Browsers are a concern for the same reason a cloud providers: you are running untrusted code in a sandboxed VM, and Spectre allows you to potentially exfiltrate data from outside the sandbox. Cloud providers are a bigger concern because they're more likely to contain interesting data* and because it's harder to exploit Spectre via Javascript than native code, but there are Spectre proof-of-concepts written in JS.
* interesting to an attacker, relative to the effort required
10926 sbl.spamhaus.org 9171 Recipient address rejected: User unknown 8757 Helo command rejected: Syntax error in hostname. 8483 list.dsbl.org 4449 Helo command rejected: need fully-qualified hostname 1337 opm.blitzed.org 402 Relay access denied 364 Recipient address rejected: Improper use of SMTP command pipelining 220 relays.ordb.org 118 Helo command rejected: You aren't AOL! 91 Recipient address rejected: No UCE. 45 Helo command rejected: You aren't CompuServe! 28 Sender address rejected: need fully-qualified address 26 Sender address rejected: No UCE. 9 Recipient address rejected: While that may be true, we don't want your spam. 4 Recipient address rejected: BALEETED 2 rbl.bluecherry.net
The users mail is bouncing for haven't existed since 2002. Spammers haven't even cared about rejected messages for some time.
Slashdot rules. I had to remove some of the formatting in my message because of the so-called "lameness" filter (obviously named after itself, for all the good it's doing.) Some of the formatting has been lost as well, since <pre> is no longer allowed--I'm not going to even bother reformatting it after fighting with the lameness filter. With wonderful misfeatures like this, it's no wonder the quality of discussion here has gone down over the years.
Anyway, the first table is the output of pflogsumm, which provides much more information than just that table, and looks much better when its output isn't raped by Slashdot. You can grab pflogsumm from http://jimsun.linxnet.com/downloads/pflogsumm-1.1. 0.tar.gz, but it only works with postfix's logs, as the name suggests.
> Habeas should be spitting brass tacks PRwise - every day that goes by without a peep from them just enboldens other spammers thinking about trying the same stunt.
> The ping denial doesn't work, which is good because a port scan found some pretty interesting things, including this string in the TCP/IP fingerprint: 'i586-pc-linux-gnu'. Does that mean Microsoft must provide Linux source to purchasers of this product?
Answer: No. I'm 99% certain that you've misinterpreted nmap's output. When nmap doesn't find a matching fingerprint, it displays the parameters in a parsable format used in nmap-os-fingerprints. More recently (i.e. not originally, but it's been this way for some time), nmap also prints out the OS it was compiled on (presumably to weed out any OSs that mangle the data and prevent bad fingerprints from being distributed with nmap.) This information is printed out in a line like:
I'm guessing that this was seen and the submitter jumped to conclusions... At any rate, I believe they'd be required to give source (if they changed it) to anyone per the GPL.
apparently the P4 has downloadable microcode so perhaps it's actually reprogramming the chips themselves
FWIW, every Intel chip since the Pentium Pro has had downloadable microcode. AFAIK, the instructions that are handled by the microcode are notably slower, so not all of them are handled there. I don't have much information about that, though...
The microcode (at least with the p3 and before, probably still so with the p4) isn't stored on the CPU permanently--it needs to be uploaded on every system boot. For this reason, at least some motherboard manufacturers store the microcode in the BIOS and upload it on boot. I also believe that Win2k and above automatically upload the microcode as well, but I'm not sure on that.
I don't know whether AMD's processors support upgradable microcode (and, quite honestly, am too lazy to look right now), but I wouldn't be surprised if they do.
from the keep-remaining-fingers-out-of-the-equipment dept. bwags writes "I ran across this VersaLaser desktop Laser Cutting and Engraving printer. I really do not know what I want to do with it, but you gotta admit it is cool. Maybe make some balsa wood airplanes. At only $10K, I want the purple one!"
I tried writing an exploit for this flaw, but I couldn't get far enough to inject any code. I managed to ptrace(PTRACE_ATTACH,...) a uid 0 modprobe (easy enough way to call kernel_thread()), but for some reason, the traced process isn't properly reparented, so all subsequent ptrace() calls fail. (Whenever you PTRACE_ATTACH to a process, it's supposed to become the child process of the tracer, and ptrace_check_attach (linux/kernel/ptrace.c) will return -ESRCH if this condition isn't met.)
I'm not positive this is actually exploitable, but I'm not positive I took the correct approach, either. In any case, the most I've been able to do is spawn a slew of suspended root-owned processes. Not good, but not the end of the world, either. If someone has actually managed to exploit this flaw, I'd love to see some code so that I could see what I did wrong. Conversely, I'm willing to share the code I have upon request. I've only written code up to the current impasse, but once past this problem, the rest should be pretty trivial.
There are two reasons an enterprise setup costs so much:
Fear sells.
Seriously. I would guess that some of the most succesful marketing strategies are based on this fact.
Industrial grade equipment is expensive.
I've worked for a few ISPs, and I can tell you right off that this is another large factor. If you take, for example, Cisco's equipment--The hardware can get
very expensive; however, hardware failures are very rare. This is important when downtime =~ lost money.
(otoh, IOS isn't always the most stable piece of software, but I tend to run LD/ED releases because I need the features, roughly equivalent to beta versions. A software failure is also much less of a catastrophe than a hardware failure--it's much faster to restart a router than to wait for hardware.)
While a Linux/BSD box running iptables/ipf is dirt cheap, it's not hard to imagine why it might not sit well with the suits in larger companies. I would wager that PC hardware isn't quite as reliable, either--especially since nearly all hardware firewalls/routers use flash as the primary means of storage rather than a hard drive.
Well, Slashdot USED to support unicode (by way of &unicodeoffset;), but in a move of sheer brilliance, someone made just about every form that takes user input strip most HTML &entities. Since Slashdot doesn't provide a charset specification for its pages, this removes any portable way to post anything but pure 7-bit ascii. (Not that I'm bitter or anything:)
Here's a couple of alternatives, though:
* echo +BBQEPAQ4BEIEQAQ4BDk +BCEEOgQ7BE8EQAQ+BDI | iconv -f utf-7 -t utf-8
(or replace utf-8 with whatever charset your terminal can render. uxterm or xterm -u8 with a decent font (I use -misc-fixed-medium-r-semicondensed--13-120-75-75-c -60-iso10646-1) should be able to render it)
* http://halcyon.bluecherry.net/~rain/dmitry.html -- Let your browser do the work. This is probably the easiest bet if your browser supports UTF-8 (it should) and you have Cyrillic fonts installed.
Disclaimer: I Am Not A Russian. (But I'm fairly certain this is correct.)
I posted this yesterday (and even got trolled!) My example isn't a good one--it works best with photos, but I don't have any handy that aren't copywritten by someone else and I don't have a digital camera handy. Here's the post again:
Note that this is meant to be interesting rather than practical. It's a hack. But, like I said, the images are fun to listen to... (You can just use convert and play the sound as raw 8-bit samples if you want to listen to some images without the ogg step.) While this should be obvious, it apparently wasn't to someone yesterday.
> IMHO, it's time to build a lossy format for storing graphics similar to Ogg Vorbis. Perhaps the video codec Ogg just released can be used to make reasonable single-framed movies? Anyone familiar with the format care to comment?
While it appears that Symantec will generally leave Bugtraq alone (not that it's been very useful for some time, imho), I don't really trust them.
Let me provide my basis (petty as it may seem): I'm the system administrator at an ISP small enough that I do some of the tech support. I've seen NAV's mail scanner totally screw up peoples' mail settings enough times that I don't think quality is something they emphisize. To make matters worse, this problem tends not to be fixed by a reboot, and NAV will lock the mail server fields in OE (I don't think it can do that in Netscape/Mozilla, but I'm not sure) making it impossible to use the affected mail account without completely deleting it and readding it. Sometimes, disabling and re-enabling mail scanning will fix the problem, but that's not always the case.
I used to prefer NAV over most other virus scanners (and some other Symantec products back in the days of MS-DOS), but I really think they've gone downhill in the past several years. I hope that the same fate doesn't come to Bugtraq--the list has already become bad enough.
I've also heard that in the multiplayer version, the "damn lag" excuse doesn't work at all, and things can get disasterous if you walk up to your enemy and tell them "omg yuor suhc a n00b."
While I'd like to see Slashdot stick around, I'm not sure that it's useful enough to warrant paying for it, especially at $5/1,000 page views. Unfortunately, the articles on the front page are occasionally outright wrong or very misleading; add to that the fact that many people don't even bother to read the stories, post completely inaccurate comments (read the story about rebuilding data from modem/ethernet blinkenlights if you don't believe me), and then manage to get moderated up (presumably by moderators who also didn't read the story)--the signal to noise ratio seems to be getting poorer all the time.
Now don't get me wrong--my uid is 5189 (just in case you can't read the comment header)--I've been here for some time and I don't think that Slashdot isn't a useful resource. It's just not that useful to me.
Perhaps if it was cheaper (I admit, I'm stingy with my money. At least it keeps me out of debt), I'd pay for it... Check out these numbers:
I work at a small ISP. We have a mere overpriced T1 to the Internet, and although we don't pay by the amount of data transferred, it comes out to a little over $3/gb. Now, presuming that VA/Slashdot pay the same rates (they almost undoubtedly pay less), let's see what 1,000 pages would cost...
At the time I grabbed copies of the html, the front page was 37,190 bytes and the comments page 201,778 bytes. Presuming I read the front page and the comments for 3 stories (which I did, in fact, do at the time), my average data transfer is about 160,631 bytes (in reality, this will vary depending on the user).
So, 1,000 page views at 160,631 bytes each comes out to a grand total of
160,631,000 bytes = 153.190mb = 0.149599gb.
0.149599gb at $3/gb = $0.44880 in bandwidth costs.
Now I certainly realize that there are many other costs associated with running/.: You have to pay the coloc fees, staff, you have the cost of the servers, and probably a few other things. I can't speak absolutely for Slashdot because I quite frankly don't have the facts, but by far, bandwidth is our biggest expense. Maybe I'm wrong, but $5/1,000 page views seems a little steep to me (unless you're feeling philanthropic.) I think I'll keep viewing banners.
p.s. If anyone who actually knows has figures for the extra expenses that go into Slashdot, I'd be interested in knowing...
While I think your comparison is ultimately correct, it costs a lot more than $20 for Blockbuster to get the movie, thanks to the wonderful people at the MPAA. If you read the copyright notice at the beginning of practically every DVD/VHS, I'm nearly positive that it forbids you from renting out a regularly priced copy. Instead, Blockbuster et al. have to buy a very price-inflated (I don't know how much, exactly, but I believe it to be >$100) copy of the DVD to be able to legally rent it out to customers.
Because of the high cost, the read-limited CDs may interest the smaller rental chains: it may be more profitable, and certainly more profitable in the short run, to sell the defective DVDs.
Of course, I really doubt this will get far. We all know the legacy of DivX (which is a better comparison than nothing), and judging by how people react when told about the DMCA and friends in plain terms, the MPAA and RIAA are already getting away with a lot more than J. Random Consumer would like. If they aren't sneaky about it (and I don't know how they could be here), I doubt people are going to go for it.
I've thrown up another mirror at http://ericharshbarger.bluecherry.net/. I'm mirroring the entire site (I say in the present progressive because the mirror is still running--the posted site is quite saturated), and the portion that's linked to in the article (effectively here)
As I don't have loads of bandwidth, I'd like to ask that other people mirror it and post their mirrors as well.
Back in the days of 2.0, I used the kernel's IPIP tunneling driver. It worked by having the remote host send packets destined to an IP address (say 192.168.1.10) to your IP address (say 192.168.5.50). Any packets that the client host sent out on the tunnel would actually go out over the Internet interface--I'd be sending packets as 192.168.1.10 from 192.168.5.50. My ISP at the time DID do egress filtering, so I had to have the network administrator disable it for the tunneled IP address.
Admittedly, I know a lot more now than I did then, and perhaps this was the Wrong Thing to do--perhaps my tunnel was misconfigured--but it worked at the time.
FWIW, I think I also saw some VPNish software pull the same stunt once upon a time, but I'm not sure.
I'm the sysadmin at a small ISP, so I figured I'd weigh in here.
Firstly, the worst DoS attacks we've been hit with recently (only a couple over the last year, which I'm thankful for) were large ICMP packets from legitimate addresses (appeared to be ping -s 65000 -f), and large UDP packets from legitimate addresses (appeared to be Sub7 or something similar on IIS-compromised hosts).
Secondly, I'm leery of doing egress filtering as there are legitimate reasons to send a different source IP (one-way tunnels being a prime example). It's interesting that the/. crowd who often calls foul when an ISP puts any sort of restrictions on their traffic seems to be calling for the opposite here, but as/. is very diverse, I'll assume that it's not the same people.
Unfortunately, with Windows XP spreading throughout our userbase, I fear that such filtering will become necessary. Many DoS attacks originate from compromised Windows boxes, and the first person to use WinXP's ability to create a raw socket and spoof addresses is going to suck.
Someone mentioned mailing abuse reports whenever they see portscans and the like--while this is good in theory, almost all of the connections I see get stopped at the firewall are from Korea, China, etc. In these cases, I don't bother--do you know where mail in a language that I can't read and can't find a translator for goes? Besides, whenever they get a mail in English, they probably just say something like Damn SPAM! I do not want to make my penis larger, thanks! <delete>
Anyway, like I said, the DDOS weapon of choice seems to be compromised Windows boxes these days--this has the benefit of both hiding the attacker's IP address while still sending legitimate packets. This problem will be around until people are educated enough to not open attachments when they shouldn't, and until there haven't been any major security holes in MSIE/OE for a long enough time that most people have upgraded.
Re:Stay away from Creative Products: full of bugs
on
Testing the Audigy
·
· Score: 2, Interesting
Re: #4: 'support of the Live! cards in Linux was initially dreadful...'
For several months after the Live!'s release, Creative refused to release any sort of specifications on the card--there was *zero* Linux support. There was quite a stink about it, and I recall a petition to get Creative to release specs. I imagine a little bit of trudging on some list archives could give you dates...
I agree to a point--my high-school physics teacher, one of maybe 6 good teachers in the whole school, allowed both numeric and symbolic answers. If you forgot your calculator for a test, or you just wanted to avoid another possible place to err, you were in luck. He also gave partial credit for problems that were partially right--this might not sound like much, but it's certainly better than "I don't know what I'm teaching syndrome," where you get no credit for a large problem if the final answer doesn't match what's a teacher's manual.
I also have exactly the same problem has supabeast--I can plow through almost any sort of math you want to throw at me if I have sufficient reference. I did terribly in my higher math classes because of this, and also because of the fact that two of the three math teachers simply could not teach. One of them actually managed to somehow shut one of her breasts in her desk drawer once--sure, accidents happen, and I've done some awfully stupid things, but this wasn't far from the norm. (This is the same teacher with a phobic disorder involving raisins)
Anyway, back on topic--I'm not a huge fan of banning anything, but I could live with it if symbolic answers were allowed and at least an equation reference was provided. I really don't think students should be required to memorize for almost the sole purpose of forgetting them. Ask a handful of people who have been out of the educational arena for a year to give you a handful of the equations they were forced to memorize during the schooling; I'm willing to wager the majority by far would have a very hard time unless they were mathematicians or decent math teachers.
Earthlink does this as well (or maybe it's just uu.net, I understand both MSN and Earthlink use uunet for several of their POPs.) It's a major inconvenience, but it's easily hacked
around:
(I do this mostly because a friend of mine refuses to use Earthlink's mail service, but he can't use any other smtp accounts because of the firewalling of outbound port 25 connects, which I suspect don't do much to actually curb spam.)
Oh well. It's a pain in the ass, but what can you do? Earthlink is something like the third largest conglomeration of ISPs, so actually getting them to change something like this isn't likely to happen.
First, here's a cut-and-paste of the actual tones everyone's talking about (in case you want to synthesize them or some such thing):
Error tone:
0 330ms 950Hz -15.0/-15.0/-15.0 dBm0
1 330ms 1400Hz -15.0/-15.0/-15.0 dBm0
2 330ms 1800Hz -15.0/-15.0/-15.0 dBm0
3 5000ms Silence
(source: 'show call progress tone usa' on a Cisco 5340)
Second, a story from about 5 years back about telemarketers:
My mom received a call from a telemarketer (well, looking back, probably someone involved in a telemarketing scam) to which my mom politely replied "Sorry, I don't buy things through telephone solicitations." At this point, the telemarkter got really indignant and my mom simply hung up.
Several times during the nights following this, we started receiving several "ghost" calls with nobody on the other end (this was rare happening for us) which my mom deduced to be the evil caller from a few nights before. What I especially love was her response to this: At the time, the local telco switch was rather broken (don't ask me how, exactly, I don't know much about telco switches) in that if anyone in our town didn't hang up the phone, the other caller *could not* hang up their phone. One night, my mom received one of these calls again and simply left the phone off-hook for about an hour, which basically made it impossible for the offending party to hang up their phone (probably running up a nice charge for whoever was calling.)
Slashdot Mirror
Browsers are a concern for the same reason a cloud providers: you are running untrusted code in a sandboxed VM, and Spectre allows you to potentially exfiltrate data from outside the sandbox. Cloud providers are a bigger concern because they're more likely to contain interesting data* and because it's harder to exploit Spectre via Javascript than native code, but there are Spectre proof-of-concepts written in JS.
* interesting to an attacker, relative to the effort required
The users mail is bouncing for haven't existed since 2002. Spammers haven't even cared about rejected messages for some time.
Slashdot rules. I had to remove some of the formatting in my message because of the so-called "lameness" filter (obviously named after itself, for all the good it's doing.) Some of the formatting has been lost as well, since <pre> is no longer allowed--I'm not going to even bother reformatting it after fighting with the lameness filter. With wonderful misfeatures like this, it's no wonder the quality of discussion here has gone down over the years.
Anyway, the first table is the output of pflogsumm, which provides much more information than just that table, and looks much better when its output isn't raped by Slashdot. You can grab pflogsumm from http://jimsun.linxnet.com/downloads/pflogsumm-1.1. 0.tar.gz, but it only works with postfix's logs, as the name suggests.
Peep.
> The ping denial doesn't work, which is good because a port scan found some pretty interesting things, including this string in the TCP/IP fingerprint: 'i586-pc-linux-gnu'. Does that mean Microsoft must provide Linux source to purchasers of this product?
Answer: No.
I'm 99% certain that you've misinterpreted nmap's output. When nmap doesn't find a matching fingerprint, it displays the parameters in a parsable format used in nmap-os-fingerprints. More recently (i.e. not originally, but it's been this way for some time), nmap also prints out the OS it was compiled on (presumably to weed out any OSs that mangle the data and prevent bad fingerprints from being distributed with nmap.) This information is printed out in a line like:
SInfo(V=3.20%P=i586-pc-linux-gnu%D=4/29%Time=3EAF1 974%O=-1%C=80)
I'm guessing that this was seen and the submitter jumped to conclusions... At any rate, I believe they'd be required to give source (if they changed it) to anyone per the GPL.
FWIW, every Intel chip since the Pentium Pro has had downloadable microcode. AFAIK, the instructions that are handled by the microcode are notably slower, so not all of them are handled there. I don't have much information about that, though...
The microcode (at least with the p3 and before, probably still so with the p4) isn't stored on the CPU permanently--it needs to be uploaded on every system boot. For this reason, at least some motherboard manufacturers store the microcode in the BIOS and upload it on boot. I also believe that Win2k and above automatically upload the microcode as well, but I'm not sure on that.
I don't know whether AMD's processors support upgradable microcode (and, quite honestly, am too lazy to look right now), but I wouldn't be surprised if they do.
bwags writes "I ran across this VersaLaser desktop Laser Cutting and Engraving printer. I really do not know what I want to do with it, but you gotta admit it is cool. Maybe make some balsa wood airplanes. At only $10K, I want the purple one!"
( Read More... | 11 of 93 comments )
(I'm sorry, I just couldn't resist. Hope it's not too subtle.)
Geez, only took /. 27-odd hours. Anyway.
...) a uid 0 modprobe (easy enough way to call kernel_thread()), but for some reason, the traced process isn't properly reparented, so all subsequent ptrace() calls fail. (Whenever you PTRACE_ATTACH to a process, it's supposed to become the child process of the tracer, and ptrace_check_attach (linux/kernel/ptrace.c) will return -ESRCH if this condition isn't met.)
I tried writing an exploit for this flaw, but I couldn't get far enough to inject any code. I managed to ptrace(PTRACE_ATTACH,
I'm not positive this is actually exploitable, but I'm not positive I took the correct approach, either. In any case, the most I've been able to do is spawn a slew of suspended root-owned processes. Not good, but not the end of the world, either. If someone has actually managed to exploit this flaw, I'd love to see some code so that I could see what I did wrong. Conversely, I'm willing to share the code I have upon request. I've only written code up to the current impasse, but once past this problem, the rest should be pretty trivial.
Seriously. I would guess that some of the most succesful marketing strategies are based on this fact.
(otoh, IOS isn't always the most stable piece of software, but I tend to run LD/ED releases because I need the features, roughly equivalent to beta versions. A software failure is also much less of a catastrophe than a hardware failure--it's much faster to restart a router than to wait for hardware.)
While a Linux/BSD box running iptables/ipf is dirt cheap, it's not hard to imagine why it might not sit well with the suits in larger companies. I would wager that PC hardware isn't quite as reliable, either--especially since nearly all hardware firewalls/routers use flash as the primary means of storage rather than a hard drive.
Well, Slashdot USED to support unicode (by way of &unicodeoffset;), but in a move of sheer brilliance, someone made just about every form that takes user input strip most HTML &entities. Since Slashdot doesn't provide a charset specification for its pages, this removes any portable way to post anything but pure 7-bit ascii. (Not that I'm bitter or anything :)
c -60-iso10646-1) should be able to render it)
Here's a couple of alternatives, though:
* echo +BBQEPAQ4BEIEQAQ4BDk +BCEEOgQ7BE8EQAQ+BDI | iconv -f utf-7 -t utf-8
(or replace utf-8 with whatever charset your terminal can render. uxterm or xterm -u8 with a decent font (I use -misc-fixed-medium-r-semicondensed--13-120-75-75-
* http://halcyon.bluecherry.net/~rain/dmitry.html -- Let your browser do the work. This is probably the easiest bet if your browser supports UTF-8 (it should) and you have Cyrillic fonts installed.
Disclaimer: I Am Not A Russian.
(But I'm fairly certain this is correct.)
I posted this yesterday (and even got trolled!) My example isn't a good one--it works best with photos, but I don't have any handy that aren't copywritten by someone else and I don't have a digital camera handy.
v g
Here's the post again:
Encoding image data in Ogg Vorbis audio streams:
Written by zinx:
http://halcyon.bluecherry.net/~rain/oggpic/ogg2yu
http://halcyon.bluecherry.net/~rain/oggpic/yuv2og
The quality is better than you might expect, and they're fun to listen to! (Note: requires imagemagick, cat, ogg123, and oggenc.)
(sample data is available in the same directory, http://halcyon.bluecherry.net/~rain/oggpic/, if you're too lazy or lack the resources to do it yourself.)
Note that this is meant to be interesting rather than practical. It's a hack. But, like I said, the images are fun to listen to... (You can just use convert and play the sound as raw 8-bit samples if you want to listen to some images without the ogg step.) While this should be obvious, it apparently wasn't to someone yesterday.
Have fun!
> IMHO, it's time to build a lossy format for storing graphics similar to Ogg Vorbis. Perhaps the video codec Ogg just released can be used to make reasonable single-framed movies? Anyone familiar with the format care to comment?
v g
Encoding image data in Ogg Vorbis audio streams:
Written by zinx:
http://halcyon.bluecherry.net/~rain/oggpic/ogg2yu
http://halcyon.bluecherry.net/~rain/oggpic/yuv2og
The quality is better than you might expect, and they're fun to listen to! (Note: requires imagemagick, cat, ogg123, and oggenc.)
(sample data is available in the same directory, http://halcyon.bluecherry.net/~rain/oggpic/, if you're too lazy or lack the resources to do it yourself.
While it appears that Symantec will generally leave Bugtraq alone (not that it's been very useful for some time, imho), I don't really trust them.
Let me provide my basis (petty as it may seem): I'm the system administrator at an ISP small enough that I do some of the tech support. I've seen NAV's mail scanner totally screw up peoples' mail settings enough times that I don't think quality is something they emphisize. To make matters worse, this problem tends not to be fixed by a reboot, and NAV will lock the mail server fields in OE (I don't think it can do that in Netscape/Mozilla, but I'm not sure) making it impossible to use the affected mail account without completely deleting it and readding it. Sometimes, disabling and re-enabling mail scanning will fix the problem, but that's not always the case.
I used to prefer NAV over most other virus scanners (and some other Symantec products back in the days of MS-DOS), but I really think they've gone downhill in the past several years. I hope that the same fate doesn't come to Bugtraq--the list has already become bad enough.
Dial-up users beware - this is broadband territory!
I can't help but think this sounds very much like "Goodbye, cruel world!"
I've also heard that in the multiplayer version, the "damn lag" excuse doesn't work at all, and things can get disasterous if you walk up to your enemy and tell them "omg yuor suhc a n00b."
This might come off as a troll, but...
/.: You have to pay the coloc fees, staff, you have the cost of the servers, and probably a few other things. I can't speak absolutely for Slashdot because I quite frankly don't have the facts, but by far, bandwidth is our biggest expense. Maybe I'm wrong, but $5/1,000 page views seems a little steep to me (unless you're feeling philanthropic.) I think I'll keep viewing banners.
While I'd like to see Slashdot stick around, I'm not sure that it's useful enough to warrant paying for it, especially at $5/1,000 page views. Unfortunately, the articles on the front page are occasionally outright wrong or very misleading; add to that the fact that many people don't even bother to read the stories, post completely inaccurate comments (read the story about rebuilding data from modem/ethernet blinkenlights if you don't believe me), and then manage to get moderated up (presumably by moderators who also didn't read the story)--the signal to noise ratio seems to be getting poorer all the time.
Now don't get me wrong--my uid is 5189 (just in case you can't read the comment header)--I've been here for some time and I don't think that Slashdot isn't a useful resource. It's just not that useful to me.
Perhaps if it was cheaper (I admit, I'm stingy with my money. At least it keeps me out of debt), I'd pay for it... Check out these numbers:
I work at a small ISP. We have a mere overpriced T1 to the Internet, and although we don't pay by the amount of data transferred, it comes out to a little over $3/gb. Now, presuming that VA/Slashdot pay the same rates (they almost undoubtedly pay less), let's see what 1,000 pages would cost...
At the time I grabbed copies of the html, the front page was 37,190 bytes and the comments page 201,778 bytes. Presuming I read the front page and the comments for 3 stories (which I did, in fact, do at the time), my average data transfer is about 160,631 bytes (in reality, this will vary depending on the user).
So, 1,000 page views at 160,631 bytes each comes out to a grand total of
160,631,000 bytes = 153.190mb = 0.149599gb.
0.149599gb at $3/gb = $0.44880 in bandwidth costs.
Now I certainly realize that there are many other costs associated with running
p.s. If anyone who actually knows has figures for the extra expenses that go into Slashdot, I'd be interested in knowing...
While I think your comparison is ultimately correct, it costs a lot more than $20 for Blockbuster to get the movie, thanks to the wonderful people at the MPAA. If you read the copyright notice at the beginning of practically every DVD/VHS, I'm nearly positive that it forbids you from renting out a regularly priced copy. Instead, Blockbuster et al. have to buy a very price-inflated (I don't know how much, exactly, but I believe it to be >$100) copy of the DVD to be able to legally rent it out to customers.
Because of the high cost, the read-limited CDs may interest the smaller rental chains: it may be more profitable, and certainly more profitable in the short run, to sell the defective DVDs.
Of course, I really doubt this will get far. We all know the legacy of DivX (which is a better comparison than nothing), and judging by how people react when told about the DMCA and friends in plain terms, the MPAA and RIAA are already getting away with a lot more than J. Random Consumer would like. If they aren't sneaky about it (and I don't know how they could be here), I doubt people are going to go for it.
I hadn't seen the C64 before, but since its wimpy 38400bps link is slashdotted right now, I mirrored it here.
;)
It's not quite the same, though, seeing as I don't have a C64 to mirror it on
I've thrown up another mirror at http://ericharshbarger.bluecherry.net/. I'm mirroring the entire site (I say in the present progressive because the mirror is still running--the posted site is quite saturated), and the portion that's linked to in the article (effectively here)
:)
As I don't have loads of bandwidth, I'd like to ask that other people mirror it and post their mirrors as well.
Please refrain from killing the server
Back in the days of 2.0, I used the kernel's IPIP tunneling driver. It worked by having the remote host send packets destined to an IP address (say 192.168.1.10) to your IP address (say 192.168.5.50). Any packets that the client host sent out on the tunnel would actually go out over the Internet interface--I'd be sending packets as 192.168.1.10 from 192.168.5.50. My ISP at the time DID do egress filtering, so I had to have the network administrator disable it for the tunneled IP address.
Admittedly, I know a lot more now than I did then, and perhaps this was the Wrong Thing to do--perhaps my tunnel was misconfigured--but it worked at the time.
FWIW, I think I also saw some VPNish software pull the same stunt once upon a time, but I'm not sure.
I'm the sysadmin at a small ISP, so I figured I'd weigh in here.
/. crowd who often calls foul when an ISP puts any sort of restrictions on their traffic seems to be calling for the opposite here, but as /. is very diverse, I'll assume that it's not the same people.
Unfortunately, with Windows XP spreading throughout our userbase, I fear that such filtering will become necessary. Many DoS attacks originate from compromised Windows boxes, and the first person to use WinXP's ability to create a raw socket and spoof addresses is going to suck.
Firstly, the worst DoS attacks we've been hit with recently (only a couple over the last year, which I'm thankful for) were large ICMP packets from legitimate addresses (appeared to be ping -s 65000 -f), and large UDP packets from legitimate addresses (appeared to be Sub7 or something similar on IIS-compromised hosts).
Secondly, I'm leery of doing egress filtering as there are legitimate reasons to send a different source IP (one-way tunnels being a prime example). It's interesting that the
Someone mentioned mailing abuse reports whenever they see portscans and the like--while this is good in theory, almost all of the connections I see get stopped at the firewall are from Korea, China, etc. In these cases, I don't bother--do you know where mail in a language that I can't read and can't find a translator for goes? Besides, whenever they get a mail in English, they probably just say something like Damn SPAM! I do not want to make my penis larger, thanks! <delete>
Anyway, like I said, the DDOS weapon of choice seems to be compromised Windows boxes these days--this has the benefit of both hiding the attacker's IP address while still sending legitimate packets. This problem will be around until people are educated enough to not open attachments when they shouldn't, and until there haven't been any major security holes in MSIE/OE for a long enough time that most people have upgraded.
Re: #4: 'support of the Live! cards in Linux was initially dreadful...'
For several months after the Live!'s release, Creative refused to release any sort of specifications on the card--there was *zero* Linux support. There was quite a stink about it, and I recall a petition to get Creative to release specs. I imagine a little bit of trudging on some list archives could give you dates...
I agree to a point--my high-school physics teacher, one of maybe 6 good teachers in the whole school, allowed both numeric and symbolic answers. If you forgot your calculator for a test, or you just wanted to avoid another possible place to err, you were in luck. He also gave partial credit for problems that were partially right--this might not sound like much, but it's certainly better than "I don't know what I'm teaching syndrome," where you get no credit for a large problem if the final answer doesn't match what's a teacher's manual.
I also have exactly the same problem has supabeast--I can plow through almost any sort of math you want to throw at me if I have sufficient reference. I did terribly in my higher math classes because of this, and also because of the fact that two of the three math teachers simply could not teach. One of them actually managed to somehow shut one of her breasts in her desk drawer once--sure, accidents happen, and I've done some awfully stupid things, but this wasn't far from the norm. (This is the same teacher with a phobic disorder involving raisins)
Anyway, back on topic--I'm not a huge fan of banning anything, but I could live with it if symbolic answers were allowed and at least an equation reference was provided. I really don't think students should be required to memorize for almost the sole purpose of forgetting them. Ask a handful of people who have been out of the educational arena for a year to give you a handful of the equations they were forced to memorize during the schooling; I'm willing to wager the majority by far would have a very hard time unless they were mathematicians or decent math teachers.
8025 stream tcp nowait nobody /usr/bin/nc nc localhost 25
and,
access-list 100 permit tcp <src> <src wildcard bits> host <mailserver> eq 8025
access-list 100 deny tcp any host <mailserver> eq 8025 log
(I do this mostly because a friend of mine refuses to use Earthlink's mail service, but he can't use any other smtp accounts because of the firewalling of outbound port 25 connects, which I suspect don't do much to actually curb spam.)
Oh well. It's a pain in the ass, but what can you do? Earthlink is something like the third largest conglomeration of ISPs, so actually getting them to change something like this isn't likely to happen.
Error tone:
0 330ms 950Hz -15.0/-15.0/-15.0 dBm0
1 330ms 1400Hz -15.0/-15.0/-15.0 dBm0
2 330ms 1800Hz -15.0/-15.0/-15.0 dBm0
3 5000ms Silence
(source: 'show call progress tone usa' on a Cisco 5340)
Second, a story from about 5 years back about telemarketers:
My mom received a call from a telemarketer (well, looking back, probably someone involved in a telemarketing scam) to which my mom politely replied "Sorry, I don't buy things through telephone solicitations." At this point, the telemarkter got really indignant and my mom simply hung up.
Several times during the nights following this, we started receiving several "ghost" calls with nobody on the other end (this was rare happening for us) which my mom deduced to be the evil caller from a few nights before. What I especially love was her response to this: At the time, the local telco switch was rather broken (don't ask me how, exactly, I don't know much about telco switches) in that if anyone in our town didn't hang up the phone, the other caller *could not* hang up their phone. One night, my mom received one of these calls again and simply left the phone off-hook for about an hour, which basically made it impossible for the offending party to hang up their phone (probably running up a nice charge for whoever was calling.)
We never received another ghost call.