There's no special meaning to the number 42. He just liked the numbers (6, 9 and 42).
I remember a few years ago, I went to a Douglas Adams presentation/speech at the Ontario Science Centre. At the end, there was a question/answer period, and of course, that very subject came up.
The woman who asked the question framed it along the lines that "six by nine" is 54, which is not 42. She observed that 54 in base 13 is 42 (4*13 + 2) and wondered if there was any significance to this.
Douglas Adams paused for a second--his response was something like "You've apparently put much more thought into those numbers than I did. I just chose them because I thought they were neat numbers."
One interesting, and usefull, thing to do would be to intentionally put a harmless (say deleting a specific file that has almost no chance of existing like/usr/adfasdf.txt) peice of malicious code in one of the large open-source software packages such as Apache or Samba.
I agree--it would be an interesting experiment, but my gut feeling is that the "patch" would be quickly ferreted out and removed.
The reason I say this is because there are some die-hards who dig into every patch, just to figure out what they do. Suspicious-looking patches would quickly raise a red flag. Aside from obviously malicious code, this includes code which seems unnecessarily complex, incorrectly documented, or is intentionally obscured.
It's not foolproof--I suppose you could build up a backdoor through a series of well-planned innocuous patches, but frankly, I like the odds better with open source than when you don't even have the source to begin with.
Surely you are by definition inducing them "to perform an illegal action that they would not have otherwise performed." Otherwise, why did you bother with the honeypot?
I see your point. I'm not sure where you draw *that* line. Maybe there's a difference between encouraging an intruder to stay logged in, vs. encouraging him to break in in the first place? It's probably a good idea to involve law enforcement if you're looking to prosecute using evidence obtained from a honeypot system, so they can help you avoid entrapment.
Personally, I think you're OK if you don't make special efforts to bring intruders to your system. In other words, if you set one up, don't go and announce it on #scriptkiddies to draw visitors--that's probably entrapment.
If they find your system on their own, decide to break in (again, on their own), and then make obvious attempts to damage it (on their own), then your case is much stronger.
The one thing I'm not sure about is whether you can prosecute, if they only get into your honeypot. Even if somebody breaks in and tries to wipe it out, you might have a tough time proving actual damage--after all, you *probably* didn't have anything valuable on it to begin with.
Clifford Stoll wrote "The Cuckoo's Egg", which is based on a true story. If you're at all interested in computer security, I highly recommend it--he does a good job of writing for the average reader, while not dumbing it down too much for the rest of us:)
As far as I know (and I'm not a lawyer), you have to induce somebody to perform an illegal action that they would not have otherwise performed.
A well-planned sting operation is legal, but you have to set it up so that the suspect commits the illegal act on their own. An undercover cop posing as a drug dealer is fine, provided the customers initiate the deal of their own intent. Approaching a stranger, trying to get him to buy drugs, then arresting him when he does, is entrapment.
In the case of a honeypot, they've already decided to break into your system. The idea isn't so much to see what kind of damage they intended to do (though it that would probably support a case against them as far as showing malice). The idea behind a honeypot is to keep them busy long enough that you can log them, and maybe trace the attack back to the source.
The point is, that you don't have to reboot to switch between environments. VMWare lets you run Windows applications alongside your Linux applications. Rebooting just because you need to use a Windows application is a real time-waster, especially if you have to do it several times a day.
Sure, there's a performance penalty with VMWare, but it's not the resource hog you make it out to be. On my eMachine at home (96 megs, 333 "MHz" Cyrix M2), Win98 is quite usable under VMWare. Slower, sure, but not deadly-slow.
If I remember correctly, Warp 3.0 came with a PPP dialer, to allow you to access the internet. IBM's marketing machine pushed Warp 3.0 as "The totally cool way to surf the internet". The included browser (WebExplorer) was nothing to write home about, but at the time, it was passable. It might be in the BonusPak.
There is an OS/2 native port of Netscape Navigator available (and possibly Communicator?). I know Netscape worked under Warp Connect (Warp 3.0 + built-in LAN networking). I'm not sure if it works with the PPP dialer in Warp 3.0 (plain), or if you need to install any fixpacks. Give it a try though.
Head over to the Team OS/2 web site for more OS/2 tips and pointers. Surf some newsgroups.
Warp 4.0 is nice, if you can get your hands on it (eBay?). One nifty feature is an 'FTP Folder', where you could have an FTP site appear as a desktop folder.
I think it's along the lines of Linux on a UMSDOS partition, with a Windows icon to launch everything.
The free version of Be installs on your C: drive, reserving space for a filesystem image, and creating a pretty Windows icon.
When you start the free version of Be from your desktop, it pushes Windows out of the way, and takes over the operation of your computer (aka WinLinux). So, it's really not "running under" Windows.
BeOS is a full-fledged operating system, for PowerPC and Intel systems. The full-fledged version of BeOS boots natively, and has its own native filesystem.
I don't think Be is releasing their source anytime soon.
The package is called called 'ext2read', and appears to be based on an older package called 'ext2tools', which gave you read-only access to ext2 partitions from Windows 95. Based on the screenshots, it looks like an explorer-type interface to your linux filesystem. It should be enough to copy files from your ext2 partitions while in Windows.
Why is there no law against sending this crap to my house, taking up space in my mailbox, wasting my time just the same as electronic spam? Because the postal bulk mailer pays postage for the cost of the mailing. A spammer pays no postage, transferring the costs of delivering bulk mail to the ISP and eventually the customer
Costs? The mail has to be delivered somehow (bandwidth), and stored somewhere (mail server). This traffic wastes both storage and bandwidth, and forces the ISP to upgrade to higher capacity equipment than he would otherwise need. The ISP can't recover any of this expense from the spammer, so one way or another, the customer picks up the tab.
Some people pay per-minute charges for their ISP connection--even if they simply delete the spam after they download it, they've still paid for the time required to download the latest "Make Money Fast" mailing.
Actually, the CBM BASIC interpreter would store your program in a tokenized form, regardless of whether you entered 'G shift-O' or GOTO. Every BASIC command was represented by an integer token, and converted to text on the fly when you type 'LIST'. This was to save on memory (why store the text 'GOTO' when you can store a one-byte token to mean the same thing?) This may have even sped up the interpreter a little bit, by simplifying the run-time parser.
I remember some interesting one-liners where they used the short-forms liberally to squeeze more statements into one program line (limited to 80 characters total). When you listed the program, the lines would expand past 80 characters on the display, so you couldn't go back and edit them.
I remember another neat program called "list-me", which was a whole bunch of REM statements containing cursor control keystrokes and graphics. When you typed 'LIST', you'd get a short animation of a flying saucer destroying a city.
That is why I described hardlinks as two filenames pointing to the same inode (or substitute "starting FAT sector").
As a point of interest, the DOS implementation of FAT does not allow for safe hard links.
In Unix, every inode includes a reference counter, which identifies the number of directory entries pointing to it. There is no equivalent in the DOS FAT (I'd imagine this holds for FAT32 as well).
In Unix, if you delete a file that has multiple hardlinks, you basically delete the directory entry and decrement the reference count. Only when the reference count decreases to zero do you actually free up the disk space.
In DOS, the lack of a reference counter makes it tough to delete a hard-linked to a file without destroying the other hard links. A reference counter could probably be hacked in (a-la-VFAT long filenames), provided that you were willing to break existing disk utilities.
but I also believe in the rights of minors to be protected from such material.
Hiding this material from your child is not the best answer. You have to teach them to think and make the right decisions on their own. The world is not a perfect place, and you won't always be around to protect your child. Like it or not, one day your minor will be exposed to sex, drugs, and bomb plans. This stuff has been around long before the internet.
Instead of trying to shield your child from things like this, your energy is better spent raising "street-smart" children. That way, when they're faced with a choice between right and wrong, they'll be able to deal with it on their own, and do the right thing.
I'm not sure about other mail servers, but there's a patch available for qmail which implements SMTP tarpitting. The way it works, is that the SMTP server keeps track of the number of RCPT TO addresses entered by the spammer. After a predefined number (e.g. 10 or 15), the SMTP server delays its responses by sleeping for a few seconds first). This shouldn't affect most normal use, depending on what number you choose.
This slows the spammer down significantly, and has the appearance of a stalled connection--hopefully, causes the spammer to give up and move on.
I have no idea how it works in practice, but it sounds good on paper. It's far from bulletproof, but it sounds like it would help, without impacting legitimate mail traffic. Can anybody comment?
This might be getting off-topic...however, there are at least a few areas which you cannot access without paying a toll.
Sanibel Island (SW Florida) is connected to the mainland by a single toll bridge. Short of taking a boat, there is no way to get to Sanibel without paying the bridge toll.
Say there's someone at your work you don't like. Say they are happily married. Say they have a deeply religious family...[snip]...Wouldn't doubleclick's 'targeted marketing' then cause this person to receive all sorts of customized pornographic advertisement on their browser and in their mail?
Good thinking! Just be careful that it doesn't backfire somehow...I can see it now...
"Martha, this is the tenth pornographic banner ad I've seen tonight. The internet has way too much pornography on it. We must ban it, or make censorware mandatory...just think of the children!"
How is lowering your prices below your competitor's illegal? Intel (for the most part) isn't pressuring anyone. Aren't they bound to lower their prices to compete in a capitalist system? Aren't lower prices good for consumers?
Setting your prices below your competitor's price isn't illegal.
What's illegal is predatory pricing--when an existing monopoly responds to a new competitor by temporarily setting its prices artificially low, (e.g. below the cost of production).
In the short term, the monopolist intentionally loses money, but can live off its enormous cash reserves. In the long term, the monopolist would run out of money, but usually the new competitor is forced out, saddled with high R&D expenses and debt. Once the new competitor is gone from the market, the monopolist raises its price back to the original level.
The translation cache, along with the Code Morphing code, resides in a separate memory space that is inaccessible to x86 code.
It simply doesn't make sense to use the hard disk for the translation cache. Consider:
RAM access times are measured in nanoseconds and hard disks measured in milliseconds. It's magnitudes faster to simply re-morph code on the fly than use a disk based translation cache.
The Crusoe is designed to be embeddable in systems which don't even have hard disks (i.e. set-top boxes, Webpads, etc).
To maintain a hard-disk based code cache, the Crusoe would need to work with SCSI and IDE drives and understand partition tables and filesystems. Why build this complexity in at the CPU level, especially when you're aiming for a simple power-saving design?
I'm not sure that Win 3.1 ran slower on DR DOS (I've never heard of that being the problem).
The problem was that beta versions of Win 3.1 used encrypted and obfuscated code to determine whether the underlying OS was MS-DOS or another system (e.g. DR-DOS). If the system was running DR-DOS, Win 3.1 would display a very threatening warning message--one that would surely scare DR-DOS users into switching back to "safe" MS-DOS.
What's revealing about the 'AARD' code (used to "smoke out" a competitor's DOS) was that it had the following traits:
It was XOR encrypted, obfuscated, and self-modifying
It fiddled with the "single step" interrupt to defeat debuggers
It used an artificial and irrelevant test for DOS compatibility
I can think of no legitimate reason why they needed this code (and the fact that they went to such lengths to hide it is particulary revealing).
Though there may have been some problems with DR-DOS, in many ways it was superior to MS-DOS. It led in features, but trailed in market share. It may have eventually tanked anyways, but this smear attack by MS didn't help things much.
Dr. Dobb's Journal did an excellent analysis of the AARD code. You can find out more here.
To me, a true hack is when somebody figures out how to use hardware and software to do things it isn't supposed to be able to do.
I once found a C64 program in Compute's Gazette that could play audio casettes using the Datasette tape deck.
Somehow, the program was able sample the audio recording, and play it back through the SID chip. As you might expect, the sound was pretty scratchy and terrible, but the fact that it worked at all was pretty impressive.
I wish this *would* kill off South Park. I think it is a terrible show.
With all due respect, hoping that her death will kill off South Park is in poor taste.
I'm not saying we all need to outwardly mourn her passing. But, for you to see her death as a good thing because it could advance your personal cause, sounds a little selfish and cold-hearted to me.
There's a good article in Dr. Dobb's Journal about the code which tests whether Win 3.1 is running on MS-DOS/PC-DOS, or a competitive DOS. It makes for an interesting read.
The DOS-detection code in Win 3.1 (aka the "AARD" code), had the following interesting characteristics:
It tested an undocumented (and as far as I can tell irrelevant) DOS function that would only work properly in MS-DOS.
It was XOR Encrypted, to trip up any attempts to use a disassembler
Once decrypted, the code was self-modifying and obfuscated to make reverse-engineering difficult
It was written to disable a conventional single-step debugger, making it that much harder to trace through the code
Dr. Dobb's goes into much more technical depth than I did, but it's pretty clear that this was a deliberate effort by MS to hide the AARD code.
I would love to hear MS's spin on all of this...why did they feel such a need to hide an irrelevant check for a competitive DOS product?
Slashdot Mirror
...probably due to thunderstorms in the area.
There's no special meaning to the number 42. He just liked the numbers (6, 9 and 42).
I remember a few years ago, I went to a Douglas Adams presentation/speech at the Ontario Science Centre. At the end, there was a question/answer period, and of course, that very subject came up.
The woman who asked the question framed it along the lines that "six by nine" is 54, which is not 42. She observed that 54 in base 13 is 42 (4*13 + 2) and wondered if there was any significance to this.
Douglas Adams paused for a second--his response was something like "You've apparently put much more thought into those numbers than I did. I just chose them because I thought they were neat numbers."
One interesting, and usefull, thing to do would be to intentionally put a harmless (say deleting a specific file that has almost no chance of existing like /usr/adfasdf.txt) peice of malicious code in one of the large open-source software packages such as Apache or Samba.
I agree--it would be an interesting experiment, but my gut feeling is that the "patch" would be quickly ferreted out and removed.
The reason I say this is because there are some die-hards who dig into every patch, just to figure out what they do. Suspicious-looking patches would quickly raise a red flag. Aside from obviously malicious code, this includes code which seems unnecessarily complex, incorrectly documented, or is intentionally obscured.
It's not foolproof--I suppose you could build up a backdoor through a series of well-planned innocuous patches, but frankly, I like the odds better with open source than when you don't even have the source to begin with.
Surely you are by definition inducing them "to perform an illegal action that they would not have otherwise performed." Otherwise, why did you bother with the honeypot?
:)
I see your point. I'm not sure where you draw *that* line. Maybe there's a difference between encouraging an intruder to stay logged in, vs. encouraging him to break in in the first place? It's probably a good idea to involve law enforcement if you're looking to prosecute using evidence obtained from a honeypot system, so they can help you avoid entrapment.
Personally, I think you're OK if you don't make special efforts to bring intruders to your system. In other words, if you set one up, don't go and announce it on #scriptkiddies to draw visitors--that's probably entrapment.
If they find your system on their own, decide to break in (again, on their own), and then make obvious attempts to damage it (on their own), then your case is much stronger.
The one thing I'm not sure about is whether you can prosecute, if they only get into your honeypot. Even if somebody breaks in and tries to wipe it out, you might have a tough time proving actual damage--after all, you *probably* didn't have anything valuable on it to begin with.
Clifford Stoll wrote "The Cuckoo's Egg", which is based on a true story. If you're at all interested in computer security, I highly recommend it--he does a good job of writing for the average reader, while not dumbing it down too much for the rest of us
As far as I know (and I'm not a lawyer), you have to induce somebody to perform an illegal action that they would not have otherwise performed.
A well-planned sting operation is legal, but you have to set it up so that the suspect commits the illegal act on their own. An undercover cop posing as a drug dealer is fine, provided the customers initiate the deal of their own intent.
Approaching a stranger, trying to get him to buy drugs, then arresting him when he does, is entrapment.
In the case of a honeypot, they've already decided to break into your system. The idea isn't so much to see what kind of damage they intended to do (though it that would probably support a case against them as far as showing malice). The idea behind a honeypot is to keep them busy long enough that you can log them, and maybe trace the attack back to the source.
The point is, that you don't have to reboot to switch between environments. VMWare lets you run Windows applications alongside your Linux applications. Rebooting just because you need to use a Windows application is a real time-waster, especially if you have to do it several times a day.
Sure, there's a performance penalty with VMWare, but it's not the resource hog you make it out to be. On my eMachine at home (96 megs, 333 "MHz" Cyrix M2), Win98 is quite usable under VMWare. Slower, sure, but not deadly-slow.
If I remember correctly, Warp 3.0 came with a PPP dialer, to allow you to access the internet. IBM's marketing machine pushed Warp 3.0 as "The totally cool way to surf the internet". The included browser (WebExplorer) was nothing to write home about, but at the time, it was passable. It might be in the BonusPak.
There is an OS/2 native port of Netscape Navigator available (and possibly Communicator?). I know Netscape worked under Warp Connect (Warp 3.0 + built-in LAN networking). I'm not sure if it works with the PPP dialer in Warp 3.0 (plain), or if you need to install any fixpacks. Give it a try though.
Head over to the Team OS/2 web site for more OS/2 tips and pointers. Surf some newsgroups.
Warp 4.0 is nice, if you can get your hands on it (eBay?). One nifty feature is an 'FTP Folder', where you could have an FTP site appear as a desktop folder.
Anyway, good luck!
I think it's along the lines of Linux on a UMSDOS partition, with a Windows icon to launch everything.
The free version of Be installs on your C: drive, reserving space for a filesystem image, and creating a pretty Windows icon.
When you start the free version of Be from your desktop, it pushes Windows out of the way, and takes over the operation of your computer (aka WinLinux). So, it's really not "running under" Windows.
BeOS is a full-fledged operating system, for PowerPC and Intel systems. The full-fledged version of BeOS boots natively, and has its own native filesystem.
I don't think Be is releasing their source anytime soon.
Thispackage might be what you're looking for.
The package is called called 'ext2read', and appears to be based on an older package called 'ext2tools', which gave you read-only access to ext2 partitions from Windows 95. Based on the screenshots, it looks like an explorer-type interface to your linux filesystem. It should be enough to copy files from your ext2 partitions while in Windows.
Good luck!
Why is there no law against sending this crap to my house, taking up space in my mailbox, wasting my time just the same as electronic spam?
Because the postal bulk mailer pays postage for the cost of the mailing. A spammer pays no postage, transferring the costs of delivering bulk mail to the ISP and eventually the customer
Costs? The mail has to be delivered somehow (bandwidth), and stored somewhere (mail server). This traffic wastes both storage and bandwidth, and forces the ISP to upgrade to higher capacity equipment than he would otherwise need. The ISP can't recover any of this expense from the spammer, so one way or another, the customer picks up the tab.
Some people pay per-minute charges for their ISP connection--even if they simply delete the spam after they download it, they've still paid for the time required to download the latest "Make Money Fast" mailing.
Actually, the CBM BASIC interpreter would store your program in a tokenized form, regardless of whether you entered 'G shift-O' or GOTO. Every BASIC command was represented by an integer token, and converted to text on the fly when you type 'LIST'. This was to save on memory (why store the text 'GOTO' when you can store a one-byte token to mean the same thing?) This may have even sped up the interpreter a little bit, by simplifying the run-time parser.
I remember some interesting one-liners where they used the short-forms liberally to squeeze more statements into one program line (limited to 80 characters total). When you listed the program, the lines would expand past 80 characters on the display, so you couldn't go back and edit them.
I remember another neat program called "list-me", which was a whole bunch of REM statements containing cursor control keystrokes and graphics. When you typed 'LIST', you'd get a short animation of a flying saucer destroying a city.
That is why I described hardlinks as two filenames pointing to the same inode (or substitute "starting FAT sector").
As a point of interest, the DOS implementation of FAT does not allow for safe hard links.
In Unix, every inode includes a reference counter, which identifies the number of directory entries pointing to it. There is no equivalent in the DOS FAT (I'd imagine this holds for FAT32 as well).
In Unix, if you delete a file that has multiple hardlinks, you basically delete the directory entry and decrement the reference count. Only when the reference count decreases to zero do you actually free up the disk space.
In DOS, the lack of a reference counter makes it tough to delete a hard-linked to a file without destroying the other hard links. A reference counter could probably be hacked in (a-la-VFAT long filenames), provided that you were willing to break existing disk utilities.
but I also believe in the rights of minors to be protected from such material.
Hiding this material from your child is not the best answer. You have to teach them to think and make the right decisions on their own. The world is not a perfect place, and you won't always be around to protect your child. Like it or not, one day your minor will be exposed to sex, drugs, and bomb plans. This stuff has been around long before the internet.
Instead of trying to shield your child from things like this, your energy is better spent raising "street-smart" children. That way, when they're faced with a choice between right and wrong, they'll be able to deal with it on their own, and do the right thing.
I'm not sure about other mail servers, but there's a patch available for qmail which implements SMTP tarpitting.
The way it works, is that the SMTP server keeps track of the number of RCPT TO addresses entered by the spammer. After a predefined number (e.g. 10 or 15), the SMTP server delays its responses by sleeping for a few seconds first). This shouldn't affect most normal use, depending on what number you choose.
This slows the spammer down significantly, and has the appearance of a stalled connection--hopefully, causes the spammer to give up and move on.
I have no idea how it works in practice, but it sounds good on paper. It's far from bulletproof, but it sounds like it would help, without impacting legitimate mail traffic. Can anybody comment?
This might be getting off-topic...however, there are at least a few areas which you cannot access without paying a toll.
Sanibel Island (SW Florida) is connected to the mainland by a single toll bridge. Short of taking a boat, there is no way to get to Sanibel without paying the bridge toll.
"Martha, this is the tenth pornographic banner ad I've seen tonight. The internet has way too much pornography on it. We must ban it, or make censorware mandatory...just think of the children!"
How is lowering your prices below your competitor's illegal? Intel (for the most part) isn't pressuring anyone. Aren't they bound to lower their prices to compete in a capitalist system? Aren't lower prices good for consumers?
Setting your prices below your competitor's price isn't illegal.
What's illegal is predatory pricing--when an existing monopoly responds to a new competitor by temporarily setting its prices artificially low, (e.g. below the cost of production).
In the short term, the monopolist intentionally loses money, but can live off its enormous cash reserves. In the long term, the monopolist would run out of money, but usually the new competitor is forced out, saddled with high R&D expenses and debt. Once the new competitor is gone from the market, the monopolist raises its price back to the original level.
The Crusoe processor doesn't use the hard disk for its translated code cache.
From The Technology Behind the Cruesoe Processors: It simply doesn't make sense to use the hard disk for the translation cache. Consider:
The problem was that beta versions of Win 3.1 used encrypted and obfuscated code to determine whether the underlying OS was MS-DOS or another system (e.g. DR-DOS). If the system was running DR-DOS, Win 3.1 would display a very threatening warning message--one that would surely scare DR-DOS users into switching back to "safe" MS-DOS.
What's revealing about the 'AARD' code (used to "smoke out" a competitor's DOS) was that it had the following traits:
- It was XOR encrypted, obfuscated, and self-modifying
- It fiddled with the "single step" interrupt to defeat debuggers
- It used an artificial and irrelevant test for DOS compatibility
I can think of no legitimate reason why they needed this code (and the fact that they went to such lengths to hide it is particulary revealing).Though there may have been some problems with DR-DOS, in many ways it was superior to MS-DOS. It led in features, but trailed in market share. It may have eventually tanked anyways, but this smear attack by MS didn't help things much.
Dr. Dobb's Journal did an excellent analysis of the AARD code. You can find out more here.
Sadly, yes. 3Com/US Robotics makes a PC Card Winmodem. Beware...
To me, a true hack is when somebody figures out how to use hardware and software to do things it isn't supposed to be able to do.
I once found a C64 program in Compute's Gazette that could play audio casettes using the Datasette tape deck.
Somehow, the program was able sample the audio recording, and play it back through the SID chip. As you might expect, the sound was pretty scratchy and terrible, but the fact that it worked at all was pretty impressive.
I wish this *would* kill off South Park. I think it is a terrible show.
With all due respect, hoping that her death will kill off South Park is in poor taste.
I'm not saying we all need to outwardly mourn her passing. But, for you to see her death as a good thing because it could advance your personal cause, sounds a little selfish and cold-hearted to me.
The DOS-detection code in Win 3.1 (aka the "AARD" code), had the following interesting characteristics:
- It tested an undocumented (and as far as I can tell irrelevant) DOS function that would only work properly in MS-DOS.
- It was XOR Encrypted, to trip up any attempts to use a disassembler
- Once decrypted, the code was self-modifying and obfuscated to make reverse-engineering difficult
- It was written to disable a conventional single-step debugger, making it that much harder to trace through the code
Dr. Dobb's goes into much more technical depth than I did, but it's pretty clear that this was a deliberate effort by MS to hide the AARD code.I would love to hear MS's spin on all of this...why did they feel such a need to hide an irrelevant check for a competitive DOS product?