An attacker could write a new patch and generate a collision for it. The attacker would then submit the good patch and get the maintainers to accept the patch and sign it with their GPG key. The attacker would then create a rogue mirror site and replace the good patch with the malicious collision.
That would definitely win you the prize for "the most absurdly over-complicated and difficult way of pwning a Linux box".
Why don't you just watch [Full-disclosure] for the 0-day of the week like everyone else?
The bear only has to be faster than the first of the two hunters.
I saw that, but I haven't heard any evidence that it was Stuxnet. We've learned a lot more about how Stuxnet works and that it specifically targets sites with hundreds of high-speed motors from controllers that are only made in Finland and Iran. Somehow I don't picture Japan importing motor controllers from either of those places.
Of course, it's possible that this is an as-yet-unrealized function of the all-powerful Stuxnet, to cause a short power glitch in three Tokyo prefectures. Not content with merely shutting down Iran's nuclear program, it was also designed to cause a decline of "8% of the overall global shipments of the NAND flash memory" in Jan/Feb 2011.
Perhaps a simpler explanation is that an ordinary power glitch found its way past some UPSes and caused a factory to reboot. It happens.
It seems just as likely that the guys running Turbines for your local power company are no better equipped to handle this than Iran. In Iran, they have unlimited budget and first call upon the best brains in the country.
Your local power company? Not so much.
I had had good service with them for years until I told them to take a hike the other day. I was as disappointed as I'd ever been in a corporation.
I moved my DNS serving to another set of hosts and declined to renew a domain. I'm transitioning all my other domains away from DynDNS as they expire.
I find it reprehensible that a DNS server company would respond to you coming under a mild DoS attack would decide to finish you off by stabbing you in the back themselves. Even if their servers were perfect, clearly the company is willing to toss its customers out to the dogs at the first excuse. I have no interest in continuing to pay for service from such an unreliable partner.
Greatness? Greatness?! What are you going on about?
Did you even read what I wrote? Are you capable of parsing English?
It sounds like you've skimmed for one or two words which trigger a reflexive response. You've referenced no facts to support any of your arguments.
...a product of the media...
Dude, that was so 20th century. My dumbest pet cat can troll better than that.
I'm a Dittohead!!!
There ya have it folks, a self-prolaimed dittohead deriding others for being products of the media.
The sad thing is - what if Obama actually does something to deserve one in the near future? (Leaving aside the question of just how likely this might be of course.)
They can't give it to him again - he's already used his up! So what they really did was they robbed Obama of the ability to earn the prize the honest way. Forever in the history books it will show he received the prize before doing anything of significance with the power he would wield.
The only possible interpretation is that the Nobel committee figured the time was right because his greatness was peaking. They must have estimated the chances were high that he would do something to make himself unworthy in the the future. Then they wouldn't be able to give it to him.
So if they keep this up, jacking with.com,.org,.net, etc. the only thing that's going to happen is that those top-level names will fall into disuse. Even if you could make.com have all the safety and law-abiding-ness of.museum, do you really want to?
This is the first crack in the US's losing control of the internet. Not that the US or any one entity "controls" it per se, but we did have a big influence in the technical direction of it.
Later on in the day Saturday, I opened a browser tab with #wikileaks #imwikileaks and all of the global trending tags. The way the Twitter web UI works is that it will change the title to the count of new tweets since you clicked to view them. I left it up for about an hour.
#wikileaks was the number one most frequently tweeted tag for that hour.
The number two tag was close in frequency and was listed as 'trending'.
#imwikileaks was in the top 3 or 4 in frequency IIRC.
Most other tags marked as trending were being tweeted at 5 or 6 times less the rate of #wikileaks.
Probably the farmer would choose. Unless someone makes the right campaign contributions and "stimulus money" and tax breaks are allocated to "modernization".
But the discussion was about the robot scenario, so it was taken for granted.
The customers are not creating wealth. Sure, they pay the costs but that's a different equation than the one I was talking about. They are consuming, not producing.
Even if you include the consumers, the farmer is the only one of the long list of players who is producing wealth in the US in the poster's scenario.
100 years ago: Farmer grows strawberries -> farmer markets strawberries. Half the population does farming.
Proposed scenario: Farmer grows strawberries -> robot picks strawberries, robot breaks and needs spare parts -> "truck drivers to get those parts, the ship captains and crew to get them across the ocean, the people to train the technicians, salesmen, and maybe even more people to harvest the raw materials required for the robots", all compete for a slice of what, as you point out, the consumer pays for the strawberries.
Why would Wikileaks or (anyone for that matter) even want Amazon's services at this point?
In my opinion they've shown themselves to be an unreliable provider who will disable everything your business relies on them for and not even ask for paperwork before doing so.
Had you ever looked at their site before cablegate? They do, in fact, take stuff from all over the world as you suggest.
They just got a huge bolus from the US all at once. People are starting to sit up and take notice. It's easy to get the impression that its all about this one thing.
I've been around a few years now and seen a few political battles play out. My gut feeling is that Lieberman's aides are madly trying to figure out how they're going to explain him out of this screwup. We might even see politicians calling for an investigating Amazon for conspiring with him. Tomorrow's talk shows are going to be interesting.
See for yourself. Check out Twitter #imwikileaks and #wikileaks tags right now.
Actually, it is likely that Assange is a shill for the CIA. Google around.
OK, I did. (Bet you don't hear that every day)
I didn't see anything credible in the first few hits of Google. They were things like "Assange says 9/11 probably wasn't a CIA conspiracy therefore Assange is a CIA operative." and "The US government can shut down 200 pirated handbag storefronts in one day but Wikileaks is still up therefore Assange is a CIA operative".
Of course, you might then say that the CIA planted the first few hits there to discredit all the people who knew the real truth.
Wikileaks has some really smart people. CIA has some really smart people. I guarantee you they're all up in each other's business. CIA likely benefits from the leaks more than anyone.
Hell I bet Wikileaks gets new volunteers from all over the freakin' world, on a regular basis. If Wikileaks ever did a group photo, I bet it'd be the freakin' United Nations of intelligence operatives, all shootin' freaky CIA mind-control drugs together and doin' freaky Swedish chicks in their underground volcanic ice cave in freakin' Iceland.
Do you get what I'm SAYIN' MAN?!! DO YOU??!?!!
Man how about a few bucks so I can buy me something to help me sleep warm before I check in to the homeless shelter tonight man?
What ELSE do you call a private group dedicated to breaking laws
What US laws has Wikileaks broken again?
I'm not saying they haven't broken any, I've just not seen anyone with list anything "they can make stick".
Everyone agrees Wikileaks is effective at getting something done, so if they're really a "group dedicated to breaking laws" you ought to be able to list several rather quickly.
"I call on any other company or organization that is hosting Wikileaks to immediately terminate its relationship with them. Wikileaks' illegal, outrageous, and reckless acts have compromised our national security and put lives at risk around the world."
C.f. "There are times when we must all endure adjustment to the Constitution in the name of security."
The key factor is that I can kick him out for any reason I want, or for no reason at all. It's my property, I allow whomever I want in. He claims he's being discriminated against because he's black, OK, the onus is on him to prove it. He claims he's discriminated because of his purple shoes ? To bad, there's no law preventing me to do that !
You've never actually had a storefront business in the US, have you?
To refuse someone's business is just about the most legally treacherous thing you can do, possibly even more dangerous than firing an employee. Sure you can throw someone out if they're causing trouble, but you should probably call the police to do it so you have an official party witnessing your justification. You start throwing people out because of arbitrary appearance and your business will be owned by lawyers before you realize your mistake.
Yes, it's censorship and in this specific case it is despicable. But it's private censorship, you have no right to force me into supporting your free speech. Speak on the street-corner, on public property. Boycott my store if you don't like my views. Just don't force me to support yours - that's true liberty.
Paypal, Amazon, probably even DynDNS, these are all SEC-regulated for-profit companies. They can't have political views, they become liable to their shareholders (and potentially even government regulators) if they have any priorities in life other than making money. This is not "greed", it's not liberty, it's about other people's money and contractual obligations. The only time such companies can do anything (in particular to turn away business!) is because they feel they can argue to their investors that they honestly thought it would increase profit or decrease risk.
Principles of liberty and free speech are already far, far off the table for such corporations. It's an intentional set up: the companies don't have to agree or disagree with the content of the data processed by their leased services, and in exchange they get to focus on providing the raw power, network, and CPU services.
The alternative is to say that Amazon voluntarily "supports the views" expressed in every book they sell. Which would obviously lead to them having to answer an impossible amount of difficult questions.
The U.S. is not stopping you from reading Wikileaks.
Not because they haven't tried, but because their power to do so has been intentionally limited.
If you mean Amazon weenying out to a Senator, please take that up with the Senator or Amazon. Last I heard, he wasn't the government.
Yes, he is.
If you are referring to PayPal, they gave a decent reason.
I must have missed the decent reason part of their explanation.
Your don't like it because you believe there is a conspiracy behind it. So put up or shut up.
A conspiracy, eh? Dude, go to Lieberman's website. He's gleefully taking credit for it.
Near as I can make out, all Wikileaks is doing is making the U.S. look good and other governments not so good.
I know really. The newspapers have had a few days to dig through it now and this is all they can come up with? Somebody was compared to "Batman and Robin"? Geez what a bunch of pansies.
So, why would the U.S. want to stop Wikileaks when it is only underscoring what State and Defense have been saying for years?
Because they're not smart enough to know what's for their own good in the long run?
Because they've made a habit of talking-behind-backs and have now lost face?
Because diplomats' careers depend on not being the one to take the blame when blame needs to be taken?
Because they know something is coming in future releases that we don't know yet?
What about a specific black person, who spews leftist propaganda at my customers ?
Note that this is specifically not what's happening in the case of Amazon EC2 and Wikileaks.
Leasing raw CPU, disk space, and network bandwidth from a generic utility like EC2 and using it to host a website is not directing anything in the proximity of your other customers. Your other customers would not notice the difference even if they were sharing the very same CPU and network cable. This is the entire premise of the cloud computing business model (as pioneered by Amazon themselves).
As I understand it, no one was receiving spam emails from Wikileaks' Amazon EC2 nodes. It was impossible that anyone could be "spewed" upon by Wikileaks' leasing of EC2 for web site hosting because of how the HTTP protocol works: you simply don't receive a page from a website unless you have requested something from that site first.
I certainly can't bar black people from my diner - it's illegal. What about a specific black person, who spews leftist propaganda at my customers ? Am I not allowed to kick him out because he's black, or because he has political views ?
You should have the right to kick him out for the spewing. That's the key factor - it's not what he believes, or his physical features. It's that he's actively spewing at customers. It's your diner, your customers are counting on you to manage the spewing.
Well, you're right that the laws and the realities are more complicated than I made them out to be.
But Amazon's EC2 is not a shopping mall. By leasing CPU cycles and IP addresses from EC2, no one is shoving protest flyers in anyone's face around driving shoppers out of a public mall. Other than a few IP routers on the internet, there is absolutely no commonality between Wikileaks' leased facilities and those of other customers at that data center.
Amazon is a thing called "common carrier" http://en.wikipedia.org/wiki/Common_carrier which means it "holds itself out to provide service to the general public without discrimination". It avoids being liable for every potential evil packet that passes out of its data center by claiming that it doesn't exercise editorial control over their content. Just like a phone or a power utility.
Say your local newspaper prints an article critical of your town's mayor. Say the mayor calls the power company and demands an explanation. The power company, of course, always has many permit applications awaiting approval by the mayor's office at any given time. Then suppose the power company shuts off the power to the newspaper presses.
Would you argue that this is the power comapany's freedom to do business with whomever it likes?
If not, how is Amazon EC2 any different? (Yes, electric power is part of the EC2 package. Amazon has been pretty clear that they intend to provide servers as just another type of utility.)
Slashdot Mirror
You'll be on your own with it because it will not be an interoperable, accepted standard. Hashes are often used for data shared by multiple parties.
That would definitely win you the prize for "the most absurdly over-complicated and difficult way of pwning a Linux box".
Why don't you just watch [Full-disclosure] for the 0-day of the week like everyone else?
The bear only has to be faster than the first of the two hunters.
I saw that, but I haven't heard any evidence that it was Stuxnet. We've learned a lot more about how Stuxnet works and that it specifically targets sites with hundreds of high-speed motors from controllers that are only made in Finland and Iran. Somehow I don't picture Japan importing motor controllers from either of those places.
Of course, it's possible that this is an as-yet-unrealized function of the all-powerful Stuxnet, to cause a short power glitch in three Tokyo prefectures. Not content with merely shutting down Iran's nuclear program, it was also designed to cause a decline of "8% of the overall global shipments of the NAND flash memory" in Jan/Feb 2011.
Perhaps a simpler explanation is that an ordinary power glitch found its way past some UPSes and caused a factory to reboot. It happens.
I dunno man.
I'd put my local power company up against those "Your nuclear power plant control software license has expired please obtain a valid license" clowns any day.
The local guys may be clowns too. But the difference is that my clowns can at least download a patch.
That's right. It was Dyn Inc. AKA DynDNS.
I had had good service with them for years until I told them to take a hike the other day. I was as disappointed as I'd ever been in a corporation.
I moved my DNS serving to another set of hosts and declined to renew a domain. I'm transitioning all my other domains away from DynDNS as they expire.
I find it reprehensible that a DNS server company would respond to you coming under a mild DoS attack would decide to finish you off by stabbing you in the back themselves. Even if their servers were perfect, clearly the company is willing to toss its customers out to the dogs at the first excuse. I have no interest in continuing to pay for service from such an unreliable partner.
Did you even read what I wrote? Are you capable of parsing English? It sounds like you've skimmed for one or two words which trigger a reflexive response. You've referenced no facts to support any of your arguments.
Dude, that was so 20th century. My dumbest pet cat can troll better than that.
There ya have it folks, a self-prolaimed dittohead deriding others for being products of the media.
That really takes the cake, doesn't it?
The sad thing is - what if Obama actually does something to deserve one in the near future? (Leaving aside the question of just how likely this might be of course.)
They can't give it to him again - he's already used his up! So what they really did was they robbed Obama of the ability to earn the prize the honest way. Forever in the history books it will show he received the prize before doing anything of significance with the power he would wield.
The only possible interpretation is that the Nobel committee figured the time was right because his greatness was peaking. They must have estimated the chances were high that he would do something to make himself unworthy in the the future. Then they wouldn't be able to give it to him.
Whoosh.
He's a lawyer.
This is the first crack in the US's losing control of the internet. Not that the US or any one entity "controls" it per se, but we did have a big influence in the technical direction of it.
Probably the farmer would choose. Unless someone makes the right campaign contributions and "stimulus money" and tax breaks are allocated to "modernization".
But the discussion was about the robot scenario, so it was taken for granted.
The customers are not creating wealth. Sure, they pay the costs but that's a different equation than the one I was talking about. They are consuming, not producing.
Even if you include the consumers, the farmer is the only one of the long list of players who is producing wealth in the US in the poster's scenario.
100 years ago:
Farmer grows strawberries -> farmer markets strawberries. Half the population does farming.
Proposed scenario:
Farmer grows strawberries -> robot picks strawberries, robot breaks and needs spare parts -> "truck drivers to get those parts, the ship captains and crew to get them across the ocean, the people to train the technicians, salesmen, and maybe even more people to harvest the raw materials required for the robots", all compete for a slice of what, as you point out, the consumer pays for the strawberries.
Yeah and don't forget the advertising agencies who advertise and the lawyers who sue and the government inspectors to inspect and the ....
Dude, the only person producing new wealth in your scenario is the the farmer and look at all the overhead you're expecting him to bear.
Why would Wikileaks or (anyone for that matter) even want Amazon's services at this point?
In my opinion they've shown themselves to be an unreliable provider who will disable everything your business relies on them for and not even ask for paperwork before doing so.
Had you ever looked at their site before cablegate? They do, in fact, take stuff from all over the world as you suggest.
They just got a huge bolus from the US all at once. People are starting to sit up and take notice. It's easy to get the impression that its all about this one thing.
I hinted about this in a blog post last night http://extendedsubset.com/?p=40
I've been around a few years now and seen a few political battles play out. My gut feeling is that Lieberman's aides are madly trying to figure out how they're going to explain him out of this screwup. We might even see politicians calling for an investigating Amazon for conspiring with him. Tomorrow's talk shows are going to be interesting.
See for yourself. Check out Twitter #imwikileaks and #wikileaks tags right now.
OK, I did. (Bet you don't hear that every day)
I didn't see anything credible in the first few hits of Google. They were things like "Assange says 9/11 probably wasn't a CIA conspiracy therefore Assange is a CIA operative." and "The US government can shut down 200 pirated handbag storefronts in one day but Wikileaks is still up therefore Assange is a CIA operative".
Of course, you might then say that the CIA planted the first few hits there to discredit all the people who knew the real truth.
Wikileaks has some really smart people. CIA has some really smart people. I guarantee you they're all up in each other's business. CIA likely benefits from the leaks more than anyone.
Hell I bet Wikileaks gets new volunteers from all over the freakin' world, on a regular basis. If Wikileaks ever did a group photo, I bet it'd be the freakin' United Nations of intelligence operatives, all shootin' freaky CIA mind-control drugs together and doin' freaky Swedish chicks in their underground volcanic ice cave in freakin' Iceland.
Do you get what I'm SAYIN' MAN?!! DO YOU??!?!!
Man how about a few bucks so I can buy me something to help me sleep warm before I check in to the homeless shelter tonight man?
What US laws has Wikileaks broken again?
I'm not saying they haven't broken any, I've just not seen anyone with list anything "they can make stick".
Everyone agrees Wikileaks is effective at getting something done, so if they're really a "group dedicated to breaking laws" you ought to be able to list several rather quickly.
http://lieberman.senate.gov/index.cfm/news-events/news/2010/12/amazon-severs-ties-with-wikileaks
"I call on any other company or organization that is hosting Wikileaks to immediately terminate its relationship with them. Wikileaks' illegal, outrageous, and reckless acts have compromised our national security and put lives at risk around the world."
C.f. "There are times when we must all endure adjustment to the Constitution in the name of security."
Coincidence? I think not!
You've never actually had a storefront business in the US, have you?
To refuse someone's business is just about the most legally treacherous thing you can do, possibly even more dangerous than firing an employee. Sure you can throw someone out if they're causing trouble, but you should probably call the police to do it so you have an official party witnessing your justification. You start throwing people out because of arbitrary appearance and your business will be owned by lawyers before you realize your mistake.
Paypal, Amazon, probably even DynDNS, these are all SEC-regulated for-profit companies. They can't have political views, they become liable to their shareholders (and potentially even government regulators) if they have any priorities in life other than making money. This is not "greed", it's not liberty, it's about other people's money and contractual obligations. The only time such companies can do anything (in particular to turn away business!) is because they feel they can argue to their investors that they honestly thought it would increase profit or decrease risk.
Principles of liberty and free speech are already far, far off the table for such corporations. It's an intentional set up: the companies don't have to agree or disagree with the content of the data processed by their leased services, and in exchange they get to focus on providing the raw power, network, and CPU services.
The alternative is to say that Amazon voluntarily "supports the views" expressed in every book they sell. Which would obviously lead to them having to answer an impossible amount of difficult questions.
Not because they haven't tried, but because their power to do so has been intentionally limited.
Yes, he is.
I must have missed the decent reason part of their explanation.
A conspiracy, eh? Dude, go to Lieberman's website. He's gleefully taking credit for it.
I know really. The newspapers have had a few days to dig through it now and this is all they can come up with? Somebody was compared to "Batman and Robin"? Geez what a bunch of pansies.
I don't know the answer to that one either.
Note that this is specifically not what's happening in the case of Amazon EC2 and Wikileaks.
Leasing raw CPU, disk space, and network bandwidth from a generic utility like EC2 and using it to host a website is not directing anything in the proximity of your other customers. Your other customers would not notice the difference even if they were sharing the very same CPU and network cable. This is the entire premise of the cloud computing business model (as pioneered by Amazon themselves).
As I understand it, no one was receiving spam emails from Wikileaks' Amazon EC2 nodes. It was impossible that anyone could be "spewed" upon by Wikileaks' leasing of EC2 for web site hosting because of how the HTTP protocol works: you simply don't receive a page from a website unless you have requested something from that site first.
You should have the right to kick him out for the spewing. That's the key factor - it's not what he believes, or his physical features. It's that he's actively spewing at customers. It's your diner, your customers are counting on you to manage the spewing.
Well, you're right that the laws and the realities are more complicated than I made them out to be.
But Amazon's EC2 is not a shopping mall. By leasing CPU cycles and IP addresses from EC2, no one is shoving protest flyers in anyone's face around driving shoppers out of a public mall. Other than a few IP routers on the internet, there is absolutely no commonality between Wikileaks' leased facilities and those of other customers at that data center.
Amazon is a thing called "common carrier" http://en.wikipedia.org/wiki/Common_carrier which means it "holds itself out to provide service to the general public without discrimination". It avoids being liable for every potential evil packet that passes out of its data center by claiming that it doesn't exercise editorial control over their content. Just like a phone or a power utility.
Say your local newspaper prints an article critical of your town's mayor. Say the mayor calls the power company and demands an explanation. The power company, of course, always has many permit applications awaiting approval by the mayor's office at any given time. Then suppose the power company shuts off the power to the newspaper presses.
Would you argue that this is the power comapany's freedom to do business with whomever it likes?
If not, how is Amazon EC2 any different? (Yes, electric power is part of the EC2 package. Amazon has been pretty clear that they intend to provide servers as just another type of utility.)