It is not up to the operating system to determine what is whose information.
What's the point in distinguishing between users at all, then?
Memory freed by another process without being previously zeroed out can be given to another process through a malloc() call with that data intact.
Name one modern multiuser operating system which works this way.
You can't.
You can name lots of places where it does happen, yes. Embedded systems, DOS and Win9x, etc. Generally the same places where memory protections are weak to begin with.
It's about lazy programmers who don't feel the need to call a quick zero blit on the memory before it's free'd.
If this was a necessary part of the process, free() would do it. But of course it makes much more sense to do this between processes, which is where it gets done.
If you would spend 30 seconds searching MSDN, you would see the documentation contradicts your assertions about Windows not zeroing pages before handing them to user processes. Perhaps Windows NT once had a bug in this respect, but the correct behavior is still obvious.
Your ignorance is so determined it verges on trolling. You can take this chance to learn something from the many posters who have corrected you, or you can continue to make an ass of yourself.
I did read it. Typically one site isn't receiving a huge number of messages from a single spammer. You get a few here and there addressed to a small subset of your users. This doesn't necessarily decrease a spammer's throughput when they have a diverse list of emails to work with, *even if everyone does it*.
That works, although the more clever spammers I have seen operate from a large pool of source IPs and target MTAs. (I'm not suggesting 20k connections to one mail server!) And it creates problems if you are receiving a significant volume of spam and real messages from the same place. You would want to exempt any other hosts which provide backup service (via MX priorities) for your domain, for example.
A tarpit is a network countermeasure, whereas algorithmic filtering is a way of identifying spam, typically so that a user doesn't have to see it. How can you compare them directly?
If these tarpits were ubiquitous, they could completely change the economics of spam, creating a scarcity of bandwidth experienced only by spammers.
Err, I don't think so. This just requires spammers to use more simultaneous connections to overcome the slowdown; it doesn't really increase their network requirements much, only their host CPU requirements. 20,000 simultaneous TCP connections from one process is quite possible with/dev/kqueue under FreeBSD, for example; and you can do the same, but with a bit more CPU wasted, using plain old select() on almost any Unix.
I also don't understand the rationale behind processing the message incrementally. Why not just do your processing before sending back the final 2xx response to the DATA command? Most spam software does not hang up right after sending the final "\r\n.\r\n" from what I've heard from people who run tarpits.
How about this instead: when you are confident you are receiving spam, you stop reading from the socket entirely, and send perhaps 10MB of data back on the other side of the connection. (If the other endpoint isn't reading, and consequently you can only send one window worth of data, then do something to get your TCP stack to generate a lot of useless ACKs, or send your trash back one octet at a time and push between them, or something.) The intent being that sending spam to a large number of MTAs configured in this manner rapidly just becomes a way to DDOS *yourself*. Probably this is too disruptive for most sites to want to bother implementing, though:(
I don't know exactly what the profit margin for spammers is like, but I'm not convinced a small multiplier in network costs is going to matter. Anyway, a lot of these "countermeasures" are mostly going to hurt maintainers of open relays, but if that means they actually fix them, I suppose that is almost as good.
But what company loses a whole day of business because their website is down for one day? You can't just evenly divide up their revenue for a year into business days and remove one, and then claim they lost that amount of money. If a grocer or a florist is closed, sure. But if am planning a major purchase and a website is down the day I decide what to buy, most likely I will just try again later.
Oh, and please try to see criminals as human beings before you put them to death. The most basic function of government is to prevent retribution killings, as any anthropologist could tell you.
Based on some of the horrible jokes I'm seeing here, this one should fit right in.
... one of the main causes of the fall of the Roman Empire was that, lacking zero, they had no way to indicate successful termination of their C programs.
-- Robert Firth
"Consistently separating words by spaces became a general custom about the
tenth century A.D., and lasted until about 1957, when FORTRAN abandoned the
practice."
I believe the cookie file credits a Sun reference manual for this gem.
"I'm not interrupting you, I'm putting our conversation in full-duplex mode." - Antone Roundy
That's good, I'll have to remember that.
"I *made up* the term 'object-oriented,' and I can tell you I did *not* have C++ in mind." - Alan Kay, one of the inventors/designers of Smalltalk.
In the same vein:
"C++: an octopus made by nailing extra legs onto a dog" -- Steve Taylor, 1998
A computer without a Microsoft operating system is like a dog without bricks tied to its head.
I love this one. I first saw it as a tagline on Slashdot, do you know who to credit for it?
Ahh, so what you are saying is that bad sectors can sometimes be *fixed* by overwriting them. Yes, this is true. Several years ago, I had a disk which was slowly going bad; I performed a sort of weekly preventive maintenance by remounting it read-only, reading and rewriting each sector on the disk via the/dev entry, and then mounting it read-write again. I had noticed that I was getting occasional read errors on rarely updated files, and this cured the problem for a while. However, the disk was still defective, and my userland hack was just a stopgap. Ultimately some areas became completely unusable, and I retired it when I could afford a replacement.
If scandisk reports a few read errors (on a DOS partition, given the posts above), it's almost certainly a media problem. Sometimes trying to read the same bad sector several times will eventually yield correct data, especially on older drives. That doesn't mean it won't eventually degrade past the point where you can do that, or that the media will not develop the same problem in the future. The magnetic layer may still lose its polarization over time in that same spot, due to a subtle manufacturing flaw, or perhaps the track alignment will continue to drift until some areas develop read errors when not periodically refreshed.
Last time I used scandisk, the media test seemed to be a simple read test for each sector in a partition/slice. It does also do filesystem verification, of course, but that is a separate pass which can be turned on or off independently.
I'm not even sure how you could instruct it to perform any tests on a non-FAT partition, as you instruct it where to work by giving it a drive letter. If there was a way, I suppose it might get confused and try to read from nonexistent sector addresses. But what kind of user would have a non-DOS partition and try to scan it with DOS tools, and then complain to the manufacturer when that failed? The comment to which I replied seemed to be saying this was a common occurrence!
A classic scenario is someone receiving bad sector warnings from Scandisk. This definitely does not mean the drive has bad sectors, only that scandisk can't read the data at those points (most likely the result of corrupt data).
If scandisk can't read the data, that means that the drive didn't return any. The driver or BIOS (depending on where you run scandisk from) aren't going to make any judgments about whether to pass on what they get from the controller. It means that not only does the drive have bad sectors, but it couldn't even detect the problem while the errors were still correctable and transparently remap the sector.
It's the job of the disk to keep the data from becoming "corrupt". There is nothing I can write from software which will cause scandisk to report new bad sectors.
. . . Todman shoved large quantities of lard and cardboard into the inlet without the pump suffering any ill effects. It could even mix materials used by the food industry. "It doesn't simply mix -- it macerates," says Todman.
Interesting, this sounds very much like the Windhexe story which was posted a couple months ago.
Actually the behavior is not the same unless the first operand is unsigned.
-1 % 8 == -1 -1 & 7 == 1
So it can't freely perform that strength reduction.
GCC on i386 will actually convert the % 8 into a multiply! Look at the generated asm if you don't believe me. (It can only do that when the divisor is constant.)
You have redefined democracy more narrowly, perhaps as "constitutional representative democracy". Perhaps that is what the US is theoretically in the business of creating. Whatever.
I'll be happy to join Bush in condeming Hussein as evil, although not because "he tried to kill my daddy". That doesn't mean that replacing him with anything which will actually improve the lot of the average Iraqi is easy, or that military force is the best way to do it.
The nascent Kurdish state in Northern Iraq is interesting. It sure makes the Turks nervous, because they have a large Kurd population. Left to itself, Iraq may splinter several ways. Even if that is ultimately for the best, a violent transition to such a state is not.
Indeed, so far, the US has not acted unilaterally; unless perhaps you consider our documented placement of CIA agents among the inspectors back in 1998:) We have said repeatedly that we keep the option of unilateral action open. You are criticizing UN member states for operating *via the UN*, calling that unilateral. It's not, it doesn't compare to saying "we reserve the right to ignore whatever decision comes out of the UN". A veto is still playing by the rules.
Re:Creators the Democracy?
on
Tuxedo Park
·
· Score: 1
The defense of Western Europe? Let's see, where were the major US military actions since 1945... Korea, Vietnam, and Iraq. Not to mention endless meddling in South America, where we have several times replaced one brutal dictator with another who was even worse. How is any of that "defending Western Europe"? Only recently, after the Soviet Union crumbled and stopped maintaining its iron grip on the satellite states in Eastern Europe, has any intervention in Europe been necessary.
After WWII, we were in a far better position than any other industrialized nation. The only direct attack we suffered was in Hawaii, compared to Europe, where a lot of transportation and manufacturing capacity was destroyed by bombing. Our foreign policy has largely been maintenance of our superior position. Whether that is good is another discussion; but to pretend otherwise is deliberate ignorance.
I did not forget the origins of Germany's constitution. I think it serves to demonstrate that there is nothing magically good and holy about such "created democracies". They may be better than the alternatives, but you are too quick to assume it is best to go about "creating democracy" wherever we wish.
The purest form of democracy is mob rule. In a government there is always a minority of people who do not consent to the rules, and a minority of rules to which people do not consent. Societies which keep everyone working together to a certain extent, whether they like it or not, just seem more succesful.
The last time the US went to Iraq, we conferred no benefits on them. None. There was no rebuilding and no aid. Just bombings which killed many, followed by sanctions which starved many more.
What the Germans and the French find offensive is that the US feels it can make these decisions alone--the Bush administration wants to violate a UN resolution to enforce that same UN resolution And that our policy on Iraq is partly personal vendetta and partly in the service of cheap oil; improving the life of the average Iraqi is the last of our concerns.
Re:Creators the Democracy?
on
Tuxedo Park
·
· Score: 1
The constitution Germany had before WWII was modeled on the US constitution. They had a democracy before the war, and they voted to make Hitler supreme dictator.
In general, US foreign policy is far more concerned with maintaining regimes which permit US corporations to exploit the local natural resources and cheap labor. Occasionally we dress it up as "creating democracy" or "fighting communism" or "fighting terrorism", because our voters are naive enough to go for such things.
I was actually using the same technique for disconnecting users from a netquake server as far back as 1998. The funny part is, I was using it to administer my clan's own server, because there was no way to ban users based on nick or IP from the server console yet.
I recently wrote an application which managed about 200 outbound TCP connections per second from a single thread. Each connection went through about three request/response steps before it was closed. Typically there were about 4000 simultaneous connections open, so the average lifetime would obviously be somewhere around 20 seconds.
With a state machine it's really not difficult. Had I used/dev/kqueue (this was on FreeBSD) instead of select(), it probably could have scaled up to the point of using all the network bandwidth available to the host.
I agree that TCP is overused, and that depending on the OS to manage session state is not always the best solution. Certainly for a lightweight application like asking how many players are currently on a game server, a stateless ping-pong over UDP makes more sense. But TCP performance is not nearly as lousy as you claim, if you write the client properly.
I think the executable versions, library versions, and specific configurations of services vary a lot more between Linux boxen than Windows hosts. There is much less of a monoculture problem, so it is more difficult for any single worm to infect a large fraction of hosts.
Still, as Linux slowly gains desktop market space and the level of security awareness of the average user declines, it is conceivable that it will become more hospitable to Nimda/Klez-scale worm epidemics. Also Linux tends to run more services; a Windows 98 box is very difficult to compromise remotely because it has almost no interfaces to subvert. We probably won't be at the same level of susceptibility as Micros~1 platforms for a while, though.
Slashdot Mirror
It is not up to the operating system to determine what is whose information.
What's the point in distinguishing between users at all, then?
Memory freed by another process without being previously zeroed out can be given to another process through a malloc() call with that data intact.
Name one modern multiuser operating system which works this way.
You can't.
You can name lots of places where it does happen, yes. Embedded systems, DOS and Win9x, etc. Generally the same places where memory protections are weak to begin with.
It's about lazy programmers who don't feel the need to call a quick zero blit on the memory before it's free'd.
If this was a necessary part of the process, free() would do it. But of course it makes much more sense to do this between processes, which is where it gets done.
If you would spend 30 seconds searching MSDN, you would see the documentation contradicts your assertions about Windows not zeroing pages before handing them to user processes. Perhaps Windows NT once had a bug in this respect, but the correct behavior is still obvious.
Your ignorance is so determined it verges on trolling. You can take this chance to learn something from the many posters who have corrected you, or you can continue to make an ass of yourself.
I did read it. Typically one site isn't receiving a huge number of messages from a single spammer. You get a few here and there addressed to a small subset of your users. This doesn't necessarily decrease a spammer's throughput when they have a diverse list of emails to work with, *even if everyone does it*.
Not to one server... read my reply to the other message just above yours.
That works, although the more clever spammers I have seen operate from a large pool of source IPs and target MTAs. (I'm not suggesting 20k connections to one mail server!) And it creates problems if you are receiving a significant volume of spam and real messages from the same place. You would want to exempt any other hosts which provide backup service (via MX priorities) for your domain, for example.
A tarpit is a network countermeasure, whereas algorithmic filtering is a way of identifying spam, typically so that a user doesn't have to see it. How can you compare them directly?
If these tarpits were ubiquitous, they could completely change the economics of spam, creating a scarcity of bandwidth experienced only by spammers.
/dev/kqueue under FreeBSD, for example; and you can do the same, but with a bit more CPU wasted, using plain old select() on almost any Unix.
:(
Err, I don't think so. This just requires spammers to use more simultaneous connections to overcome the slowdown; it doesn't really increase their network requirements much, only their host CPU requirements. 20,000 simultaneous TCP connections from one process is quite possible with
I also don't understand the rationale behind processing the message incrementally. Why not just do your processing before sending back the final 2xx response to the DATA command? Most spam software does not hang up right after sending the final "\r\n.\r\n" from what I've heard from people who run tarpits.
How about this instead: when you are confident you are receiving spam, you stop reading from the socket entirely, and send perhaps 10MB of data back on the other side of the connection. (If the other endpoint isn't reading, and consequently you can only send one window worth of data, then do something to get your TCP stack to generate a lot of useless ACKs, or send your trash back one octet at a time and push between them, or something.) The intent being that sending spam to a large number of MTAs configured in this manner rapidly just becomes a way to DDOS *yourself*. Probably this is too disruptive for most sites to want to bother implementing, though
I don't know exactly what the profit margin for spammers is like, but I'm not convinced a small multiplier in network costs is going to matter. Anyway, a lot of these "countermeasures" are mostly going to hurt maintainers of open relays, but if that means they actually fix them, I suppose that is almost as good.
What a savings!
But what company loses a whole day of business because their website is down for one day? You can't just evenly divide up their revenue for a year into business days and remove one, and then claim they lost that amount of money. If a grocer or a florist is closed, sure. But if am planning a major purchase and a website is down the day I decide what to buy, most likely I will just try again later.
Oh, and please try to see criminals as human beings before you put them to death. The most basic function of government is to prevent retribution killings, as any anthropologist could tell you.
"Text processing has made it possible to right-justify any idea, even one
which cannot be justified on any other grounds."
-- J. Finnegan, USC.
Based on some of the horrible jokes I'm seeing here, this one should fit right in.
... one of the main causes of the fall of the Roman Empire was that,
lacking zero, they had no way to indicate successful termination of
their C programs.
-- Robert Firth
tenth century A.D., and lasted until about 1957, when FORTRAN abandoned the
practice."
I believe the cookie file credits a Sun reference manual for this gem.
"I'm not interrupting you, I'm putting our conversation in full-duplex mode."
- Antone Roundy
That's good, I'll have to remember that.
"I *made up* the term 'object-oriented,' and I can tell you I did *not*
have C++ in mind."
- Alan Kay, one of the inventors/designers of Smalltalk.
In the same vein:
"C++: an octopus made by nailing extra legs onto a dog" -- Steve Taylor, 1998
A computer without a Microsoft operating system is like a dog without bricks tied to its head.
I love this one. I first saw it as a tagline on Slashdot, do you know who to credit for it?
Kuro5hin had a similar thread last year, with some hilarious comments in it.
A personal favorite I heard from a coworker years ago:
Q. Why does the condemned man get a last cigarette, instead of one of those
through-the-skin stick-on nicotine thingies?
A. Don't patch the executable.
Ahh, so what you are saying is that bad sectors can sometimes be *fixed* by overwriting them. Yes, this is true. Several years ago, I had a disk which was slowly going bad; I performed a sort of weekly preventive maintenance by remounting it read-only, reading and rewriting each sector on the disk via the /dev entry, and then mounting it read-write again. I had noticed that I was getting occasional read errors on rarely updated files, and this cured the problem for a while. However, the disk was still defective, and my userland hack was just a stopgap. Ultimately some areas became completely unusable, and I retired it when I could afford a replacement.
If scandisk reports a few read errors (on a DOS partition, given the posts above), it's almost certainly a media problem. Sometimes trying to read the same bad sector several times will eventually yield correct data, especially on older drives. That doesn't mean it won't eventually degrade past the point where you can do that, or that the media will not develop the same problem in the future. The magnetic layer may still lose its polarization over time in that same spot, due to a subtle manufacturing flaw, or perhaps the track alignment will continue to drift until some areas develop read errors when not periodically refreshed.
Last time I used scandisk, the media test seemed to be a simple read test for each sector in a partition/slice. It does also do filesystem verification, of course, but that is a separate pass which can be turned on or off independently.
I'm not even sure how you could instruct it to perform any tests on a non-FAT partition, as you instruct it where to work by giving it a drive letter. If there was a way, I suppose it might get confused and try to read from nonexistent sector addresses. But what kind of user would have a non-DOS partition and try to scan it with DOS tools, and then complain to the manufacturer when that failed? The comment to which I replied seemed to be saying this was a common occurrence!
A classic scenario is someone receiving bad sector warnings from Scandisk. This definitely does not mean the drive has bad sectors, only that scandisk can't read the data at those points (most likely the result of corrupt data).
If scandisk can't read the data, that means that the drive didn't return any. The driver or BIOS (depending on where you run scandisk from) aren't going to make any judgments about whether to pass on what they get from the controller. It means that not only does the drive have bad sectors, but it couldn't even detect the problem while the errors were still correctable and transparently remap the sector.
It's the job of the disk to keep the data from becoming "corrupt". There is nothing I can write from software which will cause scandisk to report new bad sectors.
. . . Todman shoved large quantities of lard and cardboard into the inlet without the pump suffering any ill effects. It could even mix materials used by the food industry. "It doesn't simply mix -- it macerates," says Todman.
Interesting, this sounds very much like the Windhexe story which was posted a couple months ago.
Actually the behavior is not the same unless the first operand is unsigned.
-1 % 8 == -1
-1 & 7 == 1
So it can't freely perform that strength reduction.
GCC on i386 will actually convert the % 8 into a multiply! Look at the generated asm if you don't believe me. (It can only do that when the divisor is constant.)
You have redefined democracy more narrowly, perhaps as "constitutional representative democracy". Perhaps that is what the US is theoretically in the business of creating. Whatever.
:) We have said repeatedly that we keep the option of unilateral action open. You are criticizing UN member states for operating *via the UN*, calling that unilateral. It's not, it doesn't compare to saying "we reserve the right to ignore whatever decision comes out of the UN". A veto is still playing by the rules.
I'll be happy to join Bush in condeming Hussein as evil, although not because "he tried to kill my daddy". That doesn't mean that replacing him with anything which will actually improve the lot of the average Iraqi is easy, or that military force is the best way to do it.
The nascent Kurdish state in Northern Iraq is interesting. It sure makes the Turks nervous, because they have a large Kurd population. Left to itself, Iraq may splinter several ways. Even if that is ultimately for the best, a violent transition to such a state is not.
Indeed, so far, the US has not acted unilaterally; unless perhaps you consider our documented placement of CIA agents among the inspectors back in 1998
The defense of Western Europe? Let's see, where were the major US military actions since 1945... Korea, Vietnam, and Iraq. Not to mention endless meddling in South America, where we have several times replaced one brutal dictator with another who was even worse. How is any of that "defending Western Europe"? Only recently, after the Soviet Union crumbled and stopped maintaining its iron grip on the satellite states in Eastern Europe, has any intervention in Europe been necessary.
After WWII, we were in a far better position than any other industrialized nation. The only direct attack we suffered was in Hawaii, compared to Europe, where a lot of transportation and manufacturing capacity was destroyed by bombing. Our foreign policy has largely been maintenance of our superior position. Whether that is good is another discussion; but to pretend otherwise is deliberate ignorance.
I did not forget the origins of Germany's constitution. I think it serves to demonstrate that there is nothing magically good and holy about such "created democracies". They may be better than the alternatives, but you are too quick to assume it is best to go about "creating democracy" wherever we wish.
The purest form of democracy is mob rule. In a government there is always a minority of people who do not consent to the rules, and a minority of rules to which people do not consent. Societies which keep everyone working together to a certain extent, whether they like it or not, just seem more succesful.
The last time the US went to Iraq, we conferred no benefits on them. None. There was no rebuilding and no aid. Just bombings which killed many, followed by sanctions which starved many more.
What the Germans and the French find offensive is that the US feels it can make these decisions alone--the Bush administration wants to violate a UN resolution to enforce that same UN resolution And that our policy on Iraq is partly personal vendetta and partly in the service of cheap oil; improving the life of the average Iraqi is the last of our concerns.
The constitution Germany had before WWII was modeled on the US constitution. They had a democracy before the war, and they voted to make Hitler supreme dictator.
In general, US foreign policy is far more concerned with maintaining regimes which permit US corporations to exploit the local natural resources and cheap labor. Occasionally we dress it up as "creating democracy" or "fighting communism" or "fighting terrorism", because our voters are naive enough to go for such things.
There was an attack on early versions of Quake 2 which worked like that.
I was actually using the same technique for disconnecting users from a netquake server as far back as 1998. The funny part is, I was using it to administer my clan's own server, because there was no way to ban users based on nick or IP from the server console yet.
I recently wrote an application which managed about 200 outbound TCP connections per second from a single thread. Each connection went through about three request/response steps before it was closed. Typically there were about 4000 simultaneous connections open, so the average lifetime would obviously be somewhere around 20 seconds.
/dev/kqueue (this was on FreeBSD) instead of select(), it probably could have scaled up to the point of using all the network bandwidth available to the host.
With a state machine it's really not difficult. Had I used
I agree that TCP is overused, and that depending on the OS to manage session state is not always the best solution. Certainly for a lightweight application like asking how many players are currently on a game server, a stateless ping-pong over UDP makes more sense. But TCP performance is not nearly as lousy as you claim, if you write the client properly.
I think the executable versions, library versions, and specific configurations of services vary a lot more between Linux boxen than Windows hosts. There is much less of a monoculture problem, so it is more difficult for any single worm to infect a large fraction of hosts.
Still, as Linux slowly gains desktop market space and the level of security awareness of the average user declines, it is conceivable that it will become more hospitable to Nimda/Klez-scale worm epidemics. Also Linux tends to run more services; a Windows 98 box is very difficult to compromise remotely because it has almost no interfaces to subvert. We probably won't be at the same level of susceptibility as Micros~1 platforms for a while, though.