Back when the attrition.org site was still counting defacements, you had an interesting stat: The number of defacements per OS version.
It would be very interesting to keep tabs on the OS versions of cracked systems, if only to avoid recommending them to new ecommerce sites.
Of course, this supposes that the cracked company will want to add shame to embarassment. Hmmm, that will probably require a little nudge.
Maybe friendly BOFHs will "leak" the OS version info in memos titled "I told you so, you freakin' management morons"? Aaaah, that would be the day...
That said, I got an email titled "Please look at that document" that contained the full customer file of a cleaning company, complete with billing info, that they kept in an Excel spreadsheet. Who needs crackers when you have Microsoft MAPI worms?
Good observation. First reason: curiosity. When you hear about a pro-consumer nationwide measure, you want to check it out. The DMA has been running the show for so long that you wonder if you're not going to see a flying pig migration next.
Second reason: my state protection has to be renewed yearly. I forgot to do it last month and I am now swamped with calls. The renewal will take effect in August. I figured that a 5-year protection will be less of a hassle.
I have myself experienced a few crashes of XFree86. It was over the course of a long period, though, and it was due to bugs that have been fixed since then.
I recommend you upgrade your XFree86.
As for the kernel crashing, that happened to me once and it seems to be because of an underlying hadware failure.
Debian has a good stability reputation because they aren't rushing to adopt the latest and greatest desktop toys -- precisely the kind of programs that are susceptible to memory leaks and weird behavior under X. So no, it's not the same thing running underneath, it's a few levels back, tried and true. But if you want the greatest, flashiest novelties, then of course Debian isn't for you.
Overall, I'd agree that you CAN manage to thrash X11. But it takes work or very buggy applications. However, I question the Consumer Report testers' claim to have done so several times within the course of an obviously very naive test. What the heck did they do? Pour coke into the cooling vents?
The Consumer Report monthly managed to produce an inanely stupid report in their 7/03 issue. The title of the gem is " Wal-Martâ(TM)s $300 computer". Excerpts:
Windows, Lindows, whatâ(TM)s the difference? At first glance, the Lindows desktop may seem familiar. But the Lindows directory and file-naming conventions are very different. In addition, the computer didnâ(TM)t detect or install a memory-card reader plugged into the USB port. Attaching a scanner, digital camera, or PDA will be difficult or impossible.
There is no Lindows version of Quicken, Outlook, or other such applications.
Our computer crashed several times during tests, and its built-in help system didnâ(TM)t help much.
I won't even start enumerating all the answers to their stupid comments.
To think that I almost trusted them for my next car purchase... I'll stick with automotive magazines because they are obviously a bunch of nincompoops when it comes to objects more complicated than a can opener.
Welcome to the world of SF then! If you are new, you cannot avoid reading the Great Classics:
"I Robots" and "More Robots" by Isaac Asimov. Asimov has also written a lot of whodunnits where SF is accessory at best, and they aren't very good unless you enjoy pulp mysteries.
Robert A Heinlein, the Grand Daddy of SF. Read "Citizen of the Galaxy", "Have Spacesuit, Will Travel", "Friday" and the hilarious "Glory Road". "The Puppet Masters" has been plagiarized in movies countless times, read the original. "Starship Troopers" has no relationship whatsoever with the movie of the same name.
Jerry Pournelle's "The Mote in God's Eye"
David Niven "Ringword saga".
And if you want to see where Lucas pilfered most of Star Wars, read the Lensman saga by E.E "Doc" Smith.
The problem is that after reading good, well-written classics such as Heinlein's, you'll have little patience for the run-of-the-mill crud out there.
Yes, you're right, nifty things happen. However, the writer falls into the capital sin of authors people who build a wide and deep saga: he falls in love with his characters and gets sidetracked on secondary stories that are of no interest for the advancement of the plot.
This and the weak ending explained my disappointment. You get interested in a character and then you realize that he dies or is obliterated without any impact on the main line story - that's called a cheap filler. Editors used to cut them mercilessly until TV writers started using them. Now writers feel it's OK to use them because it feels "like a TV plot". Sorry, cheap tricks don't become good because they get air time between commercial breaks.
That said, I don't know if I could ever imagine augmented reality and man-machine interfaces cooler than in this book. Kudos to Hamilton on this account.
Tell me, have you read the 2-volume "Moonbase" series by Ben Bova? Talk about great space opera... complete with absolute realism.
Re:Reality Dysfunction: Space opera at its best...
on
The Cassini Division
·
· Score: 1
I disagree. I read the whole series. The end is a huge disappointment.
Make no mistakes, the book has some of the coolest augmented reality and artificial beings that I have ever seen. But it has a major flaw. After spending 4000 pages describing how worthless religions are, the author, having painted himself into a corner, now has to use the oldest, dirtiest tricks of all suspense books:...
a deus ex machina.
in other words, Hamilton throws a genuine miracle in order to save a helpless situation, a trick that is about as highly regarded as the "it was just a dream" surprise ending. Most publishers beat authors into a pulp when they caught them doing that, and for a good reason: The reader cannot help but feel cheated.
So you can read the novel to wow at the cool technology depiction, but be warned that the end is a total let-down.
Me, I was so infuriated that I'll never buy another Hamilton book.
The one really interesting item in this otherwise mundane article is the revelation that the biology experiment platform was delivered too late to be adequately tested.
This gives a new credibility to the scientists that are challenging the results of the Viking lander biological experiments. Basically, we cannot even be sure these instruments were performing as designed.
So if the ESA and NASA probes send results that contradict Viking's in some way, nobody should be surprised.
Your examples only demonstrate that those who architected J2EE platforms didn't do enough homework.
No contest that there are deficiencies in the J2EE standard and the commercial app servers. Nobody disputes that. One of the shortcoming is lack of CPU capping. And the article describes how to turn this into a DoS attack.
J2EE-complaint servers are running all kind of web sites and upgrading them against these attack would be a major concern. You daily life could be impacted if, say, you're trading stock on an online broker system that is under attack.
CPU hogging isn't new. I agree that fixing it on a Unix-like system is as easy as capping the CPU time of user processes... providing it's practical.
But consider a commercial app where customers can send requests to a J2EE app server running within a JVM. That's a very popular, very common setup (JBoss, BEA Weblogic, IBM WebSphere, etc.). The JVM is a single process. It is not CPU-capped because it's designed to stay up and running. When a Java thread handles a request and bumps into a CPU-hogging attack, it is not going to be terminated by the J2EE app server.
So this is potentially a problem, because you currently do not have a CPU-capping parameter in the most popular J2EE app servers. A response to this kind of attacks would require monitoring the amount of CPU consumed by threads processing incoming requests, which is always delicate.
CPU-capping shouldn't be done lightly. It can lead to disastrous failures. For instance, I once tried to use a graphical web application rendering some do-it-yourself tee-shirt lettering. The application was running on an older IIS and apparently had a CPU-time cap, because I got a message "sorry, your request took too long to process" when my design became a bit involved. Needless to say, my business went to a competitor. So CPU-capping isn't even a sure-fire solution.
Yes, he his. Not bad columns either. They're sometimes way off the mark but then, even our well-researcher cough Slashdot posts cough are sometimes a bit wacky, aren't they?:-)
Jerry Pournelle (of Byte fame) has commented a few times about the succession of writers who used that byline and he even had a whack at it, apparently.
SCO is saying: "License our stuff or we sue Linus".
This reminds me eerily of an ad billboard posted in my town by a local radio station. It had a guy pointing a gun at a dog and a caption saying "Listen to us or we shoot the dog".
Every dog lover around here protested and they hastily changed the billboard to say "Listen to us or we shoot the DJ", which didn't raise any protest. Pet lovers must hate humans.
I guess Linus should be glad he can muster as much sympathy as a dog!
Seriously, it's very sad SCO has to scoop that low. They really must be getting desperate. What next? "Pay us or we'll kill your horse"?
In his latest column, Robert X Cringely says he wouldn't be surprised to learn that a tentacle of the Microsoft poulp is behind this whole lamentatble affair. Neither would I. It does smack of an MS PR job, complete with outrageously bogus claims and botched execution.
BB, I know that graduation parties can bring a good man down, but your post is hard to read. Split it in paragraphs and capitalize, man.
I read your post because I am very much interested in the aeronautics field, but rest assured that 99% of the potential readers skipped it because of its bad formatting. That's really too bad.
That said, you are entirely right. I did a brief stunt in numerical analysis and simulation. Most standard codes work well now (gotta love FORTRAN spaghetti plates) for sub-, trans- and supersonic flight, but I am not so sure their value for hypersonic flight.
Here, the point is that this huge wind tunnel wasn't going to be very useful anymore considering its low perf. There is literally nothing it can do that cannot be done with a simulation.
Is there any situation you know of where scale effect does not prperly apply? I.e., transitions or regimes where a scale model gives you crappy data?
Thank you, I stand corrected. However, if someone privately threatens you with a lawsuit for some felony you haven't committed, is there really no way of retaliating?
They should have slapped the RIAA fools with a libel lawsuit and requested an injunction to keep RIAA away from their computers forever or else. Then, only then, settled out of court if needed.
You can't even trust academia to defend their own these days. Sheesh.
And the judge's eyes will glaze over at the first attempt at distinguishing the blocking of ingress email vs. the blocking of email transmission.
Here is what to write in the response, in the very first paragraph:
Defendant keeps a list of known spammers. People who don't want spam look up this list. Or rather, they instruct their computers to lookup the list before downloading email.
Any attempt at being technically rational is sure to meet utter failure in 99.5% of courts:
"Hippy headdress? What hippy headdress?"
"No, your Honor. IP address."
"Whatever. It's a bunch of anarchist hippies sabotaging honest businesses."
I wish I was joking, but freedom and privacy don't exactly seem to be on a roll these days in courts...
Otterley, I think you're overoptimistic about the protection offered by the First Amendment. Read it again. It does say that I can say or print what you think. It doesn't say you have to pay for it.
Similarly, free speech is restricted by commercial secret, contracts and law. The laws against theft prevent you to bill me for the paper or bandwidth you use for expressing yourself.
The most satisfying solution would be to hunt down and kill spammers myself, but some courts still erroneously think that spammers are human beings. We need to have more children of judges receive explicit XXX spam. If you know a judge and their kids' email address, you know what you have to do.:-)
Until then, we are forced to put down the ClueBat and resort to financial penalty for spammers and people hiring them.. The article says:
Viagra distributors pay spammers per sale -- about $60 for every $150 order -- while financial companies typically pay for every consumer who requests more information -- as much as $12 for mortgage leads and as much as $5 for insurance referrals.
There is something to act upon here. It's already illegal to make a sell through a prohibited third-party. You cannot, say, give a commission to a guy who sells your stuff in Libya.
So how about giving the Federal Trade Commission the power to slap a fine on people who make sales on spam-acquired leads? Enforcement would be easy. Just answer mortage or insurance spam. The would-be insurance or mortagage broker contacts you, proving he has used the services of a spammer. Small claim court, or send the stuff to the FTC. Whammo, big fine, they won't do it again.And since they have a legal front-end in the financial world, they have assets to seize if they try to evade courts.
Nate, tell your bosses that with Microsoft, you are getting stuck with Microsoft support only. They are the only game in town and they abuse it.
With open source, you can get support from HP, IBM, RedHat, among other Big Names. Say you have a high volume site running Apache. A Big Name such as HP or IBM would happily sell you a service contract guaranteeing support. And if they screw you up, you can give them back their box and give your business to a competitor and they know it.
That should be the starting point.
Then you can answer the cost questions.Get some quotes. Call HP, IBM, RedHat.
Well, guys, this has a serious consequence. Suppose that some shoddy business guy wants to paralyze the operations of a competing company that runs Outlook (don't laugh, I know several Very Important Companies that depend on Outlook).
All you have to is to spam this company with this small HTML one-liner. Outlook is set to preview on most desktops. So the hapless users' Outlook would crash and could not be brought back: If you start it again, it would try to preview the offending message again and CRASH.
That would seriously hamper the operations of a company, and if that company is, say, a Wall Street broker, the financial losses could amount to millions.
So IT support people should really demonstrate this vulnerability to the clueless PHBs who insist on putting Outlook on their company's desktops. Maybe they'd stop being so foolishly blind to MS-induced security risks if, say, THEIR Outlook crashes and burns...
[Insert partial list of the 10 gazillions Internet dating services found by Yahoo alone].
I hope that unearthing this ancient post will not make RMS lose his aura of geekness. What, he wanted to get laid? With all that code to write? Sheesh... What was he, a business major?
Slashdot Mirror
Back when the attrition.org site was still counting defacements, you had an interesting stat: The number of defacements per OS version.
It would be very interesting to keep tabs on the OS versions of cracked systems, if only to avoid recommending them to new ecommerce sites.
Of course, this supposes that the cracked company will want to add shame to embarassment. Hmmm, that will probably require a little nudge. Maybe friendly BOFHs will "leak" the OS version info in memos titled "I told you so, you freakin' management morons"? Aaaah, that would be the day...
That said, I got an email titled "Please look at that document" that contained the full customer file of a cleaning company, complete with billing info, that they kept in an Excel spreadsheet. Who needs crackers when you have Microsoft MAPI worms?
Good observation. First reason: curiosity. When you hear about a pro-consumer nationwide measure, you want to check it out. The DMA has been running the show for so long that you wonder if you're not going to see a flying pig migration next.
Second reason: my state protection has to be renewed yearly. I forgot to do it last month and I am now swamped with calls. The renewal will take effect in August. I figured that a 5-year protection will be less of a hassle.
I had a good experience with my state's Do Not Call list, so I decided to try the FTC site, donotcall.gov.
According to netcraft, this is a Microsoft IIS5 site. I was a tad skeptical about its ability to widthstand the volume.
Well, guess what? It's already down as of Friday night.
I'm sooo surprised.
I have myself experienced a few crashes of XFree86. It was over the course of a long period, though, and it was due to bugs that have been fixed since then.
I recommend you upgrade your XFree86.
As for the kernel crashing, that happened to me once and it seems to be because of an underlying hadware failure.
Debian has a good stability reputation because they aren't rushing to adopt the latest and greatest desktop toys -- precisely the kind of programs that are susceptible to memory leaks and weird behavior under X. So no, it's not the same thing running underneath, it's a few levels back, tried and true. But if you want the greatest, flashiest novelties, then of course Debian isn't for you.
Overall, I'd agree that you CAN manage to thrash X11. But it takes work or very buggy applications. However, I question the Consumer Report testers' claim to have done so several times within the course of an obviously very naive test. What the heck did they do? Pour coke into the cooling vents?
Very accurate? How the heck did they manage to crash a Debian-based Linux, short of running a static electricity generator over the motherboard?
And what didn't they mention GNUCash as an MS Money equivalent?
So I really cannot see any accuracy in that review. I'd be interested in your arguments, though.
Windows, Lindows, whatâ(TM)s the difference? At first glance, the Lindows desktop may seem familiar. But the Lindows directory and file-naming conventions are very different. In addition, the computer didnâ(TM)t detect or install a memory-card reader plugged into the USB port. Attaching a scanner, digital camera, or PDA will be difficult or impossible.
There is no Lindows version of Quicken, Outlook, or other such applications.
Our computer crashed several times during tests, and its built-in help system didnâ(TM)t help much.
I won't even start enumerating all the answers to their stupid comments.
To think that I almost trusted them for my next car purchase... I'll stick with automotive magazines because they are obviously a bunch of nincompoops when it comes to objects more complicated than a can opener.
Welcome to the world of SF then! If you are new, you cannot avoid reading the Great Classics:
The problem is that after reading good, well-written classics such as Heinlein's, you'll have little patience for the run-of-the-mill crud out there.
Welcome and enjoy!
This and the weak ending explained my disappointment. You get interested in a character and then you realize that he dies or is obliterated without any impact on the main line story - that's called a cheap filler. Editors used to cut them mercilessly until TV writers started using them. Now writers feel it's OK to use them because it feels "like a TV plot". Sorry, cheap tricks don't become good because they get air time between commercial breaks.
That said, I don't know if I could ever imagine augmented reality and man-machine interfaces cooler than in this book. Kudos to Hamilton on this account.
Tell me, have you read the 2-volume "Moonbase" series by Ben Bova? Talk about great space opera... complete with absolute realism.
Yep. Actually, I am not sure I want a well-run gummint that enforces each and every of the hundreds of thousands of laws and regulations on the book.
Fortunately, as the French say, "La démocratie, c'est le bordel" (Democracy is a f*cking mess).
Make no mistakes, the book has some of the coolest augmented reality and artificial beings that I have ever seen. But it has a major flaw. After spending 4000 pages describing how worthless religions are, the author, having painted himself into a corner, now has to use the oldest, dirtiest tricks of all suspense books:...
a deus ex machina.
in other words, Hamilton throws a genuine miracle in order to save a helpless situation, a trick that is about as highly regarded as the "it was just a dream" surprise ending. Most publishers beat authors into a pulp when they caught them doing that, and for a good reason: The reader cannot help but feel cheated.
So you can read the novel to wow at the cool technology depiction, but be warned that the end is a total let-down.
Me, I was so infuriated that I'll never buy another Hamilton book.
The one really interesting item in this otherwise mundane article is the revelation that the biology experiment platform was delivered too late to be adequately tested.
This gives a new credibility to the scientists that are challenging the results of the Viking lander biological experiments. Basically, we cannot even be sure these instruments were performing as designed.
So if the ESA and NASA probes send results that contradict Viking's in some way, nobody should be surprised.
Little green men haven't been ruled out yet! -:)
No contest that there are deficiencies in the J2EE standard and the commercial app servers. Nobody disputes that. One of the shortcoming is lack of CPU capping. And the article describes how to turn this into a DoS attack.
J2EE-complaint servers are running all kind of web sites and upgrading them against these attack would be a major concern. You daily life could be impacted if, say, you're trading stock on an online broker system that is under attack.
Hence the problem.
But consider a commercial app where customers can send requests to a J2EE app server running within a JVM. That's a very popular, very common setup (JBoss, BEA Weblogic, IBM WebSphere, etc.). The JVM is a single process. It is not CPU-capped because it's designed to stay up and running. When a Java thread handles a request and bumps into a CPU-hogging attack, it is not going to be terminated by the J2EE app server.
So this is potentially a problem, because you currently do not have a CPU-capping parameter in the most popular J2EE app servers. A response to this kind of attacks would require monitoring the amount of CPU consumed by threads processing incoming requests, which is always delicate.
CPU-capping shouldn't be done lightly. It can lead to disastrous failures. For instance, I once tried to use a graphical web application rendering some do-it-yourself tee-shirt lettering. The application was running on an older IIS and apparently had a CPU-time cap, because I got a message "sorry, your request took too long to process" when my design became a bit involved. Needless to say, my business went to a competitor. So CPU-capping isn't even a sure-fire solution.
In summary: Sorry, it is an issue.
Jerry Pournelle (of Byte fame) has commented a few times about the succession of writers who used that byline and he even had a whack at it, apparently.
SCO is saying: "License our stuff or we sue Linus".
This reminds me eerily of an ad billboard posted in my town by a local radio station. It had a guy pointing a gun at a dog and a caption saying "Listen to us or we shoot the dog".
Every dog lover around here protested and they hastily changed the billboard to say "Listen to us or we shoot the DJ", which didn't raise any protest. Pet lovers must hate humans.
I guess Linus should be glad he can muster as much sympathy as a dog!
Seriously, it's very sad SCO has to scoop that low. They really must be getting desperate. What next? "Pay us or we'll kill your horse"?
In his latest column, Robert X Cringely says he wouldn't be surprised to learn that a tentacle of the Microsoft poulp is behind this whole lamentatble affair. Neither would I. It does smack of an MS PR job, complete with outrageously bogus claims and botched execution.
BB, I know that graduation parties can bring a good man down, but your post is hard to read. Split it in paragraphs and capitalize, man.
I read your post because I am very much interested in the aeronautics field, but rest assured that 99% of the potential readers skipped it because of its bad formatting. That's really too bad.
That said, you are entirely right. I did a brief stunt in numerical analysis and simulation. Most standard codes work well now (gotta love FORTRAN spaghetti plates) for sub-, trans- and supersonic flight, but I am not so sure their value for hypersonic flight.
Here, the point is that this huge wind tunnel wasn't going to be very useful anymore considering its low perf. There is literally nothing it can do that cannot be done with a simulation.
Is there any situation you know of where scale effect does not prperly apply? I.e., transitions or regimes where a scale model gives you crappy data?
Oh gosh, that explains so much. THanks for the info.
Thank you, I stand corrected. However, if someone privately threatens you with a lawsuit for some felony you haven't committed, is there really no way of retaliating?
Penn acted as spineless morons.
They should have slapped the RIAA fools with a libel lawsuit and requested an injunction to keep RIAA away from their computers forever or else. Then, only then, settled out of court if needed.
You can't even trust academia to defend their own these days. Sheesh.
That's a nice response. It entirely makes sense.
And the judge's eyes will glaze over at the first attempt at distinguishing the blocking of ingress email vs. the blocking of email transmission.
Here is what to write in the response, in the very first paragraph:
Defendant keeps a list of known spammers. People who don't want spam look up this list. Or rather, they instruct their computers to lookup the list before downloading email.
Any attempt at being technically rational is sure to meet utter failure in 99.5% of courts:
"Hippy headdress? What hippy headdress?"
"No, your Honor. IP address."
"Whatever. It's a bunch of anarchist hippies sabotaging honest businesses."
I wish I was joking, but freedom and privacy don't exactly seem to be on a roll these days in courts...
Otterley, I think you're overoptimistic about the protection offered by the First Amendment. Read it again. It does say that I can say or print what you think. It doesn't say you have to pay for it.
Similarly, free speech is restricted by commercial secret, contracts and law. The laws against theft prevent you to bill me for the paper or bandwidth you use for expressing yourself.
The most satisfying solution would be to hunt down and kill spammers myself, but some courts still erroneously think that spammers are human beings. We need to have more children of judges receive explicit XXX spam. If you know a judge and their kids' email address, you know what you have to do. :-)
Until then, we are forced to put down the ClueBat and resort to financial penalty for spammers and people hiring them.. The article says: Viagra distributors pay spammers per sale -- about $60 for every $150 order -- while financial companies typically pay for every consumer who requests more information -- as much as $12 for mortgage leads and as much as $5 for insurance referrals.
There is something to act upon here. It's already illegal to make a sell through a prohibited third-party. You cannot, say, give a commission to a guy who sells your stuff in Libya.
So how about giving the Federal Trade Commission the power to slap a fine on people who make sales on spam-acquired leads? Enforcement would be easy. Just answer mortage or insurance spam. The would-be insurance or mortagage broker contacts you, proving he has used the services of a spammer. Small claim court, or send the stuff to the FTC. Whammo, big fine, they won't do it again.And since they have a legal front-end in the financial world, they have assets to seize if they try to evade courts.
Nate, tell your bosses that with Microsoft, you are getting stuck with Microsoft support only. They are the only game in town and they abuse it.
With open source, you can get support from HP, IBM, RedHat, among other Big Names. Say you have a high volume site running Apache. A Big Name such as HP or IBM would happily sell you a service contract guaranteeing support. And if they screw you up, you can give them back their box and give your business to a competitor and they know it.
That should be the starting point.
Then you can answer the cost questions.Get some quotes. Call HP, IBM, RedHat.
All you have to is to spam this company with this small HTML one-liner. Outlook is set to preview on most desktops. So the hapless users' Outlook would crash and could not be brought back: If you start it again, it would try to preview the offending message again and CRASH.
That would seriously hamper the operations of a company, and if that company is, say, a Wall Street broker, the financial losses could amount to millions.
So IT support people should really demonstrate this vulnerability to the clueless PHBs who insist on putting Outlook on their company's desktops. Maybe they'd stop being so foolishly blind to MS-induced security risks if, say, THEIR Outlook crashes and burns...
... For you might just Get It.
[Insert partial list of the 10 gazillions Internet dating services found by Yahoo alone].
I hope that unearthing this ancient post will not make RMS lose his aura of geekness. What, he wanted to get laid? With all that code to write? Sheesh... What was he, a business major?