGI, PERL, PHP, ASP) named /default.ida on your system that did something like "/scripts/root.exe?/c+net+stop+w3svc" back at the attacker.
It's not an attempt to flog the product; it is coincident on the fact that I'm likely to post where my expertise is, and my expertise is what I've been doing for the last several years. The problem of "multiple-encodings" is a BIG one in security. There are addendums to both ASN.1 and the Unicode standard. Actually, the reason for DER is to get rid of the ambiguity in BER because of security reasons (that's why DER is always specified for security-related ASN.1). There are other papers that describe the how multiple encodings are a big problem for security, the only thing I had handy was my own research.
There are a vast number of differences between ASN.1 and XML. To think that ASN.1 is in any way related to XML demonstrates that they just don't "get it".
1. Why not XDR or just raw binary?
Why not just specify your own binary format for you application? The thing that the ASN.1 bigots don't understand is that in most real-world applications, the ASN.1 formatting provides only overhead but no realworld value. This happens in XML, too, but the value proposition for XML is much clearer. A good example is the H.323 series PER encoding which is just plain wrong: well-documented custom encoding would have been tons better.
2. DTD or no DTD
The ASN.1 language is essentially a DTD; it gets encoded in things like BER. The trick is that I can parse "well-formed" XML content without knowing the DTD. This is impossible with current ASN.1 encoding. The idea of DTD-free "well-formed" input and DTD-based "valid" input is at the core of XML. Yes, both ASN.1 and XML both format data, but proposing ASN.1 as being a valid substitute means you just don't grok what XML is all about
3. Interoperability
The Internet grew up in an environment that parsers should be liberal in what they receive. This was important in early interoperability, but now is a detriment. For example, it is impossible to write an interoperable HTML parser. XML took the radical zen approach of mandating that any parser that excepts malformed input is BAD. As a result, anybody writing an parser knows the input will be well-formed. There is one-and-only-one way to represent input (barring whitespace), so writing parsers is easy. ASN.1 has taken the opposite approach, there are a zillion ways to represent input.
As a result, non-interoperable ASN.1 implementations abound. For example, most SNMP implementations are incompatible. They work only "most" of the time. Go to a standard SNMP MIB repository and you'll find that the same MIB must be published multiple times to handle different ASN.1 compilers.
The long and the short of it is that ASN.1 implementations today are extremely incompatible with each other, whereas XML libraries have proving to extremely interoperable. Right now, XML has proven the MOST interoperable way to format data, and ASN.1 has proven to be the LEAST.
4. Bugs
Most XML parsers have proven to be robust, most ASN.1 parsers have proven to be buggy. You can DoS a lot of devices today by carefully crafting malformed SNMP BER packets.
5. Security
You can leverage ASN.1's multiple encodings to hack. For example, my SideStep program shows how to play with SNMP and evade network intrusion detection systems: http://robertgraham.com/tmp/sidestep.html At the same time, ASN.1 parsers are riddled with buffer-overflows.
Anyway, sorry for ranting. I think XML advocates are a little overzealous (watch carefully your possessions or some XMLite will come along and encode it), but ASN.1 is just plain wrong. The rumor is that somebody through it together as a sample to point out problems, but it was accidentally standardized. It is riddled with problems, it should be abandoned. An encoding system is rarely needed, but if you need one, pick XDR for gosh sakes.