Posts by Franklin 619 publicly visible posts • joined 17 May 2007
"Another fail for the unethical application of "cost-benefit analysis". Instead of doing the right thing and licensing the tech, it did a cost-benefit analysis and figured getting caught doing something unethical was cheaper than doing it right. "
That assumes the patent was valid to begin with and that no prior art existed. I'm not sure I trust a jury to make that assessment; are you?
This campaign is targeting a number of auto manufacturers. I first became aware of it about a week and a half ago while searching for parts for my Honda del Sol; a large number of Web sites promoting various Honda-centric keywords were redirecting to xp-police-antivirus.com (now defunct) and scanany6.com (still active on burst.net), both of which try to download malware disguised as phony antivirus software.
I've also seen similar malware compaigns targeting Nissan.
Interestingly, one increasingly common tactic these guys use is to create profiles on Web sites ranging from open-source projects to community wikis to video sharing sites, seeding the profiles with various popular keywords, then embedding JavaScript redirectors in the profiles that redirect visitors to the malware site. The lesson in here: Webmasters, *never* allow JavaScript in user profiles or other user-supplied fields!
"When a web site sees that it's being accessed by IE, it serves its IE6/IE7/whatever non-standards-compliant pages."
Bingo. That's exactly what I thought.
All Microsoft had to do is to change the browser's user agent. If IE8 sent a user-agent that replaced "MSIE" with something else (say, MSSC for Microsoft Standards Compliant, or MSFDS for Microsoft Finally Doesn't Suck), the whole problem could have been avoided.
Explorer has been fundamentally broken for so long that Web developers know any time they see MSIE in a user-agent string, they need to serve up broken code to make the page render properly. When IE 8 sends its user-agent string, it's *asking* for broken code. Change the user-agent string for IE 8 and it won't get served the broken code; problem solved!
...is unlikely to work. You'd need some nontrivial engineering and scientific know-how, some extremely sensitive gravitometers, and a handy supply of large quantities of lead (plus the tools and machinery to work with it) to get it right. And then, after you've hired a team of physicists, metallurgists, and construction workers and spent months and months getting it exactly right, simple ground penetrating radar would show your network as if it had flashing Christmas lights all over it.
"Normally I don't like to think short-term, but if we hope to get out of this recession/depression, then we need to. As for my own country, I'd gladly give up the space program (including the ISS) for however long it takes to reach non-rec/depression status. Spending lots of money on things which have no immediate benefit makes little sense in a rec/depression."
Capital idea. So I guess you'd be talking about the wars in Iraq and Afghanistan then--five years of expenses that burn through more money in a couple of weeks than the ISS and the space program go through in a year.
Cutting funding for science while continuing to pour money into the sand in Iraq is like saving money by cutting out cable TV while still buying a Ferrari every month.
...if more people would bother to learn how patents work.
A design patent is not the same thing as a conventional patent, or "utility" patent. A design patent covers only the shape or appearance of a thing, and only if that appearance is not directly related to the function of the thing. (Dizzy Gillespie's upturned trumpet, for example, is covered by a design patent.)
A design patent filing will usually be quite brief, because the only thing that is being patented is the appearance of the thing, not its function. This is not a patent on a 12-volt car power plug; it's a patent on a 12-volt car power plug with that shape.
...in this case, the multi-talented Ms. Hilton is free of any responsibility for the attack. She may know less about computer security than I know about drunken orgies in European nightclubs, but there's no way she actually built and maintains her Web sites, no? Airhead or not, seems to me the person who's responsible here is whatever clod she's paying to do her Web site.
The T-Mobile and Facebook thing I can see; presumably she chose her own passwords, after all. But unless someone's going to say that she designed and coded the Web site herself--a prospect I find unlikely--this one ain't her fault.
Perhaps. But I have confidence that technology will shoulder on, so by the time the politicians wrap their lizard brains around the Internet, there will be whole new communications media for them to misunderstand and bollox up.
And, you know porn will be involved. Every new technology...
...is for the open redirector to check the browser's referrer, and if the referrer isn't the same as the site's domain, don't redirect. Most redirectors are internal, and used only within a specific site, so if the redirector sees a referrer that isn't from the hosting site, something's wrong.
I first noticed this problem myself in November, and blogged about it at
http://tacit.livejournal.com/270792.html
"Really inspiring what those Science types can do these days - how long until we're actually living forever and turning lead into gold?"
Turning lead into gold is easy. Well, relatively easy, if you have the right gear, for some value of "the right gear" that includes "linear particle accelerator." Turning lead into gold *economically* is the tricky bit. You can do it if you don't mind doing it a few atoms at a time at tremendous expense (fancy half a trillion dollars a gram for your gold?)
The living forever part can't come soon enough, if you ask me.
...is cheating.
I know several people who defected from WoW to Age of Conan when it launched. Better graphics, better PvP, the ability for players to build their own cities--on paper, it looks, and plays, much better than WoW.
But the early versions of Age of Conan were rife with exploits; in fact, an exploit package, AOCbuddy, quickly began circulating which gave players abilities such as invisibility, infinite hit points, the ability to teleport anywhere on the map, the ability to see all hidden or stealthed characters, and so on--all from a convenient pop-up menu.
Every player I know personally--every one without exception--who left WoW for Age of Conan quit AoC in disgust when the game maker refused to take action to close the vulnerabilities and stop the exploits. In fact, my understanding is that most of these exploits still have not been fixed. At this point, players who do not cheat are at such an overwhelming disadvantage that there's no point playing.
Security is hard.
What's the incentive for ISPs to secure their servers? None. Security doesn't sell to the overwhelming majority of folks who want to put up a Web site; the only three things they care about are price, price, and price. An ISP can be pwn3d sixteen ways from Sunday, with thousands of sites hosted on their servers penetrated daily, and they'll still make money.
What's the financial incentive for ISPs to disconnect compromised, malicious, or spammy customers? Again, none. They lose revenue, but what do they have to show for it, besides kudos from a handful of folks who care about security?
What's the financial incentive for ISPs to educate their customers about security? None. It's costly and it doesn't make a lick of difference to the bottom line.
I've written emails to ISPs that host compromised servers and have hundreds, or even thousands, or in two cases tens of thousands, of virus and malware droppers living on their networks, and received replies like "I see the problem and issues involved, I have to say what they are hosting is not right, but the best we could do is try to communicate with the client and urged him to stop or issue a 30 days termination notice per our terms of service if it is not resolved to our satisfaction. Please understand we have our difficulties as well from a service provider point of view and thank you for the understanding." (That's a direct quote, mind.) That is, when I receive a reply at all.
Until a direct, tangible incentive exists for ISPs to take responsibility for their networks, or a direct, tangible disincentive exists for ISPs to tolerate this kind of situation, or both, the situation will remain exactly as it is.
"I have an image that is potentially illegal. Can you tell me if it is actually illegal?"
"Well, show it to the IWF. They can tell you if it's potentially illegal."
"Look, I already know it's *potentially* illegal; I need to know if it is *actually* illegal or not!"
"The IWF can refer images to us that are potentially illegal."
"We've established that it's potentially illegal. I'm referring it to you to find out if it's actually illegal."
"Send the image to the IWF and they can evaluate whether or not it's potentially illegal."
So, um...whose job is it to make a decision, anyway?
If all it has to offer is being "a step beyond what we did with the Xserve RAID" in terms of ease-of-use," then I don't see it really taking off; setting up the original Xserve RAID wasn't exactly rocket science to begin with, and the other RAID solutions on the market do just fine, kthx.
The iPhone administration app is kind of slick, but really, how often do you wake up at 3 AM, roll over, and say "Damn I wish I could administer my RAID array but I don't want to get up and go over to the computer! If only there was a way to do it from my phone!"?
Surely Wikipedia's policy is not "We don't censor," but rather "We don't censor unless we agree with the reason for it or there's something in i for us"?
Wikipedia has an entru on "child pornography" at
http://en.wikipedia.org/wiki/Child_pornography
Now, surely, if some editor uploaded a number of real images of child porn and placed them in the article with a caption like "Some examples of child pornography," they'd be removed right quick. I got fifty bucks what says Wikipedia would censor those images in a heartbeat.
So the real issue is not that Wikipedia doesn't censor, but that in this reason they see no particularly compelling argument in favor of removing this particular image. In which, I must grudgingly concede, they are right; labeling the album cover as "porn" is ludicrous in the extreme, and blocking Wikipedia but not Amazon.com over it simply shows the inherent silliness of censorship.
"What they REALLY need to do is find a way to make all the idiots still using IE6 upgrade their browser. People won't stop writing 'incompatible' HTML while it is required for IE6 which still has ~20% of the browser share."
Not gonna happen. The next version of Windows Mobile will reportedly use (gak!) IE 6 as its browser. This mess is never going to go away. Never.
Funny, that...I'd just been musing about the utility of a device capable of taking...err, specified actions based on GPS coordinates in a more...umm...well, *intimate* context just a few weeks ago.
http://tacit.livejournal.com/251196.html
Now it sounds like someone's done the heavy lifting for me.
"Suspend disbelief. Stop thinking it is a documentary and realise it is fiction. If fiction had to make sense there would me no HHGTTG, Discworld or Shakespeare and the world would be a poorer place."
The difference between good fiction and bad fiction is that good fiction remains consistent with its own premises. Bad fiction does not.
Yes, the television show is fiction. Everyone knows that. However, critiquing the flaws in poor fiction is still a worthwhile pasttime; it beats staring vacantly at the tube and passively letting it wash over you. At least writing the critique is an active process.
Frankly, I've never understood the folks who just sit staring at the tube making fun fo the folks who do something; even doing something as trivial as writing about a TV show still beats just watching it.
...unless you're grading on a curve.
Now, I like my iPhone, don't get me wrong. In fact, I like it more than any other phone I've ever owned. owever, on the whole, I'd rate it a B- to a C+, and rate almost every other phone I've ever used (including my late but not much lamented Razr) somewhere between a D- and an F----.
It's a testament not to SteveJobs but rather to the sorry state of the consumer cell phone industry that Stevie can say "Hey, everyone, I'm going to make a cell phone with a user interface that doesn't quite totally suck!" and the entire world swoons. The iPhone looks so good not because it's a great phone, but because all the other phones out there are so truly Godawful that our expectations are pretty low.
Halo Steve because "I'm going to make a cell phone with a user interface that doesn't quite totally suck!" is, sadly, an improvement over the status quo.
I've repeatedly found that reports of spam sites or computer viruses hosted on livefilestore.com, Microsoft's file and malware distribution system, are rejected by a form email that reads "Unfortunately, in order to process your request, MSN Support needs a valid MSN hosted account."
It's totally unclear from this stunningly badly-worded, garbled message whether Microsoft's abuse team--if indeed it has one--is trying to say that they only accept abuse reports from people who are Microsoft hosting customers, or if their software is just so fundamentally broken that it can't recognize a Microsoft-hosted URL in the message body.
Just stick some copper mesh on the walls of the area where you don't want cell phones to work, ground it, and wham! Instant Faraday cage. Cell phones quit working. A lot cheaper than what they're talking about, too, and no pesky laws being violated.
I'll take my $150,000 consultant's fees now, kthx.
"Previous examples of malware able infect Mac systems have included an Apple-variant of a scareware (fake anti-spyware) package and a Trojan, DNsChan-A, that detected whether it was attempting to infect either Windows or Mac systems before running the appropriate infection routine."
That's not quite correct; to my knowledge, no single binary file exists which detects the host platform and then 'runs the appropriate infection routine.' Instead, what happens is that the Web site hosting the malware detects the platform (by looking at the browser's user agent), then downloads either a Windows executable or a Mac/Linux shell script.
The article also does not make clear that this malware and 'the earlier RSPlug Mac Trojan' are one and the same; the malware is variously called OSX.DNSchanger.A, OSX.RSplug.A, OSX.RSplugin.A, or OSX/Zlob. It's different in structure but identical in function to the Windows Zlob malware, and almost certainly originates from the same group. The OS X version is actually a generic *nix shell script that creates a root crontab on any *nix variant, which runs every two minutes and changes the system's name servers to hostile name servers in Eastern Europe; as you may imagine, it requires that the user type in an administrator password on OS X or a root password on Linux/Unix in order to do its work.
Perhaps the original notion of the Long Tail simply came from looking at the wrong dataset. There are indeed places--or, at least, one place--where all this Long Tail nonsense actually makes sense, and that's th world of pr0n. In this day and age, a pr0n movie is considered a 'hit' if it sells four thousand copies; the tiny handful of wildly successful grumble flicks* out there are a very unusual aberration. Pr0n is all about the niche.
So it's entirely possible that Mr. Anderson is merely looking at the wrong tails, and attempting to generalize from those tails to other industries? (I know there's a pun lurking in there somewhere.)
Point being that the notion may have some merit in certain highly select industries, even if it is utter hogwash if applied more generally.
*God bless you Brits and your contributions to language. Seriously. British vernacular is a thing of beauty. I'd dearly love to know the etymology of the expression "grumble flick."
I got a Toyota some years ago and damned if there weren't hairline scratches in the paint around the door latch just a year afterward. I should sue Toyota!
And I got a DVD player last year, and it ended up with little hairline cracks in the front of the DVD loading tray. Another lawsuit, perhaps?
At this rate, I figure I should be able to file fifteen or sixteen class-action lawsuits by Friday. Sure beats workin' for a living!
Mine's the one with the hundred-dollar bills stuffed in the pockets.
...is the private network of name servers the miscreants have built to serve up the attack web sites, at least one of which was living for a time on a pwn3d box living in US military IP space.
Http://tacit.livejournal.com/267827.html
Http://tacit.livejournal.com/264955.html
Yes, it's true that you're exceedingly unlikely to get any malware on your computer if you're not using Windows. This is a given. Redmond apologists like to say that this is only because there are more Windows boxes than any other kind, and that if some other operating system were as popular as Windows then it would have the same problems; this is untrue for a number of reasons, many of which relate directly to the technical design decisions made in the early days of Windows, but that's neither here nor there.
Security folks often tend to look to the box for defense. Run antivirus software, the common wisdom is. Run firewalls. Good advice, to be sure, but the fact of the matter is that this will never provide an adequate defense. Malware changes too rapidly for AV vendors o keep up with, and firewalls defend against worms but not against malware that comes in from the browser or through email.
What I'd like to see is more attention focused on the supply side, not the demand side, so to speak. Where is the malware originating? Surprisingly often, from compromised Web sites (SQL injection attacks, anyone?), from compromised blogging and forum software hosted on Web sites (dear God, somebody, please make the insecure installations of phpBB go away!), and from sysadmins and ISPs that just don't give a toss.
Case in point: a free phpBB service called setbb. At any given time, this "service" has anywhere between 29,000 and 48,000 redirectors on it that lead the unwary to W32/Zlob droppers; as of last Friday, a rough estimate I've made suggests that 1 in every 4 forums hosted on setbb is infected with a redirector that leads visitors to malware droppers. I've spoken to the Web host for the site; their position is "Well, we're aware that there's a serious problem here, but technically they're not violating our AUP because technically they're not hosting copies of the malware, only redirectors to it. So we're not going to do anything."
Another classic example: news sites which use internal redirection scripts that are insecure and don't check referrers. I've seen people hijack these redirectors by seeding Google with popular keywords linked to a news redirector that leads to a malware site, something like
www.somenewscompany.com/redir/php?link=http://www.somemalwaresite.lv
Since Google recognizes "somenewscompany.com" as a news site, these redirectors appear in keyword searches within Google News. It's trivial to write redirector scripts that check the browser's referrer to prevent this sort of thing, but few sysadmins seem to do it.
I'd like to see a little more focus on the distribution side, not the desktop. If ISPs become more proactive about policing their systems (seriously, guys, it's not all that hard to do), if site owners were given a goose to keep their sites more secure (how about their host levying a fine on anyone who runs insecure software on their site if the software gets hijacked?), if people would guard against SQL injection (really, in this day and age, ANYONE who does not sanitize user input to guard against SQL injection needs to be taken out behind the chemical shed and shot!), wed do a lot more to solve the problem than this desperate rearguard "clean up the box after it's been pwnd" nonsense.
"Throughout the entire controversy, principals with EstDomains and EstHost have maintained they do not knowingly allow customers to run illegal websites.
"We don't provide the service for spammers/phishers etc, and we never did," Konstantin Poltev, registry liaison for EstDomains, wrote in an email to The Register on Wednesday. "
BWAH hah hah! I can't even count the number of times I've reported phishing sites and sites used to spread the various flavors of W32/Zlob to ESThosts. To my knowledge, no action has ever been taken against such sites. "Do not knowingly allow customers to run illegal websites" my fanny.
Getting deaccredited couldn't happen to a nicer bunch.
...lemme get this straight. A couple of people assault, beat, and threaten the life of another person, and the bit the courts are concerned about is whether or not you can steal an item that's not made of physical stuff? Surely that's an irrelevant footnote, right? Surely the assaulting, beating, and threatening of another person is already against the law, right? Right? WTF kind of justice system is this, anyway?
"The precedent for this case was attempted a long time ago by the character called Job and it was written up as part of the Bible."
Yep, and a damn poor showing it makes of God, too. In fact, 'twas reading the Bible cover to cover (twice) what converted me away from Christianity. The entity described in the Bible is so absurd as to have no chance of actually existing--but if he does exist, then he most assuredly is not good and most assuredly is not worthy of praise or worship, as the example of Job shows.
Rather appalling behavior on God's part, really, if you ask me. If we saw a monkey in a zoo behaving as badly as God behaves in the Bible, the handlers would likely be obliged to shoot it.
Pity the bloke doesn't exist. I for one would LOVE to see a lawsuit against him proceed.
...c'mon. Seriously? That's what people are worried about--"polluting Mars with radiation"?
Listen, Mars is ALREADY polluted with radiation. It has no magnetic field and a tenuous atmosphere; the surface of Mars is a hell of radiation. So much so that any future meat units we send there will need to arrive in a spaceship shielded against it, and with space suits likewise shielded.
"Radiation" is the new bogeyman under the bed. So many folks are scared to death of it; so few folks know what it actually is.
Worrying about "polluting Mars with radiation" is like worrying about getting Mars all dusty. It's a tribute to how frightened we are of eeeeeeevil radiation and how profoundly ignorant we are as a society that anyone could even dream up such a concern.
"...use songs and content from primarily Democratic-leaning bands - and his licences PROBABLY DO NOT cover worldwide electronic reproduction via teh intarwehb tubes - he might stand a better chance, and used entirely Republican-supporting musicians instead.
So, that's... Ted Nugent, Ted Nugent, The Nuge, some more Uncle Ted and Ted Nugent."
And Kid Rock. Mustn't forget Kid Rock. Even though the rest of the world already has...
"...if this were our saviour Obarmy whether there would be so many snarky remarks here."
Irony is irony; it knows no political bounds or loyalties. A bigshot political figure votes for a law and then finds himself inconvenienced by it, and has the cajones to go crying for special treatment...well, it doesn't really much matter which side of which fence he's on, in my book.
The DNSchanger malware for Macs was until recently being spread through a large network of fake pr0n sites, fake antivirus sites, hacked sites, hacked WordPress and phpNuke installs, and so on, but all the various sites and redirectors dedicated to spreading this bit of malware were all pulling the malware itself from the same IP address, in Intercage's address space.
Since Intercage went dark, I've confirmed that the server being used to dish up the DNSchanger malware is no longer reachable.
I've no doubt that the criminals are going to put it up on another server at some point, of course, but they'll have to reconfigure their network of fake pr0n sites and hacked legitimate sites and so on to point to the new server when that's done, so in the meantime this particular bit of malware doesn't seem to be spreading.
Comparing the Internet to the phone company, and comparing asking ISPs to terminate malware sites to asking the phone company to disconnect drug dealers, doesn't work. The analogy would only work if the phone. Ompany were being asked to disconnect miscrea ts who were using their phone line to tap, bug, or mizdirect other people's phone calls... And were that the case, I beg the evildoers would indeed find their phone service terminated.
As for Intercage--I have indeed complained to them, on many occasions, about spam and malware sites. In my experience, expecting them to take action is about like dropping a rose petal in the Grand Canyon a d waiting to hear an echo.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
