> You know, if your neighborhood is so crime ridden that you actually make room in your house for decoy PCs, maybe you should consider moving somewhere else.
Actually, this boils down to a simple cost/benefit analysis. It all depends whether it is cheaper to buy new computers every month (because the old one got stolen...) or whether it is cheaper to pay the excessively inflated rents of the better part of town...
Actually, that's the reason for the flash. It's not because they're burning up, but rather because they're exceeding the speed of light and cause a "lightly flash" the same way as they cause a "sonic boom". Also know as a Cerencow flash...
> Notes includes full Internet Headers in the message, although in a hidden field. You can see it via a properties dialog,
Interesting. Indeed, the second tab of the properties dialog gives access to "Received" header fields. Thanks for the info, our local Notes gurus didn't know that;-) Now, I'll finally be able to stem the tide of spam that is swaping my Notes account by complaining to the spammer's ISP. That's so much easyer to do now that I know where it is coming from.
> It also supports IMAP/LDAP if someone turns it on.
This is also interesting. Our guys here claim that the best that can be done is (limited) POP3. Could you post a small description of how to enable Imap? Is the Imap support reasonably full featured, i.e. does it allow deleting mails, and moving mails between folders?
> Or perhaps it finds your Word documents and randomly removes the words "do not" from a few places. Or maybe it flips a few bits in your swap file, or munges your C++ compiler
That reminds me of a prank we played back in high-school: a small program that would randomly change a semicolon into a colon in Turbo Pascal's editor. On the low-quality screens of that time, both signs were hard to distinguish, and moreover, as they are on the same key, people first thought about silly typoes before thinking that it may have been due to malicious code.
The program itself was well hidden too: it was a TSR being started from autoexec.bat, namded <shift-space>. The shift-space just looks like a normal space, but was legal as a character in filenames, so you could invoke a program like this, and somebody checking autoexec.bat wouldn't notice anything fishy...
As this was an external program, re-installing Turbo-Pascal wouldn't help. Eventually, the teachers completely re-installed the OS (which wiped the tampered-with autoexec.bat) to restore normal operation.
> Simple solution - the virus should scan Wired for its name every hour. When it finds a match, the fun begins
Or, even better: every now and then, download the signature updates from McAffee, Norton, Symantec, Kaspersky, whatever, and as soon as its own signature appears, let the fun begin;-)
True enough. However, it has its own slew of problems:
although it has POP support, the access through this protocol is severely limited: you cannot delete or file mails, just read them. Why, o why don't they add a full-featured IMAP support?
There is still no Linux client, although technically feasible (but it runs nicely under wine).
If you receive spam in Lotus Notes, there's no way of tracing it, as Lotus hides all relevant headers (Received/from/by). There is a menu option to show more headers, but the Receiver/from/by headers are still not shown!
For certain versions of Domino (Lotus Notes server), the server is incredibly easy to crash: just log in to a protected Web page, and supply a bad password...
The FingerBoard connects to Windows/linux computers through the USB port or through the PS/2 mouse and keyboard ports.
However, I wonder why they chose to spell Linux with lower caps, rather than upper caps as they did for Windows? Multi-touch technology failing to reliably sense shift key?
... finding any qualified personnel with that kind of attitude. You know, there are too many great career opportunities outside of the banking world, and no self-respecting geek will put up with your microsofto-sadistic tendencies for too long. One day, you'll be stuck with an entire staff of VB programmers, all incapable of designing a secure system... and eventually your sorry bank will be ass-raped by a bunch of thirteen year old script kiddies.
> When the established command is in force, an outside server can make a TCP or UDP connection to any inside host with which it already has a TCP or UDP connection established.
I see. However, in our case, this wouldn't help, as the machine supplying the DCOM services and the RMI services are known in advance
Actually, wouldn't this "established" be a security hole in its own right? An attacker could make a connection to port 80 of the corporate Webserver (allowed because that's where http listens), and then make another one to port 23 (allowed, because of the already established connection to port 80).
> Chances are they had no clue what the 'established' keyword was and just allowed ports 1024 through 64k. (in the cases where their firewall did not automatically recognize that exchange works in a fashion similar to rpc)
Just out of curiosity: how do you configure a firewall for those kinds of protocol? The principle of those protocols (Sun RPC, Java RMI, DCOM) is that the client does a first connection to a "naming service" (i.e. portmapper, RMI registry, etc.) which is on a fixed port, and then learns from that "naming service" which port the actual service uses. The latter being variable of course, which makes it tough to allow through the firewall.
Your remark seems to suggest that there is a general way of allowing those kinds of connections. Does it only work for specific RPC-like protocols, or does it also work in the general case? Wouldn't the firewall need to parse the actual "RPC-like" protocol to do it? We had the problem here at work (both with java RMI and DCOM), and yes, we did eventually resort to opening everything between 1024 and 65535. If there is a cleaner way (i.e. a more selective way) to do it, I'd be interested.
Just for the script kiddies that may be listening: no, this is not our Internet firewall; it is just a firewall between two internal machines... Don't ask me why they put it there, sometimes our security department is a little bit paranoid...
> Cisco, mid-1990's Novell, and Oracle are the only organizations I know of that provide this kind of help.
Oracle? Maybe if you live in the US. Around here we get the line "Sure we entered your bug report into our database. However, we are unable to tell you when it will be fixed. Maybe next week, maybe in ten years. Sorry, we are only a small branch (...but managing all of Benelux no less..), and get hardly any more info than you have.".
And no, that particular problem (RMI in Jserver crashing after several hours of just sitting there..) has not been fixed in a week. Actually, we still haven't heard back about it, even though it was reported last autumn.
> Red is outside of the frequency range of two dyes, and on the edge of the third.
And most importantly, it is outside of the range of the un-dyed cells, called the rods;-). Night-vision is mostly done with the rods, whereas color-vision is done with the cones. That's the reason why, in low-lit conditions, you see everything in shades of grey
> (If it weren't, we would see infrared and call *it* "red").
Actually, the reason why red is near the edge of the receptivity of red cones, is because there is a significant overlap between the ranges of the red and green cones. The wavelength at the maximum of the red cone's sensitivity (564 nm) is also well within the green's range, and is thus seen as yellow (red+green) rather than "pure" red. If sensitity ranges were more evenly spread (i.e. the green range closer to the blue, but further away from the red), we would see 564nm as red, and still not see any infrared...
This
picture nicely shows the receptivity of the four kinds of receivers in the human eye.
Reminds of Jurassic Park. A year before the movie came out, suddenly all pop-science magazines started to feature articles about dinosaurs, serious theories about their extinction, crackpot theories about their extinction, that they were ancestors of the birds etc. At the time, I wondered why this sudden frenzy about this subject. A year later, at the cinema, I understood...
> Of course its cool running it on a mainframe, but if the OS works well, you'll never notice where you are anyway:)
AFAIK, it does not run an x86 emulation. It's a port to the mainframe's processor, just like there are ports to the Alpha, the PowerPC, the Sparc, etc. Virtualization only goes as far as is needed to compartimentalize the mainframe into zillions of server, it does not emulate the processor.
So you would only have source compatibility, and no binary compatibility, and thus it does make sense to test your software there, in order to see whether it ports allright to this architecture.
Think about it. Nobody cares whether this runs on an IBM mainframe, or on a Beowulf clusters of gameboys. However, this thing sits right in the center of IBM's Noc, and is thus probably very well connected. Think Gigabit connections directly to the important backbone providers... If you have something interesting to publish, you put it at that place. You don't care about the OS, nor the hardware: you use it solely for its outstanding connectivity!
... a cluster of thousands of well connected DeCSS/OT VII/<insert your favorite censored item> mirrors? Or will they firewall off HTML access to those virtual linux boxen? Wouldn't it be ironic if mirrors of this stuff turned up as well? IBM may have unwittingly set up a giant community blackboard here...
> Well, they write that they expect people to do some development on the mainframe under Linux. I don't know how other developers, but I am certainly not going to do some work, when I am sure that after x days I won't even have ability to use it.
Well, any developer worth their salt knows how to set up a hotmail account, and use that to re-apply for another period.
> Wanna watch my Linux box crash if I tell the kernel it has 256MB of memory and only have 128MB (and then try and run Mozilla:-P)
But why would you do that? To make Linux look bad?
Well in this particular situation, Microsoft was demoing their product, and tried to show it in the best light, and thus really had no interest whatsoever to sabotage their own product. And you can be pretty damn sure that they have enough money to put a decent enough amount of memory in the box too.
> Does anybody still have an HTTP 1.0 browser? I suppose there might be some green-screen luddite using an ancient copy of Lynx, but...
> I don't think that would be a problem.
So, in your eyes, any blind person is a "green-screen luddite"? Blind people often surf the web using lynx (or other text browsers) connected to a text-to-speech engine or to a braille line. Any content browseable only through Internet Explorer 5 is thus inaccessible to them...
Well, you may have a point though: as blind people don't drive, they'd probably not be interested anyways by the petty quibbles between Ford, GM and 2600...
Which seems to be the most trivial and common example. Just about any company is using some kind of sharing protocols. While larger companies use some sort of centralized (or department-wide) file servers, the smaller outfits often resort to peer-to-peer sharing of their Windows disks. Granted, they use SMB for the purpose, not Napster, but used this way, SMB is peer-to-peer too.
Slashdot Mirror
Actually, this boils down to a simple cost/benefit analysis. It all depends whether it is cheaper to buy new computers every month (because the old one got stolen...) or whether it is cheaper to pay the excessively inflated rents of the better part of town...
Actually, that's the reason for the flash. It's not because they're burning up, but rather because they're exceeding the speed of light and cause a "lightly flash" the same way as they cause a "sonic boom". Also know as a Cerencow flash...
Sure, you can legally do this, but don't expect to ever see your webcam again...
Just be careful that they don't steal the webcam. It would be somewhat easyer to carry...
Interesting. Indeed, the second tab of the properties dialog gives access to "Received" header fields. Thanks for the info, our local Notes gurus didn't know that ;-) Now, I'll finally be able to stem the tide of spam that is swaping my Notes account by complaining to the spammer's ISP. That's so much easyer to do now that I know where it is coming from.
> It also supports IMAP/LDAP if someone turns it on.
This is also interesting. Our guys here claim that the best that can be done is (limited) POP3. Could you post a small description of how to enable Imap? Is the Imap support reasonably full featured, i.e. does it allow deleting mails, and moving mails between folders?
Thanks
That reminds me of a prank we played back in high-school: a small program that would randomly change a semicolon into a colon in Turbo Pascal's editor. On the low-quality screens of that time, both signs were hard to distinguish, and moreover, as they are on the same key, people first thought about silly typoes before thinking that it may have been due to malicious code.
The program itself was well hidden too: it was a TSR being started from autoexec.bat, namded <shift-space>. The shift-space just looks like a normal space, but was legal as a character in filenames, so you could invoke a program like this, and somebody checking autoexec.bat wouldn't notice anything fishy...
As this was an external program, re-installing Turbo-Pascal wouldn't help. Eventually, the teachers completely re-installed the OS (which wiped the tampered-with autoexec.bat) to restore normal operation.
Or, even better: every now and then, download the signature updates from McAffee, Norton, Symantec, Kaspersky, whatever, and as soon as its own signature appears, let the fun begin ;-)
True enough. However, it has its own slew of problems:
... finding any qualified personnel with that kind of attitude. You know, there are too many great career opportunities outside of the banking world, and no self-respecting geek will put up with your microsofto-sadistic tendencies for too long. One day, you'll be stuck with an entire staff of VB programmers, all incapable of designing a secure system... and eventually your sorry bank will be ass-raped by a bunch of thirteen year old script kiddies.
I see. However, in our case, this wouldn't help, as the machine supplying the DCOM services and the RMI services are known in advance
Actually, wouldn't this "established" be a security hole in its own right? An attacker could make a connection to port 80 of the corporate Webserver (allowed because that's where http listens), and then make another one to port 23 (allowed, because of the already established connection to port 80).
Just out of curiosity: how do you configure a firewall for those kinds of protocol? The principle of those protocols (Sun RPC, Java RMI, DCOM) is that the client does a first connection to a "naming service" (i.e. portmapper, RMI registry, etc.) which is on a fixed port, and then learns from that "naming service" which port the actual service uses. The latter being variable of course, which makes it tough to allow through the firewall.
Your remark seems to suggest that there is a general way of allowing those kinds of connections. Does it only work for specific RPC-like protocols, or does it also work in the general case? Wouldn't the firewall need to parse the actual "RPC-like" protocol to do it? We had the problem here at work (both with java RMI and DCOM), and yes, we did eventually resort to opening everything between 1024 and 65535. If there is a cleaner way (i.e. a more selective way) to do it, I'd be interested.
Just for the script kiddies that may be listening: no, this is not our Internet firewall; it is just a firewall between two internal machines... Don't ask me why they put it there, sometimes our security department is a little bit paranoid...
Oracle? Maybe if you live in the US. Around here we get the line "Sure we entered your bug report into our database. However, we are unable to tell you when it will be fixed. Maybe next week, maybe in ten years. Sorry, we are only a small branch (...but managing all of Benelux no less..), and get hardly any more info than you have.". And no, that particular problem (RMI in Jserver crashing after several hours of just sitting there..) has not been fixed in a week. Actually, we still haven't heard back about it, even though it was reported last autumn.
And most importantly, it is outside of the range of the un-dyed cells, called the rods ;-). Night-vision is mostly done with the rods, whereas color-vision is done with the cones. That's the reason why, in low-lit conditions, you see everything in shades of grey
> (If it weren't, we would see infrared and call *it* "red").
Actually, the reason why red is near the edge of the receptivity of red cones, is because there is a significant overlap between the ranges of the red and green cones. The wavelength at the maximum of the red cone's sensitivity (564 nm) is also well within the green's range, and is thus seen as yellow (red+green) rather than "pure" red. If sensitity ranges were more evenly spread (i.e. the green range closer to the blue, but further away from the red), we would see 564nm as red, and still not see any infrared...
This picture nicely shows the receptivity of the four kinds of receivers in the human eye.
Reminds of Jurassic Park. A year before the movie came out, suddenly all pop-science magazines started to feature articles about dinosaurs, serious theories about their extinction, crackpot theories about their extinction, that they were ancestors of the birds etc. At the time, I wondered why this sudden frenzy about this subject. A year later, at the cinema, I understood...
AFAIK, it does not run an x86 emulation. It's a port to the mainframe's processor, just like there are ports to the Alpha, the PowerPC, the Sparc, etc. Virtualization only goes as far as is needed to compartimentalize the mainframe into zillions of server, it does not emulate the processor.
So you would only have source compatibility, and no binary compatibility, and thus it does make sense to test your software there, in order to see whether it ports allright to this architecture.
Think about it. Nobody cares whether this runs on an IBM mainframe, or on a Beowulf clusters of gameboys. However, this thing sits right in the center of IBM's Noc, and is thus probably very well connected. Think Gigabit connections directly to the important backbone providers... If you have something interesting to publish, you put it at that place. You don't care about the OS, nor the hardware: you use it solely for its outstanding connectivity!
... a cluster of thousands of well connected DeCSS/OT VII/<insert your favorite censored item> mirrors? Or will they firewall off HTML access to those virtual linux boxen? Wouldn't it be ironic if mirrors of this stuff turned up as well? IBM may have unwittingly set up a giant community blackboard here...
Well, any developer worth their salt knows how to set up a hotmail account, and use that to re-apply for another period.
And, at the same time, he was able to tell the race of the car owner's neighbour's dog...
But why would you do that? To make Linux look bad?
Well in this particular situation, Microsoft was demoing their product, and tried to show it in the best light, and thus really had no interest whatsoever to sabotage their own product. And you can be pretty damn sure that they have enough money to put a decent enough amount of memory in the box too.
> I don't think that would be a problem.
So, in your eyes, any blind person is a "green-screen luddite"? Blind people often surf the web using lynx (or other text browsers) connected to a text-to-speech engine or to a braille line. Any content browseable only through Internet Explorer 5 is thus inaccessible to them...
Well, you may have a point though: as blind people don't drive, they'd probably not be interested anyways by the petty quibbles between Ford, GM and 2600...
Which seems to be the most trivial and common example. Just about any company is using some kind of sharing protocols. While larger companies use some sort of centralized (or department-wide) file servers, the smaller outfits often resort to peer-to-peer sharing of their Windows disks. Granted, they use SMB for the purpose, not Napster, but used this way, SMB is peer-to-peer too.