After 56k was standardised it was discovered that they radiate too much, and the FTC has capped their use in the US. Theoretically in other parts of the world you can happy run at 56k (as you say, unidirectionally, and if your ISP has no outgoing analog filter). YAW.
Nope - NT was based on code stolen from DEC and taken to MS by DEC's old project lead. DEC finally sussed this out, and sued. And won. Mica, I think it was called (the DEC project that the NT code was based on). The only reason MS and DEC had this Alpha/NT flagship agreement was because they came to an agreement from that lawsuit.
"it just downloads a list of packages and how to build each one."
Oh, OK, that method guarantees that compromised binaries won't get onto your system. No chance that the list of packages would be altered to point to compromised ones, and no chance that the instructions how to build them might involve underhand actions. Sure, sure, all's rosy.
The situation was where there was a prior value, a fixed limit, and a user requested delta.
The delta value is not to be trusted.
Therefore compare the delta value against a value that can be guaranteed not to cause overflows:
if(delta > (limit-value)) {/* value+delta too large */ }
The invariants for the system should include
limit>=0
value>=0
limit>=value and therefore (limit-value) is a positive integer less than limit.
If delta is permitted to be signed then checking that it doesn't fall below a minimal value (0 maybe) should also be done.
If the original check had been that single condition rather than the expression which uses (value+delta), the original root exploit would never have occured.
It's subtle, I'll grant you, as most people consider "if(a<(b+c))" to be the same as "if((a-b)<c)", etc. however, they are different. (in most common languages, ones with silent overflows)
If you want to check the value of delta, then really check delta, don't check some value derived from it. I've seen this kind of mistake a hundred times.
If you don't know what a train's destination is, you don't jump on it to see where it takes you in order to see if it's the right one, do you? Then don't operate on any variables until after you've checked the values. (It's not always possible, as not all expressions are reversible, but most common arithmetic ones are.)
Before anyone wastes mod points upmodding me, the above scheme of having an abstraction layer would probably put up the costs of the devices more than just the $0.25 payment, and so would never actaully happen. It's just a theoretical possibility, that's all.
(It dooes happen though - e.g. my camera presents a not-FAT interface to my computer via the serial port despite the fact that the implementation (real flash card) is FAT. NFS servers present all underlying filesystems as the same, whether they were FAT, NTFS, ext2,ISO9660, whatever.)
Not so. It may present an interface that behaves like FAT, but that doesn't mean that the actual filesystem used internally is FAT. Interface vs. Implementation. Of course, if there's a FAT interface, then MS could arguably claim patent infringement, but I thought that there was a clause in patent law now that said that inter-working with a published standard was non-infringing. (Reverse engineering to inter-work with a non-published standard is different, of course.)
However, putting out feelers to see if others are having the same issues does help. Ignoring them doesn't make them go away. E.g. the recent AskTog package/folder issue - where a file security program was magically "swallowing" files rather than encrypting them: http://www.asktog.com/columns/058SecurityD' ohlts.h tml
Yup, I've seen the exchanges between someone else @helsinki.fi and a certain Dutch professor about this topic! (And even though I'm a linux user, I think AST was right, monolithic kernels are a relic from the dark ages.)
The microkernel architecture protects the individual components from each other, but unfortunately doesn't protect the system from the component that is in charge of it. Damage limitation, but not damage prevention.
Christ, your record collection _ROCKS_! Did you see Wigwam and Tasavallin Presidentti in the Savoy Theatre last night?
heheh, put it this way, when I used Mma, (and I still ahve it here), all I sued if for was it's number-theoretic functionality, which I found to be superior (either in functionality or usability) to Maple, MathCad, Octave, and Maxima, which I uninstalled after only brief mucking around.
I appreciate that I probably never even looked at 90% of mathematica (although when bored I would sometimes just browse the manuals and run the examples).
Pari/GP is certainly more number-theoretic based. Pari/GP will do symbolic computation to a limited extent, but Mma is incomparably more competant. I didn't know what the OP was after, but the most common things I see newbies on newsgroups ask about is arbitrary precision computation, sin, cos, bessels, stuff like that, and stuff outside the reals - complex, matrix, polynomial etc. That's where GP and Mma overlap quite a bit.
Give it a try - you might like it, you might hate it. It's cheap (free), it's portable (from handhelds to crays), and it's exceptionally well supported ( http://pari.math.u-bordeaux.fr/ )
Remember the mantra - all externally provided data is not to be trusted, don't do anything with it until it's been checked.
The most important word there is "anything".
For reference, I've been in realtime comms for half of my life, and I wouldn't expect more than 10% of the people I've ever worked with to get it just from the clues I've given. I was the "Bob the Bastard" of code reviews at most companies where I've worked.
My message is that just because they're submitting code to the kernel doesn't mean that they're gurus. Don't put them on a pedestal, that's all.
However, they left the system rooted for longer than that as they wanted to capture forensic evidence and didn't want to spook the attacker.
The "friend of Debian" that was hacked at the same time as Debian was in an insecure state from wednesday night until the friday. Debian's sysadmins were working with this "friend", and I can only assume that the timelines were within minutes of each other for each stage (the rootings/oopsings were at almost identical times on the different systems for example).
"I salute the admins who have done a great job keeping the public informed"
The funny thing is that they couldn't give too much information away too soon, as they wanted to set up their own sniffers and stuff, to see if they could actaully trap incoming hacker connections. The info within this secretive other system was much more informative than the official Debian story, I can tell you;-)
This is why the linux kernel has bugs. That's the "fixed" version.
If I were to see that in a code review I'd ask for it to be changed.
Who proposed that patch? I'd like to know who I'm insulting the programming skill of!
Nope, I'm not saying it's won't work, but I'm saying that it displays a fundamental ignorance of the language which was the reason the old code had a bug in the first place. i.e. the guy who did the patch is nearly as thick as the guy who coded the bug in the first place.
There's more than one person behind this. Nearly the same time that Debian's boxes were rooted, a "friend of Debian" had his system rooted too, and the exploits and rootkits used were very similar, as the sysadmins compared notes. However, they were subtly different and the most likely explanation is that the two hackers knew each other, and exchanged some information, but weren't the same person.
How do you know the the program that does the downloading isn't now hacked? How do you know the thing that validates the checksum isn't now hacked? How do you know the thing that does the compiling isn't now hacked?
You've just asked the computer owner to run at least three programs whose state is unknown, and therefore ought to considered insecure.
If you've run _any_ code downloaded from a compromised server, then your entire system state is potentially unknown. Unless you're prepared to pretend that local root exploits don't exist.
Boot from a read-only floppy and don't touch _any_ executable or library on your hard disk until you've checksummed it with the md5sum off another read-only floppy. Preferably use something like tripwire that again runs off a read-only floppy. If you do anything else you don't know exactly what you're running.
He said "icons". _plural_. No way you'd get more than one Aqua dock icon on an 800x600 screen at any one time, so it couldn't have been OSX.
(e.g. first hit from google - http://www.arstechnica.com/reviews/1q00/macos-x -gu i/screenshot.jpg I have xterms smaller than some of those dock icons!)
That 16% is a meaningless figure. I could come up with about 4 completely different interpretations of it.
e.g. If hypothetically 18% of companies that don't currently use linux were originally planning to migrate towards linux, then - if now only 2% will migrate to linux, that's a 16% drop. - if now only 15% will migrate to linux, that's a 16% drop.
So is it 18->2 or 18->15 - they're very different impacts.
" They've only filed one legal case. They've said that they'd file more. Lots more. "
I think that's enough for barratry. At least in a dicionary sense. It's certainly persistent incitement of litigation. They've said they'd do many, they've carried out that threat at least once, and therefore the threat is a real one.
There might be a pedantic definition in the US legal system, but elsewhere just _threats_ (as long as the threats are expected to be realised - hence the need for them to actually file papers at least once) are required, I'm sure.
I too ANAL, nor do I know any details about the US system.
"I was using a GUI burning software that will remain nameless for now"
_Either_ - you fucked up, be a man and admit it's your fault; - the software fucked up, in which case let others know what it was and how it fucked up so that they can avoid risking the same bug.
Slashdot Mirror
After 56k was standardised it was discovered that they radiate too much, and the FTC has capped their use in the US. Theoretically in other parts of the world you can happy run at 56k (as you say, unidirectionally, and if your ISP has no outgoing analog filter).
YAW.
Nope - NT was based on code stolen from DEC and taken to MS by DEC's old project lead. DEC finally sussed this out, and sued. And won. Mica, I think it was called (the DEC project that the NT code was based on). The only reason MS and DEC had this Alpha/NT flagship agreement was because they came to an agreement from that lawsuit.
YAW.
That is the single funniest post _ever_ in the history of slashdot.
I stand in awe.
"it just downloads a list of packages and how to build each one."
Oh, OK, that method guarantees that compromised binaries won't get onto your system. No chance that the list of packages would be altered to point to compromised ones, and no chance that the instructions how to build them might involve underhand actions. Sure, sure, all's rosy.
NOT!
YAW.
The situation was where there was a prior value, a fixed limit, and a user requested delta.
/* value+delta too large */ }
The delta value is not to be trusted.
Therefore compare the delta value against a value that can be guaranteed not to cause overflows:
if(delta > (limit-value))
{
The invariants for the system should include
limit>=0
value>=0
limit>=value
and therefore (limit-value) is a positive integer less than limit.
If delta is permitted to be signed then checking that it doesn't fall below a minimal value (0 maybe) should also be done.
If the original check had been that single condition rather than the expression which uses (value+delta), the original root exploit would never have occured.
It's subtle, I'll grant you, as most people consider "if(a<(b+c))" to be the same as "if((a-b)<c)", etc. however, they are different.
(in most common languages, ones with silent overflows)
If you want to check the value of delta, then really check delta, don't check some value derived from it. I've seen this kind of mistake a hundred times.
If you don't know what a train's destination is, you don't jump on it to see where it takes you in order to see if it's the right one, do you? Then don't operate on any variables until after you've checked the values. (It's not always possible, as not all expressions are reversible, but most common arithmetic ones are.)
YAW.
Before anyone wastes mod points upmodding me, the above scheme of
having an abstraction layer would probably put up the costs of the devices more than just the $0.25 payment, and so would never
actaully happen. It's just a theoretical possibility, that's all.
(It dooes happen though - e.g. my camera presents a not-FAT interface to my computer via the serial port despite the fact
that the implementation (real flash card) is FAT. NFS servers
present all underlying filesystems as the same, whether they
were FAT, NTFS, ext2,ISO9660, whatever.)
YAW.
A DRM-enabled, or is that DRM-disabled, filesystem that MS will license for _free_.
I can see it now:
"Hmmm, MS FAT costs money, MS ball-and-chain-FS is free, and what the fsck is minixt3eiserfs?"
What do you think they'll chose...
YAW.
Not so. It may present an interface that behaves like FAT, but that doesn't mean that the actual filesystem used internally is FAT.
Interface vs. Implementation.
Of course, if there's a FAT interface, then MS could arguably claim patent infringement, but I thought that there was a clause in patent law now that said that inter-working with a published standard was non-infringing. (Reverse engineering to inter-work with a non-published standard is different, of course.)
YAW.
Yup, you're right.
' ohlts.h tml
However, putting out feelers to see if others are having the same issues does help. Ignoring them doesn't make them go away.
E.g. the recent AskTog package/folder issue - where a file security program was magically "swallowing" files rather than encrypting them:
http://www.asktog.com/columns/058SecurityD
YAW.
Yup, I've seen the exchanges between someone else @helsinki.fi and a certain Dutch professor about this topic! (And even though I'm a linux user, I think AST was right, monolithic kernels are a relic from the dark ages.)
The microkernel architecture protects the individual components from each other, but unfortunately doesn't protect the system from the component that is in charge of it. Damage limitation, but not damage prevention.
Christ, your record collection _ROCKS_! Did you see Wigwam and Tasavallin Presidentti in the Savoy Theatre last night?
YAW
sued if -> used it
And I freaking previewed. D'oh!
YAW
heheh, put it this way, when I used Mma, (and I still ahve it here), all I sued if for was it's number-theoretic functionality, which I found to be superior (either in functionality or usability) to Maple, MathCad, Octave, and Maxima, which I uninstalled after only brief mucking around.
9 187378123492531 -7.072683880042621318876020258 1.105439672631630965779278602]
I appreciate that I probably never even looked at 90% of mathematica (although when bored I would sometimes just browse the manuals and run the examples).
Pari/GP is certainly more number-theoretic based. Pari/GP will do symbolic computation to a limited extent, but Mma is incomparably more competant. I didn't know what the OP was after, but the most common things I see newbies on newsgroups ask about is arbitrary precision computation, sin, cos, bessels, stuff like that, and stuff outside the reals - complex, matrix, polynomial etc.
That's where GP and Mma overlap quite a bit.
Matrices? Eigenvalues - sure:
(03:28) gp > m=[1,2,3;4,5,6;7,8,0]
%1 =
[1 2 3]
[4 5 6]
[7 8 0]
(03:28) gp > m^-1
%2 =
[-16/9 8/9 -1/9]
[14/9 -7/9 2/9]
[-1/9 2/9 -1/9]
(03:28) gp > mateigen(m)
%3 =
[-0.3142480469693890687437828696 8.027583885419092951566794272 0.4684823433684779353588067792]
[-0.441846701679
[1 1 1]
But let's get funky and have the matrix as a space over Z/17Z:
(03:28) gp > Mod(m,17)
%4 =
[Mod(1, 17) Mod(2, 17) Mod(3, 17)]
[Mod(4, 17) Mod(5, 17) Mod(6, 17)]
[Mod(7, 17) Mod(8, 17) Mod(0, 17)]
(03:30) gp > Mod(m,17)^-1
%5 =
[Mod(2, 17) Mod(16, 17) Mod(15, 17)]
[Mod(11, 17) Mod(3, 17) Mod(4, 17)]
[Mod(15, 17) Mod(4, 17) Mod(15, 17)]
But oops, sorry, that's more like number-theory!
Give it a try - you might like it, you might hate it.
It's cheap (free), it's portable (from handhelds to crays), and it's exceptionally well supported ( http://pari.math.u-bordeaux.fr/ )
YAW.
There's a simpler way.
Remember the mantra - all externally provided data is not to be trusted, don't do anything with it until it's been checked.
The most important word there is "anything".
For reference, I've been in realtime comms for half of my life, and I wouldn't expect more than 10% of the people I've ever worked with to get it just from the clues I've given. I was the "Bob the Bastard" of code reviews at most companies where I've worked.
My message is that just because they're submitting code to the kernel doesn't mean that they're gurus. Don't put them on a pedestal, that's all.
YAW.
May have been localised DNS poinsoning?
YAW.
"Debian caught it within 24 hours"
;-)
However, they left the system rooted for longer than that as they wanted to capture forensic evidence and didn't want to spook the attacker.
The "friend of Debian" that was hacked at the same time as Debian was in an insecure state from wednesday night until the friday. Debian's sysadmins were working with this "friend", and I can only assume that the timelines were within minutes of each other for each stage (the rootings/oopsings were at almost identical times on the different systems for example).
"I salute the admins who have done a great job keeping the public informed"
The funny thing is that they couldn't give too much information away too soon, as they wanted to set up their own sniffers and stuff, to see if they could actaully trap incoming hacker connections. The info within this secretive other system was much more informative than the official Debian story, I can tell you
YAW.
if ((addr + len) > TASK_SIZE || (addr + len) < addr)
This is why the linux kernel has bugs.
That's the "fixed" version.
If I were to see that in a code review I'd ask for it to be changed.
Who proposed that patch? I'd like to know who I'm insulting the programming skill of!
Nope, I'm not saying it's won't work, but I'm saying that it displays a fundamental ignorance of the language which was the reason the old code had a bug in the first place. i.e. the guy who did the patch is nearly as thick as the guy who coded the bug in the first place.
These guys aren't gurus, they're just keen.
YAW.
There's more than one person behind this.
Nearly the same time that Debian's boxes were rooted, a
"friend of Debian" had his system rooted too, and the
exploits and rootkits used were very similar, as the
sysadmins compared notes. However, they were subtly
different and the most likely explanation is that the
two hackers knew each other, and exchanged some
information, but weren't the same person.
YAW.
I have received >2000 sobigs from >1000 IP addresses.
There's your 1000 rooted boxes, and I didn't even need to do it myself.
YAW.
"Download ... validate the checksum ... build"
How do you know the the program that does the downloading isn't now hacked? How do you know the thing that validates the checksum isn't now hacked? How do you know the thing that does the compiling isn't now hacked?
You've just asked the computer owner to run at least three programs whose state is unknown, and therefore ought to considered insecure.
If you've run _any_ code downloaded from a compromised server, then your entire system state is potentially unknown. Unless you're prepared to pretend that local root exploits don't exist.
Boot from a read-only floppy and don't touch _any_ executable or library on your hard disk until you've checksummed it with the md5sum off another read-only floppy. Preferably use something like tripwire that again runs off a read-only floppy. If you do anything else you don't know exactly what you're running.
And who said the floppy was dead?
YAW.
"
Moreover, they counted only attacks on servers (without a clear definition of what a server is)
"
A server is anything with an open port accepting requests from the outside world.
Quite how Win98 boxes can serve files, and with IIS can serve web-pages, without being classified as servers is beyond me.
YAW.
He said "icons". _plural_.
x -gu i/screenshot.jpg
No way you'd get more than one Aqua dock icon on an 800x600 screen at any one time, so it couldn't have been OSX.
(e.g. first hit from google -
http://www.arstechnica.com/reviews/1q00/macos-
I have xterms smaller than some of those dock icons!)
YAW.
That 16% is a meaningless figure.
I could come up with about 4 completely different interpretations of it.
e.g. If hypothetically 18% of companies that don't currently use linux were originally planning to migrate towards linux, then
- if now only 2% will migrate to linux, that's a 16% drop.
- if now only 15% will migrate to linux, that's a 16% drop.
So is it 18->2 or 18->15 - they're very different impacts.
YAW.
"
They've only filed one legal case.
They've said that they'd file more.
Lots more.
"
I think that's enough for barratry. At least in a dicionary sense. It's certainly persistent incitement of litigation. They've said
they'd do many, they've carried out that threat at least once,
and therefore the threat is a real one.
There might be a pedantic definition in the US legal system, but
elsewhere just _threats_ (as long as the threats are expected to
be realised - hence the need for them to actually file papers at
least once) are required, I'm sure.
I too ANAL, nor do I know any details about the US system.
YAW.
"I was using a GUI burning software that will remain nameless for now"
_Either_
- you fucked up, be a man and admit it's your fault;
- the software fucked up, in which case let others know what it was and how it fucked up so that they can avoid risking the same bug.
YAW.
http://pari.math.u-bordeaux.fr/
It's a bit like Mathematica, but faster, GPL'ed and amazingly well supported (i.e. bugs get fixed within days of reporting).
YAW.