I have enough grief with FC3 'knowing' MACs
on
DECnet Isn't Dead
·
· Score: 1
DECnet addresses map into MAC addresses. For instance, the DECnet address 3.100 maps to AA-00-04-00-0C-64
I have enough trouble with FC3 boxen that complain tht their physical address has changed (due to the luser concerned having applied 240v instead of the generally accepted low lan voltage to the RJ45 connector, etc), plus the overall headache that is DHCP based on MAC addresssses, that the last thing I need is a bunch of machines changing their apparent MAC addresses to fit with some crufty network architecture that I expunged from my network over 10 years ago.
Not to mention the general nightmare that is trying to cram all of those DEC network drivers into high memory on Win9x/DOS to save on base memory so you could provide network services via PATHWorks.
No thanks. I do have a VAX, but I'll make do with the wonderfully broken network interface that is TCP/IP Services for VMS, rather than inflict DECnet on my LAN.
Indeed, and what sysadmin could resist entering the following for each user on their 'I hate you' list:
$ UAF="$AUTHORIZE" $ UAF MODIFY VICTIM1/FLAGS=GENPWD/PWDLIFETIME=1/PWDMINIMUM=28 (rince and repeat for victim 2, etc..)/FLAGS=GENPWD forces the user to use generated passwords./PWDLIFETIME=1 sets the password lifetime to one day./PWDMINIMUM=28 sets the minimum password length to 28. The generator generates passwords of the minimum length to the minimum length + 3, and 31 is the maximum.
Users soon learn to A) Buy you several beers to reverse this measure, and B) not to mess with you ever again.
> Are the UK ISPs incompetent, overwhelmed, or more laisse-faire?
Yes and No.
Some ISP's are incompetent, or atleast more concerned with profits than consumer safety.
However, the larger part of the problem is the way that the population of the UK are being conditioned to not take responsibility for their actions. We have already arrived in the 'Caution! Hot Coffee' culture.
What does Joe Average care that his PC is peddling 419 scams, dubious pharmacy products, and phishing attempts, provided that he can still read his MSN Hotmail? He knows how to click on icons, and read mail. He may hear about virus outbreaks in the news media, but assumes it's a technical problem that he cannot (or will not attempt to) understand.
Microsoft aren't helping either. XP-SP2 was a start, but a typical microsoft botched offering given the ease in which worms, spyware, and other malware can get onto a system. Microsoft have handed a bunch of inexperienced newbies the internet equivalent of a chainsaw, with no instructions on it safe use. The fact that my DSL router with it's 10 minute inactivity timeout has not gone off line for over eight months is testimony to that.
For these users with their high bandwidth and low clue, there is a solution, which is the appliance PC; a box that is managed remotely, that Joe Average can use safely. For those with the ability to make art with chainsaws, there's a proper internet connection, but where is the commercial value in that for the ISPs when less than 5% of their customer base have a clue?
Personally, I think some form of computer driving license is in order, or atleast a change in the law to make owners of compromised systems liable for the damage those systems do. Perhaps that will force a change?
A train guard doesn't work in the same capacity as a security guard, although safety of the train and the passengers is his primary responsibility, secondary tasks include ticket inspection (and selling), customer assistance (announcements, assisting disabled passengers, etc.), and so forth.
That said, the guard on this service didn't appear once during the entire journey (and I was on the train from Portsmouth Harbour). However, "Daniel", the 'steward', who kept promising that he'd be wheeling a trolley through the entire train selling coffee, tea, and suspicious sandwiches at excessive prices, somehow promoted himself to 'Catering Manager' by the time we reached London, and decided to stay in the front car as far as we could tell.
On my way to London the other day, I was sitting in the 'Quiet Zone' car of the train. There are notices on every window asking people not to use Mobile Phones.
This moron gets on at a station, and quite obviously reads, and decides to ignore the notices, and makes about a dozen calls to people which I didn't want to listen to. However, it became quite obvious that this person was engaged in a mobile/SMS/MMS marketing campaign, and various other things he said suggested 'spammer'.
Of course, rule #3 states that spammers are stupid, and this one was no exception. He rattled off at great length a list of sites, usernames, and passwords for various SMS distribution services.
I pulled out my newspaper and pretended to do the crossword, writing down every group of site, username, and passwords. I have not done anything with them yet, but I'm sorely tempted. However, as my handsets are all registered with the TPS (the UK equivalent of the FTC do-not-call lists), I'll wait for a marketing SMS to be crapped into my phone before being tempted further.
If you are 'evileye' (what a stupid username), you might be more careful about where you use your mobile next time..
British Rail was the name used by the last nationalised rail network. Since the government sold off pretty much everything to private companies (with or without various unenforceable guarantees about service levels, etc.) there has been no such entity as British Rail.
Railtrack (alias Railcrack, railcrap, etc.) gave way to the current quasi-non-governmental organisation (Quango) called 'Network Rail'.
Network Rail STILL cannot work out the easiest route between Ryde Hoverport and Ryde Esplanade (Clue: Use the footbridge, the distance is fifty feet). If you'd like ask them yourself, enter the necessary details at Their journey planner page
While you are doing this, please spare a thought for those of us who have to use their service on a regular basis. Thanks.
Actually, I now know who was responsible. It was a case of 'I want a CD Writer, he has a CD Writer, he isn't here, I have his CD Writer'. The person concerned has now been shot, stapled, blown to bits, electrocuted, irradiated, mangled, hang, drawn, and quartered, and told not to do it again.
It won't affect the servers, as they all monitor each other and complain (by email or SMS if one of them unexpectedly goes away) (and all of the component serial numbers are known). (Not that the miscreant can get to them, or my spares cupboard) anyway...
Apart from the usual hangovers, I managed to take a break over the xmas/new-year period. On returning to work, the usual number of things had quit, crashed and burned, or otherwise died and were quickly righted (if 'righted' is a word that can be used in the context of a Win32 system that doesn't involve dipping the hard discs in acid or a several MegaTesla field).
My main problem was that a new machine, prepared for a new user, left in a perfectly working condition before the holidays had mysteriously stopped working. It had mysteriously also grown a different CD drive, and of course nobody was willing to admit that they messed with it.
After the visions of barbarian hordes trampling the user base had subsided, it took most of yesterday and today to resurrect this machine into some sort of sensible order.
Of course, you don't need to know this. You already know that trying to administrate a network full of users with windows boxes is similar in terms of it's futility level as trying to herd cats.
As for the real problem, which is 2038, I intend to be happily retired by then, and then come back and charge quite stunningly outrageous fees for fixing all the broken 32-bit code out there.
For the record, a 32-bit signed number of seconds based on 1st January 1970 expires on Tuesday, January 19th, 2038 at 3:14:08 UTC. This is the format used by 'Unix Time', and appears in code all over the place. (Pretty much anything written in C) Back in the days of VMS, which measured time in clunks (a clunk was 100 clicks (1 click = 1ns), 864,000,000,000 clunks in a day) and stored it in a 64-bit quadword, with a base time of 17th November 1858 (Modified julian calendar base). 64 bits worth of clunks is enough to go to the year 60312. Ansi COBOL's base time is the first of January 1601. (As if you needed reminding how old and crufty COBOL is...;-)
Current (Win32) versions of windows use a counter representing periods of 100ns from 1st January 1601, however that applies only to code using the win32 API, and not the functions.
Because time_t is declared as a signed long, it should be 64-bits on 64-bit platforms, as 'long' is supposed to grow with the architecture, however most C compiler writers seem to have chickened out of that and 'long' seems to have become a de-facto 32-bit quantity.
This is where user filesystems with noexec comes in very useful, which MS probably could implement on a directory level. I.e. allow exec from C:\Program Files, and C:\Windows, and prevent ordinary users from writing to them.
Yeah, like thats going to happen. Just how many broken programs are there that require write access to C:\WINDOWS ?
However, if the intention is to prevent malicious code being executed via buffer overruns, then the NX bit is one part. Preventing executable memory from being written, and protecting the protection mechanism (not allowing user mode code to change permissions on pages protected by the executive) is also necessary.
I have some schematics of PDP11 processors, and several thousand fiches of technical documentation from that era. If I had a working fiche reader, I could tell you;-)
For NoExecute to work properly, code sections need to be read-only. See notes in my previous comment. Merely marking data no-execute doesn't prevent valid instructions from being overwritten unless they are protected, and that protection is also protected. (I.e. it's no good having code sections which are marked no-write, if the latest IE bug-du-jour can merely change the permissions from user mode. It has to be a kernel mode operation).
Neither. At least fourth, possibly not even in the points...
Back in atleast 1980 (and probably earlier), according to my VMS 2.0 Source listings[1] (no, it's not open source, you can't have it), the VAX processor supported no-execute.
Each program is made up of PSECTs (program sections), which have various flags which specify the properties of the memory section when the program is loaded into a processes virtual address space. Such flags as RD and WRT specify memory protection. Flags such as SHR specify whether pages can be shared among processes, and the EXE flag specifies whether a page can be executed. There are a bunch of other flags, concerned with whether code is position independant (PIC), or alter it's score (GBL,LCL), or relocateable (REL).
Typically executable code would go into a PSECT marked RD,NOWRT,EXE,SHR which would allow multiple users running the same installed program to save memory by simply mapping the executable pages into both processes, however neither process could write to those pages. Program data, on the other hand, would typically be mapped into sections marked RD,WRT,NOEXE,NOSHR which would provide each process with their own local data pages, to which they could write, but which they couldn't execute.
Any attempt to do so would trigger an SS$_ACCVIO (the VMS equivalent of a segmentation fault) and bring a typical program to an abrupt end, unless it could handle that error.
So, twenty+ years later, and the two manufacturers are making a big thing about NoExecute. Yawn...
While it will certainly do a lot to prevent the typical buffer overrun attack, by itself it isn't enough, as the overwhelming majority of development tools don't properly protect executable memory. Unless a program has very good reasons to be self-modifying, it needs to not only mark it's DATA pages non-executable, but mark it's code pages non-writable. As the GNU compiler was working on VMS well over a decade ago, if I were to bet on which platform would have the majority of it's compilers 'EXE != WRT' compliant, I know where my money would be.
Jim
[1] DEC Part number AH-H159B-SE ('VAX/VMS V2.0 SRC LST MCRF/226') for the truly interested.
> Further, can they legally call them the 'W' word?
Why not? There is a glazing company near me, whose vans I see regularly on the roads on the way in to work in the morning. They are called 'MS Windows'. and they did register mswindows.co.uk (Microsoft lawyers can check registration at whois.nic.uk). No website (and their DNS servers are acting strange). One of these days, I'll grab a photo..
Given the concentration of spammers in Florida, particularly around Boca Raton, perhaps these researchers would do the 'net a favour by pointing their super-whatsit electromagnetic data rearranging device in the general direction of the slimeball's hard drives, backup tapes, and anything else ferrous the spammers may have at home (visions of flying knives, irons, golf clubs, etc...)
DRM or not, any application has to talk to the hardware at some level. Unless microsoft ship binary only sound/video drivers that can't be hacked to write video/audio data out through network or unix domain sockets, or/proc devices, then anyone can access protected content digitally, before it gets to the output device.
We already know that the SB Audigy turns off it's digital outputs when playing DRM-enabled content under windows. I doubt very much that open source drivers would bother to implement such a feature.
If Microsoft do ship binary only sound/video drivers, they won't work for long, as the kernel interfaces will probably change, again. Besides, there are just too many cards out there. By careful manipulation of the VM subsystem, all driver I/O can be redirected in interesting ways anyway.
Question is then, does this make the linux kernel a 'circumvention device' in the context of the DMCA? Perhaps this is the goal?
I'm an INTP, and I never realised it. So I read up on the other types (table of links at the bottom of the page). Fasinating. I shudder at the thought of waking up some day as an EFSJ.
I don't know if the slashdot poll code can handle 16 options, but I suspect that the "fairly uncommon (less than five percent of the population)" people are probably more like 90 around here. Perhaps it is time to find out.
The most truthful point is that nobody ever remembers when you're right, only when you're wrong. This is probably why I've not had a raise for some time.
One of the best ways of attracting public interest, and (eventually, once the people who have become interested gain power) funding is to open your doors and make interesting educational programmes about your work. Get into schools, colleges, and make sure everyone knows where their money is going, and how government cutbacks have placed a stranglehold on your research. Let the crackpots join in, and let them make fools of themselves infront of millions. Problem solved.
Microsoft Works is not an abortion, it's an oxymoron
Like 'Taped live', 'Military Intelligence', 'Tax Return' or 'Government Organisation'
OXYMORON n.: A rhetorical figure in which an epigrammatic effect is created by the conjunction of incongruous or contradictory terms
More oxymorons here and here (and I'm sure you can search google for more.
P.S. Could someone please explain what 'Commonwealth affiliated' means in one of the replies above, for the benefit of us UK folk, to whom 'Commonwealth' means something probably quite different.
Our first real unix machine was a Masscomp MC6300. They were bought out some time ago by some organisation which had a double-parallelogram sytle logo, which I can't for the life of me remember the name of. Anyhow, it had 4Mb RAM, Motorola MC68030 CPU at 50MHz, MC68881 FPU, and an onboard SCSI controller.
Attached to this SCSI controller was a bridge module, which controlled two MFM hard drives (We had a Micropolis 81 (an old DEC RD53) and a Maxtor drive (a DEC RD54 (which for some really wierd reason had a built-in speaker)) attached to it. Also on the bridge controller were interfaces to a QIC-150 tape cartridge drive, and a standard shugart bus floppy controller. Each device appeared as one LUN (logical unit number) on SCSI ID 0.
I've still got this controller somewhere; I pulled it out on the basis it might be useful, when we dismantled the old masscomp. (Mind you, I've still got the CPU board from our Gandalf serial switch, which is a work of art; completely wire-wrapped assembley - wooo!)
We also had an optical drive array with an 'OCU' device attached to it, which presented seven SCSI drives as LUNs on a single SCSI ID; worked perfectly well, and saved on having multiple host controllers or getting into a situation where SCSI ID's are as rare as free IRQ's are on Ix86 boxen nowadays. (And certain operating systems still haven't got the hang of proper IRQ sharing as implemented by the PCI specification).
It should be fairly trivial therefore to build a board which has a SCSI port, designed to fit a U320 bus, and provides, say, eight LUNs worth of IDE drives. Mind you, the cables would be a nightmare...
While some countries would rather you didn't know this, in the UK we are either enlightened/crazy (delete as appropriate) enough to allow people to buy Tritium Phosphor Lights.
Before y'all descend onto the site to buy yourself a little radioactivity, Cash'n'Carrion WILL NOT SHIP OUTSIDE OF THE UK. Various reasons listed here
If I remember my nuclear physics correctly, Tritium (Hydrogen-3 (1 proton, 2 neutrons)) decays via a weak Beta-particle emission into Helium-3 (2 protons, 1 neutron). This beta particle, which is not energetic enough to make its way outside of the glass tube in which the tritium is stored, exceites the phosphor on the inside of the tube causing it to glow in one of several cool shades. As Tritium has a half-life of the order of 4500 days, these things should last a good few years (they suggest atleast 10) before the glow fades.
Never, ever, let anyone else browse Amazon from your system (especially if you're mad enough to leave their 1-click(TM) shopping switched on). Allowing my sister to browse has so buggered up my music recomendations that I can't find anything worth buying any more. Ugh! Ergh! That terrible sound, I can't get it out of my head... Remind me to do it to her some day...
Mind you, when people leave their desktops logged in at the office, I sometimes set their Google Language Prefernces to Klingon (ja'chuqmeH Usenet ghommeyvaD yInej 'ej yIlegh.) or "Elmer Fudd" (De web owganized by topic into categowies)
I'm a digital satellite viewer myself; more on that later.
The various cable TV companies also offer cable modem access. For some companies, this is a seperate device, such as a standalone modem which is connected seperately to the TV set-top-box; but some cable companies have ethernet ports built into their digital decoders. These provide you with simple-to-configure (assuming you have an ethernet card and appropriate cabling to keep your PC a fairly good distance away from the TV, because there's nothing more annoying when you're trying to watch a film then to have noisy PC's running (or kids playing noisy games on the same)). In that sense, the device could easily be a router. (However, having had past experience with UK cable companies, they will advertise such as device as X, but it's really only a Y)
How this integrates with the plans of the TV cable companies, who usually run their own systems on equipment that they supply, not catering for user-acquired decoders, I don't know, but it may be an attractive prospect for some of them.
Back to the digital satellite. Sky also provide a PVR service, called Sky+. Essentially, it's a hard disk, connected to a satellite tuner, connected to a quad-LNB dish, allowing the box to receive MPEG-2 streams from two channels, record one, and view another at the same time, together with nifty features that TIVO users would be familiar with. I don't have one of these, but I expect one day I'll be persuaded to part with the GBP300 plus GBP10/month service charge. Because the satellite system is one-way, with interactive services provided over a telephone line, I can't see much use for a router in it, unless Sky plan to break into the ADSL market; although I'd still be uncomfortable with that (eggs, one basket, etc.).
Now, what I'd really like to see developed is a satellite/cable receiver, which records MPEG-2 to hard disk, and dumps the same to DVD-R instead of to video. I'd bet the movie industry would hate this idea though. However, given that the UK market for satellite receivers is far more open (you can buy them in the shops, and self-install, dealing with Sky only insofar as getting a contract to receive subscription channels and a viewing card), some bright spark out there should hopefully be able to design one of these. Let me test it for you!!.
Slashdot Mirror
DECnet addresses map into MAC addresses. For instance, the DECnet address 3.100 maps to AA-00-04-00-0C-64
I have enough trouble with FC3 boxen that complain tht their physical address has changed (due to the luser concerned having applied 240v instead of the generally accepted low lan voltage to the RJ45 connector, etc), plus the overall headache that is DHCP based on MAC addresssses, that the last thing I need is a bunch of machines changing their apparent MAC addresses to fit with some crufty network architecture that I expunged from my network over 10 years ago.
Not to mention the general nightmare that is trying to cram all of those DEC network drivers into high memory on Win9x/DOS to save on base memory so you could provide network services via PATHWorks.
No thanks. I do have a VAX, but I'll make do with the wonderfully broken network interface that is TCP/IP Services for VMS, rather than inflict DECnet on my LAN.
Indeed, and what sysadmin could resist entering the following for each user on their 'I hate you' list:
/FLAGS=GENPWD forces the user to use generated passwords. /PWDLIFETIME=1 sets the password lifetime to one day. /PWDMINIMUM=28 sets the minimum password length to 28. The generator generates passwords of the minimum length to the minimum length + 3, and 31 is the maximum.
$ UAF="$AUTHORIZE"
$ UAF MODIFY VICTIM1/FLAGS=GENPWD/PWDLIFETIME=1/PWDMINIMUM=28
(rince and repeat for victim 2, etc..)
Users soon learn to A) Buy you several beers to reverse this measure, and B) not to mess with you ever again.
Yes and No. Some ISP's are incompetent, or atleast more concerned with profits than consumer safety.
However, the larger part of the problem is the way that the population of the UK are being conditioned to not take responsibility for their actions. We have already arrived in the 'Caution! Hot Coffee' culture.
What does Joe Average care that his PC is peddling 419 scams, dubious pharmacy products, and phishing attempts, provided that he can still read his MSN Hotmail? He knows how to click on icons, and read mail. He may hear about virus outbreaks in the news media, but assumes it's a technical problem that he cannot (or will not attempt to) understand.
Microsoft aren't helping either. XP-SP2 was a start, but a typical microsoft botched offering given the ease in which worms, spyware, and other malware can get onto a system. Microsoft have handed a bunch of inexperienced newbies the internet equivalent of a chainsaw, with no instructions on it safe use. The fact that my DSL router with it's 10 minute inactivity timeout has not gone off line for over eight months is testimony to that.
For these users with their high bandwidth and low clue, there is a solution, which is the appliance PC; a box that is managed remotely, that Joe Average can use safely. For those with the ability to make art with chainsaws, there's a proper internet connection, but where is the commercial value in that for the ISPs when less than 5% of their customer base have a clue?
Personally, I think some form of computer driving license is in order, or atleast a change in the law to make owners of compromised systems liable for the damage those systems do. Perhaps that will force a change?
I'm dreaming, aren't I?
A train guard doesn't work in the same capacity as a security guard, although safety of the train and the passengers is his primary responsibility, secondary tasks include ticket inspection (and selling), customer assistance (announcements, assisting disabled passengers, etc.), and so forth.
That said, the guard on this service didn't appear once during the entire journey (and I was on the train from Portsmouth Harbour). However, "Daniel", the 'steward', who kept promising that he'd be wheeling a trolley through the entire train selling coffee, tea, and suspicious sandwiches at excessive prices, somehow promoted himself to 'Catering Manager' by the time we reached London, and decided to stay in the front car as far as we could tell.
Atleast the train didn't break down this time.
On my way to London the other day, I was sitting in the 'Quiet Zone' car of the train. There are notices on every window asking people not to use Mobile Phones.
This moron gets on at a station, and quite obviously reads, and decides to ignore the notices, and makes about a dozen calls to people which I didn't want to listen to. However, it became quite obvious that this person was engaged in a mobile/SMS/MMS marketing campaign, and various other things he said suggested 'spammer'.
Of course, rule #3 states that spammers are stupid, and this one was no exception. He rattled off at great length a list of sites, usernames, and passwords for various SMS distribution services.
I pulled out my newspaper and pretended to do the crossword, writing down every group of site, username, and passwords. I have not done anything with them yet, but I'm sorely tempted. However, as my handsets are all registered with the TPS (the UK equivalent of the FTC do-not-call lists), I'll wait for a marketing SMS to be crapped into my phone before being tempted further.
If you are 'evileye' (what a stupid username), you might be more careful about where you use your mobile next time..
British Rail was the name used by the last nationalised rail network. Since the government sold off pretty much everything to private companies (with or without various unenforceable guarantees about service levels, etc.) there has been no such entity as British Rail.
Railtrack (alias Railcrack, railcrap, etc.) gave way to the current quasi-non-governmental organisation (Quango) called 'Network Rail'.
Network Rail STILL cannot work out the easiest route between Ryde Hoverport and Ryde Esplanade (Clue: Use the footbridge, the distance is fifty feet). If you'd like ask them yourself, enter the necessary details at Their journey planner page
While you are doing this, please spare a thought for those of us who have to use their service on a regular basis. Thanks.
Actually, I now know who was responsible. It was a case of 'I want a CD Writer, he has a CD Writer, he isn't here, I have his CD Writer'. The person concerned has now been shot, stapled, blown to bits, electrocuted, irradiated, mangled, hang, drawn, and quartered, and told not to do it again.
It won't affect the servers, as they all monitor each other and complain (by email or SMS if one of them unexpectedly goes away) (and all of the component serial numbers are known). (Not that the miscreant can get to them, or my spares cupboard) anyway...
Apart from the usual hangovers, I managed to take a break over the xmas/new-year period. On returning to work, the usual number of things had quit, crashed and burned, or otherwise died and were quickly righted (if 'righted' is a word that can be used in the context of a Win32 system that doesn't involve dipping the hard discs in acid or a several MegaTesla field).
;-)
My main problem was that a new machine, prepared for a new user, left in a perfectly working condition before the holidays had mysteriously stopped working. It had mysteriously also grown a different CD drive, and of course nobody was willing to admit that they messed with it.
After the visions of barbarian hordes trampling the user base had subsided, it took most of yesterday and today to resurrect this machine into some sort of sensible order.
Of course, you don't need to know this. You already know that trying to administrate a network full of users with windows boxes is similar in terms of it's futility level as trying to herd cats.
As for the real problem, which is 2038, I intend to be happily retired by then, and then come back and charge quite stunningly outrageous fees for fixing all the broken 32-bit code out there.
For the record, a 32-bit signed number of seconds based on 1st January 1970 expires on Tuesday, January 19th, 2038 at 3:14:08 UTC. This is the format used by 'Unix Time', and appears in code all over the place. (Pretty much anything written in C)
Back in the days of VMS, which measured time in clunks (a clunk was 100 clicks (1 click = 1ns), 864,000,000,000 clunks in a day) and stored it in a 64-bit quadword, with a base time of 17th November 1858 (Modified julian calendar base). 64 bits worth of clunks is enough to go to the year 60312.
Ansi COBOL's base time is the first of January 1601. (As if you needed reminding how old and crufty COBOL is...
Current (Win32) versions of windows use a counter representing periods of 100ns from 1st January 1601, however that applies only to code using the win32 API, and not the functions.
Because time_t is declared as a signed long, it should be 64-bits on 64-bit platforms, as 'long' is supposed to grow with the architecture, however most C compiler writers seem to have chickened out of that and 'long' seems to have become a de-facto 32-bit quantity.
For the benefit of non-german-speaking Slashdotters, the first addendum to document 11979 can be found here (PDF) and the parent document here (PDF)
True, indeed.
This is where user filesystems with noexec comes in very useful, which MS probably could implement on a directory level. I.e. allow exec from C:\Program Files, and C:\Windows, and prevent ordinary users from writing to them.
Yeah, like thats going to happen. Just how many broken programs are there that require write access to C:\WINDOWS ?
However, if the intention is to prevent malicious code being executed via buffer overruns, then the NX bit is one part. Preventing executable memory from being written, and protecting the protection mechanism (not allowing user mode code to change permissions on pages protected by the executive) is also necessary.
I have some schematics of PDP11 processors, and several thousand fiches of technical documentation from that era. If I had a working fiche reader, I could tell you ;-)
Jim
Not a lot.
For NoExecute to work properly, code sections need to be read-only. See notes in my previous comment. Merely marking data no-execute doesn't prevent valid instructions from being overwritten unless they are protected, and that protection is also protected. (I.e. it's no good having code sections which are marked no-write, if the latest IE bug-du-jour can merely change the permissions from user mode. It has to be a kernel mode operation).
Neither. At least fourth, possibly not even in the points...
Back in atleast 1980 (and probably earlier), according to my VMS 2.0 Source listings[1] (no, it's not open source, you can't have it), the VAX processor supported no-execute.
Each program is made up of PSECTs (program sections), which have various flags which specify the properties of the memory section when the program is loaded into a processes virtual address space. Such flags as RD and WRT specify memory protection. Flags such as SHR specify whether pages can be shared among processes, and the EXE flag specifies whether a page can be executed. There are a bunch of other flags, concerned with whether code is position independant (PIC), or alter it's score (GBL,LCL), or relocateable (REL).
Typically executable code would go into a PSECT marked RD,NOWRT,EXE,SHR which would allow multiple users running the same installed program to save memory by simply mapping the executable pages into both processes, however neither process could write to those pages. Program data, on the other hand, would typically be mapped into sections marked RD,WRT,NOEXE,NOSHR which would provide each process with their own local data pages, to which they could write, but which they couldn't execute.
Any attempt to do so would trigger an SS$_ACCVIO (the VMS equivalent of a segmentation fault) and bring a typical program to an abrupt end, unless it could handle that error.
So, twenty+ years later, and the two manufacturers are making a big thing about NoExecute. Yawn...
While it will certainly do a lot to prevent the typical buffer overrun attack, by itself it isn't enough, as the overwhelming majority of development tools don't properly protect executable memory. Unless a program has very good reasons to be self-modifying, it needs to not only mark it's DATA pages non-executable, but mark it's code pages non-writable. As the GNU compiler was working on VMS well over a decade ago, if I were to bet on which platform would have the majority of it's compilers 'EXE != WRT' compliant, I know where my money would be.
Jim
[1] DEC Part number AH-H159B-SE ('VAX/VMS V2.0 SRC LST MCRF/226') for the truly interested.
> Further, can they legally call them the 'W' word?
Why not? There is a glazing company near me, whose vans I see regularly on the roads on the way in to work in the morning. They are called 'MS Windows'. and they did register mswindows.co.uk (Microsoft lawyers can check registration at whois.nic.uk). No website (and their DNS servers are acting strange). One of these days, I'll grab a photo..
...and the SWF banner ads. I don't even need to install junkbuster ;-)
Given the concentration of spammers in Florida, particularly around Boca Raton, perhaps these researchers would do the 'net a favour by pointing their super-whatsit electromagnetic data rearranging device in the general direction of the slimeball's hard drives, backup tapes, and anything else ferrous the spammers may have at home (visions of flying knives, irons, golf clubs, etc...)
DRM or not, any application has to talk to the hardware at some level. Unless microsoft ship binary only sound/video drivers that can't be hacked to write video/audio data out through network or unix domain sockets, or /proc devices, then anyone can access protected content digitally, before it gets to the output device.
We already know that the SB Audigy turns off it's digital outputs when playing DRM-enabled content under windows. I doubt very much that open source drivers would bother to implement such a feature.
If Microsoft do ship binary only sound/video drivers, they won't work for long, as the kernel interfaces will probably change, again. Besides, there are just too many cards out there. By careful manipulation of the VM subsystem, all driver I/O can be redirected in interesting ways anyway.
Question is then, does this make the linux kernel a 'circumvention device' in the context of the DMCA? Perhaps this is the goal?
The article includes a link to Understanding your Myers Briggs Personality type just before it states that "INTJ and INTP typically make good systems admins"
I'm an INTP, and I never realised it. So I read up on the other types (table of links at the bottom of the page). Fasinating. I shudder at the thought of waking up some day as an EFSJ.
I don't know if the slashdot poll code can handle 16 options, but I suspect that the "fairly uncommon (less than five percent of the population)" people are probably more like 90 around here. Perhaps it is time to find out.
The most truthful point is that nobody ever remembers when you're right, only when you're wrong. This is probably why I've not had a raise for some time.
One of the best ways of attracting public interest, and (eventually, once the people who have become interested gain power) funding is to open your doors and make interesting educational programmes about your work. Get into schools, colleges, and make sure everyone knows where their money is going, and how government cutbacks have placed a stranglehold on your research.
Let the crackpots join in, and let them make fools of themselves infront of millions. Problem solved.
Just my $0.02
Microsoft Works is not an abortion, it's an oxymoron
Like 'Taped live', 'Military Intelligence', 'Tax Return' or 'Government Organisation'
OXYMORON n.: A rhetorical figure in which an epigrammatic effect is created by the conjunction of incongruous or contradictory terms
More oxymorons here and here (and I'm sure you can search google for more.
P.S. Could someone please explain what 'Commonwealth affiliated' means in one of the replies above, for the benefit of us UK folk, to whom 'Commonwealth' means something probably quite different.
Our first real unix machine was a Masscomp MC6300. They were bought out some time ago by some organisation which had a double-parallelogram sytle logo, which I can't for the life of me remember the name of. Anyhow, it had 4Mb RAM, Motorola MC68030 CPU at 50MHz, MC68881 FPU, and an onboard SCSI controller.
Attached to this SCSI controller was a bridge module, which controlled two MFM hard drives (We had a Micropolis 81 (an old DEC RD53) and a Maxtor drive (a DEC RD54 (which for some really wierd reason had a built-in speaker)) attached to it. Also on the bridge controller were interfaces to a QIC-150 tape cartridge drive, and a standard shugart bus floppy controller. Each device appeared as one LUN (logical unit number) on SCSI ID 0.
I've still got this controller somewhere; I pulled it out on the basis it might be useful, when we dismantled the old masscomp. (Mind you, I've still got the CPU board from our Gandalf serial switch, which is a work of art; completely wire-wrapped assembley - wooo!)
We also had an optical drive array with an 'OCU' device attached to it, which presented seven SCSI drives as LUNs on a single SCSI ID; worked perfectly well, and saved on having multiple host controllers or getting into a situation where SCSI ID's are as rare as free IRQ's are on Ix86 boxen nowadays. (And certain operating systems still haven't got the hang of proper IRQ sharing as implemented by the PCI specification).
It should be fairly trivial therefore to build a board which has a SCSI port, designed to fit a U320 bus, and provides, say, eight LUNs worth of IDE drives. Mind you, the cables would be a nightmare...
Before y'all descend onto the site to buy yourself a little radioactivity, Cash'n'Carrion WILL NOT SHIP OUTSIDE OF THE UK. Various reasons listed here
If I remember my nuclear physics correctly, Tritium (Hydrogen-3 (1 proton, 2 neutrons)) decays via a weak Beta-particle emission into Helium-3 (2 protons, 1 neutron). This beta particle, which is not energetic enough to make its way outside of the glass tube in which the tritium is stored, exceites the phosphor on the inside of the tube causing it to glow in one of several cool shades. As Tritium has a half-life of the order of 4500 days, these things should last a good few years (they suggest atleast 10) before the glow fades.
Mind you, when people leave their desktops logged in at the office, I sometimes set their Google Language Prefernces to Klingon (ja'chuqmeH Usenet ghommeyvaD yInej 'ej yIlegh.) or "Elmer Fudd" (De web owganized by topic into categowies)
Ordinary analogue terrestrial,
digital terrestrial (previously known as On Digital and then ITV digital
Digital Satellite, and
Various cable TV companies
I'm a digital satellite viewer myself; more on that later.
The various cable TV companies also offer cable modem access. For some companies, this is a seperate device, such as a standalone modem which is connected seperately to the TV set-top-box; but some cable companies have ethernet ports built into their digital decoders. These provide you with simple-to-configure (assuming you have an ethernet card and appropriate cabling to keep your PC a fairly good distance away from the TV, because there's nothing more annoying when you're trying to watch a film then to have noisy PC's running (or kids playing noisy games on the same)). In that sense, the device could easily be a router. (However, having had past experience with UK cable companies, they will advertise such as device as X, but it's really only a Y)
How this integrates with the plans of the TV cable companies, who usually run their own systems on equipment that they supply, not catering for user-acquired decoders, I don't know, but it may be an attractive prospect for some of them.
Back to the digital satellite. Sky also provide a PVR service, called Sky+. Essentially, it's a hard disk, connected to a satellite tuner, connected to a quad-LNB dish, allowing the box to receive MPEG-2 streams from two channels, record one, and view another at the same time, together with nifty features that TIVO users would be familiar with. I don't have one of these, but I expect one day I'll be persuaded to part with the GBP300 plus GBP10/month service charge. Because the satellite system is one-way, with interactive services provided over a telephone line, I can't see much use for a router in it, unless Sky plan to break into the ADSL market; although I'd still be uncomfortable with that (eggs, one basket, etc.).
Now, what I'd really like to see developed is a satellite/cable receiver, which records MPEG-2 to hard disk, and dumps the same to DVD-R instead of to video. I'd bet the movie industry would hate this idea though. However, given that the UK market for satellite receivers is far more open (you can buy them in the shops, and self-install, dealing with Sky only insofar as getting a contract to receive subscription channels and a viewing card), some bright spark out there should hopefully be able to design one of these. Let me test it for you!!.
To 'nick' something is a slang term for stealing it. I think that's why the RIAA are so scared of networks.