I was mostly kidding. I love his textbooks, and the benefits of a microkernel are obvious, but they do seem very academic (in the negative sense). There's a ton of stuff in academic CS that just isn't that useful in the real world, and microkernels are one of them. And nok OSX doesn't count, there's a ton of BSD built right into the kernel.
What's next? Will I need to do this completely ridiculous thing that's in no way follows logically from the thing they've announced? I can only imagine how this implausible occurrence would affect this other thing I have a pet peeve against!
He didn't say they were the first pocket DMP. He's saying that people judge DMPs by the iPod. Much in the same way that handheld tablet devices are judged by the iPad, and smartphones are judged by the iPhone.
This is, for better or worse, very hard to argue. Again, none of these were at all first. But let's think about what came before:
- The iPod. Previous devices were bulky, slow, complex - well, Nomads. Existing DMPs had slow transfer rates and were complicated. I don't know a single non-nerd who had one. How have DMPs looked since the iPod's release?
- The iPhone. Previous devices were bulky, slow, complex - well, WinPhones. They worked, but they sucked. Existing smartphones were really set up for mice, and I don't know a single non-business user who had one. How have smartphones looked since the iPhone's release?
- The iPad. Previous devices were bulky, slow, complex - well, Tablet PCs. They worked, but they sucked. Existing tablets were just Windows laptops with a stylus and perhaps a note-taking program and handwriting recognition. I don't know a single non-nerd non-business person who had one. How have tablets looked since the iPad's release?
I could say the same thing about the Macintosh and the LaserWriter. Nobody who has anything interesting to say has ever said that Apple did any of this first, but they might as well have since nobody had one before Apple came along and made them viable products. And they've been imitated on each one, to the point where you can't find a "classic" Tablet PC anywhere, or a "classic" WinMo smartphone, or a "classic" Nomad-esque device.
And this is why Apple kicks everyone's ass. I know I've been wrong on every front - the iPhone (2G only?? No apps?) and the iPad (I already have a laptop and a phone) were huge successes despite my conviction that it was impossible. Apparently, most of these other companies are filled with people like me - and not the people who buy millions of these things because they fill a need.
Top Gear USA can't piss off their (car company) sponsors *too* much. Top Gear UK is funded by the BBC, so they don't give a rat's ass about making fun of or otherwise demeaning the car companies. It's what gives them their power.
Perhaps analogously, our phone numbering system isn't designed to allow direct-dialing nearby galaxies
"It should have been easily seen" is a hindsight argument. Were you there? Did you see it coming? Can you provide a compelling case that they had any suspicion that everybody and their dog in the middle of Africa would need an IP? You couldn't even fit a computer on an average desktop, let alone your pocket.
You also neglect the added hardship of managing the extra bits. Keeping with the analogy, imagine a 25 digit phone number - it's 'easy to see' that we might need one some day, if intergalactic telephony takes off and we merge our phone system with the phone systems of a few alien species. Should we have done this back in the 60s when direct-dial came around, because it'll be a hassle to change when it's a problem?
Engineering for an unpredictable future just means you waste a huge amount of time and often it means your idea won't get off the ground at all. The internet wasn't ever expected to get as big as it is, because it was essentially a research network. Perhaps analogously, our phone numbering system isn't designed to allow direct-dialing nearby galaxies.
2^32 was - and is - a huge number. 4 billion addresses was unthinkably high, when there were only a few thousand machines who could even use one. It was more than sufficient until a majority of the world needed their own address, or several.
And it wasn't an arbitrary number, either. It's 32 bits, or 4 bytes. Hardware at the time couldn't easily handle addresses larger than that, so if we'd started out with 128-bit addresses, nobody would ever use it because it would be impossible to implement, or far too slow. Hardware has gotten faster/cheaper/better and now it's no longer an issue. So now we're doing it.
Let's think about this critically. Let's say a corporation makes $8B of income in a year (about what Google does). They get taxed at the ridiculously low rate of 0.1%
That's one million dollars. If they can save $500k by spending $500k on a consultant, they'd still make more than enough money to justify it.
You're misrepresenting intelligent design, I suspect delibrately and knowingly
What you're describing is actually evolution. It's called selective breeding, and while it's true that there's an intelligence behind the selection, there's still an evolutionary pressure at work. Dogs don't really develop into adults... they stay puppy-like their whole life because people like that.
But that's not what intelligent design is about at all. Intelligent design suggests that things like eyes or other complex features are far too complex to have come about due to "mere" selective pressures, and thus somebody must have created it from whole cloth.
You're talking about a well-understood consequence of evolution and selective pressure, and trying to label it as ID.
Agreed on the 'shrinking' bit. There are *two* shitty papers in my 2-square-mile 7k-person hometown. They are being replaced by a hyper-local blog (which itself is big news... it was sorta the first), and that's not a bad thing. But NYT, WaPo etc aren't going anywhere, probably. And they're the ones that can break these kinds of stories, so it's probably not the end of the world just yet.
As for Watergate... yes, that's true in the broadest sense, but Woodward and Bernstein did a huge amount of research. Deep Throat essentially said "there's more to see here" and "it goes all the way up"... important tips, but not enough to get a president out of office.
Unfortunately, sometimes you need a real entity with some clout in order to bring this kind of information to light. It shouldn't be the case, but it is. And I just can't see a blog having the resources to do something like this, or discovering the wiretaps a few years back, or uncovering Watergate.
Most of the time, news is nothing special... stuff happens and it gets written about - but sometimes it takes significant resources, and I just don't see any news blogs being able to muster up that kind of force. Which is why you won't be finding me cheering the death of newspapers.
It only worked in 07 because smartphones were so very terrible, and the iPhone was the only decent one. The iPhone 5 is competing with itself and a truckload of Android phones, and someone who wants an ATT or Verizon smartphone already has options. Apple will just lose out on the upgraders, who will hold out rather than switch.
For what it's worth, I have 14 tabs open right now, all with big demanding webpages, and my browser's been running for at least 5 days. I'm using less than a GB, which I don't mind because it gives me instant back.
I should note that I have more than 2GB free on my machine at the moment, and that's after Windows 7's aggressive caching. When I become RAM-starved, Firefox drops down by about half.
I haven't ever had memory leak issues with Firefox, at least not in the last 5 years, so I'm inclined to believe the devs when they say it's shitty extensions that are causing the problems...
But how do you prevent stupidity? To stop this attack, you'd need to remove the ability for the user to execute programs of their choosing. A mitigating factor would be preventing applications from setting their own icon. Which do you propose?
If "people are exceedingly stupid and will do anything the dancing bunnies tell them" is your only major security flaw, I'd say you're doing as well as possible.
Same with me, except that they did reverse the charges when I emailed them. They even found one that hadn't posted yet and reversed that. I have no complaints about how they handled it - they sent me a lengthy email with a ton of details - the accounts using my card, the email addresses used (a few; variations of my name @ovi.com), all of which I passed on to my bank.
They were fast - after spending $160 at iTunes, they spent $380 at FedEx in 12 charges of about $30. I checked my statement the next day by luck (I don't check every day, and I was in Maine to boot) and was able to cancel the card before they got away with more. This happened early August; I just finished getting this sorted out last week.
Still have no idea how they got my info. I still have the (useless) card in my possession and I didn't use it anywhere unsafe - electronically or physically. I'm guessing a site got compromised. Whoever it was had my name, billing address, and CC# (and presumably CVV)
I knew a guy who did that once. He spoofed one of their Internet gateways with his Linux box. Two minutes later, they shut the port down because it threw up a flag on their NOC screen in 30 seconds, and it took them another 90 to find the port on his nearest switch. Then he got an email suggesting that he not do that again (they knew it was intentional) and reminding him of their TOS, and that they'd turn it back on after he acknowledged that he'd read and understood it. Total downtime was a few minutes, for about 20 people, so they weren't screwing around. He sure gained some respect for them after that, though - he'd thought they were all incompetent, in typical college freshman nerd style, and was quite impressed.
As to the substance of your comment, I mentioned that the wireless ports are all on a VLAN, which is statically configured (remotely) on the switch. In other words, unspoofable - and I've tried. It's not quite plug-and-play, but it only takes about 10 minutes to set one up. The cabling takes much longer, particularly in these old buildings. Essentially the cable is run from the wiring closet to the location, the tech calls in the port number and name on the switch, the guy at the desk configs it for gigabit, PoE, and the VLAN, then the tech goes over to the AP and reads off the BSSID (MAC) to the desk, who sticks it in the controller DB. The AP is then plugged in, and Bob's your uncle - after a few connection tests.
More broadly, every MAC address (wired or wireless) is mapped to its owner's username, and every port's physical location is known, so individuals can be easily found and cut off if necessary. Specific ports can be deactivated, or an entire individual's username can be banned (for severe violations... doesn't happen much) by causing wireless auth fails and a VLAN jail for all his wired devices. There's no way to cause anonymous mayhem when they know where you are. That sounds draconian, but they don't monitor traffic content - they just ensure the network's integrity.
We run a thousand or so Aruba 125s at school here, covering all 600 or so acres of campus. Those are probably overkill for you (at about $750 a pop), but AFAIK even the lowest-end ones have the same essential features.
Basically, the network architecture puts the whole wireless network on a separate segment, all the way back to the aggregation points. They're gigabit wired into the building routers, but placed on a separate VLAN all the way back to one of the three aggregation points. Each AP is assigned to a controller, and will fail over to a second one if needed. The controllers pass the traffic to the rest of the network.
The controller architecture means you can do some pretty interesting things. Particularly, it means new APs are trivial to install - stick them into the controller's DB and plug it in to an Ethernet cable (it's PoE); it'll go and find the controller and pull down the config and any upgrades to the software. It also allows IP roaming between APs, even if they're in different netblocks. I can walk from one end of campus to the other (7 city blocks) while keeping the same IP and getting all my traffic, through about 150 different APs - much like a cell network. You can also do spectrum analysis through their management console - I once saw them find a broken microwave from all the interference they were seeing across the 10 APs in range a la Dark Knight.
The APs we have will band-steer clients over to the 5GHz spectrum if possible, which can support a huge number of clients, but you need the density for it to make a big difference. If you do, though, you can easily get 30 people per AP, with a few doing massive downloads/uploads and no hiccups. They don't recommend more than that, and in any case it's difficult to fit people densely enough that you wouldn't need a new one for signal purposes.
No, I don't work for them. I don't even work for the Networking department. I just really like the toys - though I suspect I might feel differently if I had to make the purchase! Quality isn't cheap...
My EMS agency uses EMSCharts, and it's the same deal. Since they don't allow you to type in a MOI (mechanism of injury), they need to have pretty much anything you can imagine - including several due to injury by spacecraft, depending on whether it was on the launch pad, falling from the sky, exploding, or being worked on.
Not surprising, it's just what happens when you try to pigeonhole every possible way that people injure themselves. They're too damn creative.
Also an EMT. Low band VHF (ugh) for our primary radio, UHF for the cops, and a VHF radio for interop. Couple of portables for each.
Recently, a neighboring town went to a trunked system, so now we can't communicate with them unless we do it over a state police channel that they're required to monitor. Not a technological issue, they just won't let us in. And we can still communicate over interop if the sh*t really hits the fan.
I've never quite understood the "everybody talks to everybody!" mentality that these discussions assume. If I need to talk to all those people that I basically never have the need to talk to in normal operations, I probably won't have the time to figure it out. That's why we have dispatch.
Reading the 'pedia, it seems like DigiNotar's been careless for a while. Only 9 certificates were issued with Comodo, and it was handled very very quickly. It also doesn't seem like Comodo was actually compromised - Wikipedia says "a user account with an affiliate registration authority had been compromised"
By comparison, nobody's quite sure just how many DigiNotar certs were issued, or over how long a period of time. DigiNotar themselves have said they can't ensure that all fraudulent certs will be revoked.
If that wasn't enough, the fact that Comodo is a much, much larger CA is also important. Like it or not, the fallout from distrusting DigiNotar is much less than the fallout for kicking off Comodo would be.
Certificates can be revoked by putting them on the certificate revocation list. The OCSP protocol is analogous. Here, try it yourself: http://validation.diginotar.nl/ - get an OCSP client (IE7+, FF3+, Chrome, etc do it automatically) and try to authenticate any of the fraudulent certificates.
Somebody getting a hold of the private keys for the CA itself is a bigger problem - keys can be signed by the attacker faster than they can be revoked. I haven't heard that that's the case - just that fraudulent certs were made, presumably through the same semi-automated process that everybody else uses.
I don't know if there's a way to revoke a CA cert (that is, *all* certificates signed by a certificate). But that doesn't seem to be required here, so the standard revocation procedure works.
Slashdot Mirror
I was mostly kidding. I love his textbooks, and the benefits of a microkernel are obvious, but they do seem very academic (in the negative sense). There's a ton of stuff in academic CS that just isn't that useful in the real world, and microkernels are one of them. And nok OSX doesn't count, there's a ton of BSD built right into the kernel.
He did get that whole "Linux is obsolete" thing wrong, though.
What's next? Will I need to do this completely ridiculous thing that's in no way follows logically from the thing they've announced? I can only imagine how this implausible occurrence would affect this other thing I have a pet peeve against!
Wow. Just... wow.
Try this link
He didn't say they were the first pocket DMP. He's saying that people judge DMPs by the iPod. Much in the same way that handheld tablet devices are judged by the iPad, and smartphones are judged by the iPhone.
This is, for better or worse, very hard to argue. Again, none of these were at all first. But let's think about what came before:
- The iPod. Previous devices were bulky, slow, complex - well, Nomads. Existing DMPs had slow transfer rates and were complicated. I don't know a single non-nerd who had one. How have DMPs looked since the iPod's release?
- The iPhone. Previous devices were bulky, slow, complex - well, WinPhones. They worked, but they sucked. Existing smartphones were really set up for mice, and I don't know a single non-business user who had one. How have smartphones looked since the iPhone's release?
- The iPad. Previous devices were bulky, slow, complex - well, Tablet PCs. They worked, but they sucked. Existing tablets were just Windows laptops with a stylus and perhaps a note-taking program and handwriting recognition. I don't know a single non-nerd non-business person who had one. How have tablets looked since the iPad's release?
I could say the same thing about the Macintosh and the LaserWriter. Nobody who has anything interesting to say has ever said that Apple did any of this first, but they might as well have since nobody had one before Apple came along and made them viable products. And they've been imitated on each one, to the point where you can't find a "classic" Tablet PC anywhere, or a "classic" WinMo smartphone, or a "classic" Nomad-esque device.
And this is why Apple kicks everyone's ass. I know I've been wrong on every front - the iPhone (2G only?? No apps?) and the iPad (I already have a laptop and a phone) were huge successes despite my conviction that it was impossible. Apparently, most of these other companies are filled with people like me - and not the people who buy millions of these things because they fill a need.
Top Gear USA can't piss off their (car company) sponsors *too* much. Top Gear UK is funded by the BBC, so they don't give a rat's ass about making fun of or otherwise demeaning the car companies. It's what gives them their power.
You're missing the point.
Perhaps analogously, our phone numbering system isn't designed to allow direct-dialing nearby galaxies
"It should have been easily seen" is a hindsight argument. Were you there? Did you see it coming? Can you provide a compelling case that they had any suspicion that everybody and their dog in the middle of Africa would need an IP? You couldn't even fit a computer on an average desktop, let alone your pocket.
You also neglect the added hardship of managing the extra bits. Keeping with the analogy, imagine a 25 digit phone number - it's 'easy to see' that we might need one some day, if intergalactic telephony takes off and we merge our phone system with the phone systems of a few alien species. Should we have done this back in the 60s when direct-dial came around, because it'll be a hassle to change when it's a problem?
Engineering for an unpredictable future just means you waste a huge amount of time and often it means your idea won't get off the ground at all. The internet wasn't ever expected to get as big as it is, because it was essentially a research network. Perhaps analogously, our phone numbering system isn't designed to allow direct-dialing nearby galaxies.
2^32 was - and is - a huge number. 4 billion addresses was unthinkably high, when there were only a few thousand machines who could even use one. It was more than sufficient until a majority of the world needed their own address, or several.
And it wasn't an arbitrary number, either. It's 32 bits, or 4 bytes. Hardware at the time couldn't easily handle addresses larger than that, so if we'd started out with 128-bit addresses, nobody would ever use it because it would be impossible to implement, or far too slow. Hardware has gotten faster/cheaper/better and now it's no longer an issue. So now we're doing it.
Only if that actor is Turing-complete.
Let's think about this critically. Let's say a corporation makes $8B of income in a year (about what Google does). They get taxed at the ridiculously low rate of 0.1%
That's one million dollars. If they can save $500k by spending $500k on a consultant, they'd still make more than enough money to justify it.
You're misrepresenting intelligent design, I suspect delibrately and knowingly
What you're describing is actually evolution. It's called selective breeding, and while it's true that there's an intelligence behind the selection, there's still an evolutionary pressure at work. Dogs don't really develop into adults... they stay puppy-like their whole life because people like that.
But that's not what intelligent design is about at all. Intelligent design suggests that things like eyes or other complex features are far too complex to have come about due to "mere" selective pressures, and thus somebody must have created it from whole cloth.
You're talking about a well-understood consequence of evolution and selective pressure, and trying to label it as ID.
Agreed on the 'shrinking' bit. There are *two* shitty papers in my 2-square-mile 7k-person hometown. They are being replaced by a hyper-local blog (which itself is big news... it was sorta the first), and that's not a bad thing. But NYT, WaPo etc aren't going anywhere, probably. And they're the ones that can break these kinds of stories, so it's probably not the end of the world just yet.
As for Watergate... yes, that's true in the broadest sense, but Woodward and Bernstein did a huge amount of research. Deep Throat essentially said "there's more to see here" and "it goes all the way up"... important tips, but not enough to get a president out of office.
Unfortunately, sometimes you need a real entity with some clout in order to bring this kind of information to light. It shouldn't be the case, but it is. And I just can't see a blog having the resources to do something like this, or discovering the wiretaps a few years back, or uncovering Watergate.
Most of the time, news is nothing special... stuff happens and it gets written about - but sometimes it takes significant resources, and I just don't see any news blogs being able to muster up that kind of force. Which is why you won't be finding me cheering the death of newspapers.
It only worked in 07 because smartphones were so very terrible, and the iPhone was the only decent one. The iPhone 5 is competing with itself and a truckload of Android phones, and someone who wants an ATT or Verizon smartphone already has options. Apple will just lose out on the upgraders, who will hold out rather than switch.
For what it's worth, I have 14 tabs open right now, all with big demanding webpages, and my browser's been running for at least 5 days. I'm using less than a GB, which I don't mind because it gives me instant back.
I should note that I have more than 2GB free on my machine at the moment, and that's after Windows 7's aggressive caching. When I become RAM-starved, Firefox drops down by about half.
I haven't ever had memory leak issues with Firefox, at least not in the last 5 years, so I'm inclined to believe the devs when they say it's shitty extensions that are causing the problems...
Oh well. Was actually pretty impressive, smooth animation and everything.
But how do you prevent stupidity? To stop this attack, you'd need to remove the ability for the user to execute programs of their choosing. A mitigating factor would be preventing applications from setting their own icon. Which do you propose?
If "people are exceedingly stupid and will do anything the dancing bunnies tell them" is your only major security flaw, I'd say you're doing as well as possible.
... too stupid to read English journals, or analyze their own disasters rigorously and tell their population.
Seriously, is this "Mindy Kay Bricker" person coming off like a racist to anybody else?
Same with me, except that they did reverse the charges when I emailed them. They even found one that hadn't posted yet and reversed that. I have no complaints about how they handled it - they sent me a lengthy email with a ton of details - the accounts using my card, the email addresses used (a few; variations of my name @ovi.com), all of which I passed on to my bank.
They were fast - after spending $160 at iTunes, they spent $380 at FedEx in 12 charges of about $30. I checked my statement the next day by luck (I don't check every day, and I was in Maine to boot) and was able to cancel the card before they got away with more. This happened early August; I just finished getting this sorted out last week.
Still have no idea how they got my info. I still have the (useless) card in my possession and I didn't use it anywhere unsafe - electronically or physically. I'm guessing a site got compromised. Whoever it was had my name, billing address, and CC# (and presumably CVV)
I knew a guy who did that once. He spoofed one of their Internet gateways with his Linux box. Two minutes later, they shut the port down because it threw up a flag on their NOC screen in 30 seconds, and it took them another 90 to find the port on his nearest switch. Then he got an email suggesting that he not do that again (they knew it was intentional) and reminding him of their TOS, and that they'd turn it back on after he acknowledged that he'd read and understood it. Total downtime was a few minutes, for about 20 people, so they weren't screwing around. He sure gained some respect for them after that, though - he'd thought they were all incompetent, in typical college freshman nerd style, and was quite impressed.
As to the substance of your comment, I mentioned that the wireless ports are all on a VLAN, which is statically configured (remotely) on the switch. In other words, unspoofable - and I've tried. It's not quite plug-and-play, but it only takes about 10 minutes to set one up. The cabling takes much longer, particularly in these old buildings. Essentially the cable is run from the wiring closet to the location, the tech calls in the port number and name on the switch, the guy at the desk configs it for gigabit, PoE, and the VLAN, then the tech goes over to the AP and reads off the BSSID (MAC) to the desk, who sticks it in the controller DB. The AP is then plugged in, and Bob's your uncle - after a few connection tests.
More broadly, every MAC address (wired or wireless) is mapped to its owner's username, and every port's physical location is known, so individuals can be easily found and cut off if necessary. Specific ports can be deactivated, or an entire individual's username can be banned (for severe violations... doesn't happen much) by causing wireless auth fails and a VLAN jail for all his wired devices. There's no way to cause anonymous mayhem when they know where you are. That sounds draconian, but they don't monitor traffic content - they just ensure the network's integrity.
We run a thousand or so Aruba 125s at school here, covering all 600 or so acres of campus. Those are probably overkill for you (at about $750 a pop), but AFAIK even the lowest-end ones have the same essential features.
Basically, the network architecture puts the whole wireless network on a separate segment, all the way back to the aggregation points. They're gigabit wired into the building routers, but placed on a separate VLAN all the way back to one of the three aggregation points. Each AP is assigned to a controller, and will fail over to a second one if needed. The controllers pass the traffic to the rest of the network.
The controller architecture means you can do some pretty interesting things. Particularly, it means new APs are trivial to install - stick them into the controller's DB and plug it in to an Ethernet cable (it's PoE); it'll go and find the controller and pull down the config and any upgrades to the software. It also allows IP roaming between APs, even if they're in different netblocks. I can walk from one end of campus to the other (7 city blocks) while keeping the same IP and getting all my traffic, through about 150 different APs - much like a cell network. You can also do spectrum analysis through their management console - I once saw them find a broken microwave from all the interference they were seeing across the 10 APs in range a la Dark Knight.
The APs we have will band-steer clients over to the 5GHz spectrum if possible, which can support a huge number of clients, but you need the density for it to make a big difference. If you do, though, you can easily get 30 people per AP, with a few doing massive downloads/uploads and no hiccups. They don't recommend more than that, and in any case it's difficult to fit people densely enough that you wouldn't need a new one for signal purposes.
No, I don't work for them. I don't even work for the Networking department. I just really like the toys - though I suspect I might feel differently if I had to make the purchase! Quality isn't cheap...
My EMS agency uses EMSCharts, and it's the same deal. Since they don't allow you to type in a MOI (mechanism of injury), they need to have pretty much anything you can imagine - including several due to injury by spacecraft, depending on whether it was on the launch pad, falling from the sky, exploding, or being worked on.
Not surprising, it's just what happens when you try to pigeonhole every possible way that people injure themselves. They're too damn creative.
Also an EMT. Low band VHF (ugh) for our primary radio, UHF for the cops, and a VHF radio for interop. Couple of portables for each.
Recently, a neighboring town went to a trunked system, so now we can't communicate with them unless we do it over a state police channel that they're required to monitor. Not a technological issue, they just won't let us in. And we can still communicate over interop if the sh*t really hits the fan.
I've never quite understood the "everybody talks to everybody!" mentality that these discussions assume. If I need to talk to all those people that I basically never have the need to talk to in normal operations, I probably won't have the time to figure it out. That's why we have dispatch.
Reading the 'pedia, it seems like DigiNotar's been careless for a while. Only 9 certificates were issued with Comodo, and it was handled very very quickly. It also doesn't seem like Comodo was actually compromised - Wikipedia says "a user account with an affiliate registration authority had been compromised"
By comparison, nobody's quite sure just how many DigiNotar certs were issued, or over how long a period of time. DigiNotar themselves have said they can't ensure that all fraudulent certs will be revoked.
If that wasn't enough, the fact that Comodo is a much, much larger CA is also important. Like it or not, the fallout from distrusting DigiNotar is much less than the fallout for kicking off Comodo would be.
Certificates can be revoked by putting them on the certificate revocation list. The OCSP protocol is analogous. Here, try it yourself: http://validation.diginotar.nl/ - get an OCSP client (IE7+, FF3+, Chrome, etc do it automatically) and try to authenticate any of the fraudulent certificates.
Somebody getting a hold of the private keys for the CA itself is a bigger problem - keys can be signed by the attacker faster than they can be revoked. I haven't heard that that's the case - just that fraudulent certs were made, presumably through the same semi-automated process that everybody else uses.
I don't know if there's a way to revoke a CA cert (that is, *all* certificates signed by a certificate). But that doesn't seem to be required here, so the standard revocation procedure works.