Mac OS and other unixes are just as vulnerable to malware and viruses as windows is. People falsely assume that because a virus is not root by default it cannot do any damage, this is totally wrong.
It is very easy to run a forkbomb (endless loop of opening new processes) in most default installed UNIXes, inlcuding Mac OS. This can bring a system to a halt, and can rerun every startup through.profile or other named startup scripts that are user modifible, making the system unusable.
Also remeber that the tradtional defintion of a virus is a program that endlessly replicates, The root/user system does NOTHING to prevent this, as a virus (unless quotas are set, witch by default are NOT) is free to fill up the hard disk that contains the users home directory, and hide them / deny you permission to those files as a regular user.
Further more, a mass-mailing worm is quite free to install to a users home directory and open a port above 1024 for its remote masters to connect to, and send spam out of. Simlarly this applies to pop-up software, keyloggers, things that can wipe out your home drive (and all your documents) etc..
The tradtional UNIX security system does NOTHING to prevent any of these things from happening. The total security of a Superuser/user system is a myth. None of these things take a particularly skilled programmer to implement, and can be quite damaging...
Hmm, upon greater scrutiny of the article, its turns out that the return on oil shale is inface 1:3.5, making it about x20 more expensive to produce then conventional drilled crude, Sound practicle to you?
The problem with oil shale is the same problem that the tar sands (http://en.wikipedia.org/wiki/Tar_sands) have, they require enormous amounts of energy to extract effectivly.
Where a conventional extraction of oil through drilling into the ground yeilds about a 1:80 energy ratio (1 barrel of oil worth of energy expended gets you 80 barrels of oil out of the ground) on average, the average energy ratio for tar sands is about 1:5 (or 16x less return). I do not imagine that the energy ratio for the extraction of oil from oil shale will be much better.
This poses the same fundamental problem that alternative energy supplies pose, the energy extracted vs the energy spent is MUCH lower then conventional oil drilledout of the ground, and even if such a system where today instantly implemented, where most of americas oil was from tar sands/oil shale, there would still be a MASSIVE jump in price, due to the expense of production.
If you need somewhere to start, and don't know any physics, try one of the free introductory physics books listed here. After that, if you want to try to bring yourself up to the level a book like the "road to reality" by Penrose is shooting for, try some of these:
Relativity Simply Explained by Martin Gardner
Black Holes and Time Warps: Einstein's Outrageous Legacy by Kip Thorne
Spacetime Physics by Taylor and Wheeler (special relativity, with a little more math)
Exploring Black Holes: Introduction to General Relativity by by Taylor and Wheeler (general relativity, with a little more math)
QED: The Strange Theory of Light and Matter by Richard Feynman
If you would take the time to read the article, you would notice that the games author had his website embeded inside the flash file (free advertising), and that it was not a large or even a particualrly stressful amount of bandwidth, but yet he chose to do something incredibly malicious back to them without even bothering to ask them to remove link. And the fact he take others content and does not give credit, but yet gets angry when the same is done to him is more than a little hypocrytical....
Hmmm thats not true... only when your on the internet, or on a network, or opening office documents, or running programs, or running screensavers, or accessing dis..... oh wait
"ABOUT THE AUTHOR: Jonathan A. Zdziarski has been fighting spam for eight years, and has spent a significant portion of the past two years working on the next generation spam filter DSPAM. His research in algorithmic theory and neural networking has led to the development of many new approaches in language classification, and he has played a key role in designing some popular algorithms in use today, including Message Inoculation, Bayesian Noise Reduction, and the first functional Neural Networking algorithm for spam filters. Zdziarski lectures widely on the topic of spam and was a speaker at the 2004 and 2005 MIT Spam Conference. "
As someone who just finished studying and reading the CERT guide for System Administration and Accreditation (yes, it was torture), I find that most system administrators do not know the principles within, or recklessly choose to disregard some of the most helpful ones. Many system administrators are seat-of-the-pants, self-taught individuals who learn along the way as issues come up, and sometimes miss some of the fine points of securing a system. A lot of admins push large upgrades on production systems, or use test systems still connected to the main network (the recent 60,000 computer fiasco reported in/. is a good example), don't practice isolation, choose their products on budget or because of a last minute need (although sometimes this is unavoidable), do not configure firewalls correctly, do not lock down their systems tightly, etc. Sometimes they do everything they should, but out of order. A lot of people don't realize the importance of order in bringing systems online. Many times, these are on critical systems or systems which contain confidential information. Customer information is put at risk, simply because the administrators do not know any better. A lot of companies hire admins who are actually unqualified, but who can do a "good enough" job because they don't understand what to look for in an admin. Not all admins are this way, but a suprising number of them are.
If admins out there honestly knew everything there was to know about security, and administer their system to the CERT guide specs, then I would be impressed. Because my experience in observing everything from large university systems, health care systems, tag agency (all-you-need-for-identity-theft-agencies, more appropriately) systems, corporate systems (credit card information and personal information), is that this simply isn't so. A lot of penetration testing reveals vulnerabilities in areas that are clearly stated in that CERT guide.
I've wished for something similar in the past. One solution that occurred to me would be to create an encrypted loopback filesystem under Linux. For those not familiar with this scheme, it essentially encapsulates a filesystem in a regular file and [en|de]crypts it at the kernel level.
One potential way to access this from Windows would be using Namespace Extensions. I believe this is the way that "special folders" such as Control Panel and Scheduled Tasks are integrated into the Explorer. It would seem to be straightforward for someone knowledgable in the area to create a Namespace Extension that could mount an encrypted loopback filesystem created in Linux.
Why should We listen to anything this man sais?
on
Ballmer on Innovation
·
· Score: 1
Ballmer also claimed linux is more expensive and slower then windows, with all his "mircosoft sponsored" independant studies, such as the one that ran Redhat Enterprise on problem causing hardware with the slowest possible configuration, while the ISS server got optimal settings and hardware with huge amounts of tweaks.
about $0.38 per share. Almost took out a loan. Friend talked me out of it. Rose to nearly $4.00 a short while later..
I would be inclined to buy some anyway today. Bishop has a keen eye on SGIs core market:
Technical computing
IRIX is very good for this, MIPS is holding it back though. Their efforts on Linux will pay off, in my opinion. Linux is reaching the point where it will be possible to build an IRIX like system. Heck, you can today --it is only going to get easier.
SGI is one of the few companies to make a deal with Microsoft while still around to tell about it. (Legal won't, but many SGI folks will, if you catch them in the right mood.)
If that deal hadn't been the death of their 320 / 540 series machines, we would have great Linux technical workstations right now. I am not saying you cannot get a nice Linux workstation, but the SGI plan combined their engineering with custom Linux tweaks that would have made for nice boxes.
320/540 machines could support up to about 800Mb texture memory in a UMA design. Heavy texture models perform best in this configuration, because of the low latency bandwidth it provides to the graphics sub-system.
The Linux drivers were shown at Siggraph '99, I think. Microsoft and SGI had a little tiff shortly after that. Farenheit project --it seemed at the time, win32 was poised to take over that market since it had already made quite a dent. Gates knew about all the UNIX code that had to be rewritten. Direct X got good, thanks to SGI, but not good enough to justify all that work porting to a closed, hard to administer, expensive to cluster system with little ability to script or perform multi-user.
SGI legal scuttled the Linux drivers over win32 contract terms involving the ARC boot loader. It seems Microsoft has an interest in this that prevented SGI from providing machines with choices other than win32, or something like that. (Could never get the entire story.)
The series was canned. Generic PC machines running tweaked nVidia hardware replaced them to keep existing customers trying to leverage Linux happy. Their hardware had considerable advantages over the general purpose PC, so it only made sense for SGI to move away from the whole thing.
Today we see the Altix series machines along with high end SGI hardware on the desktop. The Altix, and high-end IRIX hardware is well positioned, while IRIX struggles at the workstation level. Linux is capturing applications far better than IRIX ever did.
(Which shows just how hard they got fucked over the Microsoft deal.)
Recovering from that and other blunders has taken a while. The new products are hitting their targets nicely. It is tough for them now, being late in the game. An SGI Linux workstation likely will not happen right away because of this. (We would have had them in '01, otherwise.)
SGI systems engineering is top notch, I hope they continue to improve and continue to develop their high bandwidth, single image designs. (They are the best, if you want a single OS image instead of a cluster.)
As for Alias, the organization beats to a different drum. The Maya side of things has been handled well. Can't say the same for their Studio product. Still high priced and no Linux --yet.
Maya is a hit in the entertainment business for obvious reasons. Their other product, Studio struggles in a niche status. Good for high end product design and styling, but poor at more mainstream applications. Traditional MCAD packages continue to consume many new potential Studio sales, while also chipping away at the established base of users.
I would not count the Linux version of Maya out. Alias knows better than that. There is no way the Studios are going to be pried back to win32. Going down that road proved expensive and problematic. Linux is the perfect fit. Alias would not be where they are today without having done that port.
OSS lets them (the studios) keep control of their tools and development in house, exactly where
A very incomplete list off the top of my head
on
Longhorn Beta Begins
·
· Score: 2, Informative
* Replacement of Win32 with.NET, even explorer.exe is running as managed code in the leaked betas. I can't even begin to list the advantages of this..NET is great, and with Mono making great strides in the language specification, any language will be able to compile intermediate.NET code, and code from different languages will operate together without a care.
* Avalon--presentation system that is completely hardware-accelerated and vector-based. One video showed two Notepads rotating around while still completely usable at the same time a video played in Media Player. Old apps will be compatible.
* XAML and other technologies--I've said it before, but it was just such a cool example. During an MSDN video (freely available at the site), the dev used Win32 Emacs to write a 10-15 XAML app that let him update his blog, complete with resized vector graphics and a video of moving clouds looping on the background of the window, all using the command-line.NET compiler.
* WinFS will still exist. They're just cutting a few features that will probably be re-introduced in a service pack anyway. WinFS is incredibly exciting--one WinFS dev went to the command line and did a query for certain employees within the last week, and it came up in less than a second. No more brute-force searching. Also, no file drives. And yet, they're retaining folder and drive structures in case you want to operate that way.
* Aero--this is their top-secret interface yet to be unvieled. See, Longhorn has multiple tiers of visual operation. If you can't handle the effects, it scales back to a lesser tier, going all the way down to an unaccelerated 2D inteface like that of Windows 2000. Aero is the top tier and is supposed to be, according to them, "photorealistic" and will be a new interface for Windows taking advantage of 3D acceleration. They said they don't want to reveal any of it until release because they fear it will be ripped off by competitors (a fair judgment considering all the ripped-off Start menus and taskbars on standard Linux desktops...).
Collection agencies have absolutely NO teeth at all, they only thing they can do is send you scary looking letter and perhaps a few threatening phone calls.... But what are they gonna go send "Forget about it" sam's croneys over to break your kneecaps?
Slashdot Mirror
In related news..
:( )
Slashdot reports on its own editorial incompetence
(bye karma
Mac OS and other unixes are just as vulnerable to malware and viruses as windows is. People falsely assume that because a virus is not root by default it cannot do any damage, this is totally wrong.
.profile or other named startup scripts that are user modifible, making the system unusable.
It is very easy to run a forkbomb (endless loop of opening new processes) in most default installed UNIXes, inlcuding Mac OS. This can bring a system to a halt, and can rerun every startup through
Also remeber that the tradtional defintion of a virus is a program that endlessly replicates, The root/user system does NOTHING to prevent this, as a virus (unless quotas are set, witch by default are NOT) is free to fill up the hard disk that contains the users home directory, and hide them / deny you permission to those files as a regular user.
Further more, a mass-mailing worm is quite free to install to a users home directory and open a port above 1024 for its remote masters to connect to, and send spam out of. Simlarly this applies to pop-up software, keyloggers, things that can wipe out your home drive (and all your documents) etc..
The tradtional UNIX security system does NOTHING to prevent any of these things from happening. The total security of a Superuser/user system is a myth. None of these things take a particularly skilled programmer to implement, and can be quite damaging...
Ah but the real question is, Do they run linu...
oh damn...
Hmm, upon greater scrutiny of the article, its turns out that the return on oil shale is inface 1:3.5, making it about x20 more expensive to produce then conventional drilled crude, Sound practicle to you?
The problem with oil shale is the same problem that the tar sands (http://en.wikipedia.org/wiki/Tar_sands) have, they require enormous amounts of energy to extract effectivly.
Where a conventional extraction of oil through drilling into the ground yeilds about a 1:80 energy ratio (1 barrel of oil worth of energy expended gets you 80 barrels of oil out of the ground) on average, the average energy ratio for tar sands is about 1:5 (or 16x less return). I do not imagine that the energy ratio for the extraction of oil from oil shale will be much better.
This poses the same fundamental problem that alternative energy supplies pose, the energy extracted vs the energy spent is MUCH lower then conventional oil drilledout of the ground, and even if such a system where today instantly implemented, where most of americas oil was from tar sands/oil shale, there would still be a MASSIVE jump in price, due to the expense of production.
I for one would like to thank slashdot for this amazing, Multi-Dimentional report...
If you would take the time to read the article, you would notice that the games author had his website embeded inside the flash file (free advertising), and that it was not a large or even a particualrly stressful amount of bandwidth, but yet he chose to do something incredibly malicious back to them without even bothering to ask them to remove link. And the fact he take others content and does not give credit, but yet gets angry when the same is done to him is more than a little hypocrytical....
With the defectiveness of our company, we apologize the fact that very much annoyance was applied the customer and to the related everyone deeply.
:D
So its true what they say about the "Creative" process, its often linked to mental impairment
Hmmm thats not true... only when your on the internet, or on a network, or opening office documents, or running programs, or running screensavers, or accessing dis..... oh wait
From:
castlecops.com
"ABOUT THE AUTHOR:
Jonathan A. Zdziarski has been fighting spam for eight years, and has spent a significant portion of the past two years working on the next generation spam filter DSPAM. His research in algorithmic theory and neural networking has led to the development of many new approaches in language classification, and he has played a key role in designing some popular algorithms in use today, including Message Inoculation, Bayesian Noise Reduction, and the first functional Neural Networking algorithm for spam filters. Zdziarski lectures widely on the topic of spam and was a speaker at the 2004 and 2005 MIT Spam Conference.
"
As someone who just finished studying and reading the CERT guide for System Administration and Accreditation (yes, it was torture), I find that most system administrators do not know the principles within, or recklessly choose to disregard some of the most helpful ones. Many system administrators are seat-of-the-pants, self-taught individuals who learn along the way as issues come up, and sometimes miss some of the fine points of securing a system. A lot of admins push large upgrades on production systems, or use test systems still connected to the main network (the recent 60,000 computer fiasco reported in/. is a good example), don't practice isolation, choose their products on budget or because of a last minute need (although sometimes this is unavoidable), do not configure firewalls correctly, do not lock down their systems tightly, etc. Sometimes they do everything they should, but out of order. A lot of people don't realize the importance of order in bringing systems online. Many times, these are on critical systems or systems which contain confidential information. Customer information is put at risk, simply because the administrators do not know any better.
A lot of companies hire admins who are actually unqualified, but who can do a "good enough" job because they don't understand what to look for in an admin.
Not all admins are this way, but a suprising number of them are.
If admins out there honestly knew everything there was to know about security, and administer their system to the CERT guide specs, then I would be impressed. Because my experience in observing everything from large university systems, health care systems, tag agency (all-you-need-for-identity-theft-agencies, more appropriately) systems, corporate systems (credit card information and personal information), is that this simply isn't so.
A lot of penetration testing reveals vulnerabilities in areas that are clearly stated in that CERT guide.
I've wished for something similar in the past. One solution that occurred to me would be to create an encrypted loopback filesystem under Linux. For those not familiar with this scheme, it essentially encapsulates a filesystem in a regular file and [en|de]crypts it at the kernel level.
One potential way to access this from Windows would be using Namespace Extensions. I believe this is the way that "special folders" such as Control Panel and Scheduled Tasks are integrated into the Explorer. It would seem to be straightforward for someone knowledgable in the area to create a Namespace Extension that could mount an encrypted loopback filesystem created in Linux.
same dupe... same incorrect spin, and same lame posts pointing that out :/
Plus free of charge blocking of "unsavory sites", its a deal you cant loose on!
http://www.mirrordot.com/stories/d9dae7856a9ec0ea4 0d232fedb95c380/index.html
mirrordot.org article mirror, it seems this story is really blow out of porporation.....
You CANNOT tunnel NTP over SSH. NTP uses UDP
Completely untrue, newer versions of OpenSSH have a Socks 5 proxy built in that allows you to tunnel both TCP and UDP ports...
Hmm then wouldnt you have to have been wasting time surfing slashdot to FIND his post, and therefore guilty of the same crime...
*HEAD EXPLODES*
firRRRRRRRst poOOOst!!!!
This is a well written PDF that was very educational dealing with Zero Emission Power Using Solid Oxide Fuel Cells and Oxygen Transport Membranes
s /01/vision21/v211-5.PDF
http://www.netl.doe.gov/publications/proceeding
Ballmer also claimed linux is more expensive and slower then windows, with all his "mircosoft sponsored" independant studies, such as the one that ran Redhat Enterprise on problem causing hardware with the slowest possible configuration, while the ISS server got optimal settings and hardware with huge amounts of tweaks.
5 /0 5/07/0531210&tid=109&tid=106&tid=2/>
<URL:http://linux.slashdot.org/article.pl?sid=0
Honestly i dont even know why his quotes get posted here, all they are is hype and BS and a good old flamewar jumping off point...
about $0.38 per share. Almost took out a loan. Friend talked me out of it. Rose to nearly $4.00 a short while later..
I would be inclined to buy some anyway today. Bishop has a keen eye on SGIs core market:
Technical computing
IRIX is very good for this, MIPS is holding it back though. Their efforts on Linux will pay off, in my opinion. Linux is reaching the point where it will be possible to build an IRIX like system. Heck, you can today --it is only going to get easier.
SGI is one of the few companies to make a deal with Microsoft while still around to tell about it. (Legal won't, but many SGI folks will, if you catch them in the right mood.)
If that deal hadn't been the death of their 320 / 540 series machines, we would have great Linux technical workstations right now. I am not saying you cannot get a nice Linux workstation, but the SGI plan combined their engineering with custom Linux tweaks that would have made for nice boxes.
320/540 machines could support up to about 800Mb texture memory in a UMA design. Heavy texture models perform best in this configuration, because of the low latency bandwidth it provides to the graphics sub-system.
The Linux drivers were shown at Siggraph '99, I think. Microsoft and SGI had a little tiff shortly after that. Farenheit project --it seemed at the time, win32 was poised to take over that market since it had already made quite a dent. Gates knew about all the UNIX code that had to be rewritten. Direct X got good, thanks to SGI, but not good enough to justify all that work porting to a closed, hard to administer, expensive to cluster system with little ability to script or perform multi-user.
SGI legal scuttled the Linux drivers over win32 contract terms involving the ARC boot loader. It seems Microsoft has an interest in this that prevented SGI from providing machines with choices other than win32, or something like that. (Could never get the entire story.)
The series was canned. Generic PC machines running tweaked nVidia hardware replaced them to keep existing customers trying to leverage Linux happy. Their hardware had considerable advantages over the general purpose PC, so it only made sense for SGI to move away from the whole thing.
Today we see the Altix series machines along with high end SGI hardware on the desktop. The Altix, and high-end IRIX hardware is well positioned, while IRIX struggles at the workstation level. Linux is capturing applications far better than IRIX ever did.
(Which shows just how hard they got fucked over the Microsoft deal.)
Recovering from that and other blunders has taken a while. The new products are hitting their targets nicely. It is tough for them now, being late in the game. An SGI Linux workstation likely will not happen right away because of this. (We would have had them in '01, otherwise.)
SGI systems engineering is top notch, I hope they continue to improve and continue to develop their high bandwidth, single image designs. (They are the best, if you want a single OS image instead of a cluster.)
As for Alias, the organization beats to a different drum. The Maya side of things has been handled well. Can't say the same for their Studio product. Still high priced and no Linux --yet.
Maya is a hit in the entertainment business for obvious reasons. Their other product, Studio struggles in a niche status. Good for high end product design and styling, but poor at more mainstream applications. Traditional MCAD packages continue to consume many new potential Studio sales, while also chipping away at the established base of users.
I would not count the Linux version of Maya out. Alias knows better than that. There is no way the Studios are going to be pried back to win32. Going down that road proved expensive and problematic. Linux is the perfect fit. Alias would not be where they are today without having done that port.
OSS lets them (the studios) keep control of their tools and development in house, exactly where
* Replacement of Win32 with.NET, even explorer.exe is running as managed code in the leaked betas. I can't even begin to list the advantages of this..NET is great, and with Mono making great strides in the language specification, any language will be able to compile intermediate.NET code, and code from different languages will operate together without a care. * Avalon--presentation system that is completely hardware-accelerated and vector-based. One video showed two Notepads rotating around while still completely usable at the same time a video played in Media Player. Old apps will be compatible. * XAML and other technologies--I've said it before, but it was just such a cool example. During an MSDN video (freely available at the site), the dev used Win32 Emacs to write a 10-15 XAML app that let him update his blog, complete with resized vector graphics and a video of moving clouds looping on the background of the window, all using the command-line.NET compiler. * WinFS will still exist. They're just cutting a few features that will probably be re-introduced in a service pack anyway. WinFS is incredibly exciting--one WinFS dev went to the command line and did a query for certain employees within the last week, and it came up in less than a second. No more brute-force searching. Also, no file drives. And yet, they're retaining folder and drive structures in case you want to operate that way. * Aero--this is their top-secret interface yet to be unvieled. See, Longhorn has multiple tiers of visual operation. If you can't handle the effects, it scales back to a lesser tier, going all the way down to an unaccelerated 2D inteface like that of Windows 2000. Aero is the top tier and is supposed to be, according to them, "photorealistic" and will be a new interface for Windows taking advantage of 3D acceleration. They said they don't want to reveal any of it until release because they fear it will be ripped off by competitors (a fair judgment considering all the ripped-off Start menus and taskbars on standard Linux desktops...).
Collection agencies have absolutely NO teeth at all, they only thing they can do is send you scary looking letter and perhaps a few threatening phone calls.... But what are they gonna go send "Forget about it" sam's croneys over to break your kneecaps?
Database maintains YOU!