Password Gropers Hit Peak Stupid, Take the Spamtrap Bait
I designed a honeypot built on similar principles at the last data center I worked for, whereby I had at least two different VM's comprising at least two different OS' on each and every subnet on our network.
Using a custom implementation of PSAD and a bunch of PERL, the basic idea was that any time a specific IP (external *or* internal) scanned more than eight ports per IP across two or more subnets, it was unquestionably an illegitimate scan of our network, and the IP originating the scan in question was immediately submitted for null routing, because nobody could possibly have a legitimate reason for doing such a scan.
Port scans from internal IP's, along with those matching other patterns (such as multiple scans within a single subnet or attempting certain exploits/attacks that can be deduced from snort's output in /var/log/messages, like the slammer worm, etc.) were output to a file that was reviewed daily, and could then be fed either in whole or in part(s) to a script that would process the desired actions. Before I knew it, I was blackholing hundreds or even thousands of addresses a day... ~70% of which were from China Telecom, followed immediately by Russia, Brazil, and Moldova, with less than 5% of attacks originating from U.S. or European addresses. The number of compromised customer servers on our network plummeted, along with a corresponding and by-no-means-insignificant dip in network traffic.
What got me started on this project was that, among other things, hackers were scanning our network for Plesk's default admin login port (as Plesk at that time *had* a default admin login and password), and any time they got a response from port 8443 on an IP that previously did not have that port open, they would jump in and root new installs often before the customer ever logged in for the first time. Needless to say, I put an end to that nonsense.
However, calling spammers dumb as others have above is probably a mistake: they can often be fairly smart, but what they really are - usually - is Peak Lazy, and are aiming for low hanging fruit. Eventually, the more sophisticated ones will create or adapt new techniques to defeat - or at least cope with - this particular methodology, and the cat-and-mouse-arms-race game of security will continue on as it always has, with one side or the other evolving new defenses or offenses, and the other evolving an appropriate response. The fact that a particular batch of spammers got caught and will find the emails from their current spam campaigns not reaching their intended audience on this go round will only slow them down for a time on the domains this list covers, but to say the spammers have hit "Peak Stupid" as a result of excessive automation is, in fact, an NP-Dumb analysis.
Mathematical Model Suggests That Human Consciousness Is Noncomputable
"When a distinguished but elderly scientist states that something is possible, he is almost certainly right. When he states that something is impossible, he is very probably wrong." ~Arthur C. Clarke
Just because they can't figure out HOW a digital machine would compute it does not mean that machine consciousness isn't possible... merely highly unlikely with the current state of the art.
Semi-/organic systems or components or other radically new or different implementations and designs of hardware, new materials, as well as new software techniques could blow their assertion out of the water next month as easily as in the next decade.
Pretty much every time someone says "you cannot", someone eventually comes along and develops something to prove them wrong. Just like they said no one would ever break the sound barrier, or put a man in orbit, or that there's only a need for a handful of computers globally. You know, like every time someone says "tape is a dead storage medium", or "ZOMG Moore's Law is going to fail in the next 5 years", and are consistently proven wrong. This scenario is no different, and merely indicates a lack of understanding of science on the part of the researchers, as well as a lack of imagination. Just because they can't figure out HOW it could be done does not mean it is not possible.
Physics Students Devise Concept For Star Wars-Style Deflector Shields
Star Wars didn't even remotely do this first... in fact, it wasn't even the first in major media, seeing as how this was the whole point of the "deflector dish" in Star Trek.
Also, they've "proven" or "demonstrated" precisely nothing, as they have tested - and derived results from - precisely nothing.
Finally, the feasibility of this was demonstrated long ago by an "odd" occurrence in a 3M plant making polypropylene film, not to mention the high-strength electro-magnetic fields (or "bottles") currently in use in experimental fusion reactors.
Just because I noticed that birds and other creatures can fly and write about it in a paper, does not mean that constitutes demonstration or proof of an assertion that human-powered flight is feasible, nor does it demonstrate the actual principle in any useful way.
DOJ Complains About Getting a Warrant To Search Mobile Phones
If this exact same logic had been applied during the time the Constitution was written, these people would have attempted to ban anyone from possessing or using fire in any place where any document that any government agency might one day want to read is created or stored, because "the criminals might burn the papers we think might contain evidence against them, therefore nobody should be allowed to have fire and paper at the same time because it would inconvenience us."
Siphons Work Due To Gravity, Not Atmospheric Pressure: Now With Peer Review
Notation that you create a vacuum. ;)
How Cochlear Implants Are Being Blamed For Killing Deaf Culture
"Wah, technology is making our extremely self-isolated, often xenophobic culture irrelevant and unnecessary, and we're losing children to the 'normals' because the 'normals' want our precious deaf babies to be able to hear just like them, and then they won't be able to identify with our problems and won't want to be part of our little culture. Waaaaaahhhhhhhh."
It's a bit like the tiny backwards religions and cults (like the ones that preach total abstinence, for example) who can't figure out why their children don't want to remain part of their tiny little self-isolated ultra-religious, extremely narrow-minded and often rather intolerant communities for the larger world of opportunities without the shackles of self-imposed dogmas or bigotries. "We just can't figure out why these children would want to leave our perfect little nest and see or be part of the wider world."
That's part of what technology does: encourages progress, and helps us ablate away the slough and callouses on our society and cultures. 100+ years ago there were whole, relatively mainstream cultures focused on death because it was such an unavoidable part of life, during an age where you were lucky if 1 in 3 children survived to adolescence, much less adulthood. Since then, medical science drastically increased survival rates, and those cults faded away as fewer and fewer people suffered agonizing, tragic, or otherwise preventable losses, and thus as fewer people needed social support in their grief or hardships, such cults largely disappeared.
Deaf "culture" should be no different. It's a crutch, a support group, for people with similar problems to band together, however it very often creates as many problems as it solves. By pulling people away or serving to isolate them from their larger culture, not as an individual wishing to remain unique, but as someone who sees themselves as irrevocably different from, and outside the groups that would otherwise be their peers, if not for their disability, it creates a barrier to participation or feelings of inclusion in society at large, and in the end can do as much harm as good by fostering resentment toward a society they see as rejecting them, all while they isolate themselves from it further and further.
Why Darmok Is a Good Star Trek: TNG Episode
Having recently just re-watched all of ST:TNG, my picks for worst are fairly simple: most episodes focusing on Troi, any episode featuring Troi's mother, and almost every episode featuring or focusing on Worf's son Alexander.
Wildstar To Launch On June 3
Stop feeding the troll, kids.
Seriously, this is being reposted to multiple threads with no intent other than disrupting normal discussion, no different from the GNAA trolls of years past. Just move along and ignore it, nothing to see here.
Replicant Hackers Find and Close Samsung Galaxy Back-door
> "is a 100% free software mobile device important to you?"
In a word: Yes.
The borderline (and sometimes not-so-borderline) criminal behavior of some software/hardware makers, coupled with often exorbitant costs for a device that will either be destroyed (via being cheaply made) or totally obsolete in a few years makes me quite leery of trusting or relying on a modern smartphone, much less actually spending my own money on one. Especially when my company provides me with a phone, POS though it may be.
How Do You Backup 20TB of Data?
If you can afford a 20TB RAID *and* have enough data of value to warrant *retaining* 20TB, then you can certainly justify the expense of a tape drive and corresponding tapes to back it all up.
Tape is not dead, contrary to more than 3 decades of claims otherwise. It is, in fact, perfectly alive and healthy, and well worth using (with a proper backup/rotation scheme) when you have that kind of data volume to store.
I've worked for Arcus/Iron Mountain and Recall both, and I can't tell you how many times over my years with those companies I've heard someone say "We don't need off-site backups" or "We don't need tape, we just have the IT guy take the hotswap drives home every day", only to have them come crawling back in tears weeks, months or years later when they've lost everything.
Nanomaterial May Be Future of Hard Drives
Because tape is a dead and obsolete technology too, just like people have been saying it will be with every new storage advance for more than 30 years, right?
Nanomaterial May Be Future of Hard Drives
*sigh* Let me guess, you're either between 15 - 25 years old, and/or have never worked in enterprise-class I.T.? Otherwise, you really ought to know better.
Before I ever entered I.T. professionally 20 years ago, people had been claiming the impending death of magnetic tape for more than a decade. at least, yet it is still with us today. Sure, the round-wheel tape is more-or-less gone, but tape is still going strong.
Similarly, SSD's are not going to completely replace mechanical storage any time soon, if only because as solid-state memory improves, so will mechanical devices continue to do, and they will almost certainly have a place in modern computing for many years yet to come, barring some as-yet completely unforeseen revolution in materials science lowering materials and production costs while raising quality and value to thresholds well beyond anything currently predicted. Then again, the same advance (such as room-temperature superconductors) could have wide-ranging positive impacts on both technologies, increasing memory operation speeds in SSD's while eliminating the mechanical bearing from HDD's and providing similar performance increases.
After all, I'm pretty sure that if I dig back far enough, I can find at least one thread - quite possibly one I made substantially similar comments in - on this very site from ~15 years ago with someone saying much the same thing about how optical (or magneto-optical) is going to make tape/mechanical-drives obsolete. Now we know optical disks have a life-span before they degrade, making them useless for long-term archival storage, and I couldn't tell you when the last time I saw a mini-disc was.
Ask Slashdot: Does Your Employer Perform HTTPS MITM Attacks On Employees?
This is very common in large, enterprise-class businesses with significant numbers of PC's dedicated to end-users, as this methodology is used in various ways to provide security (to the enterprise, while simultaneously robbing the end-user of theirs in favor of the business').
The services provided by companies likeZScaler would be perhaps the most common use of these types of MITM attacks.
Ask Slashdot: Anti-Camera Device For Use In a Small Bus?
Ah, I can understand that fear, but there's really no reason such a system can't be generally safe and reliable, especially as there is no need for the lasers to be on at all times, and its not unreasonable to believe one might be able to source a fairly low-power laser that would still have the desired effect on CCD cameras while being reasonably safe for at least short exposures to the human eye, just in case a motor stops working properly or the like.
3-D Printed Pelvis Holding Up After 3 Years
Titanium is paramagnetic, meaning that while it is attracted/reactive to the presence of external magnetic fields, it retains no magnetization of its own when removed from said external field. In this specific usage case, magnetization of the part would not be of concern any more than it would be for any other titanium prosthesis.
Ask Slashdot: Anti-Camera Device For Use In a Small Bus?
So, in fact, does everything you have ever seen in your entire life: otherwise, you wouldn't see it.
The key is the specific frequencies (notice the plurality) of light reflected. The human cornea, like a camera lens, has a rather unique and readily identifiable reflected spectroscopy, and both are easily differentiated from the other.
Seriously, not an NP-hard problem. As is usual, people are trying to make it out as more difficult than it actually is.
Ask Slashdot: Anti-Camera Device For Use In a Small Bus?
Doesn't need one. This is not an NP-hard problem, nor is the proposed solution. It could, in fact, be done on a relatively low budget. Relative, that is, to the costs that might otherwise come with lawsuits or bad media publicity resulting from "unauthorized" video taken by passengers, in any event.
Besides, if he does the footwork and engineering on his customer's dime, he (and perhaps the customer, as a partner in a joint venture) could come out of it with a product they can market and sell to other similar bus operators, theaters, etc.
None of the tech I outlined is rare, odd, or terribly expensive (excepting LIDAR units, at about $5k each), and can be done entirely with COTS hardware and some customized programming that would only have to be built on top of programming that has already been done in this field. In fact, the PS3EYE or Kinect already has most of the capability needed.
Honestly, I've seen homebrewers do much more complex things (including code), such as the home-built, automated air-hockey table built by a father for his daughter, which not only has to identify the puck, but then do loads of computational math to determine angles, speeds and force loads: what I initially described in my original post would almost be child's play by comparison.
Ask Slashdot: Anti-Camera Device For Use In a Small Bus?
Use lasers with non-visible beams connected to actuated, high speed bases and working in tandem with the on-board video cameras. Pre-map the location - including relative distances between each camera (use laser as range-finder) - of all "legitimate" cameras on the bus, then use a filter to scan for the very specific and unique reflected light frequencies created by a camera lens, and whenever found, point any lasers with valid angles to see it at said camera lens: voila, no more unauthorized video.
You might also be able to accomplish this more easily, without having to map your "legitimate" cameras, by mounting said cams behind some sort of cover that would obscure their lenses from being sensed by the anti-camera-camera by dint of the covers by altering/filtering the frequency of the light reflected by the lens.
If you wanted to try something somewhat more COTS than trying to build and program a rig to do this (though a lot of the basic frameworks for things like high-speed visual target acquisition by sensing cameras and pattern recognition suites are already "out there", if you're willing to dig for them or do some legwork contacting the developers), you might try a LIDAR unit of some variety, though you'll almost certainly still have to do some modifications. I have no idea, however, whether or not the light freq's used by common LIDAR units will interfere with a camera the way more traditional lasers do.
Ask Slashdot: Practical Bitrot Detection For Backups?
This doesn't even count the fact that optical media is still subject to the same degradation and bitrot that tape is.
And anyone who thinks electromagnetic tape is "dead" is naive or just ignorant. People have been predicting the death of tape for decades, and it's no more true today than it was in the 70's. Modern EM tape is typically rated for 15 to 30 years of retention, and as long as it is not over-exposed to moisture during storage, it has proven to be able to last that long: otherwise, the manufacturers would be out of business because the Fortune 500 and S&P 500 companies - the majority of whom backup to tape and send it off-site - would have sued them to extinction.
On the other hand, according to archives.gov:
"CD/DVD experiential life expectancy is 2 to 5 years even though published life expectancies are often cited as 10 years, 25 years, or longer. However, a variety of factors discussed in the sources cited in FAQ 15, below, may result in a much shorter life span for CDs/DVDs."
How PR Subverts Wikipedia
I'm not going to help edit, because I have little or no use for what common consensus is. I'm interested in fact and truth, not public opinion.
Q.E.D., you are, then, part of problem, and have no right to whine or complain because you can't be bothered to help fix it. Go use Britannica, then... which was found as late as 2005 to be generally no more accurate or reliable than the Wikipedia, with broadly similar error levels. Or how about Nature, who themselves state that retractions in their journal have risen ten-fold in the last decade, even while the number of submissions has only increased 50%. Because they're utterly reliable and the peer-review process can't be subverted, right? How many times was that now-discredited MMR vaccination study reprinted as golden gospel, for how many years? How many times has an outsider to academia and private industry journals made a stunning breakthrough that might have come sooner if only some critical bit information had been publicly available, instead of buried in a back-issue of a private publication? How many millions or billions of dollars have been wasted re-reviewing science that was based on something once taken for truth by the major journal in its field, only to later be proven false?
Like any other information source, Wikipedia will only be as correct and factual as the people contributing to it can muster, and without the help of subject matter experts determined to make sure the truth is told, it will be bottomed on the knowledge available; the Wikipedia, however, has a much larger pool of knowledge and experience available to it - if people choose to take part - than any journal or trade magazine. If people who have and can source/prove/demonstrate the facts on developing, highly technical or contentious subjects would commit to contributing as much to making sure the Wikipedia is accurate as they do to closed academic journals that no one but academics ever read, then we'd be in a much better place, with a better educated populace, as a result of access to true and up-to-date information, as opposed to last year's conjecture and common wisdom. For that matter, how many times did Britannica, for example, choose not to cover a subject - or not cover one in as much detail as was available - in order to conform to demands of governments and corporations, which do not affect the Wikipedia? Somehow I doubt they'd have ever penned more than a footnote - much less an entire article - about FOGBANK... oh wait, look, not even a footnote.
What would lead you to believe that a group of 10 supposed experts in a field editing at a journal are infallible and never make mistakes, but 100 or 1000 people - some of whom may also be just as expert, or even the same experts - cannot come just as close to truth and fact? What makes you think the scientific and history communities have more than a few dozen things they can all settle on as incontrovertible, accepted fact that no one can reasonably debate? Let me guess, you're the same anonymous coward that was arguing a few weeks ago that nobody can make money on making open-source software and that all FOSS sucks because only large corporations get anything done?
How about show me an established article in the Wikipedia - and not a revision someone is vandalizing - that is purporting something to be "fact" that is provably just "public opinion", and wrong at that... and I'll show you an article you should have just fixed, assuming you can demonstrate said fact from a reliable, neutral source. Otherwise, I'm going to have to conclude you're just mad because someone reverted your edits on an article when you tried to assert a claim on a debatable subject and couldn't back it up.
I'd also really like to see this always-accurate-and-reliable source of information you seem to be purporting exists. You know, the one you can always count on absolutely to be so factually complete that you never need to cross-reference another source of information and research - as any good science or research demands - because it's all-inclusive and has settled all questions of science and history... oh wait, that doesn't exist. The Wikipedia is meant to be one more avenue TO research, not OF it. It contains information and references, and you're supposed to do your OWN research, not use the Wikipedia directly as a source for it. If you can't be bothered to flex your intellectual muscles and judge how accurate the information presented is for yourself, and then choose whether or not the information is reliable enough to warrant further investigation on your own, once again, the failing is yours, not the Wikipedia's: no one else can help you if you're too intellectually lazy to do research, and no source of information is reliable enough to simply spoon-feed you without any chance of error. If that's what you want, I suggest you find religion.
Another good one that most have missed
Another post I made, late in the life of the thread that the mods missed. This relates to a piece of FUD that kdawson posted regarding a new patent filed by IBM to automate rewards for customers who have been waiting too long in line. Nearly every respondent to the thread was way off base, lead astray by the trollish wording of the article: IBM wants to patent restaurant waits.
Most respondents went off the deep end, seeing another case of seeming patent abuse, and claiming that IBM is going to start suing anyone who gives a reward to customers who have waited in line a long time - utter non-sense, which just goes to show that even geeks (or slashdot trolls) don't understand why it is that we have and need a patent system, and their supposition about how IBM could abuse this patent is not just ludicrous, but about as valid as saying that just because a hacker in China somewhere has abused a computer that all computers will be abused.
Good point. Personally, I don't see why any restaurant would want to use this. Why make an automated way to give away free lunches to people because they wait? If a customer complains about waiting too long, then you give them the coupon.
I suppose the flipside to that is that the customers who don't complain, but decide that they don't want to come back to the restaurant because they had to wait...
The reason being that IBM makes business machines - including point of sale and business automation systems. What they have described here is a novel method by which the human factor normally necessary to monitor customers' time spent waiting and then selection of an appropriate compensation is automated through their system, almost certainly to be tied in to an existing product like a point of sale terminal that will quite possibly be tied into one of those little pager systems that lets you know when your table is ready. Rather than requiring employees or wait-staff to monitor times spent waiting on a screen and then offer the customer something gratis, the system is designed to do all this for them, thusly eliminating time and resources necessary in what is probably an environment where time is a premium (since people are waiting for service) as well as potential stress or conflict with a customer who may unhappy - now they don't have to approach an already harried manager or wait-staff and present a complaint or argument - the system notes that a pre-programmed threshold (which the establishment has determined to be the minimum time before they would be willing to offer such freebies regardless of system automation) has passed and automatically offers the free item, in theory placating the customer(s) without creating extra resource strain on the staff.
Why patent this? Because IBM wants to offer this ability to restaurants and other businesses who do not want to have to do these things themselves, implemented via a piece of IBM equipment. The patent as described does not prevent a business from offering you a free lunch if you wait too long - IBM obviously spent money time and research effort creating a combined software and hardware method that can automate this process (and thereby expand the services and functions performed/offered to customers already owning or seeking to purchase IBM equipment) - also known as a "value add"; what the patent prevents you from doing is copying or mirroring IBM's research to produce a similar system while not actually doing any innovation of your own. If they didn't file for a patent, then you could just go buy a bunch of chips, assemble your own equipment, and then gank (yes, that's a technical term) the software that they paid someone to develop all without any real investment of your own - exactly what the spirit of the patent system is meant to prevent you from doing - stealing other peoples innovations, not to prevent you from innovating on your own. If you want to use an off-the-shelf or custom built computer and implement your own methodology for accomplishing the same task, there doesn't appear to be anything anywhere in the patent application that would prevent you from doing so; you just can't steal IBM's precise method for doing so. I don't claim to understand how they mean this can be implemented without automation or computerization, I'll admit. I've read as much as the patent application as I can bear to (or have time for, for that matter), but claim 1 indicates automation is necessary. To wit:
1. A system for reducing customer dissatisfaction for waiting, said system comprising:a queue monitoring subsystem that detects an entry of a customer into a waiting queue;a reward computing subsystem that calculates a reward for the customer for being in the waiting queue; anda communication subsystem to communicate the reward to the customer,wherein at least one of said queue monitoring subsystem, said reward computing subsystem, and said communication subsystem is automated.
I looked for but did not immediately see any claim within the patent that the system can be used without computers or automation. In point of fact, the entire filing seems to indicate that an automated or computerized system is entirely required.
Just because I have a patent on a child's swing-set doesn't imply or grant a patent or ownership on the idea or process of swinging, just my unique design that allows you to accomplish the task of swinging. Similarly, the company (companies?) who make the little restaurant pager systems don't hold any ownership of waiting in a restaurant, nor any ownership of radio technology, pagers, or even using a like device to alert customers that their table is ready, they simply own the rights to *their* particular implementation of it - i.e. you can't simply use their software and make an identical copy of their equipment and implement it for free or resell it to others, requiring you to do your own innovation, not profit off of someone else's.
I realize slashdotters can be hard-headed - look at my user number, I've been here a while and made some hardheaded posts myself, both for and against patent law. There is no doubt that the USPTO is a broken system in dire need of reformation (or disbanding), but people are taking this one wayyyyyyyyyyyy too far without really stopping to consider that occasionally companies do apply for patents for valid reasons, and that there is a need for a patent system, even if the one we have is often abused.
And shame on kdawson for posting such a sensationalist FUD piece - the patent application could have easily been noted, mentioned or referred to without such a huge quantity of sensationalism, hyperbole and supposition from the contributing user.
Democracies and Republics
I was looking through my old posts, and thought it was a shame that few people probably read this. I also thought it was a fine bit of writing on my part, and it's somewhat relevant to the issues of the day, so I'm reposting it in my journal, not that anyone is likely to read it here either, but I think its worthwhile.
How many times do you people have to be told???
The US is a Republic not a Socialist Democracy, so please, get your facts straight people! Mob-rule does not work! Besides, "Democracies" never wind up being democratic for more than the 10 minutes it takes for a Mao-Tse-Tsung or Stalin to step in. History is FULL of examples of failed attempts at democratic goverments, whether they fell to exterior forces b/c of a lack of decent, cohesive foreign policies or whether they fell from the inside due to lack of consistent domestic policies, they always fail, they fail pretty quickly, and they fall HARD. No government or nation has ever stood as it was forever, but some last longer than others, and republics (the way our nation was designed to be as set forth in the constitution) tend to fare better than most.
Rome was a republic too. Rome also fell. But yanno, during the time of the Roman Republic, the citizens of Rome were by far and large much better off than the citizens of any other land, as are the citizens of the U.S. right now... Beware those who would make our great nation a Socialist one and then subject (or subvert) it's will and the will and wants of it's people to another entity like the U.N. who just wants to steal money and resources from those who work so hard to make this country the great place it is. Billary would rather everybody get equal shares for unequal work, rather than reward those who deserve it and let those who do nothing (e.q. 60%+ of welfare recipients, IMO) and deserve support the least to rot, as it should be. Take a closer look at the LEFT and the FAR LEFT as well as it's figureheads and leaders, and you'll get a much clearer picture of Socialism and Facism than you will from the right. My biggest problem with the right-wingers is their religious agenda and anti-abortion stances, but the last thing you can do is call them facist. Pull your head out of your ass and try a dispassionate and honest observation of your own views before you start dissembling on the views of others.
Wow, this whole thread is WAY off topic... Classic example of what /. has degenerated to, I suppose. Shame on me for contributing to it, but these people need straightening out, damnit.
-ists, -isms, and pseudo-techno-enlightenment.
I find myself motivated to write a short something in my journal. I will quite possibly never do so again. I will, by the same token, quite possibly do so again on a different Sunday at 1:30 in the morning and I'm bored with sleeping roomates and on my third glass of scotch. That said, one should always keep in mind that the Tao that can be named is not the thing named, and I have great ph33r of that dire warning this entry box has next to it informing me that this entry will go down on my permanent record, for woe be unto he who fails to make a particularly insightful entry into his /. journal, forever ruining his chances at getting into the geek hall of fame... Oh no!
"On the other hand, you have different fingers." -Unknown
"Brilliant spirits often receive violent opposition from mediocre minds." -A. Einstein
"The keyboard is mightier than the machinegun."