on May 29th, 2008 at 07:49 am by Jim Louderback in Polemics
As many of you know, Revision3â(TM)s servers were brought down over the Memorial Day weekend by a denial of service attack. Itâ(TM)s an all too common occurrence these days. But this one wasnâ(TM)t your normal cybercrime â" thereâ(TM)s a chilling twist at the end. Hereâ(TM)s what happened, and why weâ(TM)re even more concerned today, after itâ(TM)s over, than we were on Saturday when it started.
It all started with just a simple âoehiâ. Now âoehiâ can be the sweetest word in the world, breathlessly whispered into your ear by a long-lost lover, or squealed out by your bouncy toddler at the end of the day. But taken to excess â" like by a cranky 3-year oldâ"it gets downright annoying. Now imagine a room full of hyperactive toddlers, hot off of a three hour Juicy-Juice bender, incessantly shrieking âoehiâ over and over again, and you begin to understand what our poor servers went through this past weekend.
On the internet, computers say hi with a special type of packet, called âoeSYNâ. A conversation between devices typically requires just one short SYN packet exchange, before moving on to larger messages containing real data. And most of the traffic cops on the internet â" routers, firewalls and load balancers â" are designed to mostly handle those larger messages. So a flood of SYN packets, just like a room full of hyperactive screaming toddlers, can cause all sorts of problems.
For adults, itâ(TM)s typically an inability to cope, followed either by quickly fleeing the room, or orchestrating a massive Teletubbies intervention. Since they lack both legs and a ready supply of plushies, internet devices usually just shut down.
Thatâ(TM)s what happened to us. Another device on the internet flooded one of our servers with an overdose of SYN packets, and it shut down â" bringing the rest of Revision3 with it. In webspeak itâ(TM)s called a Denial of Service attack â" aka DoS â" and it happens when one machine overwhelms another with too many packets, or messages, too quickly. The receiving machine attempts to deal with all that traffic, but in the end just gives up. (Note the photo of our server equipment responding to the DoS Attack)
In its coverage Tuesday CNet asked the question, âoeNow who would want to attack Revision3?â Who indeed? So we set out to find out.
Internet attacks leave lots of evidence. In this case it was pretty easy to see exactly what our shadowy attacker was so upset about. It turns out that those zillions of SYN packets were addressed to one particular port, or doorway, on one of our web servers: 20000. Interestingly enough, thatâ(TM)s the port we use for our Bittorrent tracking server. It seems that someone was trying to destroy our bittorrent distribution network.
Let me take a step back and describe how Revision3 uses Bittorrent, aka BT. The BT protocol is a peer to peer scheme for sharing large files like music, programs and video. By harnessing the peer power of many computers, we can easily and cheaply distribute our huge HD-quality video shows for a lot less money. To get started, the person sharing that large file first creates a small file called a âoetorrentâ, which contains metadata, along with which server will act as the conductor, coordinating the sharing. That server is called the tracking server, or âoetrackerâ. You can read much more about Bittorrent at Wikipedia, if you really want to understand how it works.
Revision3 runs a tracker expressly designed to coordinate the sharing and downloading of our shows. Itâ(TM)s a completely legitimate business practice, similar to how ESPN puts out a guide that tells viewers how to tune into its network on DirecTV, Dish, Comcast and Time Warner, or a mall might publish a map of its stores.
For example, the new MacBook is $1999 in the US. With 16% VAT added and a few bucks thrown in for good measure, that should make an even 2000 Euros here in Germany. But the announced price in the webstore is 2499 Euros - where do the extra 499 Euros come from?
Factually wrong. On the German webstore, the $1,999 model doesn't sell for 2,499 Euros, but for 2,099 Euros, which is 1,809.48 Euros plus tax (or $2,182.78 plus tax).
Spotlight - as any other similar technology - also indexes your *e-mail* in the first place. There is no need to transform your mbox files to pdfs, mp3 metatags, iCal entries, or whatever Spotlight may index as well...
That why they have, on the project's website, letters to landowners, in Bahsa Indonesian, English, French, German, Italian, Portuguese and Spanish.
And, yes, someone even managed to get here...
Around 2025, you'll pay $1,000 a year for a nanopill that will extend your life by suppressing heart attacks, diabetes and other diseases.
What percentage of the world population will earn $1,000 a year by 2025? (And if that percentage turns out to be surprisingly high because so many of those who don't make $1,000 have died from AIDS by 2025 -- would that weaken or strenghten the argument?) Heart attacks and diabetes seem to be pretty rampant in the North and West, but globally, when you think the "future of medicine", you'd rather think AIDS, and think $1 a month. Call it Nanoprice -- if there has to be something nano to it...
Actually it's not a poor design decision but a stupid feature. They want the file hierarchy within the archive to be browseable without decryption (TFA also briefly mentions that). Zillions of winzip users seem to value that feature higher than protection against such middleman attacks. And the developers, even though they must have a clue, seem to agree.
Similarly, TFA mentions a piece of documentation advising to encrypt all files in an archive in order to avoid warning dialogues about some unencrypted (and thus potentially modified) files. Seems to be viewed as a user experience concern, not a security concern. Quite a shame...
This one is even less different from google news
on
News at a Glance
·
· Score: 2, Informative
You may want to slashdot this one too. It's even less different from Google News, it just looks better, and it even has a TV mode...
I propose an opensource web based search engine... No more weirdness, no more screwups, no more censorship!
Given the commercial pressure on web search in general (Verisign, anyone?), the development of a working Open Source search engine is an absolutely critical task right now.
Even though I guess you will see *more* weirdness for quite some time, and i don't think anything Google has done so far is exactly "censorship".
Europe's political stance towards the U.S. is shifting, from close alliance to more competition, if not confrontation.
So Europeans start to notice that pushing Open Source, be it adopting Linux on the desktop, be it simply not passing laws that make OSS development impossible, is going to give them a competitive advantage in the long run.
As a European, I would be as critical about "European Linux hegemony" as I am about "American Microsoft hegemony", but still... Issues like this one may sooner or later make U.S. lawmakers realize that in the end it's the economy, stupid.
Like, when I helped a friend get rid of MSBlast/Penis32 last month, installed some 80 Megs of updates to get his Win2K from SP Zero to SP4, and then almost got him Windows Media Player 9...
(And I guess a *lot* of people got WMP9 that way...)
With everyone and their uncle updating their Windows these days to be safe from the latest viruses and worms, this is definitely a very good moment to push a DRM patch...
a spectre is haunting the corporate world -- the spectre of organized world-wide file-sharing. mp3, to name the most common synonym for the becoming-distributor of millions of former customers, has clearly shown that the flows of digital data are much more driven by people and formats than they are determined by legislation, ownership or the new global rules of the corporate-political. napster has reverse-engineered the ideology of a whole industry, and it has finally proven its total, complete and absolute obsolescence. the transnational companies that are now trying to break it up have started a war they will never be able to stop. there are going to be thousands of napsters. textz.com is not even zero-point-five of them.
we are not the dot in dot-com, neither are we the minus in e-book. the future of online publishing sits right next to your computer: it's a $50 scanner and a $50 printer, both connected to the internet. we are the & in copy & paste, and plain ascii is still the format of our choice. it shouldn't require a plug-in to read a book on the net, nor should it require a credit card. the text industry is a paper tiger. along with the mass erosion of their proprietary rights goes the vanishing of their digital watermarks. packed today, cracked tomorrow. whatever electronic gadgets they will come up with -- they are all going to be dead media on their very release day. forget about your new kafka dvd. i already got it via sms.
this is not project gutenberg. it is neither about constituting a canonical body of historical texts (by authors so classical that they've all been watching the grass from below for almost a century of posthumous copyright), nor is it about htmlifying freely available books into unreadable sub-chapterized hyper-chunks. texts relate to texts by other means than a href. just go to your local bookstore and find out yourself. the net is not a rhizome, and a digital library should not be an interactive nirvana. the conceptual poverty of today's post-academic, post-corporate public online services -- and we haven't seen dot-museum yet -- is not and has never been a desirable alternative to a future that will be controlled by the super-pervasive data-streams of the upcoming military-entertainment complex. there are still other options. nostalgia is slavery. stay home, read a book.
information does not want to be free. in fact it is absolutely free of will, a constant flow of signs of lives which are permanently being turned into commodities and transformed into commercial content. textz.com is not part of the information business. they say there was a time when content was king, but we have seen his head rolling. our week beats their year. ever since we have been moving from content to discontent, collecting scripts and viruses, writing programs and bots, dealing with textz as warez, as executables -- something that is able to change your life. this is not promotional material. facing the unified principles of information -- the combined horror of global communication and so-called guerilla marketing -- there is no more need for media theory or cultural studies. the resistance against corporate culture can itself no longer remain in the cultural domain. you make a mistake if you see what we do as merely apolitical.
we are studying the coils of the serpent, watching the walk of the penguin, mapping the moves of our wired enemies. intellectual, digital and biological property -- cornerstones of the new regimes of control -- are the direct result of organized corporate piracy. they are not only replacing such obsolete notions as freedom, democracy, human rights and technological progress. all these new forms of ownership are, in the first place, attempts to expropriate people's work, data and bodies -- just as the they begin to acquire, for the first time in history, the technical means to organize them differently. today's global media and communication conglomerates are mafia
The Department of Justice and federal law enforcement will continue to investigate and prosecute individuals and groups that violate the federal criminal copyright laws at home and abroad.
Eh... abroad? Isn't that the Department of Infinite Justice?
> For that matter, if you're willing to deviate from > the "free" thing, many of Infocom's originals > (remember the Hitchhiker's Guide to the Galaxy > computer game?) are also still available.
for that matter, *all* of them are availabe at home of the underdogs. you can run them in os 9, but also -- thanks to fink and frotz (% fink install frotz) -- in os x, in a transparent terminal window, so you can still watch some divX in the background
Slashdot Mirror
If you consider what these guys are doing with JavaScript 1, then can anyone tell me why we need JavaScript 2?
(Hint: We *don't*.)
Inside the Attack that Crippled Revision3
on May 29th, 2008 at 07:49 am by Jim Louderback in Polemics
As many of you know, Revision3â(TM)s servers were brought down over the Memorial Day weekend by a denial of service attack. Itâ(TM)s an all too common occurrence these days. But this one wasnâ(TM)t your normal cybercrime â" thereâ(TM)s a chilling twist at the end. Hereâ(TM)s what happened, and why weâ(TM)re even more concerned today, after itâ(TM)s over, than we were on Saturday when it started.
It all started with just a simple âoehiâ. Now âoehiâ can be the sweetest word in the world, breathlessly whispered into your ear by a long-lost lover, or squealed out by your bouncy toddler at the end of the day. But taken to excess â" like by a cranky 3-year oldâ"it gets downright annoying. Now imagine a room full of hyperactive toddlers, hot off of a three hour Juicy-Juice bender, incessantly shrieking âoehiâ over and over again, and you begin to understand what our poor servers went through this past weekend.
On the internet, computers say hi with a special type of packet, called âoeSYNâ. A conversation between devices typically requires just one short SYN packet exchange, before moving on to larger messages containing real data. And most of the traffic cops on the internet â" routers, firewalls and load balancers â" are designed to mostly handle those larger messages. So a flood of SYN packets, just like a room full of hyperactive screaming toddlers, can cause all sorts of problems.
For adults, itâ(TM)s typically an inability to cope, followed either by quickly fleeing the room, or orchestrating a massive Teletubbies intervention. Since they lack both legs and a ready supply of plushies, internet devices usually just shut down.
Thatâ(TM)s what happened to us. Another device on the internet flooded one of our servers with an overdose of SYN packets, and it shut down â" bringing the rest of Revision3 with it. In webspeak itâ(TM)s called a Denial of Service attack â" aka DoS â" and it happens when one machine overwhelms another with too many packets, or messages, too quickly. The receiving machine attempts to deal with all that traffic, but in the end just gives up.
(Note the photo of our server equipment responding to the DoS Attack)
In its coverage Tuesday CNet asked the question, âoeNow who would want to attack Revision3?â Who indeed? So we set out to find out.
Internet attacks leave lots of evidence. In this case it was pretty easy to see exactly what our shadowy attacker was so upset about. It turns out that those zillions of SYN packets were addressed to one particular port, or doorway, on one of our web servers: 20000. Interestingly enough, thatâ(TM)s the port we use for our Bittorrent tracking server. It seems that someone was trying to destroy our bittorrent distribution network.
Let me take a step back and describe how Revision3 uses Bittorrent, aka BT. The BT protocol is a peer to peer scheme for sharing large files like music, programs and video. By harnessing the peer power of many computers, we can easily and cheaply distribute our huge HD-quality video shows for a lot less money. To get started, the person sharing that large file first creates a small file called a âoetorrentâ, which contains metadata, along with which server will act as the conductor, coordinating the sharing. That server is called the tracking server, or âoetrackerâ. You can read much more about Bittorrent at Wikipedia, if you really want to understand how it works.
Revision3 runs a tracker expressly designed to coordinate the sharing and downloading of our shows. Itâ(TM)s a completely legitimate business practice, similar to how ESPN puts out a guide that tells viewers how to tune into its network on DirecTV, Dish, Comcast and Time Warner, or a mall might publish a map of its stores.
But someone, or
For example, the new MacBook is $1999 in the US. With 16% VAT added and a few bucks thrown in for good measure, that should make an even 2000 Euros here in Germany. But the announced price in the webstore is 2499 Euros - where do the extra 499 Euros come from?
Factually wrong. On the German webstore, the $1,999 model doesn't sell for 2,499 Euros, but for 2,099 Euros, which is 1,809.48 Euros plus tax (or $2,182.78 plus tax).
Spotlight - as any other similar technology - also indexes your *e-mail* in the first place. There is no need to transform your mbox files to pdfs, mp3 metatags, iCal entries, or whatever Spotlight may index as well...
Guess the author you can't remember is Tim O'Really, and the article is Piracy is Progressive Taxation, and Other Thoughts on the Evolution of Online Distribution.
That why they have, on the project's website, letters to landowners, in Bahsa Indonesian, English, French, German, Italian, Portuguese and Spanish.
And, yes, someone even managed to get here...
To be exact, it was in 1956, when "Le Monde du silence" by Jacques-Yves Cousteau and Louis Malle won the Palme d'Or.
List of winners 1946-2004
Around 2025, you'll pay $1,000 a year for a nanopill that will extend your life by suppressing heart attacks, diabetes and other diseases.
What percentage of the world population will earn $1,000 a year by 2025? (And if that percentage turns out to be surprisingly high because so many of those who don't make $1,000 have died from AIDS by 2025 -- would that weaken or strenghten the argument?) Heart attacks and diabetes seem to be pretty rampant in the North and West, but globally, when you think the "future of medicine", you'd rather think AIDS, and think $1 a month. Call it Nanoprice -- if there has to be something nano to it...
Actually it's not a poor design decision but a stupid feature. They want the file hierarchy within the archive to be browseable without decryption (TFA also briefly mentions that). Zillions of winzip users seem to value that feature higher than protection against such middleman attacks. And the developers, even though they must have a clue, seem to agree.
Similarly, TFA mentions a piece of documentation advising to encrypt all files in an archive in order to avoid warning dialogues about some unencrypted (and thus potentially modified) files. Seems to be viewed as a user experience concern, not a security concern. Quite a shame...
You may want to slashdot this one too. It's even less different from Google News, it just looks better, and it even has a TV mode...
The amazon.com shopping cart, inverted and appropriately rotated...
dropped below 2 per second
10:40:00 PM EST 3767
that's just about 10 slashdot readers constantly reloading...
it's more like 3 per second
10:25:00 PM EST 1909
10:26:00 PM EST 2090
10:27:00 PM EST 2255
10:28:00 PM EST 2411
10:29:00 PM EST 2616
10:30:00 PM EST 2747
I propose an opensource web based search engine... No more weirdness, no more screwups, no more censorship!
Given the commercial pressure on web search in general (Verisign, anyone?), the development of a working Open Source search engine is an absolutely critical task right now.
Even though I guess you will see *more* weirdness for quite some time, and i don't think anything Google has done so far is exactly "censorship".
Europe's political stance towards the U.S. is shifting, from close alliance to more competition, if not confrontation.
So Europeans start to notice that pushing Open Source, be it adopting Linux on the desktop, be it simply not passing laws that make OSS development impossible, is going to give them a competitive advantage in the long run.
As a European, I would be as critical about "European Linux hegemony" as I am about "American Microsoft hegemony", but still... Issues like this one may sooner or later make U.S. lawmakers realize that in the end it's the economy, stupid.
Like, when I helped a friend get rid of MSBlast/Penis32 last month, installed some 80 Megs of updates to get his Win2K from SP Zero to SP4, and then almost got him Windows Media Player 9...
(And I guess a *lot* of people got WMP9 that way...)
With everyone and their uncle updating their Windows these days to be safe from the latest viruses and worms, this is definitely a very good moment to push a DRM patch...
Finland has lakes. The fjords is Norway.
the textz manifesto
a spectre is haunting the corporate world -- the spectre of organized world-wide file-sharing. mp3, to name the most common synonym for the becoming-distributor of millions of former customers, has clearly shown that the flows of digital data are much more driven by people and formats than they are determined by legislation, ownership or the new global rules of the corporate-political. napster has reverse-engineered the ideology of a whole industry, and it has finally proven its total, complete and absolute obsolescence. the transnational companies that are now trying to break it up have started a war they will never be able to stop. there are going to be thousands of napsters. textz.com is not even zero-point-five of them.
we are not the dot in dot-com, neither are we the minus in e-book. the future of online publishing sits right next to your computer: it's a $50 scanner and a $50 printer, both connected to the internet. we are the & in copy & paste, and plain ascii is still the format of our choice. it shouldn't require a plug-in to read a book on the net, nor should it require a credit card. the text industry is a paper tiger. along with the mass erosion of their proprietary rights goes the vanishing of their digital watermarks. packed today, cracked tomorrow. whatever electronic gadgets they will come up with -- they are all going to be dead media on their very release day. forget about your new kafka dvd. i already got it via sms.
this is not project gutenberg. it is neither about constituting a canonical body of historical texts (by authors so classical that they've all been watching the grass from below for almost a century of posthumous copyright), nor is it about htmlifying freely available books into unreadable sub-chapterized hyper-chunks. texts relate to texts by other means than a href. just go to your local bookstore and find out yourself. the net is not a rhizome, and a digital library should not be an interactive nirvana. the conceptual poverty of today's post-academic, post-corporate public online services -- and we haven't seen dot-museum yet -- is not and has never been a desirable alternative to a future that will be controlled by the super-pervasive data-streams of the upcoming military-entertainment complex. there are still other options. nostalgia is slavery. stay home, read a book.
information does not want to be free. in fact it is absolutely free of will, a constant flow of signs of lives which are permanently being turned into commodities and transformed into commercial content. textz.com is not part of the information business. they say there was a time when content was king, but we have seen his head rolling. our week beats their year. ever since we have been moving from content to discontent, collecting scripts and viruses, writing programs and bots, dealing with textz as warez, as executables -- something that is able to change your life. this is not promotional material. facing the unified principles of information -- the combined horror of global communication and so-called guerilla marketing -- there is no more need for media theory or cultural studies. the resistance against corporate culture can itself no longer remain in the cultural domain. you make a mistake if you see what we do as merely apolitical.
we are studying the coils of the serpent, watching the walk of the penguin, mapping the moves of our wired enemies. intellectual, digital and biological property -- cornerstones of the new regimes of control -- are the direct result of organized corporate piracy. they are not only replacing such obsolete notions as freedom, democracy, human rights and technological progress. all these new forms of ownership are, in the first place, attempts to expropriate people's work, data and bodies -- just as the they begin to acquire, for the first time in history, the technical means to organize them differently. today's global media and communication conglomerates are mafia
the german news site der spiegel reports the format will be "Advanced Audio Codec", not MP3.
0 0. html
http://www.spiegel.de/wirtschaft/0,1518,238718,
use babelfish to translate...
From the DoJ-defaced website:
The Department of Justice and federal law enforcement will continue to investigate and prosecute individuals and groups that violate the federal criminal copyright laws at home and abroad.
Eh... abroad? Isn't that the Department of Infinite Justice?
I don't consider that a fact until someone with an ebay account and a fax machine really gives it a try and manages to get their own account info.
from the article:
The RIAA analyst who logged in to Kazaa last July 15 discovered that the Verizon subscriber had 666 music files available for others to download
and, imagine: he or she had even set the file permissions to 0666!!
All that the record industry had on the alleged thief was an eight-digit Internet protocol address, 141.158.104.94
so, lets see... 1+4+1=6... 1+5=6... 8 ("eight-digit internet protocol address") is the 6th digit... 104+94=66+66+66...
bring on the californian inquisition!
On the one hand, you could add two lines of javascript to your pages, in case you don't want them being linked or framed.
On the other hand, this might cost legions of "internet lawyers" their jobs....
> For that matter, if you're willing to deviate from
> the "free" thing, many of Infocom's originals
> (remember the Hitchhiker's Guide to the Galaxy
> computer game?) are also still available.
for that matter, *all* of them are availabe at home of the underdogs. you can run them in os 9, but also -- thanks to fink and frotz (% fink install frotz) -- in os x, in a transparent terminal window, so you can still watch some divX in the background