Let me know if anybody wants a copy of this "patch" for further analysis.
---
FROM: "Program Security Division" TO: "Customer" SUBJECT: microsoft pack
MS Customer
this is the latest version of security update, the "September 2003, Cumulative Patch" update which eliminates all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express. Install now to help protect your computer from these vulnerabilities, the most serious of which could allow an attacker to run code on your system. This update includes the functionality of all previously released patches. System requirements: Windows 95/98/Me/2000/NT/XP This update applies to:
- MS Internet Explorer, version 4.01 and later
- MS Outlook, version 8.00 and later
- MS Outlook Express, version 4.01 and later
Recommendation: Customers should install the patch at the earliest opportunity. How to install: Run attached file. Choose Yes on displayed dialog box. How to use: You don't need to do anything after installing this item.
Microsoft Product Support Services and Knowledge Base articles can be found on +the Microsoft Technical Support web site. http://support.microsoft.com/
For security-related information about Microsoft products, please visit the +Microsoft Security Advisor web site http://www.microsoft.com/security/
Thank you for using Microsoft products.
Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable to respond to +any replies.
The names of the actual companies and products mentioned herein are the +trademarks of their respective owners. Copyright 2003 Microsoft Corporation.... (GIFs and stuff)...
Our convention center, Which is in New York, Hallowed be thy halls. Thine innovations come, Thine improvements be done In reality as at the show. Give us this day our inspiration And forgive us when we fail to notice. For thine are the headlines, and the wow-factor, and the glory forever.
I think they should have auto-power-off and some kind of motion-sensitive device to turn the mouse back on, and for the keyboard it should just turn back on when you hit (the) any key. Thus eliminating the need for the on-off switch. And it should be rechargeable of course. If the "dock" was inductive it would be pretty cool (just get it into proximity and recharge wirelessly). Or maybe that would wonk your monitor or something...
Anyway they seem to have decided that Bluetooth is the thing to use for local wireless peripherals. (They could have chosen Zigbee or that new "wireless USB" that EE Times had an article about a couple weeks ago. I was thinking that "wireless USB" has a marketing advantage - it sounds more familiar, and people will know what it is. But maybe it's too late.) Now everybody will copy their idea and Bluetooth will get cheaper, and the others will become irrelevant, I suppose. Being able to use the same peripherals with your phone and/or PDA would be pretty cool.
But probably there is room for one more standard, for wireless sensors (motes and such). I wonder if we'd have been better off if they used that standard for keyboards and mice too.
I wonder if they plan to permit networking between Macs with Bluetooth? It ought to be technically possible shouldn't it? But then they might sell fewer Airports.
One last idea - they should have a smart card or iButton reader built into the keyboard, and use its encryption hardware to encrypt the comms; that way they could secure the machine and secure the wireless link in one fell swoop. Plug in your card, a challenge-response session is initiated between the card and the Mac with the keyboard's wireless transceiver as an intermediary, and your desktop comes up. The smartcard or button would do all the encryption of keystrokes, so that the private key never needs to exist anywhere else (and iButtons at least do not easily give up the contents of their ROMs). The Mac could be configured not to accept unauthenticated logins (or at least, unauthenticated wireless logins) and you could be sure that it's impossible for somebody in the next room to use their wireless keyboard to log on, because they don't have your smartcard. And the encryption strength would end up being upgradeable that way, rather than fixed at 128 bits. Without challenge-response, I bet it's hackable.
Keep this post for prior art... somebody's bound to patent that idea.
In order to stave off inevitable insanity...
on
Can You Raed Tihs?
·
· Score: 1
spelling Nazis might as well shoot themselves in the head right now.
That's Johny Mnemonic. Goes to show, you probably mis-pronounce it too. Probably due to confusing "mnemonic" (a mamory aid) with "pneumatic" (operated by air pressure). I don't know how people can think those two words are related.
I understand that label printers probably have built-in bar code generators.
However for other printers, the obvious device-independent method would be to use a barcode font. Years ago I had a TTF font like that for Windows, and some Word macros to put Codabar codes on envelopes. (This was the early 90's, and I didn't discover Linux until '94, sorry.)
Today I found this:
http://user.it.uu.se/~jan/barfonts/
Looks like just the thing for generating Postscript docs with barcodes in them.
Here's "I Shot the Serif", another free 3 of 9 font. (How funny.) (A free 7 of 9 would be even be... Oh nevermind...)
http://www.squaregear.net/fonts/free3of9.shtml This looks interesting too:
http://www.tec-it.com/asp/main/startfr.asp?mainm en u=Software&sbmenu=Software_Linux&content=&redirect =&LN=1&DW=1
A CUPS filter of some sort. But I bet you can't preview it with this method... better to just have a font you can install everywhere.
So a mouse would be required for ecommerce then? There are so many other input peripherals, many of them are better in some way for some people at some times, and we shouldn't have apron-strings tied to one input method that ought to be obsolete by now anyway. Well, maybe if the software works equally well with pens, it would be somewhat better...
And the other problem is that the software might not run everywhere. The best they could do is use Java, and that's also a pain.
We should be using smartcards or DalSemi iButtons for ecommerce. (Perhaps a PIN or password should be required too.)
At home I have 2 golf-cart batteries in series and a little battery charger keeping them topped off, and some 12-volt wiring to a couple places in the house, including a 12-volt fluorescent light in the kitchen. It can be useful when the power goes out. But several companies now make Via Eden-based systems which can run from a 12V input; so I'm thinking pretty soon I want to build some new servers with these to replace the AC-powered ones, and run them from the batteries. That way they will be completely isolated from power surges (except for the charger, but a transformer is involved there, which provides some isolation) and ought to be able to run for years at a time uninterrupted. As well as being fanless and quiet (but then I need cool-running, quiet hard drives). Preventing power surges might even make hard drives last longer.
Backups of selected directories could be done over the network from one to the other. I don't bother backing up/usr, for example, because it can be replaced, and usually it's better to get the latest versions of everything anyway. (But I do back up/usr/local,/var,/home and/etc.)
In about 1998 I spent the dough to get a DPT controller (about $300 used on ebay at the time, since they were over $1000 new) and 6 4-gig Seagate wide-SCSI drives (5 to use, one as a spare). I mounted the 5 drives vertically in the front of a rackmount case, with a little space between them, and a 6-inch muffin fan above them to suck hot air upwards and out the side. Well... those drives sure ran hot. A mere few weeks later one of the drives quit. I forgot some details about what happened next, but I wasn't impressed with DPT's ability to recover. Basically the system was useless until I had installed the spare drive and rebooted; and it kept going downhill from there. I had other problems with getting it to recognize all of the drives part of the time too, as if it was some kind of termination issue, or electrical interference getting into the SCSI bus, or something like that. But it was a good cable and had proper termination.
And those controllers had such a good Linux reputation at the time, because they were the first RAID controller mfgr to cooperate with getting a Linux driver developed.
So now I have a couple 100-gig IDE drives and have a cron job do a backup of/home from one to the other every night. I don't feel completely comfortable that data loss is impossible, but at least I can check that the backups are still happening now and then, whereas with the RAID I eventually lost everything and had to restore from the previous hard drive which I still had lying around. When I get a DVD burner I could probably get most of/home to fit on one disc again.
Now granted I probably have more tabs open than olsen has windows, but MozillaFirebird is ALWAYS the top process when I run top. Always. And the memory usage is always the highest of any app too, even right after starting it up.
We used to complain about Netscape 4.x being inefficient but Firebird is much worse. I keep using it though, mostly because it doesn't crash. Netscape used to unceremoniously disappear quite often, or sometimes it sucked up all CPU time and became unresponsive, but Firebird becomes unresponsive much more often, and then recovers after half a minute or so.
On Windows, IE is much faster and smaller than Mozilla. You can really see this on one 200MHz box we have at work; IE is quite snappy but Mozilla almost brings the system to its knees.
If you had 16-level logic, one hex digit could be represented in a single cell of a register. That might be convenient.
The memory ought to be 9-digit (equivalent of 36 bits) so you can have type flags associated with every value (integer, float, pointer, etc.) It would make implementing dynamically typed languages a breeze and we could get rid of statically-typed languages without losing efficiency.
Nah, it's too complex, raises some civil rights issues, and what if they succeed in escaping? They get rich and turn into Bond-movie-scale villains?
I think prisons or anything resembling them ought to be much more of a last resort. Kill the murderers, force the thieves to pay restitution (7x perhaps?), invent other suitable constructive punishments for lesser crimes. Prisons should be more like insane asylums - only for people who can't be simply "corrected" and be expected to learn from it, but on the other hand have some hope of rehabilitation, but on the other hand do not deserve the death penalty. As it is, prison is rarely ever a constructive, character-building experience for anyone, and thus serves no purpose other than just separating the bad guys from the rest of society.
The thing is, prison "societies" have a tendency to get a life of their own, dangerous memes are allowed to fester, and those who are put in there, far from being rehabilitated, come out more hardened and tough and with a lot of new ideas; they learn these behaviors from their peers in prison. And eventually, if the prison or penal colony becomes large enough, it turns into another country. Australia, for example. Well not that they turned out so bad... but it kindof defeated the purpose of Britain's use of the place, to exile their undesirables. Or, take Siberia, for another example. If those people were so bad, how come they built the kind of society that they have built. Maybe they should have remained integrated into their own societies rather than sent off like that. At least it was good for them that they were sent to a wide-open frontier rather than being bottled up in a small confined space.
But someday if in the US we keep putting too many people in prison for the wrong reasons, there will need to be some sort of penal colony like that. Nowadays we don't have any frontiers, so it might turn into something like a more hard-core Las Vegas, with a lot of organized crime etc. Better to just not start this process at all, rather than create a "den of evil" which can fester for decades and then get out of control.
How is that? I think prisons are too costly. First they should let out the folks who are only in there because of marijuana, and then kill the ones who are in for murder. There goes half the cost of maintaining prisons.
Ever notice that the U.S. govt is the most stable democratic entity?
I think a huge, often neglected reason for that is simply that we had the benefit of a clean slate. In "old Europe" (and any "older" civilization), for every action there is an equal and opposite reaction, so it is very difficult to change anything; whereas in America, the opposition was weak. The colonial powers that put the people here were overextended; the Indians were relatively not strong enough (not that I defend anything that we did to those poor guys); and the existing local government was also weak. Nowadays if we tried to have a revolution, I bet we'd have just as many problems as anybody else, and many of these problems would linger on for generations, as existing lovers of power continue to try to have their own way. Whereas then, the people were all united (and armed) for a common cause, now, they would be broken up into factions, supporting various local causes rather than trying to throw off the tyranny of remote powers in other countries.
We are by nature very cynical of authority figures. Many friends of mine in the USA think they are cynical of their political figures...but they haven't seen Australian cynicism. We often give our pollies no respect at all.
So why are you getting such strict and repressive laws there? Seems like every few months I hear about something ridiculous in Australia.
No really, either we get taken out by these, or by nanobots, or by genetically-engineered diseases. Pick yer poison.
But hey, it's only the continuation of an old tradition, that we should help to select our successors. The monkeys could do that to a limited degree, only by choosing with whom to have sex; but we get to build them with our own hands.
Well now, I think automatic send/receive equipment must exist, because at some point there was probably a need for interoperability of automatic and manual equipment at the telegraph offices. The busier offices probably got the fancy machines first. (not to mention the military, some commercial ships, etc.) Surely they didn't all just switch to TTY signals right away. So if you can still find one of these "modems", figure out how to hook up its keyboard to your parallel port and voila, you could run PPP over Morse or something like that. Of course the receiving end is probably going to be a printer...
Not! you think they can't design a keyboard wedge which logs the numlock-flashing pattern to a built-in memory? And it could even detect Morse and decode it.
Slashdot Mirror
Is that a CF slot I see on the back?
This board is so simple! Amazing how much green space there is on the top without any components.
Is that little blue 7-pin connector for power?
So who's got a good environment, and actually hires?
Let me know if anybody wants a copy of this "patch" for further analysis.
... (GIFs and stuff) ...
---
FROM: "Program Security Division"
TO: "Customer"
SUBJECT: microsoft pack
MS Customer
this is the latest version of security update, the
"September 2003, Cumulative Patch" update which eliminates
all known security vulnerabilities affecting
MS Internet Explorer, MS Outlook and MS Outlook Express.
Install now to help protect your computer
from these vulnerabilities, the most serious of which could
allow an attacker to run code on your system.
This update includes the functionality of all previously released patches.
System requirements: Windows 95/98/Me/2000/NT/XP
This update applies to:
- MS Internet Explorer, version 4.01 and later
- MS Outlook, version 8.00 and later
- MS Outlook Express, version 4.01 and later
Recommendation: Customers should install the patch at the earliest opportunity.
How to install: Run attached file. Choose Yes on displayed dialog box.
How to use: You don't need to do anything after installing this item.
Microsoft Product Support Services and Knowledge Base articles can be found on
+the Microsoft Technical Support web site.
http://support.microsoft.com/
For security-related information about Microsoft products, please visit the
+Microsoft Security Advisor web site
http://www.microsoft.com/security/
Thank you for using Microsoft products.
Please do not reply to this message.
It was sent from an unmonitored e-mail address and we are unable to respond to
+any replies.
The names of the actual companies and products mentioned herein are the
+trademarks of their respective owners.
Copyright 2003 Microsoft Corporation.
Content-Type: application/x-msdownload; name="update9352.exe"
Content-Transfer-Encoding: base64
Content-Disposition: attachment
Wheels of the gods grind slowly...
Our convention center,
Which is in New York,
Hallowed be thy halls.
Thine innovations come,
Thine improvements be done
In reality as at the show.
Give us this day our inspiration
And forgive us when we fail to notice.
For thine are the headlines, and the wow-factor, and the glory forever.
Amen.
A hall must be hollow,
It's not hard to swallow;
'Cuz if it's not hollow,
It isn't a hall.
Methinks that rather
If t'were solid, I'd gather
It doesn't matter --
'Tis worth nothing at all.
To have a convention
You need the invention
Of walls for retention
Of a roof over all;
A solid block of concrete
Is useless, it can't compete;
Facilities you need replete...
You really need a hall.
Oh that makes sense.
I think they should have auto-power-off and some kind of motion-sensitive device to turn the mouse back on, and for the keyboard it should just turn back on when you hit (the) any key. Thus eliminating the need for the on-off switch. And it should be rechargeable of course. If the "dock" was inductive it would be pretty cool (just get it into proximity and recharge wirelessly). Or maybe that would wonk your monitor or something...
Anyway they seem to have decided that Bluetooth is the thing to use for local wireless peripherals. (They could have chosen Zigbee or that new "wireless USB" that EE Times had an article about a couple weeks ago. I was thinking that "wireless USB" has a marketing advantage - it sounds more familiar, and people will know what it is. But maybe it's too late.) Now everybody will copy their idea and Bluetooth will get cheaper, and the others will become irrelevant, I suppose. Being able to use the same peripherals with your phone and/or PDA would be pretty cool.
But probably there is room for one more standard, for wireless sensors (motes and such). I wonder if we'd have been better off if they used that standard for keyboards and mice too.
I wonder if they plan to permit networking between Macs with Bluetooth? It ought to be technically possible shouldn't it? But then they might sell fewer Airports.
One last idea - they should have a smart card or iButton reader built into the keyboard, and use its encryption hardware to encrypt the comms; that way they could secure the machine and secure the wireless link in one fell swoop. Plug in your card, a challenge-response session is initiated between the card and the Mac with the keyboard's wireless transceiver as an intermediary, and your desktop comes up. The smartcard or button would do all the encryption of keystrokes, so that the private key never needs to exist anywhere else (and iButtons at least do not easily give up the contents of their ROMs). The Mac could be configured not to accept unauthenticated logins (or at least, unauthenticated wireless logins) and you could be sure that it's impossible for somebody in the next room to use their wireless keyboard to log on, because they don't have your smartcard. And the encryption strength would end up being upgradeable that way, rather than fixed at 128 bits. Without challenge-response, I bet it's hackable.
Keep this post for prior art... somebody's bound to patent that idea.
spelling Nazis might as well shoot themselves in the head right now.
Yeah, I did that on purpose, for grins. Really. :-)
That's Johny Mnemonic. Goes to show, you probably mis-pronounce it too. Probably due to confusing "mnemonic" (a mamory aid) with "pneumatic" (operated by air pressure). I don't know how people can think those two words are related.
I understand that label printers probably have built-in bar code generators.
m en u=Software&sbmenu=Software_Linux&content=&redirect =&LN=1&DW=1
However for other printers, the obvious device-independent method would be to use a barcode font. Years ago I had a TTF font like that for Windows, and some Word macros to put Codabar codes on envelopes. (This was the early 90's, and I didn't discover Linux until '94, sorry.)
Today I found this:
http://user.it.uu.se/~jan/barfonts/
Looks like just the thing for generating Postscript docs with barcodes in them.
Here's "I Shot the Serif", another free 3 of 9 font. (How funny.) (A free 7 of 9 would be even be... Oh nevermind...)
http://www.squaregear.net/fonts/free3of9.shtml
This looks interesting too:
http://www.tec-it.com/asp/main/startfr.asp?main
A CUPS filter of some sort. But I bet you can't preview it with this method... better to just have a font you can install everywhere.
So a mouse would be required for ecommerce then? There are so many other input peripherals, many of them are better in some way for some people at some times, and we shouldn't have apron-strings tied to one input method that ought to be obsolete by now anyway. Well, maybe if the software works equally well with pens, it would be somewhat better...
And the other problem is that the software might not run everywhere. The best they could do is use Java, and that's also a pain.
We should be using smartcards or DalSemi iButtons for ecommerce. (Perhaps a PIN or password should be required too.)
At home I have 2 golf-cart batteries in series and a little battery charger keeping them topped off, and some 12-volt wiring to a couple places in the house, including a 12-volt fluorescent light in the kitchen. It can be useful when the power goes out. But several companies now make Via Eden-based systems which can run from a 12V input; so I'm thinking pretty soon I want to build some new servers with these to replace the AC-powered ones, and run them from the batteries. That way they will be completely isolated from power surges (except for the charger, but a transformer is involved there, which provides some isolation) and ought to be able to run for years at a time uninterrupted. As well as being fanless and quiet (but then I need cool-running, quiet hard drives). Preventing power surges might even make hard drives last longer.
/usr, for example, because it can be replaced, and usually it's better to get the latest versions of everything anyway. (But I do back up /usr/local, /var, /home and /etc.)
Backups of selected directories could be done over the network from one to the other. I don't bother backing up
In about 1998 I spent the dough to get a DPT controller (about $300 used on ebay at the time, since they were over $1000 new) and 6 4-gig Seagate wide-SCSI drives (5 to use, one as a spare). I mounted the 5 drives vertically in the front of a rackmount case, with a little space between them, and a 6-inch muffin fan above them to suck hot air upwards and out the side. Well... those drives sure ran hot. A mere few weeks later one of the drives quit. I forgot some details about what happened next, but I wasn't impressed with DPT's ability to recover. Basically the system was useless until I had installed the spare drive and rebooted; and it kept going downhill from there. I had other problems with getting it to recognize all of the drives part of the time too, as if it was some kind of termination issue, or electrical interference getting into the SCSI bus, or something like that. But it was a good cable and had proper termination.
/home from one to the other every night. I don't feel completely comfortable that data loss is impossible, but at least I can check that the backups are still happening now and then, whereas with the RAID I eventually lost everything and had to restore from the previous hard drive which I still had lying around. When I get a DVD burner I could probably get most of /home to fit on one disc again.
And those controllers had such a good Linux reputation at the time, because they were the first RAID controller mfgr to cooperate with getting a Linux driver developed.
So now I have a couple 100-gig IDE drives and have a cron job do a backup of
On Solaris here's what happens when I run top:
.... .netscape.bin
7241 rutledge 8 58 0 107M 81M sleep 105:52 14.86% MozillaFirebird
3897 olsen 1 58 0 38M 25M sleep 61:52 0.00%
Now granted I probably have more tabs open than olsen has windows, but MozillaFirebird is ALWAYS the top process when I run top. Always. And the memory usage is always the highest of any app too, even right after starting it up.
We used to complain about Netscape 4.x being inefficient but Firebird is much worse. I keep using it though, mostly because it doesn't crash. Netscape used to unceremoniously disappear quite often, or sometimes it sucked up all CPU time and became unresponsive, but Firebird becomes unresponsive much more often, and then recovers after half a minute or so.
On Windows, IE is much faster and smaller than Mozilla. You can really see this on one 200MHz box we have at work; IE is quite snappy but Mozilla almost brings the system to its knees.
If you had 16-level logic, one hex digit could be represented in a single cell of a register. That might be convenient.
The memory ought to be 9-digit (equivalent of 36 bits) so you can have type flags associated with every value (integer, float, pointer, etc.) It would make implementing dynamically typed languages a breeze and we could get rid of statically-typed languages without losing efficiency.
Shades of the Running Man eh?
Nah, it's too complex, raises some civil rights issues, and what if they succeed in escaping? They get rich and turn into Bond-movie-scale villains?
I think prisons or anything resembling them ought to be much more of a last resort. Kill the murderers, force the thieves to pay restitution (7x perhaps?), invent other suitable constructive punishments for lesser crimes. Prisons should be more like insane asylums - only for people who can't be simply "corrected" and be expected to learn from it, but on the other hand have some hope of rehabilitation, but on the other hand do not deserve the death penalty. As it is, prison is rarely ever a constructive, character-building experience for anyone, and thus serves no purpose other than just separating the bad guys from the rest of society.
The thing is, prison "societies" have a tendency to get a life of their own, dangerous memes are allowed to fester, and those who are put in there, far from being rehabilitated, come out more hardened and tough and with a lot of new ideas; they learn these behaviors from their peers in prison. And eventually, if the prison or penal colony becomes large enough, it turns into another country. Australia, for example. Well not that they turned out so bad... but it kindof defeated the purpose of Britain's use of the place, to exile their undesirables. Or, take Siberia, for another example. If those people were so bad, how come they built the kind of society that they have built. Maybe they should have remained integrated into their own societies rather than sent off like that. At least it was good for them that they were sent to a wide-open frontier rather than being bottled up in a small confined space.
But someday if in the US we keep putting too many people in prison for the wrong reasons, there will need to be some sort of penal colony like that. Nowadays we don't have any frontiers, so it might turn into something like a more hard-core Las Vegas, with a lot of organized crime etc. Better to just not start this process at all, rather than create a "den of evil" which can fester for decades and then get out of control.
How is that? I think prisons are too costly. First they should let out the folks who are only in there because of marijuana, and then kill the ones who are in for murder. There goes half the cost of maintaining prisons.
I think a huge, often neglected reason for that is simply that we had the benefit of a clean slate. In "old Europe" (and any "older" civilization), for every action there is an equal and opposite reaction, so it is very difficult to change anything; whereas in America, the opposition was weak. The colonial powers that put the people here were overextended; the Indians were relatively not strong enough (not that I defend anything that we did to those poor guys); and the existing local government was also weak. Nowadays if we tried to have a revolution, I bet we'd have just as many problems as anybody else, and many of these problems would linger on for generations, as existing lovers of power continue to try to have their own way. Whereas then, the people were all united (and armed) for a common cause, now, they would be broken up into factions, supporting various local causes rather than trying to throw off the tyranny of remote powers in other countries.
We are by nature very cynical of authority figures. Many friends of mine in the USA think they are cynical of their political figures...but they haven't seen Australian cynicism. We often give our pollies no respect at all. So why are you getting such strict and repressive laws there? Seems like every few months I hear about something ridiculous in Australia.
It cannot be stopped, only postponed.
No really, either we get taken out by these, or by nanobots, or by genetically-engineered diseases. Pick yer poison.
But hey, it's only the continuation of an old tradition, that we should help to select our successors. The monkeys could do that to a limited degree, only by choosing with whom to have sex; but we get to build them with our own hands.
Well now, I think automatic send/receive equipment must exist, because at some point there was probably a need for interoperability of automatic and manual equipment at the telegraph offices. The busier offices probably got the fancy machines first. (not to mention the military, some commercial ships, etc.) Surely they didn't all just switch to TTY signals right away. So if you can still find one of these "modems", figure out how to hook up its keyboard to your parallel port and voila, you could run PPP over Morse or something like that. Of course the receiving end is probably going to be a printer...
That's the typical comeback but Clover or GTOR actually work better at getting through interference, and do it faster too.
Not! you think they can't design a keyboard wedge which logs the numlock-flashing pattern to a built-in memory? And it could even detect Morse and decode it.