That's precisely why we have goatse image mode.. In that case, any request for an image file will return valid image data for display. No hosts entry will save you there..:) Unless you have an IPS to block nasty pics entering your laptop, there is nothing to do but use lynx..
FWIW the reason the box died so quickly was due to gallery and uberperformanceful PHP. Once he got the images on a static page apache happily served up 40mbps. We have a NetScreen firewall in front of the box and it hasn't even blinked yet. 3% CPU usage and less than 1% of the sessions used. Is this the best slashdot has to offer?:(
The paper isn't talking about specific OSX vulnerabilities. It is just an exploration of writing shellcode for the Darwin OS on the PPC architecture, which hasn't gotten much coverage up 'til now.
So far, we OSX users have been able to rely on security via obscurity.. Thanks to fink etc. we have the same vulnerabilities as other unix software, but the stock exploits (which are all sun/x86 targeted) just bounce off. B-root took the time to figure out some of the more fun snafus of PPC shellcode (lots of NULs due to the 32-bit alligned instructions mainly.)
While attempting to stop network attacks, including Denial of Service attacks, the author has proposed an excellent DoS tool.
Given how easy it is to spoof traffic over the insecure IP and TCP protocols, all an attacker would have to do is spoof some attacks coming from some of AOL's IPs, and all of a sudden all AOL users can't access your site, since the CAS system told the backbone routers to block all the AOL IPs.
If you use the biology metaphor, this is an alergy. Your system is reacting aggressively to something that isn't a threat.
IDSs have had the ability to configure firewall ACLs for years via OPSEC SAMP, etc., but almost no-one uses it for this very reason, it's just too easy to trick.
The real solution is to redesign the internet protocols with security in mind. Something like IPSec does a lot more than this proposes system ever would.
The one good idea the article had was centralized analysis, but as the article mentioned, this was discussed more thoroughly in a previous article on securityfocus.
I guess I was a little vague in my ranting. I'm not against (most) of the individual tenets of XP, I'm just against dogma in general.
Patterns, XP, OO all have great ideas, but your mind (and your work) suffers when you follow them too strictly.
Each problem has its own ideal solution, which is uniquely tailored for the situation. A particular pattern, no matter how elegant and simple won't be the best solution a lot of the time, but pattern-drones will apply it anyway.
I've seen too much awful code due to people rigidly following a dogma, when the solution was much simpler..
Sometimes procedural code makes more sense, even when coding in an OO environment.
When you're writing code on someone else's dime, it ain't your code and it ain't art.
I'm sorry you feel this way. I hope I never have to work with you. Life is best enjoyed when your work (even on someone else's dime) is fun and enjoyable...
And even though I find the relevancy a little low, I prefer 2-space indentation, but I'm forced to use 4 at work...
As a (good) "programmer" I find this sort of software dogma insulting (same w/ patterns.) Coding is more like art than a science. Any attempt to make it more "formal" and "rigid" will take the fun out of it, and will cause the brilliant people to leave in disgust, only to be replaced by mindless drones who employ such mind-numbing practices as "Extreme" (w00000!) programming.
Here at my company (sillicon-valley "startup"), age doesn't matter so much. I just turned 24 (one of the youngest engineers) and manage a group of 6 people, and control 2 of the more important projects inside the company. A co-worker, a 20 year old student at Stanford, is in charge of the user-interface for all of our products, and one needs her approval before anything can be put into the product.
This kind of respect doesn't come for free. We both had to claw our way up from the bottom of the heap, but it's certainly possible, when in the presence of intelligent and non-biased management to be evaluated based on your actual capabilities.
However, there is value in experience. Being so young, I still tend to de-value age and longevity, but I have noticed it makes a difference sometimes. Even though age doesn't seem to have much of a bearing on one's programming abilities, the longer you've worked in the industry, the less naive you become, and the better you can predict the future, which is key in the business world.
When you're fresh from school, you tend to think that you can do huge amounts of work in a short time. Just because you can code 1000 lines of code a day, doesn't mean that a 10,000 line project will take 2 weeks (or even 2 months!) It's a sad but true fact that working in a business environment, and shipping product requires all sorts of nasty things like QA, documentation, maintainence, etc.. I used to look at statistics of the average engineer writing 10-20 lines of code a day as a sign that the world was populated by idiots. Now that I manage a group of engineers, I see exactly why that number is (roughly) correct. Coding really is the very last step in a 100-step process.
Now, that having been said, I've also been in an environment where my manager was so biased towards age that I never got any respect, even though I was contributing much more than my elders on the team. I left that company (Oracle) for this startup for that very reason.
In general, it comes down to who your manager is. Some people are open-minded about age, some people aren't. If you are such a hot-shot, go get another job (preferably for a small company) and find a manager who will trust you.
That article was ridiculous! Complete media hype with no scientific evidence at all. OK, some salesman forgot where he was going? (a) that seems pretty normal behaviour for ANY sales-person in my experience, and (b) one person hardly makes a scientific correlation.
I'm 24, have been using computers/PDAs since I was 5. I bought the first freakin' Newton for cryin' in the beer! If anything, having to remember IP addresses has helped my memory, rather than hindered it.
People have had the analog equivalent of a PDA for decades! What about all those 1980s, dot-com equivalent, wall-street high-flyers with their leather-bound day-planners? Did writing down someone's phone-number in their address-books cause them to forget their mother's maiden name? I think not.
Any as far as the information overload issue, if anything, the digital generation is better at weeding our useless information than their elders. I can watch TV, listen to my stereo, talk with friends and code all at the same time. My parents have to mute the commercials on the TV in order to think.
At any rate, this is pure media sensationalism. If students are getting "more stupid" these days, why the hell can't my dad program the freakin' clock on the VCR or write down a URL I say over the phone.
This may seem a bit out of context as this is an e-mail response I sent off to a co-worker who thinks that computer games are detrimental to his children's future...
OK, I admit I was being a little... brash in saying that Woz agreed with me, but I still stand by my earlier conviction..
Now I agree that all video-games are not necessarily beneficial, but I think in general, games are created by geeks, people who think in a structured technical manner, and I think the games reflect that. Many computer games force people to think in a very logical fashion to solve the puzzles, or just to win. Computer games are difficult to win (that's why they're fun) and the majority of them aren't won through sheer quickness (although it helps often) but by problem-solving strategies.
I'm sure if you were to go back in time and ask my mother her opinion 10 years ago about computer games, I'm sure she would agree with you, and she might be thick-headed enough to think so now as well, but she's wrong. The first many years of my computer use were dominated by games. I didn't start becoming interested in the technical issues until much later, and it was my love of games that dominated that drive. I learned to program so I could write my own games. It's only once I realized how difficult game programming is that I gave up on that dream. But my point is that there was a very long period of time when it looked like I was wasting (VAST quantities of) time on games for no gain, but it got me where I am today.
My very first lesson in C was when I tried to contribute code to a MUD (an online RPG) that I played until 5AM every day (driving my mother crazy, and convincing her I needed a bedtime at 16...) My second lesson in C came when I became the maintainer of another multi-player game at my high-school. This might seem like an isolated case, but every single one of my friends who was a game-addict has also moved on to more technical matters. Just like the couch-potato is motivated to throw the football around with his buddies after watching a football game on TV, so computer-game players tend to start mucking around with their computers.
I'm not foolish enough to believe that everyone will be helped by computer-game interaction, but I think it has a more subversive and less noticeable affect than most people think.
Maybe I'm just bitter because all my parent's parenting efforts and society's educational efforts were misguided, and playing computer games was the best thing that ever happened to me.
I have always hated MacOS, even the way it looked, but oh baby does that look sweet! The drop shadows behind the windows look so supah-dupah-fly! I demand that someone work on this for X now! =P
I think that Katz, when speaking for a "wired" generation, is perhaps not getting a very accurate sampling of geeks. Sure, I know some people who whine about technology being too fast paced, and not letting them relax etc., but most of these people are old. I don't mean that as an insult, I just think that people do best in an environment similar to one they grew up in. For example, my grandmother is highly intelligent etc, but just doesn't get MTV. I'm not talking about the whole culture/music scene, I mean the flashing images are just too fast for her to comprehend. However, 20-somethings and younger have no problem understanding the lightning-quick montage because we've grown up experiencing that sort of stuff.
I don't feel weighed down by technology, nor do I feel that I can't "catch up" with the e-mail, pages, phone calls, faxes etc. I also don't have any friends (at least in the tech. industry) who feel that way either. We love out PalmPilots, our cell phones and all our gadgets, and unlike all these technophobic nay-sayers, I think that they save me lots of time. Maybe a PalmPilot complicates the life of a person whose understanding stops at pen & paper, but for someone who truly groks technology, it's a huge asset.
I think it would be an interesting poll to see who thinks technology is taking over our lives, and what the age breakdown of those responses would be. (Feel like doing it Rob?) I have a feeling that all the griping is coming from the 25+ camp.
Nitrozac, I love AY2K.. I think it's probably the funniest web-comic I've seen to date (up there w/ Pokey the Penguin). Clearly you have quite a sense of humor. You also appear to be quite a geek (in the most positive sense of the word of course). And you have really bitchin' boots.
My question is this: Where are all the other women out there like you? I have yet to meet a woman who could write "hello world", let alone a web-comic of such quality. If this were a hypothetical friday-night, and I wanted to meet someone w/ your qualities, where would I go, what would I do, and what in god's name would I say when I met you?
Nitrozac, I love AY2K.. I think it's probably the funniest web-comic I've seen to date (up there w/ Pokey the Penguin). Clearly you have quite a sense of humor. You also appear to be quite a geek (in the most positive sense of the word of course). And you have really bitchin' boots. My question is this: Where are all the other women out there like you? I have yet to meet a woman who could write "hello world", let alone a web-comic of such quality. If this were a hypothetical friday-night, and I wanted to meet someone w/ your qualities, where would I go, what would I do, and what in god's name would I say when I met you?
Re:Surveillance is the key...
on
Smart Dust
·
· Score: 1
And last but not least, for you biologists out there. Would nanites of this size be large enough to deliver a biological payload? Remote-controlled, precise plague-bearers?
Oh sure, virii are really really small (technical term.) A virus would look like a speck of dust to those mites. But then again, why go to all the hassle of creating a nano-technological disease carrying weapon when we have perfectly good bio-chem weapons going unused now? After all, do we really need something better than anthrax etc? I think it works pretty damned well as it is..;)
OK, this is going to sound so nit-picky, but I think it's an important point. This is a good rebuttal, and things like this tend to pick up coverage by the media who just loves a good war, be it physical, or ideological. Due to this high visibility, and the fact that documents like this tend to be taken as a representation of the entire Linux community, we should attempt to sound as professional as possible. I am of course getting all riled up about the use of the word 'to' instead of 'too.' Small potatoes, sure, but the last thing we (the Linux community) needs is more FUD about how we're all illiterate teenage "hackers" or whatnot.
I admit that Pokey is an aquired taste, the first time I read it I was stuck in a lab for 5 hours, so I had nothing better to do, but by the end of the archive, I was completely in love with Pokey, and the insane monkey armed with MS Paint that is clearly responsible for it. In fact, I've been using Pokey's offbeat dialogue for my answering machine messages for a few months now. The loss of Pokey left me in a catatonic state, curled in the fetal position last night. We need to do something to bring Pokey back, I volunteer to host the site on my webserver...
Slashdot Mirror
That's precisely why we have goatse image mode.. In that case, any request for an image file will return valid image data for display. No hosts entry will save you there.. :) Unless you have an IPS to block nasty pics entering your laptop, there is nothing to do but use lynx..
FWIW the reason the box died so quickly was due to gallery and uberperformanceful PHP. Once he got the images on a static page apache happily served up 40mbps. We have a NetScreen firewall in front of the box and it hasn't even blinked yet. 3% CPU usage and less than 1% of the sessions used. Is this the best slashdot has to offer? :(
The paper isn't talking about specific OSX vulnerabilities. It is just an exploration of writing shellcode for the Darwin OS on the PPC architecture, which hasn't gotten much coverage up 'til now.
So far, we OSX users have been able to rely on security via obscurity.. Thanks to fink etc. we have the same vulnerabilities as other unix software, but the stock exploits (which are all sun/x86 targeted) just bounce off. B-root took the time to figure out some of the more fun snafus of PPC shellcode (lots of NULs due to the 32-bit alligned instructions mainly.)
Given how easy it is to spoof traffic over the insecure IP and TCP protocols, all an attacker would have to do is spoof some attacks coming from some of AOL's IPs, and all of a sudden all AOL users can't access your site, since the CAS system told the backbone routers to block all the AOL IPs
If you use the biology metaphor, this is an alergy. Your system is reacting aggressively to something that isn't a threat.
IDSs have had the ability to configure firewall ACLs for years via OPSEC SAMP, etc., but almost no-one uses it for this very reason, it's just too easy to trick.
The real solution is to redesign the internet protocols with security in mind. Something like IPSec does a lot more than this proposes system ever would.
The one good idea the article had was centralized analysis, but as the article mentioned, this was discussed more thoroughly in a previous article on securityfocus.
That puppy went down faster than usual.
Patterns, XP, OO all have great ideas, but your mind (and your work) suffers when you follow them too strictly.
Each problem has its own ideal solution, which is uniquely tailored for the situation. A particular pattern, no matter how elegant and simple won't be the best solution a lot of the time, but pattern-drones will apply it anyway.
I've seen too much awful code due to people rigidly following a dogma, when the solution was much simpler..
Sometimes procedural code makes more sense, even when coding in an OO environment.
I'm sorry you feel this way. I hope I never have to work with you. Life is best enjoyed when your work (even on someone else's dime) is fun and enjoyable...
And even though I find the relevancy a little low, I prefer 2-space indentation, but I'm forced to use 4 at work...
As a (good) "programmer" I find this sort of software dogma insulting (same w/ patterns.) Coding is more like art than a science. Any attempt to make it more "formal" and "rigid" will take the fun out of it, and will cause the brilliant people to leave in disgust, only to be replaced by mindless drones who employ such mind-numbing practices as "Extreme" (w00000!) programming.
This kind of respect doesn't come for free. We both had to claw our way up from the bottom of the heap, but it's certainly possible, when in the presence of intelligent and non-biased management to be evaluated based on your actual capabilities.
However, there is value in experience. Being so young, I still tend to de-value age and longevity, but I have noticed it makes a difference sometimes. Even though age doesn't seem to have much of a bearing on one's programming abilities, the longer you've worked in the industry, the less naive you become, and the better you can predict the future, which is key in the business world.
When you're fresh from school, you tend to think that you can do huge amounts of work in a short time. Just because you can code 1000 lines of code a day, doesn't mean that a 10,000 line project will take 2 weeks (or even 2 months!) It's a sad but true fact that working in a business environment, and shipping product requires all sorts of nasty things like QA, documentation, maintainence, etc.. I used to look at statistics of the average engineer writing 10-20 lines of code a day as a sign that the world was populated by idiots. Now that I manage a group of engineers, I see exactly why that number is (roughly) correct. Coding really is the very last step in a 100-step process.
Now, that having been said, I've also been in an environment where my manager was so biased towards age that I never got any respect, even though I was contributing much more than my elders on the team. I left that company (Oracle) for this startup for that very reason.
In general, it comes down to who your manager is. Some people are open-minded about age, some people aren't. If you are such a hot-shot, go get another job (preferably for a small company) and find a manager who will trust you.
I'm 24, have been using computers/PDAs since I was 5. I bought the first freakin' Newton for cryin' in the beer! If anything, having to remember IP addresses has helped my memory, rather than hindered it.
People have had the analog equivalent of a PDA for decades! What about all those 1980s, dot-com equivalent, wall-street high-flyers with their leather-bound day-planners? Did writing down someone's phone-number in their address-books cause them to forget their mother's maiden name? I think not.
Any as far as the information overload issue, if anything, the digital generation is better at weeding our useless information than their elders. I can watch TV, listen to my stereo, talk with friends and code all at the same time. My parents have to mute the commercials on the TV in order to think.
At any rate, this is pure media sensationalism. If students are getting "more stupid" these days, why the hell can't my dad program the freakin' clock on the VCR or write down a URL I say over the phone.
-Name Forgotten
OK, I admit I was being a little... brash in saying that Woz agreed with me, but I still stand by my earlier conviction..
Now I agree that all video-games are not necessarily beneficial, but I think in general, games are created by geeks, people who think in a structured technical manner, and I think the games reflect that. Many computer games force people to think in a very logical fashion to solve the puzzles, or just to win. Computer games are difficult to win (that's why they're fun) and the majority of them aren't won through sheer quickness (although it helps often) but by problem-solving strategies.
I'm sure if you were to go back in time and ask my mother her opinion 10 years ago about computer games, I'm sure she would agree with you, and she might be thick-headed enough to think so now as well, but she's wrong. The first many years of my computer use were dominated by games. I didn't start becoming interested in the technical issues until much later, and it was my love of games that dominated that drive. I learned to program so I could write my own games. It's only once I realized how difficult game programming is that I gave up on that dream. But my point is that there was a very long period of time when it looked like I was wasting (VAST quantities of) time on games for no gain, but it got me where I am today.
My very first lesson in C was when I tried to contribute code to a MUD (an online RPG) that I played until 5AM every day (driving my mother crazy, and convincing her I needed a bedtime at 16...) My second lesson in C came when I became the maintainer of another multi-player game at my high-school. This might seem like an isolated case, but every single one of my friends who was a game-addict has also moved on to more technical matters. Just like the couch-potato is motivated to throw the football around with his buddies after watching a football game on TV, so computer-game players tend to start mucking around with their computers.
I'm not foolish enough to believe that everyone will be helped by computer-game interaction, but I think it has a more subversive and less noticeable affect than most people think.
Maybe I'm just bitter because all my parent's parenting efforts and society's educational efforts were misguided, and playing computer games was the best thing that ever happened to me.
I have always hated MacOS, even the way it looked, but oh baby does that look sweet! The drop shadows behind the windows look so supah-dupah-fly! I demand that someone work on this for X now! =P
it sucked. end of story
It's a number people! It just happens to end in a few zeros. It means nothing!
I don't feel weighed down by technology, nor do I feel that I can't "catch up" with the e-mail, pages, phone calls, faxes etc. I also don't have any friends (at least in the tech. industry) who feel that way either. We love out PalmPilots, our cell phones and all our gadgets, and unlike all these technophobic nay-sayers, I think that they save me lots of time. Maybe a PalmPilot complicates the life of a person whose understanding stops at pen & paper, but for someone who truly groks technology, it's a huge asset.
I think it would be an interesting poll to see who thinks technology is taking over our lives, and what the age breakdown of those responses would be. (Feel like doing it Rob?) I have a feeling that all the griping is coming from the 25+ camp.
My question is this: Where are all the other women out there like you? I have yet to meet a woman who could write "hello world", let alone a web-comic of such quality. If this were a hypothetical friday-night, and I wanted to meet someone w/ your qualities, where would I go, what would I do, and what in god's name would I say when I met you?
Nitrozac, I love AY2K.. I think it's probably the funniest web-comic I've seen to date (up there w/ Pokey the Penguin). Clearly you have quite a sense of humor. You also appear to be quite a geek (in the most positive sense of the word of course). And you have really bitchin' boots. My question is this: Where are all the other women out there like you? I have yet to meet a woman who could write "hello world", let alone a web-comic of such quality. If this were a hypothetical friday-night, and I wanted to meet someone w/ your qualities, where would I go, what would I do, and what in god's name would I say when I met you?
Oh sure, virii are really really small (technical term.) A virus would look like a speck of dust to those mites. But then again, why go to all the hassle of creating a nano-technological disease carrying weapon when we have perfectly good bio-chem weapons going unused now? After all, do we really need something better than anthrax etc? I think it works pretty damned well as it is.. ;)
OK, this is going to sound so nit-picky, but I think it's an important point. This is a good rebuttal, and things like this tend to pick up coverage by the media who just loves a good war, be it physical, or ideological. Due to this high visibility, and the fact that documents like this tend to be taken as a representation of the entire Linux community, we should attempt to sound as professional as possible. I am of course getting all riled up about the use of the word 'to' instead of 'too.' Small potatoes, sure, but the last thing we (the Linux community) needs is more FUD about how we're all illiterate teenage "hackers" or whatnot.
I admit that Pokey is an aquired taste, the first time I read it I was stuck in a lab for 5 hours, so I had nothing better to do, but by the end of the archive, I was completely in love with Pokey, and the insane monkey armed with MS Paint that is clearly responsible for it. In fact, I've been using Pokey's offbeat dialogue for my answering machine messages for a few months now. The loss of Pokey left me in a catatonic state, curled in the fetal position last night. We need to do something to bring Pokey back, I volunteer to host the site on my webserver...