×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Interviews: Ask Blendtec Founder Tom Dickson What Won't Blend?

Sheetrock Branching out (118 comments)

Have you ever put a slingshot in a blender or, conversely, created a blender that could be fired by slingshot?

about 2 years ago
top

Wall Street Journal Hit By Chinese Hackers, Too

Sheetrock Interconnectivity is both opportunity and danger. (92 comments)

The news of the earlier hack got me thinking about the unique risk/reward of ubiquitous communication and the challenge of computer security to keep pace. Certainly some say the pace of technological innovation is no longer in step with yesterday's, but that almost begs the question. It's truly ironic that modern computing becomes physically smaller as its footprint on our lives looms ever larger with each new year, yet no one disputes that, lately, electronic progress rests solely within the social stratum these days.

We should ask ourselves, however, the rather basic question of whether this seismic shift in the nature of the changes in technology brings with it an impedimentary effect on our lives, or indeed to wonder to the degree technology has ever been pedimentary when it comes right down to it. Yes, it's certainly got its foot in the door, but as with feet and doors it's not always possible to know at the moment of impact whether said foot represents opportunity, doom, or a casualty of a society overeager to shut the door to change.

Certainly the last thing anyone wants is a race to the bottom. Ah, but that's not entirely accurate when one considers the vested interest shoemakers have in most modern day footraces. It suggests that, moving forward, the most important thing to do when evaluating new technology in 2013 may very well be to first identify the shoemakers for that technology. Ask yourself: if I'm already wearing five pairs of socks, do I even need shoes at this point? Odds are, you don't.

about 2 years ago
top

Free Wi-Fi: the Movement To Give Away Your Internet For the Good of Humanity

Sheetrock Re:If you have a smarter router (505 comments)

Or, apparently, Raspberry Pi. I really have to get around to buying a couple of those.

about 2 years ago
top

Free Wi-Fi: the Movement To Give Away Your Internet For the Good of Humanity

Sheetrock Re:If you have a smarter router (505 comments)

I don't think it's something that's prepackaged and easy to install, unfortunately. The principle behind it is here, as implemented on OpenBSD.

For hardware, I guess just a small PC with a wireless network adapter and a wired network adapter. Major thing is to make sure everything is compatible with OpenBSD (or Linux as another option, if it looks like the above process can be tweaked to it). Wireless adapters are a pain for compatibility.

It seems to me as I write this that it'd be really neat if the EFF sold ITX-profile routers preconfigured to create open hotspots that route over TOR.

about 2 years ago
top

Nearby Star Could Host a Baby Solar System

Sheetrock This is exciting. (24 comments)

Typically, you only get one of these around a newly formed star, a T Tauri star, or Herbig Ae/Be star. This discovery really broadens the scope for the types of stars that could yield solar systems like our own, and maybe in turn, the likelihood for finding some sort of extraterrestrial life.

about 2 years ago
top

Free Wi-Fi: the Movement To Give Away Your Internet For the Good of Humanity

Sheetrock If you have a smarter router (505 comments)

Keep in mind that (with a decent router) you can open your Wi-Fi but route all guest connections through TOR transparently. That might be a fair compromise, along with rate-limiting, capping per-session usage, and setting a hard limit for the month if necessary to prevent yourself from going over your own cap on service.

Open Wi-Fi everywhere actually makes me more nervous for the clients than for the servers. People already don't understand security with Wi-Fi, and need to know that any server they're using can observe their traffic if it isn't encrypted. I guess that's already a concern without open Wi-Fi everywhere, though.

about 2 years ago
top

Hacker Faces 105 Years In Prison After Blackmailing 350+ Women

Sheetrock Would love to see this go before a jury. (473 comments)

Because there are two worlds colliding here in the mind of the average person.

  • The school of thought that the victim is always at least partly responsible for being conned. There's a sense of superiority a lot of people get when they hear about scams where, because they themselves would never fall prey to a scammer, anyone who does is deficient or incautious.

  • Anyone charged with a crime involving a computer for more then Solitaire, porn, and recipe hunting must be guilty.

about 2 years ago
top

Who knew there were so many malloc(3) purists on Slashdot?

Sheetrock Re:LOL (2 comments)

It's been over eight years since the last TrollBack? I don't know if I ever said thanks for those, by the way, so thanks for those; really enjoyed them.

about 2 years ago
top

The Human Brain Project Receives Up To $1.34 Billion

Sheetrock Dangerous amounts of pessimism here. (181 comments)

If science required knowledge of the outcomes before it was performed, ask yourselves: how many of the technologies around us would we enjoy today?

Taking the space program as an example, putting a man on the moon was symbolic, but the payback for the research and development went far beyond that. Even if we didn't reach the moon, we got memory foam, orange drink, and satellites out of the deal.

But too many people are unwilling to pay for R&D if they don't have a 100% guaranteed outcome. Well, science doesn't work like that. The best we can do is speculate about the gains from better and better software-based brain models. Simulated protein folding probably seemed a bit goofy to somebody when it was first proposed. We don't know if we don't try.

about 2 years ago
top

5 Years After Major DNS Flaw Found, Few US Companies Have Deployed Long-term Fix

Sheetrock Re:How custom hosts files help vs. DNS flaws... ap (313 comments)

Nah, just edit once and have the other 4999 machines fetch through Gnutella with a batch file. It's not like this isn't a solved problem.

about 2 years ago
top

LinuxFest Northwest is Coming in April (Video)

Sheetrock Re:So, what do you do at these things? (43 comments)

That sounds pretty good. I figured there had to be something more to it if 1500+ people were showing up. 18 years in and my imagination with regard to Linux still only goes so far as to web browse, write code, and beg WINE to run games properly. Though I certainly wouldn't turn away automated beer if it came in the next Ubuntu.

about a year ago
top

LinuxFest Northwest is Coming in April (Video)

Sheetrock So, what do you do at these things? (43 comments)

I'm assuming installing Linux and using Linux are on the agenda, and drawing a blank on the rest. Disputes over the best distro? Presentation of devices that run Linux that nobody knows run Linux? Competitions to get two sound cards in the same system to work reliably with both ALSA and PulseAudio?

about a year ago
top

How Proxied Torrents Could End ISP Subpoenas

Sheetrock If you're stressing anonymity (307 comments)

Then you want everything in the same encrypted network and the lion's share of the usage of that network to be legitimate. Although BitTorrent over TOR is currently abusive of the TOR network, it would be better to find a means of making BitTorrent tolerable to TOR (or vice-versa) than to create a separate encrypted filesharing network.

When this all gets tested in a courtroom, it is far better for an encrypted network to appear to be protecting privacy than to enable lawbreaking. The difference between the two is just how closely the type of data over the encrypted network matches the type of data sent over the unencrypted Internet. Better to encourage the use of TOR to everybody than to have one encrypted network for privacy advocates and another made 99% of pirates -- the latter service lowers the bar for legal decisions and laws to be made that can then ruin all encrypted networks in general.

about a year ago
top

Steve Jobs Movie Clip Historically Inaccurate, Says Woz

Sheetrock Two quick book recommendations (330 comments)

...if you're a fan of late 70s/early 80s computer culture.

Somebody gave me Steven Levy's Hackers: Heroes of the Computer Revolution as a teen (thankfully missing the minefield of shitty books with the term "hacker" in their title) and it was amazing. Early days computer hobbyists, Paul Allen and Bill Gates writing BASIC for the Altair on a timeshare and dealing with the hobbyists who wanted to copy it instead of buy it, Ken and Roberta Williams and Sierra On-Line, and so much more.

Also loved the more recent Commodore: A Company on the Edge by Brian Bagnall. Just captivates the imagination to read about people hand-drawing their CPUs. There's an enthusiasm in the early computer industry that seems to have dampened over the years, as startups and corporations begin with the money in mind rather than the starry-eyed idealism and hobbyist tendencies that powered the first personal computer businesses.

Neither of these feature Ashton Kutcher, however, or even Steve Jobs to any great extent. But if your passion for computers is in their function rather than their form I highly recommend the above books.

about 2 years ago
top

Steve Jobs Movie Clip Historically Inaccurate, Says Woz

Sheetrock More context provided in the extended clip. (330 comments)

This scene came after the bit where Jobs signed The Beatles, and before he wrote the software that made the special effects in the original Star Wars trilogy possible.

about 2 years ago
top

Hacker Bypasses Windows 7/8 Address Space Layout Randomization

Sheetrock ASLR? More like ASLnotsoR. (208 comments)

This has been known in the industry for some time, and has always been considered something of a too-simple solution to a too-complex problem.

The workaround to increase the complexity of stack smashing in this regard is in ASLR/FMA, address space layout randomization with fuzzy memory allocation. Basically, reduce the predictability of memory locations from memory-fill attacks by causing memory allocation (in hardware, transparent to the OS) to return slightly more or less than what is called for. This has some implications for programmers to be sure; for example, for malloc(), if you think you'll need 1000 bytes, you just call for 1500 to make sure you get enough back from the OS to work with.

For this trivial increase in workload, fuzzy memory allocation means that all the same memory allocations that go on in the system will add up to different amounts of memory used at different times, making it improbable at best that guessing offsets will be successful in the future. And we can all agree this is only a good thing when most people are already running with 8GB or more.

about 2 years ago
top

Ask Jörg Sprave About Building Dangerous Projectiles

Sheetrock Take it to the limit (45 comments)

Have you looked into the feasibility of creating a slingshot that could fire smaller slingshots that, in turn, could perhaps fire something smaller themselves?

about 2 years ago
top

Mega - is it really secure ?

Sheetrock One possible interpretation (2 comments)

(from their developer documentation)

MEGA supports secure cross-account access to folders. The owner of the folder is solely responsible for managing access; shares are non-transitive. All participants in a shared folder gain cryptographic access through a common share-specific key, which is passed from the owner (theoretically, from anyone participating in the share, but this would create a significant security risk in the event of a compromise of the core infrastructure) to new participants through RSA. All keys of the nodes in a shared folder, including its root node, are encrypted to this share key.

So, you and some friends share a folder you can all upload to. If two of you happen to upload the same content within the folder, MEGA's servers can deduplicate that because the content will be encrypted (client side) with the same key and can be compared. On the other hand, if you each upload the same content into your private space, the two copies would not look the same in encrypted form and couldn't be deduplicated.

However, it is not safe IMHO to trust encryption that's outside your control. But somebody will hack together MEGA's API with client-side encryption, and the pirates won't use it because they won't think it's worth the bother.

about 2 years ago
top

O'Reilly Giving Away Open Government As Aaron Swartz Tribute

Sheetrock Re:Muddling the issue (87 comments)

Could muddle it in a different direction and wonder why taxes are being spent on something people have to pay for.

about 2 years ago

Submissions

Sheetrock hasn't submitted any stories.

Journals

top

Hello world

Sheetrock Sheetrock writes  |  more than 3 years ago

I suppose I'm writing to procrastinate finishing my current software project, specifically the transitory period from the last chunk of new code being added and the first chunk of testing. Testing your own software of any reasonable size has always struck me as comparable to washing a pan full of silverware or assembling an office chair, a soulless task that one is nevertheless forced to undertake in order to sit down comfortably and eat like a human. This project defies unit testing without completely denying it, dangling the possibility of efficient and consistent error-checking in my face with the sure knowledge implementing such a system would in this circumstance be far more trouble than it's worth. AJAX may be pretty but it's also the third greatest atrocity the world has ever seen.

Lately I've been on a reading binge. Rather, I've fit it in amongst my other binges/benders. I'm pushing through a number of different sci-fi and fantasy series that I read long ago, just buying whole trilogies+ at a block where I can so that I can maybe find out where things wind up. More often "wind down" is the more appropriate term, given the propensity of authors in this genre to write a series till they can't. It's been interesting to reread some books for style and with a new perspective.

If I may make one request of now and future authors, tucked safely away in this journal entry where no one will ever see it: if you must proselytize, can you try a light touch rather than a cram down the throat?

I've just made it through all of the Ender books, Ender's Game -> Ender in Exile. I'd finished the first four quite a while ago, then as part of the aforementioned binge decided to go the next five. I don't know what happened to the author in the intervening timeframe, but he LOVES the word "babies". So much so that not only does the plot revolve at one point around finding stolen babies (fertilized embryos, specifically, but as we all know and agree life begins at conception), but the topic of "making babies" comes up frequently and in verbally jarring fashion:

"We really don't want to have to start all over, making babies."

"I want you to help them make babies that don't have any of the father's gifts or problems."

"Lie down with one of our young men, or one of our old ones if you want, and make babies."

"...and what would happen to her plans for making []'s babies then?"

These are all in the same book! Don't get me wrong, I'm not against reading different perspectives, but in the age of the cheap thesaurus this just felt inelegantly done. If you had told me halfway through Lord of the Rings that it was an allegorical protest of industrialized farming, I never would have believed you.

At any rate, it's good to be back reading fiction. I've been hoping for a while now that the e-ink readers would come down to Earth so I could roll through Project Gutenberg, but until then used paperbacks will do.

top

What the hell?

Sheetrock Sheetrock writes  |  more than 5 years ago

OK, I've been out of the loop for a year or three, so what's the criteria to get this box?

[ ] Disable Advertising
As our way of thanking you for your positive contributions to Slashdot, you are eligible to disable advertising.

I have to admit that it really made me laugh when I saw it, though I suppose not pouring shit into the comment area could be taken as a positive contribution in a relative sense.

The site feels a little strange with this new interface, but I do like that they didn't incorporate the "dumb it down" portion of Web 2.0 even if 500 different functions can get a bit unwieldy. Given how poorly the art of conversation is faring on the Internet these forum sites could do with a bit of a test before you're permitted to add your two cents; captchas are all well and good, a literacy test would be better, and requiring people to write every comment in assembly language would be just plain silly -- or the next billion dollar Web business. I still don't get this whole Internet thing.

top

Steve Banks: Home Entertainment Center

Sheetrock Sheetrock writes  |  more than 8 years ago If you've got about an hour to kill on YouTube comedy, give this a try. It's split into seven parts and the longer I watched it the funnier I thought it was.

top

Mean spirited

Sheetrock Sheetrock writes  |  more than 8 years ago

I think this has to be one of the best awful electioneering stories I've read about lately -- not only because of the degree of its offensiveness, but also because of the multiple ways in which it manages to offend. Though if you happen to know a worse story offhand (I don't care about party/country/election cycle) I'd love to read it.

Does anybody compile a nonpartisan list of political dirty tricks?

top

Why even bother with telephones anymore?

Sheetrock Sheetrock writes  |  more than 8 years ago Just stumbled across this unfortunate bunch of people. What's important for them to keep in mind -- between the five calls a day from a fake phone number attempting to get their credit card information or trying to help their elderly parents recover from the same scam -- is that when they turn on their television or their radio they can be assured no prurient or otherwise entertaining content will sneak through.

top

Workaround?

Sheetrock Sheetrock writes  |  more than 8 years ago

Set up a transparent proxy to block the things? Squid+Squirm+Virilator, and a tiny bit of coding, to recognize every WMF file as a virus by its header till things blow over?

Edit Privoxy to permit binary regex matching?

Hook the appropriate parts of kiServiceTable, per the recent DRM flap, and simply prevent any file with a WMF header from being opened? Just the ones that look funny or all of them to take no chances?

Use the apparently preferred method of replacing the callback for the Windows Executive Object for file access, and have that block WMF reads?

EDIT: As just seen on Bugtraq -- Update Sunbelt Kerio Personal Firewall with two IDS rules. If it provides full coverage network-wise for the computer this is actually a pretty nice option for individual client systems; the software is downloadable and usable for 30-days, after which it removes some features and becomes free for personal use or (for a limited time) is available for $14.95. It's also in my kit for the occasional friends/family/friends of family visits when I gotta clean a computer up and leave something behind to try to stop it from happening again.

Five days ago I was forced to reauthenticate software I paid for, entered a CD-KEY into, and authenticated over a year ago because the addition of a virtual device exceeded the number of changes I was permitted to make to my computer.

So as far as computers go, this has certainly been a week to reflect on how fortunate it is that my primary platform is the second, better operating system on this computer: one that is broken neither by accident nor by design. And here's to hoping I didn't just curse my luck by saying that.

top

Sheetback: exciting, tweaking, lengthy

Sheetrock Sheetrock writes  |  more than 8 years ago

I've been about to write a journal entry maybe three or four times since my last one, consequently there might be enough here to be of some substance.

First, some exciting news

For a limited time my two most popular signatures are being offered as a combination. Can't decide? Why should you have to! Now you can correct movie trivia and grammar in the same offtopic post. Valid while supplies last.

Firefox HTML/CSS tweaking

I don't know when the Slashdot contest for developing alternative stylesheets is going to get off the ground, but if you're looking to get a head start on the action I've discovered a free tool for Firefox users that helps greatly with the debugging process: Firefox Web Developer Extension. I've had the misfortune of working with CSS/HTML lately and while I tend to avoid WYSIWYG HTML editors and the like this utility is now indispensable.

Aardvark also deserves a mention. This tool is quite nice for "cleaning up" a web page for printing -- for example, you can move the mouse over a CSS block, press "E", and it will remove the block from the page. Also for Firefox.

Lengthy Windows rambling

I'm no master of the Windows Debugger (WinDbg, freely available from Microsoft), but it's nice to have around for diagnosing system crashes. If you don't know about it and you're troubleshooting any 2000/XP machines you should get acquainted, and I'll explain why.

For many people, the diagnosis stops at the STOP screen. You get a cryptic and mostly useless message about IRQL_LESS_THAN_EQUAL or some similar bullshit with a list of hexadecimal numbers. Savvy individuals write down the message, the numbers, and any other information (ntfs.sys?), walk over to a functioning Internet-connected system, and punch something like "STOP 0x0000000a" into Google. Which gets you a Microsoft support article explaining that 0x0000000a is a code for IRQL_LESS_THAN_EQUAL. Fantastic.

If the crashing system is configured to give a meaningful crash dump, you can go farther with WinDbg. I typically configure my systems to do a Kernel Memory Dump, which writes out whatever memory Windows thinks is in use, but the Small Memory Dump (which only writes 64K each crash) will write a new file with each crash whereas the Kernel Memory Dump will overwrite its storage file each time. The setting is somewhere under Control Panel -> System -> Advanced on Windows XP.

Basically, you need a debugger and a copy of the symbol files for your Windows installation (also freely available from Microsoft), although if you are using a faster-than-56kbps connection you can also tell the debugger to request symbols as needed via an Internet connection by following the details in the help file provided with the debugger.

Anyway, to set up a system I'll unpack the symbol files to C:\WINDOWS\SYMBOLS. Then I go into WinDbg and configure the symbol file path to the same location, then Save Workspace (both options under the File menu, IIRC) so I don't have to keep setting this option. Then File -> Open Crash Dump. The crash dump will be in Minidump under the Windows directory (for example, C:\WINDOWS\MINIDUMP) for 64K dumps or in the file C:\WINDOWS\MEMORY.DMP for a Kernel Memory Dump.

This gets a window, Command, which is a subwindow of the debugger (and can be dragged-and-dropped into its frame, which I do.) If I punch in "!analyze" at the prompt and hit Enter I get this:

Use !analyze -v to get detailed debugging information.

BugCheck E2, {0, 0, 0, 0}

Probably caused by : i8042prt.sys ( i8042prt!I8xProcessCrashDump+237 )

Followup: MachineOwner

Then, the command "!analyze -v" gets me this:

MANUALLY_INITIATED_CRASH (e2)
The user manually initiated this crash dump.
Arguments:
Arg1: 00000000
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------

BUGCHECK_STR: MANUALLY_INITIATED_CRASH

DEFAULT_BUCKET_ID: DRIVER_FAULT

LAST_CONTROL_TRANSFER: from f77817fa to 805339ae

STACK_TEXT:
805507dc f77817fa 000000e2 00000000 00000000 nt!KeBugCheckEx+0x1b
805507f8 f7781032 00887598 01da58c6 00000000
i8042prt!I8xProcessCrashDump+0x237
80550840 804dad9f 83595948 838874e0 00010008
i8042prt!I8042KeyboardInterruptServ
80550840 804dc0d9 83595948 838874e0 00010008 nt!KiInterruptDispatch+0x3d
805508d4 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x12

FOLLOWUP_IP:
i8042prt!I8xProcessCrashDump+237
f77817fa 5d pop ebp

SYMBOL_STACK_INDEX: 1

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: i8042prt!I8xProcessCrashDump+237

MODULE_NAME: i8042prt

IMAGE_NAME: i8042prt.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 41107ecc

STACK_COMMAND: kb

FAILURE_BUCKET_ID: MANUALLY_INITIATED_CRASH_i8042prt!I8xProcessCrashDump+237

BUCKET_ID: MANUALLY_INITIATED_CRASH_i8042prt!I8xProcessCrashDump+237

Followup: MachineOwner

If desired, one can then dump a list of drivers that were loaded at the time. "lm t n" gets me a huge list of the following form:

start end module name
804d7000 806eb780 nt ntoskrnl.exe Wed Aug 04 01:19:48 2004 (41108004)
806ec000 8070c380 hal hal.dll Wed Aug 04 00:59:05 2004 (41107B29)
b91a4000 b91cdf00 kmixer kmixer.sys Wed Aug 04 01:07:46 2004 (41107D32)
ba06f000 ba0c1180 srv srv.sys Wed Aug 04 01:14:44 2004 (41107ED4)
[...about a hundred entries]
f777f000 f778be00 i8042prt i8042prt.sys Wed Aug 04 01:14:36 2004 (41107ECC)
[...fifty or so more]

If the debugger has difficulty determining where the crash occurred, it's worth examining the STACK_TEXT portion of "!analyze -v" or opening the call stack window (View -> Call Stack or Alt-6). As it's a stack, the most recent call (or the one occuring most closely to the generation of this dump) is on top.

Here, the call stack ends with "nt!KeBugCheckEx+0x1b". "nt" refers to the module, which you'll happily note appears in the driver list above. The "KeBugCheckEx" is a symbol referring to a particular spot in the module, and gives you something you can use Google to look up in addition to giving you some idea about what this chunk of code is about from the name. "+0x1b" means it's jumping 0x1b bytes after "KeBugCheckEx". Technically speaking, you could issue the command "u nt!KeBugCheckEx+0x1b" to show a disassembly, or "u nt!KeBugCheckEx" if you want to see what happens in this module leading up to the call, but it's unlikely to help you out.

In this case, the symbol names tell the story:

nt!KeBugCheckEx+0x1b
i8042prt!I8xProcessCrashDump+0x237
i8042prt!I8042KeyboardInterruptService+0x21c
nt!KiInterruptDispatch+0x3d
nt!KiIdleLoop+0x12

There's a registry key you can set to permit you to crash the system by holding down the right Ctrl key and pressing Scroll Lock twice, and that's how I generated this dump. But this is the same routine I use when I suspect a driver is causing a problem on the system (a common cause of crashes.) There's another command "!process" that helps working out software-created lockups, but this scenario's complex enough as is.

Anyway, I actually bring it up because after the unfortunate Sony DRM flap I went to figure out what sort of interesting API hooks might have been made into my system. If you're still with me, I thought I'd use what I'd learned from Mark's Sysinternals Blog to do it by hand. With a Kernel Memory Dump, I could check the results of the memory dump at kiservicetable (it's a window you can open in WinDbg) against my list of drivers from the command "lm t n" -- the deviants tend to show up because on my system the kernel API calls are in the 8xxxxxxx region and the driver API hooks are in the 4xxxxxxx region. Compare the 4xxxxxxx hooks against the driver list, and voila. Well, you can see what's intercepting system API calls, but to decipher which API calls are being intercepted is a pain (I just checked them in sequence against a list of API calls I found somewhere on the Internet.)

Interestingly, I do have something on my system that does this: my firewall. Although it's worth noting that because of the way API hooking works, there could be more than one program doing it -- program A inserts its hook that calls the system API after doing what it wants to do, then program B inserts a hook that calls program A after doing what it wants to do, etc. You only get to see the final hook, although I'd imagine disassembling the code at the address shown for the hook would allow you to dig further. But only do so if the code doing the hook is actually malware and not a program you paid for that has an EULA forbidding you from examining your computer.

Anyway, I won't bother checking my system this way again, as in the process of looking up the API functions I found a tool that automatically did everything I did. The dire warnings on the website prevent me from making this a part of my diagnostic kit, but I'm keeping an eye on them to see if they get to a stable release.

Christmas

Merry Christmas. I know it's late, but whatever. I dig Civilization IV but it eats memory like it's free. What's doing that, a Python instance for every frigging unit, town, and scrap of land?

top

Uberel33t.

Sheetrock Sheetrock writes  |  more than 8 years ago As a fan of The Cuckoo's Egg, I found this TIME article pretty compelling... and surprisingly underreported. The article boils down the state of U.S. computer security to the same unsatisfying equation present in The Cuckoo's Egg:

  • Many computers remain insecure
  • Most targets remain unaware of (and unconcerned by) exploitation
  • Being a good net-samaritan means you will have a pile of unnecessary grief heaped on you by the people you think you're helping

I recall a point in the book where it seemed everything was dropped on the floor but matters were actually being handled without the involvement of the author. Maybe something similar's going on here despite the discouraging turn of events at the end.

top

Remember when gaming was fun?

Sheetrock Sheetrock writes  |  more than 9 years ago The BBC reports that World of Warcraft has developed a different kind of bug:

In the last week, [Blizzard] added the Zul'Gurub dungeon which gave players a chance to confront and kill the fearsome Hakkar - the god of Blood.

In his death throes Hakkar hits foes with a "corrupted blood" infection that can instantly kill weaker characters.

The infection was only supposed to affect those in the immediate vicinity of Hakkar's corpse but some players found a way to transfer it to other areas of the game by infecting an in-game virtual pet with it.

This pet was then unleashed in the orc capital city of Ogrimmar and proved hugely effective as the Corrupted Blood plague spread from player to player.

top

Oops.

Sheetrock Sheetrock writes  |  more than 8 years ago I found this somewhat amusing.

At the pro-Bush rally several miles away, there were some heated moments when two members of Protest Warrior, a group that frequently holds counter protests to anti-war rallies, walked in with a sign that read "Say No to War Unless a Democrat is President."

Many Bush supporters only saw the top of the sign and believed the men were war protesters, so they began shouting and chasing the pair out. One man tore up their signs.

-- from AP/ABC News

The actual sign, not seen here because I forgot where I originally read the story that had a picture of it, had "Say No to War" in large font and the rest was nearly unreadable in the picture. So the misunderstanding was understandable.

I'm afraid "Waving subtle comedic wit in a hostile crowd" has just been crossed off the list of occasions where it pays to be cleverer than your audience. For the next event might I suggest a Goatse print and an airhorn?

top

Summary of unsolicited TCP/IP traffic over last month

Sheetrock Sheetrock writes  |  more than 9 years ago Notes: Thought I'd do this again to see what's changed since last month. Common inbound ports such as telnet, SMTP, pop3, and http are filtered out by my ISP to prevent giving me too much value for my money and therefore are not represented in this list. Ports receiving fewer than ten packets are not listed. "Attempts" are likely inflated because connections may be tried more than once by the same IP address at the same time (tool- or protocol-related retries). All descriptions are my best guess (forgot to mention this last time.)

Attempts, Protocol, Port
18726, UDP, 1026
15764, UDP, 1027
Windows messenger spam attempts.

1412, UDP, 68
bootpd/dhcpd. Expected and probably legit.

449, UDP, 1434
427, TCP, 1433
Microsoft SQL server exploit traffic.

360, TCP, 42
Microsoft networking scan (WINS) -- almost 26 times the traffic last month. The reason, I think, is a misconfiguration by a budding Windows administrator (well, the second if he's not properly blocking Windows traffic at his border firewall.)

223, UDP, 1028
216, UDP, 1029
More Windows messenger spam attempts?

193, UDP, 6970
RealPlayer/Quicktime trying and failing to use UDP as a network transport. Expected and probably legit.

136, TCP, 4899
radmin (a remote administration tool) listens here. I don't know if the interest is in exploit-related access or brute force access. I've heard some worms will install radmin, and others try to get in existing installations using weak passwords.

115, UDP, 33437
Traceroute, or routing optimization. Probably legit.

100, TCP, 22
SSH.

84, TCP, 10000
Veritas Backup Exec? Zabbix? Webmin?

51, TCP, 2100
Oracle 9i XDB FTP service exploit.

47, TCP, 3306
MySQL.

31, TCP, 57
More probes for an obscure Cisco service. Again, I'm thinking it'd be interesting to hook something up to this port to see what's what.

30, TCP, 9898
Scans for a FTP server the Sasser worm will run on an infected system.

28, TCP, 3127
Backdoor port installed by the MyDoom virus.

27, TCP, 1023
The Sasser.E worm drops an FTP server here.

27, TCP, 3128
Squid webproxy. Slashdot scans.

27, TCP, 5554
The Sasser worm drops an FTP server here.

23, TCP, 8000
Webproxy. Slashdot scans.

22, UDP, 33435
Routing optimization.

21, TCP, 444
Webproxy. Slashdot scans.

19, TCP, 81
Webproxy. Slashdot scans.

19, TCP, 3124
Webproxy. Slashdot scans.

18, TCP, 111
RPC portmapper for Unix/Linux/BSD/etc. type systems. Oldschool attack vector, but I don't know what they're looking for now.

17, TCP, 3389
Remote Desktop Protocol. Someone mentioned a potential exploit on SANS in mid-July, but traffic isn't up much from last month.

17, TCP, 22826
I don't know what this is about.

17, TCP, 6101
According to an entry at SANS, a scan for the Veritas Backup Exec exploit.

17, UDP, 6346
More Gnutella. I dumped the packets this time; they're validly-formed Gnutella PING packets containing extended data that looks like a nickname field. Looks like two people checking from four hosts. I thought Gnutella clients were TCP but gtk-gnutella at least has offered UDP connectivity since November last year. Still don't know why the same machines keep scanning mine but maybe they're building a host cache (which is used by Gnutella clients as a starting point to join the network.)

12, UDP, 33439
Routing optimization.

11, TCP, 3382
Webproxy. Slashdot scans.

11, TCP, 6129
Dameware remote management tool exploit.

11, TCP, 5900
VNC (remote desktop tool).

10, TCP, 7032
Webproxy. Slashdot scans.

10, TCP, 2578
Webproxy. Slashdot scans.

10, TCP, 8081
Webproxy. Slashdot scans.

10, TCP, 8090
Webproxy. Slashdot scans.

10, TCP, 1026
Webproxy. Slashdot scans.

10, TCP, 8002
Webproxy. Slashdot scans.

10, TCP, 6588
Webproxy. Slashdot scans.

top

Summary of unsolicited TCP/IP traffic over last month

Sheetrock Sheetrock writes  |  more than 9 years ago

Notes:
Common inbound ports such as telnet, SMTP, pop3, and http are filtered out by my ISP to prevent giving me too much value for my money and therefore are not represented in this list. Ports receiving fewer than ten packets are not listed. "Attempts" are likely inflated because connections may be tried more than once by the same IP address at the same time (tool- or protocol-related retries).

Attempts, Protocol, Port
12352, UDP, 1026
6377, UDP, 1027
Windows messenger spam attempts.

2344, UDP, 68
bootpd/dhcp. Background network config stuff usually seen on broadband connections or in corporate network environments. In my case this all looks legit.

1813, UDP, 6970
RealPlayer/Quicktime trying and failing to use UDP as a network transport. It transparently switches to TCP after failing a UDP connection, which seems to work just fine for BBC World Service.

442, TCP, 1433
324, UDP, 1434
Microsoft SQL server exploit traffic.

121, TCP, 4899
radmin (a remote administration tool) listens here. I don't know if the interest is in exploit-related access or brute force access. I've heard some worms will install radmin, and others try to get in existing installations using weak passwords.

119, UDP, 6346
Gnutella? I fired that up like two years ago and I'm still getting scans here. Someone needs to clear their cache.

110, TCP, 22
SSH. No doubt connected to the automated brute force dictionary attacks mentioned recently. This got scanned before that too, probably folks looking for an old exploitable version.

51, TCP, 10000
Supposedly there's been an increase in scans for this after the Veritas Backup Exec exploit came out. Two other programs that use this port are Zabbix (an open source network monitoring solution) and Webmin (a web-based system adminstration interface.)

42, TCP, 3306
MySQL. I doubt good intentions are behind this scan.

40, TCP, 9898
The Sasser worm will leave an FTP server open on this port. The Dabber worm will exploit a vulnerability in the server opened by the Sasser worm to spread.

35, UDP, 33437
Traceroute makes use of this port. All of these attempts came from two IP addresses belonging to the same company. Some websites are using a service where they distribute their content to different servers around the world and when you request content from them you are directed to the server with the lowest latency or something. I'm a bit curious how they figure this out with only one server pinging me though.

34, TCP, 2100
Oracle 9i XDB FTP service exploit.

33, TCP, 1023
The Sasser.E worm drops an FTP server here.

33, TCP, 5554
The Sasser worm drops an FTP server here.

33, UDP, 161
SNMP (Simple Network Management Protocol). Sometimes this will give interesting information.

31, UDP, 1381
Apple Network License Manager. I have no idea what the interest here is.

22, TCP, 57
A Google search was unclear on what this was about ("any private terminal access") but I note with interest that there is an obscure Cisco configuration item called "ip tcp async-mobility server" that will listen on this port. I'm thinking about hooking up a dummy TCP server that
completes the connection and logs everything to a file.

20, UDP, 1028
Might be more Windows Messenger spam, or an obscure trojan exploit attempt. The same IP address is scanning 1026-1029 UDP.

19, TCP, 6101
According to an entry at SANS, a scan for the Veritas Backup Exec exploit.

18, TCP, 3128
Squid webproxy. Some schlubs scanning for open proxies I imagine. One of the schlubs happens to be our very own slashdot.org.

16, TCP, 2745
Backdoor port installed by Bagle virus variants.

15, TCP, 3127
Backdoor port installed by the MyDoom virus.

14, TCP, 444
Webproxy address. Slashdot scanned this one too.

14, TCP, 42
Microsoft networking scan (WINS).

14, UDP, 1029
More people abusing Windows Messenger, probably.

13, TCP, 81
13, TCP, 8000
Webproxy addresses. Slashdot scans again.

12, TCP, 6129
Dameware remote management tool exploit.

12, UDP, 33439
This seems related to the 33437 scans above.

11, TCP, 1025
Microsoft RPC/LSA exploit attempts?

10, TCP, 4000
The Skydance trojan can run here, as well as a Diablo II Closed Game server (which was vulnerable to DoS years ago, though why people would scan for
games to ruin is beyond me.)

10, UDP, 123
Network Time Protocol. Neither IP address checking for this appears to be a known NTP server as far as Google goes.

top

Ah yeah.

Sheetrock Sheetrock writes  |  more than 9 years ago Check this gem out and tell me it isn't time for Hollywood to drop everything they're working on at the moment and do for the A-Team what they did for Batman.

With our traditional movie heros MIA or turned into women to satisfy test audiences, nothing short of a high-powered A-Team remake will revive the action franchise.

But maybe stop after the first sequel.

Update: The A-Team is actually in production for 2006, and I think it's safe to say that your combined disappointment in Star Wars and the upcoming Willy Wonka movie will be completely made up for by this cinematic blockbuster.

Slashdot Login

Need an Account?

Forgot your password?