Wash, rinse, repeat as needed. This doesn't make the hits go away, at least immediately, and it's probably only marginally more efficient than the 404 result that you'd ordinarily get, but at least it sends the traffic back where it came from. Since applying these rules the load on the servers I look over has fallen off nicely.
I would think that a properly patched & maintained copy of IIS should be able to do the same thing, or similar, but I don't know what the syntax would be.
404 Not Found. Actually the domain isn't even found. nyuk nyuk nyuk
Less kiddingly, I've written a couple of scripts to let me know how much we're getting hit (something like 20,000 accesses on the two servers I have access to) and where the hits are coming in from, sorted by frequency of hits. If someone is collecting the data I can extract whatever seems relevant and pass it along as part of the same script (...or at least I can next week).
...and while you're at it, save yourself the fifty cents (four dollars if you're at Starbucks) and go right to the refills, too. Saves both your heart *and* your wallet!:)
I've heard (from a former employee) that at least some APC uninteruptable power supplies are little more than a metal case full of standard D cell batteries -- lots and lots of D batteries.
I'm not sure if this is the case for the big ones that would power a rack of servers or whatever, but apparently it's true for the ones you'd put under your desk for personal use.
Assuming that's true, I don't see why laptop power supplies should be any different....
The problem isn't really the SSL based tools, so much as the fact that they do a lot to help you but they don't make it impossible to do traffic analysis. The security focus writeup refers to a much longer paper on the subject, and though that paper is specifically about SSH (and password guessing, and guessing at the commands you're entering over a secured session), the authors also note that:
It should be noted that, despite their simplicity, traffic analysis attacks such as those presented in this advisory haven't been well researched. We expect that similar attacks are possible against most other "secure" (encrypted) remote login protocols. We also expect additional traffic analysis attacks on SSH to be discovered. In particular, there may be recognizable patterns in X11 connections forwarded over SSH, but these are out of the scope of this advisory.
So in other words, the strategies they describe here for attacking SSH could be equally effective for most any asynchronous network protocol where you could try to infer information from the rhythm of the rate of data transfer. Further, there is ultimately no general solution, only incremental defenses against the general strategy:
Solving traffic analysis vulnerabilities not related to password information would increase the protocol overhead significantly, and thus doesn't seem practical for many current uses of SSH.
So, as is often the case, if you want perfect security you can only have it at the expense of tremendous overhead, and ultimately you have to decide how far you want to take your defense against chaos theory before deciding that you just have to accept a certain degree of risk. Ultimately, there is no defense and you always have to accept that risk.
PHP is nothing more or less than an open source ASP. Both of these languages provide basically the same functionality and come from basically the same philosophy (embed logic in html comments). It may be a better implementation of the same idea, but that's just it -- it's the same idea.
As for Apache, it's excellent software and I'm constantly impressed by what it can do so well, but you yourself say what I'm saying: Apache is nothing more nor less than a better implementation of the ideas presented by an older application. A much better implementation as the case may be, but still playing off the same theme. The open source project isn't doing anything new, it's just doing old things better.
Moreover,
serving HTTP is really no big deal. The whole protocol consists of half a dozen or so commands, and all of them are fairly straightforward to implement because you're mainly just handing everything off to another program (either the OS to retrieve a file, or an external program to generate data in the case of CGI & friends). Apache provides a good, loose framework for people to plug in modules that play off this idea, but at core it's still almost all just simple HTTP/get and HTTP/post transactions. I can't really think of any http-servers that are going much beyond this. One obvious extension is to bind the server to a database backend, and there are various servers that do this, but even still that isn't anything groundbreaking.
I hate to say it, but Microsoft's.NET plans, even if they sound like glorified XML-RPC over HTTP, are really the only significant extension of the idea that I'm aware of, even if it's all mainly vaporware at this point. Similarly, some of the things they're doing with Exchange are far more interesting than what Sendmail can provide (all the calendaring etc stuff that, aside from being a hive of security holes, is actually useful to several million people).
Partly this is a difference of philosophy: open sourcers, as their unix background would indicate, seem to prefer collections of utilities that en masse provide higher level functionality in a way most useful to individual users, as opposed to the Windows swiss army knife strategy of having one application that does damn near everything for you (Word, Excel, emacs, mozilla...no wait, I'm contradicting myself...:). I can understand the reluctance to produce one big project that does everything the way Exchange does, but really this is the only truly "new" thing being done in it's area (and, as emacs & Mozilla show, it wouldn't be the first time that OS has tried the swiss army approach...).
Maybe the failure to really break new ground is a sign of a mature field. Email isn't all that much more interesting than http, at least on a certain level. Certainly the scripting languages -- both open & closed -- are pretty incestuous beasts, each ripping off the best of what the others can do. And X-Windows? You'd have a hard time getting me to accept that there's much original in there: the network transparency stuff is pretty cool, but under-utilized, and otherwise it's just a strange and baroque implementation of the same Windows, Icons, Menus, & Pointer (wimp) desktop metaphor that has been pretty familiar for 20 years now.
But more than the maturity of the fields, I take it all as examples of how the proprietary world (or perhaps academic, as in the case of things like the NCSA software [that usually end up going commercial & closed anyway]) seems to be able to consistently pump out new ideas, while the open source world seems to be good at taking these ideas and reworking them into something better. Thus showing, like Tim O'Reilly has been saying and I'm starting to agree with, that the two sides need each other more than the seem to want to admit.
At least some of us knew this all along, but were weighing more than one variable. Long run, I'll place my bets on an open source system like Linux trumping everything else, but this isn't so much the case in the short term.
I hate to have to admit it, but open source has a proven ability to not be able to come up with particularly innovative software. The strength of OS isn't so much in coming up with new things as it is in seeing what others have done well and coming up with a better implementation of the best parts of the same idea: compare anything from the enhanced GNU versions of all the old system utilities up through Linux itself [unix++], the Gimp [photoshop++, or getting there anyway], Gnutella [Napster++], and the recent efforts to clone.NET [c#++]. I have much more faith in the long term success of these efforts than in their proprietary counterparts, but each of them is going to be forever seen as the twinned complement to an earlier, closed source product. I've seen no significant OS project that really bucks this trend, though I welcome anyone to come up with a good counterexample that proves me wrong.
BeOS fit that pattern too. It was closed, and that did mean always having the risk that it wouldn't survive, but it also meant that the company behind it would be trying some truly inventive things. Filesystem as relational database! Memory protection! TCP/IP almost to the core, with an internal client/server structure that hypothetically should have made distributed computing trivial. Pervasive multithreading, preemptive scheduling, yadda yadda yadda, *and* a pretty little interface that drew on the best of what can be found in Macintosh, Windows, and X.
There were a few niggling little holes -- hardware support was always spotty, major updates like OpenGL & BONE networking have been on hold for far too long now, etc -- and this is indeed the drawback of a small company trying to do so much all by itself. You're right -- the possibility that the company would cease to exist & bring the OS down with it was always a threat, and indeed maybe that's what we're seeing here.
But damn it was worth it. Linux beats BeOS for stability, hardware support, etc, but it's nowhere near as slick as a desktop system, even if BeOS is still basically an incomplete product. I was willing to put up with a few glitches and the threat of obsolescence for the chance to work with an operating system this nice.
Nothing else in the proprietary or free software worlds has yet to bring together so many clever ideas into one package, though I'm sure that, like Amiga & NeXT, these ideas will end up being diffused into the rest of the operating systems world over the next decade or so. Running BeOS is like using that system of the future now, without having to wait for the [hopefully inevitable] superior but derivative free software clone to follow in a few years.
Telling a BeOS fan that these sorts of dangers of implosion exist is a bit like telling an early aviation or NASA engineer that there are dangers in their fields. You might be right, but we don't care -- you're going to have to do better than that to dissuade us...:)
I've heard -- and this may be apocryphal so please correct me if I've got this wrong -- that the narcotics that we all know and love had an interesting evolution over the course of the last 150 years or so.
Apparently, it seems that in the early 1800s, there was a general problem with people smoking too much opium, so people came up with a supposed cure for it -- morphine! Of course in hindsight this wasn't any better than opium, but at least it had a pain relieving effect so there was some medical use for it (and still is). Sure enough, former opium smokers got hooked on morphine, and a new cure was needed. What did we get? Heroin! This was much worse, had no worthy side effects, and has generally been a huge headache ever since. What was the solution? Go cold turkey? Of course not, we came up with yet another new drug -- methadone. This one seems to have the great benefit of not being worse or more addictive than it's predecessor, but that just means that people don't want to stop using heroin in favor of methadone, so while methadone may not be worse, it does little good either.
Like I say, this may not actually be true, but I think it illustrates the point very well. Even if it isn't true, there are still similar examples all over the place -- people that give up cigarettes for nicotine gum, etc.
This sort of suggestion has the same critical flaw: it might look good on paper, but in practice you're just trading one nasty thing for another. Sending out a benevolent trojan sounds like a nice idea, but how do you know that it'll be benevolent anyway? Are you sure it isn't going to be vulnerable to some flaw that will do more harm than good? You've checked all your buffers and are careful in what your program accepts and strict in what it sends out? Moreover, you're confident that, even if it *is* perfectly benign (which, let's be honest, is a tricky assertion at best, and very hard to verify) once it's out in the wild can you guarantee that your code isn't going to get hijacked by someone less saintly or all-knowingly proficient as you surely are?
I doubt it.
These sorts of proposals sound nice but are fraught with danger and likely to come to a bad conclusion, both technically and, let's not forget, legally. This sort of idea comes up every now and then -- K5 is debating it right now, too -- but it's never a good idea and in practice it will never reliably work. It's clever & tempting, but raises more problems than it solves, just like trading morphine for heroin...
We're not allowed to hit rock bottom until Ep3 comes out, unfortunately.
Anyone know where one could get a copy of "Phantom Edit"? I was pleasantly shocked to find out that Amazon has "George Lucas In Love", so why not this too?
On the same note, will someone be ambitious enough to produce an "Edit of the Clones" in advance so we can skip seeing Lucas' take on the story? I think it would save us all a precious 2 hours from our lives...
I've been following this pretty closely, as the company behind my pet favorite OS has, at least as far as the conventional wisdom goes, been steadily going down the tubes all year now. Random observations, no particular order:
Though people ask for it continually, people in the know, such as _BeOS Bible_ author Scot Hacker, have repeatedly said that an open source version of BeOS will basically never happen. The system depends on licensed code that Be apparently couldn't give away even if they wanted to. I'd like to see this happen as much as everyone else, but don't count on it ever happening.
New math department: according to The Register, Be's recent financial reports indicate that revenues are up over 600 percent. Thus proving that 600% of nothing is still, well, nothing.
Supposedly, somewhere on beosradio.com, a ready to ship copy of BeOS r6 has been presented to CEO Jean Louis Gasseee. Various interesting takes on this one. Supposedly development on the desktop OS had basically halted, with all effort going into the IA version, so it would seem that there isn't enough code to be worth releasing a new version of the desktop OS. This is a shame, because a couple of useful components -- BONE networking, OpenGL graphics, etc -- were apparently under development before the switch to the IA focus, and it isn't clear if these components were then or are now ready for prime time. It could be a move to just get out one last version in whatever state it may be in, or there could actually be some new developments that haven't been publicized.
Discussion at BeGroovy suggests that, among other things, this Palm press release would indicate that they're the likely buyed, while another commenter suggests, supposedly on good authority, that Sony is the likely buyer and they're already feeling out where they would want to go with Be & its technology. Then again, a a followup to that said that, at least as far as releasing BeOS6, he was full of it, and that the only developer working on BONE has been on an extended vacation anyway. Finally, one commenter noted that the final issue of BeDope ["Be's own Onion" --me.] had anticipated all of this months ago. Hrm....
Over at BeNews, there was yet another link to the Reg article and a whole lot of discussion, generally going nowhere as these forums are wont to do, throwing out speculation that the buyer -- if there even is one, don't forget that this is still just a rumor -- could be any of Palm (they seem to like that idea; I'm not sure I see it but hey whatever), Gobe (developer of Be software -- seen as unlikely as they probably don't have much more cash than Be does), AOL, Compaq, Sun (now *that* would be a nice Network Computer...), Symbian, QNX (why?), Apple (doubt it), Microsoft (pretty sure that was a joke...) (too bad...), Amiga (ok that was definitely a joke), IBM, Hitachi, Samsung, Nokia, Transmeta, Intel, Red Hat (we're pretty safely into wild speculation territory at this point), SGI (see? completely off the wall, these people have no idea what they're talking about), QSSL (bonkers), DoCoMo (two unprofitable ideas that lose money together!), Wind River (who?), Ericsson, etc. Mostly this is all silliness. Towards the end of the conversation, a commenter notes that over on Yahoo's forums, the rumor has been confirmed (by who?), that the stock price is expected to shoot up (whoa, a whole dollar! golly!), and there will be an after hours announcement. Keep in mind however that, not so long ago, a 15 year old kid had such financial forums in the palm of his hand with his "expert" advice, so take that with the appropriate amount of salt. Still, something to watch for anyway.
Meanwhile, *checks* yes, Be's own press page hasn't been updated since May 17. No help there...
Hopefully all those links work, if not I apologize. I'm just summarizing the various pages that I've skimmed over the course of today. If there's any truth to the Yahoo rumors, there could be confirmation of this as soon as tonight. Though it would be sad to see the company shut down or swallowed whole, a lot of people have seen this coming for a long time, and it would be nice to have some resolution of the situation. BeOS is some great consumer computing technology, and I hope very much that it has a future. Perhaps we're about to find out if that is the case...
Plus there is a little matter of keeping ads apart from editorial material, which is one of those silly ethics things only journalists who care about their personal integrity may notice, but that upset us to the point of irrationality when we spot them.
Okay, who's the wise guy that told Rob about "ethics" and "integrity", eh? When did he learn about this? Has he put his new found knowledge of these fancy terms to actual use on, Slashdot, or does he just get in a huff when he sees other people violating them?
So much has changed here -- serves me right for skimming recently...:)
I love it -- the editor of a site with the profesisonalism of a high school 'zine writer complaining [even if validly] about some a company's lack of professionalism.
Pot, meet kettle. You two will get on grandly...:)
Do you have a better URL? The one given -- for the SAP-Shop -- doesn't have a clear way to get to the database. Is it SAP Knowledge? Is it SAP Merchandise? I SAP Don't Know, and I SAP Can't Find The Damn Thing.
Following the SAP Merchandise seems to be presenting me with a bunch of SAP Souveniers, not SAP Products (yay, I can buy a SAP Pin or a SAP CD Pouch), and the only promising link -- software! -- leads to a page of...clothing.
Searching for SAP DB brings me to a list of which the 4th item is -- huzzah! -- an actual product description that seems to be exactly what I'm looking for. However, there is only one link on this page, and it points...back to the damn Shop page.
Do you have any idea what program is is that's running this? I'm running a Toshiba Satellite Pro 4300 that came with WinNT and a handful of apps that Toshiba provided (monitoring the battery, the pc-port, etc). I'm very curious what application is doing the communicating here. What other info do you have? Let me know in more detail -- by email if you'd like -- and I'd be glad to help figure out if it's just your laptop or if others in the same product line (i.e. my computer) are doing the same thing. Grab a list of running processes, services, etc. so we can look for anything suspicious...
An open source conference for which the presentations are primarily available as PowerPoint Slides.
God I hate PowerPoint. What awful, awful software.
There was a great article about it in the May 28 issue of The New Yorker, but their website is impossible to use (tiny fonts, no search feature, and spotty access to the archives) and Google can only get me as far as this snippet. Still, it gets the idea across:
"PowerPoint, which can be found on two hundred and fifty million computers around the world, is software you impose on other people," Ian Parker writes in "Absolute PowerPoint." Its use has become so pervasive, Parker suggests, that it is changing the way we think, not just about work but about life. One defense-industry consultant, Parker reports, put together a presentation entitled "Family Matters," when her daughters weren't cleaning up their bedrooms or doing their chores. It ran to eighteen pages. "The briefing was given only once, last fall," Parker writes. "The experience was so upsetting to her children that the threat of a second showing was enough to make one of the...girls burst into tears." This may be extreme, but it is not unusual. "PowerPoint also has a private, interior influence," Parker contends. "It edits ideas. It is, almost surreptitiously, a business manual as well as a business suit, with an opinion -- an oddly pedantic, prescriptive opinion -- about the way we should think." This was not the intention of the programmers, who originally designed PowerPoint to "get rid of the intermediaries ---graphic designers --- and never mind the consequences," Parker writes. As the use of PowerPoint spread, though, its programmers began to tinker with the content as well as the form of presentations. "We said, 'What we need is some automatic content!'" one former Microsoft developer tells Parker. "'Punch the button and you'll have a presentation.'" And the name that was chosen for this feature --- AutoContent --- "was meant as a joke," Parker reports. "But Microsoft took the idea and kept the name --- a rare example of a product named in outright mockery of its target customers."
Why people use PowerPoint over sadly unknown but clearly superior alternatives -- from simple HTML pages to WimpyPoint to full blown Flash movies -- is completely beyond me. None of the three alternatives above suffers PowerPoints drawbacks: hugely bloated (ever try to put a presentation on a floppy? Hah!), fiercely constraining, and most importantly in this context (again, this rant was launched because of the presentations at an Open Source conference), spawn of the Beast From Redmond.
So, why use it? I see no benefit.
Gah....
Anyway, I'd love to see these slides, but there's no way in hell I'm installing that damned software for it. Too bad that the Open Source speakers didn't think of the Open Source users....
I use almost the same trick -- the WinNT hosts file (c:\winnt\system32\drivers\etc\hosts on my work computer, may vary slightly for other versions) maps identified ad servers to localhost, and a local Apache server handles all the newly broken hits.
One slight twist though -- rather than serving up an image, I have a 404 handler that dumps all the environment variables, starting with the "server name". As a result, rather than the ad, I get an ad-shaped message indicating, among other things, who was trying to serve the ad & what the referrer was (other data is usually truncated, but that's okay).
It's nice to see those little message -- ooh, Doubleclick was blocked out again...:)
...you seem to be talking more about messing around with the software in order to better support left-handed usage, but it's worth noting that the hardware is at least as important.
When I was shopping around for a PDA a couple of years ago, I ended up going with the Palm V primarily because at the time it was the only one that seemed friendly to ambidextrous usage. All of the other Palms -- and all of the assorted WINCE devices -- were very heavily biased towards right-handed usage.
On the Palms, the issue was mainly that the stylus had to go on the right (which I could deal with, but being able to put it on the left is a nice touch that at the time only the Palm V offered; now many of the Palms are using that form factor). On the Windows ones though, damn near every one of them had various hardware buttons that were designed to be tapped with your fingers while being held in your right hand, and holding the device in your left hand would cause you to accidentally tap them regularly.
Why such a basic ergonomic issue as handedness gets ignored for PALMtop computers, especially among the WinCE ones, is a total mystery to me. It isn't really much of an issue with other formats (desktops, laptops), but it seems critical with PDAs, and a glaring oversight that continues to be ignored.
But, like I say, this doesn't seem to be quite what you're asking about -- it sounds like you already have a PDA. Still, if you're shopping for a new one, it's worth having handedness in mind when trying new ones -- unless things have changed drastically in the past couple of months, the hardware makers still seem to be screwing this one up.
Actually, the whole series of articles seems to be available. The issue with this supplement came out a couple of weeks ago, and I'm still just starting to look though it. Interesting stuff.
The series. Some articles are short -- a couple paragraphs -- but most are pretty in depth, like "Computing Power On Tap" as linked to above:
Sorry if I was being a wiseass with the not-first-post. I'm interested in the subject, and was disappointed that no one had commented yet. I browse via the search page now just so that all the articles that never make it to the front page don't slip through; often they're more interesting & the discussion is at a more interesting level. Or not, this is Slashdot after all. Anyway...
This story was submitted 3 or 4 hours ago, during this robust time of mid-afternoon EDT "surf don't work" time, and yet there is still no lame FRIST PROST posts.
The world has gone mad, unplugged, and I am for some reason the only person able to access Slashdot.
mod_perl? It's more advanced than anything I've done personally, but apparently mod_perl makes it pretty easy to embed Perl code into your Apache configuration files. I don't see why you couldn't use that mechanism to block a given user agent on a given day of the week, if that's what you really wanna do...
...had an interesting observation about this in the May issue of Cryptogram.
Passwords. You can't memorize good enough passwords any more, so don't bother. Create long random passwords, and write them down. Store them in your wallet, or in a program like Password Safe. Guard them as you would your cash. Don't let Web browsers store passwords for you. Don't transmit passwords (or PINs) in unencrypted e-mail and Web forms. Assume that all PINs can be easily broken, and plan accordingly.
Keeping a strong enough password is an uphill battle that really can't be won, because the cracker's tools are going to keep getting better at a rate faster than users can be reasonably expected to remember them. Even your elite haxxor mixed case alpha / numeric / symbolic max length password can't stand up to the scrutiny if someone with the right tools wanted it badly enough.
Your best bet is to make it reasonably obscure & just try to prevent the casual cracker from getting it. The casual cracker had meant someone enterprising enough to look for a post-it note, but with the tools getting better the barriers to entry are falling, to the point that you don't know that some little snotnosed 13 year old with a downloaded rootkit (or Back Orifice, or whatever) couldn't count as "casual" these days.
"You can't win, but there are alternatives to fighting..."
i have a development 8.1.6 server that has been up and getting hammered for almost a year now without a reboot or a restart or oracle.
So, wait, you've had an 8.1.6 "what" server running? I thought you were talking about Oracle, but apparently not. Lots of us have had that sort of stability without Oracle. Are you implying something else </cheap-joke-not-that-funny-sorry>
Ahh, but you neglect to mention that that "fan" is rumored to be none other than Kevin Smith (though now when I look at that page, a month later, it says that he denies it. Still...).
EditorsNet.com has an interesting new story today with some interesting links. It was found by Brian G. and certainly sounds interesting:
A mysterious video cassette containing a re-edited version of George Lucas' "Star Wars Episode I: The Phantom Menace" has started circulating around Hollywood. Called "Star Wars Episode I.I: The Phantom Edit," the "special corrector's edition" challenges the vision of the original film. According to posts on an online Phantom Edit discussion forum, "The Phantom Edit" represents a better version of the story than the version that was released in May 1999, which has inspired strong negative feelings in many dyed-in-the-wool Star Wars fans -- including one dissatisfied fan who created a forum on the Internet called "Jar Jar Sucks So Hard I Can't Stand It!" The Razzies nominated "Phantom Menace" for a whopping seven "worst" awards, including worst picture of the year. (The film "won" for worst supporting actor for Ahmed Best, the voice of Jar-Jar Binks.)
The posts on the online discussion board, which hail from the likes of "TrueJedi," "SW lover" and "wisejedi," range significantly in subject matter. Some posts are desperate pleas for ideas on how to get a copy of "The Phantom Edit." Some delineate the differences between the original and the unauthorized re-edit. And some muse on the possible identity of "The Phantom Edit's" mysterious auteur. Many suggest that the new cut is the handiwork of filmmaker Kevin Smith ("Clerks," "Dogma").
Update wild_karrde chimes in:
Don't know if you guys heard this yet or not, but newsaskew.com contacted Kevin Smith about "The Phantom Edit", and while he said he had nothing to do with it, he confirms that it DOES exist and he has seen it.
The above being a quote of the article from TheForce.net.
It's not pulitzer prize winning writing or anything like that, but I really enjoyed the report Slashdot ran under the headline DirecTV's Secret War On Hackers. I strongly feel that the "best online news story" needn't -- indeed, shouldn't -- be a tech story (there's lots of other stuff out there), but within the genre of tech writing, I thought this was really well done, with a compelling narrative and a description of events that was both easy for the lay person to grasp & accurate enough to keep most of the tech savvy readers happy. It gets my vote.
Heh. I spent a summer working in a CD plant. An ongoing work order had us churning out something like nine million AOL discs over the course of a couple of months. I kept telling them that every single one of the damn things was going to end up in the trash, but they all ignored me. Such a waste -- if only we had these fungi back then...
Slashdot Mirror
Wash, rinse, repeat as needed. This doesn't make the hits go away, at least immediately, and it's probably only marginally more efficient than the 404 result that you'd ordinarily get, but at least it sends the traffic back where it came from. Since applying these rules the load on the servers I look over has fallen off nicely.
I would think that a properly patched & maintained copy of IIS should be able to do the same thing, or similar, but I don't know what the syntax would be.
nyuk nyuk nyuk
Less kiddingly, I've written a couple of scripts to let me know how much we're getting hit (something like 20,000 accesses on the two servers I have access to) and where the hits are coming in from, sorted by frequency of hits. If someone is collecting the data I can extract whatever seems relevant and pass it along as part of the same script (...or at least I can next week).
...and while you're at it, save yourself the fifty cents (four dollars if you're at Starbucks) and go right to the refills, too. Saves both your heart *and* your wallet! :)
I'm not sure if this is the case for the big ones that would power a rack of servers or whatever, but apparently it's true for the ones you'd put under your desk for personal use.
Assuming that's true, I don't see why laptop power supplies should be any different....
So in other words, the strategies they describe here for attacking SSH could be equally effective for most any asynchronous network protocol where you could try to infer information from the rhythm of the rate of data transfer. Further, there is ultimately no general solution, only incremental defenses against the general strategy:
So, as is often the case, if you want perfect security you can only have it at the expense of tremendous overhead, and ultimately you have to decide how far you want to take your defense against chaos theory before deciding that you just have to accept a certain degree of risk. Ultimately, there is no defense and you always have to accept that risk.
PHP is nothing more or less than an open source ASP. Both of these languages provide basically the same functionality and come from basically the same philosophy (embed logic in html comments). It may be a better implementation of the same idea, but that's just it -- it's the same idea.
As for Apache, it's excellent software and I'm constantly impressed by what it can do so well, but you yourself say what I'm saying: Apache is nothing more nor less than a better implementation of the ideas presented by an older application. A much better implementation as the case may be, but still playing off the same theme. The open source project isn't doing anything new, it's just doing old things better.
Moreover, serving HTTP is really no big deal. The whole protocol consists of half a dozen or so commands, and all of them are fairly straightforward to implement because you're mainly just handing everything off to another program (either the OS to retrieve a file, or an external program to generate data in the case of CGI & friends). Apache provides a good, loose framework for people to plug in modules that play off this idea, but at core it's still almost all just simple HTTP/get and HTTP/post transactions. I can't really think of any http-servers that are going much beyond this. One obvious extension is to bind the server to a database backend, and there are various servers that do this, but even still that isn't anything groundbreaking.
I hate to say it, but Microsoft's .NET plans, even if they sound like glorified XML-RPC over HTTP, are really the only significant extension of the idea that I'm aware of, even if it's all mainly vaporware at this point. Similarly, some of the things they're doing with Exchange are far more interesting than what Sendmail can provide (all the calendaring etc stuff that, aside from being a hive of security holes, is actually useful to several million people).
Partly this is a difference of philosophy: open sourcers, as their unix background would indicate, seem to prefer collections of utilities that en masse provide higher level functionality in a way most useful to individual users, as opposed to the Windows swiss army knife strategy of having one application that does damn near everything for you (Word, Excel, emacs, mozilla ...no wait, I'm contradicting myself... :). I can understand the reluctance to produce one big project that does everything the way Exchange does, but really this is the only truly "new" thing being done in it's area (and, as emacs & Mozilla show, it wouldn't be the first time that OS has tried the swiss army approach...).
Maybe the failure to really break new ground is a sign of a mature field. Email isn't all that much more interesting than http, at least on a certain level. Certainly the scripting languages -- both open & closed -- are pretty incestuous beasts, each ripping off the best of what the others can do. And X-Windows? You'd have a hard time getting me to accept that there's much original in there: the network transparency stuff is pretty cool, but under-utilized, and otherwise it's just a strange and baroque implementation of the same Windows, Icons, Menus, & Pointer (wimp) desktop metaphor that has been pretty familiar for 20 years now.
But more than the maturity of the fields, I take it all as examples of how the proprietary world (or perhaps academic, as in the case of things like the NCSA software [that usually end up going commercial & closed anyway]) seems to be able to consistently pump out new ideas, while the open source world seems to be good at taking these ideas and reworking them into something better. Thus showing, like Tim O'Reilly has been saying and I'm starting to agree with, that the two sides need each other more than the seem to want to admit.
At least some of us knew this all along, but were weighing more than one variable. Long run, I'll place my bets on an open source system like Linux trumping everything else, but this isn't so much the case in the short term.
I hate to have to admit it, but open source has a proven ability to not be able to come up with particularly innovative software. The strength of OS isn't so much in coming up with new things as it is in seeing what others have done well and coming up with a better implementation of the best parts of the same idea: compare anything from the enhanced GNU versions of all the old system utilities up through Linux itself [unix++], the Gimp [photoshop++, or getting there anyway], Gnutella [Napster++], and the recent efforts to clone .NET [c#++]. I have much more faith in the long term success of these efforts than in their proprietary counterparts, but each of them is going to be forever seen as the twinned complement to an earlier, closed source product. I've seen no significant OS project that really bucks this trend, though I welcome anyone to come up with a good counterexample that proves me wrong.
BeOS fit that pattern too. It was closed, and that did mean always having the risk that it wouldn't survive, but it also meant that the company behind it would be trying some truly inventive things. Filesystem as relational database! Memory protection! TCP/IP almost to the core, with an internal client/server structure that hypothetically should have made distributed computing trivial. Pervasive multithreading, preemptive scheduling, yadda yadda yadda, *and* a pretty little interface that drew on the best of what can be found in Macintosh, Windows, and X.
There were a few niggling little holes -- hardware support was always spotty, major updates like OpenGL & BONE networking have been on hold for far too long now, etc -- and this is indeed the drawback of a small company trying to do so much all by itself. You're right -- the possibility that the company would cease to exist & bring the OS down with it was always a threat, and indeed maybe that's what we're seeing here.
But damn it was worth it. Linux beats BeOS for stability, hardware support, etc, but it's nowhere near as slick as a desktop system, even if BeOS is still basically an incomplete product. I was willing to put up with a few glitches and the threat of obsolescence for the chance to work with an operating system this nice.
Nothing else in the proprietary or free software worlds has yet to bring together so many clever ideas into one package, though I'm sure that, like Amiga & NeXT, these ideas will end up being diffused into the rest of the operating systems world over the next decade or so. Running BeOS is like using that system of the future now, without having to wait for the [hopefully inevitable] superior but derivative free software clone to follow in a few years.
Telling a BeOS fan that these sorts of dangers of implosion exist is a bit like telling an early aviation or NASA engineer that there are dangers in their fields. You might be right, but we don't care -- you're going to have to do better than that to dissuade us... :)
Apparently, it seems that in the early 1800s, there was a general problem with people smoking too much opium, so people came up with a supposed cure for it -- morphine! Of course in hindsight this wasn't any better than opium, but at least it had a pain relieving effect so there was some medical use for it (and still is). Sure enough, former opium smokers got hooked on morphine, and a new cure was needed. What did we get? Heroin! This was much worse, had no worthy side effects, and has generally been a huge headache ever since. What was the solution? Go cold turkey? Of course not, we came up with yet another new drug -- methadone. This one seems to have the great benefit of not being worse or more addictive than it's predecessor, but that just means that people don't want to stop using heroin in favor of methadone, so while methadone may not be worse, it does little good either.
Like I say, this may not actually be true, but I think it illustrates the point very well. Even if it isn't true, there are still similar examples all over the place -- people that give up cigarettes for nicotine gum, etc.
This sort of suggestion has the same critical flaw: it might look good on paper, but in practice you're just trading one nasty thing for another. Sending out a benevolent trojan sounds like a nice idea, but how do you know that it'll be benevolent anyway? Are you sure it isn't going to be vulnerable to some flaw that will do more harm than good? You've checked all your buffers and are careful in what your program accepts and strict in what it sends out? Moreover, you're confident that, even if it *is* perfectly benign (which, let's be honest, is a tricky assertion at best, and very hard to verify) once it's out in the wild can you guarantee that your code isn't going to get hijacked by someone less saintly or all-knowingly proficient as you surely are?
I doubt it.
These sorts of proposals sound nice but are fraught with danger and likely to come to a bad conclusion, both technically and, let's not forget, legally. This sort of idea comes up every now and then -- K5 is debating it right now, too -- but it's never a good idea and in practice it will never reliably work. It's clever & tempting, but raises more problems than it solves, just like trading morphine for heroin...
We're not allowed to hit rock bottom until Ep3 comes out, unfortunately.
Anyone know where one could get a copy of "Phantom Edit"? I was pleasantly shocked to find out that Amazon has "George Lucas In Love", so why not this too?
On the same note, will someone be ambitious enough to produce an "Edit of the Clones" in advance so we can skip seeing Lucas' take on the story? I think it would save us all a precious 2 hours from our lives...
Hopefully all those links work, if not I apologize. I'm just summarizing the various pages that I've skimmed over the course of today. If there's any truth to the Yahoo rumors, there could be confirmation of this as soon as tonight. Though it would be sad to see the company shut down or swallowed whole, a lot of people have seen this coming for a long time, and it would be nice to have some resolution of the situation. BeOS is some great consumer computing technology, and I hope very much that it has a future. Perhaps we're about to find out if that is the case...
Okay, who's the wise guy that told Rob about "ethics" and "integrity", eh? When did he learn about this? Has he put his new found knowledge of these fancy terms to actual use on, Slashdot, or does he just get in a huff when he sees other people violating them?
So much has changed here -- serves me right for skimming recently... :)
I love it -- the editor of a site with the profesisonalism of a high school 'zine writer complaining [even if validly] about some a company's lack of professionalism.
Pot, meet kettle. You two will get on grandly... :)
Following the SAP Merchandise seems to be presenting me with a bunch of SAP Souveniers, not SAP Products (yay, I can buy a SAP Pin or a SAP CD Pouch), and the only promising link -- software! -- leads to a page of ...clothing.
Searching for SAP DB brings me to a list of which the 4th item is -- huzzah! -- an actual product description that seems to be exactly what I'm looking for. However, there is only one link on this page, and it points ...back to the damn Shop page.
I'm getting SAP Annoyed. This is ridiculous.
Do you have any idea what program is is that's running this? I'm running a Toshiba Satellite Pro 4300 that came with WinNT and a handful of apps that Toshiba provided (monitoring the battery, the pc-port, etc). I'm very curious what application is doing the communicating here. What other info do you have? Let me know in more detail -- by email if you'd like -- and I'd be glad to help figure out if it's just your laptop or if others in the same product line (i.e. my computer) are doing the same thing. Grab a list of running processes, services, etc. so we can look for anything suspicious...
touche.
God I hate PowerPoint. What awful, awful software.
There was a great article about it in the May 28 issue of The New Yorker, but their website is impossible to use (tiny fonts, no search feature, and spotty access to the archives) and Google can only get me as far as this snippet. Still, it gets the idea across:
Why people use PowerPoint over sadly unknown but clearly superior alternatives -- from simple HTML pages to WimpyPoint to full blown Flash movies -- is completely beyond me. None of the three alternatives above suffers PowerPoints drawbacks: hugely bloated (ever try to put a presentation on a floppy? Hah!), fiercely constraining, and most importantly in this context (again, this rant was launched because of the presentations at an Open Source conference), spawn of the Beast From Redmond.
So, why use it? I see no benefit.
Gah....
Anyway, I'd love to see these slides, but there's no way in hell I'm installing that damned software for it. Too bad that the Open Source speakers didn't think of the Open Source users....
One slight twist though -- rather than serving up an image, I have a 404 handler that dumps all the environment variables, starting with the "server name". As a result, rather than the ad, I get an ad-shaped message indicating, among other things, who was trying to serve the ad & what the referrer was (other data is usually truncated, but that's okay).
It's nice to see those little message -- ooh, Doubleclick was blocked out again... :)
When I was shopping around for a PDA a couple of years ago, I ended up going with the Palm V primarily because at the time it was the only one that seemed friendly to ambidextrous usage. All of the other Palms -- and all of the assorted WINCE devices -- were very heavily biased towards right-handed usage.
On the Palms, the issue was mainly that the stylus had to go on the right (which I could deal with, but being able to put it on the left is a nice touch that at the time only the Palm V offered; now many of the Palms are using that form factor). On the Windows ones though, damn near every one of them had various hardware buttons that were designed to be tapped with your fingers while being held in your right hand, and holding the device in your left hand would cause you to accidentally tap them regularly.
Why such a basic ergonomic issue as handedness gets ignored for PALMtop computers, especially among the WinCE ones, is a total mystery to me. It isn't really much of an issue with other formats (desktops, laptops), but it seems critical with PDAs, and a glaring oversight that continues to be ignored.
But, like I say, this doesn't seem to be quite what you're asking about -- it sounds like you already have a PDA. Still, if you're shopping for a new one, it's worth having handedness in mind when trying new ones -- unless things have changed drastically in the past couple of months, the hardware makers still seem to be screwing this one up.
The series. Some articles are short -- a couple paragraphs -- but most are pretty in depth, like "Computing Power On Tap" as linked to above:
Sorry if I was being a wiseass with the not-first-post. I'm interested in the subject, and was disappointed that no one had commented yet. I browse via the search page now just so that all the articles that never make it to the front page don't slip through; often they're more interesting & the discussion is at a more interesting level. Or not, this is Slashdot after all. Anyway...
The world has gone mad, unplugged, and I am for some reason the only person able to access Slashdot.
I'm afraid.
Hold me.
<disclaimer class="this is not a first post"/>
mod_perl? It's more advanced than anything I've done personally, but apparently mod_perl makes it pretty easy to embed Perl code into your Apache configuration files. I don't see why you couldn't use that mechanism to block a given user agent on a given day of the week, if that's what you really wanna do...
Keeping a strong enough password is an uphill battle that really can't be won, because the cracker's tools are going to keep getting better at a rate faster than users can be reasonably expected to remember them. Even your elite haxxor mixed case alpha / numeric / symbolic max length password can't stand up to the scrutiny if someone with the right tools wanted it badly enough.
Your best bet is to make it reasonably obscure & just try to prevent the casual cracker from getting it. The casual cracker had meant someone enterprising enough to look for a post-it note, but with the tools getting better the barriers to entry are falling, to the point that you don't know that some little snotnosed 13 year old with a downloaded rootkit (or Back Orifice, or whatever) couldn't count as "casual" these days.
"You can't win, but there are alternatives to fighting..."
So, wait, you've had an 8.1.6 "what" server running? I thought you were talking about Oracle, but apparently not. Lots of us have had that sort of stability without Oracle. Are you implying something else
</cheap-joke-not-that-funny-sorry>
Ahh, but you neglect to mention that that "fan" is rumored to be none other than Kevin Smith (though now when I look at that page, a month later, it says that he denies it. Still...).
It's not pulitzer prize winning writing or anything like that, but I really enjoyed the report Slashdot ran under the headline DirecTV's Secret War On Hackers . I strongly feel that the "best online news story" needn't -- indeed, shouldn't -- be a tech story (there's lots of other stuff out there), but within the genre of tech writing, I thought this was really well done, with a compelling narrative and a description of events that was both easy for the lay person to grasp & accurate enough to keep most of the tech savvy readers happy. It gets my vote.
Heh. I spent a summer working in a CD plant. An ongoing work order had us churning out something like nine million AOL discs over the course of a couple of months. I kept telling them that every single one of the damn things was going to end up in the trash, but they all ignored me. Such a waste -- if only we had these fungi back then...