In fact there is nothing (literally) beyond the expanding universe. It is space itself that is expanding, therefore beyond the universe space, time, etc. does not exist and therefore there is truely nothing.
It is a hard idea to grasp along with such questions as what is the shape of the universe.
One of the other replies had it correct.. it is not that the galaxies are moving away from each other, it is that space itself is expanding and therefore the distance between all galaxies is increasing. It was the observation that all other galaxies are retreating from us the lead to the theory that we were at the centre of the universe. Of couse it did not take long to prove this wrong.
Go out and by some theatrical gel filters ("tough no green" or "tough 1/2 green" will do). Cut them into strips, roll them to make tubes and slide tubes over each of the fluorescent lights in a room. Now:
Turn on the lights and leave the room for about 10 minutes.
Look into the room and notice how everything looks pinkish in the room.
Enter the room (everything still looks "wierd") and look at objects outside of the room (they look "normal").
Wait 10 minutes and try the above step again.
You will notice that once you have become accustom to the light in the room that objects in the room sort of look "normal" (not quite though) and everything outside of the room looks pink.
Now I ask you, in both cases you have a "pink" area and a "normal" area, so which area is showing true colors and what will your Canon PowerShot A60 show?
My point: color perception can be fooled quite easily and what you see as red may not be red or not what I see as red and certainly not necessarily the same tint or red the anyone/anything else sees it as. Ambient lighting conditions do have an effect on what color objects are precieved to be. This effect may not necessarily be the same for your eyes and a camera.
Merlin.
For those of you curious: the above experiment was done to some offices where I use to work as the persons working in them found the shifted light reduced eye strain.
Hmm, I can't help but think of one word to be used in the defense....
*Photoshop!* (substitute with Gimp if you like)
Unless there are material witnesses it seems to me that it would be hard to prove that the pictures were not created using Photoshop to 'put her in the public bar' just for more publicity for her porn site.
According to the posts on the Mandrake sites and information received from LG, the drives did not comply fully to the ATAPI standard. In particular they used a flush cache command to trigger programming the firmware. Since the new kernel sent a flush cache command during start up this made the drives completely unusable after booting Mandrake 9.1 (or any linux with the same kernel version I suspect). [yep, some of the above may be a little off in exact terms but the gist of it is correct]
We lost two CD drives before we clued into the problem. Luckly both were on warranty and Dell replaced them with Samsung CD-RWs!:-)
We are about to test the 9.2 distro which contains the "fix" for this problem (read as: do not send a flush cache command to LG drives as they are wacked").
Don't know about the LG firmware upgrade as I could not find it with a quick search.
We run a few hundred machines in our labs and currently I use PowerQuest Deploy Center to multicast a few tens of machines at a time (6GB image to 40 machines in under 10 minutes; God I love multicast!). We also use sysprep to deal with the SIDs, etc. in Win2k. We have been using PQ Drive Image for several years with no problems. Whether you are pushing/pulling images on the network or to/from a burner, the PQDI product works well.
The one exception I have seen is this August when MSBlast was saturating the net. During this time PQDI would fail ~100% of the time on images that took more then ~5 minutes to transfer. The best we could track the problem down to was a problem with the MS TCP/IP stack that PQ used on their boot disks. The stack seemed to get blocked after getting probed several times by infected machines.
Eventually this resolved as MSBlast became less prevelant on our network and after the network guys did some reconfiguration on the routers (not sure what they did). Now we are up to a 100% success rate again.
Now the slightly off topic stuff:
What I can not get to work is using sysprep to join the imaged boxes to the domain. Currently we are joining win2k boxes to a NT domain. I would love to see a copy of a sysprep.inf file that sucessfully joins a win2k box to a NT domain. According to all the docs I can find it should work.
As another question: you mention using sysprep to deal with different HALs. This is mentioned in the documentation with next to no clear examples (so far as I can tell). As an example: I have 3 Dell models to put a win2k image on (GX110, GX150, GX270). So far I have not found a way to build an image on 1 of these and use sysprep put the image on all 3. Currently the image only goes on the model that it was built on so I am building 3 images instead of 1 for deployment.
How do you use sysprep to deal with the different HALs? Right now if I build on a GX110, sysprep it and image onto a GX150 the machine craps out half way through the boot saying it no longer can read the hard drive. This worked fine with winNT without using sysprep. Real examples would be appreciated.
So is it just me or does the picture of the chinese astronaut in this
news story look suspiciously like a lego mini-fig?
If the news clips of the actual lift-off show a red/black/yellow/blue/white rocket and launch tower with surpisingly blockish looking lettering, I'm selling my shares in China Aerospace International Holdings Ltd.!
Actually, when I loaded their page I saw a perfect demonstration of their seamless image technology... Right under the header there was a large image box with absolutely no seams, bluryness, or other aborations(sp?). In fact the only thing out of place was the small broken image icon in the top left corner... otherwise it was one beautiful seamless image of a typical winter storm in Saskatchewan, Canada.
I agree with just fiddling around's comments. Hold that attitude on any network I run and you'll be out the door in a heartbeat. Of course as a military network admin I'm a bit more concerned with the actual integrity of my systems.
Read my other replies and tell me if my points are clearer and if you have changed you mind.
The times i've had members point out flaws in systems I manage, i've not only fixed the systems i've had the individual publically praised for their efforts. - To bad as a civilian I can't give them medals. =-(
Great, keep up the good work. I have done what I could in certain cases also.
If the "hacker" wanted to use their exploit for nefarious purposes they would have not come to you.
Unfortunately not always true... haven't had a case personally but have seen it on the university campus enough times. It is truely shocking what some people will do or how stupid some people are about doing it.
There are plenty of people out there attacking your network.
Nary a truer word be said. Speaking of work I had better get back at it instead of further proving my lack of English skill on Slashdot;-)
"you had better be able to prove that you have not altered your grades"
Er, what? This is the guy who's trying to stop everyone else doing it. As if he's really going to go in and set himself up a bunch of As then tell you how he did it.
You would be surprised at what some people will do and for what reasons. As I have already stated: if you are going to report something, for your own good, make sure you can prove your case. To many innocent persons have gotten burned due to things going farther then they every should have. This has nothing to do with me or my position and everything to do with the fact that as the person bring something to the "officials" attentions, you have no idea what the outcome will be.
"If this means a call to security then I am obligated to do that"
You'll call in the cops. This guy is trying to HELP. Get your head out of your ass for a change.
To be more clear: IF it looks like the exploit is real AND it looks like the person is not legitimate AND it looks like far more damage has been, or could be, done then their story indicates AND the incident affects far more than the students account in my department THEN I have to consider passing the information on to other parties which MAY include or MAY NOT include security.
"Example, next year you suddenly become a honor student"
And supposing you've chosen to do nothing, and his - that is the chap who's being honest here and trying to HELP, read that last word again: HELP, as opposed to HINDER - grades do suddenly leap, (a) he could be putting in a load of extra work; it doesn't automatically mean he's cheating (b) how do you know it wasn't one of his unethical colleages deciding to make things difficult for him, especially if he's trying to stop him from increasing his own grades and he (the unethical one) now has an axe to grind?
I don't have a clue whether the student is legitimate or not and, frankly, I don't care as it is not my job to monitor such situations. In the case that I mentioned above what I did not mention are the circumstances where I would suddenly be involved:
Let say a student did come to me with some random exploit and I dealt with it without bringing anyone else into the picture (which can and has happened). Even though I did not report the incident I would have documented it in my logs. Now, next term the students academic profile suddenly changes and somebody gets suspicious (would not be me as I have no interest in monitoring students academic profile). The somebody then reports their suspicions and the investigation is on. Knowing that the student worked on my systems the investigator decides to query me for any information I may have. At this point I will fully disclose all relevant information I have regarding the investigation. This is my obligation as the policies I work under dictate. I have no choice in the matter IF I am to take my job seriously and perform my assigned duties to the best of my abilities. Does that make it clearer?
To the OP - what I would do is one of the following:
(a) Don't publish at all. Let others cheat. After all, if your final grade is determined by absolute score, rather than relative score, which IIRC is the case at university (and was the case in the UK when I got my degree, although admittedly that was last century), then you have nothing to lose by everyone else getting a 1st.
Have to disagree with you for a number of ethical and moral reasons which I will not get into here.
(b) Post anonymously. I wouldn't bother with the PGP public key, it won't become advantageous to come forward for the credit; you will automatically fall under suspicion and everyone (as evidenced by the STUPID rant I'm replying to) will automatically assume you're guilty.
I agree as I stated outright: submit a full disclosure anonymously to the company and the school. But I disagree with your second point. Not all will assume you're guilty but you w
... and everyone know exactly what it was I was running, all the time, anytime. I also knew a load of weaknesses within the network, and had repeatedly told the techs what was wrong with the security of the network.
Someone blew the whistle on nothing. As in, they found nothing that they could incriminate me with. Just a CD full of fluff, and my IP.
Ok based on just what you have stated above: Yep, you did the right thing. Yep, the whistle blower was probably out of line: You made the techs aware of your actions and progress. Base on no other information I agree that the whistle blower was out of line and that this type of action helps no one. It may not have been the techs but instead someone else in the department that they were simple keeping "in the loop" as opposed to reporting a "problem" to. If I had been "in the loop", based on your limited details only, I would have seen no need to report a "problem" since I would have been the one giving you the go ahead to experiment and let me know your progress.
Your job is to secure that network, not fuck the academic career of a student's life, understand? Don't bother the kid, it's tested, it works, go fix it, and now.
As a university sysadmin, if someone came to me with an exploit within our network or systems, I don't care what the kid's done, it's not my job to worry about that. However, unless I want it to go FD, I would go up and fix it.
Correct, it is not my job to screw up anybodies academic career, life, etc. However it has been made clear to me that it is my responsibility to ensure that the policies set forth by the university are enforced and that encrouchments on those policies are dealt with as indicated by said policies. This is true for all employees of this university so yes it is my obligation to report incidents which I deam of importance outside my little realm. However, note that I said "deam of importance". This is the power given to me and one that can be easily abused resulting in damage to others. Although I try not to abuse it and to do my best to assist our users/students I am sure that there are others that do abuse it for thier own gain.
Watch your obligations. You could destory someone's academic life that way. Trust me, I have Computer Trespass in the Second Degree (RCW 9A.52.110) on my record, and was forced out of the Seattle School's system, just because of a whistleblower who didn't know what they were blowing the whistle for.
Based on what you said, I sympathize with you as this probably not have happened. It is due to unforseen outcomes like this that I, as I stated outright, suggest and support anonymous full disclosure.
I'm not saying that you need to prove to me that you have not utilized the exploit, or for that matter that I must prove you have used it. I am saying, if you approach an official you had better be sure of your case "just in case" as you have no assurances where or how far it may go. This is a simple case of the student ensuring their behind is covered.
I agree that proof either way may be difficult but so far as grades go most faculty keep off-line records so the proof would be easier for them then me.
Re: doing better then that.
Yep, I would love to say to all "don't worry, you can trust me, I'm your friend, no harm will come to you" but the sad fact is that:
I have no idea who you are nor you true motivations.
I have been given a job to do and although in practice I have a great amount of leeway, I still have limitations that I must work within.
As I mentioned in other replies: if your honest, and you convience me of that, and your trying to help then I will take it and appreciate it and other then documenting the incident it would likely go no further. If it looks bigger then I can/should/have-time-to handle or I have reason to believe you are not being honest and the incident has real concequences then somebody else will enter the picture.
Do me a favor, and read my other replies. In short:
1. I do not support witchhunts and I could not agree with you more on this issue.
2. I'm not entirely sure why you say I am covering my ass. Yes I generally act within the boundries set out for me by the university (my boss) as I do rather like my job and hate job hunting. No I do not hold the BOFH as my mentor and attempt to screw every student/person who comes to me for help or intending to help me.
3. Based your response (aggresive, un-investigated allegations, personal attacks instead of objective critisism) I would not be yours to fire as I would either not work for you or quit when your true colors were revealed.
But thanks for point out the lack of clarity in my post so I could address it.
I understand your position completely. Especially with regard to some of the "professionals" I have encountered in this job. Unfortunately it is hard to know how some "professionals" will respond when you approach them with such information. Slashdot has had several stories about individuals getting screwed when playing the "good samaritan" (sp?) role.
But also note: I do not like to see any student/person suffer unduly. Especially when they are brave enough to take a stand on an issue and attempt to correct it. To many people get shot down when they are simple attempting to help.
My view is that if you are trying to help then you should not be punished and I will do what I can to assist, whereas if you are conciously going against the rules then you have lost my respect and are on your own.
Reporting anonymously is better then ignoring and this is the minimal suggestion I support if the reporter does not know what time of persons they are reporting to.
Hmmm, lots of replies to address so I will start here to clear a few things up as I may (read as: was) not clear the first time around...
1. As an employee of the university, I am obligated to pass on to relevant parties any information which I judge may be of importance to the university. At very least, even if I do not pass the information on I am obligated to document it for future reference if needed.
Does this mean that the information takes on a life of its own and is persistant? Not necessarily. Examples are security tapes from our lab cameras which have a shelf life after which they are re-used. If an incident is caught on tape but not noticed (or noticed but not asked for) in time, the record is destroyed when the tape is re-used. Just the same that I log most interactions with students but most of those logs never again see the light of day and eventually get destroyed.
2. When I stated "second I have to consider the damage they may have done" I did not mentions anything about "investigating" the student; nor did I intend to imply such a case. By "consider" I mean to make a judgement based on the person, their story, their claim, and the type of incident, as to whether or not other parties should be informed of the incident. Other parties could include, security, other department staff, other affected departments, etc. This "consideration" is usually done on the fly as I am working with the student when they approach me.
Incidently, out of the incidents that I have had to deal with to date, only one was forwarded to security (stolen property related), most were only discussed with other department staff (peers), and one was moved up the "chain of command" within the department (possible large scale copying of assignments involving several students). In most of the incidents I documented the incidents and worked with the student to develop and test the solution.
I agree whole heartedly that it would be great if students (or anyone) could be a "whistle-blower" (ya know what I mean) without suffering any negative concequences and this is the tact I like to take whenever possible (it is much better to have friendly helpful users then unknown users). Unfortunately in some cases the choices are not mine to make else I would not be performing the duty I was hired to do.
Final note: I agreed with posters about submitting the exploit anonymously not to avoid individuals like myself but to avoid individuals who are more likely to blow the students roll in the incident out of proportion or use the incident for self-gain ("look at me, I caught an uber-hackor; promote me!).
Agreed. It is more then just HTML though, it is anything that could resemble HTML. Guess it solves problems with rendering possible exploit code, if such a thing is possible with plain HTML (thinking of recent posting regarding 4-6 lines used to crash IE and Mozilla).
Your point explains why I am NOT a grammar nazi yet and your style explains your cowardly post and possibly your intelligence level... but let us not speak any more of the cruel trick mother nature played on your parents so many years ago.
Incidently, regarding your post: Learn to [bleep] spell GRAMMAR before you post stupid [bleep] like this. Jerkoff.
Accepted protocol indicates that you should put your sig on a seperate line after a suitable space or seperator, not at the end of your last sentance.
aaack, I'll be one step away from becoming a grammer nazi but I have to point out the obvious:
There should be a degree sign after 3200.
Actually there should be a K behind the 3200 as measurements on the Kelvin scale is designated by K as opposed to a degree symbol. This is due to the fact that 3200K is referred to "3200 Kelvins" not "3200 degrees Kelvin". The following quote explains:
The scale of scientific choice is the Kelvin scale, introduced by the Scottish physicist William Thompson (Lord Kelvin, 1924-1907). Each degree on the scale is called a kelvin (K). (Just a note: Celsius and Fahrenheit scales always carry the word degree, but the kelvin scale does not. For example a temperature of 300K will be read "300 hundred kelvin", not "three hundred degrees kelvin".)
Ok I have to go wash my hands off with soap as I am now tainted. Damn you grammer nazi's, damn you all to hell!:-P
Merlin.
p.s. if the reader is interested in more info about lighting characteristics of lamps try here for a decent intro.
I can understand wanting to cover your backside with this. Especially since you have 'tested' the exploit. Going to the university may mean the end of your academic career. Going to the company may result in the same in a round about way. The company may feel obligated to report you to the said university.
If you are serious about getting the expoit fixed then there are a lot of good points already made in the replies:
Send it to the company anonymously.
Send it to the university IT dept. anonymously.
Do both and that should get it where you want it to go.
Now for my take on this (if you were one of my students)...
You are supplying the source of the proof of concepts, right? I accept no binaries from unkown source, escpecially with your story. You have to convince me that you are not only legit. but being honest. If you approach me you had better be able to prove that you have not altered your grades. This is not due to my morals but due to my obligations to the university.
I have dealt with students bringing up exploits to me that they have found work in our system. First I have to verify their claim, second I have to consider the damage they may have done (purposefully or not). If this means a call to security then I am obligated to do that. After that I have to consider fixing my system and damage control.
Note about security: I need not bring security into it but I must document everything incase the incident becomes a concern in the future... Example, next year you suddenly become a honor student.
A comment by 'has' bothers me... if this is you then you could be in deeper then you want to be... I would suggest cleaning up your act, taking an ethics course and getting on with your degree. This type of un-ethical, and probably illegal (fraud?) activity will eventually catch up with you if continued. Enough preaching.
Take the suggestions regarding anonymous submissions if your serious about helping.
It interesting that you have seen the switch from yellow to white street lighting and that you have liked it.
Where I live (Saskatchewan, CA) I have watched the transition from white mercury lighting to yellow sodium lighting. At first I was concerned about reduced lighting, security, etc. but in the last two years of living 2 doors down from the street light I have grown to like the sodium lighting better. I should also mention that last summer the city upgraded the lighting in my area by installing more street lights (1 per half block vs 1 per block).
I know find more then adequate lighting on the street without an excess in my backyard due to bleeding from bright white light sources. The new lights seem to have better shielding so as to light the street and not the neighborhood. Also the yellow lights do not provide as much of a distraction, fucus point, or blinding glare as the white lights when driving.
Over all considering factors such as: security lighting, convenience lighting, driving, and yard privacy I have to say that the yellow lower lumen sodium lighting wins out in my mind.
So far as farm yard lighting goes, I can understand wanting to light the yard up more as you have a much larger area to monitor for security purposes. Also we used the yard light on our farm as general lighting when trying to work in the late evening or at night. This is not the case for city street lights as typically each property owner has there own method of lighting their yard for their own purposes.
As a final point on yard lighting, if I am just navigating my yard a night as opposed to working in it I will shut off the outside lights as I can see better (read as: more of the yard but less detail) with the general illumination from other light sources outside my yard (city lights, moon, etc.) then I can by flooding part of my yard with a flood light.
[begin ontopic]
On one hand it is great to have another processor go mainstream in the PC market. This helps keep the prices low, increases the variety of hardware and software development, provides yet another area for hacking (the hobbyist type not the 5cr1p7 k1ddy type), and helps move technology into areas previously limited by economic or political factors.
On the other hand, as much as I like to explore new toys rarely do I have the resources to gamble on new unproven technologies (both time and money, sigh). So it is unlikely that I would consider buying such a system instead of an Intel or AMD box (in fact although I own an older AMD box, if I bought today I would probably lean towards Intel slightly just to reduce any "apparent" or "preceived" risk). Since statistically speaking I am not alone in this opinion new technologies like the Dragon probably have a long battle in front of them to gain any market share in countries with established "mainstream" technologies.
[end ontopic]
This has to be said...
The various comments made in this story is a classic example of one of the reasons I read./. Not only to I get a reasonable sample of targetted news stories that appeal to my interests, more importantly, I get a variety of views and opinions from people on both sides of many issues. To often I find that following only local (read as: local to North America in my case) media that I hear only snippets , single sides, or limited scopes of many international issues. Many times I do not even hear of some issues that are happening globally that for various reasons are not carried by local media. Reading the posted comments from a variety of people all over the world (and listening to late night CBC radio; news from other countries) gives me insight and knowledge of a more "worldly nature" rather then the limited scope presented by local media.
Most importantly the comments are by "real people" as opposed to executive summaries presented by media which may be following personal agenda's. Sure you can say "you give weight to the *insert whatever derogatory adjective* posted by the select group of *insert whatever derogatory adjective* people?!", but even taking that into account I still gain a variety of good information on many topics I would otherwise not have. Examples included but not limited to are:
the thread on China in this story
the many comments on/from persons living in Quebec Canada in previous/. stories (even the news in my own Country does not always reflect what the "little person" thinks)
the various discussion on the War with Iraq from non-North Americans
and the list could go on and on.
Yes,/. have its share of trolls, useless arguments, and cannon fodder type posting but it has its share of "interesting" and "insightful" posts also (otherwise you would not be reading this:) ).
In a nutshell, thank you readers of/. for broadening my horizons and giving me a wealth of consice information that I would otherwise not have had (due to lack of time to research and lack of awareness of the entire issue).
Merlin.
P.S. and hey, even though this post may not show it, I am actually improving in both grammer and spelling thanks to a select group of/. readers:-)
It is not that nobody has anything to say about parallel computing, it is that all posters were busy typing their comments at the same time; to be submitted at the same time resulting a complete conversation in a fraction of the time it would take to complete the same conversation in the normal loosly coupled sequential fashion.
'... Virtual PC for Mac will be available through standard Microsoft channels of distribution.'
Is it just me or did anybody else reading this immediately think "but I thought Outlook didn't run on the Mac, how will the payload get insta... oh, those distribution channels."
--
No, I am not trolling, it has become standard stereotyped running joke that MS Outlook is a virus distribution machine. I suspect that is why the above thought popped up first; the resulting smirk caused me to post this. Yes I use MS software, among many other types... if the tool fits, use it.
Slashdot Mirror
It is a hard idea to grasp along with such questions as what is the shape of the universe.
One of the other replies had it correct.. it is not that the galaxies are moving away from each other, it is that space itself is expanding and therefore the distance between all galaxies is increasing. It was the observation that all other galaxies are retreating from us the lead to the theory that we were at the centre of the universe. Of couse it did not take long to prove this wrong.
Merlin.
Before, or after you eat it?
Go out and by some theatrical gel filters ("tough no green" or "tough 1/2 green" will do). Cut them into strips, roll them to make tubes and slide tubes over each of the fluorescent lights in a room. Now:
- Turn on the lights and leave the room for about 10 minutes.
- Look into the room and notice how everything looks pinkish in the room.
- Enter the room (everything still looks "wierd") and look at objects outside of the room (they look "normal").
- Wait 10 minutes and try the above step again.
You will notice that once you have become accustom to the light in the room that objects in the room sort of look "normal" (not quite though) and everything outside of the room looks pink.Now I ask you, in both cases you have a "pink" area and a "normal" area, so which area is showing true colors and what will your Canon PowerShot A60 show?
My point: color perception can be fooled quite easily and what you see as red may not be red or not what I see as red and certainly not necessarily the same tint or red the anyone/anything else sees it as. Ambient lighting conditions do have an effect on what color objects are precieved to be. This effect may not necessarily be the same for your eyes and a camera.
Merlin.
For those of you curious: the above experiment was done to some offices where I use to work as the persons working in them found the shifted light reduced eye strain.
*Photoshop!* (substitute with Gimp if you like)
Unless there are material witnesses it seems to me that it would be hard to prove that the pictures were not created using Photoshop to 'put her in the public bar' just for more publicity for her porn site.
Merlin.
We lost two CD drives before we clued into the problem. Luckly both were on warranty and Dell replaced them with Samsung CD-RWs! :-)
We are about to test the 9.2 distro which contains the "fix" for this problem (read as: do not send a flush cache command to LG drives as they are wacked").
Don't know about the LG firmware upgrade as I could not find it with a quick search.
Merlin.
First the on topic stuff:
We run a few hundred machines in our labs and currently I use PowerQuest Deploy Center to multicast a few tens of machines at a time (6GB image to 40 machines in under 10 minutes; God I love multicast!). We also use sysprep to deal with the SIDs, etc. in Win2k. We have been using PQ Drive Image for several years with no problems. Whether you are pushing/pulling images on the network or to/from a burner, the PQDI product works well.
The one exception I have seen is this August when MSBlast was saturating the net. During this time PQDI would fail ~100% of the time on images that took more then ~5 minutes to transfer. The best we could track the problem down to was a problem with the MS TCP/IP stack that PQ used on their boot disks. The stack seemed to get blocked after getting probed several times by infected machines.
Eventually this resolved as MSBlast became less prevelant on our network and after the network guys did some reconfiguration on the routers (not sure what they did). Now we are up to a 100% success rate again.
Now the slightly off topic stuff:
What I can not get to work is using sysprep to join the imaged boxes to the domain. Currently we are joining win2k boxes to a NT domain. I would love to see a copy of a sysprep.inf file that sucessfully joins a win2k box to a NT domain. According to all the docs I can find it should work.
As another question: you mention using sysprep to deal with different HALs. This is mentioned in the documentation with next to no clear examples (so far as I can tell). As an example: I have 3 Dell models to put a win2k image on (GX110, GX150, GX270). So far I have not found a way to build an image on 1 of these and use sysprep put the image on all 3. Currently the image only goes on the model that it was built on so I am building 3 images instead of 1 for deployment.
How do you use sysprep to deal with the different HALs? Right now if I build on a GX110, sysprep it and image onto a GX150 the machine craps out half way through the boot saying it no longer can read the hard drive. This worked fine with winNT without using sysprep. Real examples would be appreciated.
InSysprepHell!Merlin.
*Way to go China*
Kudos to all of the people involved.
Heres hoping for a safe and uneventful journey.
Merlin.
If the news clips of the actual lift-off show a red/black/yellow/blue/white rocket and launch tower with surpisingly blockish looking lettering, I'm selling my shares in China Aerospace International Holdings Ltd.!
Merlin.
Merlin.
Read my other replies and tell me if my points are clearer and if you have changed you mind.
The times i've had members point out flaws in systems I manage, i've not only fixed the systems i've had the individual publically praised for their efforts. - To bad as a civilian I can't give them medals. =-(
Great, keep up the good work. I have done what I could in certain cases also.
If the "hacker" wanted to use their exploit for nefarious purposes they would have not come to you.
Unfortunately not always true... haven't had a case personally but have seen it on the university campus enough times. It is truely shocking what some people will do or how stupid some people are about doing it.
There are plenty of people out there attacking your network.
Nary a truer word be said. Speaking of work I had better get back at it instead of further proving my lack of English skill on Slashdot ;-)
M.
Er, what? This is the guy who's trying to stop everyone else doing it. As if he's really going to go in and set himself up a bunch of As then tell you how he did it.
You would be surprised at what some people will do and for what reasons. As I have already stated: if you are going to report something, for your own good, make sure you can prove your case. To many innocent persons have gotten burned due to things going farther then they every should have. This has nothing to do with me or my position and everything to do with the fact that as the person bring something to the "officials" attentions, you have no idea what the outcome will be.
"If this means a call to security then I am obligated to do that"
You'll call in the cops. This guy is trying to HELP. Get your head out of your ass for a change. To be more clear: IF it looks like the exploit is real AND it looks like the person is not legitimate AND it looks like far more damage has been, or could be, done then their story indicates AND the incident affects far more than the students account in my department THEN I have to consider passing the information on to other parties which MAY include or MAY NOT include security.
"Example, next year you suddenly become a honor student"
And supposing you've chosen to do nothing, and his - that is the chap who's being honest here and trying to HELP, read that last word again: HELP, as opposed to HINDER - grades do suddenly leap, (a) he could be putting in a load of extra work; it doesn't automatically mean he's cheating (b) how do you know it wasn't one of his unethical colleages deciding to make things difficult for him, especially if he's trying to stop him from increasing his own grades and he (the unethical one) now has an axe to grind?
I don't have a clue whether the student is legitimate or not and, frankly, I don't care as it is not my job to monitor such situations. In the case that I mentioned above what I did not mention are the circumstances where I would suddenly be involved:
Let say a student did come to me with some random exploit and I dealt with it without bringing anyone else into the picture (which can and has happened). Even though I did not report the incident I would have documented it in my logs. Now, next term the students academic profile suddenly changes and somebody gets suspicious (would not be me as I have no interest in monitoring students academic profile). The somebody then reports their suspicions and the investigation is on. Knowing that the student worked on my systems the investigator decides to query me for any information I may have. At this point I will fully disclose all relevant information I have regarding the investigation. This is my obligation as the policies I work under dictate. I have no choice in the matter IF I am to take my job seriously and perform my assigned duties to the best of my abilities. Does that make it clearer?
To the OP - what I would do is one of the following:
(a) Don't publish at all. Let others cheat. After all, if your final grade is determined by absolute score, rather than relative score, which IIRC is the case at university (and was the case in the UK when I got my degree, although admittedly that was last century), then you have nothing to lose by everyone else getting a 1st.
Have to disagree with you for a number of ethical and moral reasons which I will not get into here.
(b) Post anonymously. I wouldn't bother with the PGP public key, it won't become advantageous to come forward for the credit; you will automatically fall under suspicion and everyone (as evidenced by the STUPID rant I'm replying to) will automatically assume you're guilty.
I agree as I stated outright: submit a full disclosure anonymously to the company and the school. But I disagree with your second point. Not all will assume you're guilty but you w
Someone blew the whistle on nothing. As in, they found nothing that they could incriminate me with. Just a CD full of fluff, and my IP.
Ok based on just what you have stated above: Yep, you did the right thing. Yep, the whistle blower was probably out of line: You made the techs aware of your actions and progress. Base on no other information I agree that the whistle blower was out of line and that this type of action helps no one. It may not have been the techs but instead someone else in the department that they were simple keeping "in the loop" as opposed to reporting a "problem" to. If I had been "in the loop", based on your limited details only, I would have seen no need to report a "problem" since I would have been the one giving you the go ahead to experiment and let me know your progress.
Your job is to secure that network, not fuck the academic career of a student's life, understand? Don't bother the kid, it's tested, it works, go fix it, and now.
As a university sysadmin, if someone came to me with an exploit within our network or systems, I don't care what the kid's done, it's not my job to worry about that. However, unless I want it to go FD, I would go up and fix it.
Correct, it is not my job to screw up anybodies academic career, life, etc. However it has been made clear to me that it is my responsibility to ensure that the policies set forth by the university are enforced and that encrouchments on those policies are dealt with as indicated by said policies. This is true for all employees of this university so yes it is my obligation to report incidents which I deam of importance outside my little realm. However, note that I said "deam of importance". This is the power given to me and one that can be easily abused resulting in damage to others. Although I try not to abuse it and to do my best to assist our users/students I am sure that there are others that do abuse it for thier own gain.
Watch your obligations. You could destory someone's academic life that way. Trust me, I have Computer Trespass in the Second Degree (RCW 9A.52.110) on my record, and was forced out of the Seattle School's system, just because of a whistleblower who didn't know what they were blowing the whistle for. Based on what you said, I sympathize with you as this probably not have happened. It is due to unforseen outcomes like this that I, as I stated outright, suggest and support anonymous full disclosure.
M.
I'm not saying that you need to prove to me that you have not utilized the exploit, or for that matter that I must prove you have used it. I am saying, if you approach an official you had better be sure of your case "just in case" as you have no assurances where or how far it may go. This is a simple case of the student ensuring their behind is covered.
I agree that proof either way may be difficult but so far as grades go most faculty keep off-line records so the proof would be easier for them then me.
Re: doing better then that.
Yep, I would love to say to all "don't worry, you can trust me, I'm your friend, no harm will come to you" but the sad fact is that:
- I have no idea who you are nor you true motivations.
- I have been given a job to do and although in practice I have a great amount of leeway, I still have limitations that I must work within.
As I mentioned in other replies: if your honest, and you convience me of that, and your trying to help then I will take it and appreciate it and other then documenting the incident it would likely go no further. If it looks bigger then I can/should/have-time-to handle or I have reason to believe you are not being honest and the incident has real concequences then somebody else will enter the picture.Does that make it clearer?
M.
1. I do not support witchhunts and I could not agree with you more on this issue.
2. I'm not entirely sure why you say I am covering my ass. Yes I generally act within the boundries set out for me by the university (my boss) as I do rather like my job and hate job hunting. No I do not hold the BOFH as my mentor and attempt to screw every student/person who comes to me for help or intending to help me.
3. Based your response (aggresive, un-investigated allegations, personal attacks instead of objective critisism) I would not be yours to fire as I would either not work for you or quit when your true colors were revealed.
But thanks for point out the lack of clarity in my post so I could address it.
M.
But also note: I do not like to see any student/person suffer unduly. Especially when they are brave enough to take a stand on an issue and attempt to correct it. To many people get shot down when they are simple attempting to help.
My view is that if you are trying to help then you should not be punished and I will do what I can to assist, whereas if you are conciously going against the rules then you have lost my respect and are on your own.
Reporting anonymously is better then ignoring and this is the minimal suggestion I support if the reporter does not know what time of persons they are reporting to.
M.
1. As an employee of the university, I am obligated to pass on to relevant parties any information which I judge may be of importance to the university. At very least, even if I do not pass the information on I am obligated to document it for future reference if needed.
Does this mean that the information takes on a life of its own and is persistant? Not necessarily. Examples are security tapes from our lab cameras which have a shelf life after which they are re-used. If an incident is caught on tape but not noticed (or noticed but not asked for) in time, the record is destroyed when the tape is re-used. Just the same that I log most interactions with students but most of those logs never again see the light of day and eventually get destroyed.
2. When I stated "second I have to consider the damage they may have done" I did not mentions anything about "investigating" the student; nor did I intend to imply such a case. By "consider" I mean to make a judgement based on the person, their story, their claim, and the type of incident, as to whether or not other parties should be informed of the incident. Other parties could include, security, other department staff, other affected departments, etc. This "consideration" is usually done on the fly as I am working with the student when they approach me.
Incidently, out of the incidents that I have had to deal with to date, only one was forwarded to security (stolen property related), most were only discussed with other department staff (peers), and one was moved up the "chain of command" within the department (possible large scale copying of assignments involving several students). In most of the incidents I documented the incidents and worked with the student to develop and test the solution.
I agree whole heartedly that it would be great if students (or anyone) could be a "whistle-blower" (ya know what I mean) without suffering any negative concequences and this is the tact I like to take whenever possible (it is much better to have friendly helpful users then unknown users). Unfortunately in some cases the choices are not mine to make else I would not be performing the duty I was hired to do.
Final note: I agreed with posters about submitting the exploit anonymously not to avoid individuals like myself but to avoid individuals who are more likely to blow the students roll in the incident out of proportion or use the incident for self-gain ("look at me, I caught an uber-hackor; promote me!).
Hope this clears things up a little.
Merlin
M.
Incidently, regarding your post:
Learn to [bleep] spell GRAMMAR before you post stupid [bleep] like this. Jerkoff.
Accepted protocol indicates that you should put your sig on a seperate line after a suitable space or seperator, not at the end of your last sentance.
M. --- like this :)
There should be a degree sign after 3200.
Actually there should be a K behind the 3200 as measurements on the Kelvin scale is designated by K as opposed to a degree symbol. This is due to the fact that 3200K is referred to "3200 Kelvins" not "3200 degrees Kelvin". The following quote explains:
The scale of scientific choice is the Kelvin scale, introduced by the Scottish physicist William Thompson (Lord Kelvin, 1924-1907). Each degree on the scale is called a kelvin (K). (Just a note: Celsius and Fahrenheit scales always carry the word degree, but the kelvin scale does not. For example a temperature of 300K will be read "300 hundred kelvin", not "three hundred degrees kelvin".)
Ok I have to go wash my hands off with soap as I am now tainted. Damn you grammer nazi's, damn you all to hell! :-P
Merlin.
p.s. if the reader is interested in more info about lighting characteristics of lamps try here for a decent intro.
I can understand wanting to cover your backside with this. Especially since you have 'tested' the exploit. Going to the university may mean the end of your academic career. Going to the company may result in the same in a round about way. The company may feel obligated to report you to the said university.
If you are serious about getting the expoit fixed then there are a lot of good points already made in the replies:
- Send it to the company anonymously.
- Send it to the university IT dept. anonymously.
Do both and that should get it where you want it to go.Now for my take on this (if you were one of my students)...
You are supplying the source of the proof of concepts, right? I accept no binaries from unkown source, escpecially with your story. You have to convince me that you are not only legit. but being honest. If you approach me you had better be able to prove that you have not altered your grades. This is not due to my morals but due to my obligations to the university.
I have dealt with students bringing up exploits to me that they have found work in our system. First I have to verify their claim, second I have to consider the damage they may have done (purposefully or not). If this means a call to security then I am obligated to do that. After that I have to consider fixing my system and damage control.
Note about security: I need not bring security into it but I must document everything incase the incident becomes a concern in the future... Example, next year you suddenly become a honor student.
A comment by 'has' bothers me... if this is you then you could be in deeper then you want to be... I would suggest cleaning up your act, taking an ethics course and getting on with your degree. This type of un-ethical, and probably illegal (fraud?) activity will eventually catch up with you if continued. Enough preaching.
Take the suggestions regarding anonymous submissions if your serious about helping.
Merlin.
Where I live (Saskatchewan, CA) I have watched the transition from white mercury lighting to yellow sodium lighting. At first I was concerned about reduced lighting, security, etc. but in the last two years of living 2 doors down from the street light I have grown to like the sodium lighting better. I should also mention that last summer the city upgraded the lighting in my area by installing more street lights (1 per half block vs 1 per block).
I know find more then adequate lighting on the street without an excess in my backyard due to bleeding from bright white light sources. The new lights seem to have better shielding so as to light the street and not the neighborhood. Also the yellow lights do not provide as much of a distraction, fucus point, or blinding glare as the white lights when driving.
Over all considering factors such as: security lighting, convenience lighting, driving, and yard privacy I have to say that the yellow lower lumen sodium lighting wins out in my mind.
So far as farm yard lighting goes, I can understand wanting to light the yard up more as you have a much larger area to monitor for security purposes. Also we used the yard light on our farm as general lighting when trying to work in the late evening or at night. This is not the case for city street lights as typically each property owner has there own method of lighting their yard for their own purposes.
As a final point on yard lighting, if I am just navigating my yard a night as opposed to working in it I will shut off the outside lights as I can see better (read as: more of the yard but less detail) with the general illumination from other light sources outside my yard (city lights, moon, etc.) then I can by flooding part of my yard with a flood light.
Merlin.
On one hand it is great to have another processor go mainstream in the PC market. This helps keep the prices low, increases the variety of hardware and software development, provides yet another area for hacking (the hobbyist type not the 5cr1p7 k1ddy type), and helps move technology into areas previously limited by economic or political factors.
On the other hand, as much as I like to explore new toys rarely do I have the resources to gamble on new unproven technologies (both time and money, sigh). So it is unlikely that I would consider buying such a system instead of an Intel or AMD box (in fact although I own an older AMD box, if I bought today I would probably lean towards Intel slightly just to reduce any "apparent" or "preceived" risk). Since statistically speaking I am not alone in this opinion new technologies like the Dragon probably have a long battle in front of them to gain any market share in countries with established "mainstream" technologies.
[end ontopic]
This has to be said... ./. Not only to I get a reasonable sample of targetted news stories that appeal to my interests, more importantly, I get a variety of views and opinions from people on both sides of many issues. To often I find that following only local (read as: local to North America in my case) media that I hear only snippets , single sides, or limited scopes of many international issues. Many times I do not even hear of some issues that are happening globally that for various reasons are not carried by local media. Reading the posted comments from a variety of people all over the world (and listening to late night CBC radio; news from other countries) gives me insight and knowledge of a more "worldly nature" rather then the limited scope presented by local media.
The various comments made in this story is a classic example of one of the reasons I read
Most importantly the comments are by "real people" as opposed to executive summaries presented by media which may be following personal agenda's. Sure you can say "you give weight to the *insert whatever derogatory adjective* posted by the select group of *insert whatever derogatory adjective* people?!", but even taking that into account I still gain a variety of good information on many topics I would otherwise not have. Examples included but not limited to are:
- the thread on China in this story
- the many comments on/from persons living in Quebec Canada in previous
/. stories (even the news in my own Country does not always reflect what the "little person" thinks)
- the various discussion on the War with Iraq from non-North Americans
and the list could go on and on.Yes, /. have its share of trolls, useless arguments, and cannon fodder type posting but it has its share of "interesting" and "insightful" posts also (otherwise you would not be reading this :) ).
In a nutshell, thank you readers of /. for broadening my horizons and giving me a wealth of consice information that I would otherwise not have had (due to lack of time to research and lack of awareness of the entire issue).
Merlin. P.S. and hey, even though this post may not show it, I am actually improving in both grammer and spelling thanks to a select group of /. readers :-)
M.
Is it just me or did anybody else reading this immediately think "but I thought Outlook didn't run on the Mac, how will the payload get insta... oh, those distribution channels."
--
No, I am not trolling, it has become standard stereotyped running joke that MS Outlook is a virus distribution machine. I suspect that is why the above thought popped up first; the resulting smirk caused me to post this. Yes I use MS software, among many other types... if the tool fits, use it.
And finally me (although one I'm done with the above the only time I get for these is on Fathers day and my birthday (per my request)):
- Blacksmithing
- Sport kite flying
- Running/fixing/rebuilding steam engines at the local museum
- Astronmy
Merlin.Yep, yer right, English is my second language. Giberish is my first