For those of you that can see Mars from the ground, that is. For many of the readers, the stars are something you only see when you leave the lights of the city behind. And anything that lives near the horizon.. well, some of us have forgotten what a "horizon" is, or think it means the building next to yours.
I really want to get a telescope for my kid, but until I move away from the lights of the city I'm near, it's pointless. We can spy on our neighbors (at pornographic magnification) but we can't see much at all when we look up.
This idea of evil spammers writing worms to take over computers to do mass emailing sounds REALLY appealing to the press. Man, that's better than a drug dealing pedophile midget. It's tech, it involves the black art of hacking, and can effect anyone without them knowing. It's the stuff that headline stories are made of.
But I really don't think we're going to see this activity as a trend. Occam's razor solves this for us. Hackers will write worms because they're trying to make a point/create a DDos network. It's a lot of work for spammers when it appears they're not really having a problem getting spam to me right now. And can you imagine the laws being broken when a spammer breaks into a computer, uses it to send email, that email actually sells something, then the spammer gets busted? Wowzers... interstate fraud can be fun.
Come on... THere are a lot of other problems to tackle before worrying about this.
Wowzers, if that subject line doesn't get me mod'd down, I don't know what will.
So, the RIAA's issue is they haven't yet found a way to make money off of file sharing. If there was money in it, they'd be fostering it, not trying to kill it.
So, they're pursuing two directions right now. Fight tooth and nail to protect their current bread and butter (CD sales). They're not doing this for the artists... lord no, they're doing this for the labels. THe other direction they're going is trying to find new sources of revenue. NOTE: This new source must be as large if not larger than the existing stream (from a margin perspective).
Once they find a way to make money on filesharing, I bet two things happen. a) they stop harrassing folks and b) CD prices drop b/c they're no longer a one trick pony.
Sooooo... in an effort to stop the lawsuits and help get CD prices down, we, the buying public, need to find a way for the RIAA/labels to make billions off of online file sharing... hopefully without some terrible DRM integrated into the solution.
There have been many attempts... the $0.99 downloads are the most recent and most successful... but they're still not much compared to the brick and mortor sales that are occuring.
Put your heads together! Come up with a feasible way for the RIAA to migrate to a new business model and make all our lives easier.
While it's slick that they had a dual proc board and all... none of the tests they used used the dual proc-ness of the system. They even indicate in their results that the second proc just threw overhead into the system.
They've asked for help getting some dual proc benchmarking software. It would be great if someone could help them out. I'm really curious what that box is ACTUALLY capable of. IT's a goodly amount of horsepower with a reasonable amount of L2 cache with 64-bits of data-y goodness. It could make a heck of a "workgroup" size database server.... for a lot less than Sun's workgroup servers.
I think this next gen of procs (and their 64-bitness) is going to put another dent in Sun. First, lowend *NIX servers based on x86 put a huge dent in their pizza box market. Now, consumer grade 64-bit procs will probably start to eat heavily into their midrange market (like the 220R and that realm). In the big iron... well, that's contentious already. No need to to mess with them there;)
This list, and other lists provided in this thread, all share one thing in common:
They take more effort than blackholing an IP address with no warning and no mechanism for getting off the list.
I'm not defending AOL (or any ISP that blackholes mail traffic for that matter). However, they tend to operate on razor thin margins, and anything that can be done to keep expenses down is A Good Thing (tm).
So there's a calculus involved here:
X = Amount of money they lose when they get hammered by spammers Y = Amount of money they lose by heavy handedly blocking IP's and providing no customer service around that activity
If X > Y, then you know what they'll do. If the ISP is really focused on customer service, they may implement your list of issues above... but if they're not... heh.
something else to think about. What if, as a customer, I'm more concerned about not getting spam than blocking some small percentage of email? What if I don't WANT to have to control my spam knob. I'm too lazy/busy/clueless/whatever. I'd hazard there are MANY more of those type of ppl in the world.
User with 5 digit UID decided to actually read/respond to/. comments for the first time in years. The comment was already tagged as a troll, but I had some steam to vent re: BSD bashing... I I dove in head first.
Wow... What an impressively short-sighted and misinformed opinion. Lemme guess, you're a linux user?
The latest Netcraft survey indicates that the top 5 sites (whatever that means) on the Net run FreeBSD. Now, whether you believe how they indicated top 5 or not, sites like yahoo.com are huge and the fact that they run FreeBSD says a lot.
The BSD's are alive and kicking, esp when you care about size and performance. I can run a Linux Moz binary on a FreeBSD 4.8 box faster than on a RedHat 9 box on the same hardware. Say what you will, but BSD's are a great fit for a number of uses.
I think this is a "natural" fit for many companies... hotmail blogs, AOL blogs, fark blogs,/. blogs (oh wait)... However, how much is too much?
I mean, we went through a whole pile of free mail places, many of whom have imploded. Now free blogs are popping up everywhere and the big boys are taking notice.
And I think there's a lot of room for blog integration. Sure, you could integrate it with your IM client, but why stop there. Integrate it with the E911 system so we can know where you are at all times. Activate the mic on your phone so we can hear all your conversations. Make your blog your voluntary big brother portal. Homeland Security will love that.
I guess at the end of the day, it's how self important you want to feel.
It's not just the average user that thinks one a month is too much. When you run an OS in a production situation, patches are a real PIA. If you actually care about your services, you have to apply the patch in a lab and do a full regression test of your applications to make sure the patch doesn't break anything.
Depending on the size of your app, dev shop, and revenue, patching can get real expensive, real quick.
Check out GAWD. It's a DB of lots of wireless AP's. We've got "generic" mapping capabilities, but nothing fancy. We're trying to improve it currently. However, many ppl don't know their lat/long, so only a fraction of the AP's actually map to somewhere valid.
The Shmoo Group setup the Global Wireless Access Database (GAWD) not too long ago. Heck we even got/.'d for it. It's a public DB of access points all over the world.
The AP's are all user contributed, so if you've got one, or know of one, feel free to add it.
It's not intentional. The pull down list is only populated with states/countries that folks have entered data for. If/when someone enters an AP for Tennesse, then you'll see it in the pull-down list.
Thank god someone brought this up. I've read almost the entire thread looking to see if someone would bring this point out
This was a civil trial. The quote from the attorney was he wouldn't recommend his client not take civil action. This is not a criminial case and does not set criminal precidence. Remember the OJ trial? OJ was aquitted of criminal charges but still lost a civil suit and had to pay damanges. This can work the other way, and may very well do so in this case. The criminal system and the civil system are completely different. I am not a lawyer, but even I knew this. Securityfocus almost addressed this issue,/. disregarded it completely, and the/. community added fire to the FUD.
Given the current events in the middle east, this is a very timely piece. Not only is the net becoming a new spiritual entity, but it is also becoming a battle ground for spiritual (and cultural) wars. Cyber attacks are becoming a common extension of physical battles such as the current Middle East conflict in the "old" Jerusalem. News.com reports that cyber attacks against pro-Israeli and pro-Palestinian sites have been on the rise since the start of the conflict 6 weeks ago. And with Net access being delivered to the camps in the West Bank and Gaza, the attacks (and their motivation) will continue on for at least the length of the current conflict. I think that is the real meaning of the New Jerusalem in are society. It's a spiritual common ground, and therefore, like the Old Jerusalem before it, it will be where the battles of differences are fought.
I just picked up a lucent Orinoco base station. It's basically the same core as the Airport (at the same price), and will happily interact with an Airport. It supports 64bit encryption (a 128 bit model is a bit more). Lucent will also support their cards and base station under Windows AND Linux. When asked about PC support, apple said something basically like "If you want wireless, use a Mac." Oriellynet has a piece on getting PC's to talk to airports.
I'm well aware that security is a process not a product (this has been rammed down all our throats by the media... it's a hell of a good sound bite). My point is that folks tend to put too much emphasis on firewalls and intrusion detection and not on writing good code. Multilevel security is fact of life. Every piece of software, every architectural decision must be designed and implemented correctly in order to acheive a reasonable level of security. I've heard more ppl say "I have a firewall/IDS so I'm secure" than "I wrote good code so I'm secure". There's not enough emphasis on software engineering and software security. We're too reactionary with todays software. Once your IDS picks something up, it may be too late.
I totally agree that IDS's play a vital role in the "security process." I'm just trying to raise awareness of software security issues.
I'd be curious to see the difference between the trace running the current snort ruleset (08292k.rules) and the pre-defcon ruleset (07272k.rules). I'd be happy to run against 07272k if you run against 08292k and we can figure out the delta's.
Ron only posted about 3 MB of data from DC8. I think it was just the stuff that DragonIDS caught and dumped. We're the flip side of that... we have 1.9GB with no postprocessing (basically every bit that went across the wire). My guess would be there's data in our dump that Dragon didn't catch.... that's why we decided to dump it all.
Orginally we were just going to dump data from snort, but we decided it would be better do dump it all and then run it through some IDS's to see what was caught and what was missed.
I like the immune system analogy. However the human body's immune system is the result of millions of years of evolution. The current state of secure software development is still in the primordial goo where the organic molecules are blindly flailing trying to build a cell or 2. It's hard to protect something that doesn't have any defenses in the first place.
One of my fav quotes... It's from Steve Bellovin from ATT:
"firewalls are a network response to a software engineering problem"
We've been planning this for a while now.. I think since April or so. It wasn't based on the MacHack thing at all... the group just came up with the idea.
As far as the "decency" thing... The capture the flag network at DefCon is a LOT different than the public network at MacHack. There was only one purpose of the data on those wires; attempted compromises of remote systems. This data has real value to the security community, not random artistic value like the machack data;)
Over at shmoo.com, we've been running our own number station contest for over a month now. We're not using a OTP, so it is very solvable. The hard part is we have streaming audio feeds, so you actually need to do a bit of transscription.;)
Anyhoo, if you're interested, tune in to a number station you actually have a chance at cracking. BTW: the prize is currently 2 DVD's.
I used an A1000 for a while on the back end of a UE3500. It was a terrible piece of equipment as far as I was concerned. It broke... a lot. And there aren't any useful diagnotics that the box gives out, just blinky lights. There is no Out of Band notification to be had. If it breaks, you have to physically inspect the box, and even then you still may not know what the real problem is until you replace just about everything. BTW: the internals of the box are basically an Intel PC (it's got a 486 chip on the main board)
Slashdot Mirror
5pm, eh? you must live in the metro DC area? south and or east just a bit...
:)
At least, at 5p last night that's where the center of the big storm in the area was
For those of you that can see Mars from the ground, that is. For many of the readers, the stars are something you only see when you leave the lights of the city behind. And anything that lives near the horizon.. well, some of us have forgotten what a "horizon" is, or think it means the building next to yours.
I really want to get a telescope for my kid, but until I move away from the lights of the city I'm near, it's pointless. We can spy on our neighbors (at pornographic magnification) but we can't see much at all when we look up.
Odd sense of humor? He must be a tech writer... oh wait...
You're kidding, right?
This idea of evil spammers writing worms to take over computers to do mass emailing sounds REALLY appealing to the press. Man, that's better than a drug dealing pedophile midget. It's tech, it involves the black art of hacking, and can effect anyone without them knowing. It's the stuff that headline stories are made of.
But I really don't think we're going to see this activity as a trend. Occam's razor solves this for us. Hackers will write worms because they're trying to make a point/create a DDos network. It's a lot of work for spammers when it appears they're not really having a problem getting spam to me right now. And can you imagine the laws being broken when a spammer breaks into a computer, uses it to send email, that email actually sells something, then the spammer gets busted? Wowzers... interstate fraud can be fun.
Come on... THere are a lot of other problems to tackle before worrying about this.
Wowzers, if that subject line doesn't get me mod'd down, I don't know what will.
;)
So, the RIAA's issue is they haven't yet found a way to make money off of file sharing. If there was money in it, they'd be fostering it, not trying to kill it.
So, they're pursuing two directions right now. Fight tooth and nail to protect their current bread and butter (CD sales). They're not doing this for the artists... lord no, they're doing this for the labels. THe other direction they're going is trying to find new sources of revenue. NOTE: This new source must be as large if not larger than the existing stream (from a margin perspective).
Once they find a way to make money on filesharing, I bet two things happen. a) they stop harrassing folks and b) CD prices drop b/c they're no longer a one trick pony.
Sooooo... in an effort to stop the lawsuits and help get CD prices down, we, the buying public, need to find a way for the RIAA/labels to make billions off of online file sharing... hopefully without some terrible DRM integrated into the solution.
There have been many attempts... the $0.99 downloads are the most recent and most successful... but they're still not much compared to the brick and mortor sales that are occuring.
Put your heads together! Come up with a feasible way for the RIAA to migrate to a new business model and make all our lives easier.
I dare you.. find a hole in this logic
While it's slick that they had a dual proc board and all... none of the tests they used used the dual proc-ness of the system. They even indicate in their results that the second proc just threw overhead into the system.
;)
They've asked for help getting some dual proc benchmarking software. It would be great if someone could help them out. I'm really curious what that box is ACTUALLY capable of. IT's a goodly amount of horsepower with a reasonable amount of L2 cache with 64-bits of data-y goodness. It could make a heck of a "workgroup" size database server.... for a lot less than Sun's workgroup servers.
I think this next gen of procs (and their 64-bitness) is going to put another dent in Sun. First, lowend *NIX servers based on x86 put a huge dent in their pizza box market. Now, consumer grade 64-bit procs will probably start to eat heavily into their midrange market (like the 220R and that realm). In the big iron... well, that's contentious already. No need to to mess with them there
This list, and other lists provided in this thread, all share one thing in common:
They take more effort than blackholing an IP address with no warning and no mechanism for getting off the list.
I'm not defending AOL (or any ISP that blackholes mail traffic for that matter). However, they tend to operate on razor thin margins, and anything that can be done to keep expenses down is A Good Thing (tm).
So there's a calculus involved here:
X = Amount of money they lose when they get hammered by spammers
Y = Amount of money they lose by heavy handedly blocking IP's and providing no customer service around that activity
If X > Y, then you know what they'll do. If the ISP is really focused on customer service, they may implement your list of issues above... but if they're not... heh.
something else to think about. What if, as a customer, I'm more concerned about not getting spam than blocking some small percentage of email? What if I don't WANT to have to control my spam knob. I'm too lazy/busy/clueless/whatever. I'd hazard there are MANY more of those type of ppl in the world.
User with 5 digit UID decided to actually read/respond to /. comments for the first time in years. The comment was already tagged as a troll, but I had some steam to vent re: BSD bashing... I I dove in head first.
Wow... What an impressively short-sighted and misinformed opinion. Lemme guess, you're a linux user?
The latest Netcraft survey indicates that the top 5 sites (whatever that means) on the Net run FreeBSD. Now, whether you believe how they indicated top 5 or not, sites like yahoo.com are huge and the fact that they run FreeBSD says a lot.
The BSD's are alive and kicking, esp when you care about size and performance. I can run a Linux Moz binary on a FreeBSD 4.8 box faster than on a RedHat 9 box on the same hardware. Say what you will, but BSD's are a great fit for a number of uses.
I think this is a "natural" fit for many companies... hotmail blogs, AOL blogs, fark blogs, /. blogs (oh wait)... However, how much is too much?
I mean, we went through a whole pile of free mail places, many of whom have imploded. Now free blogs are popping up everywhere and the big boys are taking notice.
And I think there's a lot of room for blog integration. Sure, you could integrate it with your IM client, but why stop there. Integrate it with the E911 system so we can know where you are at all times. Activate the mic on your phone so we can hear all your conversations. Make your blog your voluntary big brother portal. Homeland Security will love that.
I guess at the end of the day, it's how self important you want to feel.
pardon the rant
It's not just the average user that thinks one a month is too much. When you run an OS in a production situation, patches are a real PIA. If you actually care about your services, you have to apply the patch in a lab and do a full regression test of your applications to make sure the patch doesn't break anything.
Depending on the size of your app, dev shop, and revenue, patching can get real expensive, real quick.
Check out GAWD. It's a DB of lots of wireless AP's. We've got "generic" mapping capabilities, but nothing fancy. We're trying to improve it currently. However, many ppl don't know their lat/long, so only a fraction of the AP's actually map to somewhere valid.
The Shmoo Group setup the Global Wireless Access Database (GAWD) not too long ago. Heck we even got /.'d for it. It's a public DB of access points all over the world.
The AP's are all user contributed, so if you've got one, or know of one, feel free to add it.
It's not intentional. The pull down list is only populated with states/countries that folks have entered data for. If/when someone enters an AP for Tennesse, then you'll see it in the pull-down list.
Thank god someone brought this up. I've read almost the entire thread looking to see if someone would bring this point out
/. disregarded it completely, and the /. community added fire to the FUD.
This was a civil trial. The quote from the attorney was he wouldn't recommend his client not take civil action. This is not a criminial case and does not set criminal precidence. Remember the OJ trial? OJ was aquitted of criminal charges but still lost a civil suit and had to pay damanges. This can work the other way, and may very well do so in this case. The criminal system and the civil system are completely different. I am not a lawyer, but even I knew this. Securityfocus almost addressed this issue,
Given the current events in the middle east, this is a very timely piece. Not only is the net becoming a new spiritual entity, but it is also becoming a battle ground for spiritual (and cultural) wars. Cyber attacks are becoming a common extension of physical battles such as the current Middle East conflict in the "old" Jerusalem. News.com reports that cyber attacks against pro-Israeli and pro-Palestinian sites have been on the rise since the start of the conflict 6 weeks ago. And with Net access being delivered to the camps in the West Bank and Gaza, the attacks (and their motivation) will continue on for at least the length of the current conflict. I think that is the real meaning of the New Jerusalem in are society. It's a spiritual common ground, and therefore, like the Old Jerusalem before it, it will be where the battles of differences are fought.
I just picked up a lucent Orinoco base station. It's basically the same core as the Airport (at the same price), and will happily interact with an Airport. It supports 64bit encryption (a 128 bit model is a bit more). Lucent will also support their cards and base station under Windows AND Linux. When asked about PC support, apple said something basically like "If you want wireless, use a Mac." Oriellynet has a piece on getting PC's to talk to airports.
Christ...
I'm well aware that security is a process not a product (this has been rammed down all our throats by the media... it's a hell of a good sound bite). My point is that folks tend to put too much emphasis on firewalls and intrusion detection and not on writing good code. Multilevel security is fact of life. Every piece of software, every architectural decision must be designed and implemented correctly in order to acheive a reasonable level of security. I've heard more ppl say "I have a firewall/IDS so I'm secure" than "I wrote good code so I'm secure". There's not enough emphasis on software engineering and software security. We're too reactionary with todays software. Once your IDS picks something up, it may be too late.
I totally agree that IDS's play a vital role in the "security process." I'm just trying to raise awareness of software security issues.
I'd be curious to see the difference between the trace running the current snort ruleset (08292k.rules) and the pre-defcon ruleset (07272k.rules). I'd be happy to run against 07272k if you run against 08292k and we can figure out the delta's.
sound groovy?
There's about 1.9GB of data total. File size varies from 100K to 600MB.
Ron only posted about 3 MB of data from DC8. I think it was just the stuff that DragonIDS caught and dumped. We're the flip side of that... we have 1.9GB with no postprocessing (basically every bit that went across the wire). My guess would be there's data in our dump that Dragon didn't catch.... that's why we decided to dump it all.
Orginally we were just going to dump data from snort, but we decided it would be better do dump it all and then run it through some IDS's to see what was caught and what was missed.
I like the immune system analogy. However the human body's immune system is the result of millions of years of evolution. The current state of secure software development is still in the primordial goo where the organic molecules are blindly flailing trying to build a cell or 2. It's hard to protect something that doesn't have any defenses in the first place.
One of my fav quotes... It's from Steve Bellovin from ATT:
"firewalls are a network response to a software engineering problem"
I'd add intrusion detection to that statement.
We've been planning this for a while now.. I think since April or so. It wasn't based on the MacHack thing at all... the group just came up with the idea.
;)
As far as the "decency" thing... The capture the flag network at DefCon is a LOT different than the public network at MacHack. There was only one purpose of the data on those wires; attempted compromises of remote systems. This data has real value to the security community, not random artistic value like the machack data
Over at shmoo.com, we've been running our own number station contest for over a month now. We're not using a OTP, so it is very solvable. The hard part is we have streaming audio feeds, so you actually need to do a bit of transscription. ;)
Anyhoo, if you're interested, tune in to a number station you actually have a chance at cracking. BTW: the prize is currently 2 DVD's.
I used an A1000 for a while on the back end of a UE3500. It was a terrible piece of equipment as far as I was concerned. It broke... a lot. And there aren't any useful diagnotics that the box gives out, just blinky lights. There is no Out of Band notification to be had. If it breaks, you have to physically inspect the box, and even then you still may not know what the real problem is until you replace just about everything. BTW: the internals of the box are basically an Intel PC (it's got a 486 chip on the main board)