I have to run Lavasoft's ad-aware every night to keep things semi-clean.
Or, better yet, use UDPcast to re-image them. Takes only ten minutes to image the whole cybercafé at once (thanks to UDPcast's multicast abilities). That way, you not only get rid of those spywares that Lavasoft knows about, but you get a known-clean install every night!
At a science demo at our local college when I was young, one of the profs was demoing quickly dipping their fingers into liquid nitrogen.
At university, we had once a physical practical, where the objective was to make supraconductive pellets. Put the ingredientsinto a coffee grinder to mix, the poor the mixed stuff into the mold, compress, toss the pellet into liquid nitrogen, leave it there for 30 seconds, and fish it out with a small pair of plyers... But we quickly noticed that the plyers were not really needed, and the pellet even stayed supraconductive after touching it (it still levitated when put on top of a large magnet). No harm done to the fingers, except to small yellow patches where they touched the pellet (no Leidenfrost effect with solids)
Of course, there was lots of other fun stuff to do as well, when the prof wasn't watching (shattering pencil erasors, pouring it on the table or on the floor, pooring it over our hands,...). Nobody was foolish enough to drink any, though.
What matters is not whether our IHB (Internet Homebanking) service is secure, but rather whether our customers
think it is secure...
I guess that's why they are "safekeeping" their customers private SSL keys on the server, and sending them to the client browsers after a simple password-based login. Non-repudiation? Hello?
Result: an overly slow and cumbersome system that does not any security at all over the much simpler systems of the competition. But at least, it looks very secure.
Was he mauled by Saddam?
on
A Better Finder?
·
· Score: -1, Offtopic
Was Dubya in this picture mauled by Saddam? No, it was just a Pretzel!
Lesson (not) learned: never attempt to eat a bigger piece than you can swallow!
Wow, the shock treatment! But now what did the landlord say about the dents in the wall and in the furniture;-) ?
In my case, soon after the failure, I put the drive into the freezer for 20 minutes (hey, it overheated, so maybe this might compensate?), then somewhat afterwards I had the drive standing on its edge somewhere on the table and accidentally knocked it over. None of the two shock treatments brought it back (I tried the day after, and 2 days after: no avail. Then waited 3 weeks (without any further abuse), and then everything was fine).
Needless to say, now I have a RAID array, and extra fans near each drive.
...you're a statistical anomaly. Seagate drives hardly ever fail suddenly and completely.
Well, it was not that sudden. During some 10 minutes, the drive made strange noises (lots of clicks), but still went on reading and writing... (yes, I should have shut down the computer immediately upon noticing this, but I was halfway through a large copy operation from one partition to another, so I let it continue...a severe error, as it turned out in hindsight...). However, once it was dead, the failure was indeed complete.
Modern hard drives are very sensitive mechanical devices. Regardless of manufacturer, they WILL fail sooner or later, due to wear and tear, random knocks and vibrations, background radiation, or whatever.
Yeah, but three months is really pushing it... And we didn't even have an earthquake during that period, so we can't blame it on vibrations either. The Maxtors which I got as replacement are now in their 7th month (during which there were 2 earthquakes, heavy construction work nearby, and a number of bass-laden parties of the neighbours downstairs followed by me stomping on the floor violently...), and they still work like a charm! So I guess manufacturer does make a difference! (... and the disk that I had before the Seagate lasted sth like 6 years (IIRC), and the only reason why I replaced it was because it was too small, not because it broke).
Moreover, with the other disk failures that I saw (including the IBM death stars...) failure was never complete and catastrophic, but only involved a small number of sectors, while the rest of the disk stayed perfectly accessible. Not so the Seagate: the drive was no longer even recognized while it was broken (well the good thing was that it eventually came back, but still).
Read the above article, and found the following gem inside:
For those buying replacement drives, Mr. Margeson recommends brands such as Seagate ("They're like Buicks; they just keep on working"),...
Ok, whatever. I had a Seagate die on me after a mere three months. Fortunately, the end of their sentence is better advice:
..., Maxtor and Western Digital. Stay away, he says, from IBM's Desk Star ("We call it the Death Star") and the Fujitsu MPG series ("They're dropping like flies").
Death Stars, indeed. At LLL we had a whole shipment of these die on us. Fortunately, in that case, however, we lost no critical data (only a couple of sectors went bad, rather than the whole disks). Got warranty replacements too! (... but then, getting 10 Gig drives at a time when 60 Gig was the norm is kinda pointless...)
Also bear in mind that, according to the article, the "candidates" usually don't call back, for one reason or another. Which means that the counseling hotline doesn't actually know whether they were successful or not...
... the hard drive just magically comes back to life.
Last year, bought a Seagate drive (yes I know....), copied all my stuff to the new drive, and reclaimed the old one for other stuff. And indeed, 3 month after having it, my brand new Seagate died on me. Of course I had no backup (yes I know...). I was shattered.
Tried contacting data recovery services. However, not only were they rather expensive, but also they did not guarantee confidentiality (in their customer agreement, they reserved themselves the right to make "good" use of the data if they stumbled across sth interesing...). Well, there were some pretty personal data on the disk (in 12 years, you do accumulate stuff), so this did make me somewhat uneasy.
Finally, a friend of mine told me that just letting the drive rest for a couple of week may bring it back. So, I just put it away, waited 4 weeks, reconnected it, and presto! everything was back! Sometimes lady luck is your friend! Of course, first thing I did was copy everything over to my new brand new raid array of Maxtors: You never know when it will fail again.
All of my shells are patched to prompt for a password if they are init. (That's not hard to do..)
Yes, that's indeed not hard to do (just check whether getpid() is 1). However, it's also not very efficient:
All an attacker would need to do is use init=/bin/vi instead, and shell-escape from there. Oh, so you patch vi as well... Great, then the attacker will just use one of the bazillion other programs that supports shell escapes, so are you going to patch all applications and utilities that are on your system?
And even if you patch everything, what's to stop the attacker to conveniently leave a suitable program in/tmp before he reboots the machine?
Software patents are not (currently) valid in the UK.
Correct. They are currently valid nowhere in Europe, although there are unfortunately plans to change that.
However, this doesn't prevent an unethical company to sneak just such a patent past a sleepy patent office clerk, and once it's on the books, they can bully whoever they want with it. True enough, eventually the judge will decide in favor of the defendant, but until that date the defendant has to cope with a number of hassles (lawyer's costs, and more importantly: injunction to force him to change his software, so as not to use the disputed features, etc.). Just let's hope nobody patents the light switch!
Then it would not be an encryption but a signature.
You are right that it would not be encryption in the sense that it doesn't protect privacy of the message (indeed, in order to read the message, you only need Bruce's public key, which is indeed, uhmm, public...).
However, it would still fulfull the goal of evading spamassassin, because, as far as I know, spam assassin is not yet smart enough to figure out that the message has been "encrypted" with Bruce's private key, and to fetch the public key from the Bruce's webserver to decrypt it.
But then again, rot13 would probably be enough to evade spamassassin too... as long as you don't mispell inventive as ivntenive that is...
Thanks to all of you who e-mailed nastygrams, and cussed at them over the phone;-) Our complaining has helped: the site is accessible to all browsers now (there is still an "optimized for Internet Explorer 5" sentence there, but at least now you can see the useful content as well). Many thanks for your participation!
Now on to the next target: http://www.lux-world.lu/.
The good news is that in addition to running an IE-only site, these lusers also run an
open mail relay (you need to specify an address @lux-world.lu in your mail from: command). Yum, spam, yum! Our team is currently busy registering them with a number open relay block lists, in order to diminish the customer value of their webmail service as much as possible;-)
...and others insist that we have to stop whoever is doing it immediatly...
Hard to do... Easy solution: just block the bounces at your mailserver, at least then the lusers won't notice the problem any longer...
Re:Given that live music is the best music...
on
Instant Concert CDs?
·
· Score: 4, Informative
Quotes from the above site:
PLEASE NOTE: LivePhish.com is optimized for Internet Explorer 5 or later. You will not be able to register or purchase or download shows with the web browser you are currently using. Please come back and visit us with Internet Explorer.
Morons! (and no, I won't come back, neither with nor without IE...)
Maybe she tried to hide it from burglars?
on
Baked Apple
·
· Score: 2, Insightful
Sorry to inject a (semi-)serious answer among all the jokes:
Maybe she went on holydays (planning not to take her powerbook with her), was concerned that the house might get burgled, and proceeded to hide the valuables: jewelry into the trash, bearer's share certificates among the old newspapers, apple into the oven,...
Three weeks later, when she came back, she had all forgotten about these hiding places, took the trash out, threw the old papers into the chimney and pre-heated the oven for a pizza...
Slashdot Mirror
Or, better yet, use UDPcast to re-image them. Takes only ten minutes to image the whole cybercafé at once (thanks to UDPcast's multicast abilities). That way, you not only get rid of those spywares that Lavasoft knows about, but you get a known-clean install every night!
At university, we had once a physical practical, where the objective was to make supraconductive pellets. Put the ingredientsinto a coffee grinder to mix, the poor the mixed stuff into the mold, compress, toss the pellet into liquid nitrogen, leave it there for 30 seconds, and fish it out with a small pair of plyers... But we quickly noticed that the plyers were not really needed, and the pellet even stayed supraconductive after touching it (it still levitated when put on top of a large magnet). No harm done to the fingers, except to small yellow patches where they touched the pellet (no Leidenfrost effect with solids)
Of course, there was lots of other fun stuff to do as well, when the prof wasn't watching (shattering pencil erasors, pouring it on the table or on the floor, pooring it over our hands, ...). Nobody was foolish enough to drink any, though.
Or more pragmatically: next time you've finished the windows install, you'll take an udpcast snapshot and store that someplace safe.
Then, the time after next time, it will be easy:
Reminds me of the security philosophy of one large Luxembourgish bank:
I guess that's why they are "safekeeping" their customers private SSL keys on the server, and sending them to the client browsers after a simple password-based login. Non-repudiation? Hello?
Result: an overly slow and cumbersome system that does not any security at all over the much simpler systems of the competition. But at least, it looks very secure.
Was Dubya in this picture mauled by Saddam? No, it was just a Pretzel! Lesson (not) learned: never attempt to eat a bigger piece than you can swallow!
Run for the hills!
Back in the day (1992) when I did my internship at DEC/SRC, I did get paid. So this doesn't seem to be specific to MSFT.
Just to clarify, before mister shifty1000-Seagate-salesdrone-metamatic calls me up on it: the above mentioned abuse happened after the disk failed...
In my case, soon after the failure, I put the drive into the freezer for 20 minutes (hey, it overheated, so maybe this might compensate?), then somewhat afterwards I had the drive standing on its edge somewhere on the table and accidentally knocked it over. None of the two shock treatments brought it back (I tried the day after, and 2 days after: no avail. Then waited 3 weeks (without any further abuse), and then everything was fine).
Needless to say, now I have a RAID array, and extra fans near each drive.
Well, it was not that sudden. During some 10 minutes, the drive made strange noises (lots of clicks), but still went on reading and writing... (yes, I should have shut down the computer immediately upon noticing this, but I was halfway through a large copy operation from one partition to another, so I let it continue...a severe error, as it turned out in hindsight...). However, once it was dead, the failure was indeed complete.
Yeah, but three months is really pushing it... And we didn't even have an earthquake during that period, so we can't blame it on vibrations either. The Maxtors which I got as replacement are now in their 7th month (during which there were 2 earthquakes, heavy construction work nearby, and a number of bass-laden parties of the neighbours downstairs followed by me stomping on the floor violently...), and they still work like a charm! So I guess manufacturer does make a difference! (... and the disk that I had before the Seagate lasted sth like 6 years (IIRC), and the only reason why I replaced it was because it was too small, not because it broke).
Moreover, with the other disk failures that I saw (including the IBM death stars...) failure was never complete and catastrophic, but only involved a small number of sectors, while the rest of the disk stayed perfectly accessible. Not so the Seagate: the drive was no longer even recognized while it was broken (well the good thing was that it eventually came back, but still).
Ok, whatever. I had a Seagate die on me after a mere three months. Fortunately, the end of their sentence is better advice:
Death Stars, indeed. At LLL we had a whole shipment of these die on us. Fortunately, in that case, however, we lost no critical data (only a couple of sectors went bad, rather than the whole disks). Got warranty replacements too! (... but then, getting 10 Gig drives at a time when 60 Gig was the norm is kinda pointless...)
Also bear in mind that, according to the article, the "candidates" usually don't call back, for one reason or another. Which means that the counseling hotline doesn't actually know whether they were successful or not...
Last year, bought a Seagate drive (yes I know....), copied all my stuff to the new drive, and reclaimed the old one for other stuff. And indeed, 3 month after having it, my brand new Seagate died on me. Of course I had no backup (yes I know...). I was shattered.
Tried contacting data recovery services. However, not only were they rather expensive, but also they did not guarantee confidentiality (in their customer agreement, they reserved themselves the right to make "good" use of the data if they stumbled across sth interesing...). Well, there were some pretty personal data on the disk (in 12 years, you do accumulate stuff), so this did make me somewhat uneasy.
Finally, a friend of mine told me that just letting the drive rest for a couple of week may bring it back. So, I just put it away, waited 4 weeks, reconnected it, and presto! everything was back! Sometimes lady luck is your friend! Of course, first thing I did was copy everything over to my new brand new raid array of Maxtors: You never know when it will fail again.
But does that work for networking applications too? Last I checked, a mingw binary could not use any socket code.
Yes, that's indeed not hard to do (just check whether getpid() is 1). However, it's also not very efficient:
All an attacker would need to do is use init=/bin/vi instead, and shell-escape from there. Oh, so you patch vi as well... Great, then the attacker will just use one of the bazillion other programs that supports shell escapes, so are you going to patch all applications and utilities that are on your system?
And even if you patch everything, what's to stop the attacker to conveniently leave a suitable program in /tmp before he reboots the machine?
Correct. They are currently valid nowhere in Europe, although there are unfortunately plans to change that.
However, this doesn't prevent an unethical company to sneak just such a patent past a sleepy patent office clerk, and once it's on the books, they can bully whoever they want with it. True enough, eventually the judge will decide in favor of the defendant, but until that date the defendant has to cope with a number of hassles (lawyer's costs, and more importantly: injunction to force him to change his software, so as not to use the disputed features, etc.). Just let's hope nobody patents the light switch!
You are right that it would not be encryption in the sense that it doesn't protect privacy of the message (indeed, in order to read the message, you only need Bruce's public key, which is indeed, uhmm, public...).
However, it would still fulfull the goal of evading spamassassin, because, as far as I know, spam assassin is not yet smart enough to figure out that the message has been "encrypted" with Bruce's private key, and to fetch the public key from the Bruce's webserver to decrypt it.
But then again, rot13 would probably be enough to evade spamassassin too... as long as you don't mispell inventive as ivntenive that is...
Not enough. You can still type linux init=/bin/sh at the boot prompt (or an equivalent command line if you use grub).
To properly protect your machine:
Now on to the next target: http://www.lux-world.lu/. The good news is that in addition to running an IE-only site, these lusers also run an open mail relay (you need to specify an address @lux-world.lu in your mail from: command). Yum, spam, yum! Our team is currently busy registering them with a number open relay block lists, in order to diminish the customer value of their webmail service as much as possible ;-)
Complain loudly and numerously to info@codex.lu.
Hard to do... Easy solution: just block the bounces at your mailserver, at least then the lusers won't notice the problem any longer...
Morons! (and no, I won't come back, neither with nor without IE...)
Maybe she went on holydays (planning not to take her powerbook with her), was concerned that the house might get burgled, and proceeded to hide the valuables: jewelry into the trash, bearer's share certificates among the old newspapers, apple into the oven, ...
Three weeks later, when she came back, she had all forgotten about these hiding places, took the trash out, threw the old papers into the chimney and pre-heated the oven for a pizza...