I went through a similar thing years ago at my former place of work.
We had a habit of taking services off the computers. Then the Security Auditors came through, and could not find much in the port scan. Except for ICMP, which was claimed to be a "big" security issue because someone could knock out the server with an Ping Flood.
The problem is that disabling the entire ICMP protocol is not a very good idea. I took a "block all but allow specific" rule to this (as most sites would). But still allowed ICMP Echo and Echo Reply.. It still showed on the next report, and I was grilled. Explaining to them that blocking ICMP all together was pointless, because a Ping Flood will still overload the link regardless, and the security of the upstream router was not the concern of the report...
Anyway, because the Port scan was not producing a thick enough "phone book" to begin with, they scanned the security permissions of the entire file system as well. Then went to task about how the computer in it's default installation was so open to abuse by "guest" accounts. For example the "tmp" directory.
It was necessary to tighten up the security of the file system as well. They did not beat us up as much on the 2nd, or subsequent passes, in that area, so they then turned their attention to procedures.
In the end it was more worthwile to simply leave something as simple as ICMP echo and echo reply in the system, so that the quaterly 3rd party audits did not start delving into the social and financial history of the computer operators.
On the flip side of the coin, it could have been created by SCO in order to hammer their own systems, and get the fact that people are purposely bombarding them into the press to make others in big business feel pity for them.
Well the DNS record method will also prevent the effectiveness of email virueses that setup spam engines on users desktops (considering that they usually talk directly to MX destinations)
The yahoo idea looks nice at first. However I wonder as to how the thing is supposed to work from an installation and operation levels combined. The main issue is that to protect its own workings, it would need to be closed source. There will be a slight problem with some system admins installing it in that event.
Heh, you might hare required more Windows boxes to acheive the same thing. Besides they put them aside because they claimed that they were unreliable.
The main issue might have been the fact that each of the 74 voices being generated had to have their own channel. There is a limit to how many soundcards you can jam into a physical computer and how many channels in your "high-end" sound cards. Not to mention that they were working with recordings that were gigabytes in size.
One would hope that this "frontpage" alike program does not come bundled with a number of addons to apache (like the real "frontpage" for Windows), that provides some neat and useless extensions to html pages (which you can do with PHP).
The result of these extensions will be security holes that you can "drive a truck through", just like the original "frontpage" extensions for IIS (you know the ones that enable to run code of the attackers choice under the same privledges as Apache).
That used to be a large problem in some very large companies years ago. An invoice arrived for a sum of money, and instead of investigating it, because the amount involved was small they would just pay the invoice.
It does not happen as much now. It depends upon the structure of the company. I wish anyone luck in attempting this against, say a financial institution. A lot of company accountants will actually inquire as to what the invoice is for, and it usually involves some checking with the area that the work was done for. If there is internal accountability, then this send and pray method will definitely not work.
Testing to see if your system at least works, is something that should be done, no matter what OS that you are patching.
It does not matter if the software is provided by a large corporate, or from Open Source contributors. Verifying that the system is able to work after applying an important "alteration" such as a security patch is essential.
Note: sometimes the test is as simple as ensuring that your can actually boot up, and everything loads without crashing, and checking the logs to see if anything did not start. Then perform some of the "regular" things that you normally do with that box, if it be sitting in front of it, or accessing it as a network device.
If the Microsoft patches for RPC screwup, then you are potentially in trouble for some Administration tasks that rely upon RPC protocol. Sometimes it is worthwile to check on what it was that was patched, but don't be too suprised if something else that you would think is completely unrelated is affected.
It is also important to actually plan what it is you are going to do when there is a complete screwup and at least make preparations. Such as backing up critical data, configs, etc.
If you have 2 side by side, then there can be issues when trying to use them.
This is something that I have seen with proximity cards for two seperate systems. When the two are together then when system A tries to contact Card A, Card B is also activated and the system cannot make any sense out of what it has received. Therefore no access.
In this case you have to seperate the two cards, in order to read them.
There has been talk about contactless smartcards for the past 10 years.
Here in Oz we have ADSL services that offer you 256K down and 64K up. Meaning that it is ok if you are surfing, and leeching files, but if someone else wants to get data off you, it is going to be limited to your upbound capacity.
Is it still called broadband, or is that no more than a farce than what was described in the article (which only said a speed of 128K, and did not focus on where the restriction lies)
You have to pay for phone calls that you receive ???.
Next thing you will be telling me that you are paying for SMS messages that you receive..
Probably means nothing to you, but in Australia, unless voicemail is involved, the caller pays for the call.
A lot of mobile carriers in Australia, charge the caller STD rates (same as calling someone outside of the state) for the call. STD rates are timed. whereas local calls are a flat rate, usually, unless you are using a payphone.
In.au, the government already forced mobile carriers to allow users to take their mobile numbers between mobile carriers.
There has been an option for some time now where people can opt to have their mobile number in the phonebook instead of a normal landline.
Basically directory assistance for us uses the same database as the phonebook. Also if you have your number unlisted in the phonebook, it should not show up in directory assistance.
But that does not stop the telemarketers. The only times a telemarketer has called me up on my mobile is when they were from the mobile carrier that I have the service with.
Recently they have taken to bombarding people with SMS messages to try and drum up business.
"Nausicaa" has not been release in Japan on Region 2 DVDs yet.
"Porco Rosso" has been released. The Japanese Region 2 DVD has the English Subtitles and English Soundtracks on it. If you want "Porco Rosso", and cannot wait for the US release, then you will be paying a lot more for the Japanese release.
Anime DVDs for the Japanese market cost a lot more than those sold in the US. To the point that it is a problem for the Japanese Anime distributors when the US Releases flow into Japan at a lower cost. "Porco Rosso" only came out recently, so it is likely that Studio Ghibli is waiting untill they have made enough out of their local market before allowing the US releases to appear. Also the US releases are for the movies that Disney licenced, and it is possible that Disney don't hold the licence for "Porco Rosso" at the moment.
Both "KiKi's Delivery Service" and "Laputa: Castle in the Sky" Region 2 releases from Japan have english subtitles and the english soundtracks on them. You will need a region unlocked player to watch them.
The storyboards on the 2nd Disk appear to be a standard thing from "Studio Ghibli" with all of their Japan Region 2 releases. It is interesting that the same thing is being done in the US NTSC Region 1 releases.
Miyazaki actually disowned the dubbed release claiming that it was not his work. Basically over 30 minutes of footage was stripped out of the film because the licensor throught that the action was not fast enough.
It was not for another 10 years after that incident that Miyazaki and Studio Ghibli would even consider anyone approaching them about producing a dub of any of their films in English again.
At my previous work, they had a project to roll out TCP/IP to replace an entire SNA network (consisting of over 1500 locations, within one country). The Project was originally called "IP Everywhere", but the Management changed the name of the project to something else when they found out that the techs had nicknamed the project "Yellow Puddle".
Of course, the downside of this technology is that it isn't too useful over the internet without creating a rather large web of trust -- a very difficult task. I'd like to know how Palladium would rectify this?
"Microsoft Passport"
The grand Microsoft plan is not based around using one technology alone. However "the chain is only as strong as the weakest link" applies here.
No matter how effective that Microsoft lock everything into this "Palladium" product, there are going to be a ton of users who want out.
Lets not forget that there are several legal battles still underway in the US with Microsoft. It would be rather stupid on the part of the US Government to simply sit by and watch as this corporation manages to create an even larger powerbase, fueled on the premise of maintaining National Security and keeping the money flowing.
It would be a pain in the ass if Microsoft made alterations to their email products so that they could only talk to each other. Or changed IE so that it could only visit Microsoft IIS web sites. This would fall in line with the recent EULA changes that they have been doing in the background.
I used to hear about the clauses in some contracts that workers had to sign in the US to get a job. The clause was along the lines of "if you leave your job, you cannot work in this industry for another 10 years". I have not heard of the same thing happening in Australia, but I have seen what happens when an employee decides that they want to work for a competitor. It is usually a quick boot out the door, and the potential for an investigation in case they walked out with anything important.
Clauses such as the one that I have outlined above are a more lot difficult to enforce nowdays because sometimes the industries overlap, and if you are a large conglomerate with many different aspects to your business, then just about everyone is "a competitor". This includes "the little coffee shop down the road".
Everyone when they leave one job and go to another, are taking some form of experience with them (no matter what the job was and is).
Employers cannot have it such that they can poach people from other firms that they have some experience in a particular field, and then expect the same employees to go somewhere where they won't be competing against the company afterwards.
A "acquaintance" of mine used to light up pencil leads that were used in the push type pencils. Of course you could not directly look at the result, the bright white light was probably be enough to blind you.
Of course, the underlying problem is that DNS is an ugly kludge which has long-outgrown itself.
This is one of the things that "RealNames" was trying to fix/exploit. Of course it has since gone out of business.
The main problem with developing a replacement for the DNS function/service, is getting everyone to agree on how the service will be provided and operate.
The last thing you really want is a single organisation (private/government), or a group of individuals, being responsible for the entire replacement, because that gives them the ability to "control" the operation of the system.
The current DNS system has it's flaws, but it is something that has been working for a while now, and will continue to do so. The sort of decentralised nature of the namespace management means that it is not that bad.
Nothing wrong with using a search engine either. Basically it is each to their own.
The whole idea behind the problem highlighed by the original article was the ability to confuse people. Unfortunately it is still possible to put addtional information into search engines such as google so you have addtional matches (that are not intended).
Anyone remember the guy with the wind-up radio for the third world? A guy called Trevor Bayliss had the idea watching TV about how batteries in Africa cost a month's wages
No I don't. But then there is another story not many people remember about someone doing work on creating a pump mechanism that you place in a river. Using the kinetic force of the movement of the water to power a pump to take some of the water from the river and push it thorugh a hose up a hill. This was a device that was just submerged in the water without the need to dam the river.
There are many stories like this, and it does take time for the inovation to come about. Then there are the issues of funding etc. The problem is that there are only a small number of Investors to put their money behind these Inventors.
Now days a lot of people with a lot of money are only willing to get involved with operations/outfits such as this when they can make money out of short term stock movement.
These people really require some long term cash flow if they are going to make their invention take off. Then there is the possibility that whatever large corporation that they go to to try and market their idea, could easily take the idea and leave the inventor with nothing.
I was thinking about jamming too, but the real furball usually starts with knocking out the SAM sites -- the guys still flying F-4's with HARM missles.
Looks as if it is going to be a while before any Military can totally remove people from the air battlefield, or for that matter rely solely one one form of weapon in order to carry out appropriate duties.
It really does not make sence to go into a battle with every armed with these planes, because there are certain things that these unmanned bombers cannot do.
The whole emphasis on developing these devices is that they can be easly sacrificed when there is a problem and there is a need to carry out a complex bombing mission with a high risk. It is not as if every single operation that is going to take part in a war/battle is going to be based around these things. They are going to be used with a conjunction of other methods as well. Any military command would have to be totally insance to fight a war based purely on machinery such as this. It might happen in the future, but we are still talking a number of years off.
However from the perspective of loosing one of these things in enemy territory, then you would have to make sure that it is throughly destroyed. Remember during "Desert Storm" when the US was using a lot of cruise missiles, and occasionaly the things would be shot down. The US Military then bombed the location of the crashed cruise missile as quickly as possible to ensure that "other states" would not get their hands on the technology.
Hmm, brings a new concept to the Blue Screen of Death when the computer crashes, and so does the plane (loaded with bombs). In this case I certainly would not want to be some poor shmoe in the field, even if the planes were on *my* side.
Well, it could have been worse, he could have blamed it on the terrorists.
He could of, and some people who read into their business model would have realised that he meant Microsoft anyway.
It has becoming kind of boring for the past few months about the number of bussinesses shutting down and claiming that they are totally screwed over because of the FUD resulting from the events of 11th Sept 2001.
Unless there was something in contract with Microsoft preventing them from looking for alternative avenues, they should have started looking at other means (technical/whatever), rather than setting up their business to rely solely on the money that they were going to get from Microsoft.
From the writings of Chris, it appears that they had an "interesting" way of doing business. They probably did not consider that there could be a market outside of the states (a fault of some US based companies).
There were several postings about realnames on slashdot, telling us about the fact that the contract was going to expire, then the screaming from the former CEO that he was shafted by Microsoft. And now this.
I would say that we now have a nice picture of what this was all about, why it died. Can we put this one to rest now ?
Slashdot Mirror
I went through a similar thing years ago at my former place of work.
We had a habit of taking services off the computers. Then the Security Auditors came through, and could not find much in the port scan. Except for ICMP, which was claimed to be a "big" security issue because someone could knock out the server with an Ping Flood.
The problem is that disabling the entire ICMP protocol is not a very good idea. I took a "block all but allow specific" rule to this (as most sites would). But still allowed ICMP Echo and Echo Reply.. It still showed on the next report, and I was grilled. Explaining to them that blocking ICMP all together was pointless, because a Ping Flood will still overload the link regardless, and the security of the upstream router was not the concern of the report...
Anyway, because the Port scan was not producing a thick enough "phone book" to begin with, they scanned the security permissions of the entire file system as well. Then went to task about how the computer in it's default installation was so open to abuse by "guest" accounts. For example the "tmp" directory.
It was necessary to tighten up the security of the file system as well. They did not beat us up as much on the 2nd, or subsequent passes, in that area, so they then turned their attention to procedures.
In the end it was more worthwile to simply leave something as simple as ICMP echo and echo reply in the system, so that the quaterly 3rd party audits did not start delving into the social and financial history of the computer operators.
On the flip side of the coin, it could have been created by SCO in order to hammer their own systems, and get the fact that people are purposely bombarding them into the press to make others in big business feel pity for them.
This will work well for SCO from a PR standpoint.
Well the DNS record method will also prevent the effectiveness of email virueses that setup spam engines on users desktops (considering that they usually talk directly to MX destinations)
The yahoo idea looks nice at first. However I wonder as to how the thing is supposed to work from an installation and operation levels combined. The main issue is that to protect its own workings, it would need to be closed source. There will be a slight problem with some system admins installing it in that event.
Heh, you might hare required more Windows boxes to acheive the same thing. Besides they put them aside because they claimed that they were unreliable.
The main issue might have been the fact that each of the 74 voices being generated had to have their own channel. There is a limit to how many soundcards you can jam into a physical computer and how many channels in your "high-end" sound cards. Not to mention that they were working with recordings that were gigabytes in size.
One would hope that this "frontpage" alike program does not come bundled with a number of addons to apache (like the real "frontpage" for Windows), that provides some neat and useless extensions to html pages (which you can do with PHP).
The result of these extensions will be security holes that you can "drive a truck through", just like the original "frontpage" extensions for IIS (you know the ones that enable to run code of the attackers choice under the same privledges as Apache).
That used to be a large problem in some very large companies years ago. An invoice arrived for a sum of money, and instead of investigating it, because the amount involved was small they would just pay the invoice.
It does not happen as much now. It depends upon the structure of the company. I wish anyone luck in attempting this against, say a financial institution. A lot of company accountants will actually inquire as to what the invoice is for, and it usually involves some checking with the area that the work was done for. If there is internal accountability, then this send and pray method will definitely not work.
Testing to see if your system at least works, is something that should be done, no matter what OS that you are patching.
It does not matter if the software is provided by a large corporate, or from Open Source contributors. Verifying that the system is able to work after applying an important "alteration" such as a security patch is essential.
Note: sometimes the test is as simple as ensuring that your can actually boot up, and everything loads without crashing, and checking the logs to see if anything did not start. Then perform some of the "regular" things that you normally do with that box, if it be sitting in front of it, or accessing it as a network device.
If the Microsoft patches for RPC screwup, then you are potentially in trouble for some Administration tasks that rely upon RPC protocol. Sometimes it is worthwile to check on what it was that was patched, but don't be too suprised if something else that you would think is completely unrelated is affected.
It is also important to actually plan what it is you are going to do when there is a complete screwup and at least make preparations. Such as backing up critical data, configs, etc.
If you have 2 side by side, then there can be issues when trying to use them.
This is something that I have seen with proximity cards for two seperate systems. When the two are together then when system A tries to contact Card A, Card B is also activated and the system cannot make any sense out of what it has received. Therefore no access.
In this case you have to seperate the two cards, in order to read them.
There has been talk about contactless smartcards for the past 10 years.
Here in Oz we have ADSL services that offer you 256K down and 64K up. Meaning that it is ok if you are surfing, and leeching files, but if someone else wants to get data off you, it is going to be limited to your upbound capacity.
Is it still called broadband, or is that no more than a farce than what was described in the article (which only said a speed of 128K, and did not focus on where the restriction lies)
Next thing you will be telling me that you are paying for SMS messages that you receive..
Probably means nothing to you, but in Australia, unless voicemail is involved, the caller pays for the call.
A lot of mobile carriers in Australia, charge the caller STD rates (same as calling someone outside of the state) for the call. STD rates are timed. whereas local calls are a flat rate, usually, unless you are using a payphone.
There has been an option for some time now where people can opt to have their mobile number in the phonebook instead of a normal landline.
Basically directory assistance for us uses the same database as the phonebook. Also if you have your number unlisted in the phonebook, it should not show up in directory assistance.
But that does not stop the telemarketers. The only times a telemarketer has called me up on my mobile is when they were from the mobile carrier that I have the service with.
Recently they have taken to bombarding people with SMS messages to try and drum up business.
"Nausicaa" has not been release in Japan on Region 2 DVDs yet.
"Porco Rosso" has been released. The Japanese Region 2 DVD has the English Subtitles and English Soundtracks on it. If you want "Porco Rosso", and cannot wait for the US release, then you will be paying a lot more for the Japanese release.
Anime DVDs for the Japanese market cost a lot more than those sold in the US. To the point that it is a problem for the Japanese Anime distributors when the US Releases flow into Japan at a lower cost. "Porco Rosso" only came out recently, so it is likely that Studio Ghibli is waiting untill they have made enough out of their local market before allowing the US releases to appear. Also the US releases are for the movies that Disney licenced, and it is possible that Disney don't hold the licence for "Porco Rosso" at the moment.
Both "KiKi's Delivery Service" and "Laputa: Castle in the Sky" Region 2 releases from Japan have english subtitles and the english soundtracks on them. You will need a region unlocked player to watch them.
The storyboards on the 2nd Disk appear to be a standard thing from "Studio Ghibli" with all of their Japan Region 2 releases. It is interesting that the same thing is being done in the US NTSC Region 1 releases.
$Make
or
Make$
(umm, this is a joke)
In case you did not know, Japanime2 is about to be started by Dendy. One of the films to be shown will be "Spirited Away".
It was not for another 10 years after that incident that Miyazaki and Studio Ghibli would even consider anyone approaching them about producing a dub of any of their films in English again.
At my previous work, they had a project to roll out TCP/IP to replace an entire SNA network (consisting of over 1500 locations, within one country). The Project was originally called "IP Everywhere", but the Management changed the name of the project to something else when they found out that the techs had nicknamed the project "Yellow Puddle".
"Microsoft Passport"
The grand Microsoft plan is not based around using one technology alone. However "the chain is only as strong as the weakest link" applies here.
No matter how effective that Microsoft lock everything into this "Palladium" product, there are going to be a ton of users who want out.
Lets not forget that there are several legal battles still underway in the US with Microsoft. It would be rather stupid on the part of the US Government to simply sit by and watch as this corporation manages to create an even larger powerbase, fueled on the premise of maintaining National Security and keeping the money flowing.
It would be a pain in the ass if Microsoft made alterations to their email products so that they could only talk to each other. Or changed IE so that it could only visit Microsoft IIS web sites. This would fall in line with the recent EULA changes that they have been doing in the background.
I used to hear about the clauses in some contracts that workers had to sign in the US to get a job. The clause was along the lines of "if you leave your job, you cannot work in this industry for another 10 years". I have not heard of the same thing happening in Australia, but I have seen what happens when an employee decides that they want to work for a competitor. It is usually a quick boot out the door, and the potential for an investigation in case they walked out with anything important.
Clauses such as the one that I have outlined above are a more lot difficult to enforce nowdays because sometimes the industries overlap, and if you are a large conglomerate with many different aspects to your business, then just about everyone is "a competitor". This includes "the little coffee shop down the road".
Everyone when they leave one job and go to another, are taking some form of experience with them (no matter what the job was and is).
Employers cannot have it such that they can poach people from other firms that they have some experience in a particular field, and then expect the same employees to go somewhere where they won't be competing against the company afterwards.
A "acquaintance" of mine used to light up pencil leads that were used in the push type pencils. Of course you could not directly look at the result, the bright white light was probably be enough to blind you.
This is one of the things that "RealNames" was trying to fix/exploit. Of course it has since gone out of business.
The main problem with developing a replacement for the DNS function/service, is getting everyone to agree on how the service will be provided and operate.
The last thing you really want is a single organisation (private/government), or a group of individuals, being responsible for the entire replacement, because that gives them the ability to "control" the operation of the system.
The current DNS system has it's flaws, but it is something that has been working for a while now, and will continue to do so. The sort of decentralised nature of the namespace management means that it is not that bad.
Nothing wrong with using a search engine either. Basically it is each to their own.
The whole idea behind the problem highlighed by the original article was the ability to confuse people. Unfortunately it is still possible to put addtional information into search engines such as google so you have addtional matches (that are not intended).
No I don't. But then there is another story not many people remember about someone doing work on creating a pump mechanism that you place in a river. Using the kinetic force of the movement of the water to power a pump to take some of the water from the river and push it thorugh a hose up a hill. This was a device that was just submerged in the water without the need to dam the river.
There are many stories like this, and it does take time for the inovation to come about. Then there are the issues of funding etc. The problem is that there are only a small number of Investors to put their money behind these Inventors.
Now days a lot of people with a lot of money are only willing to get involved with operations/outfits such as this when they can make money out of short term stock movement.
These people really require some long term cash flow if they are going to make their invention take off. Then there is the possibility that whatever large corporation that they go to to try and market their idea, could easily take the idea and leave the inventor with nothing.
Looks as if it is going to be a while before any Military can totally remove people from the air battlefield, or for that matter rely solely one one form of weapon in order to carry out appropriate duties.
It really does not make sence to go into a battle with every armed with these planes, because there are certain things that these unmanned bombers cannot do.
The whole emphasis on developing these devices is that they can be easly sacrificed when there is a problem and there is a need to carry out a complex bombing mission with a high risk. It is not as if every single operation that is going to take part in a war/battle is going to be based around these things. They are going to be used with a conjunction of other methods as well. Any military command would have to be totally insance to fight a war based purely on machinery such as this. It might happen in the future, but we are still talking a number of years off.
However from the perspective of loosing one of these things in enemy territory, then you would have to make sure that it is throughly destroyed. Remember during "Desert Storm" when the US was using a lot of cruise missiles, and occasionaly the things would be shot down. The US Military then bombed the location of the crashed cruise missile as quickly as possible to ensure that "other states" would not get their hands on the technology.
Hmm, brings a new concept to the Blue Screen of Death when the computer crashes, and so does the plane (loaded with bombs). In this case I certainly would not want to be some poor shmoe in the field, even if the planes were on *my* side.
He could of, and some people who read into their business model would have realised that he meant Microsoft anyway.
It has becoming kind of boring for the past few months about the number of bussinesses shutting down and claiming that they are totally screwed over because of the FUD resulting from the events of 11th Sept 2001.
Unless there was something in contract with Microsoft preventing them from looking for alternative avenues, they should have started looking at other means (technical/whatever), rather than setting up their business to rely solely on the money that they were going to get from Microsoft.
From the writings of Chris, it appears that they had an "interesting" way of doing business. They probably did not consider that there could be a market outside of the states (a fault of some US based companies).
There were several postings about realnames on slashdot, telling us about the fact that the contract was going to expire, then the screaming from the former CEO that he was shafted by Microsoft. And now this.
I would say that we now have a nice picture of what this was all about, why it died. Can we put this one to rest now ?