If your system is 0wn3d and used to launch a DDoS attack on AOL (or Slashdot, Kuro5hin, whoever), then AOL should have the right to sue you for damages. Your incompetence caused their loss.
So, if i break into your car and smash through the window at a 7-11 thats _your_ responsibility right. That makes sense.
Since anything that runs on a client can be compromized (there is _no_ way to make sure this doesnt happen) the only real option for games is to just send pre rendered graphical images to the client which in turn sends back the client keystrokes. this is ofcourse way too bandwidth and serverside intensive to work with current technology, imagine doing this for a MMORPG with 60k users online simultaniously:).. and even if you use this method the cheaters can respond by writing pattern-reqognition systems which still will be able to autoaim and such (although it raises the bar considerably).
it DOES remove the threat of wallhacks and clientside radars but a good game protocol shouldnt send information about things outside of the clients vision anyway.
is ìt a crucial part of the article that i missed, or couldnt *anyone* just listen in on the conversation from whereever they like and distinguish two different sets of sounds? i mean, the sounds wouldnt be exactly like the ones the reciver gets, but wouldnt they still be able to
tell the two waves apart? if they can then this is pretty hopeless
Certain games require a high sensitivity setting on your mouse. counter-strike (to name one) needs this so you can spin around 180 degrees with as little handmovement as possible.
Now, if you want a ballmouse that can operate at this sensitivity without producing jagged scrolling you have to buy a boomslang or something like that. However, the optical mouse you can get much cheaper will do exactly the same, so why waste the money?
im not out to burst anyones bubble or anything, just thought id remind everyone that "a leading scientist" usually translates to "a crackpot we found who happen to have a degree". im not saying this is the case with dr. sykes here, but it might be.
its comparable to the "leading computer scientists" that get interviewed by some big news company and claims "A.I is a couple of years away".
There are times when the written form is better than an oral message. be that the reservation-number for the movie-tickets your going to pick up, the url for something, or whatever.
saves you from remembering it or having to call back to get it verified.
k
and i think almost everyone that ever did packet construction code know what i'm talking about.
jupp, in_cksum from ping.c.. probably the most widly stolen function in the history of programming:-).. very few people give credit though, but its quite unique and easy to spot where its used.
On the Internet Chess Club, a copy of GNU Chess running on an SGI Onyx R4400 under the handle MaxII has achieved a blitz rating of over 2500 and a standard rating of over 2300.
- Wolfgang Gabriel ran the Bednorz-Toennissen Test BT2630 with GNU Chess 4.0 pl74 on a 60 MHz Pentium with 16 MB of RAM. The test gave an estimated rating of 2213. He also ran Fritz-2 on the same hardware and got an estimated rating of 2311.
Kramnik used to be a student of Kasparovs, so they have undoubtedly played quite a few matches:) Official games:
Since their first clash in 1993, Kasparov and Kramnik have met 23 times in serious tournament play in games played at classical time limits. The score stands at three wins apiece with 17 draws. The full story game list is here. ;
>There is evidence that Europa has an ocean >beneath its ice crust.
Well, the article only states that many scientists belive there is an ocean beneath the ice, but there is no evidence of the fact.
The reason Europa is belived to have a ocean despite its cold core is jupiters enormous gravitation forces, it squeezes the moons and that is what makes the warm ones insainly hot and the cold ones (hopefully) warm enough to substain flowing water.
This is all theory though - no tests have been done to make sure yet.
(hmmm.. the [preview] button should be be the default in the comment form, not [submit]:)
have doubleclick explained how they are going to make this thing happen? i mean, yes they have a database with cookie 'movements' and yes, they have a database with names. but unless they have some way to link these two together, there is no way to make the name db usefull. there are two ways they can do the name->cookie mapping.
1) if you give them your name, they obviously got what they need, so avoid that:-) 2) if they make a deal with major sites that use banners from doubleclick where the sites relay personal information submited to them back to doubleclick, the name->cookie mapping may be done.
>However, once you pass your name (ie. as a part of a purchase, or even just a request for information via a form) to one of those sites which uses DoubleClick ads, that site's information can be combined with DoubleClick's to determine precisely who you are.
that would require doubleclick to strike an alliance with all sites they have banners on, quite the infrastructure challenge there.
(l)
yes it is possible. but as long as you dont give away your name (or other identifiers )to doubleclick (or sites where they have banners to be even more secure) they will never be able to map your name to your cookie.
The first time you see a doubleclick banner you get a nice little cookie. from that point on all the banners that you see comming from doubleclick will get the cookie, save the info on your COOKIES surfing habit and then maybe update the cookie.
couple this with an database filled with names and addresses. now, unless you somehow reveal your name to doubleclick it is impossible for them to make a mapping between these two databases.
they dont have name->cookie pairs. so how are they going to make use of the name database?
look, all of the distributed DOS systems require a machine to run on, which makes the fact that it can be used to flood pretty irrelevant compared to what else it can be used as.
The OS9 thing is a networkcode issue, just like smurf attacks was. Whenever you design network code think about this: if the protocol being used does not use a handshake or in some other way verify the recipient, do NOT send large packets in response to small ones.
UDP & ICMP/IP can be used for this sort of attack very easily. if you use a clever DNS request I'm sure you can get a packet back that is a lot larger than your request. connectionless protocols all have that flaw.
On a last note though, this does not sound like a problem worth attention unless it responds to broadcast addrs.
Using "bad language in the sources" as an excuse for this is plain silly. If a person actually wants to read the source, its because he or she gets something from reading it. And if can read and understand the source I think you are quite capable of handling the obsceneties(sp?) nomatter what age you might be
I for one cannot think of a single reason as to WHY someone would want to limit the use of their distribution.
There are two basic types here, software that CAN be used both as good and bad, and software that is made for the sole purpose of destruction. Either way the user of the software is the one who should be made responsible for his actions, the tools cannot do any harm on its own.
Its tempting to compare to a gun or any other weapon but this goes beyond that. By making such tools available it force a reaction to the problem and thereby making the world a better place. If the tools remained unknown to the vendors it would just make technological warfare, industrial espionage or whatever, so much easier.
In a perfect world it should be enough to notify the vendor of a problem, but this just does not happen. The only way to make sure patches are released, fixes are made, and protocols changed is to publish the tools needed to take advantage of it.
This is the way bugtraq has operated for quite some time now, and I havent heard of a lawsuit for making a program like that yet, but plenty lawsuits against people who use them:)
"BSA has filed a lawsuit against twenty-five individuals allegedly participating in the 'warez4cable' IRC channel"
I assume "participating" in an irc channel means more than your presence there, otherwise they wont get far with this lawsuit. Secondly, I dont think a log of the channel will be considered criminating unless you break down a door and actually find the software at someones house. A channel log where a guy says he will send a piece of software to another one is not proof that the transfer did in fact occur.
I assume transfers are done by DCC which establish a direct connection between clients anyway - so checking server logs wont do much good either.
The thing they -might- do is to go after the ops, trying to scare people from running channels like this, but I dont really see this working. An Op can be no more responsible for what people do (hidden) on the channel than root on your server can be for the content of your mail.
So - that means we are left with "sting" operations, infiltrating the channels and bust people that seem active. The thing is - you only catch small fish like this.
so, lots of smoke and no fire? Atleast that has been the rule so far in related issues.
My personal view on this would be that an operating system is the "layer" operating between the hardware and applications. The content is not that important, be it mere BIOS wrapper rutines or advanced filesystem rutines - the fact that it works as an intermediate between hardware and other software is what makes it an OS in my eyes.
Ofcourse - you could argue that this includes device drivers. This is where the definition gets harder, one could point out that drivers simply extends the abillity of an allready functioning OS and therefor belongs among the applications. On the flip side, ofcourse, drivers DO act as an intermediate between hardware and software.
If forced at gunpoint to take a stand on this, I would say that drivers are os-addons.
Slashdot Mirror
If your system is 0wn3d and used to launch a DDoS attack on AOL (or Slashdot, Kuro5hin, whoever), then AOL should have the right to sue you for damages. Your incompetence caused their loss.
So, if i break into your car and smash through the window at a 7-11 thats _your_ responsibility right. That makes sense.
G
Since anything that runs on a client can be compromized (there is _no_ way to make sure this doesnt happen) the only real option for games is to just send pre rendered graphical images to the client which in turn sends back the client keystrokes. this is ofcourse way too bandwidth and serverside intensive to work with current technology, imagine doing this for a MMORPG with 60k users online simultaniously :) .. and even if you use this method the cheaters can respond by writing pattern-reqognition systems which still will be able to autoaim and such (although it raises the bar considerably).
it DOES remove the threat of wallhacks and clientside radars but a good game protocol shouldnt send information about things outside of the clients vision anyway.
K
is ìt a crucial part of the article that i missed, or couldnt *anyone* just listen in on the conversation from whereever they like and distinguish two different sets of sounds? i mean, the sounds wouldnt be exactly like the ones the reciver gets, but wouldnt they still be able to
tell the two waves apart? if they can then this is pretty hopeless
k
Certain games require a high sensitivity setting on your mouse. counter-strike (to name one) needs this so you can spin around 180 degrees with as little handmovement as possible.
Now, if you want a ballmouse that can operate at this sensitivity without producing jagged scrolling you have to buy a boomslang or something like that. However, the optical mouse you can get much cheaper will do exactly the same, so why waste the money?
k
im not out to burst anyones bubble or anything, just thought id remind everyone that "a leading scientist" usually translates to "a crackpot we found who happen to have a degree". im not saying this is the case with dr. sykes here, but it might be.
its comparable to the "leading computer scientists" that get interviewed by some big news company and claims "A.I is a couple of years away".
we might get there, but probably not real soon.
What exactly is spectacular news here? i mean pepole make all sorts of fantastic programs/hardware for their ph.d, and this is what slashdot features?
Im not trying to rain on anyones parade or anything, but this is a non-event.
There are times when the written form is better than an oral message. be that the reservation-number for the movie-tickets your going to pick up, the url for something, or whatever. saves you from remembering it or having to call back to get it verified. k
and i think almost everyone that ever did packet construction code know what i'm talking about.
.. probably the most widly stolen function in the history of programming :-) .. very few people give credit though, but its quite unique and easy to spot where its used.
jupp, in_cksum from ping.c
---
On the Internet Chess Club, a copy of GNU Chess running on an SGI Onyx R4400 under the handle MaxII has achieved a blitz rating of over 2500 and a standard rating of over 2300.
- Wolfgang Gabriel ran the Bednorz-Toennissen Test BT2630 with GNU Chess 4.0 pl74 on a 60 MHz Pentium with 16 MB of RAM. The test gave an estimated rating of 2213. He also ran Fritz-2 on the same hardware and got an estimated rating of 2311.
Kramnik used to be a student of Kasparovs, so they have undoubtedly played quite a few matches :) :
;
Official games
Since their first clash in 1993, Kasparov and Kramnik have met 23 times in serious tournament play in games played at classical time limits. The score stands at three wins apiece with 17 draws. The full story game list is here.
..until somone hacks one of these things.
a bunch of hackers walking around with units that match all profiles sounds entertaining.
larva
>There is evidence that Europa has an ocean >beneath its ice crust.
:)
Well, the article only states that many scientists belive there is an ocean beneath the ice, but there is no evidence of the fact.
The reason Europa is belived to have a ocean despite its cold core is jupiters enormous gravitation forces, it squeezes the moons and that is what makes the warm ones insainly hot and the cold ones (hopefully) warm enough to substain flowing water.
This is all theory though - no tests have been done to make sure yet.
Now you went and got me all exited over nothing
(hmmm.. the [preview] button should be be the default in the comment form, not [submit] :)
:-)
have doubleclick explained how they are going to make this thing happen? i mean, yes they have a database with cookie 'movements' and yes, they have a database with names. but unless they have some way to link these two together, there is no way to make the name db usefull.
there are two ways they can do the name->cookie mapping.
1) if you give them your name, they obviously got what they need, so avoid that
2) if they make a deal with major sites that use banners from doubleclick where the sites relay personal information submited to them back to doubleclick, the name->cookie mapping may be done.
but i belive #2 violates some privacy laws.
larva
>However, once you pass your name (ie. as a part of a purchase, or even just a request for information via a form) to one of those sites which uses DoubleClick ads, that site's information can be combined with DoubleClick's to determine precisely who you are.
that would require doubleclick to strike an alliance with all sites they have banners on, quite the infrastructure challenge there.
(l)
yes it is possible. but as long as you dont give away your name (or other identifiers )to doubleclick (or sites where they have banners to be even more secure) they will never be able to map your name to your cookie.
The first time you see a doubleclick banner you get a nice little cookie. from that point on all the banners that you see comming from doubleclick will get the cookie, save the info on your COOKIES surfing habit and then maybe update the cookie.
couple this with an database filled with names and addresses. now, unless you somehow reveal your name to doubleclick it is impossible for them to make a mapping between these two databases.
they dont have name->cookie pairs. so how are they going to make use of the name database?
(l)
>What I'm asking is why don't more places prevent 1.1.1.1 from sending out a spoofed 2.2.2.2 packet?
I'm afraid the only answer to that is ignorance. Nothing will break, after all - the protocol suite is intended to work with "real" addrs.
look, all of the distributed DOS systems require a machine to run on, which makes the fact that it can be used to flood pretty irrelevant compared to what else it can be used as.
The OS9 thing is a networkcode issue, just like smurf attacks was. Whenever you design network code think about this: if the protocol being used does not use a handshake or in some other way verify the recipient, do NOT send large packets in response to small ones.
UDP & ICMP/IP can be used for this sort of attack very easily. if you use a clever DNS request I'm sure you can get a packet back that is a lot larger than your request. connectionless protocols all have that flaw.
On a last note though, this does not sound like a problem worth attention unless it responds to broadcast addrs.
Using "bad language in the sources" as an excuse for this is plain silly. If a person actually wants to read the source, its because he or she gets something from reading it. And if can read and understand the source I think you are quite capable of handling the obsceneties(sp?) nomatter what age you might be
I for one cannot think of a single reason as to WHY someone would want to limit the use of their distribution.
this just defies all logic
larva
There are two basic types here, software that CAN be used both as good and bad, and software that is made for the sole purpose of destruction. Either way the user of the software is the one who should be made responsible for his actions, the tools cannot do any harm on its own.
:)
Its tempting to compare to a gun or any other weapon but this goes beyond that. By making such tools available it force a reaction to the problem and thereby making the world a better place. If the tools remained unknown to the vendors it would just make technological warfare,
industrial espionage or whatever, so much easier.
In a perfect world it should be enough to notify the vendor of a problem, but this just does not happen. The only way to make sure patches are released, fixes are made, and protocols changed
is to publish the tools needed to take advantage of it.
This is the way bugtraq has operated for quite some time now, and I havent heard of a lawsuit for making a program like that yet, but plenty lawsuits against people who use them
"BSA has filed a lawsuit against twenty-five individuals allegedly participating in the 'warez4cable' IRC channel"
I assume "participating" in an irc channel means more than your presence there, otherwise they wont get far with this lawsuit. Secondly, I dont think a log of the channel will be considered criminating unless you break down a door and actually find the software at someones house. A channel log where a guy says he will send a piece of software to another one is not proof that the transfer did in fact occur.
I assume transfers are done by DCC which establish a direct connection between clients anyway - so checking server logs wont do much good either.
The thing they -might- do is to go after the ops, trying to scare people from running channels like this, but I dont really see this working. An Op can be no more responsible for what people do (hidden) on the channel than root on your server can be for the content of your mail.
So - that means we are left with "sting" operations, infiltrating the channels and bust people that seem active. The thing is - you only catch small fish like this.
so, lots of smoke and no fire? Atleast that has been the rule so far in related issues.
My personal view on this would be that an operating system is the "layer" operating between the hardware and applications. The content is not that important, be it mere BIOS wrapper rutines or advanced filesystem rutines - the fact that it works as an intermediate between hardware and other software is what makes it an OS in my eyes.
Ofcourse - you could argue that this includes device drivers. This is where the definition gets harder, one could point out that drivers simply extends the abillity of an allready functioning OS and therefor belongs among the applications. On the flip side, ofcourse, drivers DO act as an intermediate between hardware and software.
If forced at gunpoint to take a stand on this, I would say that drivers are os-addons.