And he's apparantly never learned to write html... there are dozens of span and div tags to set text styles for things that have had explicit tags since, well, about the time he was BORN...
<i>...</i> <center>...</center> <b>...<b> etc .
And it's HTML, not XML, so what's with all the <br/> 's?
You have to get past the first 3 or 4 tiers of toadies to find a real engineer. We had problems with the 7400 for 6 months. We even had our very own IOS build for it (didn't help)... Then one day the arguements got high enough to find a real TAC Engineer (tm) -- his very first question fixed the whole problem: What's the PCB model number (the last two digits, -XX)?... Motherboard engineering defect that had been published for 4 months. (show tech includes the show diag output, so they knew it was bad hadrware with the very first ticket.) It would appear he was the only TAC engineer in RTP who knew about that field notice and recall.
(First a correction... the "failover cable" is not ethernet, it's serial. Take the cover off and look where on the *ahem*PC MOTHERBOARD*cough* the cable goes.)
Cisco was incompetent enough to not include a hardware watchdog in the PIX
If you knew your history, you'd know Cisco didn't design those machines. Cisco bought that company (I forget the name.) The only thing that makes the Pix a Pix is the flash memory card inside there -- in ealier models, it's an ISA card; they have 16M PCI ones now. With one of those cards, you can turn your Dell into a pix:-) The one's Cisco's been designing (506/515/501...) might have a watchdog in there, but I'm not sure.
"compatable"? Are you kidding?! [E]IGRP is Cisco's proprietry [and patented] routing protocol. However, it is very well publicly documented. If EVERY network device needing to participate in routing is made by Cisco, then yes, [E]IGRP is a good choice. However, this is rarely true and OSPF is the only viable alternative.
(BTW, Cisco supports EIGRP for more than just IP.)
... or people who just finished a Cisco exam. Generally speaking, you're never going to walk into a situation where you need to know all of the LSA types, their uses, and their interactions. It only takes a few seconds to look that stuff up.
It'd be more productive to ask them how to find bits and pieces of information within the OSPF LSDB.
The home page (www.cisco.com) is not where it belongs. Security notices are available at http://www.cisco.com/go/psirt That's where security people will be looking. (and they'll be subscribed to any number of Cisco emailed alerts.)
It has yet to be shown that a file can be meaningfully changed in a functional manner. For example, inserting shell code in login without trashing the program. If the program will no longer run, then it's useless.
So far, the example shows very few differences. Certainly not enough to do anything as complex as inserting code. However, very few bits would be needed to invert or skip checks. (think "any password is valid")
This is not true. In much the same manner that one cannot reverse crypt(). Information is lost in the "compression" of the larger input set to the smaller, fixed size of the result set. Reversing the process will at best return all of the collision sets -- all of the datasets that result in the same hash value -- which will likely be many more than 2. (and the process is certainly not going to be computationally "free".)
The announcement is merely confirmation of mathmatically realities... one cannot uniquely represent a dataset with less data than you started out with. In fact, the hash output can be much larger than the input and still have collisions; anyone who's studied data structures knows this -- the mythical "perfect hash function". So, we know there will be collisions with SHA. Now we have one in hand. By itself, this is nothing more than "neat"; it will take lots of colliding datasets to be useful in predicting and eventually creating collisions.
The only serious point here is that 2048bits is a common size for keys. So, this is basically proving your "house key" isn't as unique as you might think.[*] At this point, it'll still be a random accident if someone finds a collision with one of your 2048bit keys... assuming there is a collision for your key.
[*] BTW, your house/apartment key isn't unique. (none of your real world keys are truely unique.)
Yes, you can de-0wn a rooted UNIX(tm) system. Microsoft has made it much more difficult with their own (lame-ass) file integrity controls.
Restoring a UNIX(tm) system is merely tedious. Compare the existing system to that last known good archive and/or OS distribution media. Any missing or new files should be inspected manually and restored or deleted as needed. (All of this is done from a different system, obviously.)
I have un-r00t3d several systems over the years. And I've burned down a number of windows boxes. Erasing a system and starting over is not always a good solution as it will often take longer to reinstall all the applications and personal data than it would to inspect the entire system. (Of course, if a virus scanner has found 23,000 infections in 30mins, it's best to take it out to a field and shoot it.)
And herein is the real problem... false negatives are far worse than false positives. Denying the legitimate user, for any reason, is not acceptable in the financial world.
How would like it if your computer refused to let you login because you typed too slowly and put too much preasure on the "P" key?
You are assuming (1) the tivo is sent a jpg, (2) the tivo creates the thumbnail, (3) the thumbnail is a jpg. #2 may be true, but #1 & #3 may not be. (#3 most likely isn't.)
The fact that the Ethernet ports are disabled on the Hughes HR10-250 is simply ridiculous.
Indeed. Talk to DirectTV. THEY are the reason it's disabled. Until they change the terms of their contract with Tivo, Inc., the USB ports on DTivos will remain off, and there will be no Home Media Option.
Provide a DVD burner with all units.
Well, this one is problematic. Tivo, Inc. only makes the software. Others design, build, and market the recorders. Last time I looked, only RCA had a "Tivo Powered (tm)" DVD recorder/DVR. There are a few with DVD players.
Offer a software package for sale that will run on any Windows-based PC.
That's a joke, right? The Tivo is not a windows box (everyone knows it's linux based.) Please stop with the crazy talk. Linux companies don't "do" windows programming. Besides, the tivo software is very closely tied to the hardware and 100% unstable as all hell if you start poking it with a stick -- this is the nature of pure embedded software; why bloat the code to handle the unexpected (read: "not supposed to happen"'s)?
7....
While I agree, one should have the option of external, "archival", storage... The USB ports on a tivo are USB1.1 and thus, way too slow. If they were to add USB2 and/or firewire, we'd be cooking....I don't agree with the "having to hack" comment. The tivo is a self-contained unit; one should never crack it open. (Have you "hacked" your NTSC TV to display HDTV?)
8....
Hah! The tivo is not a multi-user box. I don't expect it to become one, either. It hardly has enough space ("MFS Application" region, limit of around 500,000 "inodes") to handle one user's preferences over a few years; adding users will only magnify the problem. (Honestly, it's small problem currently. But I know of at least one dtivo now unable to complete a daily call due to lack of space and the unwillingness of it's owner to erase it.)
Ok, this is just bull. Please point to the JPEG's on a TiVo. I'll wait...
*ding*
There aren't any. All the icons (the balls, the star, network logos, the "blue wiener", etc.), and loopsets (i.e. slide shows like the little tivo guy in the upper left corner) are PNG formated images. I don't think Tivo would've changed to JPEG in the last few years. Everything else is an MPEG2 or raw graphics written onto the overlay (eg. the menu borders.) Fonts are standard true-type fonts -- non-compressed as I recall. (even "easily" replacable.)
[I don't expect anyone from Tivo, Inc. to step up to answer exactly how they do all the gfx.]
You seem to have the impression the nurse stood there typing in codes for an hour. She asked every nurse on staff in the ER, every doctor working in the ER, and called several pharmacies. In the end, some "teen" in a suit (an IT guy it would appear) came in, monkeyed with the terminal for a few minutes and *poof* it was fixed. It's anyone's guess why she didn't have one of the other pharmacies send the stuff down -- my money is on some lame issue around billing if it didn't come from the ER; hospitals are one, huge, never ending pile of red tape. (but that's a different story.)
...
but that doesn't releave you of your responsability to properly roll things out
Yes. It. Does. Yes, there are proper proceedures. There are even documented proceedures ("policy".) There's also the boss (and everyone has a boss, even the bosses) telling you what to do contrary to proceedure. You are either inexperienced, lying, or damned lucky to have never been forced outside the "proper proceedures." This shit happens somewhere every day. That it has never happened to you is highly improbable.
Frankly no security patch requires instant roll out if you've got proper security in place.
Ok, evidence now suggests "inexperience". Exhibit A: Cisco IOS Interface Blocked by IPv4 Packets. Exhibit B: the bind worm from some years ago. Sometimes you don't get the luxury of several months notice of bugs before rampant exploits are released.
...
still give everyone the access they need
It's never an issue of need. No admin will ever intentionally place restrictions that interfere with real work. It's more a matter of want and not enslaving people in a jail cell. Making sure people cannot do anything but their job is, well, stupid and needlessly time consuming. (translation: users will always be shooting themselves in the foot; you'll never be able to stop them from pulling the trigger without making them leave.)
...
The large price tag may come from administrators who aren't willing to put in the time to learn how to do it themselves or learn how to properly configure what is available out there...
This is called training and experience. People with more experience get paid more. Experience equals value. It's a simple economic premise. It's why you are paid more today than you were on your first day as a "green" sysadmin.
Companies (commercial, for-profit institutions) are not going to bet everything on the hacked-together, 386 server their 18yo, college drop-out, sysadmin built out of the junk he found rattling around in the trunk of his step-dad's LTD. While that would work for many a home and a number of small, straped-for-cash companies, no serious company is going to allow any such home-grown "trash" to be part of their critical infrastructure. There must be accountability and a clear line of support. Basically, the company needs someone to bitch at and possiblly sue when things fall apart. When that 18yo kid gets hit by a bus skateboarding in the street or simply quits, who's gonna take over management of the system(s) he built? Commercial hardware/software systems have people with training, experience, and certifications who can manage anyone's installation with few exceptions (there's a limited set of differences... think oracle DBA.) Such resources don't exist for one-off, home-grown systems -- while there are people who can figure it out, it takes time to figure the system out (and it might end up broken in the process) and you certainly cannot afford to be hunting when the system(s) aren't being managed.
as for monitoring...
I repeat: knowing who brought in the matches will not un-burn the office. Monitoring systems are good at pointing out anomalous behaviors
And what would your family members have done? Grab a fire axe and take aim on the drug cabnet? While that would've been entertaining, it would have been a job losing moment.
Proceedures or not, relationships or not, the bosses are going to expect you do what they tell you to do. I've been down this path. The only options are to document everything and prepare the "I [censored] told you!"'s. I've seen far too many ass-stupid things done in the name of politics and image... the right solution doesn't mean shit if it doesn't come from the preferred vendor (which isn't a constant.) [It's nice to see karma eventually catch up to those people.]
Monitoring won't do much good after the network is h4x0r3d. Yeah, you know who did it, but the damage is done... knowing who brought the matches in won't un-burn the office. Most companies will not tolerate the ultra-restrictiveness necessary to protect the network in the manner prescribed -- plus, it doesn't come without a rather large price tag (hardware, software, and admin time.) And there will aways be those who get exceptions to the rules.
Any doctor or nurse worth their salt should be able to keep you alive without a computer
Bull. I once sat in the ER and watched a nurse spend nearly an hour hunting for the inventory control number to enter into the computer to unlock the refridgerator for a 10$ bottle of eye drops for this teen who had a fluorescent bulb explode in his face. So don't give me this bullshit. They'll waste a great deal of time on a broken computer instead of a bleeding person.
2: Any System Administrator...
You obviously are not a sysadmin... Admins do what the PHBs tell them to do. Butt stupid idea or not, when the boss tells you to do X, you do X or find a new job.
...
puts some type of firewall...
Firewalls do very little to stop the clueless morons behind the firewall from doing ever more inventively stupid things.
While these measures will stop the uneducated and/or lazy, they will ultimately not stop anything. 99% of the time, if you can see it in a "file browser" (think "Save As..."), it can be executed. Securing windows from it's users is all but impossible. Trust me, I've been down this road. It's not worth the months of plugging holes.
(On a "highly secured" ASP account, I had a command prompt within 5mins. They had been doing the ASP thing for years and had done a very good job of locking everything up, but it's just not possible to carry much water in a seive. The account was for access to Office... file dialogs are such a bitch.)
A very specific, discrete unit was certified for medical use. Altering the software running on the unit invalidates that certification until such time as the new, "patched", configuration passes certification and becomes a new discrete unit. Personally, I think anyone using Windows in a critical application, medical or not, is a nut. Not taking numerous measures to secure your machines and the networks that interconnect them should be criminal -- but rarely is unless it gets someone killed.
Think of like changing the seats in your car. All the tests and certifications that car went through to become "street legal" were done with the factory model seats. Changing them invalidates all those tests. It may still pass, but it was never tested in that configuration. (Yes, this is a bad example as changing the seats isn't going to make much difference unless you're a complete dumbass and install lawn chairs, etc.)
And why, exactly, is there a web browser on the box? Ignoring the lies from M$, IE does not have to be installed or acessible. Does your CT application(s) need mshtml.dll? If so, why?
Slashdot Mirror
And he's apparantly never learned to write html... there are dozens of span and div tags to set text styles for things that have had explicit tags since, well, about the time he was BORN...
c .
/> 's?
<i>...</i>
<center>...</center>
<b>...<b>
et
And it's HTML, not XML, so what's with all the <br
This isn't a bug, exactly. Some dumbass put "T. Kennedy" on the list. What fscking idiot puts wildcards into a terrorist database?
"I'm sorry, your name contains the letter e. You'll have to come back next Tuesday between 4:31am and 5:17am to get on a flight."
You have to get past the first 3 or 4 tiers of toadies to find a real engineer. We had problems with the 7400 for 6 months. We even had our very own IOS build for it (didn't help)... Then one day the arguements got high enough to find a real TAC Engineer (tm) -- his very first question fixed the whole problem: What's the PCB model number (the last two digits, -XX)?... Motherboard engineering defect that had been published for 4 months. (show tech includes the show diag output, so they knew it was bad hadrware with the very first ticket.) It would appear he was the only TAC engineer in RTP who knew about that field notice and recall.
- Cisco was incompetent enough to not include a hardware watchdog in the PIX
If you knew your history, you'd know Cisco didn't design those machines. Cisco bought that company (I forget the name.) The only thing that makes the Pix a Pix is the flash memory card inside there -- in ealier models, it's an ISA card; they have 16M PCI ones now. With one of those cards, you can turn your Dell into a pix"compatable"? Are you kidding?! [E]IGRP is Cisco's proprietry [and patented] routing protocol. However, it is very well publicly documented. If EVERY network device needing to participate in routing is made by Cisco, then yes, [E]IGRP is a good choice. However, this is rarely true and OSPF is the only viable alternative.
(BTW, Cisco supports EIGRP for more than just IP.)
... or people who just finished a Cisco exam. Generally speaking, you're never going to walk into a situation where you need to know all of the LSA types, their uses, and their interactions. It only takes a few seconds to look that stuff up.
It'd be more productive to ask them how to find bits and pieces of information within the OSPF LSDB.
Dude, just download the fixed IOS/CatOS/PixOS and get rid of those performance eating access lists.
If you're too worried that it won't come back up following a reload, then you really shouldn't be entering config mode either.
The home page (www.cisco.com) is not where it belongs. Security notices are available at http://www.cisco.com/go/psirt That's where security people will be looking. (and they'll be subscribed to any number of Cisco emailed alerts.)
It has yet to be shown that a file can be meaningfully changed in a functional manner. For example, inserting shell code in login without trashing the program. If the program will no longer run, then it's useless.
So far, the example shows very few differences. Certainly not enough to do anything as complex as inserting code. However, very few bits would be needed to invert or skip checks. (think "any password is valid")
- ...
- able to "reverse" the digest process...
This is not true. In much the same manner that one cannot reverse crypt(). Information is lost in the "compression" of the larger input set to the smaller, fixed size of the result set. Reversing the process will at best return all of the collision sets -- all of the datasets that result in the same hash value -- which will likely be many more than 2. (and the process is certainly not going to be computationally "free".)The announcement is merely confirmation of mathmatically realities... one cannot uniquely represent a dataset with less data than you started out with. In fact, the hash output can be much larger than the input and still have collisions; anyone who's studied data structures knows this -- the mythical "perfect hash function". So, we know there will be collisions with SHA. Now we have one in hand. By itself, this is nothing more than "neat"; it will take lots of colliding datasets to be useful in predicting and eventually creating collisions.
The only serious point here is that 2048bits is a common size for keys. So, this is basically proving your "house key" isn't as unique as you might think.[*] At this point, it'll still be a random accident if someone finds a collision with one of your 2048bit keys... assuming there is a collision for your key.
[*] BTW, your house/apartment key isn't unique. (none of your real world keys are truely unique.)
Hello? McFly? The user data is most likely the source of the spewage... VBScript, macros, "screen savers"...
Yes, you can de-0wn a rooted UNIX(tm) system. Microsoft has made it much more difficult with their own (lame-ass) file integrity controls.
Restoring a UNIX(tm) system is merely tedious. Compare the existing system to that last known good archive and/or OS distribution media. Any missing or new files should be inspected manually and restored or deleted as needed. (All of this is done from a different system, obviously.)
I have un-r00t3d several systems over the years. And I've burned down a number of windows boxes. Erasing a system and starting over is not always a good solution as it will often take longer to reinstall all the applications and personal data than it would to inspect the entire system. (Of course, if a virus scanner has found 23,000 infections in 30mins, it's best to take it out to a field and shoot it.)
Would this be the same cow-orker who was once treated with Halon? *grin*
And herein is the real problem... false negatives are far worse than false positives. Denying the legitimate user, for any reason, is not acceptable in the financial world.
How would like it if your computer refused to let you login because you typed too slowly and put too much preasure on the "P" key?
You are assuming (1) the tivo is sent a jpg, (2) the tivo creates the thumbnail, (3) the thumbnail is a jpg. #2 may be true, but #1 & #3 may not be. (#3 most likely isn't.)
Displaying a JPEG does not include patented compression technology. (And the image may have been converted before being sent to the tivo.)
- The fact that the Ethernet ports are disabled on the Hughes HR10-250 is simply ridiculous.
Indeed. Talk to DirectTV. THEY are the reason it's disabled. Until they change the terms of their contract with Tivo, Inc., the USB ports on DTivos will remain off, and there will be no Home Media Option.- Provide a DVD burner with all units.
Well, this one is problematic. Tivo, Inc. only makes the software. Others design, build, and market the recorders. Last time I looked, only RCA had a "Tivo Powered (tm)" DVD recorder/DVR. There are a few with DVD players.- Offer a software package for sale that will run on any Windows-based PC.
That's a joke, right? The Tivo is not a windows box (everyone knows it's linux based.) Please stop with the crazy talk. Linux companies don't "do" windows programming. Besides, the tivo software is very closely tied to the hardware and 100% unstable as all hell if you start poking it with a stick -- this is the nature of pure embedded software; why bloat the code to handle the unexpected (read: "not supposed to happen"'s)?- 7.
...
While I agree, one should have the option of external, "archival", storage... The USB ports on a tivo are USB1.1 and thus, way too slow. If they were to add USB2 and/or firewire, we'd be cooking.- 8.
...
Hah! The tivo is not a multi-user box. I don't expect it to become one, either. It hardly has enough space ("MFS Application" region, limit of around 500,000 "inodes") to handle one user's preferences over a few years; adding users will only magnify the problem. (Honestly, it's small problem currently. But I know of at least one dtivo now unable to complete a daily call due to lack of space and the unwillingness of it's owner to erase it.)Ok, this is just bull. Please point to the JPEG's on a TiVo. I'll wait...
*ding*
There aren't any. All the icons (the balls, the star, network logos, the "blue wiener", etc.), and loopsets (i.e. slide shows like the little tivo guy in the upper left corner) are PNG formated images. I don't think Tivo would've changed to JPEG in the last few years. Everything else is an MPEG2 or raw graphics written onto the overlay (eg. the menu borders.) Fonts are standard true-type fonts -- non-compressed as I recall. (even "easily" replacable.)
[I don't expect anyone from Tivo, Inc. to step up to answer exactly how they do all the gfx.]
You seem to have the impression the nurse stood there typing in codes for an hour. She asked every nurse on staff in the ER, every doctor working in the ER, and called several pharmacies. In the end, some "teen" in a suit (an IT guy it would appear) came in, monkeyed with the terminal for a few minutes and *poof* it was fixed. It's anyone's guess why she didn't have one of the other pharmacies send the stuff down -- my money is on some lame issue around billing if it didn't come from the ER; hospitals are one, huge, never ending pile of red tape. (but that's a different story.)
Yes. It. Does. Yes, there are proper proceedures. There are even documented proceedures ("policy".) There's also the boss (and everyone has a boss, even the bosses) telling you what to do contrary to proceedure. You are either inexperienced, lying, or damned lucky to have never been forced outside the "proper proceedures." This shit happens somewhere every day. That it has never happened to you is highly improbable.
Ok, evidence now suggests "inexperience". Exhibit A: Cisco IOS Interface Blocked by IPv4 Packets. Exhibit B: the bind worm from some years ago. Sometimes you don't get the luxury of several months notice of bugs before rampant exploits are released.
It's never an issue of need. No admin will ever intentionally place restrictions that interfere with real work. It's more a matter of want and not enslaving people in a jail cell. Making sure people cannot do anything but their job is, well, stupid and needlessly time consuming. (translation: users will always be shooting themselves in the foot; you'll never be able to stop them from pulling the trigger without making them leave.)
This is called training and experience. People with more experience get paid more. Experience equals value. It's a simple economic premise. It's why you are paid more today than you were on your first day as a "green" sysadmin.
Companies (commercial, for-profit institutions) are not going to bet everything on the hacked-together, 386 server their 18yo, college drop-out, sysadmin built out of the junk he found rattling around in the trunk of his step-dad's LTD. While that would work for many a home and a number of small, straped-for-cash companies, no serious company is going to allow any such home-grown "trash" to be part of their critical infrastructure. There must be accountability and a clear line of support. Basically, the company needs someone to bitch at and possiblly sue when things fall apart. When that 18yo kid gets hit by a bus skateboarding in the street or simply quits, who's gonna take over management of the system(s) he built? Commercial hardware/software systems have people with training, experience, and certifications who can manage anyone's installation with few exceptions (there's a limited set of differences... think oracle DBA.) Such resources don't exist for one-off, home-grown systems -- while there are people who can figure it out, it takes time to figure the system out (and it might end up broken in the process) and you certainly cannot afford to be hunting when the system(s) aren't being managed.
I repeat: knowing who brought in the matches will not un-burn the office. Monitoring systems are good at pointing out anomalous behaviors
And what would your family members have done? Grab a fire axe and take aim on the drug cabnet? While that would've been entertaining, it would have been a job losing moment.
Proceedures or not, relationships or not, the bosses are going to expect you do what they tell you to do. I've been down this path. The only options are to document everything and prepare the "I [censored] told you!"'s. I've seen far too many ass-stupid things done in the name of politics and image... the right solution doesn't mean shit if it doesn't come from the preferred vendor (which isn't a constant.) [It's nice to see karma eventually catch up to those people.]
Monitoring won't do much good after the network is h4x0r3d. Yeah, you know who did it, but the damage is done... knowing who brought the matches in won't un-burn the office. Most companies will not tolerate the ultra-restrictiveness necessary to protect the network in the manner prescribed -- plus, it doesn't come without a rather large price tag (hardware, software, and admin time.) And there will aways be those who get exceptions to the rules.
- Any doctor or nurse worth their salt should be able to keep you alive without a computer
Bull. I once sat in the ER and watched a nurse spend nearly an hour hunting for the inventory control number to enter into the computer to unlock the refridgerator for a 10$ bottle of eye drops for this teen who had a fluorescent bulb explode in his face. So don't give me this bullshit. They'll waste a great deal of time on a broken computer instead of a bleeding person.- 2: Any System Administrator...
You obviously are not a sysadmin... Admins do what the PHBs tell them to do. Butt stupid idea or not, when the boss tells you to do X, you do X or find a new job.- ...
- puts some type of firewall...
Firewalls do very little to stop the clueless morons behind the firewall from doing ever more inventively stupid things.While these measures will stop the uneducated and/or lazy, they will ultimately not stop anything. 99% of the time, if you can see it in a "file browser" (think "Save As..."), it can be executed. Securing windows from it's users is all but impossible. Trust me, I've been down this road. It's not worth the months of plugging holes.
(On a "highly secured" ASP account, I had a command prompt within 5mins. They had been doing the ASP thing for years and had done a very good job of locking everything up, but it's just not possible to carry much water in a seive. The account was for access to Office... file dialogs are such a bitch.)
A very specific, discrete unit was certified for medical use. Altering the software running on the unit invalidates that certification until such time as the new, "patched", configuration passes certification and becomes a new discrete unit. Personally, I think anyone using Windows in a critical application, medical or not, is a nut. Not taking numerous measures to secure your machines and the networks that interconnect them should be criminal -- but rarely is unless it gets someone killed.
Think of like changing the seats in your car. All the tests and certifications that car went through to become "street legal" were done with the factory model seats. Changing them invalidates all those tests. It may still pass, but it was never tested in that configuration. (Yes, this is a bad example as changing the seats isn't going to make much difference unless you're a complete dumbass and install lawn chairs, etc.)
And why, exactly, is there a web browser on the box? Ignoring the lies from M$, IE does not have to be installed or acessible. Does your CT application(s) need mshtml.dll? If so, why?
... and some of the ads are actually worth looking at or funny.