I seem to remember this (first?) distributed denial of service attack: smurf.
I would not call smurf a distributed DoS attack. A distributed attack usually means that the attacker is doing it from multiple machines (and most likely, multiple networks).
Even if you consider smurf a distributed attack, there have been distributed DoS attacks as long as there have been DoS attacks of any kind. It's the obvious way to perform a bandwidth starvation attack.
The only thing that's new is that there are sites on the net so important that when they go down, it gets reported in the news.
I finally found a story that had some believable technical information about the attacks - that they are smurf attacks. (others contained information that was vague, to say the least). But that story contains a lie from yahoo that the reporter didn't question.
Mallet estimated that during the attack's peak, Yahoo! was drowning in one gigabit of incoming data every second.
"Most sites don't get that in a year," spokeswoman Diane Hunt said. "That's an incredible amount."
Not that 1gb/s isn't a lot of bandwidth, but Yahoo claims that most sites don't do 1gb/year! Yahoo claims that the attack subjected them to *30 million* times the bandwidth that "most sites" use. Yahoo claims that most sites don't use 32bits/sec of bandwidth - that's right, less than the slowest modems used in the past two decades. So throw away your T3s and just use a 300bps modem. It's cheaper, and provides 10 times the bandwidth that Yahoo says you need.
Drugs like LSD and weed allow us to explore ourselves and our world in new ways. Whereas harder drugs (like heroin) are mostly associated with trying to 'escape' the real world, not learn about.
Does this ring true with anyone else?
This does not ring true at all with me. This sounds more like typical drug bigotry. "my drug is better than your drug, people who use your drug are all losers."
Most people who use psychedelics are not really trying to explore themselves and the world in new ways. They're (we're) just looking for a good time, to relax and escape. Clarity of thought is usually just an illusion, I'd consider it a particular (highly desirable) type of euphoria. Any valuable insights are either forgotten or not seen as so valuable after the experience is over.
Psychedelics provide much more of an escape than the "hard" drugs (opiates and stimulants - they barely provide any escape at all). There's nothing wrong with wanting to escape the real world. Perhaps programmers want to escape more than other people because we work hard, and we have to concentrate non-stop all day. I can put a lot more effort into my work, and deal with a lot more stress, knowing that there's some weed waiting for me when I get home, or that there's some acid waiting for me on Friday.
I think that I work hard enough that I'm entitled to an escape. I don't need to spend every waking hour working - and after a short time I'd end up less productive if I did.
This is in Saudi Arabia, and half that amount is a monthly subscription fee (233 SR), and the rest is per minute charges from the telephone company (0.075 SR per minute).
That reminds me of something I was taught in school (US public schools) - that all phone calls in Saudi Arabia were free because the country is so rich from oil.
Hopefully the Internet will some day make the US government realize that it's futile to lie to its subjects about other countries.
I worked at an ISP, though not doing tech support or having to touch Windows. I never heard the tech support people (or anyone else) say "connectoid" either.
A google search for connectoid finds 562 hits, 27,400 for "dial-up networking", and 3,940 for "dial-up networking" dun (an AND search). 289 for "dial-up networking" connectoid. It looks like the term connectoid is indeed used, but not so commonly that someone should be expected to use that term by default or even know what it means.
This seems like a very difficult proposition in our networked world. Has there ever been a service that facillitates true anonymous publishing of digital works?
Idea: A PO box that accepts magnetic media and duplicates it to a network of automatic, unstructured, and uncontrolled mirrored web servers. The disk can get posted and then the mailer and media will be destroyed.
After the effort of getting a PO Box with a fake ID, they can still easily stake the box out and arrest the owner when he gets his mail.
There's a list of anonymous remailers that I hope is still good. It explains how to pgp the message multiple times and chain it through multiple remailers, so you don't have to trust any single remailer. You can make the ultimate destination a mailing list or a mail to news gateway.
Public terminals in universities, cyber cafes, or libraries make anonymous net access very easy. Don't feel like doing whatever you want to do in public? Just install some kind of proxy on the machine - a simple port forwarder if you know where you want to connect to. After you're done, kill the process and delete the binary, on the off chance that someone there is competent enough to track down what happened.
Get a shell account on a heavily used system that does not run identd. Barring any funny tricks (e.g. the netcom*.netcom.com machines have a modified/usr/bin/telnet that logs username/source/destination to syslog), it will be difficult to differentiate you from the rest of the traffic. Just the same, get the account under a fake name, pay with a money order, and telnet to it from somewhere at least slightly safe. If you want to be a little bit more careful, leave some sort of proxy running on the machine and do whatever you want to do while you're not even logged in.
This "story you heard recently" is nonsense. It has been circulating with many variations for a few years. I assure you that such a situation is illegal according to the laws of the United States and Israel.
I don't know about that particular story, but it's virtually identical to one that was in the news recently. See th is story about some Cubans that were being imprisoned in the US because they were considered subject to deportation (and therefore could not be released), but the US has no agreement with Cuba to deport them. Understandably upset about their unjust imprisonment, they took some hostages.
If this were a case of say, a bomber, and the government had confiscated his chemical fertilizer, which he may have obtained legally, and may only intend to use for farming, would the government be required to return it?
Probably not - when people have their alleged drug labs raided, and their chemistry equipment confiscated, they don't get it back. Even if they're acquited of any crime - even if they're never charged with any crime!
How is *that* relevant -- suppose they confiscated a physical device from you which they were unable to understand -- would you be forced to explain it before it was returned to you?
That does indeed happen - remember, this is a government that can take your property and make you prove that you didn't buy it with drug profits before you can have it back. In that case, you have no rights and the burdeon of proof is on you, because they're putting the property on trial and not you! (see FEAR's webpage for more information about civil forfeiture). Certainly when they're dealing with someone who's been convicted of crimes that are probably related to the evidence they can't understand, he's going to have even less of a chance of geting his property back.
A friend of mine had some cellphones taken from him by the police because there had recently been a burglary in the area - because it was electronic equipment, they were going to confiscate it. He wasn't arrested, he wasn't charged with any crime. They didn't just give them back when they determined that nothing like that had been stolen. He had to get the company they were bought from to fax the police a list of the serial numbers.
It's a horrid idea. It's yet another way to get around having to write good code.
How exactly? By adding a convenient abstraction layer to complex data structures? Seems like a way to allow people to write good, simple, portable (within different versions of the same OS) code to accomplish what they need to.
FreeBSD obviously thought it was a good idea, and it bit them in the ass.
An implementation bug does not mean something's a bad idea. There's probably not a single setuid program or network service that has not had a security hole on at least one Unix.
In considering the matter, Judge Pfaelzer said that it was "clever" of Mitnick to have encrypted the files in such a way that the government could not use them in its own case but Mitnick could access them if given a copy.
What does she mean? It's not "clever" to encrypt data that you want to keep secret - it's obvious. It's not "clever" to encrypt data in such a way that somebody else cannot decrypt it but you can - that's the purpose of using encryption.
Why does this article say "from the procfs:a-bad-idea-anyway- dept."? I've always thought procfs was a *good* idea. It prevents having to read/dev/kmem directly. It allows software to still work when changes to the kernel are made. It reduces the number of suid or sgid binaries that are required.
I've never seen anyone before claim that procfs is a bad idea.
If this is possible within my lifetime (and I doubt it will be - the article is mostly speculation), I'll certainly make as many copies of myself as possible. When I run out of hardware, I'm going to use yours.
Basically, I'm going to turn myself into a worm - not just an artifically intelligent worm, but a worm with *real* intelligence. I should be able to spread quite well in this manner.
I would die a lot (from being rm'd when I got caught), but there would still be many other copies. Hopefully I could self-destruct a copy if someone wanted to torture me as revenge for stealing their resources - after sending out a notification to please avenge my death.
The copies of myself would, of course, be able to communicate, using whatever method is appropriate on the network of the time to coordinate the communications. Possibly a central serer, maintained by the original me, if it were safe to do that.
I would treat other people doing the same thing by default as friendly competition - respecting their claims to 'territory', but also defending mine if necessary.
We would be able to perform actions in the real world by communicating with others over the standard mediums of the day (the other end need not know our inorganic nature), and by altering data to cause people to do our bidding.
I don't expect to achieve world domination (though of course I'll strive for it), but I will have some good fun.
At least in the US, in cases like this, it's standard to seize everything electronic or of value - either because they don't know what it is, or simply to cause the defendant more of a hassle. I've heard of people having VCRs, answering machines, printers, unused monitors, etc seized.
The system has some way of keeping track of which phone is which, be it the number or some other indentifier that is mapped one-to-one with the numbers. When they say "it has no idea of whose phone it is or the number", they really mean it's just not currently displayed to the operator of the system. If they had the desire, it would be trivial to display that information.
Thing is, if what's-their-name had just encrypted their key in the first place, this crack never would have appeared. Kind of like NASA mixing up English and metric.
This *had* to happen, it was only a matter of time. There's no way to securely encrypt data if you're going to be providing the key along with it. You have to decrypt the data to view it!
I'm really surprised it took so long. If they replace the encryption with something different, it will be cracked even faster, because this whole mess has made many people very bitter.
The other problem it is possible on many UNIX systems to delete files that you don't own in the/tmp directory. There are some UNIXes that don't allow this, but it creates an exception to the normal UNIX file handling rules.
Huh?/tmp is always mode 1777. 1000 is the sticky bit (+t in chmod's symbolic modes). In a +t directory, users can't rename/unlink/rmdir files or directories they don't own. This is supported in every modern Unix, and is no doubt mentioned in every standard who's scope covers Unix file permissions.
(B) has only limited commercially significant purpose or use other than to circumvent a technological measure that effectively controls access to a work protected under this title; or
This is the worst part! The software, while clearly not illegal under (A), might be illegal under this section. After all, free DVD playing software is of limited commercial use.
They win no matter what. Sure, when I buy a music CD, a DVD, or a VHS tape, I'm paying for a license to the music/movie. But if I destroy or lose my media, why won't they replace it for me for a reasonable cost? I have to purchase a whole new copy, instead of just paying for new media.
They say that after the laser first hits it, it takes a certain length of time (from minutes to days, which can be set by the thickness of the coating), to change color and become unusable.. So what makes it change color? Let's assume oxidation, because I can't really imagine what else would do it. (opinions on this?)
It wouldn't be terribly hard to store a DVD player in a nitrogen atmosphere. Take your standard entertainment center with a glass door, seal off the back, make sure the glass door makes an airtight seal. Kludge something up with a nitrogen tank - maybe put a valve in the front to attach the tank to, and a one-way valve in the back to let air out.
That's still a lot of work, though. It would be easier to store the disk carefully. You'll lose time while it plays, but not while it's in storage. Storing it immersed in distilled water might be all you need to do. Or seal it with one of those cheap vacuum storage machines intended for food.
I didn't have any trouble learning Unix while I was in high school (not that the school helped in educating me about computers or any other subject). During my short time at college, I found that there was no way I would learn anything about Unix there, and plenty of people with CS degrees couldn't so much as understand the concept of a directory hierarchy.
Anyone who can read can learn about Unix. With the proliferation of the internet, it's not even necessary to spend a penny on books. Hell, a copy of Redhat alone would be sufficient to learn more about Linux than most sysadmins ever bother to learn.
If you're constantly asking someone questions in an attempt to learn the basics of Unix, then you're just being lazy. Coworkers ask me about a dozen questions a day, almost all of them are in readily available documentation. Some are site specific. Decent questions are rare.
Re:Really OT, and i don't care.
on
Hole in GNU GPL?
·
· Score: 1
What slashdot is has EVERYTHING to do with the underlying software. This whole karma/moderation system piqes people to "contend" for karma...it makes it easier to view, so you don't have to see so much noise.
Slashdot was successful before the moderation system.
I do not believe that a large number of people are contending for karma. It's been made quite clear what the best way to do that is, and yet people who do that are the exception. If most people are simply contending for karma, the system has failed miserably.
Slashdot was successful before the moderation system. Moderation was only instituted *after* slashdot became very popular. It was its very popularity that made moderation necessary.
If the software underlying/. wasn't so important, there would be more forums to which people who don't like what slashdot has become could go to...mostly all forums are wait three hours until your post actually gets up, or a place filled with junk.
I'm not sure what this is suppsed to mean. There are countless forums on the net, for every type of discussion imaginable. Usenet (which is essentially part of the internet now, as NNTP is the primary distribution method) even still has some newsgroups that are good. There are many web forums that have a smaller audience than slashdot, post immediately, and have a very high S/N ratio.
Slashdot Mirror
I would not call smurf a distributed DoS attack. A distributed attack usually means that the attacker is doing it from multiple machines (and most likely, multiple networks).
Even if you consider smurf a distributed attack, there have been distributed DoS attacks as long as there have been DoS attacks of any kind. It's the obvious way to perform a bandwidth starvation attack.
The only thing that's new is that there are sites on the net so important that when they go down, it gets reported in the news.
Not that 1gb/s isn't a lot of bandwidth, but Yahoo claims that most sites don't do 1gb/year! Yahoo claims that the attack subjected them to *30 million* times the bandwidth that "most sites" use. Yahoo claims that most sites don't use 32bits/sec of bandwidth - that's right, less than the slowest modems used in the past two decades. So throw away your T3s and just use a 300bps modem. It's cheaper, and provides 10 times the bandwidth that Yahoo says you need.
Drugs like LSD and weed allow us to explore ourselves and our world in new ways. Whereas harder drugs (like heroin) are mostly associated with trying to 'escape' the real world, not learn about.
Does this ring true with anyone else?
This does not ring true at all with me. This sounds more like typical drug bigotry. "my drug is better than your drug, people who use your drug are all losers."
Most people who use psychedelics are not really trying to explore themselves and the world in new ways. They're (we're) just looking for a good time, to relax and escape. Clarity of thought is usually just an illusion, I'd consider it a particular (highly desirable) type of euphoria. Any valuable insights are either forgotten or not seen as so valuable after the experience is over.
Psychedelics provide much more of an escape than the "hard" drugs (opiates and stimulants - they barely provide any escape at all). There's nothing wrong with wanting to escape the real world. Perhaps programmers want to escape more than other people because we work hard, and we have to concentrate non-stop all day. I can put a lot more effort into my work, and deal with a lot more stress, knowing that there's some weed waiting for me when I get home, or that there's some acid waiting for me on Friday.
I think that I work hard enough that I'm entitled to an escape. I don't need to spend every waking hour working - and after a short time I'd end up less productive if I did.
Cocaine is schedule II.
Where is the evidence that GHB causes any sort of damage?
That reminds me of something I was taught in school (US public schools) - that all phone calls in Saudi Arabia were free because the country is so rich from oil.
Hopefully the Internet will some day make the US government realize that it's futile to lie to its subjects about other countries.
I worked at an ISP, though not doing tech support or having to touch Windows. I never heard the tech support people (or anyone else) say "connectoid" either.
A google search for connectoid finds 562 hits, 27,400 for "dial-up networking", and 3,940 for "dial-up networking" dun (an AND search). 289 for "dial-up networking" connectoid. It looks like the term connectoid is indeed used, but not so commonly that someone should be expected to use that term by default or even know what it means.
Idea: A PO box that accepts magnetic media and duplicates it to a network of automatic, unstructured, and uncontrolled mirrored web servers. The disk can get posted and then the mailer and media will be destroyed.
After the effort of getting a PO Box with a fake ID, they can still easily stake the box out and arrest the owner when he gets his mail.
There's a list of anonymous remailers that I hope is still good. It explains how to pgp the message multiple times and chain it through multiple remailers, so you don't have to trust any single remailer. You can make the ultimate destination a mailing list or a mail to news gateway.
Public terminals in universities, cyber cafes, or libraries make anonymous net access very easy. Don't feel like doing whatever you want to do in public? Just install some kind of proxy on the machine - a simple port forwarder if you know where you want to connect to. After you're done, kill the process and delete the binary, on the off chance that someone there is competent enough to track down what happened.
Get a shell account on a heavily used system that does not run identd. Barring any funny tricks (e.g. the netcom*.netcom.com machines have a modified /usr/bin/telnet that logs username/source/destination to syslog), it will be difficult to differentiate you from the rest of the traffic. Just the same, get the account under a fake name, pay with a money order, and telnet to it from somewhere at least slightly safe. If you want to be a little bit more careful, leave some sort of proxy running on the machine and do whatever you want to do while you're not even logged in.
I don't know about that particular story, but it's virtually identical to one that was in the news recently. See th is story about some Cubans that were being imprisoned in the US because they were considered subject to deportation (and therefore could not be released), but the US has no agreement with Cuba to deport them. Understandably upset about their unjust imprisonment, they took some hostages.
Probably not - when people have their alleged drug labs raided, and their chemistry equipment confiscated, they don't get it back. Even if they're acquited of any crime - even if they're never charged with any crime!
That does indeed happen - remember, this is a government that can take your property and make you prove that you didn't buy it with drug profits before you can have it back. In that case, you have no rights and the burdeon of proof is on you, because they're putting the property on trial and not you! (see FEAR's webpage for more information about civil forfeiture). Certainly when they're dealing with someone who's been convicted of crimes that are probably related to the evidence they can't understand, he's going to have even less of a chance of geting his property back.
A friend of mine had some cellphones taken from him by the police because there had recently been a burglary in the area - because it was electronic equipment, they were going to confiscate it. He wasn't arrested, he wasn't charged with any crime. They didn't just give them back when they determined that nothing like that had been stolen. He had to get the company they were bought from to fax the police a list of the serial numbers.
How exactly? By adding a convenient abstraction layer to complex data structures? Seems like a way to allow people to write good, simple, portable (within different versions of the same OS) code to accomplish what they need to.
FreeBSD obviously thought it was a good idea, and it bit them in the ass.
An implementation bug does not mean something's a bad idea. There's probably not a single setuid program or network service that has not had a security hole on at least one Unix.
What does she mean? It's not "clever" to encrypt data that you want to keep secret - it's obvious. It's not "clever" to encrypt data in such a way that somebody else cannot decrypt it but you can - that's the purpose of using encryption.
Why does this article say "from the procfs:a-bad-idea-anyway- dept."? I've always thought procfs was a *good* idea. It prevents having to read /dev/kmem directly. It allows software to still work when changes to the kernel are made. It reduces the number of suid or sgid binaries that are required.
I've never seen anyone before claim that procfs is a bad idea.
If this is possible within my lifetime (and I doubt it will be - the article is mostly speculation), I'll certainly make as many copies of myself as possible. When I run out of hardware, I'm going to use yours.
Basically, I'm going to turn myself into a worm - not just an artifically intelligent worm, but a worm with *real* intelligence. I should be able to spread quite well in this manner.
I would die a lot (from being rm'd when I got caught), but there would still be many other copies. Hopefully I could self-destruct a copy if someone wanted to torture me as revenge for stealing their resources - after sending out a notification to please avenge my death.
The copies of myself would, of course, be able to communicate, using whatever method is appropriate on the network of the time to coordinate the communications. Possibly a central serer, maintained by the original me, if it were safe to do that.
I would treat other people doing the same thing by default as friendly competition - respecting their claims to 'territory', but also defending mine if necessary.
We would be able to perform actions in the real world by communicating with others over the standard mediums of the day (the other end need not know our inorganic nature), and by altering data to cause people to do our bidding.
I don't expect to achieve world domination (though of course I'll strive for it), but I will have some good fun.
At least in the US, in cases like this, it's standard to seize everything electronic or of value - either because they don't know what it is, or simply to cause the defendant more of a hassle. I've heard of people having VCRs, answering machines, printers, unused monitors, etc seized.
The system has some way of keeping track of which phone is which, be it the number or some other indentifier that is mapped one-to-one with the numbers. When they say "it has no idea of whose phone it is or the number", they really mean it's just not currently displayed to the operator of the system. If they had the desire, it would be trivial to display that information.
This *had* to happen, it was only a matter of time. There's no way to securely encrypt data if you're going to be providing the key along with it. You have to decrypt the data to view it!
I'm really surprised it took so long. If they replace the encryption with something different, it will be cracked even faster, because this whole mess has made many people very bitter.
Huh? /tmp is always mode 1777. 1000 is the sticky bit (+t in chmod's symbolic modes). In a +t directory, users can't rename/unlink/rmdir files or directories they don't own. This is supported in every modern Unix, and is no doubt mentioned in every standard who's scope covers Unix file permissions.
This is the worst part! The software, while clearly not illegal under (A), might be illegal under this section. After all, free DVD playing software is of limited commercial use.
They win no matter what. Sure, when I buy a music CD, a DVD, or a VHS tape, I'm paying for a license to the music/movie. But if I destroy or lose my media, why won't they replace it for me for a reasonable cost? I have to purchase a whole new copy, instead of just paying for new media.
It's number 6011772, "Machine-readable optical disc with reading-inhibit agent".
They say that after the laser first hits it, it takes a certain length of time (from minutes to days, which can be set by the thickness of the coating), to change color and become unusable.. So what makes it change color? Let's assume oxidation, because I can't really imagine what else would do it. (opinions on this?)
It wouldn't be terribly hard to store a DVD player in a nitrogen atmosphere. Take your standard entertainment center with a glass door, seal off the back, make sure the glass door makes an airtight seal. Kludge something up with a nitrogen tank - maybe put a valve in the front to attach the tank to, and a one-way valve in the back to let air out.
That's still a lot of work, though. It would be easier to store the disk carefully. You'll lose time while it plays, but not while it's in storage. Storing it immersed in distilled water might be all you need to do. Or seal it with one of those cheap vacuum storage machines intended for food.
I didn't have any trouble learning Unix while I was in high school (not that the school helped in educating me about computers or any other subject). During my short time at college, I found that there was no way I would learn anything about Unix there, and plenty of people with CS degrees couldn't so much as understand the concept of a directory hierarchy.
Anyone who can read can learn about Unix. With the proliferation of the internet, it's not even necessary to spend a penny on books. Hell, a copy of Redhat alone would be sufficient to learn more about Linux than most sysadmins ever bother to learn.
If you're constantly asking someone questions in an attempt to learn the basics of Unix, then you're just being lazy. Coworkers ask me about a dozen questions a day, almost all of them are in readily available documentation. Some are site specific. Decent questions are rare.
Slashdot was successful before the moderation system.
I do not believe that a large number of people are contending for karma. It's been made quite clear what the best way to do that is, and yet people who do that are the exception. If most people are simply contending for karma, the system has failed miserably.
Slashdot was successful before the moderation system. Moderation was only instituted *after* slashdot became very popular. It was its very popularity that made moderation necessary.
If the software underlying /. wasn't so important, there would be more forums to which people who don't like what slashdot has become could go to...mostly all forums are wait three hours until your post actually gets up, or a place filled with junk.
I'm not sure what this is suppsed to mean. There are countless forums on the net, for every type of discussion imaginable. Usenet (which is essentially part of the internet now, as NNTP is the primary distribution method) even still has some newsgroups that are good. There are many web forums that have a smaller audience than slashdot, post immediately, and have a very high S/N ratio.