They got Toilets with heated seats probably playing AM/FM radio while spraying hot water on your ass. Are you sure you weren't just taking a dump in some restaurant's kitchen sink? It seems to fit all the criteria:P -Jason
Take a trip over to www.archive.org and look at the Computer Chronicles shows. Gary Kildall used to co-host it along with Stewart Cheifet. This was a great show that I used watch when I was younger. Great stuff, reminds you just how far things have come as well as how far we have to go. -Jason
Re:This isn't the best way to prove IIS security
on
Hack IIS6 Contest
·
· Score: 1
I'm an idiot, I just looked at the sequence of events section and I can see that they are adding an ASP.NET section on the 16th, good luck to who ever tries, I would love to be able to point to this page the next time a clients asks "are you sure Apache is safe? Because we are really looking for an IIS solutions." -Jason
This isn't the best way to prove IIS security
on
Hack IIS6 Contest
·
· Score: 1
The problem is many websites are venerable not because of the Web Hosting software, but the web applications that they run. There are no ASP pages exposed/linked to on this site (many web servers can serve HTML without ever experiencing a problem) and there are no FORMs so user input is extremely limited. The would-be hacker is left with either guessing the root ftp password, or guessing the "hidden" document's file name. I actually build and sell web applications, so when I'm choosing a web application platform I want to know that I can feel reasonably safe that the web server won't crash from a text box, or that I can control access to data with more than just a "hidden file name" This is why I have gone with Apache Tomcat. I know that as long as I write good solid code the web server won't let me down. I don't feel the same way about IIS (4 or 5, I haven't tried 6) and I certainly don't feel that way about ASP in general. I can restrict Tomcat from running un-compiled JSP pages even if they are uploaded and pointed to from a malicious user, while still maintaining my ability to run precompiled code on the same server. I can even restrict where precompiled code can be run from (and it doesn't have to be in the shared hosting space), can you even do that in IIS? You can strip any web server down to only static file hosting and it will be reasonably safe, but that's not what many developers and users need from a web server. I think ASP has created many lazy programmers and IIS has made many lazy administrators (there are brilliant Sys Admins and ASP Developers, just there are many more "hey look at me I can make a DB front end in minutes" kind of people. Add to that the very real problem of IIS withstanding very basic attacks; IIS just doesn't give admins the kind of fine toothed comb control over how it runs.
If you really want to change harts and minds, put an ASP form that links to an Access MDB, and allow user uploads. If you can show that well sanitized forms and user contributions still won't break IIS then you might see some people embracing it as a functional application platform. -Jason
AM hardware manufactures attempted to squeeze more life out of their equipment by making a stereo signal over an AM frequency. FM radio is superior in many respects (not just that it can carry stereo data) and eventually won over AM (even with Stereo) these days you will find more FM only radios than FM/AM radios but AM broadcasting hardware is not dead, just dying (we will still live with it though for many years, because it falls in that wonderful tech category called "good enough", sometimes I think today's engineers forget that "good enough" is a reasonable option and instead try to created things that are "over kill") The unfortunate thing was every one who invested in AM stereo hardware lost their investment completely (as there are no AM stereo stations, that I am aware off at least) the same thing could be said for consumer Beta max players, RCA disc players (which I own) 3DO video game consoles (which I also own, damn I got to get better at buying stuff).
Today, however we live in a time where many standards can awkwardly coexist without suffocating each other. Sure life would be MUCH easier if there was one format for recordable DVD but no one is kicking themselves for settling on one format yet (except maybe those DVD-RAM people, but even they are finding support in modern DVD players). Hardware innovations are much cheaper today then they have ever been, in fact there are $50 DVD players that can play every conceivable format of DVD and even CDRs crammed with modern media files, so there may very well be 2 HD standards for a while. It's actually in the best interests of these member companies to keep things divided. Think about it this way, do you think DirectTV is upset that Comcast cable boxes can't read their satellite TV signals? No, because they know that by keeping their technology separate they can potentially lock customers into their own products and make it harder for them to leave. You could look at the cell phone market the same way, sure it would be great for us to have one phone technology and be able to move around to what ever provider meets our needs best, but it's not what cell phone companies want so there is little (if any) unity in that market. -Jason
This is a rather good idea. Yes I know that we already have something like it (XBox) but I think some cleaver competition couldn't hurt. I think it should go a bit further though. How about a Knoppix distribution that can make a perfectly tuned gaming platform. Ok so the premise is a bootable CD that once started sets up some kind of CFG file (either on a USB Pen drive or as a single compressed file that can reside on the primary HD (it would only need to hold configuration settings and maybe a binary driver or two as devices are updated (so you can have the current drivers without consonantly re-releasing the distribution. Then the games could be defined by XML files that can be hand created or stored on some central repository online. These XML files give basic information about the game to some launcher; the user specific stuff is held in the user space config file. All the distribution would need to do is provide SVGALib, SDL, OpenGL, X11 (only when absolutely necessary), Joystick and network support.
Maybe a simple email client and web browser for searching for cheats, heck maybe a memory freezer (is that the right term? Think Game Genie for a computer). Everything else that might take system resources wouldn’t be present. This would be a great use of a Linux From Scratch system. People could burn the distribution and then burn games and their corresponding XML files to other disks. The result would be a simple yet powerful gaming experience that would be simple to share. Maybe work with the MythTV people for a clean interface. This could be a great way to introduce Linux to new people. This is after all one of Linux’s primary strengths, the ability to customize everything.
What do you think? Am I ranting here? -Jason
Give these damn chips awhile to evolve and you'll have borg nanoprobes... Beware the nanoprobes!! Hey nanoprobes hurt a hell of a lot less than analprobes! -Jason
I'm guessing this isn't coming to Wal*Mart's changerooms when they implement RFID. Wal*Mart has changing rooms!? Wow that could have saved me indecent exposure charge from the San Ramon County Police! Now you tell me! : P -Jason
Windows (or any operating system) needs more than an extension to execute a file. In order for a program to self execute it needs it needs to be compiled for your operating environment. If you rename Something.exe to Something.jpg Windows will first look at the extension then send your jpg file to the associated viewer to be interpreted as jpg data (which it is not, and thus cause the jpg viewer to produce an error (if it is well written), or crash (if it is not). Now if you take a jpg file and rename it to an exe and double click on it. Windows will assume that the program is executable, and it will load the boot header (collection of bytes at the start of any executable that is produced when the program is compiled) and grant all requests that the boot header asks for (things like memory, address space, etc). If this process fails in any way (like, say, the boot header is complete garbage because it's really jpg data) then the operating system (if it is good) will produce an error, or (if it is bad) crash. So JPG's cannot double as executables nor the other way around. BUT... It is possible that embedded in the meta data of the JPG file (usually used for embedding the date the file was created and the camera used to take it) is some compiled machine code (it would have to be small and simple otherwise the size of the JPG file would disproportionate to the actual image) and IF the JPG viewer that some unlucky user had, contained some buffer overflow error, then it might be possible to load a simple program into RAM, then by virtue of the buffer overflow get it to execute and thus enabling a larger more complex program to run. However this error would only exist in that specific version of that specific software, so it's ability to spread would be limited. The danger is if the program that interprets that JPG file is system wide or part of Windows standard suite of applications. Then your audience is huge. This is what makes Windows such a dangerous platform for script viruses. Because they have chosen to make their IE engine the central rendering engine of all of their applications (and they have made it easy and powerful enough to entice just about every other application developer to use it as well). Further more they have given their IE engine so many abilities, like the ability to arbitrarily execute machine code (this is how by visiting Apple.com you can install QuickTime, because the web site can download a program on your computer and execute itself, true you need to approve it, but once you say yes every subsequent visit is automatic, they REALLY need to add a "Never trust This source" checkbox) This means if there is a single flaw in the IE engine then that flaw is exploitable across every windows workstation and every application that uses IE as a rendering engine. Now why Mozilla doesn't make an ActiveX Gekko engine with the same function names as the IE ActiveX module so users have a choice which rendering engine they want, is a mystery to me yeah it would be hard, but it's not like Microsoft could pull the rug out from under them, Microsoft is very invested in their API, any change they made to it would break all the 3rd party apps.
Well if you put Windows in the mix it might sound like this.
Guy A: "OMG I just cut off my leg! Call 911!" Guy B: "Ok ok one sec, I got to boot up Windows!" Guy A: "Oh the pain the pain!!!" Guy B: "Man chill out, Windows is still booting, because I'm to cheap to own a land line or a cell phone I'm also too cheap to get a fast computer" Guy A: "I think I can see a light down a dark tunnel" Guy B: "Ok Windows is up, now lets see..." Clippy: "I noticed you are bleading to death, would you like help?" Guy A: "I'm so sorry I never gave enough to the poor, God, please forgive me, my life has been meaningless, I just want to know you before I die" Guy B: "Woah, slow down there Guy A, I'm trying to call 911, Just need to get Clippy to leave me alone" Clippy: "I noticed you are trying to atone for you sins before you blead to death, would you like help?" Guy B: "Well, would you like help with your atonment?" Guy A:... Guy B: "Crap, I need a faster PC" Clippy: "I noticed that you have a dead friend in your living room, would you like me to despose of the body?"
Ok so Lexmark is using the DCMA to protect it's Ink Cartridges, now Epson is going to use Tiny Flying Robots!? I never thought I'd say this but I think the DCMA isn't that bad:P -Jason
Ok am I the only one who read the article title and thought "Windows Media Devices"? I guess cockroaches would be the best agents to find those suckers!:P -Jason
Would you really want them to find out how to make CD's of Celine Dion, Westlife and NKotB last a hundred years?
Scientists placed the CDs in boom boxes at malls and on Top 40 Radio stations on heavy rotation, thus allowing the popularity of a song to synthetically age 20 years on only 3 days. We can see that the red areas are the places on the CD that people no longer want to listen to. How about that... whole thing gone.:) -Jason
I can just see it, after two propositions are voted on, up pops a small paper clip with a bright smile. "I noticed you are trying to vote republican. Would you like me to vote for you?"
[click]No, leave me alone
A few more propositions and up pops clippy with a slightly offended stare. "I noticed your picking a lot of democrat sides on propositions, would you like me to vote republican for you?"
[click] No, leave me alone DANMIT!
Then the choice for president comes up, and clippy appears with horns, a tail and a pitchfork. I noticed you voted for someone other than Bill Gates, would you like me to select Bill Gates for you, or shall I just crash and force you to repeat this whole thing over again?
Slashdot Mirror
I think they meant Atom's Death Troll, as in all of the "Atom is dead" posts that will no doubt follow.
-Jason
They got Toilets with heated seats probably playing AM/FM radio while spraying hot water on your ass. :P
Are you sure you weren't just taking a dump in some restaurant's kitchen sink? It seems to fit all the criteria
-Jason
Take a trip over to www.archive.org and look at the Computer Chronicles shows. Gary Kildall used to co-host it along with Stewart Cheifet. This was a great show that I used watch when I was younger. Great stuff, reminds you just how far things have come as well as how far we have to go.
-Jason
I'm an idiot, I just looked at the sequence of events section and I can see that they are adding an ASP.NET section on the 16th, good luck to who ever tries, I would love to be able to point to this page the next time a clients asks "are you sure Apache is safe? Because we are really looking for an IIS solutions."
-Jason
The problem is many websites are venerable not because of the Web Hosting software, but the web applications that they run. There are no ASP pages exposed/linked to on this site (many web servers can serve HTML without ever experiencing a problem) and there are no FORMs so user input is extremely limited. The would-be hacker is left with either guessing the root ftp password, or guessing the "hidden" document's file name.
I actually build and sell web applications, so when I'm choosing a web application platform I want to know that I can feel reasonably safe that the web server won't crash from a text box, or that I can control access to data with more than just a "hidden file name" This is why I have gone with Apache Tomcat. I know that as long as I write good solid code the web server won't let me down. I don't feel the same way about IIS (4 or 5, I haven't tried 6) and I certainly don't feel that way about ASP in general. I can restrict Tomcat from running un-compiled JSP pages even if they are uploaded and pointed to from a malicious user, while still maintaining my ability to run precompiled code on the same server. I can even restrict where precompiled code can be run from (and it doesn't have to be in the shared hosting space), can you even do that in IIS? You can strip any web server down to only static file hosting and it will be reasonably safe, but that's not what many developers and users need from a web server. I think ASP has created many lazy programmers and IIS has made many lazy administrators (there are brilliant Sys Admins and ASP Developers, just there are many more "hey look at me I can make a DB front end in minutes" kind of people. Add to that the very real problem of IIS withstanding very basic attacks; IIS just doesn't give admins the kind of fine toothed comb control over how it runs.
If you really want to change harts and minds, put an ASP form that links to an Access MDB, and allow user uploads. If you can show that well sanitized forms and user contributions still won't break IIS then you might see some people embracing it as a functional application platform.
-Jason
I for one, welcome our new Robotic Google Cat overlords!
-Jason
I'm waiting for SHA-T. Hopefully any programmer would be too embarrassed to publish any paper claiming to break SHA-T.
-Jason
The REAL Christians know that there are actually 15 Commandments :)
-Jason
AM hardware manufactures attempted to squeeze more life out of their equipment by making a stereo signal over an AM frequency. FM radio is superior in many respects (not just that it can carry stereo data) and eventually won over AM (even with Stereo) these days you will find more FM only radios than FM/AM radios but AM broadcasting hardware is not dead, just dying (we will still live with it though for many years, because it falls in that wonderful tech category called "good enough", sometimes I think today's engineers forget that "good enough" is a reasonable option and instead try to created things that are "over kill") The unfortunate thing was every one who invested in AM stereo hardware lost their investment completely (as there are no AM stereo stations, that I am aware off at least) the same thing could be said for consumer Beta max players, RCA disc players (which I own) 3DO video game consoles (which I also own, damn I got to get better at buying stuff).
Today, however we live in a time where many standards can awkwardly coexist without suffocating each other. Sure life would be MUCH easier if there was one format for recordable DVD but no one is kicking themselves for settling on one format yet (except maybe those DVD-RAM people, but even they are finding support in modern DVD players). Hardware innovations are much cheaper today then they have ever been, in fact there are $50 DVD players that can play every conceivable format of DVD and even CDRs crammed with modern media files, so there may very well be 2 HD standards for a while. It's actually in the best interests of these member companies to keep things divided. Think about it this way, do you think DirectTV is upset that Comcast cable boxes can't read their satellite TV signals? No, because they know that by keeping their technology separate they can potentially lock customers into their own products and make it harder for them to leave. You could look at the cell phone market the same way, sure it would be great for us to have one phone technology and be able to move around to what ever provider meets our needs best, but it's not what cell phone companies want so there is little (if any) unity in that market.
-Jason
DotAt@AtDot.DotCom.Com :)
a fellow computer science student in highschool showed it to me. It's just fun to say outloud
-Jason
"imagine a Beowulf cluster of these". :P
You mean like a GameBoy?
-Jason
@6W what they mean is they consume 22KW, but thats like 6W of Intel power :P
-Jason
This is a rather good idea. Yes I know that we already have something like it (XBox) but I think some cleaver competition couldn't hurt. I think it should go a bit further though. How about a Knoppix distribution that can make a perfectly tuned gaming platform. Ok so the premise is a bootable CD that once started sets up some kind of CFG file (either on a USB Pen drive or as a single compressed file that can reside on the primary HD (it would only need to hold configuration settings and maybe a binary driver or two as devices are updated (so you can have the current drivers without consonantly re-releasing the distribution. Then the games could be defined by XML files that can be hand created or stored on some central repository online. These XML files give basic information about the game to some launcher; the user specific stuff is held in the user space config file. All the distribution would need to do is provide SVGALib, SDL, OpenGL, X11 (only when absolutely necessary), Joystick and network support.
Maybe a simple email client and web browser for searching for cheats, heck maybe a memory freezer (is that the right term? Think Game Genie for a computer). Everything else that might take system resources wouldn’t be present. This would be a great use of a Linux From Scratch system. People could burn the distribution and then burn games and their corresponding XML files to other disks. The result would be a simple yet powerful gaming experience that would be simple to share. Maybe work with the MythTV people for a clean interface. This could be a great way to introduce Linux to new people. This is after all one of Linux’s primary strengths, the ability to customize everything.
What do you think? Am I ranting here?
-Jason
Give these damn chips awhile to evolve and you'll have borg nanoprobes... Beware the nanoprobes!!
Hey nanoprobes hurt a hell of a lot less than analprobes!
-Jason
And it STILL wont play OGG/Vorbis!!
-Jason
I'm guessing this isn't coming to Wal*Mart's changerooms when they implement RFID.
Wal*Mart has changing rooms!? Wow that could have saved me indecent exposure charge from the San Ramon County Police! Now you tell me! : P
-Jason
Windows (or any operating system) needs more than an extension to execute a file. In order for a program to self execute it needs it needs to be compiled for your operating environment. If you rename Something.exe to Something.jpg Windows will first look at the extension then send your jpg file to the associated viewer to be interpreted as jpg data (which it is not, and thus cause the jpg viewer to produce an error (if it is well written), or crash (if it is not). Now if you take a jpg file and rename it to an exe and double click on it. Windows will assume that the program is executable, and it will load the boot header (collection of bytes at the start of any executable that is produced when the program is compiled) and grant all requests that the boot header asks for (things like memory, address space, etc). If this process fails in any way (like, say, the boot header is complete garbage because it's really jpg data) then the operating system (if it is good) will produce an error, or (if it is bad) crash. So JPG's cannot double as executables nor the other way around. BUT...
It is possible that embedded in the meta data of the JPG file (usually used for embedding the date the file was created and the camera used to take it) is some compiled machine code (it would have to be small and simple otherwise the size of the JPG file would disproportionate to the actual image) and IF the JPG viewer that some unlucky user had, contained some buffer overflow error, then it might be possible to load a simple program into RAM, then by virtue of the buffer overflow get it to execute and thus enabling a larger more complex program to run.
However this error would only exist in that specific version of that specific software, so it's ability to spread would be limited. The danger is if the program that interprets that JPG file is system wide or part of Windows standard suite of applications. Then your audience is huge. This is what makes Windows such a dangerous platform for script viruses. Because they have chosen to make their IE engine the central rendering engine of all of their applications (and they have made it easy and powerful enough to entice just about every other application developer to use it as well). Further more they have given their IE engine so many abilities, like the ability to arbitrarily execute machine code (this is how by visiting Apple.com you can install QuickTime, because the web site can download a program on your computer and execute itself, true you need to approve it, but once you say yes every subsequent visit is automatic, they REALLY need to add a "Never trust This source" checkbox) This means if there is a single flaw in the IE engine then that flaw is exploitable across every windows workstation and every application that uses IE as a rendering engine. Now why Mozilla doesn't make an ActiveX Gekko engine with the same function names as the IE ActiveX module so users have a choice which rendering engine they want, is a mystery to me yeah it would be hard, but it's not like Microsoft could pull the rug out from under them, Microsoft is very invested in their API, any change they made to it would break all the 3rd party apps.
-Jason
Well if you put Windows in the mix it might sound like this.
Guy A: "OMG I just cut off my leg! Call 911!"
Guy B: "Ok ok one sec, I got to boot up Windows!"
Guy A: "Oh the pain the pain!!!"
Guy B: "Man chill out, Windows is still booting, because I'm to cheap to own a land line or a cell phone I'm also too cheap to get a fast computer"
Guy A: "I think I can see a light down a dark tunnel"
Guy B: "Ok Windows is up, now lets see..."
Clippy: "I noticed you are bleading to death, would you like help?"
Guy A: "I'm so sorry I never gave enough to the poor, God, please forgive me, my life has been meaningless, I just want to know you before I die"
Guy B: "Woah, slow down there Guy A, I'm trying to call 911, Just need to get Clippy to leave me alone"
Clippy: "I noticed you are trying to atone for you sins before you blead to death, would you like help?"
Guy B: "Well, would you like help with your atonment?"
Guy A:...
Guy B: "Crap, I need a faster PC"
Clippy: "I noticed that you have a dead friend in your living room, would you like me to despose of the body?"
-Jason
So now I can port my slow as tar software rendering engine to this and finally make my DOOM killer 3D Game a reality!
Oh wait.. never mind
-Jason
Ok so Lexmark is using the DCMA to protect it's Ink Cartridges, now Epson is going to use Tiny Flying Robots!? I never thought I'd say this but I think the DCMA isn't that bad :P
-Jason
Ok am I the only one who read the article title and thought "Windows Media Devices"? I guess cockroaches would be the best agents to find those suckers! :P
-Jason
Would you really want them to find out how to make CD's of Celine Dion, Westlife and NKotB last a hundred years?
:)
Scientists placed the CDs in boom boxes at malls and on Top 40 Radio stations on heavy rotation, thus allowing the popularity of a song to synthetically age 20 years on only 3 days. We can see that the red areas are the places on the CD that people no longer want to listen to. How about that... whole thing gone.
-Jason
But will it run on Linux!?
-Jason
I still think Browser Wars IV, V & VI are MUCH better than Browser Wars I and II. I and II seem to just be about special effects :P
-Jason
I can just see it, after two propositions are voted on, up pops a small paper clip with a bright smile.
"I noticed you are trying to vote republican. Would you like me to vote for you?"
[click]No, leave me alone
A few more propositions and up pops clippy with a slightly offended stare.
"I noticed your picking a lot of democrat sides on propositions, would you like me to vote republican for you?"
[click] No, leave me alone DANMIT!
Then the choice for president comes up, and clippy appears with horns, a tail and a pitchfork.
I noticed you voted for someone other than Bill Gates, would you like me to select Bill Gates for you, or shall I just crash and force you to repeat this whole thing over again?