Even though the example site used was our much frequented Slash, this does not just apply to here: There IS no reason that CNN or whoever should not take the appropriate slap around the chops with a frozen cod when people referred from their site cause another site to sucumb to the weight of numbers.
L8r!
-Trav
Firewalling at your server does not sigifigantly reduce the incomming bandwidth used up - the fact that your server may be ignoring it does not actually count - the ISP is still charging you, and your level of service is still suffering (The bandwidth is still being chewed). The only way that it WON'T effect you is if the ISP filters it before it hits your box.
If you are the adminstrator of your server, then you need to be able to advise your ISP that you are being hit, and arrange filtering at their end: If you cannot do this, then even if your ISP agrees not to change for the excess traffic, you are still going to get reduced performance for the valid connections as they compete with all of the garbage.
Anyway, the ISP in turn should be able to organise with their upline for filtering (If the've got a decent arrangement), untill the whole mess is traced back to the ISP that the DoS is comming from, and they can take action to either kill the little sod's access or if a virus/trojan, block that machine until the owner can be contacted to do a fix.
Another good way of reducing the severity and quantity of DoS attacks is for ALL ISP's to filter out any outgoing packets that have been spoofed: I can not think of a single valid reason that a spoofed packet should be allowed onto the wider internet, short of participating in a DoS attack or system cracking. This is even more important now that the "Worlds Most Secure Microsoft Operating System" now has a fully implemented IP stack on John Q Public's desktop.
Alll right... So you've figured out your companys PC Local Admin password: If you're companies IT team is any decent, that doesn't really mean jack all, as that can be set up so that the only things you can effect are client computers: You won't be able to touch the servers that way.
And I've seen one paranoid setup (during a 2 month govt dept contract) where The "Administrator" account was disabled and they had set up a user "Admin" that was blocked off from any and all Network access. All SMB traffic was blocked - even on the local LAN - so all files needed to be transmitted by an in-house version of a NFS client that encrypted and compressed all traffic (Sooo SSSLLLLLOOOOWWWW!)
And what the heck kinda "back-door" is knowing the local machine Administrator password anyway? It's closer to just having the keys to the FRONT door of someone's house - it's not exactly a secret hatch in the back of a hidden safe in that house =)
If you've read Travis's comments above and want to download, for you, we have a couple of links:
All you Mac fans can click here while all you Win fans can do the same here
As for Linux fans like me? I just use my W2K support-laptop from work to play them back =) - What can I say? The players still need work to match the slickness that is Quicktime.
JINI has not actually "disappeared into obscurity", it is still around, but you are kinda right - it has lost the lime-light a fair bit.
However I disagree with you that they are similar technologies. The simplest difference between JINI and Zero Configuration Networking (of which Rendezvous is an example) are that JINI-applications are reliant on a network (which may dynamically change) while ZCN is that dynamically changing network. For example, there is no reason you could not write a JINI application and then run it over Rendezvous.
I see JINI being a complementary technology to ZCN, as it is clear to me that so-far most ZCN vendors have written custom applications (or application patches/extensions) to take advantage of ZCN, while a JINI enabled application would be able to take full advantage of ZCN without any changes being required.
... that when this anouncement was released to my company (NDA's...) this actually prompted us to switch to IBM's NetVista series.
Why? Because we run Windows NT 4.0 Workstation (shudder) on 95% of our workstations (the remaining 5% being W2k, W98 and 2x Debian machines), which does not support USB, ruling out the thumb-drive option, and two, CD Burners are not a practical alternative, given how locked-down those NT4 desktops are. (Trained Monkeys using the NT systems... the joys of working with techophobes)
On my home machines, it's been around three years since I had a floppy permanently installed, but I still keep one around for installing the RAID drivers on my 2K box - the ONLY use I have for floppies at home =)
Yep, I've got that one - and a few others too =)
Because I surf and/. etc from work, I am obliged to use Internet Explorer, and a well maintained host file is the easiest way to sort this with IE.
Take a look at tuxracers reply to my comment for more info on how 'zilla handles display: none
http://slashdot.org/comments.pl?sid=52559&cid=5222 775
-Trav
Cheers TR, I didn't know that one. I was under the impression that because the display property can be altered through the DOM that the content was still downloaded. Unfortunately I don't have Moz installed to try this out on.
The reason that this works in Mozilla is the filename and location: that's the proprietary part. There is no reason that you cannot include similar code to this on your page for, eg, hiding that pesky Geocities banner. True, not all browsers support this, but it should work for all Moz-based browsers and (I think) IE 5.5+ - though I havn't tried it with IE =)
-Trav
The bits in square-brackets are attribute-matching: 'SRC' and 'HREF' are valid attributes, and the way that these are loaded is it is using a partial-match, which is why this works.
Unfortunately, this does NOT save the bandwidth wasted by loading these sites: you are just telling 'zilla not to display them, but they are still downloaded and loaded, and any javascript (eg in the IFRAMEs) is still run, and so on.
Incidentally, my manager's manager is a 'keen' slash article reader... who clicked on the Xupiter link.
I'm right outside the guy's office, and I actually get on well with the fella, so he tapped me on the shoulder and said... 'I think I've done something stupid...' - Classic =)
I just used one of my work-mates machines (*g*) (because it has a clean build of Windows2K, IE6SP1 + patched to current as of last Tuesday) having downloaded the uninstall proggie and Spybot Search & Destroy.
I reset all settings to the MS defaults and went to the Xupiter site: It installed without prompting, home-page set to Xupiter etc. Conclusion from this step is that the MS Default security settings suck ar$e.
I used the uninstall proggie - it got rid of the toolbar. Good, but did it get rid of the spyware? I rebooted to make doubly sure.
I then installed SS&D and ran a check: Riddeled with spyware from visiting Xupiter - therefore the uninstallation does not do a complete job. I got SS&D to remove said spyware and rebooted - Spyware gone =)
Being in a corporate environment where the Proxy server is set in such a way as that the ONLY application that it will allow to connect through is Internet Explorer (and only on port 80 - even 8080 and 21 are blocked) using the Windows login (I have tried other browsers that claim to work with this, but they turned out to be either IE extensions or they could not connect through), I have no choice BUT to use IE, as I do not like any of the IE variants. Our admins distribute it with the default settings. Across the company around 400 people have (anti-pr0n URL-filtered) internet access, and many more have limited access (depending on role - either limited by hours of access and/or sites accessable) - in my estimate, that's roughly 900-ish machines from just over 2500 PCs that are, by default configuration, vulerable to either uneducated users or users that have their settings locked-down (Depending on the setup & environment) to getting this piece of crud installed on their machines.
Blame the Tech Support crew? While some would do that, I still feel that IE should have been locked-down tighter against crud like this out of the box.
I feel there is some valid examples of prior art for this:
Watch this video but if that's not enough for you, there is an even better example that does EXACTLY what Apple's patent describes - both of these have been posted earlier, or an example from Shuttle - they've got a face-place for the recent-shape X-PCs that is lit by an electroluminescent lamp-plate.
I reckon they're all pretty good examples of Prior Art. Those trolling with the "Mood Ring" comments haven't read the patent, as it DOES say electronic device. My take on the patent is that it can be ANY internally-lit electronic device as long as one-or-more of the external surface areas of the device are lit from an internal light-source. EG: A frosted diffuser panel being back-lit by LEDs.
I've been stiring a little bit of sh*t and have sent sales@dynamism.com the following message:
Hi there,
Just so you know, Apple Computers Inc has applied for a patent that covers your mouse: Unless you want to be paying Apple a fair few bucks, I suggest that you send information on your device to the Patent Examiners office for Prior Art
Apple's pending patent: DN/20020190975 I put a link to the patent here
The particular product that I would use as prior art if I were you:
http://www.dynamism.com/grast/index.shtml
Cheers!
Travis Smith
If nothing else, it would be interesting to see if this gets a response =)
Don't get the wrong idea: I actually LIKE Apple and it's products, but this patent is 'patently' ridiculous.
-Trav
Slashdot Mirror
Yes: ASK before posting the article =)
Really - it's only polite.
-Trav
THE SLASHDOT RELEIF FUND! I'll volunteer to be the corrupt fund manager! -Trav
Even though the example site used was our much frequented Slash, this does not just apply to here: There IS no reason that CNN or whoever should not take the appropriate slap around the chops with a frozen cod when people referred from their site cause another site to sucumb to the weight of numbers. L8r! -Trav
Firewalling at your server does not sigifigantly reduce the incomming bandwidth used up - the fact that your server may be ignoring it does not actually count - the ISP is still charging you, and your level of service is still suffering (The bandwidth is still being chewed). The only way that it WON'T effect you is if the ISP filters it before it hits your box.
If you are the adminstrator of your server, then you need to be able to advise your ISP that you are being hit, and arrange filtering at their end: If you cannot do this, then even if your ISP agrees not to change for the excess traffic, you are still going to get reduced performance for the valid connections as they compete with all of the garbage.
Anyway, the ISP in turn should be able to organise with their upline for filtering (If the've got a decent arrangement), untill the whole mess is traced back to the ISP that the DoS is comming from, and they can take action to either kill the little sod's access or if a virus/trojan, block that machine until the owner can be contacted to do a fix.
Another good way of reducing the severity and quantity of DoS attacks is for ALL ISP's to filter out any outgoing packets that have been spoofed: I can not think of a single valid reason that a spoofed packet should be allowed onto the wider internet, short of participating in a DoS attack or system cracking. This is even more important now that the "Worlds Most Secure Microsoft Operating System" now has a fully implemented IP stack on John Q Public's desktop.
Anyway, I'm outahere!
-Trav
Alll right... So you've figured out your companys PC Local Admin password: If you're companies IT team is any decent, that doesn't really mean jack all, as that can be set up so that the only things you can effect are client computers: You won't be able to touch the servers that way.
And I've seen one paranoid setup (during a 2 month govt dept contract) where The "Administrator" account was disabled and they had set up a user "Admin" that was blocked off from any and all Network access. All SMB traffic was blocked - even on the local LAN - so all files needed to be transmitted by an in-house version of a NFS client that encrypted and compressed all traffic (Sooo SSSLLLLLOOOOWWWW!)
And what the heck kinda "back-door" is knowing the local machine Administrator password anyway? It's closer to just having the keys to the FRONT door of someone's house - it's not exactly a secret hatch in the back of a hidden safe in that house =)
That's my opinionated bollocks anyway.
-Trav
If you've read Travis's comments above and want to download, for you, we have a couple of links:
All you Mac fans can click here while all you Win fans can do the same here
As for Linux fans like me? I just use my W2K support-laptop from work to play them back =) - What can I say? The players still need work to match the slickness that is Quicktime.
-Travis (a different one)
OK So let's give this a go:
All you Mad Mac fans can click here while all you Insane Windows fans can do the same here
Later!
Please, your post is FUD. For more information on alleviating your security 'f34rz' , check out this post - it's this article, even ;-)
JINI has not actually "disappeared into obscurity", it is still around, but you are kinda right - it has lost the lime-light a fair bit.
However I disagree with you that they are similar technologies. The simplest difference between JINI and Zero Configuration Networking (of which Rendezvous is an example) are that JINI-applications are reliant on a network (which may dynamically change) while ZCN is that dynamically changing network. For example, there is no reason you could not write a JINI application and then run it over Rendezvous.
I see JINI being a complementary technology to ZCN, as it is clear to me that so-far most ZCN vendors have written custom applications (or application patches/extensions) to take advantage of ZCN, while a JINI enabled application would be able to take full advantage of ZCN without any changes being required.
Meh.
-Trav
BAD movie, good parody =)
... that when this anouncement was released to my company (NDA's...) this actually prompted us to switch to IBM's NetVista series.
Why? Because we run Windows NT 4.0 Workstation (shudder) on 95% of our workstations (the remaining 5% being W2k, W98 and 2x Debian machines), which does not support USB, ruling out the thumb-drive option, and two, CD Burners are not a practical alternative, given how locked-down those NT4 desktops are. (Trained Monkeys using the NT systems... the joys of working with techophobes)
On my home machines, it's been around three years since I had a floppy permanently installed, but I still keep one around for installing the RAID drivers on my 2K box - the ONLY use I have for floppies at home =)
-Trav
Yep, I've got that one - and a few others too =) Because I surf and /. etc from work, I am obliged to use Internet Explorer, and a well maintained host file is the easiest way to sort this with IE.
Take a look at tuxracers reply to my comment for more info on how 'zilla handles display: none
http://slashdot.org/comments.pl?sid=52559&cid=5222 775
-Trav
Cheers TR, I didn't know that one. I was under the impression that because the display property can be altered through the DOM that the content was still downloaded. Unfortunately I don't have Moz installed to try this out on.
Cheers!
-Trav
The reason that this works in Mozilla is the filename and location: that's the proprietary part. There is no reason that you cannot include similar code to this on your page for, eg, hiding that pesky Geocities banner. True, not all browsers support this, but it should work for all Moz-based browsers and (I think) IE 5.5+ - though I havn't tried it with IE =) -Trav
Yup, this sure is valid!
The bits in square-brackets are attribute-matching: 'SRC' and 'HREF' are valid attributes, and the way that these are loaded is it is using a partial-match, which is why this works.
Unfortunately, this does NOT save the bandwidth wasted by loading these sites: you are just telling 'zilla not to display them, but they are still downloaded and loaded, and any javascript (eg in the IFRAMEs) is still run, and so on.
Still, it tidys things up nicely =)
-Trav
Incidentally, my manager's manager is a 'keen' slash article reader ... who clicked on the Xupiter link.
I'm right outside the guy's office, and I actually get on well with the fella, so he tapped me on the shoulder and said... 'I think I've done something stupid...' - Classic =)
-Trav
I just used one of my work-mates machines (*g*) (because it has a clean build of Windows2K, IE6SP1 + patched to current as of last Tuesday) having downloaded the uninstall proggie and Spybot Search & Destroy.
I reset all settings to the MS defaults and went to the Xupiter site: It installed without prompting, home-page set to Xupiter etc. Conclusion from this step is that the MS Default security settings suck ar$e.
I used the uninstall proggie - it got rid of the toolbar. Good, but did it get rid of the spyware? I rebooted to make doubly sure.
I then installed SS&D and ran a check: Riddeled with spyware from visiting Xupiter - therefore the uninstallation does not do a complete job. I got SS&D to remove said spyware and rebooted - Spyware gone =)
Being in a corporate environment where the Proxy server is set in such a way as that the ONLY application that it will allow to connect through is Internet Explorer (and only on port 80 - even 8080 and 21 are blocked) using the Windows login (I have tried other browsers that claim to work with this, but they turned out to be either IE extensions or they could not connect through), I have no choice BUT to use IE, as I do not like any of the IE variants. Our admins distribute it with the default settings. Across the company around 400 people have (anti-pr0n URL-filtered) internet access, and many more have limited access (depending on role - either limited by hours of access and/or sites accessable) - in my estimate, that's roughly 900-ish machines from just over 2500 PCs that are, by default configuration, vulerable to either uneducated users or users that have their settings locked-down (Depending on the setup & environment) to getting this piece of crud installed on their machines.
Blame the Tech Support crew? While some would do that, I still feel that IE should have been locked-down tighter against crud like this out of the box.
-Trav
Hmm.... I need a decent case fan =)
Watch this video but if that's not enough for you, there is an even better example that does EXACTLY what Apple's patent describes - both of these have been posted earlier, or an example from Shuttle - they've got a face-place for the recent-shape X-PCs that is lit by an electroluminescent lamp-plate.
I reckon they're all pretty good examples of Prior Art. Those trolling with the "Mood Ring" comments haven't read the patent, as it DOES say electronic device. My take on the patent is that it can be ANY internally-lit electronic device as long as one-or-more of the external surface areas of the device are lit from an internal light-source. EG: A frosted diffuser panel being back-lit by LEDs.
I've been stiring a little bit of sh*t and have sent sales@dynamism.com the following message:
If nothing else, it would be interesting to see if this gets a response =)
Don't get the wrong idea: I actually LIKE Apple and it's products, but this patent is 'patently' ridiculous.
-Trav
I just did a search for "DirectX 9.0 EULA" on the MS Downloads site.
.exe file - I have not run it yet - not brave enough =)
For some reason, it's a 126KB download
________________________________________________
"This is where you will go today"