Slashdot Mirror


User: billstewart

billstewart's activity in the archive.

Stories
0
Comments
7,948
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 7,948

  1. Re:If they did it to my NTP server... on Netgear Routers DoS UWisc Time Server · · Score: 1

    The main reason you might want to give them wrong answers is that if a human is using the time, a (very) wrong answer is more likely to be noticed than a correct answer, which means that maybe the thing will get fixed. On the other hand, if it's not slowing down when you give it an response, the probable cause was that the response is getting blocked somewhere and never received, so it probably doesn't matter what you tell it.

  2. Re:If they did it to my NTP server... on Netgear Routers DoS UWisc Time Server · · Score: 1
    It's fun to do that just to tweak them, but that's been accomplished by now, and won't solve the real problem, which is getting all those routers to leave UWisc alone :-) There are several different categories of these routers out there, though:
    • Routers where the owner is actually using the time server functions to set their PCs' clock. If you hand them a really wrong time, such as Year 1900 or 1980 or 2036, they'll notice something's wrong and probably contact support or read the FAQ that tells them to update their router, and you all win.
    • Routers where the owner isn't using the time server features to set their PCs' clocks, so the router may have some weird timestamps in the log files if anybody checks, but probably nobody does. You don't totally win, but there's no damage here. It does have the advantage that if you give the router an answer to it's query, it'll slow down and only check occasionally.
    • Broken routers that don't slow down just because you gave them an answer. Might as well give them the wrong time too, in case anybody ever notices.
  3. Law and Deep Linking on Netgear Routers DoS UWisc Time Server · · Score: 1
    No, there wasn't a law about deep linking. There have been a few court cases about it, brought by people who didn't have the technical clue to use their web server to control the way their site handles linking, and one or two judges who are clueless about how the Web works (either technically or socially, or even to the depth of understanding that a URL is like a footnote indicator) have ruled in favor of the plaintiffs.

    If there's a legal cause of action here, (which as a non-lawyer I don't have a qualified opinion about,) it's not a "You Intellectual Property Thief! I want a Gigantic Punishing Damage Award!" or probably even a "You Dangerously Negligent Clod! I want a big punishment award so you don't do things this stupid again!" - it's at most a "Hey, you're at fault in this accident, you need to pay my costs and clean up your mess" kind of lawsuit, and in fact Netgear is working with them to clean up the mess.

    UWisc published their time server in the lists of publicly available NTP servers at the standard NTP web site. Netgear obviously didn't ask for permission, because if they'd reached anybody with a clue, the answer would have been "[Expletive deleted]! No! Please don't do that!"; UWisc got Slashdotted with Extreme Prejudice here.

    Now, hardcoding an IP address that isn't magic (like 127.0.0.1 or 192.168.0.1) is technically clueless, and hardcoding an address that doesn't belong to you is not only technically clueless, but clueless from a business standpoint, because your stuff will break if the other people move their server or change their IP address, which happens all the time, and because they might stop providing the service you're expecting, and of course because it's rude, and rudeness isn't good business practice.

  4. Timeserving for your home, and firewall hygeine on Netgear Routers DoS UWisc Time Server · · Score: 1
    > Why does a home-network router need a clock so badly, anyway?

    If you want your machines at home to know what time it is, and all have the same time, then either you have one machine be the master and everybody else get their time settings from that, or else each machine has to do this on its own, or you have to coordinate which of your machines gets it from which of your other machines. Your router/firewall box is a good server for this kind of application, and it'll always be turned on, while you might turn off one or more of your other devices.

    Also, if the public side of the firewall fetches the time from some real server and the private side of the firewall lets PCs fetch the time from the firewall, then the firewall doesn't need a bunch of rules about letting N different kinds of time protocols through it, so there's less configuration, less opportunity for exploits, and less opportunity for mistakes (though "mistakes were made" here anyway :-) It's much cleaner and simpler, and you only have to worry about exploits on the particular protocol that the router uses to fetch the time for itself, not all the possible exploits on other ports and protocols.

  5. Re:Brain-dead auto-responders... on SoBig: Worst is Yet to Come · · Score: 4, Interesting
    This has been discussed a bit on the NANOG list. The ideal place to do the virus scanning would be during the SMTP transmission phase, rather than after the fact, so you could fail the transmission with a "553 go away you virus!" (and maybe a teergrube) instead of accepting the message and sending it to the forged From: line. (It looks like Sendmail milters give you hooks that could be used for this.) That way, if the virus runs its own SMTP, it gets messages that it ignores, and if the virus abuses it's victims' email programs, then they'll get the warning, but the From: won't.

    Alternatively, if you're going to do the virus check after the mail's been accepted, it sure would be nice if the virus-checker programs kept track of which viruses usually forge the sender and which don't, so it can skip the bouncegrams on the forged ones.

    Dave Farber's been mentioned in the press - his mailing list is very large and gets quoted a lot, so his address is in lots of people's mailboxes and gets forged a lot.

  6. Fast Cost-Effective Repair Technique on SoBig: Worst is Yet to Come · · Score: 0
    1. Put the Knoppix Disk in the CD-ROM drive.
    2. Duct-tape the CD-ROM drive cover shut.
    3. Turn on the Big Red Switch.
    4. ....
    5. Profit!! Er, well, ok, at least stop losing...

    This won't always work, depending on the hardware - sometimes you'll need to use a different disk and type in "LILO".

    And if an "Unhappy Mac" icon appears on the screen when you boot, then remove the duct tape and the Knoppix disk, and rebooting will work just fine too.

  7. Power Outage "Vacationers" not a problem on SoBig: Worst is Yet to Come · · Score: 1
    They've had their computers turned off while they've been out - so they can install virus updates before turning on their email, and their email sysadmins can clean some things up and spam-filter them. Too bad if some of them really _did_ want to send a "Wicked Screensaver" to all their friends :-)

    And the amount of virus warning everybody's gotten is enough to reduce the percentage who click on the stupid attachment from 10% to 1% so the thing won't propagate as fast.

  8. Nethack has been ported to MacOS X. on Mac OS X Classic Games Roundup · · Score: 2, Informative

    According to nethack.org, Nethack has been ported to MacOS 10 as well as 7.x - 9.x.

  9. Bitter about Simon's defeat?? on Georgy Tells Why She Should Be California Gov · · Score: 1
    There are probably three Republicans who are bitter about Simon's defeat, and nobody else cares - you've already failed your political IQ test :-) People are voting against Gray Davis because he's a bleeding financial incompetent who was elected partly because he was a consummate insider Democrat Party Hack and partly because he wasn't Bill Simon, and the Democrats had scared enough people about Simon's abortion position. Yes, some of the petition-signers don't have a clue, or a doing a partisan Republican thing, or are just grumpy about a bad economy, but nobody's doing it because of Bill Simon. (Because of Darryl Issa, the Republican who funded most of the drive, yes, but Simon? Nah.)

    When the dotcom boom was going on and people were predicting that we'd all be Mozillonaires in a couple of years, the state government predicted that tax revenues would keep rising radically and that they'd have a great surplus and that they should spend it all right now, and the only part of that that really materialized was the "spend it all right now" part, though revenues have risen at a moderate rate - which is why we have a $35B deficit now, which is $1000 per resident. Davis and his budget folks didn't have the responsibility to restrain their greed or even to recognize the slowness of the real growth and steal pork from the Republicans instead of from non-existent future revenue.

    While the electrical regulation system that Pete Wilson put in place took a couple of years to be successfully gamed and collapse, Gray Davis was in charge for much of that time and was too stupid to have advisors that understood it or could fix it.

    Gray Davis is the worst governor we've had in California since, well, Pete Wilson (who was more evil but less greedy), and he deserves all the disrespect he's getting from this recall. Parliamentary systems, which most of the world has, are designed to throw out politicians when they reach their level of incompetence, and they're as stable as the underlying environment - California's highly unlikely to end up with a "politician with a dangerous agenda" who's worse than Deukmeijan was, and the more likely kind of dangerous agenda we're likely to get is another greedy and fiscally irresponsible incompetent like Davis.

  10. It works for Ahnold, why not for Georgy... on Georgy Tells Why She Should Be California Gov · · Score: 1

    Yes, Conan the Republican does have political opinions, and he's not dumb, but he's basically there because he's got the money to do it. Admittedly, with a governor who's an immigrant we're likely to have less of the old Pete Wilson immigrant-bashing policies, but I still don't see voting for him except as a way to vote against Cruz Bustamente (and the main reason to vote for him, if you're not a Democrat, is to vote against Ahnold.)

  11. Duh, 6502, not 8502 on Georgy Tells Why She Should Be California Gov · · Score: 1

    Probably still Wordstar, or just Frogger...

  12. Correction, Georgy's a Democrat on Georgy Tells Why She Should Be California Gov · · Score: 1

    CA Secretary of State web page is back up, and she's listed as a Democrat.

  13. Re:wasting time with marijuana issue? on Georgy Tells Why She Should Be California Gov · · Score: 2, Insightful
    Eh? Do *you* know anybody who seriously thinks marijuana prohibition is a good idea and not a total crock that's ineffective at keeping teenagers from smoking, highly effective at funding criminals and gangs, and a waste of time for policemen and jailers who could be locking up *real* criminals?

    For some people it's a priority issue, for others it's not. My father died of cancer in a state which doesn't have medical marijuana, and it might have helped his last couple weeks of life. The reason it's not available is that the Political Correctness of the prohibitionists means that it's more important to maintain the drug war than to help sick people. And personally, I like the stuff once in a while, just as I like whiskey once in a while, and I find it personally offensive that the drug warriors think they own my body.

    My highest priority is probably fiscal responsibility and cluefulness here, and while almost anybody including Georgy is better at that than Gray Davis, I'm not sure she's up to the job. But at least she's starting off with a political position that says she respects Californians' rights to their own personal choices.

  14. Re:"Both" parties? on Georgy Tells Why She Should Be California Gov · · Score: 2, Interesting
    Eh? There are more than two parties, and lots of independents who voted for this recall. Georgy's running as an independent, and until Arnold formally declared and Bustamante got in, the lead candidate was the Green Party's Peter Camejo. There are Libertarians and Greens and American Party and Peace&Freedom and Natural Law candidates and lots of independents running. (Probably others, but the CA Secretary of State website list of candidates is currently broken so I can't check.)

    Davis *is* an idiot. He inherited a broken system set up by previous State Reptile Pete Wilson (who was from the Social Conservative side of the Republican Party, not the Fiscally Responsible side), which had been running long enough to display its weaknesses but not long enough to collapse, and he and his advisors weren't bright enough to either understand the problem or to fix it. I didn't expect him to, but I didn't expect a long-time insider like him to fail so spectacularly in so many ways :-)

    I'll probably vote my conscience and partisanly pick Jack Hickey the Libertarian, but he's got a *really* bad website, and I may vote for Georgy.

  15. CA Budget Deficit on Georgy Tells Why She Should Be California Gov · · Score: 2, Insightful

    The real question is "How did CA *get* a $35B budget deficit?" The answer was basically that back during the dotcom boom, everybody's personal income was expanding by X% a year and corporate income by Y% a year, and if you believed everybody's business plans ("Enhancing Shareholder Value and Becoming Mozillionaires!"), CA's tax revenue would increase by the astounding rate of Z% a year, giving the State a humongous surplus so the politicians were busy arguing about how to spend it all before it got away. Of course, those predictions were all pretty bogus, and while tax revenues per Californian did keep going up, it wasn't as fast as spending went up, so we got a huge deficit. Cut back per-capita spending to about 1998 levels and there's no deficit.

  16. Re:Emacs on Georgy Tells Why She Should Be California Gov · · Score: 1

    IIRC, somebody looked at the code Terminator-1 sees when he's adjusting his eyes, and it was 8502 assembler. So he's probably using Wordstar...

  17. Decentralized Names in Plan 9 on DNSSEC: Good Enough? · · Score: 1
    You were probably just flaming, but the Plan 9 From Bell Labs operating systems folks did some good work on decentralized naming, which is their approach to things - See Pike & Weinberger's "The Hideous Name".


    Thanks; ihnp4!arpanet!pobox!bill.stewart

  18. Consistency, not True Name Identification on DNSSEC: Good Enough? · · Score: 3, Interesting
    DNSSEC means that if somebody sends you IP packets at anonymous-coward-43.com, they can be cryptographically certain that they are using the IP address that the owner of anonymous-coward-6.com currently wants to advertise. Nobody had to mess with True Names here - this isn't solving the problem of verifying that Anonymous-coward-6.com belongs to John Smithy, who's the heavy guy with the slightly greying beard and the name anonymous-coward-43 tattooed on his arm who lives at 1500 Pennsylvania Ave and has Amex number 8811-432612-990433. This just means that when the Name Gods issue you the domain name anonymous-coward-43.com, you give them the admin key for the DNS as well as the money.

    It's unfortunate that the ICANN Gods want to require everybody in the world who sells domain names to get a True Name and Subpoena Address and ICBM address and Retina Print in Triplicate in return for letting you use the name, but you knew that when you got the name. And if you're using a subdomain Number-6.anonymous-cowards.com, and the people who run anonymous-cowards.com will let anybody get a subdomain name without providing all that personal data, you're still protected - you've got a cert that anybody who wants your IP address can use to verify that it's really yours and not some proxy server at fbi.gov.

  19. You're busted - hand in the license now! on During Blackout, Ham Radio Shined · · Score: 1
    Sorry, but you're not allowed to use indecent language on ham radio, and you just did, so your ass is busted for saying "ass". The service may suck, but you can't say "sucks", even though Beavis and Butthead got away with widely saying it on TV and it's become common language. And you'd better not go using SSL forms to encrypt your credit card number on any websites, because encryption is illegal on ham radio.

    But yeah, it's kind of fun technology, if it weren't for the fact that the FCC can bust you any time you say anything not politically correct on the air, not that they usually bother.

  20. What good is Censored Communication? on During Blackout, Ham Radio Shined · · Score: 3, Informative
    Yes, hams get to play with cool toys. But ham radio is censored - it's self-censorship by the users, under the threat of license revocation and social pressure from other hams, but it's still censored, and that makes it much less useful. That's why unlicensed spectrum like the 2.4GHz band used by 802.11b and 5GHz used by 802.11a are *so* critical. We could do so much more if the ham bands weren't censored.


    Hams aren't allowed to talk about business on the air (unlike CB radio or some of the other mobile bands), because that got in the way of the FCC's New Deal views of how they wanted to regulate the quasi-nationalized airwaves and monopoly telephone and radio broadcast companies, and they're not allowed to use encryption (it took a long time before even ASCII was officially recognized, because it's a Code that's not Morse) because Foreign Spies might use it, and I think you're still not even allowed to use Bad Language because it's a broadcast medium (that doesn't totally suck, because it is more polite, but since you can lose your license, it still sucks.)

    CB radio used to be semi-censored and did require licenses, and was limited to 5 watts which was usually a moderate distance in those days, but the FCC lost control of it during the 1970s flood of truckers and low-cost radio hardware, in spite of it being a very limited band. So some guy in Florida with a kilowatt linear ham amplifier could blow out CB radios across half the country... And you can use walkie-talkies with very limited range - the non-licensed FRS stuff pretends to go two miles, but you're supposed to have a license to use the GMRS channels which pretend to do 5-7 miles.

    The ARPANET had its Acceptable Use Policies against non-official use, and its unofficial very flexible policies that you could talk about anything you want _except_ business, and about official government-or-university-research-related business, but companies that had Arpanet connections and UUCP connections couldn't technically relay email between them unless it was AUP-permitted email. So as the Internet evolved, and had the connectivity to be much more useful than dialup UUCP mail, it was very hard to tell whether you could legally send somebody email about business that your company was doing with their company, because it might be crossing AUP-censored territory. Eventually the Commercial Internet Exchange was formed to let normal businesses use Internet connections, especially email, without violating those laws or policies. But that worked because network connections use wires and fibers that can connect private entities, even if you use TCP/IP on them, while Ham Radio uses the nationalized radio spectrum so it can't escape (unless you wanted to use ham radio technology in metal pipes or something silly like that.)

  21. Peer-to-Peer vs. Centralized vs. Popularity on During Blackout, Ham Radio Shined · · Score: 3, Insightful
    Ham radio was really useful during the blackout, but that's mainly because of the users being good at emergency response, not the technology, which had pretty low capacity.


    The wired telephone network did really well during the blackout, because it was designed with separate reliable power systems, big batteries, generators, and a concern for reliability; except for a few isolated power problems, the real trouble that wired phones had was that too many people were trying to call so there were some capacity issues. Cell phones have similar issues, but the overloading capacity problems are far worse, and the failure methods aren't as clean, and unlike the wired phone network, there aren't decades of work on how to make sure that "important" users get priority during overloads.

    Peer-to-Peer systems scale well, and theoretically they'd do better than centralized problems in some kinds of emergencies, but they have to be designed correctly to avoid the overloading-and-failure problem as well. (For example, Napster scaled really well within clusters, but the earlier Gnutella things run out of indexing capacity after a while.)

    So you'd expect Ham Radio to be great, because everybody can talk directly to everybody else once they pick channels, but it's not really that way. When two radios can reach each other directly, and it's an emergency situation, everybody's polite and well-trained enough to prioritize and let the doctors and firemen and police talk to each other and move the idle chit-chat or the "Hi, Marge, I'll be home really late" personal calls to other channels. HF seems to work that way, and CB radio Channel 9 somewhat did, but other CB channels are a total zoo, kind of like Usenet without the scalability. But a large fraction of the cute little handheld ham sets (2m, 70cm, etc.) are repeater-based - there's a repeater up on a hilltop with N channels of transmit and receive which lets the little sets get lots of distance without lots of power, kind of like one big cell site per hilltop. It works really well when it's not overloaded, but its only overflow protection is polite users, and that means that if it's too busy, you can't get through, but the busy signal is friendlier and more interesting. One repeater that got mentioned at ARRL.ORG handled about 500 messages over 20 hours, which is about one call every 2 minutes - not a heavy load.

    Does anybody know how well ham repeater towers did for power during the outage? I'm guessing most of them are well-enough designed, with batteries and solar to support most of their needs rather than depending on line power, partly because hams are good at that kind of planning and partly because volunteers would rather not have to drive up some mountain during bad weather to fire up a generator just because the power line went down when they've got better things to do.

  22. Political Problems with DNSSEC on DNSSEC: Good Enough? · · Score: 5, Interesting
    Some of the problems with DNSSEC are technical - most of them have to do with making things fit inside 512-byte packets and not breaking too many server implementations. But the big problems have been political, including politics implied by the protocol structure and politics that's separate from it.
    • Old US Fed Attempts to Stifle Crypto - Back in 1993, when DNSSEC was drafted, the US government was still doing the Cold War thing of pretending that there were Commies who shouldn't be allowed to have Crypto because their Spies could send Unbreakable Messages, and the FBI was encouraging them to maintain this charade because crypto might make illegal wiretapping difficult and mass wiretapping expensive. So Open Source publishing of DNSSEC code on the Internet or export to other countries was threatened by all the rest of the anti-crypto Export Law stuff, even though it only needed digital signatures and not encryption - because RSA digital signature code is also usable as encryption code, and because good digital signatures make forgery impossible. At one point, John Gilmore got approval for exporting a "bones" version of DNSSEC (with the crypto code removed) and then the approval got yanked shortly afterwards, in spite of their being no adequate legal justification for it. DNSSEC was pretty much stillborn because of those politics, which was too bad because we could have had a DNSSEC in place when the Web thing was taking off.
    • Hierarchical Nature of DNS - For many security and political applications, a hierarchy is a Bad Thing, because it means that somebody's in charge, and that there's one big weak point to attack it with. That doesn't seem to be much of a problem for DNSSEC, because it's piggybacking on DNS, which is inherently hierarchical. Sure, there's all that ugly politics about who gets to sell the name example.com and who gets to resolve conflicts if multiple companies want to be the One True Owner of the domain name example.com, but getting the folks who manage official assignment of the name example.com to sign the DNS record is a simple technical implementation, just as getting them to put the IP address in the DNS server is - it's *much* simpler than getting them to send the bill or the renewal notice correctly.
    • ICANN Ugliness - Of course, all this was mired in political ugliness, and the ICANN Name Gods fundamentally weren't interested in doing the right thing technically - they were interested in doing the power-grab thing on the intellectual property trademark space, not in technical administration. And the people who fight about name space ownership and collect your registrar money aren't really the people who run the physical root and .com DNS servers, many of whom worked for organizations funded by the US Government, who weren't going to push for crypto protection.
    • Multiple Name Registrars, Single Keys - There's a big ugly gap in the DNS hierarchicalness, which is that multiple registrars can sell you the name example.com, but there's only one DNS Signature Key for .com - does that mean that 50 random companies around the world can all be trusted to own those keys and not leak them? Fat chance! But the protocol wasn't designed for that kind of sharing.
    • One Root To Rule Them All, again - If there's only one Root, and they don't get it to buy in to the plan, which they didn't, and it doesn't sign the keys for com, edu, etc., or the country codes, then there's no clean way to bootstrap the system. Sure, there were all the alternate-root guys trying to compete, and any country-code TLD administrator (e.g. Tonga's .to) could have created a key for their TLD and started signing keys, but without The One True root key, eventually it falls apart. Tonga or Norway or someone could declare themselves to be the head of the Cabal, issue a Root Key, sign other TLD's domain name with it, and start selling more DNS names to people who wanted them, and
  23. Happened to Real Mainframes too! on Watercooling Drifting Mainstream · · Score: 1
    Back when Real Programmers used Real Mainframes (IBM Big Iron, or funkier machines), they were of course water-cooled, not like those Volkswagen-esque programmable data processor thingies. I was an undergrad at Cornell in the mid-late 70s, and sometime around then, the water-cooling system for the school's mainframe sprung a plumbing leak and dribbled on the mainframe. Needless to say, this was Bad.

    I think the machine was out for a month or so, but maybe that long outage was when they were having trouble getting the thing to be happy with its 4th Megabyte of core memory.....

  24. Re:Legal Issues of Working on Electricity on Solving a Wiring Mess? · · Score: 1

    Yup. That was my point - thanks! One additional wrinkle on it is that I don't have a *clue* about Canadian laws, if any, about electrical inspectors or electrician licensing, except that Darwin and Murphy both stop by Canada on occasion, so the bits about back away and don't fsck with it still apply. Latin America also uses US-flavored electricity.

  25. Ineffective Laws have Negative Value on Louisiana Tries Anti-Spam Law · · Score: 1
    Ineffective laws have no positive value beyond the elected official getting to claim he helped to "Do Something" about Spam in the free snail-mail he sends his voters. Ineffective laws do have Negative Value, though.
    • They don't reduce the amount of spam.
    • They reduce the respect people have for the legal system - it's just stupid.
    • They give the spammers another hook to pretend to be legitimate.
    • They _may_ make spam explicitly legal if the spammers follow the rules carefully.
    • They _may_ interfere with legitimate email, if they're not careful, and legislators have a long history of not being very careful about things they don't understand very well (e.g. you might have to get handwritten paper permission to put somebody on your email list, as opposed to letting people sign themselves up with majordomo.) But spammers will routinely violate the laws.
    • They *often* try to ban anonymity and pseudonyms and other communications tools that are critical to preserving civil liberties. Yes, you can argue that I don't have the right to send you anonymous mail if you don't want it - but I *do* have the right to send anonymous mail to my Congresscritter, or to my friends Alice and Bob, and I occasionally post things as Anonymous Coward here on Slashdot, if I'm saying something that's especially trivial or tasteless or want to make it clear that I'm not posting my company's opinions.

    The only times I've seen anti-spam laws help anything have been by accident - a few years ago there was that failed attempt to pass an anti-spam bill in the US Senate, and spammers got in the habit of footnoting their mail with phrases about "According to Senate Bill S.1618, this email is Not Spam",, which were blatant lies but very unique strings that were easy pickings for a spam filter.