I am running win xp pro with zone alarm firewall. Twice today I have had a blue screen come up and say that there is a system stop due to a program trying to write to a read only portion of memory.
It is not completely unlikely that the worm could be causing this. I don't know the details about this flaw, so I cannot say how likely it is, that a second firewall vendor made the same mistake. But even if ZoneAlarm has a similar flaw, it is very unlikely that it can be infected by a worm aimed at BlackICE. Crashing ZoneAlarm is however very likely. This is of course all guessing, there could just as well be a completely different explanation to the symptoms you are seeing. What exactly the write to a read only area means is not clear. It could indicate ZoneAlarm or the kernel is using fencing as an extra layer of security. If this is the case it could slow down the creation of an exploit against ZoneAlarm or maybe even make it unexploitable in which case it will only be a DoS attack. If there really is a flaw in ZoneAlarm I'd expect more people to be seeing the same symptoms.
nitpicking: blackice is not a firewall, never was.
Then what is blackice? I asked google and found
this.
Pick your favourite, mine is: "blackice is a powerful new way to defend the computers on your network from hackers".
I wasn't aware that a worm could do that. I know a virus could, but a worm? Nope.
Viruses and worms are distinguished by the way they spread, not the payload. The overwritting performed by Witty is the payload, it could have spread just the same without this payload, it just wouldn't be so destructive.
A virus spread by infecting disks or files. A worm spread through insecure network services. Finally there are those spreading through emails and stupid users. Since they didn't match neither the virus nor the worm caracteristica, they ended up being called both. I guess at least 90% of todays computer users belive in only those things they can see, they think only those emails exists. Without the knowledge of real worms and viruses, these people think a virus and a worm is the same, and that it is an email with an attached file. I'm sure a lot of people will actually think a worm that can spread without manual actions is actually a new trend. But it is not, the first great worm was released Nov 2, 1988. Witty might however be the first worm with such a destructive payload.
In particular, if you were running OpenSSH on Windows, which still depends on OpenSSL, then you are still in trouble.
Is OpenSSH affected by this problem? AFAIK SSH doesn't use the SSL protocol. So if SSH just use the cryptographic primitives from OpenSSL, and the vulnurability was in another part of the code, how could SSH be affected?
Please, like it or not, MS is already light years ahead of OSS in terms of localization and supporting foreign languages.
Actually it is the other way around. MS is already light years behind everybody else. How about letting people choose which language to use? Microsoft Windows aparently only support one language. They make translations, so there are different versions of Windows for each language. Linux OTOH make the language a setting you can choose, actually you can even choose different language for each user. With Windows you are forced to use the language in that particular version. I have talked with foreigners here in Denmark, who couldn't get support for English in Windows, because every shop arround sells only the Danish version. If Microsoft want to play catch up, they should first implement real localization support, which means to build in English messages in the programs and create translation files, such that the same program will work with different languages.
BitTorrent is not blocked at our universisty, but surely someone is keeping a close eye on the traffic. When I downloaded Fedora Core 1, I got an email from the staff asking for an explanation of this BitTorrent traffic. Of course my explanation was accepted. AFAIK they are actually going to install Fedora Core 1 on our workstations some time soon.
With the right options wget is appropriate for almost anything. You'd be surprised to see the list of possible options you can specify for wget. You can specify timeout as well as number of retries, which means it would also be usable for the scenario you describe. Though it seems like wget doesn't have exponential backoff, only linear backoff, and there seems to be no options to change the backoff strategy. Which one of exponential and linear is best of course depends on your point of view.
MySQL changed the license of the client libraries to GPL from
LGPL.
Then how come nobody forked the libraries? You could take the new server (where it doesn't matter if the license is GPL or LGPL as you are not going to link it against anything) and the old libraries that were released under LGPL. Then modify those libraries as much as necesarry to work better with the new version of the server. And release the modified libraries under LGPL.
needless to say that Macs can read/write pc floppies
I know that. Though my experience with pc floppies on Macs haven't been as good as on the Amiga.
you can get Windows software allowing you to read/write Mac disks as well.
I don't know the details of the Mac floppy format. What I do know is that there are multiple completely unrelated differences between a PC floppy and an Amiga floppy. Both the physical format and the filesystem on top of that differ. The two are independend, nothing prevents you from using an Amiga filesystem on a floppy using the physical PC format or using a FAT filesystem on a floppy physically formated as an Amiga floppy. Doesn't make much sense though as few systems will support those combinations.
It is impossible for a PC floppy controller to read a floppy in the Amiga's physical format. Except with a recent trick involving two floppy drives on the same controller with a PC floppy in one drive and an Amiga floppy in the other drive and switching between the drives in the middle of a read operation. If you take a look on the sizes you will also notice a difference. When looking on DD floppies a PC floppy will hold only 720KB while Amiga and Mac floppies hold more data. The Amiga floppy holds 880KB I don't remember the capacity of DD floppies on the Mac but it was around the same size as on the Amiga. On the HD floppy both PC and Amiga can hold twice the amount of a DD floppy that is 1440KB for the PC and 1760KB for the Amiga. But according to numbers I have seen the Mac doesn't hold twice the amount of data when switching from a DD to a HD floppy. Rather I have seen numbers indicating a HD Mac floppy holds 1.40MB which is aproximately the same as 1440KB. So it might be that a HD Machintosh floppy actually use the same physical format as the PC while still using the Machintosh filesystem. I should have verified that when I recently had a Mac formatted floppy. But I formatted it, I really just picked a Mac floppy because we were out of PC formatted floppies.
Linux is still stuck with a antiquated pre-object model of interprocess communication
You make it sound like object oriented inter process communication is a good thing. Hell no. I don't want the communication protocols to be dependent on a particular object model. I don't want communication protocols that are designed to work well with one language and end up being a nightmare to use from code written in any other language. Text based protocols where you can easilly see what is going on and you can easilly debug problems are nice, and for a lot of things they give a good performance. Sure I wouldn't want stuff like X to be done using a text based protocol, because that is probably one of the cases where it wouldn't give a good performance. I don't know the details of the protocol, but I am impressed how widely it is supported and how well it works.
there is a steeper learning curve to using Linux than Windows.
When I first started using UNIX systems about seven years ago I had no major problems learning it. I already knew how to use AmigaOS and DOS, so I was familiar with a commandline, and though UNIX was different I quickly learned how to use the most fundemental commands. When I started using Linux about five years ago it wasn't much trouble. Of course a major reason for choosing Linux was that I needed something compatible with UNIX. And of course my UNIX knowledge helped me a lot getting stated with Linux. I could do most things exactly the way I had used to do on UNIX. The only system I'm really having trouble using is Windows. Sometimes even very simple tasks are giving me headaches. A lot of the problems are something I experience just once and then give up. A few I come across again and again. Now if you want to argue that Windows is easy to use, then tell me how to do these tasks that I can easilly do on Linux:
How do I activate a window without moving it in front of other Windows? I often need to do that when I look on something in one window will typing in another.
How do I maximize a window in only one direction? In Linux I can maximize horisontally and vertically by clicking different mouse buttons on the maximize icon.
How do I switchc to a different application when the current application has a request box open?
Where is the Windows equivalent of strace?
How do I compare two directory hierarchies? Once I needed to do this I gave up and decided it was easier to just copy the directory hierarchies to my Linux box and do the comparision there. Unfortunately I couldn't find tar on the Windows machine. The only tool I could find for copying was the FTP client, and it was hopelessly slow. It took hourse to copy just a few MB. Apparently the overhead was related to the large number of files. From the Linux side I could verify that bottleneck was on the Windows computer.
This is really one area where both Linux and Windows sucks. And it couldn't have been any other way, because they are both using the same hardware, and that controller really sucks. I have not seen any removable media handling working nearly as good as AmigaOS. And AmigaOS did this already fifteen years ago. And the controller was so flexible, that later drivers were written that would allow you to access Mac and PC floppies on the exact same hardware. I'd be happy to implement something as similar to AmigaOS' removable media handling as possible for Linux. But I will not do this for floppies, because I don't care about floppies anymore, most of my computers doesn't even have floppy drives. But good handling of CD's is something I'd like. Unfortunately I don't know how to detect when the user press the eject button on a drive that is currently locked.
And this does it without corrupting your filesystem!
That is true, I use it on all my systems. You should notice that it requires at least version 2.4, anything older will give you an error message if you try.
Re:Email Postage also creates new problems
on
Gates on Spam
·
· Score: 1
1MORE user education to NOT RESPOND to the dang things.
Forget it. No matter the amount of education, there will always be a few fools left. Enough to make spaming attractive. And how would the law help? More than 99% of the spam I receive is from outside the country.
Re:Cha ching, reloaded.
on
Gates on Spam
·
· Score: 1
You need to pick bigger primes
Indeed. And you don't need that many. A more realistic example would be 1059608137721971363. However I'm still a bit worried we will end up with a situation where the problem size must be kept at a moderate size to allow 2-3 years old computers to compute it, and then spamers find some kind of shortcut. For example tabelizing a lot of primes, computing multiple factorizations at the same time reusing some of the computations. etc.
I think a better problem to use would be md5 hashing. Like I choose a random 11 byte string and give you the md5 hash of the string. I also give you eight of the chars, you have to respond to this challenge with the last three chars.
Slashdot Mirror
I am running win xp pro with zone alarm firewall. Twice today I have had a blue screen come up and say that there is a system stop due to a program trying to write to a read only portion of memory.
It is not completely unlikely that the worm could be causing this. I don't know the details about this flaw, so I cannot say how likely it is, that a second firewall vendor made the same mistake. But even if ZoneAlarm has a similar flaw, it is very unlikely that it can be infected by a worm aimed at BlackICE. Crashing ZoneAlarm is however very likely. This is of course all guessing, there could just as well be a completely different explanation to the symptoms you are seeing. What exactly the write to a read only area means is not clear. It could indicate ZoneAlarm or the kernel is using fencing as an extra layer of security. If this is the case it could slow down the creation of an exploit against ZoneAlarm or maybe even make it unexploitable in which case it will only be a DoS attack. If there really is a flaw in ZoneAlarm I'd expect more people to be seeing the same symptoms.
A computer virus isn't what Google thinks a Witty Worm is
Yes more links on the list sugest this toy is the real Witty Worm. I think the text under one of the images was more fun though: "Click To Enlarge".
nitpicking: blackice is not a firewall, never was.
Then what is blackice? I asked google and found this. Pick your favourite, mine is: "blackice is a powerful new way to defend the computers on your network from hackers".
I wasn't aware that a worm could do that. I know a virus could, but a worm? Nope.
Viruses and worms are distinguished by the way they spread, not the payload. The overwritting performed by Witty is the payload, it could have spread just the same without this payload, it just wouldn't be so destructive.
A virus spread by infecting disks or files. A worm spread through insecure network services. Finally there are those spreading through emails and stupid users. Since they didn't match neither the virus nor the worm caracteristica, they ended up being called both. I guess at least 90% of todays computer users belive in only those things they can see, they think only those emails exists. Without the knowledge of real worms and viruses, these people think a virus and a worm is the same, and that it is an email with an attached file. I'm sure a lot of people will actually think a worm that can spread without manual actions is actually a new trend. But it is not, the first great worm was released Nov 2, 1988. Witty might however be the first worm with such a destructive payload.
In particular, if you were running OpenSSH on Windows, which still depends on OpenSSL, then you are still in trouble.
Is OpenSSH affected by this problem? AFAIK SSH doesn't use the SSL protocol. So if SSH just use the cryptographic primitives from OpenSSL, and the vulnurability was in another part of the code, how could SSH be affected?
Uryy, V qvqa'g unaq genafyngr vg... ebg13.pbz vf zl sevraq.
tr 'a-zA-Z' 'n-za-mN-ZA-M'
Please, like it or not, MS is already light years ahead of OSS in terms of localization and supporting foreign languages.
Actually it is the other way around. MS is already light years behind everybody else. How about letting people choose which language to use? Microsoft Windows aparently only support one language. They make translations, so there are different versions of Windows for each language. Linux OTOH make the language a setting you can choose, actually you can even choose different language for each user. With Windows you are forced to use the language in that particular version. I have talked with foreigners here in Denmark, who couldn't get support for English in Windows, because every shop arround sells only the Danish version. If Microsoft want to play catch up, they should first implement real localization support, which means to build in English messages in the programs and create translation files, such that the same program will work with different languages.
BitTorrent is not blocked at our universisty, but surely someone is keeping a close eye on the traffic. When I downloaded Fedora Core 1, I got an email from the staff asking for an explanation of this BitTorrent traffic. Of course my explanation was accepted. AFAIK they are actually going to install Fedora Core 1 on our workstations some time soon.
Given that Microsoft is a large American company, this European anti-trust process could certainly be seen as partly political.
The American system letting Microsoft get away with what they are doing is at least as political.
wget is a good solution if appropriate.
With the right options wget is appropriate for almost anything. You'd be surprised to see the list of possible options you can specify for wget. You can specify timeout as well as number of retries, which means it would also be usable for the scenario you describe. Though it seems like wget doesn't have exponential backoff, only linear backoff, and there seems to be no options to change the backoff strategy. Which one of exponential and linear is best of course depends on your point of view.
It seems like a bad example to me since wget already has a lot of retrying build in.
consider the naughty pictures on Greek and Roman vases
And today that kind of pornography has been made illegal. What are they actually going to do about those ancient vases?
It's a free email service.
I'm sure RMS would disagree with you.
MySQL changed the license of the client libraries to GPL from LGPL.
Then how come nobody forked the libraries? You could take the new server (where it doesn't matter if the license is GPL or LGPL as you are not going to link it against anything) and the old libraries that were released under LGPL. Then modify those libraries as much as necesarry to work better with the new version of the server. And release the modified libraries under LGPL.
needless to say that Macs can read/write pc floppies
I know that. Though my experience with pc floppies on Macs haven't been as good as on the Amiga.
you can get Windows software allowing you to read/write Mac disks as well.
I don't know the details of the Mac floppy format. What I do know is that there are multiple completely unrelated differences between a PC floppy and an Amiga floppy. Both the physical format and the filesystem on top of that differ. The two are independend, nothing prevents you from using an Amiga filesystem on a floppy using the physical PC format or using a FAT filesystem on a floppy physically formated as an Amiga floppy. Doesn't make much sense though as few systems will support those combinations.
It is impossible for a PC floppy controller to read a floppy in the Amiga's physical format. Except with a recent trick involving two floppy drives on the same controller with a PC floppy in one drive and an Amiga floppy in the other drive and switching between the drives in the middle of a read operation. If you take a look on the sizes you will also notice a difference. When looking on DD floppies a PC floppy will hold only 720KB while Amiga and Mac floppies hold more data. The Amiga floppy holds 880KB I don't remember the capacity of DD floppies on the Mac but it was around the same size as on the Amiga. On the HD floppy both PC and Amiga can hold twice the amount of a DD floppy that is 1440KB for the PC and 1760KB for the Amiga. But according to numbers I have seen the Mac doesn't hold twice the amount of data when switching from a DD to a HD floppy. Rather I have seen numbers indicating a HD Mac floppy holds 1.40MB which is aproximately the same as 1440KB. So it might be that a HD Machintosh floppy actually use the same physical format as the PC while still using the Machintosh filesystem. I should have verified that when I recently had a Mac formatted floppy. But I formatted it, I really just picked a Mac floppy because we were out of PC formatted floppies.
You need something like 3x200GB drives to make a RAID-4 or RAID-5 array of 400GB, which can withstand a single drive failure.
Or 5x100GB. Or even 6x100GB with the last being hot spare.
Linux is still stuck with a antiquated pre-object model of interprocess communication
You make it sound like object oriented inter process communication is a good thing. Hell no. I don't want the communication protocols to be dependent on a particular object model. I don't want communication protocols that are designed to work well with one language and end up being a nightmare to use from code written in any other language. Text based protocols where you can easilly see what is going on and you can easilly debug problems are nice, and for a lot of things they give a good performance. Sure I wouldn't want stuff like X to be done using a text based protocol, because that is probably one of the cases where it wouldn't give a good performance. I don't know the details of the protocol, but I am impressed how widely it is supported and how well it works.
When I first started using UNIX systems about seven years ago I had no major problems learning it. I already knew how to use AmigaOS and DOS, so I was familiar with a commandline, and though UNIX was different I quickly learned how to use the most fundemental commands. When I started using Linux about five years ago it wasn't much trouble. Of course a major reason for choosing Linux was that I needed something compatible with UNIX. And of course my UNIX knowledge helped me a lot getting stated with Linux. I could do most things exactly the way I had used to do on UNIX. The only system I'm really having trouble using is Windows. Sometimes even very simple tasks are giving me headaches. A lot of the problems are something I experience just once and then give up. A few I come across again and again. Now if you want to argue that Windows is easy to use, then tell me how to do these tasks that I can easilly do on Linux:
This is really one area where both Linux and Windows sucks. And it couldn't have been any other way, because they are both using the same hardware, and that controller really sucks. I have not seen any removable media handling working nearly as good as AmigaOS. And AmigaOS did this already fifteen years ago. And the controller was so flexible, that later drivers were written that would allow you to access Mac and PC floppies on the exact same hardware. I'd be happy to implement something as similar to AmigaOS' removable media handling as possible for Linux. But I will not do this for floppies, because I don't care about floppies anymore, most of my computers doesn't even have floppy drives. But good handling of CD's is something I'd like. Unfortunately I don't know how to detect when the user press the eject button on a drive that is currently locked.
And this does it without corrupting your filesystem!
That is true, I use it on all my systems. You should notice that it requires at least version 2.4, anything older will give you an error message if you try.
I'd like to verify if my browser is vulnurable.
Dude the driver is in the BIOS of your board, whatever the board. That means the board should have the CPU needed to run it.
The last ethernet interface I bought didn't include a CPU.
AFAIK a ton is always one Mg (megagram).
1MORE user education to NOT RESPOND to the dang things.
Forget it. No matter the amount of education, there will always be a few fools left. Enough to make spaming attractive. And how would the law help? More than 99% of the spam I receive is from outside the country.
You need to pick bigger primes
Indeed. And you don't need that many. A more realistic example would be 1059608137721971363. However I'm still a bit worried we will end up with a situation where the problem size must be kept at a moderate size to allow 2-3 years old computers to compute it, and then spamers find some kind of shortcut. For example tabelizing a lot of primes, computing multiple factorizations at the same time reusing some of the computations. etc.
I think a better problem to use would be md5 hashing. Like I choose a random 11 byte string and give you the md5 hash of the string. I also give you eight of the chars, you have to respond to this challenge with the last three chars.