A friend of my younger brother was over there a few years ago and had to ask my dad how to use the phone because he'd never seen a phone without a number-pad on it. Pathetic. Times are changin and these young whipper-snappers aren't learning things that we took for granted. Like learning to read the time off of the face of a (non-digital) clock.
Uh huh. And can you successfully start up a crank-started car? Ride a horse (sans saddle)? Skin an animal from stone chips you've made yourself?
Remember, just because something *used* to be a certain way, doesn't mean it can't be improved. And people aren't stupid for not learning how things aren't done anymore.
Unfortunately, it is. The two farthest points around earth are 12,000 miles. Round trip means 24,000 miles. Speed of light is 186,000 miles / second. That means that, best theoretical case, round trip is 129 milliseconds.
Of course, that's best if you're playing against someone on the exact opposite other side of the globe from you. Anywhere else, and it only gets better.
I've been doing this for years, and what's cool is Slashdot ads still show up for the most part (hosted from images.slashdot, clever!). I say cool because the least I can do is support this site, even if I'm pissing all over everyone else's revenue model:)
However, if you run Back Officer Friendly, it picks up these requests to 127.0.0.1. Opera still makes the actual GET request to localhost, and boinks when there's no service running. Makes me wonder what your logs would be like if you ran a web server on a machine with a munged hosts file.
For those not in the know, Back Officer Friendly is a Windows-based semi-honeypot. It can sit and listen to various common tcp ports - http, ftp, etc - and act sort of like a honeypot. It handles the syn/ack handshake, takes the initial request, then closes the connection (you can also set up a faked reply, sort of). Any requests from people show up in its status windows. Unfortunately it's only really good for seeing http requests, but for those that have never seen it, and are stuck on Windows, check it out. It's amazing how many IIS exploits are tried against my PC every day.
Someone's already done this, claiming to be a girl in her sig, and giving a link into her journal. In there, she has a listing of the top 10 Slashdot users who have the most Friends (Fans? I never could keep that system straight). Looking at her journal entries (and I think this just started a month or 2 ago), she's steadily increased until she's now #1.
And moving completely offtopic, someone's made a video game out of spam: www.outwar.com.
Just wanted to say thanks a ton for putting up the first edition (if it was even partly your decision). I've kept a hard copy around for what seems like ever now, and it's been perused many a time by friends/co-workers (is this even legal these days?). Both for people just starting out, and historical interest, it's really quite cool to have your book available anywhere, anytime, for free.
The new edition is rather nice, too:)
Kudos for at least some content owners having some brains in their heads.
And never mind the fact that a goodly portion of Europe was pounded into the dust. Tattered industry, millions dead, and the USSR just waiting to occupy Western Europe..
Yup, looks to me like Europeans could have easily gone to the moon, they just chose not to.
If I've got a vulnerable service running on on of my systems, I'd rather know about it right away so I can make the decision as to whether I want to keep it running or temporarily deploy an alternate service.
Ok, I'll help you with this:
YOU'RE RUNNING VULNERABLE SERVICES ON ALL OF YOUR SYSTEMS.
Virtually every single application/operating system/foobar has been shown to be vulnerable to something in the past, and most definitely will be shown to be vulnerable to something in the future. Changing software just because of some vague "this could be vulnerable" warning isn't really a bright idea.. unless it's of the gaping-hole-every-version-in-every-configuration-i s-toast kind.
A good example is the latest 'issue' with Webmin - a very powerful, easy to exploit root hole, yet most installs don't seem to be vulnerable (defaults saving our asses, once again:). Most users have nothing to worry about, and a warning without details actually would cause more harm than good - especially if there's no patch/update released.
I'm all for information being free, but from what I've seen, blackhats don't tend to keep it to themselves for very long, so we'll know what they know soon enough. At least give vendors time enough to patch, or we're no better than Chicken Little.
Personally, I think that public humiliation of the company that fails basic security patches is a pretty effective method. It now becomes an interest to the company to maintain a positive PR profile.
Yeah, because we've seen just how effective this is against Microsoft.
You did read the article to see that this recall applies to 5 and 6 year old monitors, right? Don't know what kind of hardware I'd call 'recent' from back then.
Good point, but consumer electronics are a lot more complicated than that. In the early Pentium days, most people didn't own a PC. Today, almost everyone does (or so it seems, anyway:).
In 1977 you could pay $4000 for something that is outperformed by my wristwatch today (cost: $5). Prices go down as technology matures, and *especially* with volume. Old hard drives used to cost thousands - but really, once you've paid off the R&D, there's not much to them beyond $20 worth of electronics and some aluminum platters.
Sure, there is a lot of crap out there, but the days of $2400 for a 100% no-name PC are gone more because of volume (trust me, my Creative PCI sound cards not only do a whole bunch more but have lasted a lot longer than the Zoltrix pos that came with my 486).
Know what fucked me up royally as a kid? GiJoe and Star Wars.
In GiJoe, the good guys use red lasers, and Cobra uses blue. Ok, easy way to tell them apart.
But in Star Wars, Vader uses a red lightsaber and the Jedi generally use bluish tints (this has continued into the prequels).
I swear, this leads more credence to (Pournelle's? Niven's?) theory of the rebels being the bad guys. As a kid, I could never figure out which color was good or bad, and it's scarred me for life. At least I figured out that Spider-Man was an anti-hero years before anyone else:)
Well, there is also the Battlezone variant that was used by the US army to do tank simulation and training. Plus the current thing (America's Army?) that's some free FPS or something.. haven't tried it yet.
Yes, the DMCA is an evil law, yes, Lexmark are a bunch of *&@&#*(& for pulling this stunt, but come on now. The anti-corporate hysteria some days is just plain stupid. Corporations cannot and do not have any control over you unless you allow them, by purchasing their products. Don't like it, don't buy it.
And yes, I realize that the only way to completely do this would be to live a near stone-age existence. So buy from corps that don't act this way. Remember, there isn't some evil cadre of humankind out there just ready to make your life miserable - I'm friends with many people who own their own businesses, and *gasp* they don't eat children for breakfast or have a roll of The Constitution (tm) toilet paper.
An open relay is different than the formmail.cgi vulnerability. Ok, so they can result in the same thing, but when people talk about open relays they usually mean production SMTP servers which accept mail from anywhere, instead of verifying the source domain first.
Matt's formmail script isn't really intended for use as a mail server, but on a webserver (ok, so I'm arguing semantics here:) to just fire off the odd email easily for the admin.
As for your questions, the idea is *not* to set up false open relays per se, but to set up servers that tie up the 'upstream' mail server. Tarpitting is a pretty cool idea if you ask me - it hurts no one but the spammer, if implemented properly. As for blacklisting/whitelisting servers, sure, let the spammers. Note that if enough people tarpitted, eventually spam wouldn't get *anywhere* - spammers could spam each other all they want, but none of it would ever get delivered.
Unfortunately the critical mass for this to really work is very, very large.
Slashdot Mirror
A friend of my younger brother was over there a few years ago and had to ask my dad how to use the phone because he'd never seen a phone without a number-pad on it. Pathetic. Times are changin and these young whipper-snappers aren't learning things that we took for granted. Like learning to read the time off of the face of a (non-digital) clock.
Uh huh. And can you successfully start up a crank-started car? Ride a horse (sans saddle)? Skin an animal from stone chips you've made yourself?
Remember, just because something *used* to be a certain way, doesn't mean it can't be improved. And people aren't stupid for not learning how things aren't done anymore.
Pfft, I have some rocks in my back yard that are several billion years old. They still work just fine as lawn ornaments.
Unfortunately, it is. The two farthest points around earth are 12,000 miles. Round trip means 24,000 miles. Speed of light is 186,000 miles / second. That means that, best theoretical case, round trip is 129 milliseconds.
Of course, that's best if you're playing against someone on the exact opposite other side of the globe from you. Anywhere else, and it only gets better.
I've been doing this for years, and what's cool is Slashdot ads still show up for the most part (hosted from images.slashdot, clever!). I say cool because the least I can do is support this site, even if I'm pissing all over everyone else's revenue model :)
However, if you run Back Officer Friendly, it picks up these requests to 127.0.0.1. Opera still makes the actual GET request to localhost, and boinks when there's no service running. Makes me wonder what your logs would be like if you ran a web server on a machine with a munged hosts file.
For those not in the know, Back Officer Friendly is a Windows-based semi-honeypot. It can sit and listen to various common tcp ports - http, ftp, etc - and act sort of like a honeypot. It handles the syn/ack handshake, takes the initial request, then closes the connection (you can also set up a faked reply, sort of). Any requests from people show up in its status windows. Unfortunately it's only really good for seeing http requests, but for those that have never seen it, and are stuck on Windows, check it out. It's amazing how many IIS exploits are tried against my PC every day.
Someone's already done this, claiming to be a girl in her sig, and giving a link into her journal. In there, she has a listing of the top 10 Slashdot users who have the most Friends (Fans? I never could keep that system straight). Looking at her journal entries (and I think this just started a month or 2 ago), she's steadily increased until she's now #1.
And moving completely offtopic, someone's made a video game out of spam: www.outwar.com.
Just wanted to say thanks a ton for putting up the first edition (if it was even partly your decision). I've kept a hard copy around for what seems like ever now, and it's been perused many a time by friends/co-workers (is this even legal these days?). Both for people just starting out, and historical interest, it's really quite cool to have your book available anywhere, anytime, for free.
:)
The new edition is rather nice, too
Kudos for at least some content owners having some brains in their heads.
And never mind the fact that a goodly portion of Europe was pounded into the dust. Tattered industry, millions dead, and the USSR just waiting to occupy Western Europe..
Yup, looks to me like Europeans could have easily gone to the moon, they just chose not to.
I think it's pretty keen that someone named 'Cum Stein' responded to your post :)
If I've got a vulnerable service running on on of my systems, I'd rather know about it right away so I can make the decision as to whether I want to keep it running or temporarily deploy an alternate service.
i s-toast kind.
:). Most users have nothing to worry about, and a warning without details actually would cause more harm than good - especially if there's no patch/update released.
Ok, I'll help you with this:
YOU'RE RUNNING VULNERABLE SERVICES ON ALL OF YOUR SYSTEMS.
Virtually every single application/operating system/foobar has been shown to be vulnerable to something in the past, and most definitely will be shown to be vulnerable to something in the future. Changing software just because of some vague "this could be vulnerable" warning isn't really a bright idea.. unless it's of the gaping-hole-every-version-in-every-configuration-
A good example is the latest 'issue' with Webmin - a very powerful, easy to exploit root hole, yet most installs don't seem to be vulnerable (defaults saving our asses, once again
I'm all for information being free, but from what I've seen, blackhats don't tend to keep it to themselves for very long, so we'll know what they know soon enough. At least give vendors time enough to patch, or we're no better than Chicken Little.
ALL systems using sendmail since version 5 have been exploitable for the past 10+ years.
The hole being disclosed isnt what causes the security problem. Its the other way around.
10+ years and no exploit. The hole is announced, and I give it a week, 2 tops before the script kids have this uploading rootkits.
I'd say the lack of knowledge of this hole kept people pretty secure in this case, wouldn't you?
Personally, I think that public humiliation of the company that fails basic security patches is a pretty effective method. It now becomes an interest to the company to maintain a positive PR profile.
:)
Yeah, because we've seen just how effective this is against Microsoft.
(relax, it's a joke
You did read the article to see that this recall applies to 5 and 6 year old monitors, right? Don't know what kind of hardware I'd call 'recent' from back then.
Good point, but consumer electronics are a lot more complicated than that. In the early Pentium days, most people didn't own a PC. Today, almost everyone does (or so it seems, anyway :).
In 1977 you could pay $4000 for something that is outperformed by my wristwatch today (cost: $5). Prices go down as technology matures, and *especially* with volume. Old hard drives used to cost thousands - but really, once you've paid off the R&D, there's not much to them beyond $20 worth of electronics and some aluminum platters.
Sure, there is a lot of crap out there, but the days of $2400 for a 100% no-name PC are gone more because of volume (trust me, my Creative PCI sound cards not only do a whole bunch more but have lasted a lot longer than the Zoltrix pos that came with my 486).
and Linux Is Not UniX. Yes, we know :)
Not to sound trollish, but mind letting us in on your little secret?
:)
I've seen Windows running on all of the above devices, so I assume you mean running *well*
Know what fucked me up royally as a kid? GiJoe and Star Wars.
:)
In GiJoe, the good guys use red lasers, and Cobra uses blue. Ok, easy way to tell them apart.
But in Star Wars, Vader uses a red lightsaber and the Jedi generally use bluish tints (this has continued into the prequels).
I swear, this leads more credence to (Pournelle's? Niven's?) theory of the rebels being the bad guys. As a kid, I could never figure out which color was good or bad, and it's scarred me for life. At least I figured out that Spider-Man was an anti-hero years before anyone else
Well, there is also the Battlezone variant that was used by the US army to do tank simulation and training. Plus the current thing (America's Army?) that's some free FPS or something.. haven't tried it yet.
Nothing forcing you to read the article.
Sounds like Amway to me.
Wow, so stop buying inkjet printer cartridges.
Yes, the DMCA is an evil law, yes, Lexmark are a bunch of *&@&#*(& for pulling this stunt, but come on now. The anti-corporate hysteria some days is just plain stupid. Corporations cannot and do not have any control over you unless you allow them, by purchasing their products. Don't like it, don't buy it.
And yes, I realize that the only way to completely do this would be to live a near stone-age existence. So buy from corps that don't act this way. Remember, there isn't some evil cadre of humankind out there just ready to make your life miserable - I'm friends with many people who own their own businesses, and *gasp* they don't eat children for breakfast or have a roll of The Constitution (tm) toilet paper.
Many countries throw you in jail, or worse, if you refuse to pay your taxes. Thanks, my anal virginity isn't worth a few hundred bucks.
An open relay is different than the formmail.cgi vulnerability. Ok, so they can result in the same thing, but when people talk about open relays they usually mean production SMTP servers which accept mail from anywhere, instead of verifying the source domain first.
:) to just fire off the odd email easily for the admin.
Matt's formmail script isn't really intended for use as a mail server, but on a webserver (ok, so I'm arguing semantics here
As for your questions, the idea is *not* to set up false open relays per se, but to set up servers that tie up the 'upstream' mail server. Tarpitting is a pretty cool idea if you ask me - it hurts no one but the spammer, if implemented properly. As for blacklisting/whitelisting servers, sure, let the spammers. Note that if enough people tarpitted, eventually spam wouldn't get *anywhere* - spammers could spam each other all they want, but none of it would ever get delivered.
Unfortunately the critical mass for this to really work is very, very large.
I don't know, 1 in 50 is a pretty high death rate for any job. And that's *per mission*, not per astronaut.
I gott ask tho, at what point would it have made more sense just to buy a regular computer?
Right about when a regular computer is capable of playing Xbox games.
What I find funny is a post condeming circumcision, followed up by someone with the unfortunate nick of 'snack-a-lot'.
:)
Good thing it's the end of the day and the coffee's no longer being drank