Ever see a self-winding watch? Usually they use an off-center weight that spins around to wind a spring. Saw one 8 years ago that spun a magnet through a coil of wire to charge a capacitor. Neat stuff, but you have to wear the watch every day or it will wind down.
Ok, first of all, when I go to the site, I see 17 attacked machines, all of which are Win2000. It doesn't show any linux defacements. Did the writer of the article just make this up? or has the site just been massively updated?
Why is everyone surprised? The only means of data storage that has been tested to last 100+ years is to write it out to paper. For extremely critical stuff, it's typically printed in a small font on acid-free paper, then stored in a climate-controlled vault.
Spamassassin > v2.50 supports Bayes, right? But TFA seems to imply that it's just heuristic. I'd be interested in seeing how spamassassin improves with a good training set.
Also, what's with keeping the spam threshhold score secret?
Obviously any half-decent virus-scanner can tell that this is sobig.f, and they know that it spoofs the headers. Why auto-reply? Free advertising! Most users will say "ooh... we should get that for our company" rather than saying "what crappy software that is that spams the wrong people".
Makes me wonder... the antivirus companies are knowingly and willfully causing a DDoS of spam to our accounts. Can they be sued at $50/message for that?
Actually, the problem is that when the device *does* break, it heats up a LOT. That means that the liquid nitrogen is no longer a liquid. It vaporizes so quickly that you have to have a pressure-release valve to avoid an explosion. Assuming your device doesn't melt, cooling it back down again is a lenghly process.
They have these sorts of issues at particle accelerators, like at Fermilab.
I did forensics on a buncha machines that were cracked, and the intruder had patched them all. The reason it was discovered was that the patching had broken some critical services, making the machines inoperable.
How can we be sure it's benevolent?
On that cluster, I also found a back-door.... The idea was that the admin would think the machines hadn't been compromised, since all patches were installed. Additionally, even if it was discovered that they were patched, it might be assumed that the intruder was benevolent.
Reality: there is no such thing as a benevolent system compromise.
Ok, the article says half are the fault of third-party apps, and the title says half are the fault of the OS. I've got a linux box that's crashing due to flaky hardware. Which half does that fit under?
Just pointing out that it's poor journalism to assume that all of the other half must come from the same source (M$).
Microsoft tested Windows NT 4.0 and Windows NT 4.0 Terminal Server Edition. These platforms are vulnerable to the denial of service attack however due to architectural limitations it is infeasible to rebuild the software for Windows NT 4.0 to eliminate the vulnerability.
Well, we patched what we could, and moved most critical services to Linux, but there's still one or two machines running NT. And it's only a matter of time before some luser slips a copy of this worm past our firewall....
Considering the amount if infrastructure that depends on NT4, doesn't this intentionally put the US at greater-than-necessary risk? I'd be fun to see M$ tried under the new anti-terrorism laws.....
I knew a guy (I'll be nice enough not to name him) who discovered a dead drive and took a multimeter to it. Found the power wasn't making it past the power connector. There was a tiny surface-mount resistor that was serving as a fuse. He replaced that, and got the data back. Much cheaper to pay for a $.01 part than a replacement drive.
Breeding allows us to enhance the "good" genes while getting rid of the "bad" ones. Cloning doesn't allow for improvement. So until they start messing with genetic modifications (which will probably lead to a lot of screwed-up horses), I doubt clones are going to be winning many races.
But then it ruins the the day again when you start waving it around floppy disks or if you leave it near a CRT and you screw up the tube's focus.
No, they aren't really strong enough to damage anything. Magnetize it so it's just barely strong enough to hold a single screw. It really makes your life a LOT easier.
An alternative is to gum up the end of your screwdriver with something sticky. That way screws will stick to it. But personally I prefer the magnetic approach.
I've seen companies that don't let employees use their work email address (which the company pays for) for personal email.
Also seen companies that claim they own the frequent-flier miles that employees accumulate, since they paid for the tickets.
Seems like an unpleasant work environment. They'd probably do better to let the employees make use of things that don't cost the company extra. Certainly helps morale, which in turn helps productivity.
An important criteria is how good the match is. If members can get higher up on the list, even though they aren't the best match, then there's a decent chance their bodies will reject the transplant and the organ will be wasted.
I'd like to see something like a scoring system, where the preference is still there, but doesn't outweigh the facts of the situation.
Now for the rant: anyone think this is like affirmative action? All things being equal, it's ok to help minorities. But stop giving all the scholarships to idiots, please!
Donald Knuth offered to pay a penny for the first bug found in TeX, 2 cents for the second bug, 4 for the third, etc. He has so far paid out $327.67. The finder of the next bug will receive $327.68. See here for details.
The interesting thing, of course, is that so few bugs have been found. Imagine if M$ had this policy!
Once got an (800) number. Told my computer there was a BBS at the other end. Then left for the day. It probably dialed them a few thousand times.
Also once ordered toner cartriges. Got a shipment worth $400 or so sent out to a university (and told them to bill us for it).
The trick to dealing with spammers is that everyone has to respond to the ads. If everyone responds, they'll never be able to filter the legitimate responses from those of us who are making up fake info because we're pissed.
They were always using the retail version as a beta-test for the enterprise version. Lots of bug reports came in from a wide variety of sources, and they could fix them and therefore provide a more stable enterprise edition. Without the retail set, I expect their enterprise edition to drop in quality.
I'm a sysadmin in an organization that has one of everything (Linux/AIX/MacOS9&X/IRIX/Win*) and we'd like to have our users remember just one password to get on all the machines. We've been using a combination of NFS/Samba/Netatalk for the filesharing, and NIS/ServicesForUnix for the authentication. But this is getting really messy. Any suggestions from the/. crowd?
On the other hand, many of the backdoors I've seen recently have been incorporated into the Makefile. If you get a binary distro, you're completely safe.
Yes, reading every line of code would be nice, but let's try to be realistic here. A malicious programmer could just put an off-by-one error in somewhere to leave themselves a backdoor.
To get things back on topic, where are comparisons to.tardist or to encaps?
Also, information can move faster then light in the right conditions. For instance, if we built a long stick to europa or whatever, we could tap out morse code before any light could arrive
Incorrect. The tapping is basically a vibration. And that vibration will travel no faster than the speed of light.
Any reason you think the fridge will be humid? Everyone knows that air-conditioning removes humidity... and a fridge is just a big air conditioner.
The hard part will be getting wires into the fridge for power/networking. Also, I'm not sure the wireless will work so well from within a fridge (think of shielding effects).
Whenever I modify a system file, say/etc/ntp.conf, I leave a copy of the original as/etc/ntp.conf.orig. This allows people to trace what's been changed.
Build trees are always left in/usr/local/src, sometimes with explanatory notes.
Updates/changes to the system that users might notice are logged in/var/adm/ChangeLog.
The base system comes from an install script, which is available to admins. I also have been known to generate a.ps file documenting the system. (This came from a perl script that generated a TeX file.)
Modifications to code always include my last name so they're easy to find.
I'm currently learning troff so I can write manpages documenting the local system.
Anyway, mostly standard stuff. The hard part is documenting the documentation. It's amazing how much documentation I have, that nobody would ever find!
Slashdot Mirror
Ever see a self-winding watch? Usually they use an off-center weight that spins around to wind a spring. Saw one 8 years ago that spun a magnet through a coil of wire to charge a capacitor. Neat stuff, but you have to wear the watch every day or it will wind down.
Ok, first of all, when I go to the site, I see 17 attacked machines, all of which are Win2000. It doesn't show any linux defacements. Did the writer of the article just make this up? or has the site just been massively updated?
Why is everyone surprised? The only means of data storage that has been tested to last 100+ years is to write it out to paper. For extremely critical stuff, it's typically printed in a small font on acid-free paper, then stored in a climate-controlled vault.
Also, what's with keeping the spam threshhold score secret?
It says "LVM first surfaced in the 8.0 release of Red Hat Linux", but I'm using it under RH7.3, so....
Makes me wonder... the antivirus companies are knowingly and willfully causing a DDoS of spam to our accounts. Can they be sued at $50/message for that?
They have these sorts of issues at particle accelerators, like at Fermilab.
I did forensics on a buncha machines that were cracked, and the intruder had patched them all. The reason it was discovered was that the patching had broken some critical services, making the machines inoperable.
How can we be sure it's benevolent?
On that cluster, I also found a back-door.... The idea was that the admin would think the machines hadn't been compromised, since all patches were installed. Additionally, even if it was discovered that they were patched, it might be assumed that the intruder was benevolent.
Reality: there is no such thing as a benevolent system compromise.
Just pointing out that it's poor journalism to assume that all of the other half must come from the same source (M$).
Microsoft tested Windows NT 4.0 and Windows NT 4.0 Terminal Server Edition. These platforms are vulnerable to the denial of service attack however due to architectural limitations it is infeasible to rebuild the software for Windows NT 4.0 to eliminate the vulnerability.
Well, we patched what we could, and moved most critical services to Linux, but there's still one or two machines running NT. And it's only a matter of time before some luser slips a copy of this worm past our firewall....
Considering the amount if infrastructure that depends on NT4, doesn't this intentionally put the US at greater-than-necessary risk? I'd be fun to see M$ tried under the new anti-terrorism laws.....
Worms are just the internet's way of Darwinism. Every 6 months or so, you have to wake up the masses to the concept of patching.
Same goes for the really dumb viruses, like the love bug. Notice how they're always spread about 6 months apart?
See you in another 6 months....
I knew a guy (I'll be nice enough not to name him) who discovered a dead drive and took a multimeter to it. Found the power wasn't making it past the power connector. There was a tiny surface-mount resistor that was serving as a fuse. He replaced that, and got the data back. Much cheaper to pay for a $.01 part than a replacement drive.
Breeding allows us to enhance the "good" genes while getting rid of the "bad" ones. Cloning doesn't allow for improvement. So until they start messing with genetic modifications (which will probably lead to a lot of screwed-up horses), I doubt clones are going to be winning many races.
No, they aren't really strong enough to damage anything. Magnetize it so it's just barely strong enough to hold a single screw. It really makes your life a LOT easier.
An alternative is to gum up the end of your screwdriver with something sticky. That way screws will stick to it. But personally I prefer the magnetic approach.
Also seen companies that claim they own the frequent-flier miles that employees accumulate, since they paid for the tickets.
Seems like an unpleasant work environment. They'd probably do better to let the employees make use of things that don't cost the company extra. Certainly helps morale, which in turn helps productivity.
I'd like to see something like a scoring system, where the preference is still there, but doesn't outweigh the facts of the situation.
Now for the rant: anyone think this is like affirmative action? All things being equal, it's ok to help minorities. But stop giving all the scholarships to idiots, please!
The interesting thing, of course, is that so few bugs have been found. Imagine if M$ had this policy!
Also once ordered toner cartriges. Got a shipment worth $400 or so sent out to a university (and told them to bill us for it).
The trick to dealing with spammers is that everyone has to respond to the ads. If everyone responds, they'll never be able to filter the legitimate responses from those of us who are making up fake info because we're pissed.
They were always using the retail version as a beta-test for the enterprise version. Lots of bug reports came in from a wide variety of sources, and they could fix them and therefore provide a more stable enterprise edition. Without the retail set, I expect their enterprise edition to drop in quality.
I'm a sysadmin in an organization that has one of everything (Linux/AIX/MacOS9&X/IRIX/Win*) and we'd like to have our users remember just one password to get on all the machines. We've been using a combination of NFS/Samba/Netatalk for the filesharing, and NIS/ServicesForUnix for the authentication. But this is getting really messy. Any suggestions from the /. crowd?
On the other hand, many of the backdoors I've seen recently have been incorporated into the Makefile. If you get a binary distro, you're completely safe. Yes, reading every line of code would be nice, but let's try to be realistic here. A malicious programmer could just put an off-by-one error in somewhere to leave themselves a backdoor. To get things back on topic, where are comparisons to .tardist or to encaps?
Incorrect. The tapping is basically a vibration. And that vibration will travel no faster than the speed of light.
Any reason you think the fridge will be humid? Everyone knows that air-conditioning removes humidity... and a fridge is just a big air conditioner. The hard part will be getting wires into the fridge for power/networking. Also, I'm not sure the wireless will work so well from within a fridge (think of shielding effects).
-
Whenever I modify a system file, say
/etc/ntp.conf, I leave a copy of the original as /etc/ntp.conf.orig. This allows people to trace what's been changed.
-
Build trees are always left in
/usr/local/src, sometimes with explanatory notes.
-
Updates/changes to the system that users might notice are logged in
/var/adm/ChangeLog.
-
The base system comes from an install script, which is available to admins. I also have been known to generate a
.ps file documenting the system. (This came from a perl script that generated a TeX file.)
-
Modifications to code always include my last name so they're easy to find.
-
I'm currently learning troff so I can write manpages documenting the local system.
Anyway, mostly standard stuff. The hard part is documenting the documentation. It's amazing how much documentation I have, that nobody would ever find!Uhh, cell phone guns are already a reality. The FBI was airports about them. See, for example, this description.
This Doom thing could really freak some people out, especially if combined with good sound effects. ;)