Microsoft is dead and buried! You know it's true! Jon Katz said so!! "Microsoft was brought down by the arrogant, delusional monomania of its founder, a man who had clearly come to believe in his own immortality and was unable to grasp the realities of the world."
Bandwidth is not a right, it costs money! Being at the arse-end of nowhere (to quote a former PM), Australian carriers have to pay through the nose for traffic from the USA (and afaik all connectivity to countries elsewhere in the world from Australia goes through the USA?). If you want to use that connectivity to leech more than 3 gig of pr0n and mp3z a month, then you have to pay for it. Quit your whining.
Jesus, this is as much of a "Your Rights Online" issue as crying about your "rights" to copy mp3z being infringed by the big bad RIAA. Fuckin' selfish generation.
Mod down at will, I've got the karma to take whatever abuse the slashbot moderators want to dish out.
Electric money is quite simply, the work of Satan:) For anyone even vaguely concerned about privacy and Government intrusion (which should be you if you're reading/.), then opposing its introduction is somethng you should be doing.
If you were English (obviously you're not), you'd be aware of prepaid cards like this for mobile phones, and would know that they are WAY better for privacy than whatever you're probably using now.
I can walk into a shop here in London, buy a mobile phone for cash, then buy £5 cards from the newsagent (also for cash), and use them to make calls. 100% anonymous. Physically, it works exactly the same as is described here - the card has a long number on it, you scratch the silver crap off to reveal it, then dial a number on your mobile and type it in. Then you have more credit to make calls with.
They try to encourage you to register your phone, by offering some free credit if you give them your name and address, but you sure don't have to if you don't want to. It's a prank caller's dream! Now imagine that you can get a £5 card for cash and use that to buy pr0n online.
So how is this "a sneaky way for the Government to get your life on file" ? Or were you just trolling?
Microsoft may not be very responsive to public opinion, but the British Government sure is.
Heh.. the Blair government's share of the vote in the last election was almost as high as Microsoft's share of the desktop OS market. They could piss of 10 million Slashbots and still win the next election.
What's so sad about the massive politicized anti-region-encoding movement, is that VHS tapes are also "region encoded", in that there are at least two entirely incompatible standards for encoding the video signal (NTSC and PAL) which are used throughout the world
Two responses:
(1) All VHS players available in Australia except for the very cheapest and nastiest can play back both PAL and NTSC. Compared to the situation where, admittedly, many DVD players can do multiple regions with a cheat code or hack, but the DVD vendors are trying to outlaw that. Nobody ever tried to outlaw a VHS player that could play NTSC and PAL.
(2) PAL/NTSC is a technical distinction. The daft Americans use a crappy technical standard, the rest of the world uses a superior one. It just happened that way. Whereas DVD regions are a deliberate and malicious incompatibility with no purpose other than maximising the profits of the DVD vendors at the expense of the consumers.
I know exactly two things about Asus -- that I've heard of the GeForce 3 (but don't recall whether it was good or bad) and that they released this driver. The former would've been enough for me to at least look into them. The latter is enough that I will not bother.
You probably already know this, but the wording of your comment makes it sound like maybe you don't: Asus don't make the GeForce3. Nvidia does. Asus is just one company (of many) that make graphics cards based on the Nvidia GeForce3 chipset. So you can boycott Asus until they sink beneath the waves, and still buy a GeForce3-based card from someone else. What a deal!
Feed someone a mental diet of nothing but violence and pornography and you're likely to cause some problems.
Exactly. Violence & porn are like, I dunno, hamburgers or something. If you eat hamburgers for dinner every day, it won't do your health any good. Especially if they're McDonalds hamburgers. But eating one greasy, fatty hamburger every now and then isn't going to kill you. The worst it'll do it make you feel a bit queasy.
Iain Banks without the M
on
The Business
·
· Score: 4
I suspect that more members of the Slashdot demographic are familiar with Banks' science fiction (written as Iain M. Banks) than his "normal" fiction (written as Iain Banks without the M), and I'd just like to say: if you're in that category, do yourself a favour, and check out some of his non-M books NOW!
I do like his SF.. some very good ideas in there. But I think his non-SF work is better than good, it's some of the best stuff I've ever read in my life!
The Business is great.. and better still are Espedair Street (the story of a washed-up (or not?) Scottish rock star gone into seclusion), The Crow Road (the story of a rather odd Scottish family), and Complicity (the story of a Scottish journalist and a sinister conspiracy). Iain Banks is very Scottish.:-)
Unlike everyone else who replied to you, I'm going to say more than "SourceSafe sucks ass!"
I work at a windows shop, we use SourceSafe to store all our code (VB, C++, HTML & ASP stuff), and also documentation. For code, it's fine. (I mean, it's slow and ugly and shit, but it works fine. People who have worked there for many years say its never "eaten" anyone's file).
But we do also store Word & Excel files in there (and Access mdbs), and for that, well, it's pretty pointless. Because I'm assuming that the asker wants to be able to do more than just have the latest version available - if that was all he wanted, the files would be sitting on a fileserver and he wouldn't be asking Slashdot. If you want to be able to do diffs, see WHAT was changed in a checkin, there's no simple way to do it with binary files like Word and Excel produce. Go on, diff them with SourceSafe - "binary files differ" is all it will tell you.
There may be a solution (hell, doesn't Word store changes itself? haven't people gotten into trouble by publically releasing documents with old text "hidden" in them?) but SourceSafe isn't it.
Geez. And I was so happy when I found that one of my CDs wasn't in there. I put the data in, feeling so good that I was helping fill in the cracks.
I feel your pain. I had that good feeling just a couple of days ago, entering the tracklist for an All Living Fear album that they didn't have. And now this happens.
Well, next time you find yourself in that situation, type up some old bullshit, and submit that. Then hook up to freedb and enter the real data.
The most telling part of that press release was
a comment from Dave Marglin, General Counsel for Gracenote: "We spent a great deal of time, energy and money developing the CDDB Music Recognition Service."
I'm sure everyone who ever contributed info to the CDDB prior to the Gracenote buyout will be happy to join with me in offering a hearty "FUCK YOU !!" to Marglin, and everyone else at Gracenote.
Well, where do you think my post came from? Come on, its not like I can speak Deutsch or anything..:-)
p.s. translate it back and forth again, and you end up with:
"How a former English major, who I must agree. Only if it is not lazy
and loosely to skip, your own research doing, but, if you do not have
evenly the brains REWORD the material, steal then you are easy burgers
for some years for fastening, to you that you are ready for use to the
use decide, in order to be real category a user."
Als ehemaliger englischer Major muß ich zustimmen. Ist nicht nur er faul und zu überspringen locker, Ihre eigene Forschung tuend, aber, wenn Sie nicht sogar die Gehirne REWORD das Material haben, stehlen Sie dann Sie sollen burgers für einige Jahre leicht schlagen, bis Sie entscheiden, daß Sie betriebsbereit sind, ein wirklicher Kursteilnehmer zu sein.
Katz starts off by getting a little overexcited here. Sure, Steganography is interesting, but this breathless "if they hated Napster, they'll really go nuts about this" hype is just silly.
The whole reason Napster was (a) successful and (b) hated by the corporations is that it allowed people to freely and easily trade with strangers. People have always traded warez with their friends and acquaintances, and they've always gotten away with it. The only people who ever catch any grief for their piracy are those who make it too publically available. Like Napster.
So.. the use of steganography allows two people to trade warez very, very safely indeed. Not only will eavesdroppers not know what they're sending, they won't even know that there's something they don't know! But two people can do that now! Email an mp3 to a friend, I guarantee the RIAA won't see you and send a lawyer after you.
Luckily Katz then abandons this foolishness to talk about watermarking, which obviously has much in common technically with using steganography for secret communications. I'll leave this one for the peanut gallery, with a prediction that Chris Johnson is right now laughing gleefully at the prospect of the RIAA adopting a watermarking system which "is so securely affixed to the audio that it remains intact even if a song is played aloud on speakers in a noisy room, then re-recorded". Good one!
Did you actually read the article? It does not by any means "test the syscall speed" of Linux vs. Windows! It introduces timing routines for Linux and Windows which will be used for future articles comparing various things between Linux and Windows. The point of the article is not to reveal that Windows QueryPerformanceCounter() takes 1.945 usec and is therefore less than half as fast as a Linux gettimeofday(), but rather to demonstrate that BOTH systems are capable of providing sub-2-microsecond timing resolution, and that therefore the benchmarks to be performed in future articles will be accurate!
Feel free to interpret this as "Linux r0x, Windoze suxx!!", but really, it's about as significant as saying "gettimeofday() is only 14 characters long, and only lower-case, and can therefore be typed faster that the Windows equivalent, QueryPerformanceCounter(), which is 25 characters and mixed-case! Therefore programming under Linux is quicker and easier!".
Anyway, both methods are a wank. They should just use some inline asm to query the performance counters directly. Same code for both OS then..:-)
Re:It will affect the wrong people
on
Hash Cash
·
· Score: 2
Ok, sure, there are servers out there that definitely cater to spam, and certainly something like this is going to hurt them. But the bulk of spammers today use throwaway accounts.
True, this is not a spammer-hurting technique, but rather a spam-reducing technique. Yes, most spammers use throwaway accounts. They find an open relay and hurl a million mails at it. Then the account gets deleted, but they don't care.
However: I believe that in most cases, they don't get anywhere near all of their spam out before they get the plug pulled on them. Again, they don't care. As long as they get to spew spam for a few hours for the price of a throwaway account, they're happy.
The point of this is to reduce the damage that can be done before the plug is pulled. If you can flood 100 emails down the line per second (that's just a figure I pulled out of my ass), that's 360,000 an hour until you get stopped. But if you slow it down so you can only send one a second, you've really reduced the amount of harm a spammer can do in a couple of hours to a negligible amount.
..which means that effectively, we'd need something like a bit array on the order of N^2 to store the fact the handshake has passed, N being the total number of email addresses in existence. If N starts bordering on 1 billion (we're close to that, easily), you are talking about a roughly 100,000 terabyte storage unit. Sure, this would be distributed among all mail servers, but this is highly impractical..
You've totally lost me here. Nobody stores handshakes anywhere. Currently, one SMTP server connects to another, and says "hey, I have a mail for joe_bloggs!". Under this scheme, it would connect, say "hey, I have a mail for joe_bloggs!", but then joe_bloggs' server would reply, "OK, but give me the square root of 981364293874691 before I accept the mail". Just to slow it down.
Having a spammer rape your open relay SMTP server would still leave you screwed, but at least most of the screwage would be your CPU cycles being wasted, not everyone else's bandwidth too..
The problem with Indrema is that their plans did not include the very latest cutting edge graphics technology. That's right - if only they'd designed their console around the Bitboys XBA 3d chipset, I'm sure there would have been plenty of buzz, and they'd have had no trouble getting further funding!
(also, I think AROS would make a more suitable console OS than Linux)
Does anybody know what the Automatic Stanford Checker is?
Seems that some guys at Stanford wrote some programs to scan the kernel source for various potential bugs, so that the maintainers could check them out. Herearesomeexamples from Junfeng Yang and
Dawson Engler. If you search the LKML archives for "CHECKER", you'll surely find more.
To be "proof of concept" there needs to be proof. I have yet to see proof, only rumour.
Ah, fair enough. OK, if it's not a proof of concept, it is surely at least a concept. And since it is a concept which seems to me to be perfectly possible, I'm sure that even if this virus is not genuine, other virus-writers will pick up the concept and one day soon there will be one that is.
Yes, I am a cynic, do you have a problem with that?
Not at all.. it's just that there is such a strong Slashbot response to scream "LIES!" whenever the words "virus" and "Linux" are mentioned in the same sentence. It irritates me, and if I'm irritated, I might not be thinking clearly, and might mistake cynicism for zealotry.
How does this work? How in the name of heaven can a program be both and elf and and exe?
It isn't both an elf and an exe.
My interpretation: the initial virus is probably a PE exe, which contains both the code to be run under Windows, and the code to be run under Linux. It's all just x86 machine code, obviously, but with different syscall calling conventions. The Windows code uses win32 system calls to scan directories and open files to see if they are PE or ELF exes. The Linux code does the same, but with Linux syscalls. Both routines, however, have the same goal - to copy themselves into any ELF or PE exe they can find.
Conceptually, this is really no different from viruses I remember from the Amiga which could infect both floppy bootblocks and executable files. It's twice as much code which needs to be spread, and half of it just lies dormant ready to be spread further, but I really don't see why so many people seem to think that this is impossible!
I have no idea whether this virus is real or not, but there is nothing about it which is not possible.
Besides different file systems inherent in the two OS's
How many of you dual-boot and have your Windows partition mounted under Linux? I certainly do. So a virus could simply spread from my Linux installation to my Windows - a virus only needs to be able to read and write files, it doesn't care that the directory/mnt/windows is a FAT filesystem rather than an ext2 one. Going the other way would be trickier - but a virus (not this one) could search NFS mounts or SMB shares (which, of course, could be on Linux boxes running Samba) for exes to infect.
they have different enough hierachial architectures that something that will affect Windows one way will not affect Linux in the same way
No idea what you mean by this. This virus claims to scan files, perform a certain operation on them if they are Windows PE executables, and a certain (different) operation if they are Linux ELF executables. I can't see any reason why this shouldn't be perfectly possible.
Code that has to be spread manually is not a "virus."
It doesn't have to be spread manually. Read the analysis - it searches for Windows PE exes and Linux ELF exes and infects them.
However, the analysis states that this virus only searches for and infects executables in its own directory and parent directories. This to me seems fairly harmless. If you were emailed a program infected with this virus, it would surely only infect your temp directory (and root dir, but who would have executables there?) And as you say, this one doesn't propogate over the internet, so the only way you're likely to catch it is running an infected prog emailed to you.
But as they say.. it's a "proof of concept". Where I work, we had a hell of a time with a virus that checked machines in the network neighbourhood for open shares (this was a Windows virus of course) and then searched them for executables to infect. Watch for a virus which can infect Windows exes and Linux ELF exes like this one, but which also aggressively searches shares, NFS mounts, etc. for more files to infect.. that might be something to take more seriously..
Slashdot Mirror
Rob needs a new hof category: most moderated posting.
That would be excellent. But this post wouldn't be in it - it's only got 27 moderations so far, I've seen trolls score in the 80's.. :-)
Microsoft is dead and buried! You know it's true! Jon Katz said so!! "Microsoft was brought down by the arrogant, delusional monomania of its founder, a man who had clearly come to believe in his own immortality and was unable to grasp the realities of the world."
Your Rights Online? What is this bullshit!?
Bandwidth is not a right, it costs money! Being at the arse-end of nowhere (to quote a former PM), Australian carriers have to pay through the nose for traffic from the USA (and afaik all connectivity to countries elsewhere in the world from Australia goes through the USA?). If you want to use that connectivity to leech more than 3 gig of pr0n and mp3z a month, then you have to pay for it. Quit your whining.
Jesus, this is as much of a "Your Rights Online" issue as crying about your "rights" to copy mp3z being infringed by the big bad RIAA. Fuckin' selfish generation.
Mod down at will, I've got the karma to take whatever abuse the slashbot moderators want to dish out.
Electric money is quite simply, the work of Satan :) For anyone even vaguely concerned about privacy and Government intrusion (which should be you if you're reading /.), then opposing its introduction is somethng you should be doing.
If you were English (obviously you're not), you'd be aware of prepaid cards like this for mobile phones, and would know that they are WAY better for privacy than whatever you're probably using now.
I can walk into a shop here in London, buy a mobile phone for cash, then buy £5 cards from the newsagent (also for cash), and use them to make calls. 100% anonymous. Physically, it works exactly the same as is described here - the card has a long number on it, you scratch the silver crap off to reveal it, then dial a number on your mobile and type it in. Then you have more credit to make calls with.
They try to encourage you to register your phone, by offering some free credit if you give them your name and address, but you sure don't have to if you don't want to. It's a prank caller's dream! Now imagine that you can get a £5 card for cash and use that to buy pr0n online.
So how is this "a sneaky way for the Government to get your life on file" ? Or were you just trolling?
Microsoft may not be very responsive to public opinion, but the British Government sure is.
Heh.. the Blair government's share of the vote in the last election was almost as high as Microsoft's share of the desktop OS market. They could piss of 10 million Slashbots and still win the next election.
What's so sad about the massive politicized anti-region-encoding movement, is that VHS tapes are also "region encoded", in that there are at least two entirely incompatible standards for encoding the video signal (NTSC and PAL) which are used throughout the world
Two responses:
(1) All VHS players available in Australia except for the very cheapest and nastiest can play back both PAL and NTSC. Compared to the situation where, admittedly, many DVD players can do multiple regions with a cheat code or hack, but the DVD vendors are trying to outlaw that. Nobody ever tried to outlaw a VHS player that could play NTSC and PAL.
(2) PAL/NTSC is a technical distinction. The daft Americans use a crappy technical standard, the rest of the world uses a superior one. It just happened that way. Whereas DVD regions are a deliberate and malicious incompatibility with no purpose other than maximising the profits of the DVD vendors at the expense of the consumers.
If you have thousands of applications for a handful of positions, it means you aren't making the posted job requirements high enough.
..or the salary low enough !!
I know exactly two things about Asus -- that I've heard of the GeForce 3 (but don't recall whether it was good or bad) and that they released this driver. The former would've been enough for me to at least look into them. The latter is enough that I will not bother.
You probably already know this, but the wording of your comment makes it sound like maybe you don't: Asus don't make the GeForce3. Nvidia does. Asus is just one company (of many) that make graphics cards based on the Nvidia GeForce3 chipset. So you can boycott Asus until they sink beneath the waves, and still buy a GeForce3-based card from someone else. What a deal!
Stallman wanted it to be called lignux.
Any old school Slashdot troll knows that the correct term is, of course, "Gnulix". :-)
Feed someone a mental diet of nothing but violence and pornography and you're likely to cause some problems.
Exactly. Violence & porn are like, I dunno, hamburgers or something. If you eat hamburgers for dinner every day, it won't do your health any good. Especially if they're McDonalds hamburgers. But eating one greasy, fatty hamburger every now and then isn't going to kill you. The worst it'll do it make you feel a bit queasy.
Much like violence and pr0n.
I suspect that more members of the Slashdot demographic are familiar with Banks' science fiction (written as Iain M. Banks) than his "normal" fiction (written as Iain Banks without the M), and I'd just like to say: if you're in that category, do yourself a favour, and check out some of his non-M books NOW!
I do like his SF.. some very good ideas in there. But I think his non-SF work is better than good, it's some of the best stuff I've ever read in my life!
The Business is great.. and better still are Espedair Street (the story of a washed-up (or not?) Scottish rock star gone into seclusion), The Crow Road (the story of a rather odd Scottish family), and Complicity (the story of a Scottish journalist and a sinister conspiracy). Iain Banks is very Scottish. :-)
Microsoft Visual Source Safe.
Unlike everyone else who replied to you, I'm going to say more than "SourceSafe sucks ass!"
I work at a windows shop, we use SourceSafe to store all our code (VB, C++, HTML & ASP stuff), and also documentation. For code, it's fine. (I mean, it's slow and ugly and shit, but it works fine. People who have worked there for many years say its never "eaten" anyone's file).
But we do also store Word & Excel files in there (and Access mdbs), and for that, well, it's pretty pointless. Because I'm assuming that the asker wants to be able to do more than just have the latest version available - if that was all he wanted, the files would be sitting on a fileserver and he wouldn't be asking Slashdot. If you want to be able to do diffs, see WHAT was changed in a checkin, there's no simple way to do it with binary files like Word and Excel produce. Go on, diff them with SourceSafe - "binary files differ" is all it will tell you.
There may be a solution (hell, doesn't Word store changes itself? haven't people gotten into trouble by publically releasing documents with old text "hidden" in them?) but SourceSafe isn't it.
Geez. And I was so happy when I found that one of my CDs wasn't in there. I put the data in, feeling so good that I was helping fill in the cracks.
I feel your pain. I had that good feeling just a couple of days ago, entering the tracklist for an All Living Fear album that they didn't have. And now this happens.
Well, next time you find yourself in that situation, type up some old bullshit, and submit that. Then hook up to freedb and enter the real data.
The most telling part of that press release was a comment from Dave Marglin, General Counsel for Gracenote: "We spent a great deal of time, energy and money developing the CDDB Music Recognition Service."
I'm sure everyone who ever contributed info to the CDDB prior to the Gracenote buyout will be happy to join with me in offering a hearty "FUCK YOU !! " to Marglin, and everyone else at Gracenote.
According to Babelfish..
Well, where do you think my post came from? Come on, its not like I can speak Deutsch or anything.. :-)
p.s. translate it back and forth again, and you end up with:
"How a former English major, who I must agree. Only if it is not lazy and loosely to skip, your own research doing, but, if you do not have evenly the brains REWORD the material, steal then you are easy burgers for some years for fastening, to you that you are ready for use to the use decide, in order to be real category a user."
What you say !!
Als ehemaliger englischer Major muß ich zustimmen. Ist nicht nur er faul und zu überspringen locker, Ihre eigene Forschung tuend, aber, wenn Sie nicht sogar die Gehirne REWORD das Material haben, stehlen Sie dann Sie sollen burgers für einige Jahre leicht schlagen, bis Sie entscheiden, daß Sie betriebsbereit sind, ein wirklicher Kursteilnehmer zu sein.
Katz starts off by getting a little overexcited here. Sure, Steganography is interesting, but this breathless "if they hated Napster, they'll really go nuts about this" hype is just silly.
The whole reason Napster was (a) successful and (b) hated by the corporations is that it allowed people to freely and easily trade with strangers. People have always traded warez with their friends and acquaintances, and they've always gotten away with it. The only people who ever catch any grief for their piracy are those who make it too publically available. Like Napster.
So.. the use of steganography allows two people to trade warez very, very safely indeed. Not only will eavesdroppers not know what they're sending, they won't even know that there's something they don't know! But two people can do that now! Email an mp3 to a friend, I guarantee the RIAA won't see you and send a lawyer after you.
Luckily Katz then abandons this foolishness to talk about watermarking, which obviously has much in common technically with using steganography for secret communications. I'll leave this one for the peanut gallery, with a prediction that Chris Johnson is right now laughing gleefully at the prospect of the RIAA adopting a watermarking system which "is so securely affixed to the audio that it remains intact even if a song is played aloud on speakers in a noisy room, then re-recorded". Good one!
Did you actually read the article? It does not by any means "test the syscall speed" of Linux vs. Windows! It introduces timing routines for Linux and Windows which will be used for future articles comparing various things between Linux and Windows. The point of the article is not to reveal that Windows QueryPerformanceCounter() takes 1.945 usec and is therefore less than half as fast as a Linux gettimeofday(), but rather to demonstrate that BOTH systems are capable of providing sub-2-microsecond timing resolution, and that therefore the benchmarks to be performed in future articles will be accurate!
Feel free to interpret this as "Linux r0x, Windoze suxx!!", but really, it's about as significant as saying "gettimeofday() is only 14 characters long, and only lower-case, and can therefore be typed faster that the Windows equivalent, QueryPerformanceCounter(), which is 25 characters and mixed-case! Therefore programming under Linux is quicker and easier!".
Anyway, both methods are a wank. They should just use some inline asm to query the performance counters directly. Same code for both OS then.. :-)
Ok, sure, there are servers out there that definitely cater to spam, and certainly something like this is going to hurt them. But the bulk of spammers today use throwaway accounts.
True, this is not a spammer-hurting technique, but rather a spam-reducing technique. Yes, most spammers use throwaway accounts. They find an open relay and hurl a million mails at it. Then the account gets deleted, but they don't care.
However: I believe that in most cases, they don't get anywhere near all of their spam out before they get the plug pulled on them. Again, they don't care. As long as they get to spew spam for a few hours for the price of a throwaway account, they're happy.
The point of this is to reduce the damage that can be done before the plug is pulled. If you can flood 100 emails down the line per second (that's just a figure I pulled out of my ass), that's 360,000 an hour until you get stopped. But if you slow it down so you can only send one a second, you've really reduced the amount of harm a spammer can do in a couple of hours to a negligible amount.
You've totally lost me here. Nobody stores handshakes anywhere. Currently, one SMTP server connects to another, and says "hey, I have a mail for joe_bloggs!". Under this scheme, it would connect, say "hey, I have a mail for joe_bloggs!", but then joe_bloggs' server would reply, "OK, but give me the square root of 981364293874691 before I accept the mail". Just to slow it down.
Having a spammer rape your open relay SMTP server would still leave you screwed, but at least most of the screwage would be your CPU cycles being wasted, not everyone else's bandwidth too..
The problem with Indrema is that their plans did not include the very latest cutting edge graphics technology. That's right - if only they'd designed their console around the Bitboys XBA 3d chipset, I'm sure there would have been plenty of buzz, and they'd have had no trouble getting further funding!
(also, I think AROS would make a more suitable console OS than Linux)
Does anybody know what the Automatic Stanford Checker is?
Seems that some guys at Stanford wrote some programs to scan the kernel source for various potential bugs, so that the maintainers could check them out. Here are some examples from Junfeng Yang and Dawson Engler. If you search the LKML archives for "CHECKER", you'll surely find more.
To be "proof of concept" there needs to be proof. I have yet to see proof, only rumour.
Ah, fair enough. OK, if it's not a proof of concept, it is surely at least a concept. And since it is a concept which seems to me to be perfectly possible, I'm sure that even if this virus is not genuine, other virus-writers will pick up the concept and one day soon there will be one that is.
Yes, I am a cynic, do you have a problem with that?
Not at all.. it's just that there is such a strong Slashbot response to scream "LIES!" whenever the words "virus" and "Linux" are mentioned in the same sentence. It irritates me, and if I'm irritated, I might not be thinking clearly, and might mistake cynicism for zealotry.
How does this work? How in the name of heaven can a program be both and elf and and exe?
It isn't both an elf and an exe.
My interpretation: the initial virus is probably a PE exe, which contains both the code to be run under Windows, and the code to be run under Linux. It's all just x86 machine code, obviously, but with different syscall calling conventions. The Windows code uses win32 system calls to scan directories and open files to see if they are PE or ELF exes. The Linux code does the same, but with Linux syscalls. Both routines, however, have the same goal - to copy themselves into any ELF or PE exe they can find.
Conceptually, this is really no different from viruses I remember from the Amiga which could infect both floppy bootblocks and executable files. It's twice as much code which needs to be spread, and half of it just lies dormant ready to be spread further, but I really don't see why so many people seem to think that this is impossible!
I have no idea whether this virus is real or not, but there is nothing about it which is not possible.
Besides different file systems inherent in the two OS's
How many of you dual-boot and have your Windows partition mounted under Linux? I certainly do. So a virus could simply spread from my Linux installation to my Windows - a virus only needs to be able to read and write files, it doesn't care that the directory /mnt/windows is a FAT filesystem rather than an ext2 one. Going the other way would be trickier - but a virus (not this one) could search NFS mounts or SMB shares (which, of course, could be on Linux boxes running Samba) for exes to infect.
they have different enough hierachial architectures that something that will affect Windows one way will not affect Linux in the same way
No idea what you mean by this. This virus claims to scan files, perform a certain operation on them if they are Windows PE executables, and a certain (different) operation if they are Linux ELF executables. I can't see any reason why this shouldn't be perfectly possible.
Code that has to be spread manually is not a "virus."
It doesn't have to be spread manually. Read the analysis - it searches for Windows PE exes and Linux ELF exes and infects them.
However, the analysis states that this virus only searches for and infects executables in its own directory and parent directories. This to me seems fairly harmless. If you were emailed a program infected with this virus, it would surely only infect your temp directory (and root dir, but who would have executables there?) And as you say, this one doesn't propogate over the internet, so the only way you're likely to catch it is running an infected prog emailed to you.
But as they say.. it's a "proof of concept". Where I work, we had a hell of a time with a virus that checked machines in the network neighbourhood for open shares (this was a Windows virus of course) and then searched them for executables to infect. Watch for a virus which can infect Windows exes and Linux ELF exes like this one, but which also aggressively searches shares, NFS mounts, etc. for more files to infect.. that might be something to take more seriously..