I am talking about a position pushed strongly by the religious right, which consists of the strongest supporters of W. I work at UCSF, and have friends who are packing their bags and moving to Cambridge England to be able to continue their research.
Religion has a long history of stepping in the face of science with supposedly noble intentions. Galileo, named by Einstein as the father of the modern experimental method, died under house arrest because he wrote a treatise on the sun centered solar system. The Pope disagreed.
In short, politically powerful religious minorities are driving very intelligent scientists to Europe. In the past very intelligent scientists were driven to the US from Europe to escape political persecution (some of it religious based, some of it race based).
A strong faction of the founding fathers of the US left Europe specifically to escape religious based persecution. Now the tide is flowing the other direction, and it is really dumb. Stem cell findings will be made and will benefit humanity. The ultimate irony will be when Dubya gets Alzheimers or Parkinson's disease in a few more decades and has to go to Europe to receive efficacious treatment.
... that people wishing to perform research on stem cell lines are leaving the United States to go to Great Britain - basically to avoid the influence of religious based persecution ??
Um, how can ext[23] catch up on speed with the addition of Tux2 filesystem?
In many ways Tux2 is an add-on to ext2 to add
1) A hash function which is analogous to a B-tree for directory searches. This is currently a big speed hit for ext2 for directories with lots of small files.
2) Atomic updating of file system writes. This will make the file system power-button resistant without adding a journal. This is a feature already present in FFS + Soft Updates in FreeBSD.
The atomic updating algorithm will make the file system faster than any journalled file system, ceteris paribus. But Tux2 will also be an add-on to existing ext[23] file systems, and will inherit most of its code base from them. Similarly, the upgrade path will not require a backup and re-creation of the file system. At least, this is according to statements made by its coder, Phillips.
Yes, I admit I skipped over some of the technicalities, but my point still remains. Alan has already written the kernel patch. He works for RedHat.
Stephen Tweedie and Ted T'so wrote ext3, mostly. Andrew Morton led its port to the 2.4 filesystem, and maintains patches for ext3 to be applied to the 2.4 kernels.
Alan Cox merges those submitted patches into his ac series, which ultimately leads to Linus adding them to the "stock" kernels.
You are missing a little from your math. Alan Cox is not relevant in this case.
Stephen Tweedie is. He is one of the top filesystem ext[23] hackers and is employed by Redhat. RedHat runs the mailing list for ext2 and ext3 stuff.
But mostly, ext3 allows new filesystems to be employed over old existing ones without a backup and re-creation of the file system. This means ext3 will be deployed (in the US) 10 times more than any other journaled file system.
As for speed, I think the ext[23] file systems, which are already fast, are going to catch up with the addition of an inode hash from Daniel Phillips. Or with his Tux2 file system which is in development. But really, unless you use directories with a large number of small files, ext2 and ReiserFS are not much different for speed.
Having an EASY upgrade path is the way. I also suspect Linus will add ext3 to the mainline kernels in another 2-3 kernel iterations, since the ext3 hackers are quite used to the appropriate methods for getting new code included.
There are REALLY important issues that interact with this one.
1) A box should come with only absolutely absolutely necessary web services running. Anything else should require the admin manually to turn the service on. This would prevent about 90% of all worm cracks.
2) The providers of a distro have a responsbility to ensure that security updates get to all people affected - not just those who subscribe to mailing lists. They have a responsibility to ensure that fixes are easy to get and easy to apply. Debian probably has the best security model in this regard due to apt-get.
Microsoft fails on all fronts. They ship NT server and Windows2000 server with IIS enabled by default. They do not push publicity out about worms that impact their systems - they make a low key effort to acknowledge that they have a problem only when they have a fix.
Redhat has also been particularly poor in this regard in the past - more recent installs seem not to enable internet server software by default, and to include warnings when you enable things.
Whereas Microsoft software is buggier and less secure than any other software, they also fail to enable their users when security fails. For this the blame goes squarely on the shoulders of a giant that banks $1 billion per month for avoiding bad publicity in order to help their users.
The rest of us applied the patch supplied by Microsoft more than a month before CR came out...
And were still vulnerable until we disabled URL forwarding.
The Microsoft patch alone is not useful. You are still at risk. See Incidents home page
I'm so sick of people blaming Microsoft. The released a patch well before Code Red. Get over it.
Microsoft STILL hasn't released a patch that makes their webserver secure and allows URL forwarding. Their patch has its own security hole !!
Blame Microsoft, or simply use Internet server software that is secure. All mine is written by Dan Bernstein:)
Re:More information?
on
Code Red III
·
· Score: 5, Funny
In all likely hood the media is confused. It wouldn't be the first time. I figure if there's a CRv3 ever out there it won't be near as nice as v2 is. I'm thinking massive damanage upon infection to the machine... but not enough to keep the worm from spreading.
What they are calling CodeRed III is really CodeRedII with a better IP selection routine.
Still has the XXX and installs the backdoor
Now incidents.org is recommending that the compromised machines, which have installed backdoors, format their c drive and reinstall
Your analogies aren't valid, because you're talking about cases where there is the threat of physical harm to an actual person. The Code Red virus is annoying, and it's causing major problems, but it's not going to kill anyone, and it's not going to permanently damage your system.
I disagree. CodeRedII is going to permanently damage your system. It is the equivalent of AIDS for computers - if completely knocks out your defenses, but doesn't cause any harm itself.
People with AIDS do not live very long. Neither will computers with CodeRedII. They are remote-rooted by anyone accessing the httpd port.
Also, you neglect to make an analogy between financial harm and physical harm, perhaps on purpose. Both are justifiable legally.
If you attack someone else's machine, then you're on exactly the same ethical level as the person who wrote the original virus.
THAT is a flawed analogy. Whereas it may not be appropriate to kill someone for committing murder, using an anti-virus to shut off machines with CodeRedII is completely different. The machines are compromised and vulnerable.
Imagine you are a business owner, and someone came along, opened the doors to your store, didn't take anything, and left. Are you trying to claim it would be illegal for me to close the door, and place me on the same level as the first person who opened the doors ?????
If you do believe that, please put down the crack pipe and back away slowly.
In other words, what you do may be ethical, that doesn't make it legal. Using the same methodes as a virus to gain access to someone's computer is not legal. It doesnt matter if you are trying to defend againts a virus, it's still illegal.
Criminal law guarantees you a trial by your peers. It is not illegal if your peers will not convict you. Here is an example: I knew a fellow in San Francisco who got AIDS as a long-time drug user. He nearly withered away and died. He started smoking pot at the advice of his physician even though it was illegal at the time. He was arrested numerous times, but never convicted of smoking pot.
You see, a jury of San Franciscans will NEVER convict someone with AIDS of smoking pot to boost their appetite. My friend gained a lot of weight and probably lived another 2 years as a result of pot smoking.
In the case of CodeRed anti-virii, you would need to have a reasonable argument that your actions were justified as bettering society on the whole. If you don't think such an argument exists, I wouldn't recommend writing it:)
What happens when the anti-virus you are running on someone's machine without there permission messes up and they're machine stop running/
You mean hypothetically my anti-virus stopped the 300 different threads on his machine that are attacking his Class A and Class B nets ?
I would say that is EXACTLY the intention. These machines are not benign. They are screwing up net traffic.
Worse yet, if ANYONE wanted, they could turn the machines into DDOS attacking machines focussed on a single target. Remember mafiaboy who shut down etrade and other.com sites with his DDOS ? Well, he had something like 150 machines at his disposal.
This one is hitting something like 2 million machines. These machines need to be turned off, patched, whatever. Instead they just sit there attacking other machines.
And again, if this came to a legal argument, there are other considerations.
1) The admin ignored the security advisory by Microsoft two months ago.
2) The admin ignored the CodeRed virus at the end of last month
3) The admin ignored CodeRed this month, and CodeRedII this month.
Basically, you have an admin who is either not monitoring or doesn't care about his server. This is not the signature of a mission critical admin - this is the signature of someone who doesn't know or doesn't care.
Your solutions should not affect the state of the infected machines. Even if you could "fix" their machine. Even telling them that their machine is infected is over the line, if you're using their machine to do it.
Now there is ethics and there is ethics. Here is a scenario that occurred once in Baltimore. A house thief hot-wired a car. He jammed the steering wheel all the way to the side and floored the gas. The car spun and made lots of noise. Meanwhile, the thief broke into people's houses (that is besides the point). Am I ethical if I jump into the moving car and turn it off ?
The point I am raising is that the car poses a risk to society. I am altering someone else's property in stopping it. However, I don't think it can be called unethical. The danger was created by someone who was not the owner - removal of that danger by another third party can be ethical depending on the magnitude of the danger and the alteration of the property.
As another example, suppose my neighbor's house is burning and his 10 year old is screaming at the window, and he is not around. Am I ethical in breaking in to save his child ? In this case the answer is really clear.
In the case of machines compromised with CodeRedII, consider the capability for MASSIVE DDOS directed at anybody launchable by anybody. Those machines are tools to be used by anyone for any reason they like. They can be used as launching points for hacks on military sites. They can be used to snoop for passwords etc. If you go onto those machines and simply remove them from the network by shutting them down (in an orderly fashion), I think you could argue rather strongly that you are taking such action in the interest of public safety.
Ethics is rarely so cut and dried that one could claim that you should NEVER alter someone else's property.
In short, don't sell Apple's iBook short, I'm pretty happy with mine, and I've been a Pee-Cee user since I got my XT in the 7th grade.
You had XTs in the 7th grade ? My gosh !!
We only had access to Apple IIs and TRS-80 machines. I wish I still had my old BASIC programs from that trash-80... I made a Pacman simulation using the upper ASCII "white block" characters and it all fit in the 16K of RAM I had to work with.
Yet someone people where I work find they need 1 Gigabyte of RAM for their Matlab programs. Sigh....
On laptops, I got an HP. My reasons were simple. I wanted a 4 lb or less laptop with a 12.1 inch screen or larger. I didn't (and don't) care about CD-ROMs.
That limits it a lot. And the HP choice was MUCH less expensive than the IBM and Toshiba solutions.
Of course, times may have changed. I use my laptop for making lectures and scientific talks, and for writing while I am on the road. I kinda like the HP keyboard compared to Sony keyboards.
That machine has been remote rooted, and anyone who has an httpd log is receiving it on a news broadcast. If it is running mission critical software, anyone and their brother can do anything they want to the mission critical software.
The best thing you could do for that machine is shut it down. Its defenses have been COMPLETELY compromised. Without any defenses, the machine is useless.
Besides, only a total idiot would run mission critical software on an unpatched IIS server, particularly after the past few weeks.
How does one do that, without activating the worm? I got lots of these, but when I save the attachments and poke at them with emacs, it's all gibberish.
Your opinions seem to be rather disconnected with what I see in the real world. I talk with CxO-types nearly every day, and one thing that is a nearly constant theme right now is that they're *MAD* about Microsoft's attempt to force them into XP and a two-year upgrade cycle for both the OS and Office. I've spoken with one CEO and two CFOs in the last week that have decided to pass on Microsofts XP licensing "offer" to upgrade everything by October, because they did enough research to realize that the cost down the road *substantially* outwieghs the apprent short term "savings".
You underestimate Microsoft. They have a 40% profit margin BECAUSE they are a monopoly that utilizes that power. Once they realize people are not switching over, subscription prices will come down. OEMs will get coerced more severely. The most important thing to Microsoft is not maximizing profit off the subscription based services right now - it is getting people into it in the first place. They will backpedal to get you subscribed. Because, once you are subscribed, they can heavy hand you on pricing and manipulate available software (like java) every single year.
That is their dream. They may even resurrect java and ship it by default. However, that will not be the end, but the beginning of the end. The subscription model plays so perfectly into their manipulative hands that it is unreal. A chance to be coercive on a YEARLY basis without needing the OEMs is exactly what the monopolist wants.
Don't forget they have enough money in the bank to give away Windows XP for the first year without flinching. Because the subscription model with paying subscribers is the long term goal.
As to whether people will go head over heels for linux - I doubt it. Microsoft merely needs to kill java quickly enough and replace it with.NET to own the platform of computing across the web. They are already making.NET available on FreeBSD (through Microsoft) and linux (through MONO). Once everyone has a reasonable plugin for C# and java is still the half broken beast on anything except Windows, Microsoft will actually have a leg up.
I use linux and Unices now, and I haven't used Windows for anything for years. But I don't see my grandmother considering anything else.
Look. There is no use fighting it. Microsoft will coerce users into upgrading to XP. They've done it before, and they will do it again. It will be a 3 pronged strategy. Office XP will only work on Windows XP, OEMs will be stronghanded into shipping XP, and newer devices will be unsupported on older versions of Windows. Bang - within 3-4 years, everyone will be in the subscription model running XP.
Now, Microsoft harnesses the other thing they KNOW about the user - the thing used to kill netscape. The user does not change his default settings. Most users never change their browser home page. Most users never install any new software to work with their browser. Most users never delete the icons that ship on their first boot screen.
BTW, netscape and AOL know this as well - that is why they change the default settings for plugins (read media players) when they install. Hardly any users will change it back.
Remember, protocols on the web need to be broadly supported, or people will not use them. If even 25% of all users cannot access java without installing it themselves, java is dead.
And Microsoft can always claim that they made it VERY easy for the user to install java themselves, and it will not change a thing. They could even make the install a one-click thing from their web site - and it would not change a thing except Microsoft's defensibility in court.
Gates and Co. didn't achieve a 40% profit margin by being nice guys. They have a monopoly, and they know how to use it.
You cannot pick up a phone and call a responsible person. You have no second avenue to contact a person, say, if someone was forging their domain name. If someone from your domain is spamming and blocking traffic, you cannot be easily contacted to do the right thing.
Put it another way. I can go to City Hall and find out who owns every piece of property in the city. With the current system, I can find out who owns every piece of cyberspace. It seems eminently reasonable. It also lets you know which of your neighbors are respnsible citizens, and which ones spam, and which ones run porno sites. Ownership bears SOME responsibility. Making domain ownership anonymous reduces this responsibility, and I can see good and bad things that would result.
My Dad, sensing the geek in me, taught me how to use a slide rule when I was a wee lad. At the time calculators were around, but were expensive and used batteries fast on their red screens. The LCD calculators came around about 10 years later, and made batteries last a long long time.
I still have that slide rule though, and I can still use it. But DrGenius is generally faster and closer to hand.
Microsoft operates with a 40% profit margin. That absolutely NEVER happens in a competitive market. Their only concern is not pissing people off so much they actually generate substantial backlash. There is literally almost no chance of that happening.
Microsoft will back off a little, and be coercive. They will stop all support of new device drivers for older Windows. They will coerce PC makers into shipping XP. They will not support Office on Windows XP, only Office XP on Windows XP. Sooner or later you will upgrade. You will need Windows XP for some new device 2 years from now. Then you will enter the licensing program, and you will be forced to upgrade Office XP too. Maybe you will need Office XP to view new documents, and that will bring on Windows XP. They only need one chink in the armor, and all your desktop are belong to them.
Sooner or later, you will be making the switch. It may take 3 years. It may take five years. It largely will not matter. Their profit margin will rise to about 60% once the switch is complete.
In the computer industry, everything gets cheaper year after year. Everything except Microsoft products. The funny thing is that of the available products and operating systems, their is absolutely nothing so outstanding about Windows and Office to justify this monopolization. Just good marketing and sales.
Our current evidence suggests that increased surface temperatures are more likely caused by increased development (ie, asphalt) nearby ground measurement stations.
There are many different ways to come to conclusions regarding things like global warming. That is why Bush asked the National Academy of Science to create a report. In this, the NAS gives academic independence to its members who work in the field of climate change. The committee was made up of 11 of the nation's top climate scientists, including seven members of the National Academy of Sciences, one of whom is a Nobel Prize winner. You can note that they do not support the stance of Bush that the evidence needs to be further evaluated before taking substantial action, which indicates that the source of funding for the report is not biasing the results.
They note that greenhouse gases are increasing. CO2 is mostly to blame. It is mostly human generated. One of the most compelling pieces of evidence is the cooling of the stratosphere. Urban warming lacks adequate explanatory power. But don't believe me - read the report.
Note that this is one way of forming an argument - relying on the consensus opinions of experts in the field. You could similarly rely on the opinion of a rogue in the field that others do not agree with. Sometimes the loner is right, most often the consensus is right.
Slashdot Mirror
WTF are you talking about ?
I am talking about a position pushed strongly by the religious right, which consists of the strongest supporters of W. I work at UCSF, and have friends who are packing their bags and moving to Cambridge England to be able to continue their research.
Religion has a long history of stepping in the face of science with supposedly noble intentions. Galileo, named by Einstein as the father of the modern experimental method, died under house arrest because he wrote a treatise on the sun centered solar system. The Pope disagreed.
In short, politically powerful religious minorities are driving very intelligent scientists to Europe. In the past very intelligent scientists were driven to the US from Europe to escape political persecution (some of it religious based, some of it race based).
A strong faction of the founding fathers of the US left Europe specifically to escape religious based persecution. Now the tide is flowing the other direction, and it is really dumb. Stem cell findings will be made and will benefit humanity. The ultimate irony will be when Dubya gets Alzheimers or Parkinson's disease in a few more decades and has to go to Europe to receive efficacious treatment.
... that people wishing to perform research on stem cell lines are leaving the United States to go to Great Britain - basically to avoid the influence of religious based persecution ??
Um, how can ext[23] catch up on speed with the addition of Tux2 filesystem?
In many ways Tux2 is an add-on to ext2 to add
1) A hash function which is analogous to a B-tree for directory searches. This is currently a big speed hit for ext2 for directories with lots of small files.
2) Atomic updating of file system writes. This will make the file system power-button resistant without adding a journal. This is a feature already present in FFS + Soft Updates in FreeBSD.
The atomic updating algorithm will make the file system faster than any journalled file system, ceteris paribus. But Tux2 will also be an add-on to existing ext[23] file systems, and will inherit most of its code base from them. Similarly, the upgrade path will not require a backup and re-creation of the file system. At least, this is according to statements made by its coder, Phillips.
Yes, I admit I skipped over some of the technicalities, but my point still remains. Alan has already written the kernel patch. He works for RedHat.
Stephen Tweedie and Ted T'so wrote ext3, mostly. Andrew Morton led its port to the 2.4 filesystem, and maintains patches for ext3 to be applied to the 2.4 kernels.
Alan Cox merges those submitted patches into his ac series, which ultimately leads to Linus adding them to the "stock" kernels.
You are missing a little from your math. Alan Cox is not relevant in this case.
Stephen Tweedie is. He is one of the top filesystem ext[23] hackers and is employed by Redhat. RedHat runs the mailing list for ext2 and ext3 stuff.
But mostly, ext3 allows new filesystems to be employed over old existing ones without a backup and re-creation of the file system. This means ext3 will be deployed (in the US) 10 times more than any other journaled file system.
As for speed, I think the ext[23] file systems, which are already fast, are going to catch up with the addition of an inode hash from Daniel Phillips. Or with his Tux2 file system which is in development. But really, unless you use directories with a large number of small files, ext2 and ReiserFS are not much different for speed.
Having an EASY upgrade path is the way. I also suspect Linus will add ext3 to the mainline kernels in another 2-3 kernel iterations, since the ext3 hackers are quite used to the appropriate methods for getting new code included.
There are REALLY important issues that interact with this one.
1) A box should come with only absolutely absolutely necessary web services running. Anything else should require the admin manually to turn the service on. This would prevent about 90% of all worm cracks.
2) The providers of a distro have a responsbility to ensure that security updates get to all people affected - not just those who subscribe to mailing lists. They have a responsibility to ensure that fixes are easy to get and easy to apply. Debian probably has the best security model in this regard due to apt-get.
Microsoft fails on all fronts. They ship NT server and Windows2000 server with IIS enabled by default. They do not push publicity out about worms that impact their systems - they make a low key effort to acknowledge that they have a problem only when they have a fix.
Redhat has also been particularly poor in this regard in the past - more recent installs seem not to enable internet server software by default, and to include warnings when you enable things.
Whereas Microsoft software is buggier and less secure than any other software, they also fail to enable their users when security fails. For this the blame goes squarely on the shoulders of a giant that banks $1 billion per month for avoiding bad publicity in order to help their users.
The rest of us applied the patch supplied by Microsoft more than a month before CR came out...
:)
And were still vulnerable until we disabled URL forwarding.
The Microsoft patch alone is not useful. You are still at risk. See Incidents home page
I'm so sick of people blaming Microsoft. The released a patch well before Code Red. Get over it.
Microsoft STILL hasn't released a patch that makes their webserver secure and allows URL forwarding. Their patch has its own security hole !!
Blame Microsoft, or simply use Internet server software that is secure. All mine is written by Dan Bernstein
In all likely hood the media is confused. It wouldn't be the first time. I figure if there's a CRv3 ever out there it won't be near as nice as v2 is. I'm thinking massive damanage upon infection to the machine... but not enough to keep the worm from spreading.
/script/root.exe?+%2fc+format+c:
What they are calling CodeRed III is really CodeRedII with a better IP selection routine.
Still has the XXX and installs the backdoor
Now incidents.org is recommending that the compromised machines, which have installed backdoors, format their c drive and reinstall
We can do it for them...
GET
Your analogies aren't valid, because you're talking about cases where there is the threat of physical harm to an actual person. The Code Red virus is annoying, and it's causing major problems, but it's not going to kill anyone, and it's not going to permanently damage your system.
I disagree. CodeRedII is going to permanently damage your system. It is the equivalent of AIDS for computers - if completely knocks out your defenses, but doesn't cause any harm itself.
People with AIDS do not live very long. Neither will computers with CodeRedII. They are remote-rooted by anyone accessing the httpd port.
Also, you neglect to make an analogy between financial harm and physical harm, perhaps on purpose. Both are justifiable legally.
If you attack someone else's machine, then you're on exactly the same ethical level as the person who wrote the original virus.
THAT is a flawed analogy. Whereas it may not be appropriate to kill someone for committing murder, using an anti-virus to shut off machines with CodeRedII is completely different. The machines are compromised and vulnerable.
Imagine you are a business owner, and someone came along, opened the doors to your store, didn't take anything, and left. Are you trying to claim it would be illegal for me to close the door, and place me on the same level as the first person who opened the doors ?????
If you do believe that, please put down the crack pipe and back away slowly.
In other words, what you do may be ethical, that doesn't make it legal. Using the same methodes as a virus to gain access to someone's computer is not legal. It doesnt matter if you are trying to defend againts a virus, it's still illegal.
:)
Criminal law guarantees you a trial by your peers. It is not illegal if your peers will not convict you. Here is an example: I knew a fellow in San Francisco who got AIDS as a long-time drug user. He nearly withered away and died. He started smoking pot at the advice of his physician even though it was illegal at the time. He was arrested numerous times, but never convicted of smoking pot.
You see, a jury of San Franciscans will NEVER convict someone with AIDS of smoking pot to boost their appetite. My friend gained a lot of weight and probably lived another 2 years as a result of pot smoking.
In the case of CodeRed anti-virii, you would need to have a reasonable argument that your actions were justified as bettering society on the whole. If you don't think such an argument exists, I wouldn't recommend writing it
What happens when the anti-virus you are running on someone's machine without there permission messes up and they're machine stop running /
.com sites with his DDOS ? Well, he had something like 150 machines at his disposal.
You mean hypothetically my anti-virus stopped the 300 different threads on his machine that are attacking his Class A and Class B nets ?
I would say that is EXACTLY the intention. These machines are not benign. They are screwing up net traffic.
Worse yet, if ANYONE wanted, they could turn the machines into DDOS attacking machines focussed on a single target. Remember mafiaboy who shut down etrade and other
This one is hitting something like 2 million machines. These machines need to be turned off, patched, whatever. Instead they just sit there attacking other machines.
And again, if this came to a legal argument, there are other considerations.
1) The admin ignored the security advisory by Microsoft two months ago.
2) The admin ignored the CodeRed virus at the end of last month
3) The admin ignored CodeRed this month, and CodeRedII this month.
Basically, you have an admin who is either not monitoring or doesn't care about his server. This is not the signature of a mission critical admin - this is the signature of someone who doesn't know or doesn't care.
Your solutions should not affect the state of the infected machines. Even if you could "fix" their machine. Even telling them that their machine is infected is over the line, if you're using their machine to do it.
Now there is ethics and there is ethics. Here is a scenario that occurred once in Baltimore. A house thief hot-wired a car. He jammed the steering wheel all the way to the side and floored the gas. The car spun and made lots of noise. Meanwhile, the thief broke into people's houses (that is besides the point). Am I ethical if I jump into the moving car and turn it off ?
The point I am raising is that the car poses a risk to society. I am altering someone else's property in stopping it. However, I don't think it can be called unethical. The danger was created by someone who was not the owner - removal of that danger by another third party can be ethical depending on the magnitude of the danger and the alteration of the property.
As another example, suppose my neighbor's house is burning and his 10 year old is screaming at the window, and he is not around. Am I ethical in breaking in to save his child ? In this case the answer is really clear.
In the case of machines compromised with CodeRedII, consider the capability for MASSIVE DDOS directed at anybody launchable by anybody. Those machines are tools to be used by anyone for any reason they like. They can be used as launching points for hacks on military sites. They can be used to snoop for passwords etc. If you go onto those machines and simply remove them from the network by shutting them down (in an orderly fashion), I think you could argue rather strongly that you are taking such action in the interest of public safety.
Ethics is rarely so cut and dried that one could claim that you should NEVER alter someone else's property.
In short, don't sell Apple's iBook short, I'm pretty happy with mine, and I've been a Pee-Cee user since I got my XT in the 7th grade.
You had XTs in the 7th grade ? My gosh !!
We only had access to Apple IIs and TRS-80 machines. I wish I still had my old BASIC programs from that trash-80... I made a Pacman simulation using the upper ASCII "white block" characters and it all fit in the 16K of RAM I had to work with.
Yet someone people where I work find they need 1 Gigabyte of RAM for their Matlab programs. Sigh....
On laptops, I got an HP. My reasons were simple. I wanted a 4 lb or less laptop with a 12.1 inch screen or larger. I didn't (and don't) care about CD-ROMs.
That limits it a lot. And the HP choice was MUCH less expensive than the IBM and Toshiba solutions.
Of course, times may have changed. I use my laptop for making lectures and scientific talks, and for writing while I am on the road. I kinda like the HP keyboard compared to Sony keyboards.
This one works for me for default apache logging options. 50 IP addresses so far. All your IIS servers are belong to me.
/var/log/apache/access.log | mawk '{ print($1 " "$4 " " $5) }' | Mail -s "Compromised machines" aris-report@securityfocus.com
grep \?XXX
That machine has been remote rooted, and anyone who has an httpd log is receiving it on a news broadcast. If it is running mission critical software, anyone and their brother can do anything they want to the mission critical software.
The best thing you could do for that machine is shut it down. Its defenses have been COMPLETELY compromised. Without any defenses, the machine is useless.
Besides, only a total idiot would run mission critical software on an unpatched IIS server, particularly after the past few weeks.
Let me make sure I understand this one.
/var/log/apache/access.log
/var/log/apache/access.log | mawk '{print($1) }'
I grep \?XXX from
grep \?XXX
Then, for each result, I can telnet to port 80 and remote root the machine with a single get request for scripts/cmd.exe ??
I have 45 such hits in my log files, mostly from machines at my ISP. That is truly ridiculous.
How does one do that, without activating the worm? I got lots of these, but when I save the attachments and poke at them with emacs, it's all gibberish.
Try piping it through strings.
Your opinions seem to be rather disconnected with what I see in the real world. I talk with CxO-types nearly every day, and one thing that is a nearly constant theme right now is that they're *MAD* about Microsoft's attempt to force them into XP and a two-year upgrade cycle for both the OS and Office. I've spoken with one CEO and two CFOs in the last week that have decided to pass on Microsofts XP licensing "offer" to upgrade everything by October, because they did enough research to realize that the cost down the road *substantially* outwieghs the apprent short term "savings".
.NET to own the platform of computing across the web. They are already making .NET available on FreeBSD (through Microsoft) and linux (through MONO). Once everyone has a reasonable plugin for C# and java is still the half broken beast on anything except Windows, Microsoft will actually have a leg up.
You underestimate Microsoft. They have a 40% profit margin BECAUSE they are a monopoly that utilizes that power. Once they realize people are not switching over, subscription prices will come down. OEMs will get coerced more severely. The most important thing to Microsoft is not maximizing profit off the subscription based services right now - it is getting people into it in the first place. They will backpedal to get you subscribed. Because, once you are subscribed, they can heavy hand you on pricing and manipulate available software (like java) every single year.
That is their dream. They may even resurrect java and ship it by default. However, that will not be the end, but the beginning of the end. The subscription model plays so perfectly into their manipulative hands that it is unreal. A chance to be coercive on a YEARLY basis without needing the OEMs is exactly what the monopolist wants.
Don't forget they have enough money in the bank to give away Windows XP for the first year without flinching. Because the subscription model with paying subscribers is the long term goal.
As to whether people will go head over heels for linux - I doubt it. Microsoft merely needs to kill java quickly enough and replace it with
I use linux and Unices now, and I haven't used Windows for anything for years. But I don't see my grandmother considering anything else.
That works for now.
In a subscription model Microsoft can decide to strongarm you at any time you are re-subscribing - like yearly, for example.
Look. There is no use fighting it. Microsoft will coerce users into upgrading to XP. They've done it before, and they will do it again. It will be a 3 pronged strategy. Office XP will only work on Windows XP, OEMs will be stronghanded into shipping XP, and newer devices will be unsupported on older versions of Windows. Bang - within 3-4 years, everyone will be in the subscription model running XP.
Now, Microsoft harnesses the other thing they KNOW about the user - the thing used to kill netscape. The user does not change his default settings. Most users never change their browser home page. Most users never install any new software to work with their browser. Most users never delete the icons that ship on their first boot screen.
BTW, netscape and AOL know this as well - that is why they change the default settings for plugins (read media players) when they install. Hardly any users will change it back.
Remember, protocols on the web need to be broadly supported, or people will not use them. If even 25% of all users cannot access java without installing it themselves, java is dead.
And Microsoft can always claim that they made it VERY easy for the user to install java themselves, and it will not change a thing. They could even make the install a one-click thing from their web site - and it would not change a thing except Microsoft's defensibility in court.
Gates and Co. didn't achieve a 40% profit margin by being nice guys. They have a monopoly, and they know how to use it.
Disadvantages:
You cannot pick up a phone and call a responsible person. You have no second avenue to contact a person, say, if someone was forging their domain name. If someone from your domain is spamming and blocking traffic, you cannot be easily contacted to do the right thing.
Put it another way. I can go to City Hall and find out who owns every piece of property in the city. With the current system, I can find out who owns every piece of cyberspace. It seems eminently reasonable. It also lets you know which of your neighbors are respnsible citizens, and which ones spam, and which ones run porno sites. Ownership bears SOME responsibility. Making domain ownership anonymous reduces this responsibility, and I can see good and bad things that would result.
My Dad, sensing the geek in me, taught me how to use a slide rule when I was a wee lad. At the time calculators were around, but were expensive and used batteries fast on their red screens. The LCD calculators came around about 10 years later, and made batteries last a long long time.
I still have that slide rule though, and I can still use it. But DrGenius is generally faster and closer to hand.
You don't understand, do you ?
Microsoft operates with a 40% profit margin. That absolutely NEVER happens in a competitive market. Their only concern is not pissing people off so much they actually generate substantial backlash. There is literally almost no chance of that happening.
Microsoft will back off a little, and be coercive. They will stop all support of new device drivers for older Windows. They will coerce PC makers into shipping XP. They will not support Office on Windows XP, only Office XP on Windows XP. Sooner or later you will upgrade. You will need Windows XP for some new device 2 years from now. Then you will enter the licensing program, and you will be forced to upgrade Office XP too. Maybe you will need Office XP to view new documents, and that will bring on Windows XP. They only need one chink in the armor, and all your desktop are belong to them.
Sooner or later, you will be making the switch. It may take 3 years. It may take five years. It largely will not matter. Their profit margin will rise to about 60% once the switch is complete.
In the computer industry, everything gets cheaper year after year. Everything except Microsoft products. The funny thing is that of the available products and operating systems, their is absolutely nothing so outstanding about Windows and Office to justify this monopolization. Just good marketing and sales.
Try this one. Use color !
e [0;36m\](\W)\[\e[0;0m\]$ '
export PS1='\[\e[0;31m\]\u\[\e[1;37m\]@\[\e[0;37m\]\h\[\
Our current evidence suggests that increased surface temperatures are more likely caused by increased development (ie, asphalt) nearby ground measurement stations.
. ns f/web/climate?OpenDocument
There are many different ways to come to conclusions regarding things like global warming. That is why Bush asked the National Academy of Science to create a report. In this, the NAS gives academic independence to its members who work in the field of climate change. The committee was made up of 11 of the nation's top climate scientists, including seven members of the National Academy of Sciences, one of whom is a Nobel Prize winner. You can note that they do not support the stance of Bush that the evidence needs to be further evaluated before taking substantial action, which indicates that the source of funding for the report is not biasing the results.
http://www4.nationalacademies.org/onpi/webextra
They note that greenhouse gases are increasing. CO2 is mostly to blame. It is mostly human generated. One of the most compelling pieces of evidence is the cooling of the stratosphere. Urban warming lacks adequate explanatory power. But don't believe me - read the report.
Note that this is one way of forming an argument - relying on the consensus opinions of experts in the field. You could similarly rely on the opinion of a rogue in the field that others do not agree with. Sometimes the loner is right, most often the consensus is right.
Any grassy knoll believers ?