It's not as if Windows users never run malicious software while logged in with Admin rights. And it's not as if things like the Starforce copy protection or other forms of supposedly benign software doesn't screw around with protection levels, either...
I agree with GP. If something is a real risk to computer security, it is generally hacked within the first six months of popularity.
True, but this isn't actually the worst problem.:-) Things which are real risks to computer security not only get hacked once when they first become popular, they continue to be hacked over the years as new vulnerabilities are found.
What is it with the anti-javascript/flash attitude here?
The majority of ads, especially obnoxious interstitial and animated ads, use Flash and/or JavaScript. No thanks.
surely, nine outta ten times, the benefits outweigh the risks.
Interesting, my assessment of the risk to benefit ratio is completely opposite. But then, I'm a sysadmin who is responsible for security at several organizations, and I've spent too much time cleaning up infected machines at client sites to have any illusions about the nature of the risks.
And here I'd always thought the "shadow copies" functionality was because Windows doesn't like to let you backup, modify, or overwrite files which are in use short of rebooting...?
B) Without GNU licensed code, BSD's are hugely crippled. For one reason: glibc. Not to mention they don't have gcc either, which is another big handicap. Delete your GNU licensed libraries from your favourite BSD and see how far you can go...
Oddly enough, FreeBSD, NetBSD, OpenBSD, Darwin/MacOS X, and so forth use their own libc which is not glibc. The GPL-licensed library which is most commonly used on the BSD platforms is probably libreadline.
> And no, icc cannot reliably compile a runnable kernel.
Actually, people got icc to build the FreeBSD kernel back in 2003, albeit with some known issues back then which have since been resolved, from what I've heard on the mailing lists. See http://kerneltrap.org/node/974:
Since I ported icc to FreeBSD I wanted to build FreeBSD with icc. Now with icc 7.1 (and some patches) it is possible. There are still some bugs, e.g. NFS doesn't work with an icc compiled kernel, IP seems to be fragile, and some advanced optimizations trigger an ICE (Intel is working on it). At the moment I'm waiting for our admins to install icc on the FreeBSD cluster (we got a commercial license from Intel, so we are allowed to distribute binaries which are compiled with icc), after that I will try to convince some people with more knowledge of the IP and NFS parts of the kernel to debug the remaining problems. When the icc compiled kernel seems to work mostly bugfree the userland will get the porting focus. Interested people may try to do a build of the ports tree with icc independently from the status of the porting of the userland... if this happens at the FreeBSD cluster, we would also be allowed to distribute the binaries.
Benefits include: another set of compiler errors (debugging help), more portable source, and code which is better optimized for a P4 (gcc has some drawbacks in this area)
Generally by a platform-specific compiler, such as Intel's icc, Sun's SPARC-specific acc, and so forth. It's worth noting that the BSD's make an effort to support using other compilers because it improves the portability of the code and may generate different warnings.
Going further back in time, BSD 4.3-reno came with the PCC compiler...
Things moving in empty space come as close to perpetual motion as you're likely to get. However, the orbits of the planets are probably decreasing slightly over time due to the minor friction of the solar wind and mutual gravitational interactions with the other planets (especially Jupiter).
Also, tidal distortions have an effect which slows the rotation of planets down, especially if they have a relatively big moon orbitting them, until the rotational period and the orbital period match. For example, the moon always presents the same side towards the Earth because of tidal locking, and the Earth probably had about an 18-hour day some billion years ago, and will probably have a 30+ hour day in another billion years
That's a good question, but yeah, basicly, to an astronomer, a "single" structure is a group of objects that are gravitationally bound such that they "stay together" when observed over long periods of time.
One of the major activities of astronomy is to try to observe things long enough to understand their normal fluctuations-- based on the earth's rotation and revolution around the Sun, observations made 6 months apart give one a 2AU baseline to look for parallax, which can provide relatively exact position measurements for the nearby stars. Once you know that and can model what you're looking at, you can then look for variations via tools like doppler spectography which indicate the presence of planets or things like white or brown dwarfs too small to be seen directly. As well as rarer objects like Cygnus X1, MGG 11 & M82 X-1, etc...
Shouldn't the large regions of gas (they say some bigger than the Andromeda Galaxy in dimensions) collapse under gravity and make stars, galaxies, other things? Unless I guess the gas is super hot and full of energy already.
Sure-- that's just what most astronomers expect happened. Remember that when we look really far away, we're also looking really far back in time, back far enough that we're starting to be able to see somethings about the universe before many of the galaxies which exist today existed.
The big questions are about things like how uniform was the distribution of the initial gas, when star formation first started happening what kind of stars appeared, and whether the first stars did interesting things like blow up in nova/supernova-type events, or become giant black holes like many galaxies seem to have, and what that would mean for the clouds of gas and the galaxies being formed from it, etc.
If you hunt down the actual article, they've also been able to see huge formations of gas from which the galaxies formed (presumably), so the structure includes more than just close-packed galaxies:
"A team of astronomers using the Subaru and Keck telescopes on Mauna Kea has discovered giant, three-dimensional filaments of galaxies extending across 200 million light-years of space. These filaments, which formed a mere 2 billion years after the birth of the universe, are the largest-known structures ever discovered. They are studded with more than 30 large concentrations of gas, each up to ten times as massive as our own galaxy. These giant gas clouds are probably the progenitors of the most massive galaxies that exist in the universe today. [... ] The Subaru observations were successful in finding much fainter objects than previously discovered in this region. (Figure 4) For example, they found 33 new large concentrations of gas along the filamentary structure extending across 100,000 light-years. This is the first time that so many large concentrations of gas, known to astronomers as Lyman alpha blobs, have been discovered in the distant universe.
Astronomers think that such Lyman alpha blobs, named so since they are seen in the Lyman alpha emission line of hydrogen, are probably related to the births of the largest galaxies. In the "gravitational heating" model, the blobs are regions where gas is collapsing under its own gravity to form a galaxy. The "photoionization" model attributes emission from the gas to ionization by ultraviolet light from newborn stars or a massive black hole. The "shock heating" or "galactic superwind" model hypothesizes that the glow of the gas is caused by the death of many massive stars born early in the history of the universe, living out short lives, and then dying in supernova explosions that blow out surrounding gas. Team members Yoshiaki Taniguchi and Yasuhiro Shioya (Ehime University) have been advocating for the galactic superwind model.
Observations with the DEIMOS spectrograph at the Keck II telescope revealed that the gas inside the blobs move with speeds greater that 500 kilometers per second (300 miles per second). The extent of the gas concentrations and the speed of the material within them suggest that these regions must be up to ten times as massive as the Milky Way Galaxy."
PS: The "galactic superwind" theory gets my vote for the coolest theory name!
Last time I checked, nothing is requiring people to use Open Source software at all, much less OSS which is in alpha. If you choose to use OSS, that's exactly what's going on-- your choice-- and it's obviously possible to use production-quality OSS like Apache or Firefox/T'bird. Just what do you think Slashdot runs on, hmm?
Most of the metals that are shiney stay that way because they don't oxidize, ie, they are not very chemically reactive even when exposed to air and water (or the skin oils and salty sweat from being handled by people), which means they make really good jewelery, coinage, wire, and so forth which tend to last a long time.
Metals like gold, platinum, and silver are exceptionally unreactive compared to something like copper or bronze or iron or zinc. This is why a silver dollar or a gold coin that may be fifty or more years old is often in better shape than a decade-old penny or dime.
I actually had that LP way back, and since I still have fond memories of it twenty years later (well, and of the original Star Wars, too, obviously), excellent reference...
Its called a "honeynet" or "teergrube"...they work pretty well, although you're using publicly routable IPs in order to set up your spamtraps. Set one up as your secondary MX...
Sure there have been bugs which have lead to auto-execution via vectors such as Outlook, but those bugs have been fixed.
All of them? Are you sure about that?
Frankly, I would expect that pigs flying overhead would be more likely to happen than for all of the bugs in something as complex and poorly written as Outlook to be fixed. Given sufficient energy, it's actually physically possible for you to launch a pig airborne, but getting software to work correctly involves more than just adding people and resources and getting management to push real hard.
Would you care to make a bet as to whether there will be another security patch for Outlook or OE released before 2006 ends...?:-)
The real question is, how do any of us know that we're not already infected by a super-devious rootkit that no AV apps recognize?
This is an excellent question. Mostly, you notice a well-hidden rootkit by using tcpdump on some other machine to sniff all of the traffic from the suspect machine [1], and then concentrate on stuff that's not local to your subnet.
If you don't have a user on the machine running a chat program, seeing traffic to or from the IRC port, 6667, tends to be a very common sign that the machine is giving or receiving orders as part of a botnet. Forcing the machine to do all web access via a proxy and then checking the proxy logs after a day or two also tends to be revealing.
[1]: This should be done where both machines are connected on the same hub, or perhaps using the "monitor" or "span" port that newer intelligent switches have for diagnostic testing.
Yep, or at least that's the hope. In practice, when a machine gets infected by viruses today, the malware tends to disable the virus scanner and/or play games with DNS/hostname lookups to prevent it from grabbing new virus patterns.
However, if the machine still kinda works and the user can still do random surfing-- which is especially easy for them to do if they're being shown a lot more pop-up ads for some odd reason, hmm?-- a suprising number of computer users DON'T CARE that their machine is infected by a keylogger or whatnot, or that ignoring one infected machine on a network tends to lead to lots of infected machines on the network and compromised user passwords which might well work elsewhere, too.
Does anybody know if rootkits can be detected if I reboot Windows in "safe mode"?
Reliably? No. If you've got a system which has been infected with a rootkit, you'll need to boot from another known-good disk, CD, or floppy and do a scan of the hard drive to be sure that you can find it. However, some rootkit scanners bypass the normal filesystem & file-I/O interfaces to read from the disk directly and can notice rootkits which are otherwise invisible to the compromised system's kernel.
For an example, see the Register:
"Sony-BMG's rootkit DRM technology masks files whose filenames start with "$sys$". A newly-discovered variant of of the Breplibot Trojan takes advantage of this to drop the file "$sys$drv.exe" in the Windows system directory."
Angband was fun to program and play because it had one of the largest ranges of distinct attack types for the various monsters or item/spell effects, and you could obtain resistences against these via the unique artifacts, but Omega and Nethack were similar, although the "monster memory" in Moria & Angband made it possible for your character to learn what attacks a monster would make, and what the monster was vulnerable to as you tried different things.
Ah, the mighty NCSA webserver, from which the Apache project forked ("a bunch of patches" -> "apache":-).
Depending on just what feature you want to consider-- SSI's, cgi-bin execution, preforking servers which stick around to handle many requests (FastCGI, WebObjects, and the design of "normal" preforking HTTP servers themselves), integrated modules which can run stuff (mod_perl, mod_cgi, WebRex)--...either late 1994 or or 1995 would be the right timeframe.
Actually, the real prior art is "WebRex", written initially by Linus Upson, who also was one of the authors of EOF.
Steve Jobs wasn't initially interested in web-based stuff, so Linus left NeXT and joined ITS with Ted Shelton, Drew Treiger, and me who finished up Linus' demo into a saleable product. Then Steve changed his mind, and decided to reimplement Linus' ideas as WebObjects 1.0-- very bad things happened with regard to EOF licensing (which went from $699 or $750 or so per licensed copy to $25,000)...and poof when ITS' market, since WebRex depended on EOF to do the app-to-database layer.
Still, every so often, some patent troll tries to sue Apache or JBoss or Tomcat or some other likely target, but, since WebRex dates back to late 1994 for development and Apr 1995 or so as a publicly available product, it predates all of the claims that I'm aware of.
Slashdot Mirror
It's not as if Windows users never run malicious software while logged in with Admin rights. And it's not as if things like the Starforce copy protection or other forms of supposedly benign software doesn't screw around with protection levels, either...
True, but this isn't actually the worst problem. :-) Things which are real risks to computer security not only get hacked once when they first become popular, they continue to be hacked over the years as new vulnerabilities are found.
The majority of ads, especially obnoxious interstitial and animated ads, use Flash and/or JavaScript. No thanks.
surely, nine outta ten times, the benefits outweigh the risks.
Interesting, my assessment of the risk to benefit ratio is completely opposite. But then, I'm a sysadmin who is responsible for security at several organizations, and I've spent too much time cleaning up infected machines at client sites to have any illusions about the nature of the risks.
Google bans sites which return different results for normal user-agents and for the Google search-bot.
And here I'd always thought the "shadow copies" functionality was because Windows doesn't like to let you backup, modify, or overwrite files which are in use short of rebooting...?
Oddly enough, FreeBSD, NetBSD, OpenBSD, Darwin/MacOS X, and so forth use their own libc which is not glibc. The GPL-licensed library which is most commonly used on the BSD platforms is probably libreadline.
> And no, icc cannot reliably compile a runnable kernel.
Actually, people got icc to build the FreeBSD kernel back in 2003, albeit with some known issues back then which have since been resolved, from what I've heard on the mailing lists. See http://kerneltrap.org/node/974:
Compile FreeBSD with Intels C compiler (icc)
URL: http://www.leidinger.net/FreeBSD/
Contact: Alexander Leidinger [email blocked]
Since I ported icc to FreeBSD I wanted to build FreeBSD with icc. Now
with icc 7.1 (and some patches) it is possible. There are still some
bugs, e.g. NFS doesn't work with an icc compiled kernel, IP seems to
be fragile, and some advanced optimizations trigger an ICE (Intel is
working on it). At the moment I'm waiting for our admins to install
icc on the FreeBSD cluster (we got a commercial license from Intel, so
we are allowed to distribute binaries which are compiled with icc),
after that I will try to convince some people with more knowledge of
the IP and NFS parts of the kernel to debug the remaining problems.
When the icc compiled kernel seems to work mostly bugfree the userland
will get the porting focus. Interested people may try to do a build of
the ports tree with icc independently from the status of the porting
of the userland... if this happens at the FreeBSD cluster, we would
also be allowed to distribute the binaries.
Benefits include: another set of compiler errors (debugging help),
more portable source, and code which is better optimized for a P4 (gcc
has some drawbacks in this area)
You're wrong, see PCC:
...which apparently is under a BSD license.
http://en.wikipedia.org/wiki/Portable_C_Compiler
Generally by a platform-specific compiler, such as Intel's icc, Sun's SPARC-specific acc, and so forth. It's worth noting that the BSD's make an effort to support using other compilers because it improves the portability of the code and may generate different warnings.
Going further back in time, BSD 4.3-reno came with the PCC compiler...
Things moving in empty space come as close to perpetual motion as you're likely to get. However, the orbits of the planets are probably decreasing slightly over time due to the minor friction of the solar wind and mutual gravitational interactions with the other planets (especially Jupiter).
Also, tidal distortions have an effect which slows the rotation of planets down, especially if they have a relatively big moon orbitting them, until the rotational period and the orbital period match. For example, the moon always presents the same side towards the Earth because of tidal locking, and the Earth probably had about an 18-hour day some billion years ago, and will probably have a 30+ hour day in another billion years
That's a good question, but yeah, basicly, to an astronomer, a "single" structure is a group of objects that are gravitationally bound such that they "stay together" when observed over long periods of time.
One of the major activities of astronomy is to try to observe things long enough to understand their normal fluctuations-- based on the earth's rotation and revolution around the Sun, observations made 6 months apart give one a 2AU baseline to look for parallax, which can provide relatively exact position measurements for the nearby stars. Once you know that and can model what you're looking at, you can then look for variations via tools like doppler spectography which indicate the presence of planets or things like white or brown dwarfs too small to be seen directly. As well as rarer objects like Cygnus X1, MGG 11 & M82 X-1, etc...
Sure-- that's just what most astronomers expect happened. Remember that when we look really far away, we're also looking really far back in time, back far enough that we're starting to be able to see somethings about the universe before many of the galaxies which exist today existed.
The big questions are about things like how uniform was the distribution of the initial gas, when star formation first started happening what kind of stars appeared, and whether the first stars did interesting things like blow up in nova/supernova-type events, or become giant black holes like many galaxies seem to have, and what that would mean for the clouds of gas and the galaxies being formed from it, etc.
If you hunt down the actual article, they've also been able to see huge formations of gas from which the galaxies formed (presumably), so the structure includes more than just close-packed galaxies:
... ]
"A team of astronomers using the Subaru and Keck telescopes on Mauna Kea has discovered giant, three-dimensional filaments of galaxies extending across 200 million light-years of space. These filaments, which formed a mere 2 billion years after the birth of the universe, are the largest-known structures ever discovered. They are studded with more than 30 large concentrations of gas, each up to ten times as massive as our own galaxy. These giant gas clouds are probably the progenitors of the most massive galaxies that exist in the universe today.
[
The Subaru observations were successful in finding much fainter objects than previously discovered in this region. (Figure 4) For example, they found 33 new large concentrations of gas along the filamentary structure extending across 100,000 light-years. This is the first time that so many large concentrations of gas, known to astronomers as Lyman alpha blobs, have been discovered in the distant universe.
Astronomers think that such Lyman alpha blobs, named so since they are seen in the Lyman alpha emission line of hydrogen, are probably related to the births of the largest galaxies. In the "gravitational heating" model, the blobs are regions where gas is collapsing under its own gravity to form a galaxy. The "photoionization" model attributes emission from the gas to ionization by ultraviolet light from newborn stars or a massive black hole. The "shock heating" or "galactic superwind" model hypothesizes that the glow of the gas is caused by the death of many massive stars born early in the history of the universe, living out short lives, and then dying in supernova explosions that blow out surrounding gas. Team members Yoshiaki Taniguchi and Yasuhiro Shioya (Ehime University) have been advocating for the galactic superwind model.
Observations with the DEIMOS spectrograph at the Keck II telescope revealed that the gas inside the blobs move with speeds greater that 500 kilometers per second (300 miles per second). The extent of the gas concentrations and the speed of the material within them suggest that these regions must be up to ten times as massive as the Milky Way Galaxy."
PS: The "galactic superwind" theory gets my vote for the coolest theory name!
"All users"? Really?
Last time I checked, nothing is requiring people to use Open Source software at all, much less OSS which is in alpha. If you choose to use OSS, that's exactly what's going on-- your choice-- and it's obviously possible to use production-quality OSS like Apache or Firefox/T'bird. Just what do you think Slashdot runs on, hmm?
Most of the metals that are shiney stay that way because they don't oxidize, ie, they are not very chemically reactive even when exposed to air and water (or the skin oils and salty sweat from being handled by people), which means they make really good jewelery, coinage, wire, and so forth which tend to last a long time.
Metals like gold, platinum, and silver are exceptionally unreactive compared to something like copper or bronze or iron or zinc. This is why a silver dollar or a gold coin that may be fifty or more years old is often in better shape than a decade-old penny or dime.
I actually had that LP way back, and since I still have fond memories of it twenty years later (well, and of the original Star Wars, too, obviously), excellent reference...
Its called a "honeynet" or "teergrube"...they work pretty well, although you're using publicly routable IPs in order to set up your spamtraps. Set one up as your secondary MX...
All of them? Are you sure about that?
Frankly, I would expect that pigs flying overhead would be more likely to happen than for all of the bugs in something as complex and poorly written as Outlook to be fixed. Given sufficient energy, it's actually physically possible for you to launch a pig airborne, but getting software to work correctly involves more than just adding people and resources and getting management to push real hard.
Would you care to make a bet as to whether there will be another security patch for Outlook or OE released before 2006 ends...? :-)
This is an excellent question. Mostly, you notice a well-hidden rootkit by using tcpdump on some other machine to sniff all of the traffic from the suspect machine [1], and then concentrate on stuff that's not local to your subnet.
If you don't have a user on the machine running a chat program, seeing traffic to or from the IRC port, 6667, tends to be a very common sign that the machine is giving or receiving orders as part of a botnet. Forcing the machine to do all web access via a proxy and then checking the proxy logs after a day or two also tends to be revealing.
[1]: This should be done where both machines are connected on the same hub, or perhaps using the "monitor" or "span" port that newer intelligent switches have for diagnostic testing.
Yep, or at least that's the hope. In practice, when a machine gets infected by viruses today, the malware tends to disable the virus scanner and/or play games with DNS/hostname lookups to prevent it from grabbing new virus patterns.
However, if the machine still kinda works and the user can still do random surfing-- which is especially easy for them to do if they're being shown a lot more pop-up ads for some odd reason, hmm?-- a suprising number of computer users DON'T CARE that their machine is infected by a keylogger or whatnot, or that ignoring one infected machine on a network tends to lead to lots of infected machines on the network and compromised user passwords which might well work elsewhere, too.
Reliably? No. If you've got a system which has been infected with a rootkit, you'll need to boot from another known-good disk, CD, or floppy and do a scan of the hard drive to be sure that you can find it. However, some rootkit scanners bypass the normal filesystem & file-I/O interfaces to read from the disk directly and can notice rootkits which are otherwise invisible to the compromised system's kernel.
For an example, see the Register:
"Sony-BMG's rootkit DRM technology masks files whose filenames start with "$sys$". A newly-discovered variant of of the Breplibot Trojan takes advantage of this to drop the file "$sys$drv.exe" in the Windows system directory."
http://www.theregister.co.uk/2005/11/10/sony_drm_t rojan/
Angband was fun to program and play because it had one of the largest ranges of distinct attack types for the various monsters or item/spell effects, and you could obtain resistences against these via the unique artifacts, but Omega and Nethack were similar, although the "monster memory" in Moria & Angband made it possible for your character to learn what attacks a monster would make, and what the monster was vulnerable to as you tried different things.
Ah, the mighty NCSA webserver, from which the Apache project forked ("a bunch of patches" -> "apache" :-).
...either late 1994 or or 1995 would be the right timeframe.
Depending on just what feature you want to consider-- SSI's, cgi-bin execution, preforking servers which stick around to handle many requests (FastCGI, WebObjects, and the design of "normal" preforking HTTP servers themselves), integrated modules which can run stuff (mod_perl, mod_cgi, WebRex)--
Actually, the real prior art is "WebRex", written initially by Linus Upson, who also was one of the authors of EOF.
Steve Jobs wasn't initially interested in web-based stuff, so Linus left NeXT and joined ITS with Ted Shelton, Drew Treiger, and me who finished up Linus' demo into a saleable product. Then Steve changed his mind, and decided to reimplement Linus' ideas as WebObjects 1.0-- very bad things happened with regard to EOF licensing (which went from $699 or $750 or so per licensed copy to $25,000)...and poof when ITS' market, since WebRex depended on EOF to do the app-to-database layer.
Still, every so often, some patent troll tries to sue Apache or JBoss or Tomcat or some other likely target, but, since WebRex dates back to late 1994 for development and Apr 1995 or so as a publicly available product, it predates all of the claims that I'm aware of.
"So long as they go up, who cares where they go down."
-- Werner von Braun (paraphrased by Tom Lehrer)