This isn't a new bug. The worm exploits problems that were fixed in the DSA you linked. It's just another case of a virus/worm exploiting old vulnerabilities. Pretty analogous to Code Red, in that way.
Ok, a poll: how many of you went into the source code today and fixed the vulnerability on your own? Come on, raise your hands...
Actually, back when one of the ssh vulnerabilities was discovered, I downloaded the source from my Debian mirror to patch it myself. However, when I looked at it, I discovered it had already been patched, about two hours before I got it!
Building.debs and.rpms from source is so freaking easy that if a patch exists, you might as well patch things yourself, if your distributor hasn't already fixed it. It's not any harder than waiting for the official fixes.
"While officials declined comment, our sources have uncovered the skinny on the feds' computer being molested: the unknown hacker used a buffer overflow embedded in a fake fingerprint to inject a fractal trojan..."
I know it's meant to be funny, but wow, that almost seems plausible. Scary.
You can tell X to use any resolution you want, on the command line. I calculated my monitor at 114 dpi, for example. However, not many programs use this information, AFAICT. Ghostview (postscript/PDF viewer), mozilla, and The GIMP use it, and not much else that I can see. Unfortunately, I don't think X is smart enough to use a different DPI setting for each screen resolution.
Linux asm is IMO nicer to work in than DOS asm; partly because everything goes through well-documented int 80h calls, instead of a mishmash of DOS and BIOS calls. And as an added bonus, it's not difficult to call libc functions from Linux asm, whereas Irvine's book only includes his own little library. Other than that, a straight forward Linux asm program looks pretty much like the equivilent DOS asm program.
Well, you could always link against libc and use standard C functions. Dynamic libraries are weird in Linux asm, but you could simply link statically, and it would be mostly (completely?) the same as static linking to libc in dos/windows.
Mplayer is another project like Xine, but tends to be more capable. I doubt any distros package it, something with the license I think. It's quite easy to build from source though.
The DLLs are used to play files that it wouldn't know how to read otherwise. Personally, I like Mplayer a lot better than Xine.
Hopefully the P2P network has decent search capabilities, so if the file you wanted wasn't on that server, you wouldn't connect to it in the first place (unless the file's misnamed, in which case you could vote against them) So you probably wouldn't vote at all for servers with few files.
The idea of all this P2P crap is that you can find the content you want from many providers, and new files quickly get spread all over the network.
Maybe bad votes could be attached to their respective files, so that files with votes against them wouldn't propagate though the network.
They won't have to download the whole thing. They might not even have to download a crack for each game. Most likely a single crack will be sufficient for every protected CD.
The rich guy's site easily handles all the load, and the poor guy's site doesn't -- it dies almost instantly under the increased load.
Hopefully this problem can be remedied with distributed networks like freenet (not necesarily encrypted and anonymized, but still authenticated). On such a network, popularity causes higher availability, instead of the other way around. It might still suffer from the out of sync mirrors problem, but that could probably be reduced technologically (with checksums, TTLs, etc.). Could be a great development for the "little guy."
If the government says to the ISP's stop connecting to outside countries then they have to.
Well then it wouldn't be the Internet anymore, would it? The Internet would then be the rest of the world, so that country would have given up control of the Internet completely. They would be controlling their own citizens, but not the Internet.
True, but the parent I replied to seemed to think that running on a virtual machine is what gave the ability to catch pointer exceptions, when it can really be done on machine code as well. Even if it's not portable, it's probably doable on any given OS.
I think binaries could also be considered a translation (into machine code) of the source code. Distributing (creating?) a translation without the copyright holder's consent is copyright infringement.
The JVM instantiates a NullPointerException and propagates it up the call stack.... In C, dereferencing a bad pointer is like pissing on an electric fence. It's nondeterministic. You're not running bytecode- that's real machine code.
Don't be ridiculous. Machine code vs. bytecode is irrelevant. On POSIX systems, dereferencing a null pointer causes a SIGSEGV signal to be sent to the process. SIGSEGV is catchable, so it would be fairly trivial to simply throw your own nullpointer exception in C++, or to integrate it with whatever exception mechanism you may have built in to your C program. I suppose you could even set SIGSEGV to be ignored, but POSIX says that the result is undefined (could be a fun source of bizarre program failure:-)
Okay, you go explain to the average user what COM objects and proxy servers are. I know, but I'd still rather just select an option from a preferences screen than go to all that trouble.
I use both. Junkbuster to ignore a huge list of known ad-sites and patterns, and mozilla to prevent pop-ups and other annoyances that junkbuster doesn't handle. I could use, for example, Privoxy to remove the pop-up code instead of mozilla, but doing it in moz lets me have the most flexibility. Point is, since IE doesn't have mozilla's features, the browser/proxy combination can't be a useful/flexible as with moz.
Slashdot Mirror
This isn't a new bug. The worm exploits problems that were fixed in the DSA you linked. It's just another case of a virus/worm exploiting old vulnerabilities. Pretty analogous to Code Red, in that way.
Actually, back when one of the ssh vulnerabilities was discovered, I downloaded the source from my Debian mirror to patch it myself. However, when I looked at it, I discovered it had already been patched, about two hours before I got it!
Building .debs and .rpms from source is so freaking easy that if a patch exists, you might as well patch things yourself, if your distributor hasn't already fixed it. It's not any harder than waiting for the official fixes.
I know it's meant to be funny, but wow, that almost seems plausible. Scary.
An 8 point font should be the same size on every display. A point is 1/72 inch, so an 8 point font should always be about 2800 microns high, not 200.
You can tell X to use any resolution you want, on the command line. I calculated my monitor at 114 dpi, for example. However, not many programs use this information, AFAICT. Ghostview (postscript/PDF viewer), mozilla, and The GIMP use it, and not much else that I can see. Unfortunately, I don't think X is smart enough to use a different DPI setting for each screen resolution.
Linux asm is IMO nicer to work in than DOS asm; partly because everything goes through well-documented int 80h calls, instead of a mishmash of DOS and BIOS calls. And as an added bonus, it's not difficult to call libc functions from Linux asm, whereas Irvine's book only includes his own little library. Other than that, a straight forward Linux asm program looks pretty much like the equivilent DOS asm program.
Well, you could always link against libc and use standard C functions. Dynamic libraries are weird in Linux asm, but you could simply link statically, and it would be mostly (completely?) the same as static linking to libc in dos/windows.
The DLLs are used to play files that it wouldn't know how to read otherwise. Personally, I like Mplayer a lot better than Xine.
And I was making fun of "PC Magazine." Your point?
The idea of all this P2P crap is that you can find the content you want from many providers, and new files quickly get spread all over the network.
Maybe bad votes could be attached to their respective files, so that files with votes against them wouldn't propagate though the network.
There's no need because it's not possible to put a grounded plug in the wrong way (at least not without breaking it).
You've got it backwards and all mixed up. x86 stacks grow down in memory, and arguments are pushed before the return address, so it looks like this:
ebp+8: x
ebp+4: return address
ebp+0: old frame pointer
ebp-256, esp: buf
So if you write a new return address to buf[260], and write some opcodes past that to return to, you get your buffer overflow and subsequent exploit.
They won't have to download the whole thing. They might not even have to download a crack for each game. Most likely a single crack will be sufficient for every protected CD.
No it doesn't. Stop spreading FUD (and getting modded up for it!)
Moral #2: Power corrupts (probably a partial reason/justification for your Moral #1).
Well then it wouldn't be the Internet anymore, would it? The Internet would then be the rest of the world, so that country would have given up control of the Internet completely. They would be controlling their own citizens, but not the Internet.
True, but the parent I replied to seemed to think that running on a virtual machine is what gave the ability to catch pointer exceptions, when it can really be done on machine code as well. Even if it's not portable, it's probably doable on any given OS.
On the other hand, I downloaded one on Wednesday, and then again yesterday, when Marcello felt the need to release two in a row.
I think binaries could also be considered a translation (into machine code) of the source code. Distributing (creating?) a translation without the copyright holder's consent is copyright infringement.
xsane already does it.