I have a vague recollection of various hardware (cisco routers?) crashing painfully when tickled the wrong way by nmap.
Sure, it wasn't intentional, but it did crash machines.
oh, and real-world analogies for cyber-stuff are almost always bogus. It's a bit like dragging pans tied to your car with wires down the highway. you know?
> if Neo visiting the architect was a planned event then was the pursuit of the keymaker by "the twins" and two agents just for show?
You could ask the same thing about the agents trying really hard to access zion's mainframe in the first movie. It seems pretty clear agents aren't really kept in the loop for everything. It's different for the twins. The Merovingian knew about pretty much everything, and tried to keep the keymaker away from its "destiny" purposefully. The twins were merely following orders. It makes you wonder what the merovingian was trying to accomplish.. destroy the matrix, maybe?
A demonstration site was put together a long time ago by academic folks at Princeton who also wrote a paper about Web Spoofing.
Anyway, long story short, one of their evil demonstrations was a page that would popup a new browser window that would emulate the full Netscape 3 look&feel quite closely (yes, that was a while ago, I said).
Of course, back then, they didn't have the convenience of resizable "fullscreen" chromeless windows that IE provides.
One "feature": Fullscreen browser windows. Any web site that feels like it can open a fullscreen window and draw a desktop quite convincingly. Since IE conveniently makes many system colors available, the web page can use the correct colors to render the start bar, the windows chrome, etc.. So, you ask, how would the web page render the correct desktop background and the correct desktop position? And the answer is: That's *exactly* what microsoft is trying to generalize. Spoofing an entire desktop can be hard if it has been customized, because it now contains personal settings that aren't readily available to a web page.
Of course, you could argue allowing any web page to open a full-screen window is dumb in the first place (note that you can resize full screen windows, resulting in a very chromeless window anywhere on your screen. Think about the security implications for a minute.)
That's actuallly a good point. Everybody who has spent any time developing web pages has learnt that bad (and sometimes even good) html can crash browsers.
Are we *that* confident in the maturity of our web browsers that causing a browser crash is nowadays considered a serious issue?
Before jumping the gun on parsing errors that kill the app, it might be smart to go over design errors first (scripts that keeps on going and that bypass the simple "lengthy script" checks are a good example. recursive frameset tricks would qualify too.). I've yet to see a full-featured browser that doesn't choke and/or die when presented with the right mix of recursion, active content and wickedness.
<tidbit type=outdated> Netscape 3 had a neat crash code: <script>delete new Location</script> The neat part about it is that 2 of those 3 words were undocumented. Of course any attempt to pass that as a security concern back then would have been laughed at. loudly. I'm not sure what has fundamentally changed since then. </tidbit>
yeah. good stuff. don't get slashdotted without it.
Plus a half serious LAMPist knows when to generate a truly dynamic page and when to generate a page in batch from a cron job. (hint: if it doesn't contain user-related information, it's usually a good cron job candidate.) And of course, she will know as well when to artfully mix both in a seamlessly integrated user experience. or something.
That's quite a different problem. As much as it is difficult to stop people from doing whatever they want on their own desktop, it is much easier to control what happens on your own servers (still a far cry from easy, but much easier than desktop-control nonetheless).
The alternative to technical spam solutions is legal spam solutions, which involves closing down the borders of your national "internet" at some point, since chinese spammers have never cared much about US laws.
That is almost like my own little theory of the universe.
Except the spreading backward. that messes everything up. And the whole time travel thing too. It's not that there isn't a universe where a 30 years old version of a 12 years old kid suddenly appears, I mean, there's an infinity of those, obviously. So the problem is not to make it happen. The problem is to convince your self to switch from your native "timeline" to a totally different branch very very far away. It's like steering the wheel of a car that goes really really fast. small changes of direction are easy, big changes are harder (and risky). Suddenly teleporting your car to a totally different highway is even harder. And it's kinda like that.
(but yeah, the moment we figure out teleportation, some form of time travel beyond frozen veggies may not seem all that unreachable anymore.)
Sure it's fun to bash a company that said they were overhauling their security everytime they have a security problem, but serious people would look a bit deeper than that.
Having the IS team not keep up with a few of their own patches is silly indeed, but I believe the security push was mostly targeted at developers. Still that's something Microsoft can be faulted for. And that's the only thing:
In the whole SQL worm incident, what exactly can be blamed on Microsoft? There was a patch, the problem itself came from code written before the 2002 security freak-out.
It feels like people expects that, since Microsoft has said they cared about security, suddenly all of their existing softare is supposed to become security bug-free, and any failure of an old installed piece of code to fix itself is a massive failure for Microsoft. That's unrealistic. Judge Microsoft's security effort by the quality of what's been coming out of their oven for the past 6 months. If the new stuff is as unsecure as the old one (arguably hard to measure), then bash Microsoft to hell and back. Until that can be established, give them a chance.
If you want to get a feel for the kind of things microsoft is doing for security, you should check out "Writing secure Code", by Michael Howard and David Leblanc, 2d edition. If you need a great reference book on how to approach security issues at your workplace, check it out.
-- um. This is probably a great time to mention I am NOT affiliated with MS in any shape or form.
yeah.. swing is an abstraction layer over an abstraction layer. bogus by design.
Speed-wise, I've been quite impressed with the graphic toolkit used by Eclipse. If I remember right, it's called SWT, and drops AWT totally. It also pretty much drops the idea of giving all platforms the same uniform look, going instead with what feels right for each platform: you compile SWT with motif, you get a motif look. compile with gtk, you get a gtk look, etc, etc..
Hence, Java will not die, not until another technology can cover all of the same ground it does.
I'm already wondering why MS hasn't made publicly available a.NET equivalent of the java sandbox for web browsers. Chances are it will be out soon.
In the meanwhile, Java is the only way to: - have complete control over a TCP socket connection - have a UDP connection at all - have serious non-SSL crypto in the browser - have computation intensive raster graphics - a lot more. Java is a full featured language, not a quick scripting glue playing with a few loose objects.
Flash is on its way though.. their so-called "XML" socket allows to send arbitrary data over TCP, but still has a few weird restrictions (each chunk of data must be null-terminated), and their strong point is graphics after all, even though computations are inherently limited by the not-so-fast actionscript interpreter.
Note that even after the.NET sandbox becomes available on IE, it will not be immediately available to other platforms (not until mono and others write a netscape plugin wrapper), so Java still has an edge.
There has been at least one court case in France where a webmaster was found guilty for having illegal speech on his website. The speech in question was located on a forum, and wasn't put there by the webmaster. This effectively means that anybody who puts up an unmoderated forum in France is taking a chance.
It didn't require extra laws, and probably didn't make a lot of headlines, but it's a reality.
The *real* problem with X-window is the gray pattern that comes up before you override it with an xsetroot or equivalent.
Fortunately, redhat 8.0 has a patch in Xfree86 for that very purpose. The patch is aptly named "XFree86-4.2.0-die-ugly-pattern-die-die-die.patch" (yes, I browse srpms in my free time.)
I leave launchcast running all day on my desktop. It can bring quite a bit of music you don't know if you let it, or just keep playing stuff you've told it you liked.
www.launchcast.com
( if you want to try my radio station, go to http://launch.yahoo.com/launchcast/station.asp?u=1 019669531 )
I've done that 3 times, for 4 months, 4 months and 6 months respectively. But those were obviously internships, as nobody seriously expects an employee to accomplish some meaningful work during that kind of timeframe.
Restricting a work visa to one year is silly, and is simply going to turn H1-Bs into another form of J1s for grown-ups who want to network in the US.
GPL-ed.NET projects (like mono) make it pretty clear that any pure.NET application will be cross-platform whether it wants to be or not.
On top of that, any bastard mix of.NET and win32 still has a pretty good chance of running as mono is coupling its code with wine (at least for the Form classes, but I'm hoping general pinvoke support will be next.)
Yeah. we need pixels,light receptors,position sensors,wireless transmitters, and small processing units, at a 1:1 ratio, ideally all-in-one kind of stuff and small enough to put placed all over your clothes. Then you need your distributed CPU to maps each receptor to a set of pixels. That will probably require some way to map where each element is in space, then map what would someone see at each angle, then decide what color will blend best for all possible angles. That means compromising (and a lot of CPU power. you don't want your mapping to lag when you run. )
The result wouldn't be total invisibility, but you would look really fuzzy and translucent.
Alternatively, if you only care about one angle and can input that angle easily to your wearable computer, you can get a much better invisibility from that angle only.
c++ folks are used to use operator overloading with templates together. The sample code 3 posts above does just that.. the "ab" assumes the "" is overloaded for the chosen type.
Java ain't complete 'till C# compiles on it?
(if Java is gonna have weird cool features added, I'd like to vote for what I read in the Eiffel doc the other day: design by contract, with pre and post conditions and class invariants. )
Slashdot Mirror
I have a vague recollection of various hardware (cisco routers?) crashing painfully when tickled the wrong way by nmap. Sure, it wasn't intentional, but it did crash machines. oh, and real-world analogies for cyber-stuff are almost always bogus. It's a bit like dragging pans tied to your car with wires down the highway. you know?
> if Neo visiting the architect was a planned event then was the pursuit of the keymaker by "the twins" and two agents just for show?
You could ask the same thing about the agents trying really hard to access zion's mainframe in the first movie.
It seems pretty clear agents aren't really kept in the loop for everything.
It's different for the twins. The Merovingian knew about pretty much everything, and tried to keep the keymaker away from its "destiny" purposefully. The twins were merely following orders.
It makes you wonder what the merovingian was trying to accomplish.. destroy the matrix, maybe?
Anyway, long story short, one of their evil demonstrations was a page that would popup a new browser window that would emulate the full Netscape 3 look&feel quite closely (yes, that was a while ago, I said).
Of course, back then, they didn't have the convenience of resizable "fullscreen" chromeless windows that IE provides.
One "feature": Fullscreen browser windows.
Any web site that feels like it can open a fullscreen window and draw a desktop quite convincingly. Since IE conveniently makes many system colors available, the web page can use the correct colors to render the start bar, the windows chrome, etc..
So, you ask, how would the web page render the correct desktop background and the correct desktop position?
And the answer is: That's *exactly* what microsoft is trying to generalize. Spoofing an entire desktop can be hard if it has been customized, because it now contains personal settings that aren't readily available to a web page.
Of course, you could argue allowing any web page to open a full-screen window is dumb in the first place (note that you can resize full screen windows, resulting in a very chromeless window anywhere on your screen. Think about the security implications for a minute.)
That's actuallly a good point.
Everybody who has spent any time developing web pages has learnt that bad (and sometimes even good) html can crash browsers.
Are we *that* confident in the maturity of our web browsers that causing a browser crash is nowadays considered a serious issue?
Before jumping the gun on parsing errors that kill the app, it might be smart to go over design errors first (scripts that keeps on going and that bypass the simple "lengthy script" checks are a good example. recursive frameset tricks would qualify too.). I've yet to see a full-featured browser that doesn't choke and/or die when presented with the right mix of recursion, active content and wickedness.
<tidbit type=outdated>
Netscape 3 had a neat crash code:
<script>delete new Location</script>
The neat part about it is that 2 of those 3 words were undocumented.
Of course any attempt to pass that as a security concern back then would have been laughed at. loudly.
I'm not sure what has fundamentally changed since then.
</tidbit>
yeah. good stuff. don't get slashdotted without it.
Plus a half serious LAMPist knows when to generate a truly dynamic page and when to generate a page in batch from a cron job. (hint: if it doesn't contain user-related information, it's usually a good cron job candidate.)
And of course, she will know as well when to artfully mix both in a seamlessly integrated user experience. or something.
Ha! That's just a trick to inflate your stats as far as how much line of code per day you can write.
Kinda like comments, but worse.
Real men write:
namespace Foo {
public class Bar {
void Bar() {
if (foo) {
bar(0);
} else {
bar(1);
} } } }
If you need more white space between your lines, adjust your font settings, but don't take it out on the brackets.
That's quite a different problem.
As much as it is difficult to stop people from doing whatever they want on their own desktop, it is much easier to control what happens on your own servers (still a far cry from easy, but much easier than desktop-control nonetheless).
The alternative to technical spam solutions is legal spam solutions, which involves closing down the borders of your national "internet" at some point, since chinese spammers have never cared much about US laws.
I'd rather give "these technicalities" a chance.
That is almost like my own little theory of the universe.
Except the spreading backward. that messes everything up.
And the whole time travel thing too. It's not that there isn't a universe where a 30 years old version of a 12 years old kid suddenly appears, I mean, there's an infinity of those, obviously.
So the problem is not to make it happen.
The problem is to convince your self to switch from your native "timeline" to a totally different branch very very far away. It's like steering the wheel of a car that goes really really fast. small changes of direction are easy, big changes are harder (and risky).
Suddenly teleporting your car to a totally different highway is even harder.
And it's kinda like that.
(but yeah, the moment we figure out teleportation, some form of time travel beyond frozen veggies may not seem all that unreachable anymore.)
Sure it's fun to bash a company that said they were overhauling their security everytime they have a security problem, but serious people would look a bit deeper than that.
Having the IS team not keep up with a few of their own patches is silly indeed, but I believe the security push was mostly targeted at developers.
Still that's something Microsoft can be faulted for. And that's the only thing:
In the whole SQL worm incident, what exactly can be blamed on Microsoft?
There was a patch, the problem itself came from code written before the 2002 security freak-out.
It feels like people expects that, since Microsoft has said they cared about security, suddenly all of their existing softare is supposed to become security bug-free, and any failure of an old installed piece of code to fix itself is a massive failure for Microsoft.
That's unrealistic.
Judge Microsoft's security effort by the quality of what's been coming out of their oven for the past 6 months. If the new stuff is as unsecure as the old one (arguably hard to measure), then bash Microsoft to hell and back. Until that can be established, give them a chance.
If you want to get a feel for the kind of things microsoft is doing for security, you should check out "Writing secure Code", by Michael Howard and David Leblanc, 2d edition.
If you need a great reference book on how to approach security issues at your workplace, check it out.
--
um. This is probably a great time to mention I am NOT affiliated with MS in any shape or form.
Honestly, I'd be half surprised if we learnt a few days later that the web server was h4x0red and that this is a fake story written by a gobbles fan.
Seriously, you would expect to find this quality of writing on the Onion.
ph34r th3 3v1l subseven-probing Wyrm!!!
yeah.. swing is an abstraction layer over an abstraction layer. bogus by design.
Speed-wise, I've been quite impressed with the graphic toolkit used by Eclipse. If I remember right, it's called SWT, and drops AWT totally. It also pretty much drops the idea of giving all platforms the same uniform look, going instead with what feels right for each platform: you compile SWT with motif, you get a motif look. compile with gtk, you get a gtk look, etc, etc..
I mean I read the blurb too fast and assumed that "client-side java" really meant "java in the browser".
Mod me to hell and back, for I have sinned.
Hence, Java will not die, not until another technology can cover all of the same ground it does.
.NET equivalent of the java sandbox for web browsers. Chances are it will be out soon.
.NET sandbox becomes available on IE, it will not be immediately available to other platforms (not until mono and others write a netscape plugin wrapper), so Java still has an edge.
I'm already wondering why MS hasn't made publicly available a
In the meanwhile, Java is the only way to:
- have complete control over a TCP socket connection
- have a UDP connection at all
- have serious non-SSL crypto in the browser
- have computation intensive raster graphics
- a lot more. Java is a full featured language, not a quick scripting glue playing with a few loose objects.
Flash is on its way though.. their so-called "XML" socket allows to send arbitrary data over TCP, but still has a few weird restrictions (each chunk of data must be null-terminated), and their strong point is graphics after all, even though computations are inherently limited by the not-so-fast actionscript interpreter.
Note that even after the
There has been at least one court case in France where a webmaster was found guilty for having illegal speech on his website. The speech in question was located on a forum, and wasn't put there by the webmaster.
h p3 ?id_article=169p hp3?id_article=25 8
This effectively means that anybody who puts up an unmoderated forum in France is taking a chance.
It didn't require extra laws, and probably didn't make a lot of headlines, but it's a reality.
http://www.homo-numericus.bonidoo.net/article.p
http://vulgum.org/libre/article.
Am I the only one who had the disturbing feeling their PR person would fail a Turing Test in 45 seconds flat?
Why do they even *hire* people to act this way when they could advantageously *code* them?
Just a thought.
Oh, and please implement the netscape.javascript.* package. A java class that cannot mess with the browser is a sad java class.
But yeah. gimme some debugging consoles first.
Then I'll beta-test the darn thing.
Thinking of which, is there some form of public bugzilla for safari where I can moan about this AND have a hope of something being done about it?
sucky mouse cursors (...) with the X Windows System are being fixed as we speek
What are they adding? Allowing more than 2 colors in a cursor bitmap, or supporting animated cursors, or something else?
The *real* problem with X-window is the gray pattern that comes up before you override it with an xsetroot or equivalent.
"
Fortunately, redhat 8.0 has a patch in Xfree86 for that very purpose. The patch is aptly named "XFree86-4.2.0-die-ugly-pattern-die-die-die.patch
(yes, I browse srpms in my free time.)
There! Now X sucks 50% less.
I leave launchcast running all day on my desktop.
1 019669531 )
It can bring quite a bit of music you don't know if you let it, or just keep playing stuff you've told it you liked.
www.launchcast.com
( if you want to try my radio station, go to http://launch.yahoo.com/launchcast/station.asp?u=
#include "../disclaimer.h"
I've done that 3 times, for 4 months, 4 months and 6 months respectively.
But those were obviously internships, as nobody seriously expects an employee to accomplish some meaningful work during that kind of timeframe.
Restricting a work visa to one year is silly, and is simply going to turn H1-Bs into another form of J1s for grown-ups who want to network in the US.
dead links everywhere.
I really wish they'd have open-sourced their java 3d engine.. It kicked major butt, even on the first generation JITs of way back when.
GPL-ed .NET projects (like mono) make it pretty clear that any pure .NET application will be cross-platform whether it wants to be or not.
On top of that, any bastard mix of .NET and win32 still has a pretty good chance of running as mono is coupling its code with wine (at least for the Form classes, but I'm hoping general pinvoke support will be next.)
Yeah. we need pixels,light receptors,position sensors,wireless transmitters, and small processing units, at a 1:1 ratio, ideally all-in-one kind of stuff and small enough to put placed all over your clothes.
;)
Then you need your distributed CPU to maps each receptor to a set of pixels. That will probably require some way to map where each element is in space, then map what would someone see at each angle, then decide what color will blend best for all possible angles. That means compromising (and a lot of CPU power. you don't want your mapping to lag when you run. )
The result wouldn't be total invisibility, but you would look really fuzzy and translucent.
Alternatively, if you only care about one angle and can input that angle easily to your wearable computer, you can get a much better invisibility from that angle only.
All in all, we're pretty far from it, I'd say.
c++ folks are used to use operator overloading with templates together. The sample code 3 posts above does just that.. the "ab" assumes the "" is overloaded for the chosen type.
Java ain't complete 'till C# compiles on it?
(if Java is gonna have weird cool features added, I'd like to vote for what I read in the Eiffel doc the other day: design by contract, with pre and post conditions and class invariants. )