SO DON'T SIGN IT. It's your choice to sign up for an ISP that has a crazyass EULA.
Like hell it is. My ISP only exists because they managed to get special right-of-way priviledges from the government for their wires, and it is (in my area) 100% free from broadband competition because of those priviledges and because they successfully lobbied for anticompetitive state laws.
So, since they're a government-granted monopoly, is it really so unreasonable to expect them to behave like one?
Having done that it is your responsibility to make sure the machine is programmed to respond sensibly to whatever requests are made.
This is a nice philosophy; however it is completely contrary to federal law. For example, hacking into someone else's computer is illegal, despite the fact that the ability to do so implies that your target was not "sensibly" programmed.
Even those of us who have kept up to date with security issues have problems with these worms, though. So your OS is smart enough not to be crashed by ICMP packets; does that mean you wouldn't mind being ping flooded?
Terrorists don't need good, convenient crypto to send their credit card numbers out of a standard web browser, or to send encrypted email seamlessly to their friends. If they did, maybe crypto restrictions would mean something.
Terrorists need to send occasional messages to their co-conspirators without them being detected. And what kind of idiot terrorist is going to use a convenient standard cryptography package for that? Even if your messages are encrypted, that PGP header is suspicious looking...
Terrorists don't need to send messages through SMTP! They're going to wrap their crypto in other data, steganographically... and since there are a million such ways to hide random data undetectably, the fact that the data they're hiding is the (header-stripped) output of an illegal encryption tool won't faze them one bit.
A few small fixes, but mainly this puts everything on a second chain, so that only incoming HTTP requests will have to go through hundreds of ipchains rules.
#!/bin/sh
if [ ! "`ipchains -n -L block80`" ]
then ipchains -N block80
fi
if [ ! "`ipchains -L input | grep block80`" ]
then ipchains -A input -p tcp --syn -d 0/0 80 -j block80
fi
for LUSER in `egrep "winnt|default\.ida"/var/log/httpd/error_log* | awk '{print $8}' | sed -e 's/]//' | sort | uniq`; do
if [ ! "`ipchains -L -n | grep $LUSER`" ]
then ipchains -A block80 -s $LUSER -d 0/0 -j DENY
echo "Blocking $LUSER"
fi
done
Adding ipchains rules will cause your machine to ignore the packets, but they're still consuming time on your DSL/cable/whatever link.
It's still a small improvement for those of us with home webservers, which will now just get and drop a couple SYN packets, rather than playing along through a whole HTTP request.
About time they invented a new kind of war!
on
A New Kind of War
·
· Score: 2
Do a damn web search before you start insulting people, would you? It took me about two seconds for a Google search on "terrorists steganography pornography" to turn up, from ZDNet,
During the recent U.S. Embassy bombing case, several documents came to light that suggest Osama bin Laden and his associates have been using steganography to hide terrorist plans inside pornography and MP3 files that are freely distributed over the Internet.
They're referencing a USAToday story with more details, which you might read if for any reason you'd like to look like less of an ignorant twit tomorrow.
Whoopsie! That could have been an encrypted message!
So could just about any multimedia file on the internet. Did that MP3 come out sounding lousy because you used an old encoder, or because you tried to pack in too many encrypted bytes? Do those photos on your web page look grainy because you used too fast a shutter speed, or because you've got hidden data in the low order bits? Does that AVI take up too much space because you used a codec optimized for slow CPUs, or because you packed explosives_manual.txt into it somehow?
Superficially, the steganography problem looks a whole lot like watermarks: one side wants to pack hidden data into a media file, the other wants to stop it... but it's completely lopsided in the other direction, because while we can filter and reencode the CD industry's "secure" data files to our hearts' content, the government doesn't have write access to a hundred million webpages.
Preventing, or even detecting, the use of cryptography is impossible! It's like trying to legislate pi=3, except it's a bit harder to explain the problem to your Congressman...
I also find it interesting that the/. crowd decries the use of Smart Tags (because they change content) but is more than happy to change content they DON'T like (popups and banner ads). Do I smell a note of hypocrisy here?
So I go to foo.com's webpage. I expect foo.com's software to give me the content they want to let me have, and I expect my software to display it based on my personal preferences. Nowhere does a third party need to enter into that transaction. This is not hypocritical, because I extend to Microsoft employees the same priviledge: to view what web sites they visit in the way they choose. If the Apache authors were to insert code that added a "Replace IE now!" button to the top of each webpage requested by Internet Explorer, I would find that just as offensive.
I'm pretty sure the government has no wishes to read your email or spy on your telnet sessions.
If by "the government", you mean President Bush, I agree completely. You'd probably be right about 99% of Congress, too. If the government was a monolithic hive-mind, we'd have no more worries.
But isn't the NSA part of the government? The FBI? The CIA? The Houston Police Department? The State Senator you've been helping a political campaign against? The FBI agent that Senator asked for wiretapping assistance, who thinks your Slashdot posts smack of communism? The sysadmin who set up that agent's computer, who thinks he can snag blackmail-worthy personal information with a ten line perl script? The script kiddie who found a computer left unpatched by that sysadmin over a 3-day weekend?
If I send an encrypted message from myself to my friend, then unless one of us gives it away or one of our computers has been compromised, our message is safely restricted to us. Do you think it's that easy to safely restrict that message to 3 people instead of 2? No. 300, maybe.
But this particular issue doesn't sound to me like it will really affect any of us
Not all of us. Everybody who never sends private information over the internet should be fine.
unless the government have reason to believe there is a national security issue.
When will the government not have reason to believe there is a national security issue, now? When terrorists around the world decide to work toward peace through song instead? Perhaps measures like this would be palatable if this were a real war (although if it was, wouldn't the last thing we want be civilians' "loose lips" flapping unencrypted?), but real wars end eventually. This threat will never end, and so anyone who suggests a "temporary" measure towards reducing it is trying to sell you a lie.
who exactly is gonna make the terrorists all upgrade to the new version?
Simple: The FBI is, when they knock on the terrorist doors.
If your computer is caught sending packets that are labeled (e.g. GPG headers) as encrypted, your computer will either be bugged to get your password or seized to search for plaintext secrets. In theory, this will allow terrorists to be subjected to legal scrutiny while they are still conspiring about acts of terrorism but before those acts are committed.
In reality, it won't work that way:
Steganography will defeat this. Perfectly compressed data looks like white noise, and the amount of white noise speeding around the internet as pornography alone (where I have already seen it speculated that terrorist messages have been exchanged, in low order bits) is billions of times greater than the amount of data terrorists need to exchange. Will the government replace the internet by something that proxies every webserver , P2P network, and email with a watermark-scrambler?
Codes will defeat this. Forget the "little black book" codes, where "picnic" => "New York City" and "ants" => September. Imagine codes where your choice of synonyms in an email supplies a bit or two per word, and a few CD-Rs of one time pad data (yes, I've heard terrorists occasionally meet face to face!) supply an effectively unlimited amount of unbreakable encryption even against those who figure out the synonym code.
Those CD-Rs will make the steganographic watermarks undetectable, as well - maybe PGP output can be distinguished from random noise somehow, but a one-time pad's output can't.
Let's not limit those face-to-face meetings to passing CD-Rs, either. There was nothing about this attack that was difficult, just unthinkable. They didn't need videoconferencing to pull it off, just a few conferences in rooms without hidden mikes!
In otherwords, we're giving the government authority to review every law abiding citizen's digital communications, without judicial oversight (the FBI had your email, and you're going to take their word for it that nobody, with or without official permission, looked at it?), and without impairing the ability for lawbreakers to engage in undetected low-bandwidth communications (and you don't exactly need to videoconference to plan a terrorist attack) at all.
Are you sure you need a Linux kernel controlling every tiny change of every low level actuator in your robot? Probably not. In general, you need Linux because of it's available software tools (being able to ssh to your robot, run gdb on your control software, etc. is nice) and because of the relatively heavy CPU power you can run it on.
For those sensors and actuators, you may want more low level control. You can get a 25Mhz PIC for $5-10, for example, and compile C code (a few kilobytes of it, anyway, with 8 and 16 bit integer arithmetic) to control a dozen A/D and D/A channels with latency in the hundreds of microseconds. You basically use the microcontrollers running your raw code (no OS) to handle closed-loop control of individual subsystems, then have them controlled in turn (by serial, I2C, or something else you can hook up to a PC easily) by a microprocessor running Linux.
And you might be surprised in the end. Our robot was originally intended to work as above... but when time pressures hit, we discovered that our requirements for the master controller weren't as great as we estimated, and we managed to get away with using a PIC for that too.
The PIC isn't the only microprocessor out there... and it's got lots of limitations. The program memory is frighteningly small, the arithmetic precision is lousy, we had to try about three compilers before we found one that worked to our satisfaction... but it worked fine in the end. A piece of advice: even more important than these worries about your original design is *getting it prototyped early* and working out all the bugs. Our robot, for example, kept failing because a few damn interconnection wires kept coming loose... Some friends of mine never got much in the way of working hardware because they just didn't realize that this was a multi-thousand man-hour project, and didn't have enough available time budgeted.
Don't bother preventing the bad guys from having guns, just give everybody on the plane a gun and then trust their judgment to know when to shoot and when to just let the hijackers have their way?
Imagine how horrible that would be. Assuming suicidal hijackers never learn from their mistakes, you could see a dozen lives lost every year, which would mount up to yesterday's death toll in a few centuries.
There's got to be a better solution, but this one isn't half-bad.
Good point, AC! Too many people are advocating insane retaliation levels (nuclear weapons?! genocide?!) without knowing all the facts.
Anyway, that little bit of news disgusted me. Something like $50 million dollars were given to a fucking police state theocracy because they'd been successful at reducing opium exports!
I don't want to jump to conclusions; I don't know if Ben Ladin was responsible for today's disaster... but that money went from corrupt politicians to totalitarian monsters, whether they happen to be today's monsters or not.
CNN is claiming that this is an Afghanistan civil war battle, and not a USA attack.
God, I hope so. For the US to respond in force in less than 12 hours would practically imply that someone giving orders knew about the trade center attacks before they happened.
If half a dozen guys decide to hijack airplanes and crash them into major buildings, no defense shield or anything else will help.
No, it won't. But take a break for a moment from our shared disbelief that a half dozen airliners could kill thousands of people... and reflect on the fact that missile defense is intended to stop weapons that can kill millions of people, with one warhead. Even if there is never a terrorist-launched missile, just having a defense against accidental launch may be worth it.
Willing to suffer the consequences???
on
DivX;) Goes Legit
·
· Score: 3, Insightful
But don't go forgetting that Ghandi, Washington, and King were all willing, and for a great portion did, suffer the legal consequences of their moral actions.
I don't know where you read about the history of the "Revolutionary Sit-In", but in my history books George Washington led a whole lot of men with guns attempting to kill anyone who tried to enforce those legal consequences.
Just a little perspective, before you get too harsh on those people who are still merely trying to avoid getting caught breaking unconstitutional laws.
The cover has fallen off half my Heinlein paperbacks, a couple of my books are at the "stack of unbound pages" state, and replacement cost for my library (assuming I could find everything at used bookstores) would be thousands of dollars.
It's still legal for me to buy a scanner and spend thousands of hours (hundreds of thousands if I'm unwilling to destroy the books in the process) scanning and OCRing everything I own. But I gather it's not legal for me to obtain the same result as a copy of the.txt file from someone else's similar labor. Screw legality, it's still moral to me, as long as I'm only downloading copies of books I already own. So where's the cache of underground science fiction books that has Ellison going psycho?
This equation tells us how much energy we get from reactions that destroy mass, such as the radioactive decay of elements inside the Earth, or the nuclear fusion inside the Sun.
Now, if you want light in the past to travel, say, 6 billion (current) light years in the space of 6000 years, you need to speed it up one million times. In other words, you increase the amount of energy released by nuclear reactions by one trillion.
I'm not an astrophysicist, and the question "what would happen to the Sun if fusion released a trillion times as much energy" is a complicated one, but even if it didn't go nova I'd be surprised if Earth was still at a comfortable temperature.
I'm not a geophysicist either, but the question "what would happen to the Earth if radioactive elements released a trillion times as much energy" is a relatively (excuse the pun) easy one. Estimating the heat production of the Earth's core in this fashion at 4 * 10^13 watts, we can calculate the heat production of the early creationist Earth to be approximately 4 * 10^25 watts.
For comparison's sake, the Earth currently receives (1353 W/m^2) * pi * (6,360,000 m)^2 = approximately 1.7 * 10^17 watts from the Sun. So really, even if there was no Sun shining on Adam and Eve, they would still be getting about 230 times as much energy as we do today, raising the equilibrium temperature of the planet to a nice toasty 750 degrees Celsius. Maybe that explains Noah's flood, huh? All that water to cover the planet must have been in water vapor form before we cooled to under boiling temperatures.
Of course, if you want to explain just how *much* of those radioactive elements have decayed away in the multi-billion year old rocks we find lying around, you have to increase the rate of reaction (m, in the above equation) by another million fold. That brings our equilibrium temperature to about 5600 degrees Celsius... but wait, at that temperature all the rock is molten and radioactive decay products wouldn't get trapped next to their generating elements anyway.
I love creationist theories. My personal favorite are the wacky explanations of where all the water for Noah's flood came from ("vapor canopy"? anyone want to calculate the air pressure under something like that!?) and where it went.
For future reference, if you really think that Genesis is literal truth and God behaves like a parlor magician, then answers like "He created starlight already on it's way to Earth" and "he made ten million cubic miles of water teleport to deep space", however implausible sounding, are irrefutable. Once you try to explain miracles in terms of science, you're going to have to deal with its conclusions.
I did that for months on end - Windows would crash repeatedly, and XFree86 (not the kernel, at least) would lock up often with the nvidia drivers, whereas everything would be perfectly stable with the open source nv driver.
Upgrading the Nvidia drivers didn't help; upgrading the power supply did. Nvidia makes hungry cards; a lot of motherboard vendors make dodgy AGP implementations. My 250 watt power supply was apparantly just at the edge of stability with my system, whereas with 400 watts to draw from everything runs just fine. You might also try plugging the video card fan directly into your power supply or motherboard, so it doesn't have to take it's juice through the AGP slot. Hackish, I know, but every little bit can help.
Re:Servers were never allowed out on cable
on
Broadband Crackdown
·
· Score: 2
So please, stop deflecting the blame when really you yourselves (or your friends who don't patch) are at fault.
You have a 5-digit Slashdot user ID, and yet you seem to believe that someone here is "friends" with administrators of unpatched Microsoft webservers? Where have you been hiding? Half the people here wouldn't be friends with administrators of *patched* Microsoft webservers...
but what makes you believe that this patch is the ultimate cure of IIS security bugs?
What makes you believe that this webserver is the ultimate cause of computer security bugs?
Currently my own computer system is accepting untrusted input through (to name a few) openssh, samba, XFree86, pine, mozilla, and identd. I can recall installing security updates at least once over the past four years for all but the last two programs, and I may have forgotten a security update (or thought of it as a functionality update) for them.
I'm sure you're happily using Apache and Sendmail; check your logs sometime. You see those 90% of users running IE and Outlook? Wanna guess how many of them are patched against the dozen remote root exploits that have been found in those client-side programs?
Running a patched IIS may not be the epitome of anti-lameness, but it's far enough above the median internet shmoe that you might as well be friendly to the guy.
Slashdot Mirror
So is it legal to crack someone else's computer in England? That sounds unlikely.
SO DON'T SIGN IT. It's your choice to sign up for an ISP that has a crazyass EULA.
Like hell it is. My ISP only exists because they managed to get special right-of-way priviledges from the government for their wires, and it is (in my area) 100% free from broadband competition because of those priviledges and because they successfully lobbied for anticompetitive state laws.
So, since they're a government-granted monopoly, is it really so unreasonable to expect them to behave like one?
Having done that it is your responsibility to make sure the machine is programmed to respond sensibly to whatever requests are made.
This is a nice philosophy; however it is completely contrary to federal law. For example, hacking into someone else's computer is illegal, despite the fact that the ability to do so implies that your target was not "sensibly" programmed.
Even those of us who have kept up to date with security issues have problems with these worms, though. So your OS is smart enough not to be crashed by ICMP packets; does that mean you wouldn't mind being ping flooded?
Terrorists don't need good, convenient crypto to send their credit card numbers out of a standard web browser, or to send encrypted email seamlessly to their friends. If they did, maybe crypto restrictions would mean something.
Terrorists need to send occasional messages to their co-conspirators without them being detected. And what kind of idiot terrorist is going to use a convenient standard cryptography package for that? Even if your messages are encrypted, that PGP header is suspicious looking...
Terrorists don't need to send messages through SMTP! They're going to wrap their crypto in other data, steganographically... and since there are a million such ways to hide random data undetectably, the fact that the data they're hiding is the (header-stripped) output of an illegal encryption tool won't faze them one bit.
A few small fixes, but mainly this puts everything on a second chain, so that only incoming HTTP requests will have to go through hundreds of ipchains rules.
/var/log/httpd/error_log* | awk '{print $8}' | sed -e 's/]//' | sort | uniq`; do
#!/bin/sh
if [ ! "`ipchains -n -L block80`" ]
then ipchains -N block80
fi
if [ ! "`ipchains -L input | grep block80`" ]
then ipchains -A input -p tcp --syn -d 0/0 80 -j block80
fi
for LUSER in `egrep "winnt|default\.ida"
if [ ! "`ipchains -L -n | grep $LUSER`" ]
then ipchains -A block80 -s $LUSER -d 0/0 -j DENY
echo "Blocking $LUSER"
fi
done
Adding ipchains rules will cause your machine to ignore the packets, but they're still consuming time on your DSL/cable/whatever link.
It's still a small improvement for those of us with home webservers, which will now just get and drop a couple SYN packets, rather than playing along through a whole HTTP request.
All the old kinds really sucked.
"Otto, there's a Gremlin on the side of the bus!"
Do a damn web search before you start insulting people, would you? It took me about two seconds for a Google search on "terrorists steganography pornography" to turn up, from ZDNet,
During the recent U.S. Embassy bombing case, several documents came to light that suggest Osama bin Laden and his associates have been using steganography to hide terrorist plans inside pornography and MP3 files that are freely distributed over the Internet.
They're referencing a USAToday story with more details, which you might read if for any reason you'd like to look like less of an ignorant twit tomorrow.
Whoopsie! That could have been an encrypted message!
So could just about any multimedia file on the internet. Did that MP3 come out sounding lousy because you used an old encoder, or because you tried to pack in too many encrypted bytes? Do those photos on your web page look grainy because you used too fast a shutter speed, or because you've got hidden data in the low order bits? Does that AVI take up too much space because you used a codec optimized for slow CPUs, or because you packed explosives_manual.txt into it somehow?
Superficially, the steganography problem looks a whole lot like watermarks: one side wants to pack hidden data into a media file, the other wants to stop it... but it's completely lopsided in the other direction, because while we can filter and reencode the CD industry's "secure" data files to our hearts' content, the government doesn't have write access to a hundred million webpages.
Preventing, or even detecting, the use of cryptography is impossible! It's like trying to legislate pi=3, except it's a bit harder to explain the problem to your Congressman...
I also find it interesting that the /. crowd decries the use of Smart Tags (because they change content) but is more than happy to change content they DON'T like (popups and banner ads). Do I smell a note of hypocrisy here?
So I go to foo.com's webpage. I expect foo.com's software to give me the content they want to let me have, and I expect my software to display it based on my personal preferences. Nowhere does a third party need to enter into that transaction. This is not hypocritical, because I extend to Microsoft employees the same priviledge: to view what web sites they visit in the way they choose. If the Apache authors were to insert code that added a "Replace IE now!" button to the top of each webpage requested by Internet Explorer, I would find that just as offensive.
I'm pretty sure the government has no wishes to read your email or spy on your telnet sessions.
If by "the government", you mean President Bush, I agree completely. You'd probably be right about 99% of Congress, too. If the government was a monolithic hive-mind, we'd have no more worries.
But isn't the NSA part of the government? The FBI? The CIA? The Houston Police Department? The State Senator you've been helping a political campaign against? The FBI agent that Senator asked for wiretapping assistance, who thinks your Slashdot posts smack of communism? The sysadmin who set up that agent's computer, who thinks he can snag blackmail-worthy personal information with a ten line perl script? The script kiddie who found a computer left unpatched by that sysadmin over a 3-day weekend?
If I send an encrypted message from myself to my friend, then unless one of us gives it away or one of our computers has been compromised, our message is safely restricted to us. Do you think it's that easy to safely restrict that message to 3 people instead of 2? No. 300, maybe.
But this particular issue doesn't sound to me like it will really affect any of us
Not all of us. Everybody who never sends private information over the internet should be fine.
unless the government have reason to believe there is a national security issue.
When will the government not have reason to believe there is a national security issue, now? When terrorists around the world decide to work toward peace through song instead? Perhaps measures like this would be palatable if this were a real war (although if it was, wouldn't the last thing we want be civilians' "loose lips" flapping unencrypted?), but real wars end eventually. This threat will never end, and so anyone who suggests a "temporary" measure towards reducing it is trying to sell you a lie.
Simple: The FBI is, when they knock on the terrorist doors.
If your computer is caught sending packets that are labeled (e.g. GPG headers) as encrypted, your computer will either be bugged to get your password or seized to search for plaintext secrets. In theory, this will allow terrorists to be subjected to legal scrutiny while they are still conspiring about acts of terrorism but before those acts are committed.
In reality, it won't work that way:
In otherwords, we're giving the government authority to review every law abiding citizen's digital communications, without judicial oversight (the FBI had your email, and you're going to take their word for it that nobody, with or without official permission, looked at it?), and without impairing the ability for lawbreakers to engage in undetected low-bandwidth communications (and you don't exactly need to videoconference to plan a terrorist attack) at all.
Did I miss anything?
Are you sure you need a Linux kernel controlling every tiny change of every low level actuator in your robot? Probably not. In general, you need Linux because of it's available software tools (being able to ssh to your robot, run gdb on your control software, etc. is nice) and because of the relatively heavy CPU power you can run it on.
For those sensors and actuators, you may want more low level control. You can get a 25Mhz PIC for $5-10, for example, and compile C code (a few kilobytes of it, anyway, with 8 and 16 bit integer arithmetic) to control a dozen A/D and D/A channels with latency in the hundreds of microseconds. You basically use the microcontrollers running your raw code (no OS) to handle closed-loop control of individual subsystems, then have them controlled in turn (by serial, I2C, or something else you can hook up to a PC easily) by a microprocessor running Linux.
And you might be surprised in the end. Our robot was originally intended to work as above... but when time pressures hit, we discovered that our requirements for the master controller weren't as great as we estimated, and we managed to get away with using a PIC for that too.
The PIC isn't the only microprocessor out there... and it's got lots of limitations. The program memory is frighteningly small, the arithmetic precision is lousy, we had to try about three compilers before we found one that worked to our satisfaction... but it worked fine in the end. A piece of advice: even more important than these worries about your original design is *getting it prototyped early* and working out all the bugs. Our robot, for example, kept failing because a few damn interconnection wires kept coming loose... Some friends of mine never got much in the way of working hardware because they just didn't realize that this was a multi-thousand man-hour project, and didn't have enough available time budgeted.
Don't bother preventing the bad guys from having guns, just give everybody on the plane a gun and then trust their judgment to know when to shoot and when to just let the hijackers have their way?
Imagine how horrible that would be. Assuming suicidal hijackers never learn from their mistakes, you could see a dozen lives lost every year, which would mount up to yesterday's death toll in a few centuries.
There's got to be a better solution, but this one isn't half-bad.
Good point, AC! Too many people are advocating insane retaliation levels (nuclear weapons?! genocide?!) without knowing all the facts.
Anyway, that little bit of news disgusted me. Something like $50 million dollars were given to a fucking police state theocracy because they'd been successful at reducing opium exports!
I don't want to jump to conclusions; I don't know if Ben Ladin was responsible for today's disaster... but that money went from corrupt politicians to totalitarian monsters, whether they happen to be today's monsters or not.
CNN is claiming that this is an Afghanistan civil war battle, and not a USA attack.
God, I hope so. For the US to respond in force in less than 12 hours would practically imply that someone giving orders knew about the trade center attacks before they happened.
If half a dozen guys decide to hijack airplanes and crash them into major buildings, no defense shield or anything else will help.
No, it won't. But take a break for a moment from our shared disbelief that a half dozen airliners could kill thousands of people... and reflect on the fact that missile defense is intended to stop weapons that can kill millions of people, with one warhead. Even if there is never a terrorist-launched missile, just having a defense against accidental launch may be worth it.
But don't go forgetting that Ghandi, Washington, and King were all willing, and for a great portion did, suffer the legal consequences of their moral actions.
I don't know where you read about the history of the "Revolutionary Sit-In", but in my history books George Washington led a whole lot of men with guns attempting to kill anyone who tried to enforce those legal consequences.
Just a little perspective, before you get too harsh on those people who are still merely trying to avoid getting caught breaking unconstitutional laws.
The cover has fallen off half my Heinlein paperbacks, a couple of my books are at the "stack of unbound pages" state, and replacement cost for my library (assuming I could find everything at used bookstores) would be thousands of dollars.
.txt file from someone else's similar labor. Screw legality, it's still moral to me, as long as I'm only downloading copies of books I already own. So where's the cache of underground science fiction books that has Ellison going psycho?
It's still legal for me to buy a scanner and spend thousands of hours (hundreds of thousands if I'm unwilling to destroy the books in the process) scanning and OCRing everything I own. But I gather it's not legal for me to obtain the same result as a copy of the
To me, it means:
Energy = mass * (speed of light) squared
This equation tells us how much energy we get from reactions that destroy mass, such as the radioactive decay of elements inside the Earth, or the nuclear fusion inside the Sun.
Now, if you want light in the past to travel, say, 6 billion (current) light years in the space of 6000 years, you need to speed it up one million times. In other words, you increase the amount of energy released by nuclear reactions by one trillion.
I'm not an astrophysicist, and the question "what would happen to the Sun if fusion released a trillion times as much energy" is a complicated one, but even if it didn't go nova I'd be surprised if Earth was still at a comfortable temperature.
I'm not a geophysicist either, but the question "what would happen to the Earth if radioactive elements released a trillion times as much energy" is a relatively (excuse the pun) easy one. Estimating the heat production of the Earth's core in this fashion at 4 * 10^13 watts, we can calculate the heat production of the early creationist Earth to be approximately 4 * 10^25 watts.
For comparison's sake, the Earth currently receives (1353 W/m^2) * pi * (6,360,000 m)^2 = approximately 1.7 * 10^17 watts from the Sun. So really, even if there was no Sun shining on Adam and Eve, they would still be getting about 230 times as much energy as we do today, raising the equilibrium temperature of the planet to a nice toasty 750 degrees Celsius. Maybe that explains Noah's flood, huh? All that water to cover the planet must have been in water vapor form before we cooled to under boiling temperatures.
Of course, if you want to explain just how *much* of those radioactive elements have decayed away in the multi-billion year old rocks we find lying around, you have to increase the rate of reaction (m, in the above equation) by another million fold. That brings our equilibrium temperature to about 5600 degrees Celsius... but wait, at that temperature all the rock is molten and radioactive decay products wouldn't get trapped next to their generating elements anyway.
I love creationist theories. My personal favorite are the wacky explanations of where all the water for Noah's flood came from ("vapor canopy"? anyone want to calculate the air pressure under something like that!?) and where it went.
For future reference, if you really think that Genesis is literal truth and God behaves like a parlor magician, then answers like "He created starlight already on it's way to Earth" and "he made ten million cubic miles of water teleport to deep space", however implausible sounding, are irrefutable. Once you try to explain miracles in terms of science, you're going to have to deal with its conclusions.
A Red Hat Linux 7.1 system doesn't start any network services by default, and installs a firewall by default.
I was quite happy to see both of these things, by the way; keep up the good work.
7.2 will be even better.
Um... doesn't this contradict your previous sentence? Or will 7.2 start -1 network services, and physically unplug your ethernet cable?
Switched to the 2D XFree86 driver for now..
I did that for months on end - Windows would crash repeatedly, and XFree86 (not the kernel, at least) would lock up often with the nvidia drivers, whereas everything would be perfectly stable with the open source nv driver.
Upgrading the Nvidia drivers didn't help; upgrading the power supply did. Nvidia makes hungry cards; a lot of motherboard vendors make dodgy AGP implementations. My 250 watt power supply was apparantly just at the edge of stability with my system, whereas with 400 watts to draw from everything runs just fine. You might also try plugging the video card fan directly into your power supply or motherboard, so it doesn't have to take it's juice through the AGP slot. Hackish, I know, but every little bit can help.
So please, stop deflecting the blame when really you yourselves (or your friends who don't patch) are at fault.
You have a 5-digit Slashdot user ID, and yet you seem to believe that someone here is "friends" with administrators of unpatched Microsoft webservers? Where have you been hiding? Half the people here wouldn't be friends with administrators of *patched* Microsoft webservers...
Sorry for being such a troll
Well, we all have our off days...
but what makes you believe that this patch is the ultimate cure of IIS security bugs?
What makes you believe that this webserver is the ultimate cause of computer security bugs?
Currently my own computer system is accepting untrusted input through (to name a few) openssh, samba, XFree86, pine, mozilla, and identd. I can recall installing security updates at least once over the past four years for all but the last two programs, and I may have forgotten a security update (or thought of it as a functionality update) for them.
I'm sure you're happily using Apache and Sendmail; check your logs sometime. You see those 90% of users running IE and Outlook? Wanna guess how many of them are patched against the dozen remote root exploits that have been found in those client-side programs?
Running a patched IIS may not be the epitome of anti-lameness, but it's far enough above the median internet shmoe that you might as well be friendly to the guy.