Why have a standalone ADSL? Won't you benefit from a firewalled connection?
An exposed Wintel machine takes only minutes to pick up a passing worm when connected to the Internet by an unfirewalled connection, and be totally compromised - and a workshop is the first place I'd expect to find such a PC, in a semi-configured state.
(We had this "No time to download patches" debate a while ago here... if you don't go through a firewall to *get* those securing patches in the first place, it's not straightforward)
I have one, and it is *not* too large to carry round with you, unless you habitually work in a bikini. A full suite of sysadmin-level tools are available third party, and you're rocking.
The 9300 is smaller, true, but not that much smaller, and while losing the camera is no great shakes, the Wi-Fi is mandatory. Having the higher bandwidth available in a coffeeshop, or just around work or site, for that matter, is something you'd miss if you didn't have it.
These things aren't called communicators for nothing, and don't forget you get a PDA and Office-type apps, too.
I've been a loyal fan of the genre for years, and can't get on with anything that doesn't have a keyboard for fat fingers like mine. I don't do handwriting recognition, either.
It's the *only* choice, my friend, and lucky for you, it is a *damn* good one.
Actually, mu Mum's old Panason Genius, circa early-80's (yes, it's still going!) *completely* trashes her Wi-Fi and video senders whenever it operates.
My 1997 model I bought when I moved out into my flat doesn't do this.
I never knew that any drives had beeen built with multiple actuators - do you have any old model numbers or references I can geek over? (I'm not checking up on you, just want to see one of these beasts for myself!)
The cost factor fits, I suppose a RAID config does provide the single best factor of a multiple actuator design - zero-lag track seeks - even if it is on different spindles!
I'm surprised to hear the market wasn't profitable enough to cater for some progress to be made in this area for the desktop market, since there are always speed merchants who want the fastest spinning platters in their one- or two-drive cases.
Not too sure I can go along with your turbulence theory, the Bernoulli effect should still apply in very small scales - I think the heads would need to be *very* close together (in mm, I should think), before that becomes a factor. Then again, I'm not a drive engineer.
I understand the concept of drum memory and it's concept of non-moving heads.
What I've often wondered, is why more *movable* stacks of heads aren't packaged into modern hard disks - to my knowledge, they all have just one stack of heads.
Rather than continually upping rotation speed, how well would a drive perform with two or four banks of heads at each of the compass points, each bank moving independantly of the other heads?
Interesting - this post is now going full circle, back to the OP.
Do you feel that Microsoft's technique of forcibly removing raw packets from XP is indicative of a cult mindset you mention, with the "unrealistic fear" slant? I think it fits your penultimate paragraph like a glove!
I wanted to lump your last paragraph in, too, because it fits, but we *all* know why Microsoft is still connected to the Internet...!
OK, well, I read those same analysis, and they had more than a whiff of agenda about them, too. None of them seemed to make clear exactly what was wrong with this technology - they just criticised it.
OK, if you're not in the industry, I don't expect you to know this, and I can understand your opinion based on those analysis, skewed as I believe they are IMHO.
I am in the industry, and could understand the proposed technology (although, as you say, the supporting software is not yet here. The scanner *is* there, though, and it works, and is *incredibly* fast for what it does, and it still makes me shake my head with respect everytime I see it operate), and I know he is on to *something*.
Knowing the technology and doing something useful with it are two different things, and I take your point that nothing useful, over and above the scanner, has yet been seen from Mr Gibson.
The packets crafted are normal - the power is in the stack, which is capable of doing things like analysing framing discrepancies.
The custom stack works deeper than most - I believe it not only plays in the network layer, but interfaces closely with the datalink layer. The result is that it can analyse the framing information.
Combine these with careful timing analysis similar to that mentioned in the recent NAT-cracking exercises, and you don't need to malform anything.
Good post - particularly the "loaded words" angle.
Even going back to his site now and looking at his texts, apart from a little over-sensationalisation when he got DOS'd for a few days, he usually presents an even-handed approach.
Remember (and ironically, it was my point regarding the whole concept of this article!), that such a site is dealing with the lowest common denominator incapable of making reasoned security decisions for themselves, and in that light, a little over-compensation can be forgiven. Those who know better, can measure the danger for themselves.
It's insightful, IMHO, because it pointed out the doubtful reasoning behind valuing something so easily obtained. (And then, by inference, going on to copy this print using moulded gelatine over an intruders thumb.)
I know how easy it is, I tried it when Slashdot posted a how-to, and it works. Thumbprint reader on the laptop went back the same day.
>> If they locked down raw sockets and made it available only to administrators or root users, that would solve it.
So then I would need to log out as a user and back in as an administrator to run Nmap?
Doing so, inviting whatever is bad for users running in admin mode to impact me running in the same state? So what do I achieve by doing that?
I may be able to elevate a certain programs priviledges in Unix to access raw sockets, but I can't do that in Windows (as far as I know). So I have to make the choice - run Nmap as a user, raw sockets denied, or as an admin-equivalent, sockets permitted, and risk whatever is bad about running admin level.
So, actually, I agree with you insofar as raw sockets do need to be made available only to admins, but I would extend that to any programs permitted to do so, by deign of being installed by an admin. So then I can run Nmap as a user, and Nmap *only* has access to raw sockets.
OK, guys and gals, read the article and do the research behind it.
Sure, it's bad Windows runs everything as an administrator-equivalent, and that's for simplicity, but cans of worms like this one show why this is a bad idea. Keeping it simple isn't a bad idea, but admin-level users should not have been the way to achieve this.
No point in crying over spilt milk, though, it's already done. The hotfix will kill most of these installations, because most of them are trojanned conections doing harm.
I agree that leaving them in Server2K3 is ok, because such installations tend to be fed and watered about people who are competant enough to know better. XP is on every lamebrains machine, it is intended to cater for the lowest common denominator, and thus must make decisions for the lowest common denominator, those who are not able to make the informed decision for themselves. I know this sucks for us techies who have it on our laptops, but why not recognise the fact?
There is *no* reason why Nmap for Windows cannot have a custom packet driver added to overcome every limitation Microsoft throw at their own stack. I suspect the reason why not is this snobbery an awful lot of open-source developers, particularly security developers on the cutting edge of exploitable software, have for MS platforms in general. (Want to flame me on that point? How many WEP cracking utils have you seen that run natively in Windows? The fact that I don't know of *one* leads me to suspect that it is that fact that stops WEP from being cracked on Aunt Gertrude's AP more often - no point-and-drool tool for the script-kiddiez.)
Summary: Microsoft is doing the right thing, in my opinion. The techies that are whining about this should be technically mature enough to recognise that this measure is needed in consideration of the platforms target users, and utilise their energy instead to circumvent it for that software tool that they use.
Yes, we could have a oss-based replacement stack for Windows that could put this functionality back, but then every trojan would include it, and maybe even download it from Sourceforge when it needed it!
>>This doesn't change the fact that Gibson is a nit.
Justify, please, since you just agreed that there are exceptions to every rule, hence, exceptions to your rule, hence sometimes Gibsons point is valid, depending on circumstances.
Gibson came in from a lot of flak from hecklers who didn't understand his concerns, both here and on his own website. The attacks were quite vitriolic and energetic, surprisingly so.
The concept can be used for good or evil, depending on their application. So do you remove them, or keep them? Most will use them (accidentally, by trojans) for evil, so they should at least have to be enabled by some extra process, like the filter or monitor drivers for Windows have to be added manually. Deliberate misuse of them can only be effectively blocked by the next layer up - the router on that connection, controlled by the ISP, filtering out such harm.
Ironically, I use Nmap in my work and would like to continue to use raw sockets in conjunction with this and other Penetration-Testing software.
His "Nanoprobe" (Bad Trekkie-style name for very cool technology) custom TCP/IP stack can manipulate, interrogate, and interpret conventional datagrams to quite astonishing levels - well worth learning more.
Then the earlier poster is smoking something - you are correct, the whole joke is that the Golgafrinhans landing on the Earth in the B Ark knocked the whole maths off-kilter.
Of course, that means that the Magratheans did not take into account external forces in the execution of the "Earth Program".
Which means that every meteorite that ever hit us, every gravitational wobble caused by a passing star, even every observation by man of anything in the sky, changed the program by a miniscule fraction.
(Every observation, you ask? Sure! Wars and invasions were fought, marriages made, deaths foretold, belief systems began - all on the basis of astronomical events being interpreted. Stars, comets, meteors, etc. Since humans were part of the "matrix"of the Earth, their evolution and their actions (in making and acting upon these observations) must have been expected, therefore important, therefore critical to the result.)
Of course, this is all about Chaos Theory taken to it's logical conclusion. Everything, however small, is important.
No, he's not rambling incoherently - in fact, I found myself nodding as I read it.
Of course, I can only speak of the UK. But kids TV has gone to pot - the modern Grange Hill dare not be made nowadays like it was in the late seventies. And don't get me started on the new Dr Who - "It's alien ? - yeah! - are you alien? - yeah! - is that alright? - yeah!"... give me strength!
I appreciate the need to change with the times - I just wish the change would be for improvement, and not for changes sake, to something inferior.
Slashdot Mirror
...here?
http://www.itwales.com/998622.htm
Am I the only one who thought this, on seeing the picture?
Why have a standalone ADSL? Won't you benefit from a firewalled connection?
An exposed Wintel machine takes only minutes to pick up a passing worm when connected to the Internet by an unfirewalled connection, and be totally compromised - and a workshop is the first place I'd expect to find such a PC, in a semi-configured state.
(We had this "No time to download patches" debate a while ago here... if you don't go through a firewall to *get* those securing patches in the first place, it's not straightforward)
I have one, and it is *not* too large to carry round with you, unless you habitually work in a bikini. A full suite of sysadmin-level tools are available third party, and you're rocking.
The 9300 is smaller, true, but not that much smaller, and while losing the camera is no great shakes, the Wi-Fi is mandatory. Having the higher bandwidth available in a coffeeshop, or just around work or site, for that matter, is something you'd miss if you didn't have it.
These things aren't called communicators for nothing, and don't forget you get a PDA and Office-type apps, too.
I've been a loyal fan of the genre for years, and can't get on with anything that doesn't have a keyboard for fat fingers like mine. I don't do handwriting recognition, either.
It's the *only* choice, my friend, and lucky for you, it is a *damn* good one.
Am I the only one here with the in-depth culinary skills to point out that toasters *grill* bread, they do not fry it?
Actually, mu Mum's old Panason Genius, circa early-80's (yes, it's still going!) *completely* trashes her Wi-Fi and video senders whenever it operates. My 1997 model I bought when I moved out into my flat doesn't do this.
Ah, now, thanks for that!
I never knew that any drives had beeen built with multiple actuators - do you have any old model numbers or references I can geek over? (I'm not checking up on you, just want to see one of these beasts for myself!)
The cost factor fits, I suppose a RAID config does provide the single best factor of a multiple actuator design - zero-lag track seeks - even if it is on different spindles!
I'm surprised to hear the market wasn't profitable enough to cater for some progress to be made in this area for the desktop market, since there are always speed merchants who want the fastest spinning platters in their one- or two-drive cases.
Not too sure I can go along with your turbulence theory, the Bernoulli effect should still apply in very small scales - I think the heads would need to be *very* close together (in mm, I should think), before that becomes a factor. Then again, I'm not a drive engineer.
Cheers for your post - most informative!
I understand the concept of drum memory and it's concept of non-moving heads.
What I've often wondered, is why more *movable* stacks of heads aren't packaged into modern hard disks - to my knowledge, they all have just one stack of heads.
Rather than continually upping rotation speed, how well would a drive perform with two or four banks of heads at each of the compass points, each bank moving independantly of the other heads?
Surely it would slash seek times?
That wouldn't be Bristol, Avon, by any chance? The Monitron twisted to point at a house, by any chance?
I *wondered* what the hell it was supposed to be photgraphing!
Interesting - this post is now going full circle, back to the OP.
Do you feel that Microsoft's technique of forcibly removing raw packets from XP is indicative of a cult mindset you mention, with the "unrealistic fear" slant? I think it fits your penultimate paragraph like a glove!
I wanted to lump your last paragraph in, too, because it fits, but we *all* know why Microsoft is still connected to the Internet...!
OK, well, I read those same analysis, and they had more than a whiff of agenda about them, too. None of them seemed to make clear exactly what was wrong with this technology - they just criticised it.
OK, if you're not in the industry, I don't expect you to know this, and I can understand your opinion based on those analysis, skewed as I believe they are IMHO.
I am in the industry, and could understand the proposed technology (although, as you say, the supporting software is not yet here. The scanner *is* there, though, and it works, and is *incredibly* fast for what it does, and it still makes me shake my head with respect everytime I see it operate), and I know he is on to *something*.
Knowing the technology and doing something useful with it are two different things, and I take your point that nothing useful, over and above the scanner, has yet been seen from Mr Gibson.
No, they're not malformed - read the site.
The packets crafted are normal - the power is in the stack, which is capable of doing things like analysing framing discrepancies.
The custom stack works deeper than most - I believe it not only plays in the network layer, but interfaces closely with the datalink layer. The result is that it can analyse the framing information.
Combine these with careful timing analysis similar to that mentioned in the recent NAT-cracking exercises, and you don't need to malform anything.
Good post - particularly the "loaded words" angle.
Even going back to his site now and looking at his texts, apart from a little over-sensationalisation when he got DOS'd for a few days, he usually presents an even-handed approach.
Remember (and ironically, it was my point regarding the whole concept of this article!), that such a site is dealing with the lowest common denominator incapable of making reasoned security decisions for themselves, and in that light, a little over-compensation can be forgiven. Those who know better, can measure the danger for themselves.
OK, you pointed out one. Got any more? ;o)
It's insightful, IMHO, because it pointed out the doubtful reasoning behind valuing something so easily obtained. (And then, by inference, going on to copy this print using moulded gelatine over an intruders thumb.)
I know how easy it is, I tried it when Slashdot posted a how-to, and it works. Thumbprint reader on the laptop went back the same day.
>> If they locked down raw sockets and made it available only to administrators or root users, that would solve it.
So then I would need to log out as a user and back in as an administrator to run Nmap?
Doing so, inviting whatever is bad for users running in admin mode to impact me running in the same state? So what do I achieve by doing that?
I may be able to elevate a certain programs priviledges in Unix to access raw sockets, but I can't do that in Windows (as far as I know). So I have to make the choice - run Nmap as a user, raw sockets denied, or as an admin-equivalent, sockets permitted, and risk whatever is bad about running admin level.
So, actually, I agree with you insofar as raw sockets do need to be made available only to admins, but I would extend that to any programs permitted to do so, by deign of being installed by an admin. So then I can run Nmap as a user, and Nmap *only* has access to raw sockets.
Problem solved.
OK, guys and gals, read the article and do the research behind it.
Sure, it's bad Windows runs everything as an administrator-equivalent, and that's for simplicity, but cans of worms like this one show why this is a bad idea. Keeping it simple isn't a bad idea, but admin-level users should not have been the way to achieve this.
No point in crying over spilt milk, though, it's already done. The hotfix will kill most of these installations, because most of them are trojanned conections doing harm.
I agree that leaving them in Server2K3 is ok, because such installations tend to be fed and watered about people who are competant enough to know better. XP is on every lamebrains machine, it is intended to cater for the lowest common denominator, and thus must make decisions for the lowest common denominator, those who are not able to make the informed decision for themselves. I know this sucks for us techies who have it on our laptops, but why not recognise the fact?
There is *no* reason why Nmap for Windows cannot have a custom packet driver added to overcome every limitation Microsoft throw at their own stack. I suspect the reason why not is this snobbery an awful lot of open-source developers, particularly security developers on the cutting edge of exploitable software, have for MS platforms in general. (Want to flame me on that point? How many WEP cracking utils have you seen that run natively in Windows? The fact that I don't know of *one* leads me to suspect that it is that fact that stops WEP from being cracked on Aunt Gertrude's AP more often - no point-and-drool tool for the script-kiddiez.)
Summary: Microsoft is doing the right thing, in my opinion. The techies that are whining about this should be technically mature enough to recognise that this measure is needed in consideration of the platforms target users, and utilise their energy instead to circumvent it for that software tool that they use.
Yes, we could have a oss-based replacement stack for Windows that could put this functionality back, but then every trojan would include it, and maybe even download it from Sourceforge when it needed it!
>>This doesn't change the fact that Gibson is a nit.
Justify, please, since you just agreed that there are exceptions to every rule, hence, exceptions to your rule, hence sometimes Gibsons point is valid, depending on circumstances.
Seconded.
Gibson came in from a lot of flak from hecklers who didn't understand his concerns, both here and on his own website. The attacks were quite vitriolic and energetic, surprisingly so.
The concept can be used for good or evil, depending on their application. So do you remove them, or keep them? Most will use them (accidentally, by trojans) for evil, so they should at least have to be enabled by some extra process, like the filter or monitor drivers for Windows have to be added manually. Deliberate misuse of them can only be effectively blocked by the next layer up - the router on that connection, controlled by the ISP, filtering out such harm.
Ironically, I use Nmap in my work and would like to continue to use raw sockets in conjunction with this and other Penetration-Testing software.
His "Nanoprobe" (Bad Trekkie-style name for very cool technology) custom TCP/IP stack can manipulate, interrogate, and interpret conventional datagrams to quite astonishing levels - well worth learning more.
Then the earlier poster is smoking something - you are correct, the whole joke is that the Golgafrinhans landing on the Earth in the B Ark knocked the whole maths off-kilter.
Of course, that means that the Magratheans did not take into account external forces in the execution of the "Earth Program".
Which means that every meteorite that ever hit us, every gravitational wobble caused by a passing star, even every observation by man of anything in the sky, changed the program by a miniscule fraction.
(Every observation, you ask? Sure! Wars and invasions were fought, marriages made, deaths foretold, belief systems began - all on the basis of astronomical events being interpreted. Stars, comets, meteors, etc. Since humans were part of the "matrix"of the Earth, their evolution and their actions (in making and acting upon these observations) must have been expected, therefore important, therefore critical to the result.)
Of course, this is all about Chaos Theory taken to it's logical conclusion. Everything, however small, is important.
>>IBM stolen us the concept Did they set us up the bomb, too? (Sorry...couldn't resist!)
No, he's not rambling incoherently - in fact, I found myself nodding as I read it. Of course, I can only speak of the UK. But kids TV has gone to pot - the modern Grange Hill dare not be made nowadays like it was in the late seventies. And don't get me started on the new Dr Who - "It's alien ? - yeah! - are you alien? - yeah! - is that alright? - yeah!"... give me strength! I appreciate the need to change with the times - I just wish the change would be for improvement, and not for changes sake, to something inferior.
Ah - thank you. Interesting read, and interesting line of thought.
For those of us who have missed that thread, would you please elaborate?
All your base....aw, never mind.