There is also evidence that computer viruses have been transmitted in the process that owners may not be aware of.
Is it just me or does this sound like scaremongering?
On the one hand the letter states " These scans do not examine the content of a particular computer in any way", and on the other hand they claim to have detected a virus..
Moral of the day.. if you bad kid's run Napster you'll catch a virus.. and you wouldn't want that, right?
files disappearing from/tmp on reboot which users didn't expect.
Let me tell you a funny story. I'd recently decided to change from a dual boot of Redhat + Windows NT.. to a Debian only installation on my PC.
I started by backing up stuff I wanted
to keep - on Zip drives.
The install went great, (and Debian rocks;), so once I was finished I moved,
(not copied), all my precious data from the zip disks to the new setup.. into "/tmp/"
Guess what happened when I rebooted next?
All my precious data *gone*
Turns out Debian defaults to removing stuff on a reboot..
.. then you don't want Perl unless you have a strict, enforced coding convention..
If you're working on any project
with 100 programmers then you need a common set of coding conventions..
Moving back into On-Topic-Land, I'd agree that there is lots of bad perl code around; ultimately thats the fault of the various programmers, not the language itself.
I think Perl has a lot in common with Lisp in that respect - its too simple to start writing bad code that's hard for people to understand and maintain..
Is there a reasonable article around on this which explains more about the problem and it's concepts as well as how proper and careful coding can avoid it?:/
The best introduction is Pascal Bourchariene's original paper on writing
Format exploits.. its probably available
all over the web.. theres a copy
here, for example.
Re:A GPL Windows/QT could fork from the free codeb
on
Qt Going GPL
·
· Score: 2
The way to bring Windows desktop users over to Free Software is to create cross platform Apps which reduce the need for Windows as a base platform in order to create a migration path for users
Exactly, and thats why I started GNUSoftware.com.
We should think about cross-platform issues though. I spend a lot of time trying to compile "portable" applications, which use GTK+, on Windows - and fail because people are using Linux specific calls when they really don't need to.
Even the Qt app's I see on Freshmeat are often very Linux specific, for no good reason, and this stops me using them on Windows. (I've got a professional license).
If you're going to bring up language interpreters as possibles OS'es then I've just
got one thing to say:
Emacs.
After all it presents an interface to the user that allows them to run programs, send mail, surf, etc. (And it probably counts for real on a Lisp machine...)
Filtering out all results of 10000Kbs seems to remove 95% of the spam
Steve
---
Re:Wonder if this could be dangerous?
on
Gnutella Vs. SPAM
·
· Score: 2
Yes I've seen one already.
It would do the search result spoofing, so if you searched for "Pink Floyd" it would
return "Pink Floyd.vbs"
The vbs file would then attempt to modify your file sharing directories, via textually modifying your.ini file to share your root drive.
At the time I was impressed.. a potentially better way would be to have the script be a JavaScript embedded inside a HTML file - most browsers allow lots of malicious things inside script on HTML files on the local machine
I still haven't found a way to switch into direcotires with spaces. the cd "space space" doens't work.
Actually it does work fine, you can even do someting like:
c:\>cd Program *
And this will take you to "C:\Program Files"
Still, as another poster said, if you want the CLI on Windows you're better of with a GNU port - maybe bash, or tcsh, or even zsh - you can find all this stuff at my site, mentioned in the sig.
Gopher? luxury, we used to have to telnet to the web server to read web pages - using IP addresses only, because we couldn't waste bandwidth by using DNS.
We used to have to get up at 8:30, half an hour before we'd gone to bed to make sure that nobody else was using the server at the same time.
As for e-mail, you kids have it so easy; we used to send morse code over the BNC cable and the if recipient could decode it we were lucky..
If you're working in a team then coding standards would really help you out here.
Even if it was something adhoc; like asking people to run Indent on source before commiting it.
Or, if you're generating diffs by hand you could ask people to use "--ignore-all-space", and "--ignore-space-changes" which forces diff to ignore changes in whitespace.
That was always one of the big "debates".. back in the x86 assembly languages viruses:
Back then there were two types of virus:
Fast Spreaders, which would try to spread themselves around rabiddly. eg. Every time an infected program was run it would attempt to infect, say, 3 other programs.
Slow Spreaders, which would only try to infect another file, say, every other day.
The fast spreaders were more prolific, but they did tend to get spotted more quickly. If I was the virus writing type of person I'd write a slow spreading one.
I setup something like this once, to see if I could measure the size of the internet.
What I did was generate IP addresses randomly.. then ping them. By calculating the ratio of valid responses against attempted IP's I could see what proportion of the IP space was in use.
I did get some irate responses.. so I abondonded the whole thing, but it was interesting; one of the statistics I found was that 57% of IP's, in my test, were running a web server.
The problem is that a lot of these companies assume that you're selling software, and want to handle registration keys for you - with their "Register.exe" program, or similar.
Depending on the volume of sales you want you might be better off just getting a merchant bank account..
Well the obvious thing is that the potential attacker could stop the CD burning process, by killing it.
The way that I understand the logging to the printer option it uses a kernel module to log, so it cannot be disabled by the user without a reboot (Assuming the rmmod is unimplemented).
Slashdot Mirror
So how did they find the name of the test machine to use then?
From what I remember there was some fancy load balancer in use, and all the real slashdot boxes were behind a firewall...
Steve
---
There is also evidence that computer viruses have been transmitted in the process that owners may not be aware of.
Is it just me or does this sound like scaremongering?
On the one hand the letter states " These scans do not examine the content of a particular computer in any way", and on the other hand they claim to have detected a virus..
Moral of the day .. if you bad kid's run Napster you'll catch a virus .. and you wouldn't want that, right?
Steve
---
Let me tell you a funny story. I'd recently decided to change from a dual boot of Redhat + Windows NT .. to a Debian only installation on my PC.
I started by backing up stuff I wanted to keep - on Zip drives.
The install went great, (and Debian rocks;), so once I was finished I moved, (not copied), all my precious data from the zip disks to the new setup .. into "/tmp/"
Guess what happened when I rebooted next?
All my precious data *gone*
Turns out Debian defaults to removing stuff on a reboot..
Steve
---
If you're working on any project with 100 programmers then you need a common set of coding conventions..
Moving back into On-Topic-Land, I'd agree that there is lots of bad perl code around; ultimately thats the fault of the various programmers, not the language itself.
I think Perl has a lot in common with Lisp in that respect - its too simple to start writing bad code that's hard for people to understand and maintain..
Steve
---
Is there a reasonable article around on this which explains more about the problem and it's concepts as well as how proper and careful coding can avoid it? :/
The best introduction is Pascal Bourchariene's original paper on writing Format exploits .. its probably available
all over the web .. theres a copy
here, for example.
This paper is to format string bugs what Aleph One's "Smashing the stack for fun and profit" is to buffer overflows.
Steve
---
Perl's 'taint mode' solves this problem very well
But only if you're running the latest Perl - otherwise you're wide open to a lovely exploit which gives instant root access:
Go Here for details ...
Steve
---
Wow! It's amazing how Slashdot ignores stuff like new Linux virii, isn't it?
Except its a trojan - which requires root priviledges to install - that is only interesting because it can be controlled via IRC channels.
And Slashdot is covering it here.
Steve
---
The way to bring Windows desktop users over to Free Software is to create cross platform Apps which reduce the need for Windows as a base platform in order to create a migration path for users
Exactly, and thats why I started GNUSoftware.com.
We should think about cross-platform issues though. I spend a lot of time trying to compile "portable" applications, which use GTK+, on Windows - and fail because people are using Linux specific calls when they really don't need to.
Even the Qt app's I see on Freshmeat are often very Linux specific, for no good reason, and this stops me using them on Windows. (I've got a professional license).
Steve
---
FORTRAN interpreters
If you're going to bring up language interpreters as possibles OS'es then I've just got one thing to say:
Emacs.
After all it presents an interface to the user that allows them to run programs, send mail, surf, etc. (And it probably counts for real on a Lisp machine...)
Steve
---
A trivial example, the line "for %x in (c d e f) do free %d > prn"
To do this in bash is very similar...
for in in c d e f; do free $i >(Tested on Windows NT, using bash.exe)
(Assuming, of course, that your printer is setup appropriately, and on /dev/lp0).
Steve
---
Pick a random .exe file, and rename it foo.com.
It'll still run properly, cos Windows, and MS-DOS, determine the file type by looking at the header..
Steve
---
GNUCleus, a GPL'd GNUTella clone for Windows, which I work on sporadically, had the ability for users to filter out IP's that are ignored.
The first thing I do is to dyke out all results from "10.0.x.x", and "127.0.0.1", etc.
The best solution I've found is to filter out all results which report stupid download speeds.
Heres a search result I just got - when looking for the GNUTella macro virus I mentioned earlier:
Filtering out all results of 10000Kbs seems to remove 95% of the spam
Steve
---
Yes I've seen one already.
It would do the search result spoofing, so if you searched for "Pink Floyd" it would return "Pink Floyd.vbs"
The vbs file would then attempt to modify your file sharing directories, via textually modifying your .ini file to share your root drive.
At the time I was impressed .. a potentially better way would be to have the script be a JavaScript embedded inside a HTML file - most browsers allow lots of malicious things inside script on HTML files on the local machine
(IE. "Local Intranet" on IE).
Steve
---
I still haven't found a way to switch into direcotires with spaces. the cd "space space" doens't work.
Actually it does work fine, you can even do someting like:
And this will take you to "C:\Program Files"
Still, as another poster said, if you want the CLI on Windows you're better of with a GNU port - maybe bash, or tcsh, or even zsh - you can find all this stuff at my site, mentioned in the sig.
Steve
---
I did a "measure-the-internet" script a long time ago.
I generated random IP addresses then tested to see if there was a webserver running; From what I remember ~25% of machines had a server running..
Steve
---
Gopher? luxury, we used to have to telnet to the web server to read web pages - using IP addresses only, because we couldn't waste bandwidth by using DNS.
We used to have to get up at 8:30, half an hour before we'd gone to bed to make sure that nobody else was using the server at the same time.
As for e-mail, you kids have it so easy; we used to send morse code over the BNC cable and the if recipient could decode it we were lucky..
Steve
---
If you're working in a team then coding standards would really help you out here.
Even if it was something adhoc; like asking people to run Indent on source before commiting it.
Or, if you're generating diffs by hand you could ask people to use "--ignore-all-space", and "--ignore-space-changes" which forces diff to ignore changes in whitespace.
Steve
---
That was always one of the big "debates" .. back in the x86 assembly languages viruses:
Back then there were two types of virus:
The fast spreaders were more prolific, but they did tend to get spotted more quickly. If I was the virus writing type of person I'd write a slow spreading one.
Steve
---
Nooo!
I just spent $10 million on business.com ..
Steve
---
Then why not use my hacked version of Junkbuster - which stops you from having to see popup windows.
Check it out here.
Steve
---
I setup something like this once, to see if I could measure the size of the internet.
What I did was generate IP addresses randomly .. then ping them. By calculating the ratio of valid responses against attempted IP's I could see what proportion of the IP space was in use.
I did get some irate responses .. so I abondonded the whole thing, but it was interesting; one of the statistics I found was that 57% of IP's, in my test, were running a web server.
Steve
---
I modified my copy of Junkbuster to stop it from allowing JavaScript popup windows..
You can find it here
Steve
---
There are a few different companies that offer this service .. but I'm not sure if they would be appropriate for you.
For example I use Regsoft.com, for people buying GNU CD-ROMs (From GNUSoftware.com).
The problem is that a lot of these companies assume that you're selling software, and want to handle registration keys for you - with their "Register.exe" program, or similar.
Depending on the volume of sales you want you might be better off just getting a merchant bank account ..
Steve
---
I wrote a MDI Wrapper for Internet Explorer, on Windows. Its got the best easter egg I could think of...
An embedded game of Tetris!
I like quake, et al, but for me Tetris is still one of the best games around.
(To see the game, type "steve:kemp" into the URL field ;)
Steve
---
Well the obvious thing is that the potential attacker could stop the CD burning process, by killing it.
The way that I understand the logging to the printer option it uses a kernel module to log, so it cannot be disabled by the user without a reboot (Assuming the rmmod is unimplemented).
Steve
---