If your computer is spreading worms around the internet and some server tries to defend (and the rest of the world) itself against that using reasonable force to disable the worm
Wow... sounds exactly like how you're allowed to respond with deadly force if attacked with deadly force. Or how you're allowed to respond with deadly force if you see another attacked with deadly force. The precedent is already there in human relations, so I don't see a legal problem extending it to computer interactions.
I, for one, am looking forward to the time when people are free to defend themselves (and the rest of the internet) against attacks. Attacked by a worm? Sent spam through an open relay? Take them out! Places that are a threat to the infrastructure do not have the right to exist, and should be destroyed.
(Note I'm not addressing the question of how you determine who should be killed....)
First off, do NOT follow the advice of all the idiots saying to use scp -c none. That will not encrypt your password, despite all the uninformed claims to the contrary. The encryption type is determined during the initiation of the connection. The password is simply part of the data, sent later. (If anyone chooses to dispute this, please provide evidence to back up your claims.)
Second, if you can afford some slowdown, use -c blowfish. The default is usually 3DES, which is incredibly slow. Blowfish is 11 times faster.
Finally, if you have some control over what applications are installed at each end, look into SafeTP. It encrypts the password, but not the data. Exactly what you asked for.
Some (international) keyboards don't have a "~" on them, which means the users have to type %7e instead. It's enough of a nuisance that some people avoid it by giving direct paths.
While we'd all like to think that linux never crashes, it simply isn't true. Here it crashes fairly often. Yes, it's probably hardware at fault. But it'd really be nice to know which hardware. Every UNIX I know of has some tools for helping the admin make that determination (seen it on IRIX, AIX, etc). Linux does not.
Related to this is the need to save the kernel panic core dump to the swap partition, and have tools to analyze it. There are projects working on this, but it really needs to be in the mainstream kernel.
Finally, drivers, drivers, drivers! My gf (yes, you can read/. and have a gf) is a long-time UNIX admin. She's just started getting into linux, and is constantly complaining about the lack of drivers, the instability of the software, and various other aspects. And, after adminning some commercial unices, I can see where she's coming from. Drivers would be a good start. (Just to avoid OS flamewars, she got on a Windows box for the first time ever this week, and she doesn't like it either. And no, I don't think she's ever touched a mac.)
Yes, one is enough for a small site that doesn't care much about not losing any incoming email. But for a more serious site, it's necessary to have a backup. Here's why:
Let's say you have some scheduled downtime of your main server. Let's imagine that the downtime lasts more than four hours. Do you want all the senders to get delay notifications?
What if the downtime is worse, due to a total disk failure, for example. It could easily take more than a day to get back online. Many sender systems won't keep trying for more than 24 hours. Wouldn't it be nice if you could have all incoming mail saved locally? Then you could store it as long as you deem appropriate, rather than depending on the sending sites to do so.
Oh, and I suppose you know how to do nonperturbative QCD some other way?
For the uninformed among you, a large portion of experimental [high-energy] physics is writing computer simulations to compare their results to. Experimental results are meaningless if you don't know what you expected to see. The simulations help them understand backgrounds, etc.
First off, congrats to Tony. The locals have been saying it was only a matter of time before he was awarded a Nobel.
Nobel Prize winners should be people whose invention "benefitted the whole mankind". Did these guys theoretical research achieve that?
Do you think the experimentalists would be doing anything other than flailing about without great theorists like Anthony Leggett? In an awards ceremony for Tony in the physics department at UIUC a few months ago, I heard experimentalists telling of how important their interaction with him was. How most of their major contributions to science stemmed from discussions with him. How he'd politely tell them when they were wasting their time (but were welcome to continue, since they might discover something new and unexpected, like that the 0th law of thermodynamics was wrong).
When the condensed matter theory group was moved to a different building, the experimentalists were happy that they'd have theorists walking past their labs. There was even a video [warning, 156M] of them trying to catch the theorists in big nets and force them to do calculations.
When did Physics change from an empirical science into a theoretical one?
Physics has always been about understanding. From my theorist perspective, it pisses me off to see all the experimentalists that get PhDs without having the slightest clue of what they've done. They have something strange happen in an experiment, manage to reproduce it, and they've gotten themselves a PhD. It's then a theorist's job to figure out why. Of course, I'm exaggerating here. I know several good experimentalists.
Now for my own little rant:
Why does everyone constrain physics into Theory and Experiment? What about those of us that do Computational Physics? You know, like lattice QCD? Our work is necessary and important, but I can guarantee it'll never get a Nobel.
Hrmm... now I'm gonna have to listen to one of my friends say "My advisor got the Nobel Prize and yours didn't."
They didn't really say what's triggering it, but the obvious (and dumb) thing to do would be to trigger when it's experiencing 5G's or somesuch (impact). Yeah, you'd protect yourself against the second bounce, but it's probably too late.
Much better would be to trigger when it's in freefall. When you're sitting on a desk, you feel 1G acceleration up. (Gravity is indistinguishable from acceleration, according to relativity.) So the laptop can detect when it's in free-fall, and park the heads. A reaction time of.1s allows it to fall (1/2)g*t^2 = 5cm. A drop of less than 5cm is unlikely to cause significant damage anyway.
Of course, maybe this is what they're doing all along. The article wasn't very specific.
They already have your email address. They'll get your new one when you post to newsgroups, to mailing lists, when your virus-infested friends spew it around the net, and when you register software. Focus on solving the problem (by developing anti-spam software, by lobbying for laws, or by shooting spammers), rather than on trying to find new ways to hide.
Ok, so before some prepubescent/.er tries to correct me...
The value I quoted is for the speed of light in vacuo (no air). In air, light travels about 1.0003 times slower.
And yes, I do mean that number to be exact (there's no decimal places). The second is defined by (IIRC) the time it takes for a certain number of oscillations of a cesium atom, and the meter is defined from that via the speed of light.
The story was forecasting a worm that would infect Windoze boxen via a second RPC DCOM vulnerability. Swen is an email virus, and, while nasty, is nothing like the worm that was being forcasted.
A little reading comprehension would help, guys. There's a big difference between an annoying virus that gives you lots of email and a worm that takes out the internet.
The article gives an example of needing to start 4 things, that each take 10 seconds. That's 40 seconds. But if items 2, 3, and 4 are not dependent on each other, only on item 1, then they can start at the same time, for a total of 20 seconds. That's where they're getting their number of cutting boot time in half.
Anyone else see why this is stupid? Ok, here's a hint: you don't have three processors. Items 2, 3, and 4 will have to compete for CPU time.
Yes, it will be faster. But is it worth spending a day tweaking your settings, rebooting repeatedly in hopes of shortening the time by a tiny fraction that nobody will notice? I think the answer should be obvious. Well, to everyone but those silly Gentoo users, anyway.
This will probably be modded down as flame bait, but I can't resist pointing out what some other OSes have done when crashing:
IRIX will core dump to the swap partition. On the next boot it analyzes this core file, which includes various system logs, etc, and saves useful output in/var/adm/crash. You know you've done a good job when the kernel panic causes a panic, called a double panic. I used to be able to trigger those at will. Hrmm, I should test that on the current release.
AIX summarizes the likely causes of failure (power failure, someone pressed the power switch, or power supply died, etc). I've seen (but do not personally use) a similar thing with IRIX that actually assigns a percentage confidence level to its guess.
Of course, usually you know there was a power failure because your UPS told you so.... I did have one case where we had a very brief outage (or maybe just a brownout). Every machine in the building had rebooted.... except one. That RS/6000 had an eerie log message like "power failure detected". And no, it was not on a UPS. I was rather impressed.
Sadly, I don't know how to get any useful information out of linux. And don't give me crap about it never crashing. I can prove otherwise. Too bad I can't figure out why.... Maybe a kernel developer will read this and copy some ideas from the commercial Unix vendors.
Listserv has the ability to have sub-lists, which might be able to do what you want. The basic idea is that you can tag each message with a word in the subject line, and users can set preferences for whether they want to get those sublists.
For example, you might have LISTNAME-L with sub-lists Humor, Announce, Discuss. Most people would subscribe to Announce, and possibly Discuss. Probably not many to Humor.
In your case, you would probably end up with 24 sub-lists, and every message would have to have an appropriate subject prefix. Users would then subscribe to each sub-list they want to get by setting preferences.
I'm not at all convinced this is better than 24 real lists, though, and it may be worse. But it's an option for you to consider.
"The performance follows a legal case in which composer Mike Batt was forced to pay a six-figure sum to Cage's publishers, who accused him of plagiarising a silent piece of music."
And we thought SCO was bad!
It's rather unfortunate that that article is getting so much attention, considering it's wrong.
The link you provide assumes that Eve can monitor the communications channel and insert/remove messages. Yes, those are the prerequisites for a MITM attack. But those are also precisely the things that quantum crypto protects you against.
The link assumes that photons will be sent in bursts, rather than one at a time. This is not the case. They are actually sent fairly infrequently, in order to avoid the possibility that two could be sent simultaneously. Also, even if more than one were sent, it is unlikely to be helpful to an attacker, since multiple photons would not necessarily have the same characteristics.
The link furthermore makes the assertion that Eve could somehow duplicate a photon. This makes it clear that the author is a CS grad student and not a physics grad student. The Heisenberg uncertainty principle prevents this duplication.
In short, don't believe everything you read... especially if it's on the web.
Yes, it's true, folks. Once when trying to destroy an SGI Indy, I pulled out the processor while it was powered on. Naturally, the machine hung. Screen just kept displaying what it had been displaying. Unfortunately putting the processor back in didn't make it immediately come back to life. It needed a reboot for that.
I vaguely remember someone telling me of a program that did a mail grep: it would do a grep, but message-based rather than line-based. If it found a match, it would show the headers (from, date, subject) so you could pick the ones that were likely matches.
I don't have a link, or even know if such a thing exists, but it sounds very useful for those of us who have plaintext mailfiles.
Please don't use the word "proven" when talking of Bell's inequality. That is simply not the case. The experimenters realize that they have not done this to a sufficient degree, but only for special cases. For example, yes, they can pass a photon through several miles of fiber and send its partner through several miles the other direction, then record the outputs. If they're really separated by miles, and the measurements are made simultaneously, then no information could be passed, right?
Wrong!
They're not really separated by miles -- they're doing this in a lab with a coil of fiber. Furthermore, what constitutes a measurement? Is it when the photons hit the polarizer? When they hit the detector? When the detector writes to the computer's hard drive? When a grad student analyzes the data?
These are not easy questions, and it will be some time before many of the issues are fully resolved.
As a side note, there are also people investigating the possibility that Bell is wrong. Two papers I've been meaning to read for a while are
When backing into a space, your front end swings out a bit. So you have to watch for traffic approaching from behind before you do this. Does the car think to do that? No? Whoops.
Slashdot Mirror
Wow... sounds exactly like how you're allowed to respond with deadly force if attacked with deadly force. Or how you're allowed to respond with deadly force if you see another attacked with deadly force. The precedent is already there in human relations, so I don't see a legal problem extending it to computer interactions.
I, for one, am looking forward to the time when people are free to defend themselves (and the rest of the internet) against attacks. Attacked by a worm? Sent spam through an open relay? Take them out! Places that are a threat to the infrastructure do not have the right to exist, and should be destroyed.
(Note I'm not addressing the question of how you determine who should be killed....)
I knew people act stupid when they drink, but acting stupid because you can't drink?
Second, if you can afford some slowdown, use -c blowfish. The default is usually 3DES, which is incredibly slow. Blowfish is 11 times faster.
Finally, if you have some control over what applications are installed at each end, look into SafeTP. It encrypts the password, but not the data. Exactly what you asked for.
Some (international) keyboards don't have a "~" on them, which means the users have to type %7e instead. It's enough of a nuisance that some people avoid it by giving direct paths.
Related to this is the need to save the kernel panic core dump to the swap partition, and have tools to analyze it. There are projects working on this, but it really needs to be in the mainstream kernel.
Finally, drivers, drivers, drivers! My gf (yes, you can read /. and have a gf) is a long-time UNIX admin. She's just started getting into linux, and is constantly complaining about the lack of drivers, the instability of the software, and various other aspects. And, after adminning some commercial unices, I can see where she's coming from. Drivers would be a good start. (Just to avoid OS flamewars, she got on a Windows box for the first time ever this week, and she doesn't like it either. And no, I don't think she's ever touched a mac.)
Let's say you have some scheduled downtime of your main server. Let's imagine that the downtime lasts more than four hours. Do you want all the senders to get delay notifications?
What if the downtime is worse, due to a total disk failure, for example. It could easily take more than a day to get back online. Many sender systems won't keep trying for more than 24 hours. Wouldn't it be nice if you could have all incoming mail saved locally? Then you could store it as long as you deem appropriate, rather than depending on the sending sites to do so.
Oh, and I suppose you know how to do nonperturbative QCD some other way?
For the uninformed among you, a large portion of experimental [high-energy] physics is writing computer simulations to compare their results to. Experimental results are meaningless if you don't know what you expected to see. The simulations help them understand backgrounds, etc.
PS: nice physics joke there.
Nobel Prize winners should be people whose invention "benefitted the whole mankind". Did these guys theoretical research achieve that?
Do you think the experimentalists would be doing anything other than flailing about without great theorists like Anthony Leggett? In an awards ceremony for Tony in the physics department at UIUC a few months ago, I heard experimentalists telling of how important their interaction with him was. How most of their major contributions to science stemmed from discussions with him. How he'd politely tell them when they were wasting their time (but were welcome to continue, since they might discover something new and unexpected, like that the 0th law of thermodynamics was wrong).
When the condensed matter theory group was moved to a different building, the experimentalists were happy that they'd have theorists walking past their labs. There was even a video [warning, 156M] of them trying to catch the theorists in big nets and force them to do calculations.
When did Physics change from an empirical science into a theoretical one?
Physics has always been about understanding. From my theorist perspective, it pisses me off to see all the experimentalists that get PhDs without having the slightest clue of what they've done. They have something strange happen in an experiment, manage to reproduce it, and they've gotten themselves a PhD. It's then a theorist's job to figure out why. Of course, I'm exaggerating here. I know several good experimentalists.
Now for my own little rant:
Why does everyone constrain physics into Theory and Experiment? What about those of us that do Computational Physics? You know, like lattice QCD? Our work is necessary and important, but I can guarantee it'll never get a Nobel.
Hrmm... now I'm gonna have to listen to one of my friends say "My advisor got the Nobel Prize and yours didn't."
Much better would be to trigger when it's in freefall. When you're sitting on a desk, you feel 1G acceleration up. (Gravity is indistinguishable from acceleration, according to relativity.) So the laptop can detect when it's in free-fall, and park the heads. A reaction time of .1s allows it to fall (1/2)g*t^2 = 5cm. A drop of less than 5cm is unlikely to cause significant damage anyway.
Of course, maybe this is what they're doing all along. The article wasn't very specific.
They already have your email address. They'll get your new one when you post to newsgroups, to mailing lists, when your virus-infested friends spew it around the net, and when you register software. Focus on solving the problem (by developing anti-spam software, by lobbying for laws, or by shooting spammers), rather than on trying to find new ways to hide.
The value I quoted is for the speed of light in vacuo (no air). In air, light travels about 1.0003 times slower.
And yes, I do mean that number to be exact (there's no decimal places). The second is defined by (IIRC) the time it takes for a certain number of oscillations of a cesium atom, and the meter is defined from that via the speed of light.
For those who care, the speed of light is exactly 299,792,458 m/s.
Just to alleviate some of the panic, RedHat boxes are safe.
A little reading comprehension would help, guys. There's a big difference between an annoying virus that gives you lots of email and a worm that takes out the internet.
Anyone else see why this is stupid? Ok, here's a hint: you don't have three processors. Items 2, 3, and 4 will have to compete for CPU time.
Yes, it will be faster. But is it worth spending a day tweaking your settings, rebooting repeatedly in hopes of shortening the time by a tiny fraction that nobody will notice? I think the answer should be obvious. Well, to everyone but those silly Gentoo users, anyway.
From Sep 2: If You Drop It, Should You Eat It? Scientists Weigh In on the 5-Second Rule.
IRIX will core dump to the swap partition. On the next boot it analyzes this core file, which includes various system logs, etc, and saves useful output in /var/adm/crash. You know you've done a good job when the kernel panic causes a panic, called a double panic. I used to be able to trigger those at will. Hrmm, I should test that on the current release.
AIX summarizes the likely causes of failure (power failure, someone pressed the power switch, or power supply died, etc). I've seen (but do not personally use) a similar thing with IRIX that actually assigns a percentage confidence level to its guess.
Of course, usually you know there was a power failure because your UPS told you so.... I did have one case where we had a very brief outage (or maybe just a brownout). Every machine in the building had rebooted.... except one. That RS/6000 had an eerie log message like "power failure detected". And no, it was not on a UPS. I was rather impressed.
Sadly, I don't know how to get any useful information out of linux. And don't give me crap about it never crashing. I can prove otherwise. Too bad I can't figure out why.... Maybe a kernel developer will read this and copy some ideas from the commercial Unix vendors.
For example, you might have LISTNAME-L with sub-lists Humor, Announce, Discuss. Most people would subscribe to Announce, and possibly Discuss. Probably not many to Humor.
In your case, you would probably end up with 24 sub-lists, and every message would have to have an appropriate subject prefix. Users would then subscribe to each sub-list they want to get by setting preferences.
I'm not at all convinced this is better than 24 real lists, though, and it may be worse. But it's an option for you to consider.
"The performance follows a legal case in which composer Mike Batt was forced to pay a six-figure sum to Cage's publishers, who accused him of plagiarising a silent piece of music." And we thought SCO was bad!
The link you provide assumes that Eve can monitor the communications channel and insert/remove messages. Yes, those are the prerequisites for a MITM attack. But those are also precisely the things that quantum crypto protects you against.
The link assumes that photons will be sent in bursts, rather than one at a time. This is not the case. They are actually sent fairly infrequently, in order to avoid the possibility that two could be sent simultaneously. Also, even if more than one were sent, it is unlikely to be helpful to an attacker, since multiple photons would not necessarily have the same characteristics.
The link furthermore makes the assertion that Eve could somehow duplicate a photon. This makes it clear that the author is a CS grad student and not a physics grad student. The Heisenberg uncertainty principle prevents this duplication.
In short, don't believe everything you read... especially if it's on the web.
I felt like such a failure.
Uhh... this is 2003, right? And your dates are in 2005? That's more than 7 months away....
I vaguely remember someone telling me of a program that did a mail grep: it would do a grep, but message-based rather than line-based. If it found a match, it would show the headers (from, date, subject) so you could pick the ones that were likely matches.
I don't have a link, or even know if such a thing exists, but it sounds very useful for those of us who have plaintext mailfiles.
Wrong!
They're not really separated by miles -- they're doing this in a lab with a coil of fiber. Furthermore, what constitutes a measurement? Is it when the photons hit the polarizer? When they hit the detector? When the detector writes to the computer's hard drive? When a grad student analyzes the data?
These are not easy questions, and it will be some time before many of the issues are fully resolved.
As a side note, there are also people investigating the possibility that Bell is wrong. Two papers I've been meaning to read for a while are
When backing into a space, your front end swings out a bit. So you have to watch for traffic approaching from behind before you do this. Does the car think to do that? No? Whoops.