Guys aren't used to getting flowers, so for some of us that kind of thing can really work well. Depending on what kind of geeky he is, you could go for an amaryllis bulb or bonsai, or you could do cut flowers if he's going to kill them by miswatering in a week.
A nice bottle of champagne (or sparkling white made-somewhere-else wine:-) and a set of nice glasses for it can be a good thing also.
Depending on where you live, you'll probably want to save the long moonlight beach walk for summer time...
SCO's ftp site was distributing 2.4.13, last time I checked - and the allegedly infringing code is in 2.2.12, 2.4.1-01, and "2.4.x". So the 2.2.12 and 2.4.1-01 sections are covered by the GPL because they distributed it that way, and "2.4.x" might be, depending on which values of X are 13.
John's a stubborn and principled guy. Cryptome occasionally gets DDOSed or cracked, and FBI agents occasionally knock on his door (and get their names taken down and posted on the site) and other bureaucrats periodically tell him they want stuff taken down (takedown letters get posted too), and the site is widely recognized as one of the places to go for the kinds of materials he carries. He's had to change ISPs occasionally, but basically cockroaches don't like bright lights, so they don't stay around bothering him long.
If the Chinese government wants to persecute their citizens for having the wrong religion, there's absolutely nothing wrong with making it hard for them. You can do this by deliberately misleading them, as long as you don't endanger someone else in the process, or you can do it by in-their-face refusal to cooperate (though the latter is obviously safer if you don't live in China.) Speaking Truth To Power is a good thing, but sometimes risks being more traceable.
Until about 10-15 years ago, you could simply rent a mailbox from a mailbox company. That meant that if you were a battered woman and your psycho ex-husband was using your mail to stalk you, you'd have to pick it up when he wasn't lurking around in the bushes, but basically you were safe, because you didn't have to tell the mailbox company where you lived.
Then the US Post Office started making rules requiring anybody who wants to rent a mailbox from their competition to provide photo ID with your true name and the address you really sleep at, and the State of California made even tougher rules about how you also have to accept subpoenas there. Then within a year or two they discovered that this had created a serious problem ; California now has a process where you can register as an Officially Battered Woman and get an Offically Battered Woman No-Address-Verification-Required Mailbox. That's still much more risky than simply renting a box used to be, and it means dealing with the legal and social-control bureaucracy far more than many people want, and it also means that if you're not Officially Battered, but just want to avoid having your ex get your current address because he's creepy, you're out of luck. Unless you use fake ID to get the box, of course. Or a business name.
Yes, the reason WHOIS exists is to provide contact info, and it's also sometimes used to store registrar billing info.
That's entirely different from what the RIAA and their pet Congresscritters want, which is for the WHOIS record to provide your True Name, ICBM Address, Legal Jurisdiction, Address where you've agreed to accept subpoenas and 6am no-knock visits from the RIAA and Homeland Security, Blood type, mother's maiden name, and Internet Driver's License.
ICANN is somewhere in between. The only IP they care about is Intellectual Property, and they've always tried to insist that the Registrars collect Whois Records that have Subpoena contact information, so that if there's a trademark dispute over your domain name, the allegedly legitimate trademark owner can drag you into court, rather than forcing the registrar system to handle dispute resolution and risk getting sued by big companies that lose UDRP cases.
Ownership conflicts and not paying your bill are the only cases where taking away your domain name is justified, and therefore the only case in which providing inadequate response to contact information should lose you the domain name. It's also valuable to have working contact information in case things about your system are broken, like your DNS not resolving correctly or your email getting lost, because that's how people on the Internet help each other. The RIAA and Congresscritters are trying to extend lots more significance and control to the whole process than it's supposed to have.
Besides, even *accurate* information doesn't get what they want. Sure, the contact email addresses can point to "postmaster@yourdomain.com" , a valid address on your machine, but that doesn't mean that you read it regularly, or that you ever check your contact phone's answering machine messages. I recently tracked down a spammer to a box number in the same building as The Company Corporation, who for the last 105 years have provided convenient paperwork for Delaware corporations. Yes, that's right, you can go there and drop a subpoena in their mailbox and maybe they'll read it, and if somebody sues them for trademark violations and they don't show, John Ashcroft can burn their corporate papers at the stake at high noon and all it means is that they real owners have to spend another $100 for another disposable corporation.
A fairly common feature of email programs these days is to require users to connect using POP or IMAP before accepting outgoing SMTP connections. This means you can relay traffic for your users and not do so for strangers. It's pretty much the same as a knocking mechanism, except it's implemented in the applications rather than in the protocol stacks.
If your listener program is secure, it's not a risk; the big security question is whether you can make a knocking-listener that's secure enough that it doesn't increase the risk. The less big security question is whether it can make things harder for attackers without breaking too many other things. For instance, if it runs as root (or as a kernel module) and has buffer overflow problems, it's an entertaining target of attack. On the other hand, if all it does is detects connection requests, passes the IP address and port number to a validator program, and sends a TCP or ICMP reject message, it might be safe enough.
It doesn't actually use significant resources unless it's getting pounded with lots of packets, and you can limit this by only listening on a few ports, blocklisting IP addresses that knock on the wrong ports, and limiting the rate that you actually respond to requests from a given IP address. On the other hand, you have to be careful not to let the attacker spoof a bunch of _bad_ requests, causing you to blocklist a real site. Depending on how much eavesdropping capability the attacker has, this may be easy or hard.
The security advantage of this method over a single-port method with a password is that there are applications that you run which may have bugs in them, such as your SSH server or SNMP monitors, which you're not going to rewrite, and it lets you block access to them except from authorized users. It's a defense-in-depth strategy, possibly good (though it looks clumsy to me.) It can cut down on lots of the script kiddies.
Also, this doesn't have to be in your main server. This is the kind of application you could build into your firewall box, so it reduces the number of ports that can pass through the firewall, except when somebody knocked successfully, and the firewall doesn't allow passthough on the knocking ports. Of course, you could accomplish almost the same thing wiht better security by accepting SSL requests to an application on the firewall...
Yes, it's disturbing, but only because it happened, not because Theo's clueless. But the point of such a comment is that "It's NOT a root exploit". By contrast, with Microsoft, major exploits happen Too Frequently and crashes happen too often to bother reporting.
A non-serious cracker might have fun taking down OpenBSD a few times with an exploit like this. A more serious cracker would do this to try to convince some number of systems to stop running the most secure OS that's reasonably available and replace it with more vulnerable systems that aren't getting spanked a lot.
Many operating systems let you write raw Ethernet packets to the Ethernet. Most operating systems let you write raw IP packets to the IP subsystem, which then routes them and sends them to Ethernet or whatever, though sometimes "you" have to be root or maybe another privileged user. A much smaller number of operating systems let you write raw IPv6 packets to the IPv6 subsystem.
So maybe you need to patch a Linux OS to get some help sending broken ICMPv6 packets, or maybe you just need to do creative writing to the Ethernet. But you could certainly get MS-DOS to let you do it, and presumably also Windows.
Overture is a major search engine that charges per click on "sponsored listings", which are ranked by per-click bid price before any of the regular listings. A popular sport for a while was to annoy spammers and spamware vendors by searching for "bulk email" and "opt-in" and similar phrases and click on all the sponsored listings. I think the lowest price is US$0.10, but I've seen bidding wars where the top couple of entries reached $5 or more, and I'll be happy to risk a cookie or two to charge a spammer $5. (On the other hand, doing that to a legitimate site like your hot pepper sauce store is obviously rude.) It used to be easy to see what the bids were, but their script-blocking stuff has made that much harder; I suspect that also reduces the number of really high bids, which looked like they'd come from dueling robots rather than humans making realistic pricing decisions.
You'll have to do your own search, because Overture claims to pay attention to REFERER variables as well as cookies. But it's interesting to see that somebody's done some experimentation with it.
Google doesn't have concentrated power. Google has popularity, and they have popularity because they're good. If people didn't like them as much as Yahoo or Teoma or politically-correct-search-engine.gov, they'd use those instead.
Saying Google is too powerful and should be forced to carry politically correct content is somewhat like saying CNN is too powerful and should be forced to carry politically correct news, except that the Internet has far fewer limitations on capacity than cable TV and has a much lower cost for getting into the business. It's not only Wrong, but it would degrade the quality of the site, and people would go leave. By contrast, if you offer a competing channel (like Fox News or PBS or politically-correct-search-engine.gov), then people can make a choice between your favorite site and their current one.
Also, while the Search Engine Watch site says 80% of searches are Google, I've recently seen some discussion that Google is about 30-40% of the market, Yahoo's pretty close, and there are some others out there with non-trivial readership levels.
Google's basic objective is to find sites that are interesting to humans. They implement this by using robots with some algorithms about what kinds of features are interesting to humans. Sometimes people do things that look interesting to robots without actually being all that interesting to humans (either by trickery, or just by accident - blogging got lots of semi-artificial extra recognition because of this.) I don't view correcting this as "punishment" - just "education for robots".
There was a guy called The Search King who sued Google because they derated all his tricky methods. He lost. Basically, he'd built a big link farm so he could do thousands of links to his customers' sites. (Virtual machines are lots of fun for this sort of thing:-) For the most part, his customers' sites weren't actually interesting - that's why they were willing to pay for his help, and unfortunately he didn't help them by showing them how to make their sites interesting to humans, only to robots.
Sometimes trickery _can_ be interesting to humans - the "Weapons of Mass Destruction Not Found" hack and "Miserable Failure" pointing to George Bush hack were both fun. They don't deserve to be spanked for it, though after a while the Googlemeisters will probably decide they've had their 15 minutes of fame and crank down their methodology's ratings a bit.
There are a few people, including Search Engine Watch, who go ranting about how they don't like Google's policies, and they want the government or somebody to Do Something About Them. Well, this is the Internet - rather than forcing Google to use your Politically Correct Search Order, you can just as well start politically-correct-search.com (or politically-correct-search.gov, more to the point), and if people agree with you, they'll use your site.
For those of you too young to remember the days before Google, there were other search engines, such as Altavista (the first big one) and Yahoo. The reason Google became the most popular is that they do a very good job of ranking the interesting items first, which is important when there are 39000 hits for your query. The Search Engine Promotion business, when it's not just a scam sold by spammers, is mainly about doing artificial things to make Google's robots think your page would be interesting to humans; it's much better to _actually_ make your page interesting to actual humans, and hope Google's robots pick up on that.
I just checked Google, and got 39000 hits on "roll forming". Probably the bottom 30000 of these were various articles saying "We built our airplane parts using roll forming" or whatever. But yes, Google tries to rank interesting articles first, without actually using humans to determine interestingness, so writing an article that's not only interesting but gets other people's web sites to link to it _because_ it's interesting is a good start.
The "Warhol Worm" is a hypothetical worm that takes over the entire Internet in 15 minutes, before any humans have a chance to react to it adequately, optionally followed by a "FORMAT C:". The SQL Slammer worm came pretty close to that speed (though it was easy enough to block once it was identified), and there have been a number of papers on the possibilities of such things.
This isn't one of them. It's basically the same worm we had a couple of years ago, requiring gullible humans to click on the attachment. Moore's law means that PCs are faster, disk drives on corporate Exchange servers are bigger, and lots more people have broadband connections at home, plus offices often have faster Internet pipes than a couple of years ago, and apparently the humans using Microsoft email products are twice as gullible as ever before, so this worm has been faster than it has any business being. Sigh.
Perhaps the gullibility really is in Warhol's territory. I am sending you this posting in order to have your advice. Click here for a Good Time
Depending on the format used by the mail, there are one or two places you can find the charset indicators. So tell your spam filters to discard anything with those charset indicators.
(Pay no attention to that $49 Linksys Router/Firewall behind the Gamecube!)
OK, a one-armed firewall isn't going to protect you against everything, but there are configurations where it works just fine. For instance, if it's bright enough to handle two different IP addresses on the same port, you can have it look like 1.1.1.1 to your cable modem and 10.1.1.1 to your PC, and do NAT or proxies or whatever. But even if it can only support one address, you can still use it for proxies - its address is 10.2.2.2, and your PC is 10.3.3.3 and only accepts packets from 10.2.2.2 (either by using internal firewalls, or setting the routing protocols appropriately, or whatever), plus you can set your web browser, email, and maybe POP/IMAP to use the one-armed bandit as a proxy.
Tivo can tell what you're doing because it has a data link, normally modem. Your cable company normally doesn't have an upstream data link - it's broadcast-only. They could build a cable modem into your set-top box, but that would cost money, so it's unlikely to happen unless they're selling the thing as a bundled offer.
There are a number of newbloggers and other online freelance journalists whose writing and authoritativeness compares reasonably well with that of newspaper opinion page syndicated columnists. I'd rate Cory well above, say, Charles Krauthammer. (Sorry to have to use US examples here...) He's not usually trying to do what Molly Ivins does, but when she's doing a random-culture thing, they're fairly similar in quality. Sure, there are newspaper editors who decide only to run the columns of Molly's that they like, but then Slashdot only features Cory's articles when they think they're interesting.
A nice bottle of champagne (or sparkling white made-somewhere-else wine :-) and a set of nice glasses for it can be a good thing also.
Depending on where you live, you'll probably want to save the long moonlight beach walk for summer time...
SCO's ftp site was distributing 2.4.13, last time I checked - and the allegedly infringing code is in
2.2.12, 2.4.1-01, and "2.4.x". So the
2.2.12 and 2.4.1-01 sections are covered by the GPL because they distributed it that way, and "2.4.x" might be, depending on which values of X are 13.
We can give you a better warranty than the "restocking fee" folks. I guarantee you'll like my email or double your electrons back.
John's a stubborn and principled guy. Cryptome occasionally gets DDOSed or cracked, and FBI agents occasionally knock on his door (and get their names taken down and posted on the site) and other bureaucrats periodically tell him they want stuff taken down (takedown letters get posted too), and the site is widely recognized as one of the places to go for the kinds of materials he carries. He's had to change ISPs occasionally, but basically cockroaches don't like bright lights, so they don't stay around bothering him long.
If the Chinese government wants to persecute their citizens for having the wrong religion, there's absolutely nothing wrong with making it hard for them. You can do this by deliberately misleading them, as long as you don't endanger someone else in the process, or you can do it by in-their-face refusal to cooperate (though the latter is obviously safer if you don't live in China.) Speaking Truth To Power is a good thing, but sometimes risks being more traceable.
Then the US Post Office started making rules requiring anybody who wants to rent a mailbox from their competition to provide photo ID with your true name and the address you really sleep at, and the State of California made even tougher rules about how you also have to accept subpoenas there. Then within a year or two they discovered that this had created a serious problem ; California now has a process where you can register as an Officially Battered Woman and get an Offically Battered Woman No-Address-Verification-Required Mailbox. That's still much more risky than simply renting a box used to be, and it means dealing with the legal and social-control bureaucracy far more than many people want, and it also means that if you're not Officially Battered, but just want to avoid having your ex get your current address because he's creepy, you're out of luck. Unless you use fake ID to get the box, of course. Or a business name.
That's entirely different from what the RIAA and their pet Congresscritters want, which is for the WHOIS record to provide your True Name, ICBM Address, Legal Jurisdiction, Address where you've agreed to accept subpoenas and 6am no-knock visits from the RIAA and Homeland Security, Blood type, mother's maiden name, and Internet Driver's License.
ICANN is somewhere in between. The only IP they care about is Intellectual Property, and they've always tried to insist that the Registrars collect Whois Records that have Subpoena contact information, so that if there's a trademark dispute over your domain name, the allegedly legitimate trademark owner can drag you into court, rather than forcing the registrar system to handle dispute resolution and risk getting sued by big companies that lose UDRP cases.
Ownership conflicts and not paying your bill are the only cases where taking away your domain name is justified, and therefore the only case in which providing inadequate response to contact information should lose you the domain name. It's also valuable to have working contact information in case things about your system are broken, like your DNS not resolving correctly or your email getting lost, because that's how people on the Internet help each other. The RIAA and Congresscritters are trying to extend lots more significance and control to the whole process than it's supposed to have.
Besides, even *accurate* information doesn't get what they want. Sure, the contact email addresses can point to "postmaster@yourdomain.com" , a valid address on your machine, but that doesn't mean that you read it regularly, or that you ever check your contact phone's answering machine messages. I recently tracked down a spammer to a box number in the same building as The Company Corporation, who for the last 105 years have provided convenient paperwork for Delaware corporations. Yes, that's right, you can go there and drop a subpoena in their mailbox and maybe they'll read it, and if somebody sues them for trademark violations and they don't show, John Ashcroft can burn their corporate papers at the stake at high noon and all it means is that they real owners have to spend another $100 for another disposable corporation.
A fairly common feature of email programs these days is to require users to connect using POP or IMAP before accepting outgoing SMTP connections. This means you can relay traffic for your users and not do so for strangers. It's pretty much the same as a knocking mechanism, except it's implemented in the applications rather than in the protocol stacks.
It doesn't actually use significant resources unless it's getting pounded with lots of packets, and you can limit this by only listening on a few ports, blocklisting IP addresses that knock on the wrong ports, and limiting the rate that you actually respond to requests from a given IP address. On the other hand, you have to be careful not to let the attacker spoof a bunch of _bad_ requests, causing you to blocklist a real site. Depending on how much eavesdropping capability the attacker has, this may be easy or hard.
The security advantage of this method over a single-port method with a password is that there are applications that you run which may have bugs in them, such as your SSH server or SNMP monitors, which you're not going to rewrite, and it lets you block access to them except from authorized users. It's a defense-in-depth strategy, possibly good (though it looks clumsy to me.) It can cut down on lots of the script kiddies.
Also, this doesn't have to be in your main server. This is the kind of application you could build into your firewall box, so it reduces the number of ports that can pass through the firewall, except when somebody knocked successfully, and the firewall doesn't allow passthough on the knocking ports. Of course, you could accomplish almost the same thing wiht better security by accepting SSL requests to an application on the firewall...
A non-serious cracker might have fun taking down OpenBSD a few times with an exploit like this. A more serious cracker would do this to try to convince some number of systems to stop running the most secure OS that's reasonably available and replace it with more vulnerable systems that aren't getting spanked a lot.
So maybe you need to patch a Linux OS to get some help sending broken ICMPv6 packets, or maybe you just need to do creative writing to the Ethernet. But you could certainly get MS-DOS to let you do it, and presumably also Windows.
You'll have to do your own search, because Overture claims to pay attention to REFERER variables as well as cookies. But it's interesting to see that somebody's done some experimentation with it.
Saying Google is too powerful and should be forced to carry politically correct content is somewhat like saying CNN is too powerful and should be forced to carry politically correct news, except that the Internet has far fewer limitations on capacity than cable TV and has a much lower cost for getting into the business. It's not only Wrong, but it would degrade the quality of the site, and people would go leave. By contrast, if you offer a competing channel (like Fox News or PBS or politically-correct-search-engine.gov), then people can make a choice between your favorite site and their current one.
Also, while the Search Engine Watch site says 80% of searches are Google, I've recently seen some discussion that Google is about 30-40% of the market, Yahoo's pretty close, and there are some others out there with non-trivial readership levels.
Google's basic objective is to find sites that are interesting to humans. They implement this by using robots with some algorithms about what kinds of features are interesting to humans. Sometimes people do things that look interesting to robots without actually being all that interesting to humans (either by trickery, or just by accident - blogging got lots of semi-artificial extra recognition because of this.) I don't view correcting this as "punishment" - just "education for robots".
There was a guy called The Search King who sued Google because they derated all his tricky methods. He lost. Basically, he'd built a big link farm so he could do thousands of links to his customers' sites. (Virtual machines are lots of fun for this sort of thing :-) For the most part, his customers' sites weren't actually interesting - that's why they were willing to pay for his help, and unfortunately he didn't help them by showing them how to make their sites interesting to humans, only to robots.
Sometimes trickery _can_ be interesting to humans - the "Weapons of Mass Destruction Not Found" hack and "Miserable Failure" pointing to George Bush hack were both fun. They don't deserve to be spanked for it, though after a while the Googlemeisters will probably decide they've had their 15 minutes of fame and crank down their methodology's ratings a bit.
For those of you too young to remember the days before Google, there were other search engines, such as Altavista (the first big one) and Yahoo. The reason Google became the most popular is that they do a very good job of ranking the interesting items first, which is important when there are 39000 hits for your query. The Search Engine Promotion business, when it's not just a scam sold by spammers, is mainly about doing artificial things to make Google's robots think your page would be interesting to humans; it's much better to _actually_ make your page interesting to actual humans, and hope Google's robots pick up on that.
I just checked Google, and got 39000 hits on "roll forming". Probably the bottom 30000 of these were various articles saying "We built our airplane parts using roll forming" or whatever. But yes, Google tries to rank interesting articles first, without actually using humans to determine interestingness, so writing an article that's not only interesting but gets other people's web sites to link to it _because_ it's interesting is a good start.
This isn't one of them. It's basically the same worm we had a couple of years ago, requiring gullible humans to click on the attachment. Moore's law means that PCs are faster, disk drives on corporate Exchange servers are bigger, and lots more people have broadband connections at home, plus offices often have faster Internet pipes than a couple of years ago, and apparently the humans using Microsoft email products are twice as gullible as ever before, so this worm has been faster than it has any business being. Sigh.
Perhaps the gullibility really is in Warhol's territory. I am sending you this posting in order to have your advice. Click here for a Good Time
If you send Scotty the Spammer's family to Cambodia, they'll start spamming Cambodians who get their email by motorcycle relay
Depending on the format used by the mail, there are one or two places you can find the charset indicators. So tell your spam filters to discard anything with those charset indicators.
> Where does SPAM originate? Meet Scott Richter.
1. Blocking all IP traffic to/from 69.6.0.0/18 will make some of the symptoms of this go away.
2. The 600-plus-page document compiled by the NY AG and staff was here:
http://www.oag.state.ny.us/press/2003/dec/syn2.pd
http://www.pc-radio.com/syn2.pdf
I looked up the IP address ranges on ARIN Whois, and got the following records Wholesale Bandwidth Inc (the /18) and My Email Wizard (the /24) from Westminster, CO.
OK, a one-armed firewall isn't going to protect you against everything, but there are configurations where it works just fine. For instance, if it's bright enough to handle two different IP addresses on the same port, you can have it look like 1.1.1.1 to your cable modem and 10.1.1.1 to your PC, and do NAT or proxies or whatever. But even if it can only support one address, you can still use it for proxies - its address is 10.2.2.2, and your PC is 10.3.3.3 and only accepts packets from 10.2.2.2 (either by using internal firewalls, or setting the routing protocols appropriately, or whatever), plus you can set your web browser, email, and maybe POP/IMAP to use the one-armed bandit as a proxy.
Of course they'd get slashdotted - the screenshots add up to bigger than the ~1MB downloadable image...
Tivo can tell what you're doing because it has a data link, normally modem.
Your cable company normally doesn't have an upstream data link - it's broadcast-only. They could build a cable modem into your set-top box, but that would cost money, so it's unlikely to happen unless they're selling the thing as a bundled offer.
They're toast now. Pingin' for the fjords. Shuffled off this mortal coil.
There are a number of newbloggers and other online freelance journalists whose writing and authoritativeness compares reasonably well with that of newspaper opinion page syndicated columnists. I'd rate Cory well above, say, Charles Krauthammer. (Sorry to have to use US examples here...) He's not usually trying to do what Molly Ivins does, but when she's doing a random-culture thing, they're fairly similar in quality. Sure, there are newspaper editors who decide only to run the columns of Molly's that they like, but then Slashdot only features Cory's articles when they think they're interesting.