When I was an undergrad at BYU, I had a friend who was working in this field. He worked under a mountain (less background radiation from cosmic rays). Made measurements while running, and compared to background when not running. Sadly, back then ('96 or '97) there was less radiation when running than when not (*very* disturbing). I told him he should change his project from "fusion generator" to "radiation absorber".
Of course, the field has had 7-8 years to develop since then, so hopefully things are better now. Still, you have to wonder if it could scale up to a useful level....
One morning, several years ago, I woke up with a stiff neck. It occurred to me that putting something warm on it would help. I lived in a dorm room, and had little around, other than a small microwave. So I grabbed a dry towel and put it in. Now, we all know that microwaves heat up the water in a substance. And the towel was dry. So I figured 30 seconds would just about do it. When I opened the microwave 30 seconds later, I was stabbed in the eye by a cloud of black smoke. Immediately threw the towel, with hole burned through it, into the sink.
Moral of the story: don't put a wad of cash into the microwave.
What happens if you forget to wind your watch^Wtimelock? Does it fail open? I'm sorta seeing it something that unlocks when time runs out, so there's no concern of not having it wound enough to unlock?
Those of us in the computer security industry happen to be well aware of how this works:
A researcher finds a vulnerability. The researcher reports it to Microsoft. The researcher waits up to a year (in the case of the ASN.1 vulnerability) for a patch to be released. Simultaneous with the release of the patch, the researcher posts how to exploit it. So yes, usually the information about the vulnerability comes after the patch... by a few minutes.
Now ask yourself: what if the researcher doesn't contact M$ first?
Really??? What's your UNIX distribution??? Solaris??? AIX??? HP-UX???
You know I was talking of Linux... and... until SCO is proved wrong, it is UNIX:)
Um, no. It is not. UNIX is a registered trademark of The Open Group. They certify products as being compliant with a known standard. Linux has not been certified, and is not even compliant. Until it is, you are confusing the issue and infringing on a trademark.
Now for the flamebait part of the post:
Yes, it's nice that the kids can play on their little OS at home, but please don't confuse it with UNIX.
Except it's not. That's just netcraft, which stumbled across some machines. But there are others out there, that netcraft doesn't know about. See The Uptimes Project for an OpenVMS machine which beats all your BSD boxes.
The article claims that spammers have no expenses, and that the only way to change that is to charge "postage" per email. But there are other ways. Here are some examples:
Once I got spam with an (800) number, with a live operator at the other end. So I told my modem there was a computer to connect to at the other end, and told it to redial until it got a successful connection. Then I left for the day.
Once I got a spam advertising toner cartriges. So I ordered a bunch. Told them to bill my fake name/address. This costs them money to figure out.
Some spam points to websites. Now, the spammers are hoping for a 0.1% response rate. Can you imagine if they got even a 10% response rate? Let's give it to them! The "slashdot effect" isn't limited to articles linked from here, you know. This is one of the methods that looks most appealing: if the spam-filter follows links, then any spammer will be subjecting themselves to a DDoS. Meanwhile the bayes filters are even more accurate.
My point: if someone cuts you off on the highway, don't swerve into the innocent person next to you, or into oncoming traffic, or even off the road. If you do, the bad driver will just continue on their way and cut off the next person. Instead, hit them. If their expenses match yours, the behavior will stop.
I wanted to see what they were whining about, so I downloaded 2.4.1. None of their line numbers make any sense. They're claiming we copied comments about Linux from them? And blank lines? Am I missing something here??
"We may be able to do things like look at their gene sequence, look at their promoter sequence, to genotype people and correlate that with their fidelity."
So, women may not yet be able to check our genes for risk of contracting alzheimers, but they can now find out if we'll cheat on them? This is looking dangerous....
It's probably worth pointing out that genetic predisposition does NOT indicate what will happen in a particular case.
I'd like to check the release notes before wasting bandwidth on the download. Can't seem to find them, though. Could someone provide a link (or a mirror from what you downloaded)?
The entire purpose behind full disclosure is to force companies to not sit on bugs forever. You give them a week to respond to the initial bugreport. Then you communicate with them about a reasonable timeframe for coming up with a fix. If the company is not reasonable, you go ahead and publish. This does not seem to have been done in this case. Instead, eEye allowed M$ to drag it out for 6 months. eEye is NOT doing their customers a service by allowing this.
[end rant]
Last year my landlord gave me a lease that I identified as having a clause contrary to the city law. I pointed this out to them, and asked that the clause be removed. They refused. So I pointed out that it didn't matter, and signed the contract. If there had ever been a dispute, any court would have ignored the clause anyway.
How does this relate? Well, it's just possible that what they're putting in the contract isn't legal. I mean, it doesn't sound like it should be legal. If you can get a lawyer to confirm, then you could feel safe signing it, knowing that the clauses you don't like don't hold any power anyway.
Pardon the "Hackers" joke, but please keep in mind that a Trusted OS (B-level in the orange book) is very different from the standard C-level security we're all used to. While it's good to see linux developing a trusted version, I am concerned about introducing this to the masses. It's going to confuse the heck out of most users, and probably many admins. Up until reading this story I was a strong supporter of Fedora. Now I'm a little nervous.
Anyone care to share their experiences with SELinux?
I'm disappointed by the errors included in the article by Stephen Evans on the MyDoom virus. His statements regarding the intents of the virus creators are treated through most of the article, except in a minor comment near the end, as statements of fact. This is improper, as Stephen could not possibly know the intent.
There are also some blatant factual errors. For example, Stephen writes "[i]t has attacked a company based in Utah called SCO, bringing down its website with a barrage of emails...." This statement is false. The virus attacks the SCO webserver, as is noted later in the article (self consistency was not even maintained).
Finally, the article closes with the statement "[i]t is about malice not money." This is also widely regarded, among the computer security community, to be untrue. The article failed to mention that the virus creates a backdoor on infected machines that can be used to relay spam. The virus appears to have been written by for the purpose of helping spammers. The DoS (denial of service) attack on SCO appears to have been added later, almost as an afterthought, as a way of distracting the news media from the more insidious threat. It is unfortunate that it seems to have succeeded in that goal.
Please feel free to contact me if you have any questions about my statements. I have not included references since this is fairly easy to confirm by visiting any reputable security site. I especially recommend reading the comments of the "incidents" list at www.securityfocus.com to see what experts are saying about the relative importance of the "spam relay" part of the worm to the "attack SCO" part.
It concerns me, when I recognize such blatant reporting errors, that I cannot trust the other articles originating from your site. I hope that this will be an isolated incident.
Thanks. Here's another example: analog multimeters. If I'm tracing a circuit, I really don't care the exact resistance between two points, only that it's less than infinity. Similarly with measuring voltages. If there's voltage, that's better than if there isn't. Having to examing a digital one very carefully to see where the decimal point ended up is incredibly slow, as compared to the peripheral vision way I use my analog meters.
Gonna have fun reading any arguments against this....
Once things pass 3 sigma then the scientists will start to pay attention.
Man you theorists have it easy! Imagine if you guys had to hit six sigma like the working world!
Uhh, I didn't say we only do 3 sigma. I said that people start paying attention at 3 sigma. Here's a rough sketch of how it works:
Less than 1 sigma deviation: data "agrees"
1-3 sigma deviation: data is "consistent"
3-5 sigma deviation: "evidence" for something strange going on
Greater than 5 sigma deviation: "discovery" of something new
Obviously these aren't taken exactly -- groups may bend the rules slightly. For example, the two papers that reported on the "observation" of the top quark reported 4.8 sigma and 4.6 sigma deviations. It's done this way because they don't watch the data approach 5 sigma, but rather collect it (blindly; without looking at it) and then do an analysis and see what they get. When they get a result like 4.8 sigma it's reasonable to say that's closer to 5 than to 3.
Slashdot Mirror
When I was an undergrad at BYU, I had a friend who was working in this field. He worked under a mountain (less background radiation from cosmic rays). Made measurements while running, and compared to background when not running. Sadly, back then ('96 or '97) there was less radiation when running than when not (*very* disturbing). I told him he should change his project from "fusion generator" to "radiation absorber". Of course, the field has had 7-8 years to develop since then, so hopefully things are better now. Still, you have to wonder if it could scale up to a useful level....
Moral of the story: don't put a wad of cash into the microwave.
What happens if you forget to wind your watch^Wtimelock? Does it fail open? I'm sorta seeing it something that unlocks when time runs out, so there's no concern of not having it wound enough to unlock?
Can't say how many times I've thought about doing an rm -rf ~luser. This seems dangerous.
Yes, I do.
I also realize that there's a viewer for it for almost any OS out there, which is not the case for .doc files.
I also realize that .pdf doesn't have as many horrible scripting vulnerabilities as .doc.
I also realize that you're a troll.
A researcher finds a vulnerability. The researcher reports it to Microsoft. The researcher waits up to a year (in the case of the ASN.1 vulnerability) for a patch to be released. Simultaneous with the release of the patch, the researcher posts how to exploit it. So yes, usually the information about the vulnerability comes after the patch... by a few minutes.
Now ask yourself: what if the researcher doesn't contact M$ first?
Anyone have a .pdf of the specification? I don't do .doc (or other proprietary) formats.
Um, no. It is not. UNIX is a registered trademark of The Open Group. They certify products as being compliant with a known standard. Linux has not been certified, and is not even compliant. Until it is, you are confusing the issue and infringing on a trademark.
Now for the flamebait part of the post: Yes, it's nice that the kids can play on their little OS at home, but please don't confuse it with UNIX.
If SCO wins this case, it would essentially invalidate the GPL, making your point irrelevant.
Except it's not. That's just netcraft, which stumbled across some machines. But there are others out there, that netcraft doesn't know about. See The Uptimes Project for an OpenVMS machine which beats all your BSD boxes.
Once I got spam with an (800) number, with a live operator at the other end. So I told my modem there was a computer to connect to at the other end, and told it to redial until it got a successful connection. Then I left for the day.
Once I got a spam advertising toner cartriges. So I ordered a bunch. Told them to bill my fake name/address. This costs them money to figure out.
Some spam points to websites. Now, the spammers are hoping for a 0.1% response rate. Can you imagine if they got even a 10% response rate? Let's give it to them! The "slashdot effect" isn't limited to articles linked from here, you know. This is one of the methods that looks most appealing: if the spam-filter follows links, then any spammer will be subjecting themselves to a DDoS. Meanwhile the bayes filters are even more accurate.
My point: if someone cuts you off on the highway, don't swerve into the innocent person next to you, or into oncoming traffic, or even off the road. If you do, the bad driver will just continue on their way and cut off the next person. Instead, hit them. If their expenses match yours, the behavior will stop.
I wanted to see what they were whining about, so I downloaded 2.4.1. None of their line numbers make any sense. They're claiming we copied comments about Linux from them? And blank lines? Am I missing something here??
So, women may not yet be able to check our genes for risk of contracting alzheimers, but they can now find out if we'll cheat on them? This is looking dangerous....
It's probably worth pointing out that genetic predisposition does NOT indicate what will happen in a particular case.
Couldn't be bothered to notice I'm asking for Fedora Core 2 Test release notes, not Fedora Core 1 release notes, eh?
Cute. Linux 2.6.2 kernel source. About 500 took the bait so far.
Cute, but before anyone wastes more bandwidth on that, the torrent is the 2.6.2 kernel source.
M$ would pay off a judge, and the GPL would be declared to violate the Constitution. :(
I'd like to check the release notes before wasting bandwidth on the download. Can't seem to find them, though. Could someone provide a link (or a mirror from what you downloaded)?
The entire purpose behind full disclosure is to force companies to not sit on bugs forever. You give them a week to respond to the initial bugreport. Then you communicate with them about a reasonable timeframe for coming up with a fix. If the company is not reasonable, you go ahead and publish. This does not seem to have been done in this case. Instead, eEye allowed M$ to drag it out for 6 months. eEye is NOT doing their customers a service by allowing this. [end rant]
How does this relate? Well, it's just possible that what they're putting in the contract isn't legal. I mean, it doesn't sound like it should be legal. If you can get a lawyer to confirm, then you could feel safe signing it, knowing that the clauses you don't like don't hold any power anyway.
Oh, wait. Mouse. nm.
Anyone care to share their experiences with SELinux?
My complaint (submitted to BBC):
I'm disappointed by the errors included in the article by Stephen Evans on the MyDoom virus. His statements regarding the intents of the virus creators are treated through most of the article, except in a minor comment near the end, as statements of fact. This is improper, as Stephen could not possibly know the intent.
There are also some blatant factual errors. For example, Stephen writes "[i]t has attacked a company based in Utah called SCO, bringing down its website with a barrage of emails...." This statement is false. The virus attacks the SCO webserver, as is noted later in the article (self consistency was not even maintained).
Finally, the article closes with the statement "[i]t is about malice not money." This is also widely regarded, among the computer security community, to be untrue. The article failed to mention that the virus creates a backdoor on infected machines that can be used to relay spam. The virus appears to have been written by for the purpose of helping spammers. The DoS (denial of service) attack on SCO appears to have been added later, almost as an afterthought, as a way of distracting the news media from the more insidious threat. It is unfortunate that it seems to have succeeded in that goal.
Please feel free to contact me if you have any questions about my statements. I have not included references since this is fairly easy to confirm by visiting any reputable security site. I especially recommend reading the comments of the "incidents" list at www.securityfocus.com to see what experts are saying about the relative importance of the "spam relay" part of the worm to the "attack SCO" part.
It concerns me, when I recognize such blatant reporting errors, that I cannot trust the other articles originating from your site. I hope that this will be an isolated incident.
Gonna have fun reading any arguments against this....
Uhh, I didn't say we only do 3 sigma. I said that people start paying attention at 3 sigma. Here's a rough sketch of how it works:
- Less than 1 sigma deviation: data "agrees"
- 1-3 sigma deviation: data is "consistent"
- 3-5 sigma deviation: "evidence" for something strange going on
- Greater than 5 sigma deviation: "discovery" of something new
Obviously these aren't taken exactly -- groups may bend the rules slightly. For example, the two papers that reported on the "observation" of the top quark reported 4.8 sigma and 4.6 sigma deviations. It's done this way because they don't watch the data approach 5 sigma, but rather collect it (blindly; without looking at it) and then do an analysis and see what they get. When they get a result like 4.8 sigma it's reasonable to say that's closer to 5 than to 3.