...the Wall Street Journal article which apparently broke the news - it's the most complete. What's known - the passwords were being sent to St. Petersburg, Russia. They probably had access for about three months.
"LONDON (CNNfn) - Hackers gained access to some of Microsoft Corp.'s essential product secrets, the world's most powerful technology company said Friday, acknowledging a security breach that is a major embarrassment for the software company..."
"The Wall Street Journal said security employees had discovered that passwords used to transfer the source code behind Microsoft's software were being sent from the company's computer network in Redmond, Washington, to an e-mail account in St. Petersburg, Russia. Microsoft said it was making sure hackers could not use the stolen source code to change commercial software used by businesses, governments and consumers."
As other readers have pointed out, that machine was apparently affected.
I got the email too, and I checked its Received: headers against a debian-announce message in my mail archives from about a year ago. They both came from the same source. So there's no way this is a hoax...unless the murphy.debian.org machine that emailed it to me is compromised, in which case it's not an inaccurate hoax:/
Our crack team of ad-guideline-violation specialists has surrounded the home of the popup and will be frog-marching it out in handcuffs shortly.
We apologize for the inconvenience it may have caused.
Again, thanks for mentioning this (though the Bugs link on the left side of the page always works too, yes it requires registration, sorry). In future, if you're sure you're seeing a popup/popunder ad, and it's from Slashdot not some malware, feel free to just email us. I am happy to volunteer my co-worker's address:
pater@slashdot.org.
You should not be seeing popup ads on Slashdot, either at page load or window close or anytime in-between. Last I heard, our policy was not to deliver such ads.
If you see one again (and you're sure it's Slashdot, not some adware/spyware you installed that affects your web browsing experience)... please let us know. Click on the Bugs link in the left column of every page, and report as many details as you have. In any case I'll mention this to our ad guys on Monday and ask them to keep an eye out for popups. Thanks.
"What's more disturbing for little Timmy to see? "Terminator 2" or CNN? Why is fake violence so heavily restricted and regulated, but actual people bleeding and dying is completely OK?"
Most disturbing of all, to me, is the long-shot footage of explosions in Baghdad. The canonical example is from the First Gulf War, the nose-of-the-bomb footage as it falls toward the building, then the infrared long-shot showing it blowing up. In the Second Gulf War we got to see the billowing fire as the bombs fell at night.
I would much rather Timmy see human beings bleeding and dying in full detail. Show the man fall as he's shot. Show the pain on his face. Show the hospital staff's concern as they examine his wound. Show the blood. Which is more likely to desensitize Timmy to the actual meaning of violence -- seeing it, or seeing pretty explosions in 5-second clips?
And which does CNN show?
I haven't played it but I've heard Postal 2 is a pretty lousy game. So I'm not defending it. But I think if you want to desensitize kids to violence, you could hardly pick a better way than presenting them with only unnatural depictions: bloodless gunshots and long-shot gee-look-at-the-fireball.
That data is stored internally as "blocks" and each httpd child has its own blocks cache. The cache expires after 30 minutes but every httpd child will be on a different timer.
Hm, I bet we can afford to make that more like 10 minutes... maybe we'll tweak that.
No, stories don't have to move through the cluster, and there's no concurrency bug. We have a front-end cluster of webheads but they all read from the same DBs. The only "moving through" is from our main DB to our replicated slave reader DBs, but they are typically only 0 to 1 seconds behind reality, so that's not an issue.
In this case, the problem was that Hemos and I were both editing the story at the same time. He added an icon and posted it at 9:36 EDT live, then I tweaked the text and posted it at 9:38 which was about 40 seconds in the future, then around 9:39 I went back and edited its time back to 9:36... so there were a few seconds there where the story went from front-page to subscriber-only and back.
The Slash backend is obviously too powerful for idiots like us:)
By the way, for info on Google's purchase of the search engine Kaltix, check
this controversial Register piece
by Andrew Orlowski. It contains the highly suspect, matter-of-fact comment that "PageRank is now widely acknowledged to be broken," but if you take the PageRank speculation with a grain of salt it's an interesting read.
It's been a long time since Slashdot went down for any significant amount of time.
We do planned code upgrades once a week and have to kick each webserver, but the load balancer keeps the site up transparently. We probably lose a total of a few hundred incoming connections each time we do that (a total of maybe 5 seconds worth, once a week).
In the last year, I think there was once that we had to roll code back and were probably down for a few minutes, and I think one other time when we were down for an hour, I forget what exactly.
And then of course we've had network troubles occasionally, but that could be us or it could be you:)
None of that has been because of database failure (to get back ontopic sorta:)... the MySQLs just all keep humming.
"Last time I read one of Rob's reports on slashdot they had 10 terabyts of data in the database.. and that was 2 years ago.
no that's not "ALOT" but it's nothing to sneeze at."
Nah, our DB totals only about 6 GB. Slashdot isn't an especially big database.
Its only claim to fame is that it delivers about 30 dynamic pages a second, 12 hours a day.
Re:My favorit: "Have Spacesuit, Will Travel"
on
New Heinlein Novel
·
· Score: 1
"I wasn't sure if I wanted to be Wyoming Knott, or just go to bed with her."
Bill's made it possible for any
random high-school loser
to destroy
$14 billion
of other people's hard work. He's soaked the world in gasoline and
handed out a billion matches. That's an "achievement"?
We should write something up about this someday and submit it to Bugtraq, but, we've been kinda busy... oh well.
Go
look at Slash/Utility/Data.pm
and scroll down to sub breakHtml.
The constant comment_startword_workaround defines whether or not the Microsoft-bug-workaround is applies.
Load a javascript off the website of someone else you don't trust? Cmon now... let's just invite a stranger into your home to watch all your websurfing, or post the contents of your cookie file to your LJ.
Anthony, I'm sure you're a nice guy and all, but would you trust a random stranger's javascript on every one of your webpages?
(The space added to the URL you pasted in is added to every long word at the 50-character mark, to make sure idiots can't break your browser rendering by typing very long words into their comments.)
Here's how the situation looks right now (as far as I'm aware -- new facts will surely arrive in days to come):
Five years after the implementation of the deregulation that took Niagara Mohawk out of the power-generation business and got them into the power-distribution business, a few routine lightning bolts take out their power-distribution grid in much of the Northeast United States and part of Canada.
I find that interesting. I assume others will too, and I wouldn't be surprised if people are working on stories right now, researching the effects that deregulation had on the corporation and on the power distribution business in general.
If you don't find that interesting or have already decided that there's nothing there, that's fine; nobody's going to make you browse Google and nobody's going to make you post a comment to Slashdot. But I imagine some of our readers will find this interesting too and their research may turn up information that few people are currently aware of.
Or it may not; they may find that there is no correlation.
Or there may be no relevant data publicly available. I don't know.
As usual, on Slashdot, if you don't care, you're free to move on to the next story.
Slashdot Mirror
Happy birthday!
I don't know if this delayed a release, but -- in October 2000, the news broke that Microsoft's internal network had been cracked for three months.
(Debian made this announcement in 24 hours.)
Read for yourself:
Microsoft Cracked
I got the email too, and I checked its Received: headers against a debian-announce message in my mail archives from about a year ago. They both came from the same source. So there's no way this is a hoax ...unless the murphy.debian.org machine that emailed it to me is compromised, in which case it's not an inaccurate hoax :/
"A Walk in the Clouds" was much, much worse.
She's my sister. And today's her birthday :)
Voyager got out just in time!
We apologize for the inconvenience it may have caused.
Again, thanks for mentioning this (though the Bugs link on the left side of the page always works too, yes it requires registration, sorry). In future, if you're sure you're seeing a popup/popunder ad, and it's from Slashdot not some malware, feel free to just email us. I am happy to volunteer my co-worker's address: pater@slashdot.org.
If you see one again (and you're sure it's Slashdot, not some adware/spyware you installed that affects your web browsing experience)... please let us know. Click on the Bugs link in the left column of every page, and report as many details as you have. In any case I'll mention this to our ad guys on Monday and ask them to keep an eye out for popups. Thanks.
http://www.sunncomm.com/index2.html
http://www.zombo.com/
Most disturbing of all, to me, is the long-shot footage of explosions in Baghdad. The canonical example is from the First Gulf War, the nose-of-the-bomb footage as it falls toward the building, then the infrared long-shot showing it blowing up. In the Second Gulf War we got to see the billowing fire as the bombs fell at night.
I would much rather Timmy see human beings bleeding and dying in full detail. Show the man fall as he's shot. Show the pain on his face. Show the hospital staff's concern as they examine his wound. Show the blood. Which is more likely to desensitize Timmy to the actual meaning of violence -- seeing it, or seeing pretty explosions in 5-second clips?
And which does CNN show?
I haven't played it but I've heard Postal 2 is a pretty lousy game. So I'm not defending it. But I think if you want to desensitize kids to violence, you could hardly pick a better way than presenting them with only unnatural depictions: bloodless gunshots and long-shot gee-look-at-the-fireball.
You set your hard threshold. Turn it off and you'll get more accurate comment counts.
Hm, I bet we can afford to make that more like 10 minutes... maybe we'll tweak that.
I explained here.
No, stories don't have to move through the cluster, and there's no concurrency bug. We have a front-end cluster of webheads but they all read from the same DBs. The only "moving through" is from our main DB to our replicated slave reader DBs, but they are typically only 0 to 1 seconds behind reality, so that's not an issue.
In this case, the problem was that Hemos and I were both editing the story at the same time. He added an icon and posted it at 9:36 EDT live, then I tweaked the text and posted it at 9:38 which was about 40 seconds in the future, then around 9:39 I went back and edited its time back to 9:36... so there were a few seconds there where the story went from front-page to subscriber-only and back.
The Slash backend is obviously too powerful for idiots like us :)
By the way, for info on Google's purchase of the search engine Kaltix, check this controversial Register piece by Andrew Orlowski. It contains the highly suspect, matter-of-fact comment that "PageRank is now widely acknowledged to be broken," but if you take the PageRank speculation with a grain of salt it's an interesting read.
I posted my incisive and witty commentary on this matter of vital national importance earlier this afternoon.
We do planned code upgrades once a week and have to kick each webserver, but the load balancer keeps the site up transparently. We probably lose a total of a few hundred incoming connections each time we do that (a total of maybe 5 seconds worth, once a week).
In the last year, I think there was once that we had to roll code back and were probably down for a few minutes, and I think one other time when we were down for an hour, I forget what exactly.
And then of course we've had network troubles occasionally, but that could be us or it could be you :)
None of that has been because of database failure (to get back ontopic sorta :) ... the MySQLs just all keep humming.
Nah, our DB totals only about 6 GB. Slashdot isn't an especially big database.
Its only claim to fame is that it delivers about 30 dynamic pages a second, 12 hours a day.
Why not?
Bill's made it possible for any random high-school loser to destroy $14 billion of other people's hard work. He's soaked the world in gasoline and handed out a billion matches. That's an "achievement"?
Go look at Slash/Utility/Data.pm and scroll down to sub breakHtml. The constant comment_startword_workaround defines whether or not the Microsoft-bug-workaround is applies.
Actually it's a lot more complex than that, because we have to work around an MSIE rendering bug (present in every version of MSIE we've tested).
Load a javascript off the website of someone else you don't trust? Cmon now... let's just invite a stranger into your home to watch all your websurfing, or post the contents of your cookie file to your LJ.
Anthony, I'm sure you're a nice guy and all, but would you trust a random stranger's javascript on every one of your webpages?
(The space added to the URL you pasted in is added to every long word at the 50-character mark, to make sure idiots can't break your browser rendering by typing very long words into their comments.)
All my Slash test boxes, including the laptop I'm typing on, run Debian.
Thanks to everyone involved who puts together and maintains the distro. Its package management is top-notch. Excellent work y'all.
Five years after the implementation of the deregulation that took Niagara Mohawk out of the power-generation business and got them into the power-distribution business, a few routine lightning bolts take out their power-distribution grid in much of the Northeast United States and part of Canada.
I find that interesting. I assume others will too, and I wouldn't be surprised if people are working on stories right now, researching the effects that deregulation had on the corporation and on the power distribution business in general.
If you don't find that interesting or have already decided that there's nothing there, that's fine; nobody's going to make you browse Google and nobody's going to make you post a comment to Slashdot. But I imagine some of our readers will find this interesting too and their research may turn up information that few people are currently aware of.
Or it may not; they may find that there is no correlation.
Or there may be no relevant data publicly available. I don't know.
As usual, on Slashdot, if you don't care, you're free to move on to the next story.