The problem is that when someone has a website that exposes corruption (say in the Met Police), the site is usually shutdown preety quickly or the owner intimidated into removing the hosting services.
This is not action against illegal acts, this is action by the police to protect each other from being foudn to have broken the law.
is a perfect example of how scientific code should not be written. Mad rush, tweaked to get the results they wanted and no way to replicate results. Furthermore many of the tweaks to gain the expected results made no sense whatsoever - they were simply fudges.
Writing software is a science not an art form. If you treat it as some form of black art - as the UK folks did then you deserve the ridicule you get.
If you reply with but non-deterministic systems are non bounded and hence cannot be proven, Then you need to read Dijkstra's A Discipline of Programming - this puts forward a very simple seven state bounded model for ND systems mathematical provability and if you canot understand this book then dont try and build modelling systems.
IMHO Unless you apply a the science of programming all you are doing is hacking something together - and if it does what you expect that is more luck than anything.
This is actually something I have been investigating for some time.
There are businesses out there who provide staff with mobile (smart) phones and then pay for expensive but buggy apps to make the phone a useful device for staff. Then and only then are company IT and security staff involved and the nightmare of trying to stop these phones from infecting the companies networks.
The idea of using a modified version of android as a trusted work specific client with applications integrated and locked from installation of games etc - it is a *work* phone - makes a lot of sense to some companies.
Android for me is a brilliant and cheap way for a lot of people to get into developing apps for phones. However for companies the idea of allowing staff to install apps that maybe trojans means android has to be tailored to meet the needs of the business. And unlike winphones etc the apps
final product can be reviewed by internal or third party security.
So android is a low end consumer/developer toy and at the same time could become the base for secured corporate integration.
A good example is the use of android tablets with custom software being used as POS terminals in resteraunts and clubs - integrated with backend systems that may be homebrew or COTS where "Lite" terminals were never envisaged.
This is the response I got from ML when complaining about a 100K image laden pile of HTML tag soup one of thier customers had sent to my address as well as three of my spamtraps. Note ML first asked if I would provide the domain(s) of my spamtraps so they could ask thier cleint to add my spamtraps to thier stoplist.
full discussion on the now defunct spam-l list - note that NOONE stodd up for ML. Pretty much every commenting stated that ML are hot on inbound spam and dont give a shit about outbound. They consider themselves TBTB (too big to block)
Messagelabs_Support wrote:
Hi Jacqui
I am writing from Messagelabs in regards to a matter whereby you have been receiving unsolicited mail.
We have been in contact with the senders of this mail and they have agreed to remove you from their mailing lists.
I would have expected that you would have been asking for details so that you can ask them to provide proof of opt-in to yourself. Given the above statement there is no way I could provide unredacted information without compromising what is to all intents a spam trap.
However, for them to do so, could you please let us know the full e-mail address that this is being sent to as in your posts you have removed the domain name.
You are joking? They have not only hit "web-scrape only" addresses that are now used as spam traps ( with the odd real request) but they have hit real life spam traps on systems I manage. This (to me) screams list purchase or they are running a very cheap web crawler.
Once we have this we can go back to our client and get them to remove you from your list.
No thanks - obviously you believe that the UBE your client "excretes" is more important than your reputation. Did you bother to look at the content (including the very large in-line images) and tag soup HTML. I ran it through S::A and is screamed SPAM at me!
We look forward to hearing from you so that we can get this resolved.
I dont know what I can say to this. You obviously have no interest in stopping these people sending out this trash.
The crays full immersion coolant model hit a big problem - the coanda effect.
This is where layer of fluid near the actual component flows much slower than actual flow - in layers slowing down exponentially as it gets closer to the stationary components.
For air this is not too much of a problem - only a very fine layer of stationary air over compenents that does not affect cooling. But with liquids the effect is both noticable and severely impacts coolant flow over hot surfaces - with some then "next gen" cray chips actually boiling the fluid. As todays chips run much hotter and generate a lot more heat than those Cray chips I can see this being a major problem today...
Crays fix for this was to move from full fluid immersion to immersion in droplets 'injected' using a car fuel injector. This got everywhere and evaporated taking the heat away from components.
Rumor has it that during devlopment, engineers bought fuel injectors for a wide range of cars and the ones for certain porsche worked best so they bought the entire stock of fuel injectors for this car in the mid-west and used them...
I remember staff at cray giving away Porsche style sunglasses with Cray written on them instead of Porsche and when I enquired why - the above was the tale I was told by sales staff.
Whether true or not is something else - the cray sales staff in those days had a seriously odd sense of humor...
Hmm speed is pretty critical. SOmeone impacted my '86 volvo 760 some years ago in a brand new vauxhall. I was stationary at light ne decided to try and get through the red light but did not see me stopped in front.
He shunted my car through the lights and the imact pushed the radio console out. I turned off the engine and had to push the console backinto place.
WHen we checked over both cars and exchanged details the front of his car to the radiator was crushed to pulp. My volvo had a scratch on the rear bumper - he never even got *near* paintwork.
When I spoke to my mechanic he asked me to estimate the speed and I said just uunder 30MPH. He told me the impact absorbers in the frame were rated for this and did nto have to be replaced. tests proved he was right.
I also rememebr a photo from a news article about someone who fell asleep at the wheel and drove into a concrete motorway bridge and 70 in a car simialr to mine (but with air bags). He walked away unscratched.
SO, crumple zones are not the only solution to low and high speed crashes - btu they are the only cheap solution that results in very high insurance costs...
One option is to run Pg over openMosix. You do NOT get fault tolerance (on a process level) and YMMV depending upon hardware and application requirements.
"Sure, Postgre has support, but I'm not entirely sure that when I email the outsourced support company, or ring their phone number, that someone will pick up."
As Nelson Munce says "Ha!!!". From recent experience, Oracle under linux sucks big time! If you use MTS it crashes ~every 24hrs. The fix from oracle - reboot at midnight:-)
As for commercial support Oracle seems to be staffed by the same hopeless indian script readers that everyone else is using. I certainly would not consider paying money for that sort of "help".
OTOH open (read free) PostgreSQL is well supported and commercial support is highly recommended and rated by people I know that have used it - no indians reading from autocues!
The problem - oracle is no longer a database company. It became an enterprise application vendor around oracle 8 and ever since then it has modified functionality with the objective of eliminating "competing" suppliers - who have since moved to other database vendors.
Now it wants to recapture the DB market but still has its "app vendor" hat on and treats other apps providers with outright hostility. Until they get thier DB vendor hat on (esp.y on support) they will continue to rate below Both Pg and MySQL - even if they "own" core MySQL technology now:-)
P.s. Although I am a long time Oracle developer (pre 7.0), I am doing quite a bit of Oracle to Pg migration work these days, so thanks to Oracle for driving my customers to me:-)
Does a file not start with an inode? WOuld this not mean each small file would eat two blocks?
This comes to mind because a previous employer wrote small files into the inode if they were ~3K - to save two writes to the raid array.
Some wally decided to hard code this behaviour into the backup software and when this 'feature' was removed, backups of all small files were nulled out on restore.
Needless to say, this pissed of a LOT of developers who after using the restore (by directory) facility found they had lost even more code.
Had this >10 years ago - FWICR dropping a spanner on the underfloor rails makes a big bang - the spanner goes off like a big fuse!
Re:Fuzzing and Obfuscation
on
Mitnick on OSS
·
· Score: 2, Interesting
"The machine might slow or freeze but an admin will notice this process and go into the users directory (as root)"
Why? - a ps will run from anywhere. I prefer running top - then selecting
offending processes and killing of required.
Alternatively, set ulimits on user accounts and have the spinlock process
kill itself.
"and type "ps -al" to see all the existing processes"
Quick question - which admins are stupid enough to include '.' in thier path?
I would have thought it much easier to use buffer/encoding overrun in specific daemons (named/sshd) to get root privs - this assumes you are not running a UML instance for external services such as DNS - you can run a live iso/fs match to detect and report "infections".
Comment "A year from now, this site wont exist, but the kid is set for life. Why?" Reply "Oh, I seriously disagree"
Let's say he patents the idea, then use his funds to sue the ass off each and every company doing anything remotely similar. Given his funds, the first one will likely cave in and that will "start the ball rolling". Investors will see that he is on to a winner and the money will roll in. He will then sell out and live off the tens of millions he has made in less than a year.
Of course, he comes from blighty, so the idea of patents and related extortion are not bred in at a young age - but I have no doubt he will learn quick:-)
"Telephone Preference Service where you can register that you don't want sales calls and if a company subsequently cold calls, you can report them and have them fined."
Bwhaahaaa!
One case where this does NOT work. I get calls from OneTel asking if I my S.O would like to move to OneTel. I explain that the phone lines are in my name and we already use VOIP (asterisk) to manage call costs. As Paul is getting his calls for free, why would want to sign up?
After the fourth call in a hour (asking to speak to Paul) I start hanging up at the word OneTel - ( I am teleworking). Now I get an Irate line manager asking why I am being abusive to his staff.:-) I tell him to F* off and hang up (after two more attempts he gets the idea that I DO NOT want to talk to him.
Yes, I was on the TPS at the time, but it appears that if scum like onetel can trick other people into giving your name, they look up your number and call you (over and over and over).
I called the TPS and they said that they could do nothing about it as it was not legally a "cold call".
Well there was a 5/12/24 supply left over at my old employer. They offered to give it away but no takers - so they left it in the building. Size? - well it had its own 11Kv transfomer supplying this underfloor beastie. The 5V rail was a solid 2"x4" bar.
How do we know he did not know about it? In such situations you shoiuld assume the worst.
A similar example is nuclear reprocessing facility workers taking off thier RAD badges, to ensure that they can do overtime without exceeding thier safe legal dose.
When health and safety found out (as usual, via the natiaonal newspapers), the employer said that it did not notice employees in the hazmat areas without badges and because of this they were never prosecuted.
Moral of the story: ignorance is a good excuse - if you can get away with it.
What I thought was a decent friend of mine walked out on his wife on the day of sale of his house - he filtched the proceeds.
He moved in with his ex girlfriend and her husband. His job - unemployed but studying in theological college (funded by his wife, who sold/moved house just so that he could go to college!).
The other husbands reaction to the situation (his wife sharing a bed with an ex in thier house) "It is gods will".
No, its the randy b*tard using god as an excuse to rip his long suffering wife off and mess up someone elses marrage.
When the theological colleg found out they ignored the situation. But when the press found out, the college kicked him out.
I understood that installing any software without
express permission is illegal within the UK/EU?
If true, and if every purchaser returned the CD,
and then somehow managed to take the record shop
to courts for the IT cleanup fees, record shops
would be far more wary about invasive DRM.
Jacqui
Slashdot Mirror
are a good start.
Like many of her fans, Anne had an entire bookshelf devoted to her. My deepest condolances to her family and close friends.
The problem is that when someone has a website that exposes corruption (say in the Met Police), the site is usually shutdown preety quickly or the owner intimidated into removing the hosting services.
This is not action against illegal acts, this is action by the police to protect each other from being foudn to have broken the law.
The best It book I had (a russian programmer stole it).
Its coverage on bounded non determinacy was inspired for its day.
is a perfect example of how scientific code should not be written. Mad rush, tweaked to get the results they wanted and no way to replicate results.
Furthermore many of the tweaks to gain the expected results made no sense whatsoever - they were simply fudges.
Writing software is a science not an art form. If you treat it as some form of black art - as the UK folks did then you deserve the ridicule you get.
If you reply with but non-deterministic systems are non bounded and hence cannot be proven, Then you need to read Dijkstra's A Discipline of Programming - this puts forward a very simple seven state bounded model for ND systems mathematical provability and if you canot understand this book then dont try and build modelling systems.
IMHO Unless you apply a the science of programming all you are doing is hacking something together - and if it does what you expect that is more luck than anything.
This is actually something I have been investigating for some time. There are businesses out there who provide staff with mobile (smart) phones and then pay for expensive but buggy apps to make the phone a useful device for staff. Then and only then are company IT and security staff involved and the nightmare of trying to stop these phones from infecting the companies networks. The idea of using a modified version of android as a trusted work specific client with applications integrated and locked from installation of games etc - it is a *work* phone - makes a lot of sense to some companies. Android for me is a brilliant and cheap way for a lot of people to get into developing apps for phones. However for companies the idea of allowing staff to install apps that maybe trojans means android has to be tailored to meet the needs of the business. And unlike winphones etc the apps final product can be reviewed by internal or third party security. So android is a low end consumer/developer toy and at the same time could become the base for secured corporate integration. A good example is the use of android tablets with custom software being used as POS terminals in resteraunts and clubs - integrated with backend systems that may be homebrew or COTS where "Lite" terminals were never envisaged.
This is the response I got from ML when complaining about a 100K image laden pile of HTML tag soup one of thier customers had sent to my address as well as three of my spamtraps. Note ML first asked if I would provide the domain(s) of my spamtraps so they could ask thier cleint to add my spamtraps to thier stoplist.
full discussion on the now defunct spam-l list - note that NOONE stodd up for ML.
Pretty much every commenting stated that ML are hot on inbound spam and dont give a shit about outbound.
They consider themselves TBTB (too big to block)
Messagelabs_Support wrote:
Hi Jacqui
I am writing from Messagelabs in regards to a matter whereby you have been receiving unsolicited mail.
We have been in contact with the senders of this mail and they have agreed to remove you from their mailing lists.
I would have expected that you would have been asking for details
so that you can ask them to provide proof of opt-in to yourself.
Given the above statement there is no way I could provide unredacted information
without compromising what is to all intents a spam trap.
However, for them to do so, could you please let us know the full e-mail address that this is being sent to as in your posts you have removed the domain name.
You are joking? They have not only hit "web-scrape only" addresses that are
now used as spam traps ( with the odd real request) but they have hit real
life spam traps on systems I manage. This (to me) screams list purchase
or they are running a very cheap web crawler.
Once we have this we can go back to our client and get them to remove you from your list.
No thanks - obviously you believe that the UBE your client "excretes"
is more important than your reputation. Did you bother to look at the
content (including the very large in-line images) and tag soup HTML.
I ran it through S::A and is screamed SPAM at me!
We look forward to hearing from you so that we can get this resolved.
I dont know what I can say to this. You obviously have no interest in stopping
these people sending out this trash.
Jacqui
Add: assignment is "copy" for all types except Object where copy by reference is used.
This makes "deep copy" code a nightmare and even versions of deep copy code in toolkits such as jquery do not work in all cases.
I have been working on a jquery based app using a modified Jquery based SOAP::Lite client and have hit this problem a number of times.
Jacqui
The crays full immersion coolant model hit a big problem - the coanda effect.
This is where layer of fluid near the actual component flows much slower than actual flow - in layers slowing down exponentially as it gets closer to the stationary components.
For air this is not too much of a problem - only a very fine layer of stationary air over compenents that does not affect cooling. But with liquids the effect is both noticable and severely impacts coolant flow over hot surfaces - with some then "next gen" cray chips actually boiling the fluid. As todays chips run much hotter and generate a lot more heat than those Cray chips I can see this being a major problem today...
Crays fix for this was to move from full fluid immersion to immersion in droplets 'injected' using a car fuel injector.
This got everywhere and evaporated taking the heat away from components.
Rumor has it that during devlopment, engineers bought fuel injectors for a wide range of cars and the ones for certain porsche worked best so they bought the entire stock of fuel injectors for this car in the mid-west and used them...
I remember staff at cray giving away Porsche style sunglasses with Cray written on them instead of Porsche and when I enquired why - the above was the tale I was told by sales staff.
Whether true or not is something else - the cray sales staff in those days had a seriously odd sense of humor...
It does not feel real.
I have worked on auction sites that present cataligues for major auction houses.
The revenue stream was in three parts
1) charge for display of the catalogue
2) transfer of e-bids to the auction house
3) collation and analysis of winning bids.
Reports based upon the latter was the biggest money maker...
Jacqui
Hmm speed is pretty critical. SOmeone impacted my '86 volvo 760 some years ago in a brand new
vauxhall. I was stationary at light ne decided to try and get through the red light but did not
see me stopped in front.
He shunted my car through the lights and the imact pushed the radio console out. I turned off the engine
and had to push the console backinto place.
WHen we checked over both cars and exchanged details the front of his car to the radiator was crushed to pulp.
My volvo had a scratch on the rear bumper - he never even got *near* paintwork.
When I spoke to my mechanic he asked me to estimate the speed and I said just uunder 30MPH. He told me
the impact absorbers in the frame were rated for this and did nto have to be replaced. tests proved he
was right.
I also rememebr a photo from a news article about someone who fell asleep at the wheel and drove into
a concrete motorway bridge and 70 in a car simialr to mine (but with air bags). He walked away unscratched.
SO, crumple zones are not the only solution to low and high speed crashes - btu they are the only cheap solution
that results in very high insurance costs...
Jacqui
One option is to run Pg over openMosix.
You do NOT get fault tolerance (on a process level) and YMMV
depending upon hardware and application requirements.
"Sure, Postgre has support, but I'm not entirely sure that when I email the outsourced support company, or ring their phone number, that someone will pick up."
:-)
:-)
:-)
As Nelson Munce says "Ha!!!". From recent experience, Oracle under linux sucks big time! If you use MTS it crashes ~every 24hrs. The fix from oracle - reboot at midnight
As for commercial support Oracle seems to be staffed by the same hopeless indian script readers that everyone else is using. I certainly would not consider paying money for that sort of "help".
OTOH open (read free) PostgreSQL is well supported and commercial support is highly recommended and rated by people I know that have used it - no indians reading from autocues!
The problem - oracle is no longer a database company. It became an enterprise application vendor around oracle 8 and ever since then it has modified functionality with the objective of eliminating "competing" suppliers - who have since moved to other database vendors.
Now it wants to recapture the DB market but still has its "app vendor" hat on and treats other apps providers with outright hostility.
Until they get thier DB vendor hat on (esp.y on support) they will continue to rate below Both Pg and MySQL - even if they "own" core MySQL technology now
P.s. Although I am a long time Oracle developer (pre 7.0), I am doing quite a bit of Oracle to Pg migration work these days, so thanks to Oracle for driving my customers to me
One minor point.
Does a file not start with an inode?
WOuld this not mean each small file would eat two blocks?
This comes to mind because a previous employer wrote small files into the inode if they were ~3K - to save two writes to the raid array.
Some wally decided to hard code this behaviour into the backup software and when this 'feature' was removed, backups of all small files were nulled out on restore.
Needless to say, this pissed of a LOT of developers who after using the restore (by directory) facility found they had lost even more code.
Had this >10 years ago - FWICR dropping a spanner on the underfloor rails makes a
big bang - the spanner goes off like a big fuse!
"The machine might slow or freeze but an admin will notice this process and go into the users directory (as root)"
:-)
Why? - a ps will run from anywhere. I prefer running top - then selecting
offending processes and killing of required.
Alternatively, set ulimits on user accounts and have the spinlock process
kill itself.
"and type "ps -al" to see all the existing processes"
Quick question - which admins are stupid enough to include '.' in thier path?
I would have thought it much easier to use buffer/encoding overrun in specific daemons (named/sshd) to get root privs - this assumes you are not running a UML instance for external services such as DNS - you can run a live iso/fs match to detect and report "infections".
I lurve UML
from snopes.com "Mostafa Kamal, production manager of Azad Products, the Dha..."
:-)
FWUI this name is a joke name. Please tell me one would really name thier kid "must have a camel"
"Serenity/Firefly is the most anarcho-capitalist plotline I've ever seen."
Have you read Iaim M Banks? The culture is far more of a "red" future.
Comment "A year from now, this site wont exist, but the kid is set for life. Why?"
:-)
Reply "Oh, I seriously disagree"
Let's say he patents the idea, then use his funds to sue the ass off each and every company doing anything remotely similar. Given his funds, the first one will likely cave in and that will "start the ball rolling". Investors will see that he is on to a winner and the money will roll in. He will then sell out and live off the tens of millions he has made in less than a year.
Of course, he comes from blighty, so the idea of patents and related extortion
are not bred in at a young age - but I have no doubt he will learn quick
"Telephone Preference Service where you can register that you don't want sales calls and if a company subsequently cold calls, you can report them and have them fined."
:-) I tell him to F* off and hang up (after two more attempts he gets the idea that I DO NOT want to talk to him.
Bwhaahaaa!
One case where this does NOT work. I get calls from OneTel asking if I my S.O would like to move to OneTel. I explain that the phone lines are in my name and we already use VOIP (asterisk) to manage call costs. As Paul is getting his calls for free, why would want to sign up?
After the fourth call in a hour (asking to speak to Paul) I start hanging up at the word OneTel - ( I am teleworking). Now I get an Irate line manager asking why I am being abusive to his staff.
Yes, I was on the TPS at the time, but it appears that if scum like onetel can trick other people into giving your name, they look up your number and call you (over and over and over).
I called the TPS and they said that they could do nothing about it as it was not legally a "cold call".
IMHO The TPS is a joke.
Well there was a 5/12/24 supply left over at my old employer.
They offered to give it away but no takers - so they left it in the building.
Size? - well it had its own 11Kv transfomer supplying this underfloor
beastie. The 5V rail was a solid 2"x4" bar.
How about having the solar (help) run the AC?
:-)
Then have the excess heat from the AC pumped into an underground heat sink (a large vat of heavy brick
heated by supersteam)
Then when you need heating (winter nights) you
pump heat from the sink.
Of course, you need space for the sink but everything
in texas is bigger
Whats the big deal?
How do we know he did not know about it? In such
situations you shoiuld assume the worst.
A similar example is nuclear reprocessing facility workers
taking off thier RAD badges, to ensure that they can
do overtime without exceeding thier safe legal dose.
When health and safety found out (as usual, via the
natiaonal newspapers), the employer said that it did not
notice employees in the hazmat areas without badges and
because of this they were never prosecuted.
Moral of the story: ignorance is a good excuse - if you
can get away with it.
What I thought was a decent friend of mine walked out on his
wife on the day of sale of his house - he filtched the proceeds.
He moved in with his ex girlfriend and her husband. His job - unemployed but studying in theological college (funded by his
wife, who sold/moved house just so that he could go to college!).
The other husbands reaction to the situation (his wife sharing
a bed with an ex in thier house) "It is gods will".
No, its the randy b*tard using god as an excuse to rip his long
suffering wife off and mess up someone elses marrage.
When the theological colleg found out they ignored the situation.
But when the press found out, the college kicked him out.
I understood that installing any software without express permission is illegal within the UK/EU? If true, and if every purchaser returned the CD, and then somehow managed to take the record shop to courts for the IT cleanup fees, record shops would be far more wary about invasive DRM. Jacqui