Can these methods be used on traditional wired lans
No. One technique relies on a bug in a script to detect anonomolous MACs from script kiddies; not generally useful or applicable. The second technique is much more interesting and useful: it uses sequence number analysis to find spoofed MACs. This is, of course, not relevant to wired nets because ethernet has no such thing as a sequence number (only source, destination and type). This might be worth investigating as some places do use MACs for authentication (eg, you have to "register" your NIC with a username/password before being allowed out of a sandbox network - very popular in wireless nets, but also used occasionally on wired nets). Off the top of my head, I can't figure out any way to reliably detect MAC spoofing over ethernet (you just have very little to work with - you might try detecting when there is a too small time difference between one MAC sending from a jack and another, but then the attacker could just wait; or you could try using some higher-level protocol stuff, similar to what's used to detect when a card goes promiscuous, but those are just heuristics and can be broken; and there are also valid reasons for MAC spoofing (like VMWare)).
Also note that the techniques he describes are not foolproof. If someone knows an IDS using these techniques is in place, they could launch an attack as follows: 1. listen for a valid MAC; 2. send out some valid traffic using your factory-assigned MAC until your sequence number almost matches the target's (eg, keep hitting their authentication web page - might be difficult if the target is also active); 3. DOS the target using the few packets you have left until you meet the sequence number, or just use a second NIC to DOS the target; 4. take over target's IP, with no discontinuity in sequence numbers.
Had their MTA parsed the "Received By" logs, it would find that it wasn't sent by me.
Not really possible. joe@whatever.com can send out mail using smtp.colo-isp.com. Not everyone sets up their relay to be named some-subdomain.whatever.com, but they use some other relay. Or, better example, I send out mail from me@personal-isp.com while I'm at work, so it goes through smtp.my-work.com. I do that all the time (or usually the other way around - sending out work-related mail from my home ISP).
Can't really figure these things out programatically. Sucks that they try, because they'll fail.
As far as Apple and the DMCA, the only time I can think that they did anything shitty there was to go after Other World Computing who was basically making a patch for iDVD allowing it to work with 3rd party DVD burners.
What about shutting down themes sites that have gel-like buttons or gray and white row patterns in menu backgrounds? Is Apple going to sick their lawyers on Slashdot next because the little friend/foe button is a blatent rip-off of OS X buttons?
What about the Sorenson fiasco? For years, Apple has been telling the unix communities that they cannot release a binary-only codec to allow unix movie players to play Quicktime movies. The reason they claim for this decision is because they do not control the Sorenson codec, but rather Sorenson does. However, when Sorenson tries to sell the codec to Macromedia, Apple speaks up and claims exclusive rights to distribute the codec. So, Apple has exclusive rights to distribute the codec, but not when it comes to a market that won't bring them any profit?
What about Apple's membership in the BSA? They're premier members, along with Adobe and Microsoft. These are the people that bring in federal marshalls to shut down businesses when ex-employees claim that a business is does not have enough licenses for the software they use.
Apple is not a "nice" company - they'll shut down small companies and sick their lawyers on fans just as quickly as Microsoft. Apple, does, however, have a great PR department and Mac fanatics believe Apple can't do any wrong. Their support of the DMCA is just one example of how self-serving they are.
I for one congratulate the GNU/Darwin folks on their decision. It may just make some Mac fanboys ask just how ethical their favorite multinational really is.
I guess I didn't mention that it's supposed to be zip file, which would save people time. Base64 is nice in that it should ignore all extraneous whitespace and whatnot that slashcode puts in it.
As for hosting it - do whatever you want with it. I'm only throwing it on slashdot and not putting it on a server because I prefer to remain somewhat anonymous on slashdot.
Have fun with it - the graphics part is just a big bitblt as I've never really done any graphics stuff.
OK, so I should post this before I go to work. I had some fun with it - it's about three or four hours worth of work. I didn't go with a client-server design as I only have two machines at home that can boot into windows. It should work OK for any reasonably large number of hosts. No point-and-click configuration - I don't have time for dialog design.
Yet again, slashcode is pissing me off. I have this 100K base64 file I want to post, and it won't let me do it, not even in my journal. It lets me do it if I split it up into tiny chunks, but I don't have time for this. This has happened a few times before. Great thing is, you don't get an error message or anything when your journal entry is too big - you just get dropped into some other page with no explanation.
OK, it works if I make it smaller by removing the built executable and split it in two. You'll need to compile yourself, and you'll need MS VS 6.0 to do it. Still pisses me off. I guess I'm not encouraged to share code on slashdot, eh?
Below are the contents of the README:
PDSV - Permission Denied Screensaver
To install:
1. copy pdsv.scr to your system32 directory. 2. Edit pdsv.reg (this must be done separately for each individual machine) 3. Double-click on pdsv.reg
You need to define all of the hosts which will be running pdsv in the .reg file. The order of the hosts in the file is supposed to match physical order, left to right. It's OK if a host is in the.reg file but can't be reached or isn't running the screensaver: it will just skip over unreachable hosts, and work with them once the host joins in.
IMPORTANT: Each machine must have a unique value for "thishost." "thishost" is used as an index into host0, host1, etc.
You won't be able to move the mouse to escape the screensaver since I'm lazy. Hit a key or button instead.
To compile, you'll need Visual Studio 6.0. Open up cmd.exe and type "nmake" to build. You may also be able to compile this with the MS .NET SDK, but I don't have time to download it and try right now. You will need to recompile if you want to change the image since the .bmp is built into the executable.
Read the source for all other questions.
This is a really stupid program, but it was fun. I spent more time struggling with MS Paint trying to get the.bmp file to look OK than I spent coding. The actual drawing stuff is six lines of code. Have fun with it.
As usual, my response is to search google for a half hour. If google doesn't turn up anything, do it yourself.
I did this a few years ago. I wrote a screensaver that bounced a logo around. The whole reason for the screen saver was that it sent a UDP packet to a central logging server noting the time that the screen saver came on and went off. This allowed us to log each machine's idle time, and I had various awk scripts that made nice little reports (win32 screen saver, but server stuff is kept on Unix of course).
This was a really trivial program - one C file, took me maybe an hour or two to write. It would be extremely easy to extend it so that it sent a UDP packet to the "next" machine (where each machine has an ordered list of machines, saved in the registry), and waited for a reply. If no reply, send the packet to the machine after that, and so on. Once you get a reply, turn off the marquee; if no reply, wrap marquee around. The screen saver also listens for UDP packets when it's running. If it receives a packet when it doesn't have a marquee, it sends a reply, and scrolls in the marquee from the left. The only tough part is some sort of synchronization mechanism to ensure the marquee doesn't skip around; this synchronization would happen when the machine starts up the screen saver (this part is cloudy, the rest of the design is clear in my head).
I can't find my old code - this is a while ago, like five or six disk crashes - and the code was so trivial, I didn't put it in CVS (I only back up my CVS repositories, everything else I lose whenever a disk fails).
I might write this after dinner, since it sounds kind of cool. If I do, I'll base64 encode it and put it in my journal, so check my journal tomorrow morning (can't post directly to slashdot because of lameness filter, but it seems lameness filter doesn't apply to journal entries). I try to write my win32 stuff using gcc (cygwin environment for development, avoid cygwin libraries in final product) - if cygwin is missing the screensaver headers or something, I might use the MS.NET SDK (which is free and comes with fully-functional C and C++ compilers, nmake, and everything you really need to write win32 programs, just no lame IDE). If that won't work, I'll use VS 6.0.
I challenge anyone else on slashdot to write a better version, from scratch, by tommorow (2002-12-13). Should get interesting if anyone takes me up on this. I have to go to work tomorrow (which limits the time I can put into it), but you college kids should have plenty of free time since you should be on winter break by now.
I'm really tired of people trying to force this definition of "hacker" onto everyone.
When people use the term "hacker" to mean whatever the Jargon File associates with the term, they're using an MIT-ism. Look at all the people associated with the original Jargon file: Steele, etc. All from MIT. Try to find an early example of the term used outside of MIT: you'll find it difficult (although I'm not dismissing the possibility - perhaps I just haven't looked hard enough, but I have looked).
People are very quick to apply the term to things outside of the MIT, Unix and FSF cultures, but this means introducing the term into a new environments. At this point, it's difficult to introduce the term into new environments because another meaning for the term is in common usage.
It doesn't matter which definition came "first." The popular definition is the de-facto definition, by definition of the terms "popular," "definition" and "de-facto." The script kiddie culture has no qualms about calling themselves "hackers," and the word "cracker" already has a pejorative meaning in certain contexts, so nobody's going to convince the general public or the mass media to switch terminology.
Analogy: "Skinhead" can refer to two things: either young Neo-Nazis or the original Skinhead movement, which is this English Punk subculture. If you say "All my best friends are Skinheads," you'll have a lot of explaining to do. This explanation may make for an interesting conversation between your friends at the pub, but it has no place in a journal interview or a trial. Somehow, nobody really cares about the distinction between the two meanings of "Skinhead," since few people have the time or motivation for these semantics arguments. You have to understand that most people don't care for linguistics and wordplay - most people want to get their jobs done, and communicate in order to do so.
When asked "Are you a hacker?" Dmitry responded correctly. If he tried to explain about the Jargon File and how the MIT-centric usage has come into vogue among the "Free Software" community (another term with which I take issue), he would have gotten nowhere. It would have been just as useful if he responded: "What do you mean by 'you?'"
That brings me to one of the things that really pisses me off about *nixen, and that is that I can't paste text on top of text! Frequently applications feel they must highlight the content of an entry field for me when the field receives focus, and by doing so eliminate what I'd intended to paste within that field.
If all X apps worked correctly and consistently, this wouldn't be a problem. However, since applications are so inconsistent, most people don't figure out that there's supposed to be a method that satisfies both of our requirements.
This is how it's supposed to work (as I understand it): when you (or a program) highlights text, that text is supposed to goe into the SELECTION. Highlighting some other text replaces the SELECTION. Middle-clicking is supposed to insert the SELECTION.
In addition to the SELECTION, there are BUFFERS. When you choose the edit->copy command, it's supposed to replace the first BUFFER with the SELECTION, but only if the program owns the SELECTION (otherwise, edit->copy is disabled). When you do edit->paste, that's supposed to insert the first BUFFER, not the SELECTION.
So, you can highlight something in app1, and middle-click in app2 to insert what's highlighted. If you need to highlight something in app2 to replace instead of just inserting into an empty area, you highlight in app1, copy in app1, and paste in app2. You'll note that if you know nothing about middle-clicking, you'll never have to deal with SELECTIONS - you just use copy and paste like in Windows and MacOS and it works the same.
Things are actually a little more flexible than this because there are multiple BUFFERS, so you always have a history of copies accross all programs. BUFFERS are shared between all programs (they are kept on the X server), but the SELECTION is "owned" by a program (so when you middle-click, the application that accepts the click asks the application that owns the selection to fork over the contents). This is really quite elegant, since it avoids unecessary copies between the clients and server (since X was designed from the start to run over a network): you only copy something to the server when you do a "copy" command in a program, but you never transfer something to the server by just highlighting text.
The problem is that xterm (and a number of other X programs) does not supply a "copy" command that transfers the SELECTION to the first buffer (or a paste command that inserts the first BUFFER). Emacs does all sorts of confusing, crazy things. Lots of apps just do what they feel like doing, since everyone else does contrary things and plenty of X programmers haven't figured out that there's supposed to be a system here.
So it's not the design of X that's the problem, it's the applications that don't stick to standards (and perhaps standards documents that are extremely confusing like the ICCCM).
Try this: use only the latest KDE applications, and not any applications like xterm, netscape, emacs, etc. You'll find that you can use copy and paste in the exact same way as in MacOS since the latest KDE applications get it right. You can treat the middle-click as an added "bonus" to those who understand what's going on underneath.
Hope someone finds this useful - it's rather late in the life of this article.
If Apple where to add native X11 support to OS X (don't ask),
and wanted to show off this new capability, what would you
recommend as the top ten X11 apps?
xterm. Terminal.app is useless as a terminal emulator.
It does not allow you to map your meta key to the place where it belongs (instead, it grabs the meta key for the completely useless keybindings it has). In order to modify your keybindings to switch alt and command, you have to use a third party kernel module which would indicate a low-level architectural problem. You cannot use emacs with Terminal.app (not a big deal for me since I use vi, but it's annoying for using bash and zsh where I use the emacs editing keystrokes - and yes, I know zsh has a "vi-mode", but that's besides the point).
Terminal.app continues to insist on the inane "copy/paste" paradigm, even if I have a perfectly good three-button mouse. Hint: if I highlight something in a terminal, I'm going to copy it to the clipboard - there's absolutely nothing else you can do with a selection in a terminal emulator. If I have a three-button mouse, the middle mouse button isn't doing anything useful, so why not allow it do paste, as is traditional in unix environments?
NB that Terminal.app actually emulates xterm escape sequences. However, it sends "vt100" as the terminal type. What the hell is the logic behind that? Are they trying to pander to the clueless newbs who can't figure out how to set their terminal type when they telnet into an older Sun box, or what?
Terminal.app steals the page up/page down keys for scrolling, instead of using shift page up/shift page down, as is the norm. If you actually need to send page up/page down to a program, you're SOL, and a number of terminal programs expect these keys for some function because no other terminal emulator that I know of has stolen them.
If Apple adds native X support, I'll finally be able to use a Macintosh as a terminal. I'll open up Terminal.app, ssh into a normal *nix box and launch xterm remotely. NB: I don't care about fink or any other third-party X server. The only time I'll use a Macintosh is if I'm in the field and I have nothing else available (so I'm not going to install third-party software on someone else's machine).
I believe it would be far more useful if Apple coded up their apps to be proper X clients instead of adding X server support to OS X. If you try to run OS X Server, the only way you can configure the various services is via their little gui application (or, you can figure out the undocumented netinfo strings they modify, but then you're in the exact same boat as with figuring out what registry keys MS Windows software modifies and uses). These applications are supposedly "network-aware" - you can run them on some other machine and connect to your server remotely. However, they're still completely useless, as you need to install the applications on the other machine, and you need to have a Macintosh as your currently-available machine in order to do it in the first place. If some machine is misbehaving, you have to find an OS X machine whose owner will allow you to install software, or you need to physically get to the box - more often than not, you end up physically going to the box, whereas I don't even remember what the cases on my FreeBSD servers look like.
As for your original question, xterm is the only thing I can think of. I spend 80% of my time in xterm and the other 20% in a web browser. If OS X had a decent terminal emulator and some decent window management (don't get me started on that), I would be able to use it as a workstation. I really can't think of many X applications that I would miss, except perhaps xdvi (fast startup, controlled from command line) and xfig (does things I can't find in any other application, saves to plain text.fig files which can be edited). Might also be useful for the occasional X-based third-party installation program (like sybase and a number of less well-known programs). Would also be useful for running things like matlab or mathematica - you can run them on some remote box via X11, which means you don't need 100 licenses for 100 different machines, just one license for one machine (albeit the *nix licenses are usually more expensive than the Windows or Mac licneses because the vendors expect you to do this sort of thing).
Of course, I meant "GB" instead of "MB" in most places. Although it would also be news if, in fact, it were a half-gig drive costing upwards of a thousand dollars in 2002.
LaCie France launches its new "Big Disk" hard drives which hold 500
MB and 400 MB and use firewire.
Firewire can theoretically deliver 400 Mbps, and these disks have
a sustained transfer rate of 30 to 40 MB/s [Ed: note the unit
change: 240 to 360 Mbps]. The casing is aluminum and ZANAC, an
alloy believed to increase robustness and provide better heat
dissipation.
The disks come in a 5 1/4 inch format and can be stacked on top of each
other or installed vertically in a rigid base. [Ed: vibration
causes disks to fail very quickly, best not keep this thing on your desk]. Since each unit comes standard
with two internal hard disks and a FW RAID bridge, it's possible
to configure them in RAID 1 (Mirroring) or RAID 0 (Stripping) [Ed:
he meant "striping" - Freudian slip?]
And how much does this cost in France?
The LaCie Big Disk 400 MB (7200 rpm / 8 MB cache) costs 999 Euros
HT (1195 Euros TTC). [Ed: HT = hors taxe, no tax, TTC = toutes
taxes compris, all taxes included; dollar is roughly equivalent to
Euro].
And the LaCie Big Disk 500 MB (5400 rpm / 2 MB cache) is available
for 1124 Euros HT (1344 Euros TTC).
They come with a 2-year warranty and a CD with the Silverlining
utility (Mac and Windows) and the Silverkeeper backup software
(Macintosh).
------
Comments talk about the new moderation system at the site and the
site's resident trolls. Google translation does quite a job on the colloqial 'net language they use.
A nice French pr0n banner at the bottom
to even things out (vis-a-vis RAID 0 stripping).
MacOS X Server 10.1 used netinfo for authentication of client machines. The way it worked is that password hashes were stored in netinfo and netinfo was readable to the world (eg, it posted/etc/passwd on the Internet).
The bosses would not believe this was a problem until I showed them how I could download all the password hashes from any arbitrary machine on the Internet and subsequently ran a cracker which found a large number of weak passwords.
In fact, they failed to see the scope of the problem (it was completely debilitating) as they only saw me typing a bunch of commands and their eyes glazed over. If there were some point-and-click Mac toy that would download the hashes, run Crack in the background and report results, it may have convinced them of just how serious a problem it was. In fact, I considered writing such a GUI tool because I'm genuinely concerned about shops that buy MacOS X Server and don't have a *nix admin.
Similarly, some people still don't understand that WEP is 100% useless (you can break it from a Palm for God's sake). I recommend completely turning off WEP so your users understand that any traffic going over wireless is world-readable. This may convince them to avoid plain-text password protocols and check that when they type their credit card numbers the site is using strong SSL. I've seen people send their credit card numbers over email, so this is absolutely necessary.
WEP crackers are not in any way "hacker" or "cracker" tools, and I doubt they are widely used for illegitimage purposes - I would venture that many more people use netstumbler and airsnort to convince others that WEP is useless. Lowering the bar so there's some point-and-click tool that your grandmother can download is a good thing, since there is nothing "hard" about cracking WEP and people need to understand that.
Now, Ring Around the Rosie is a centuries old nursery rhyme that most know dates back to the time of the Black Death. I won't go into the details, but thats what it is about.
I had never heard this before.
To verify, I typed "ring around the rosie" into google, and this is the first hit. here's the third hit from snopes.com, an interesting website which I would be inclined to believe.
Reminds me of that 80s music video where the gal walks into the mirror, and everything's all "pencilly-looking" but in real-time... now what was that damn song?
-A Audible. Output a bell (ASCII 0x07) character when no packet is received before the next packet is transmitted. To cater for round-trip times that are longer than the interval between trans- missions, further missing packets cause a bell only if the maxi- mum number of unreceived packets has increased.
-a Audible. Include a bell (ASCII 0x07) character in the output when any packet is received. This option is ignored if other format options are present.
Slashdot has bowled three strikes today...err duplicates
Must be the tryptophan.
Is it just a coincidence that the "busiest shopping day of the year" follows directly after the country ingests large amounts of a sedative? I smell a conspiracy.
I'm surprised to see such outpouring of emotion over this event.
I think the outpouring of emotion is because a lot of us can relate to those network engineers - but not on this scale.
It's about getting a page at 22:00 because a brownout at 17:00 fried a router and it takes you an hour to drive to the closet, it takes some time to figure out the router died, back to the office to set up a replacement, back to the closet, etc. You end up back home at 03:00. I'm not a network engineer, but I've seen some of the stuff these guys put up with.
Can you imagine the chaos those engineers and administrators faced? You have to wonder how much sleep they got over this period. And you can imagine the thoughts going through their heads as they watched their NOC burn down (of course, thoughts of "Oh shit" come after learning that nobody died or was injured - if you're worried first about the equipment instead of human lives, then yes, there's something wrong, but I can imagine the oncoming dread as you learn all your work is gone and you MUST come up with a replacement DAMNED QUICK).
Getting a page or phone call in the evening really sucks, but you can usually go home at the end of the day. These guys probably worked their asses off for days on end.
I congratulate these engineers and admins and offer a virtual beer.
That's way difficult. I don't do anything with the sendmail setup. I don't have to "create" email addresses. It's just a sendmail rewrite rule that changes "x+y@z.com" to "x@z.com" where "y" is any alphanumeric string. I just give out the address and I know it will get to me - I don't have to ssh in to some server, I don't go to any webpage.
I've had the same email address for five years, and I receive zero spam. None whatsoever. I also advertise the email address widely (web, usenet, mailing lists).
How does this work, you ask? I create a new email address each time I give out my email address. We have a sendmail setup that allows you to make "username+foo@example.com" go to "username@example.com" where "foo" is any arbitrary string.
So, amazon.com thinks I'm "username+amazon@example.com", securityfocus thinks I'm "username+bugtraq@example.com" and so on. Once I receive spam on one of the addresses, it's trivial to write a filter that matches with near 100% confidence ("username+bugtraq@example.com" should only receive messages originating from securityfocus, etc.). Most times, if an address receives a spam, I can just procmail all mail to the address to/dev/null (eg, no complex rules like for the bugtraq example). This also allows me to track where spammers get their lists.
We use sendmail. Equivalently, qmail allows "username-foo@example.com" and if you own your own domain, just use "foo@example.com".
I find this advanced filtering stuff fascinating, from a completely academic point of view. I, of course, can't apply any of it since I don't receive any spam, but it's interesting nonetheless. I just read through how the Bayesian filter works. It is very simple: it only filters based on word (token) probabilities. So, it would assign a value to "make," "money" and "fast," but not "make money fast". Seems like you could get much better results if you do something more advanced like Markov chains or a neural net. There's lots of research out there on textual matching, and I'm not sure why people would start out with such a simple algorithm when there may be better things available (where "better" is measured not only by accuracy, but also by training time).
"...there's no excuse to not include reasonable packet filter ability in the OS."
Psst... I share the bounty of a simple google search.
The little IPSec hack does indeed allow you to do firewall-type stuff (ooh, you can filter based on IP addresses!), but by no means can it be considered "a reasonable packet filter ability." It is not a stateful firewall. It's not even close to a stateful firewall because you can't filter based on various headers. FWIW, it won't filter based on device (although I've never seen a multi-homed Windows box). It won't filter broadcast or multicast traffic. Also, it won't filter based on the originating program on the local machine (something very popular in Windows host-based firewalls but which I've never used as I work primarily with Unix machines and network devices). I don't have a windows box handy at the moment so I can't verify this, but I don't think it will even log blocked packets, not to mention allow you to specify what to log.
The little IPSec hack basically sucks as a firewall. However, it's better than nothing - you can restrict all the MS networking stuff to originate only from within your organization, which means many fewer boxes are rooted by the irc kiddies (various political reasons why we can't implement such a policy at the organizational level, which is what I'd like to do). Not something to rely upon, but it does slow down the rate of comprimises to a manageable rate.
backward compatibility problem... people keep trying to link directly to glibc's internals
Can you give some examples? I've been using non-glibc systems almost exclusively for the past couple of years (FreeBSD, Solaris), and all the latest open source stuff compiles just fine, except maybe for a few header tweaks on some programs that were only tested on Linux.
Slashdot Mirror
No. One technique relies on a bug in a script to detect anonomolous MACs from script kiddies; not generally useful or applicable. The second technique is much more interesting and useful: it uses sequence number analysis to find spoofed MACs. This is, of course, not relevant to wired nets because ethernet has no such thing as a sequence number (only source, destination and type). This might be worth investigating as some places do use MACs for authentication (eg, you have to "register" your NIC with a username/password before being allowed out of a sandbox network - very popular in wireless nets, but also used occasionally on wired nets). Off the top of my head, I can't figure out any way to reliably detect MAC spoofing over ethernet (you just have very little to work with - you might try detecting when there is a too small time difference between one MAC sending from a jack and another, but then the attacker could just wait; or you could try using some higher-level protocol stuff, similar to what's used to detect when a card goes promiscuous, but those are just heuristics and can be broken; and there are also valid reasons for MAC spoofing (like VMWare)).
Also note that the techniques he describes are not foolproof. If someone knows an IDS using these techniques is in place, they could launch an attack as follows: 1. listen for a valid MAC; 2. send out some valid traffic using your factory-assigned MAC until your sequence number almost matches the target's (eg, keep hitting their authentication web page - might be difficult if the target is also active); 3. DOS the target using the few packets you have left until you meet the sequence number, or just use a second NIC to DOS the target; 4. take over target's IP, with no discontinuity in sequence numbers.
Still a very interesting paper.
Not really possible. joe@whatever.com can send out mail using smtp.colo-isp.com. Not everyone sets up their relay to be named some-subdomain.whatever.com, but they use some other relay. Or, better example, I send out mail from me@personal-isp.com while I'm at work, so it goes through smtp.my-work.com. I do that all the time (or usually the other way around - sending out work-related mail from my home ISP).
Can't really figure these things out programatically. Sucks that they try, because they'll fail.
(from your .sig)
You realize that with shell quoting, this will only kill the same PID repeatedly. What you want is this (assumming your root shell is bash or zsh):
su - -c 'while :;do kill -9 $RANDOM ; done'
For the hell of it, I'll run this after I hit submit. Should be more fun than "sudo kill -9 1".
Far more offensive to me is that they use csh as a scripting language. This is absolutely unacceptable.
What about shutting down themes sites that have gel-like buttons or gray and white row patterns in menu backgrounds? Is Apple going to sick their lawyers on Slashdot next because the little friend/foe button is a blatent rip-off of OS X buttons?
What about the Sorenson fiasco? For years, Apple has been telling the unix communities that they cannot release a binary-only codec to allow unix movie players to play Quicktime movies. The reason they claim for this decision is because they do not control the Sorenson codec, but rather Sorenson does. However, when Sorenson tries to sell the codec to Macromedia, Apple speaks up and claims exclusive rights to distribute the codec. So, Apple has exclusive rights to distribute the codec, but not when it comes to a market that won't bring them any profit?
What about Apple's membership in the BSA? They're premier members, along with Adobe and Microsoft. These are the people that bring in federal marshalls to shut down businesses when ex-employees claim that a business is does not have enough licenses for the software they use.
Apple is not a "nice" company - they'll shut down small companies and sick their lawyers on fans just as quickly as Microsoft. Apple, does, however, have a great PR department and Mac fanatics believe Apple can't do any wrong. Their support of the DMCA is just one example of how self-serving they are.
I for one congratulate the GNU/Darwin folks on their decision. It may just make some Mac fanboys ask just how ethical their favorite multinational really is.
I tested it like this from a Unix machine:
I guess I didn't mention that it's supposed to be zip file, which would save people time. Base64 is nice in that it should ignore all extraneous whitespace and whatnot that slashcode puts in it.
As for hosting it - do whatever you want with it. I'm only throwing it on slashdot and not putting it on a server because I prefer to remain somewhat anonymous on slashdot.
Have fun with it - the graphics part is just a big bitblt as I've never really done any graphics stuff.
Yet again, slashcode is pissing me off. I have this 100K base64 file I want to post, and it won't let me do it, not even in my journal. It lets me do it if I split it up into tiny chunks, but I don't have time for this. This has happened a few times before. Great thing is, you don't get an error message or anything when your journal entry is too big - you just get dropped into some other page with no explanation.
OK, it works if I make it smaller by removing the built executable and split it in two. You'll need to compile yourself, and you'll need MS VS 6.0 to do it. Still pisses me off. I guess I'm not encouraged to share code on slashdot, eh?
Below are the contents of the README:
I did this a few years ago. I wrote a screensaver that bounced a logo around. The whole reason for the screen saver was that it sent a UDP packet to a central logging server noting the time that the screen saver came on and went off. This allowed us to log each machine's idle time, and I had various awk scripts that made nice little reports (win32 screen saver, but server stuff is kept on Unix of course).
This was a really trivial program - one C file, took me maybe an hour or two to write. It would be extremely easy to extend it so that it sent a UDP packet to the "next" machine (where each machine has an ordered list of machines, saved in the registry), and waited for a reply. If no reply, send the packet to the machine after that, and so on. Once you get a reply, turn off the marquee; if no reply, wrap marquee around. The screen saver also listens for UDP packets when it's running. If it receives a packet when it doesn't have a marquee, it sends a reply, and scrolls in the marquee from the left. The only tough part is some sort of synchronization mechanism to ensure the marquee doesn't skip around; this synchronization would happen when the machine starts up the screen saver (this part is cloudy, the rest of the design is clear in my head).
I can't find my old code - this is a while ago, like five or six disk crashes - and the code was so trivial, I didn't put it in CVS (I only back up my CVS repositories, everything else I lose whenever a disk fails).
I might write this after dinner, since it sounds kind of cool. If I do, I'll base64 encode it and put it in my journal, so check my journal tomorrow morning (can't post directly to slashdot because of lameness filter, but it seems lameness filter doesn't apply to journal entries). I try to write my win32 stuff using gcc (cygwin environment for development, avoid cygwin libraries in final product) - if cygwin is missing the screensaver headers or something, I might use the MS .NET SDK (which is free and comes with fully-functional C and C++ compilers, nmake, and everything you really need to write win32 programs, just no lame IDE). If that won't work, I'll use VS 6.0.
I challenge anyone else on slashdot to write a better version, from scratch, by tommorow (2002-12-13). Should get interesting if anyone takes me up on this. I have to go to work tomorrow (which limits the time I can put into it), but you college kids should have plenty of free time since you should be on winter break by now.
When people use the term "hacker" to mean whatever the Jargon File associates with the term, they're using an MIT-ism. Look at all the people associated with the original Jargon file: Steele, etc. All from MIT. Try to find an early example of the term used outside of MIT: you'll find it difficult (although I'm not dismissing the possibility - perhaps I just haven't looked hard enough, but I have looked).
People are very quick to apply the term to things outside of the MIT, Unix and FSF cultures, but this means introducing the term into a new environments. At this point, it's difficult to introduce the term into new environments because another meaning for the term is in common usage.
It doesn't matter which definition came "first." The popular definition is the de-facto definition, by definition of the terms "popular," "definition" and "de-facto." The script kiddie culture has no qualms about calling themselves "hackers," and the word "cracker" already has a pejorative meaning in certain contexts, so nobody's going to convince the general public or the mass media to switch terminology.
Analogy: "Skinhead" can refer to two things: either young Neo-Nazis or the original Skinhead movement, which is this English Punk subculture. If you say "All my best friends are Skinheads," you'll have a lot of explaining to do. This explanation may make for an interesting conversation between your friends at the pub, but it has no place in a journal interview or a trial. Somehow, nobody really cares about the distinction between the two meanings of "Skinhead," since few people have the time or motivation for these semantics arguments. You have to understand that most people don't care for linguistics and wordplay - most people want to get their jobs done, and communicate in order to do so.
When asked "Are you a hacker?" Dmitry responded correctly. If he tried to explain about the Jargon File and how the MIT-centric usage has come into vogue among the "Free Software" community (another term with which I take issue), he would have gotten nowhere. It would have been just as useful if he responded: "What do you mean by 'you?'"
If all X apps worked correctly and consistently, this wouldn't be a problem. However, since applications are so inconsistent, most people don't figure out that there's supposed to be a method that satisfies both of our requirements.
This is how it's supposed to work (as I understand it): when you (or a program) highlights text, that text is supposed to goe into the SELECTION. Highlighting some other text replaces the SELECTION. Middle-clicking is supposed to insert the SELECTION.
In addition to the SELECTION, there are BUFFERS. When you choose the edit->copy command, it's supposed to replace the first BUFFER with the SELECTION, but only if the program owns the SELECTION (otherwise, edit->copy is disabled). When you do edit->paste, that's supposed to insert the first BUFFER, not the SELECTION.
So, you can highlight something in app1, and middle-click in app2 to insert what's highlighted. If you need to highlight something in app2 to replace instead of just inserting into an empty area, you highlight in app1, copy in app1, and paste in app2. You'll note that if you know nothing about middle-clicking, you'll never have to deal with SELECTIONS - you just use copy and paste like in Windows and MacOS and it works the same.
Things are actually a little more flexible than this because there are multiple BUFFERS, so you always have a history of copies accross all programs. BUFFERS are shared between all programs (they are kept on the X server), but the SELECTION is "owned" by a program (so when you middle-click, the application that accepts the click asks the application that owns the selection to fork over the contents). This is really quite elegant, since it avoids unecessary copies between the clients and server (since X was designed from the start to run over a network): you only copy something to the server when you do a "copy" command in a program, but you never transfer something to the server by just highlighting text.
The problem is that xterm (and a number of other X programs) does not supply a "copy" command that transfers the SELECTION to the first buffer (or a paste command that inserts the first BUFFER). Emacs does all sorts of confusing, crazy things. Lots of apps just do what they feel like doing, since everyone else does contrary things and plenty of X programmers haven't figured out that there's supposed to be a system here.
So it's not the design of X that's the problem, it's the applications that don't stick to standards (and perhaps standards documents that are extremely confusing like the ICCCM).
Try this: use only the latest KDE applications, and not any applications like xterm, netscape, emacs, etc. You'll find that you can use copy and paste in the exact same way as in MacOS since the latest KDE applications get it right. You can treat the middle-click as an added "bonus" to those who understand what's going on underneath.
Hope someone finds this useful - it's rather late in the life of this article.
xterm. Terminal.app is useless as a terminal emulator.
It does not allow you to map your meta key to the place where it belongs (instead, it grabs the meta key for the completely useless keybindings it has). In order to modify your keybindings to switch alt and command, you have to use a third party kernel module which would indicate a low-level architectural problem. You cannot use emacs with Terminal.app (not a big deal for me since I use vi, but it's annoying for using bash and zsh where I use the emacs editing keystrokes - and yes, I know zsh has a "vi-mode", but that's besides the point).
Terminal.app continues to insist on the inane "copy/paste" paradigm, even if I have a perfectly good three-button mouse. Hint: if I highlight something in a terminal, I'm going to copy it to the clipboard - there's absolutely nothing else you can do with a selection in a terminal emulator. If I have a three-button mouse, the middle mouse button isn't doing anything useful, so why not allow it do paste, as is traditional in unix environments?
NB that Terminal.app actually emulates xterm escape sequences. However, it sends "vt100" as the terminal type. What the hell is the logic behind that? Are they trying to pander to the clueless newbs who can't figure out how to set their terminal type when they telnet into an older Sun box, or what?
Terminal.app steals the page up/page down keys for scrolling, instead of using shift page up/shift page down, as is the norm. If you actually need to send page up/page down to a program, you're SOL, and a number of terminal programs expect these keys for some function because no other terminal emulator that I know of has stolen them.
If Apple adds native X support, I'll finally be able to use a Macintosh as a terminal. I'll open up Terminal.app, ssh into a normal *nix box and launch xterm remotely. NB: I don't care about fink or any other third-party X server. The only time I'll use a Macintosh is if I'm in the field and I have nothing else available (so I'm not going to install third-party software on someone else's machine).
I believe it would be far more useful if Apple coded up their apps to be proper X clients instead of adding X server support to OS X. If you try to run OS X Server, the only way you can configure the various services is via their little gui application (or, you can figure out the undocumented netinfo strings they modify, but then you're in the exact same boat as with figuring out what registry keys MS Windows software modifies and uses). These applications are supposedly "network-aware" - you can run them on some other machine and connect to your server remotely. However, they're still completely useless, as you need to install the applications on the other machine, and you need to have a Macintosh as your currently-available machine in order to do it in the first place. If some machine is misbehaving, you have to find an OS X machine whose owner will allow you to install software, or you need to physically get to the box - more often than not, you end up physically going to the box, whereas I don't even remember what the cases on my FreeBSD servers look like.
As for your original question, xterm is the only thing I can think of. I spend 80% of my time in xterm and the other 20% in a web browser. If OS X had a decent terminal emulator and some decent window management (don't get me started on that), I would be able to use it as a workstation. I really can't think of many X applications that I would miss, except perhaps xdvi (fast startup, controlled from command line) and xfig (does things I can't find in any other application, saves to plain text .fig files which can be edited). Might also be useful for the occasional X-based third-party installation program (like sybase and a number of less well-known programs). Would also be useful for running things like matlab or mathematica - you can run them on some remote box via X11, which means you don't need 100 licenses for 100 different machines, just one license for one machine (albeit the *nix licenses are usually more expensive than the Windows or Mac licneses because the vendors expect you to do this sort of thing).
cat /dev/urandom | grep "Elsinore. A platform before the castle."
for about a year now. No luck yet, but much less feces to clean up than my last project.
Overkill. UUOC. Behold what my 386 can do with the appropriate choice of software:
Of course, I meant "GB" instead of "MB" in most places. Although it would also be news if, in fact, it were a half-gig drive costing upwards of a thousand dollars in 2002.
LaCie France launches its new "Big Disk" hard drives which hold 500 MB and 400 MB and use firewire.
Firewire can theoretically deliver 400 Mbps, and these disks have a sustained transfer rate of 30 to 40 MB/s [Ed: note the unit change: 240 to 360 Mbps]. The casing is aluminum and ZANAC, an alloy believed to increase robustness and provide better heat dissipation.
The disks come in a 5 1/4 inch format and can be stacked on top of each other or installed vertically in a rigid base. [Ed: vibration causes disks to fail very quickly, best not keep this thing on your desk]. Since each unit comes standard with two internal hard disks and a FW RAID bridge, it's possible to configure them in RAID 1 (Mirroring) or RAID 0 (Stripping) [Ed: he meant "striping" - Freudian slip?]
And how much does this cost in France?
The LaCie Big Disk 400 MB (7200 rpm / 8 MB cache) costs 999 Euros HT (1195 Euros TTC). [Ed: HT = hors taxe, no tax, TTC = toutes taxes compris, all taxes included; dollar is roughly equivalent to Euro].
And the LaCie Big Disk 500 MB (5400 rpm / 2 MB cache) is available for 1124 Euros HT (1344 Euros TTC).
They come with a 2-year warranty and a CD with the Silverlining utility (Mac and Windows) and the Silverkeeper backup software (Macintosh).
------
Comments talk about the new moderation system at the site and the site's resident trolls. Google translation does quite a job on the colloqial 'net language they use. A nice French pr0n banner at the bottom to even things out (vis-a-vis RAID 0 stripping).
MacOS X Server 10.1 used netinfo for authentication of client machines. The way it worked is that password hashes were stored in netinfo and netinfo was readable to the world (eg, it posted /etc/passwd on the Internet).
The bosses would not believe this was a problem until I showed them how I could download all the password hashes from any arbitrary machine on the Internet and subsequently ran a cracker which found a large number of weak passwords.
In fact, they failed to see the scope of the problem (it was completely debilitating) as they only saw me typing a bunch of commands and their eyes glazed over. If there were some point-and-click Mac toy that would download the hashes, run Crack in the background and report results, it may have convinced them of just how serious a problem it was. In fact, I considered writing such a GUI tool because I'm genuinely concerned about shops that buy MacOS X Server and don't have a *nix admin.
Similarly, some people still don't understand that WEP is 100% useless (you can break it from a Palm for God's sake). I recommend completely turning off WEP so your users understand that any traffic going over wireless is world-readable. This may convince them to avoid plain-text password protocols and check that when they type their credit card numbers the site is using strong SSL. I've seen people send their credit card numbers over email, so this is absolutely necessary.
WEP crackers are not in any way "hacker" or "cracker" tools, and I doubt they are widely used for illegitimage purposes - I would venture that many more people use netstumbler and airsnort to convince others that WEP is useless. Lowering the bar so there's some point-and-click tool that your grandmother can download is a good thing, since there is nothing "hard" about cracking WEP and people need to understand that.
I had never heard this before. To verify, I typed "ring around the rosie" into google, and this is the first hit. here's the third hit from snopes.com, an interesting website which I would be inclined to believe.
I believe that was "Take on me" by Ah-Ha.
man ping in FreeBSD-STABLE:
Must be the tryptophan.
Is it just a coincidence that the "busiest shopping day of the year" follows directly after the country ingests large amounts of a sedative? I smell a conspiracy.
I think the outpouring of emotion is because a lot of us can relate to those network engineers - but not on this scale.
It's about getting a page at 22:00 because a brownout at 17:00 fried a router and it takes you an hour to drive to the closet, it takes some time to figure out the router died, back to the office to set up a replacement, back to the closet, etc. You end up back home at 03:00. I'm not a network engineer, but I've seen some of the stuff these guys put up with.
Can you imagine the chaos those engineers and administrators faced? You have to wonder how much sleep they got over this period. And you can imagine the thoughts going through their heads as they watched their NOC burn down (of course, thoughts of "Oh shit" come after learning that nobody died or was injured - if you're worried first about the equipment instead of human lives, then yes, there's something wrong, but I can imagine the oncoming dread as you learn all your work is gone and you MUST come up with a replacement DAMNED QUICK).
Getting a page or phone call in the evening really sucks, but you can usually go home at the end of the day. These guys probably worked their asses off for days on end.
I congratulate these engineers and admins and offer a virtual beer.
Real men avoid Useless Use of Cat
That's way difficult. I don't do anything with the sendmail setup. I don't have to "create" email addresses. It's just a sendmail rewrite rule that changes "x+y@z.com" to "x@z.com" where "y" is any alphanumeric string. I just give out the address and I know it will get to me - I don't have to ssh in to some server, I don't go to any webpage.
How does this work, you ask? I create a new email address each time I give out my email address. We have a sendmail setup that allows you to make "username+foo@example.com" go to "username@example.com" where "foo" is any arbitrary string.
So, amazon.com thinks I'm "username+amazon@example.com", securityfocus thinks I'm "username+bugtraq@example.com" and so on. Once I receive spam on one of the addresses, it's trivial to write a filter that matches with near 100% confidence ("username+bugtraq@example.com" should only receive messages originating from securityfocus, etc.). Most times, if an address receives a spam, I can just procmail all mail to the address to /dev/null (eg, no complex rules like for the bugtraq example). This also allows me to track where spammers get their lists.
We use sendmail. Equivalently, qmail allows "username-foo@example.com" and if you own your own domain, just use "foo@example.com".
I find this advanced filtering stuff fascinating, from a completely academic point of view. I, of course, can't apply any of it since I don't receive any spam, but it's interesting nonetheless. I just read through how the Bayesian filter works. It is very simple: it only filters based on word (token) probabilities. So, it would assign a value to "make," "money" and "fast," but not "make money fast". Seems like you could get much better results if you do something more advanced like Markov chains or a neural net. There's lots of research out there on textual matching, and I'm not sure why people would start out with such a simple algorithm when there may be better things available (where "better" is measured not only by accuracy, but also by training time).
Psst... I share the bounty of a simple google search.
The little IPSec hack does indeed allow you to do firewall-type stuff (ooh, you can filter based on IP addresses!), but by no means can it be considered "a reasonable packet filter ability." It is not a stateful firewall. It's not even close to a stateful firewall because you can't filter based on various headers. FWIW, it won't filter based on device (although I've never seen a multi-homed Windows box). It won't filter broadcast or multicast traffic. Also, it won't filter based on the originating program on the local machine (something very popular in Windows host-based firewalls but which I've never used as I work primarily with Unix machines and network devices). I don't have a windows box handy at the moment so I can't verify this, but I don't think it will even log blocked packets, not to mention allow you to specify what to log.
The little IPSec hack basically sucks as a firewall. However, it's better than nothing - you can restrict all the MS networking stuff to originate only from within your organization, which means many fewer boxes are rooted by the irc kiddies (various political reasons why we can't implement such a policy at the organizational level, which is what I'd like to do). Not something to rely upon, but it does slow down the rate of comprimises to a manageable rate.
Can you give some examples? I've been using non-glibc systems almost exclusively for the past couple of years (FreeBSD, Solaris), and all the latest open source stuff compiles just fine, except maybe for a few header tweaks on some programs that were only tested on Linux.