One of the methods used by normal humans to send other (normal humans) on the "guilt trip" is to use the cliche "every time you do THIS or THAT god kills a kitten. Please, think of the kittens..." For an even bigger guilt-trip, you can use "every time you do THIS , somewhere a kitten gets run over by a Monster truck. given not ten minutes ago to the five year old girl standing by the side of the road, spattered, red, and crying as she fumbles with her inhaler" (Thanks to Brian Bilbrey, member of The Answer Gang for the picturesque description )
Frankly, the whole killing of the kitten part leaves me rather unmoved. Having lots of free time on my hand lately, I thought of things that would send me on a guilt trip.
every time you do THAT, your email id gets harvested by Mr. Joseph Adisa of Lagos, Nigeria
every time you do THAT, Microsoft issues ten critical updates
every time you do THAT, some clueless bastard says "Linux has less viruses because it is less popular " (my veins are throbbing just writing this)
every time you do THAT, some luser says "IE is better than Firefox since IE supports advanced features like ActiveX"
every time you do THAT, someone starts building a new Linux distro
I know I am not normal
[Jimmy]
Hmm... expand the list...
Every time you do THAT:
Some poor admin has to configure sendmail
Someone decides to write a new implementation of Scheme
Someone writes a new "open source" licence
(Oh, and by the way, Firefox (and Mozilla) does support ActiveX. (I would say on both Linux and Windows, but it turns out that Wine requires the use of the Windows version). Konqueror also does (or, at least, did), using the reaktivate module from kdenonbeta)
[Jimmy] I could add "Jimmy starts another off-topic thread"...
When the first server was turned on, it booted all the way to the
standard AIX login prompt. It was later discovered that the root
(master account) password was indeed set to root.
...
Keep in mind that these servers came from the State Transit Authority
of NSW, how is it possible and acceptable in this day of age that
governmental servers be decommissioned and sold without wiping the
contents of the drives?
...............
[Martin]
Good grief how the heck did that happen... ?
"If we, the free-software proponents, had lost [the July 6 vote in the
European Parliament], it would have been a final defeat in Europe. The
relevant part of the European commission works hand in glove with the
Business Software Alliance (BSA), and a BSA lawyer actually wrote much of
the text of the draft directive the commission proposed. (We know this
because they were so foolish as to publish it as a Word file, which
contained information about who wrote what.)"
"Our years-long fight has shown how undemocratic the EU is."
"Bullying a whole national government appears to be easy, but there is
usually no need to go that far: it suffices to convince one minister, or
the minister's representative, to vote as desired. The Hungarian
representative voted for software patents even as his prime minister said
Hungary was against them. The German representative voted in favour even
after the German parliament voted unanimously against. The Dutch
government pushed software patents through the council of ministers after
its parliament ordered it to reject them."
"Decided that the CollabNot infrastructure must have been stolen
whole-sale from some bad D&D
game: if ye wish to attain commit-level
access for project foo, ye must first - request the 'Acolyte' role in
the foo project. If approved, ye need to accumulate power-points - the
path lies through stealing the magic sword of Blag and killing the
evil goblin of Nurg. When ye hast won through: heft your stone of
Bling, and publicly crunch the bones of Nodab (for luck) - while
requesting stewardship of the Can-Commet relic. Be warned - only the
few get this far, and the process must be repeated for each 'project'.
Many fall at the next mighty hurdle to await you: the mind-deadening,
spine chilling Specification task, with it's many difficult stages:
iTeamus-formationus-from-nothingus, QAEducationus,
endless-pointless-discussionus, and acutely-delayed-resultus. The real
shame is Sun didn't choose Collab to help strangle their OpenSolaris
baby."
"The third big lesson we can learn from open source and blogging is
that ideas can bubble up from the bottom, instead of flowing down from
the top. Open source and blogging both work bottom-up: people make
what they want, and the the best stuff prevails.
Does this sound familiar? It's the principle of a market economy.
Ironically, though open source and blogs are done for free, those
worlds resemble market economies, while most companies, for all their
talk about the value of free markets, are run internally like
commmunist states."
[Thomas]
Ugh.
"Look, Mike, I'm like, just so like impressed."
"The word like may be the only word in English that can be a noun,
verb, adverb, adjective, preposition, conjunction, and interjection."
[Thomas]
Not in the 'Pocket Thomas Adam Dictionary'.
I'm, like, no way! What's in your dictionary?
[Thomas]
Some ha'pennies.
What they call a hedge is what I've meant by "softening" the sentence.
"Like" shows a measure of doubt or approximation, and is a polite way of
saying something negative. Contrast:
...............
'
He was wrong. -vs- He was, like, wrong.
That dress is ugly. -vs That dress is, like, ugly.
'
...............
[Thomas]
Oh, sure. I understand its usage, I just... there's something about it
that I don't like. It's wrong of me, I know, but whenever I read
sentences written like [1] that, I can't help but read it in a flippant
way. Pah. It's just me.
[1] There's that word again.
"Some are pressing to have valley speak (also known as Valspeak or
mallspeak) of which the uses of /like/ illustrated above are a telltale
sign, recognized as an American dialect."
[Thomas]
Indeed. Oh, don't get me wrong, I'm just very old before my time, and
don't agree with it.
Like, bitchin.
[Warning: vulgar language ahead. Last chance to press 'delete'.]
They have now diversified into other lines of business including My
Pussy and There's No Place Like Home. My Pussy is for girls with cats
("every girl wants to spoil her pussy").
http://girlmeetsdog.com/pussy.html
There's No Place Like Home is a charity for bringing boas to homeless
dogs in animal shelters. No, really. It "enhances the natural beauty"
of the pet, which I guess raises the pet's self esteem.
http://girlmeetsdog.com/noplace.html
[Thomas]
Ha! A most... hmm. "American" site, is a most fitting description for
it.
Although you have made me laugh, Mike. Hehehehe, thanks.
Slashdot interview with the manager of MS's Linux lab
I was pleased to see your reasonably candid responses to the moderated
questions that were posed on the Slashdot "interview".
I'd like to ask a more pointed question [set] related to Question 2:
Open Standards
"How does Microsoft internally deal with Open Standards and Open
Document Formats?"
It strikes me that you could have interpreted the question to mean "It
appears that Microsoft practices customer lock-in through proprietary
data formats. What progress do you see Microsoft making on reversing
these practices? Is Microsoft going to provide reasonable data-
interchange tools? If so, then why would Microsoft be patenting features
of their future document formats?
That would really be a stellar set of questions to hear the answer to.
It's the number one reason why I can't recommend MS products to clients
- data formats win out over user interface every time I lay the issues out.
Thanks again,
.brian
...............
end of copied message. Do you think I'll get an answer? If I do, I'll
let you know.
I have been back and forth via email with Bill Hilf of Microsoft's Linux
Lab, following his interview on Slashdot [1]. In question two, he was
asked about Open Standards, and weaselled a bit, to my way of thinking.
So I wrote and asked:
...............
I was pleased to see your reasonably candid responses to the
moderated questions that were posed on the Slashdot "interview".
I'd like to ask a more pointed question [set] related to Question 2:
Open Standards
"How does Microsoft internally deal with Open Standards and Open
Document Formats?"
It strikes me that you could have interpreted the question to mean
"It appears that Microsoft practices customer lock-in through
proprietary data formats. What progress do you see Microsoft making
on reversing these practices? Is Microsoft going to provide
reasonable data-interchange tools? If so, then why would Microsoft be
patenting features of their future document formats?"
That would really be a stellar set of questions to hear the answer
to. It's the number one reason why I can't recommend MS products to
clients - data formats win out over user interface every time I lay
the issues out.
***
...............
He sent me a link to Microsoft Office Open XML Formats Overview [2], and
stated "I think this is a great step forward in the right direction. -Bill"
Hmm, thinks I, after following the link and reading for a fair piece.
Then I write to him again:
...............
So, by "royalty-free" does Microsoft mean that use of the format will
be licensed to all comers?
Well, open patented format is less good than open public domain
format. I can hear the argument for "keeping control" of the format,
but as MS is the 800 pound gorilla on this issue, I'd imagine that
actual baseline control of the format would remain with the vendor
who has such a large percentage of the desktops, world-wide. Hmmm.
***
...............
Bill, game as ever, comes back with this stellar response: "[Bill Hilf]
Yes, 'royalty free' means you can use it without paying us a royalty fee."
Well, color me surprised, I'd have never come to that on my own. </sarcasm>
Then I replied:
...............
Yah, I know what royalty-free means. That's why I asked the key
other question, if MS would license it to anyone (OpenOffice,
Koffice, StarOffice, anyone). You didn't answer that. If you don't
know the answer, that's okay.
***
...............
Bill, ever resourceful, pops yet another link into the mix, and doesn't
answer my question: "It depends on the license terms of the program -
each program and license is available at MS' Shared Source Initiative.[3]
Office isn't among the "programs" listed in the Shared Source Initiative
pages, so I am lead to believe that Microsoft does not in fact intend
its Open XML Formats to be open in any real sense of the term. I'll
desist in my game of Whack-A-Hilf, as it appears that as usual, the game
is rigged.
I just thought TAG would be interested in the interchange.
Then Hare came out with a startling proposal. He said that the recent
corporate scandals could have been prevented if CEOs were screened for
psychopathic behavior. "Why wouldn't we want to screen them?" he asked.
"We screen police officers, teachers. Why not people who are going to
handle billions of dollars?"
It's Hare's latest contribution to the public awareness of "corporate
psychopathy." He appeared in the 2003 documentary The Corporation,
giving authority to the film's premise that corporations are
"sociopathic" (a synonym for "psychopathic") because they ruthlessly
seek their own selfish interests -- "shareholder value" -- without
regard for the harms they cause to others, such as environmental damage.
(Apologies if the title offends anyone, but I couldn't resist.)
Radio piece about Moby Dick and the King James Bible, two classic books that weren't well regarded when they were published. The KJB was commissioned, it says, both to unite England's Protestants and Catholics,
[Jimmy]
Well that's just plain wrong. At the time the Catholic church considered it heresy to translate the Bible. The point of the King James Bible was to have a Church of England approved translation -- it's the King James Bible, King James was the head of the English church. (Though, IIRC, he was generally regarded as a closet Catholic, so maybe...)
and because James objected to the Geneva Bible, which was strongly Calvinist and anti-monarchic.
[Jimmy]
Erm... I doubt it. There had already been several attempts at translating the Bible into English by then. "The Story of English" has quite a bit about the importance of English translations of the Bible and rates Tynesdale's highest.
[Jimmy (again)]
Whoops. The book is "The Adventure of English", the translator was
Tyndale. There was an earlier attempt to translate the Bible, by John
Wycliffe.
[Rick]
Tyndale got a rather... hot reception for it.[1]
/me halts, Austin Powers-style, to emphasise his rather laboured bon mot,
and wonders where his Mod backup band went.
[1] For the historically challenged: Tyndale was burned at the stake
by the Hapsburg regime in Belgium, which had arrested Tyndale there —
at the urging of a rather shadowy Englishman named Henry Philips, who
may have been acting on Henry VIII's behalf — as he was consulting with
scholars on the Continent.
[Jimmy]
Hmm. That reminds me that I should have thrown in a few Wikipedia links:
[Jimmy]
"From within the sanctioned, clerical, deeply traditionalist honeyed
walls of Oxford, Wycliffe the scholar launched a furious attack on the
power and wealth of the Church, an attack which prefigured that of
Martin Luther more than a hundred years later."
"[M]any familiar phrases do have their English origin in this
translation: 'woe is me', 'an eye for an eye' are both in Wycliffe, as
are such words as 'birthday', 'canopy', 'child-bearing',
'cock-crowing', 'communication', 'crime', 'to dishonour', 'envy',
'frying-pan', 'godly', 'graven', 'humanity', 'injury', 'jubilee',
'lecher', 'madness', 'menstruate', 'middleman', 'mountainous',
'novelty', 'Philistine', 'pollute', 'puberty', 'schism', 'to tramp',
'unfaithful' and 'zeal'."
Also mentioned are: 'humanity', 'pollute', 'profession', 'multitude',
and 'glory'.
[Jimmy (yet again)]
Oh, while I'm at it...
"Tyndale's words and phrases influenced between sixty and eighty
percent of the King James Bible of 1611 and in that second life his
words and phrases circled the globe.
"We use them still: 'scapegoat', 'let there be light', 'the powers
that be', 'my brother's keeper', 'filthy lucre', 'fight the good
fight', 'sick unto death', 'flowing with milk and honey', 'the apple
of his eye', 'a man after his own heart', 'the spirit is willing but
the flesh is weak', 'signs of the times', 'ye of little faith', 'eat,
drink and be merry', 'broken-hearted', 'clear-eyed'. And hundreds
more: 'fisherman', 'landlady', 'sea-shore', 'stumbling-block',
'taskmaster', 'two-edged', 'viper', 'zealous' and even 'Jehovah' and
'Passover' come into English through Tyndale. 'Beautiful', a word
which had meant only human beauty, was greatly widened by Tyndale, as
were many others."
"The word 'king' appears not once in the Old Testament of the Geneva Bible. Instead it used the word 'tyrant'." Oops. By the time James's translation appeared ten years later, it was virtually ignored, and the king himself had gone on to other things.
"By the time the bible was published in 1611, King James was pretty well losing it. He'd spent so much money on his boyfriends and his palaces and his parties, and had alienated such wide branches of Puritan opinion, and he was drinking so much, that his star was waning anyway." Then after a civil war, it became an object of consolation, a reminder of an era that was lost.
Willy Wonka
From Adam Engel
Hence, it must be doable and I merely can't
figure out how to do it, or it's doable but not worth the time/effort
and was a silly idea in the first place." On the other hand, if the
numbers can be deconstructed in Perl, and reconstructed, why not? They
laughed at Willy wonka, and look at him NOW.
[Jimmy]
Hey, as long as the snozberries still taste like snozberries, I'll be
happy.
[Jimmy]
Dang. No snozberries, but it does have Christopher Lee!!
[Jimmy] I'd like to point out that I'm partial to snozzberries after the
scene in "Super Troopers".
I saw his name on the opening credits, but once the movie started I
forgot to look for him, and since I haven't seen him in anything but
old 1960s horror movies, I probably wouldn't recognize him. But I'll
give it a shot: was he the grouchy old "grandpa," the one who didn't go
to the Factory but counseled young Charlie not to be a "dummy?"
[Lew]
Nope.
Christopher Lee was Willie Wonka's father, the dentist.
It took me a few good minutes to figure that out
[conspire] OT (somewhat) Linux perspective on "Zotob's"
From Rick Moen
I'm going to go to Hell for this, I know, but I'm succumbing to the
temptation to post about the latest Windows virus, here -- sort of. But
this won't be your standard "update your $WHATEVER" MS malware advisory,
I hope: I have in mind some points within spitting distance of
topicality for a Linux user group.
Here's a summary of the current one-day wonder. Feel free to compare &
contrast it against mass-news coverage:
Yesterday's worm, called Zotob, is an automated remote exploit against
insufficiently paranoid input routines in a Win2k (& some WinXP) "Plug and
Play" network daemon (in msdss.dll[1]) reachable over TCP port 445 (the
"Microsoft Naked CIFS" port). This weakness in the daemon's input
validation routines was discovered and disclosed four days before, in
MS Security Bulletin MS05-039, which was accompanied by a binary patch
to close the hole.
The exploit feeds the msdss.dll network interface aberrant data to cause
a -- yes, you guessed it -- stack-based buffer overflow (failing to check
the length of the network message[2] before passing it on to some
buffer), found recently by Neel Mehta of ISS[3], which somehow permits the
remote attacker to locally escalate privilege on the vulnerable machine
and then carry out assorted mischief and attacks on additional hosts.
The news stories and "virus advisories" tell people gruesome tales about
the aforementioned mischief, argue over which Win$FOO releases are and
are not vulnerable, and warn to install $WHATEVER without delay,
but what's invariably missing are obvious concerns like these:
Why the frell are all Win2k-and-later Microsoft machines offering open network access from anywhere at all to a Plug and Play "service" (daemon) -- even on Aunt Marge's desktop box? Who exactly thought that adding network-aware capabilities to Plug and Play was a good idea? (Note that this isn't the same as Microsoft's equally worrisome but distinct "Universal PnP" architecture.)
Why aren't machine admins/owners made aware that they're running such network daemons and exposing them to the entire world as attack targets? What does each of them do? How would one turn each of them off, or limit one of them to be reachable from (say) localhost only, i.e., running them bound only to the loopback network interface, or alternatively from just one's local IP subnet? What would be the consequences of disabling each of them? (I might point out that there's a frightening forest of network daemons enabled by default on such boxes, not just this one Plug and Play daemon on 445/tcp -- and Windows users are told nearly nothing about what, why, and how.)
Given the eyebrow-raising assumption that such a daemon has to be left running by default and accessible outside localhost, why can't Microsoft manage to make it validate its input correctly? I mean, this isn't brain surgery, guys.
And given that such a thing must be running, etc., why is the library allowed such apparently trivial access to escalate privilege? Why should it be able to escalate privilege *at all*? Haven't the Microsoft guys ever heard of role separation and dropping privilege in a process?
Linux relevance: Please note the difference in coverage and emphasis,
compared to *ix vulnerabilities
99% of the news coverage -- even in the allegedly technical press -- of
this "virus" (worm) included basically none of the relevant technical
details about the attack mechanism, and what is being attacked, and what
that is, and why that software is running in the first place... let
alone what would happen if you were to turn that software off, how you
would do so, etc. And my finding that information was like pulling
teeth. (I eventually found most of it at SANS.)
If this were a remotely exploitable buffer overflow and privilege
escalation in the *ix world -- say, in NFS's rpc.statd -- there would be
copious information easily findable about all of the above matters.
In fact, there is such information routinely available, when such
things emerge.
[1] The filename suggests that the library probably is primarily
concerned with the Microsoft Directory Synchronization Services, which
are an external interface for Active Directory. But it's really rather
disturbing and shocking that searching Google on this filename turns up
zero hits. (It's mentioned only in a few very new articles that Google
hasn't yet found.) The file's reportedly (per one recent article) not
provided by the OS itself, but rather silently installed and activated
when you install this-or-that additional software.
[3] http://xforce.iss.net/xforce/alerts/id/202 Interesting quotation:
"The Plug and Play service is a Windows DCE-RPC service that is designed
to handle device installation, configuration, and notification of new
devices. It starts automatically on modern versions of the Windows
operating system, and runs in default configurations. On Windows 2000,
this service is reachable via named pipes and a NULL session. It is
not possible to disable this service without adversely affecting system
operation.
This Plug and Play service contains a remotely exploitable stack-based
overflow. It has been proven to be trivially exploitable...."
[Deirdre Saoirse Moen]
From the Google translation of wakwak.com:
We inform about circumstance below from the trend micro corporation, in
regard to the Troy wooden horse type virus TSPY_BANCOS.ANM which is
announced on July 8th of 2005.
1. TSPY_BANCOS.ANM
The TSPY_BANCOS.ANM with the virus which is classified into Troy wooden
horse type, being something which transmits the information which from the
personal computer which is infected is inputted with the online bank of
specification, to the URL of specification, it does.
From other sites (auto-translated from Japanese) over the last day:
[probably about buying domain names]
Internet is enjoyed 100 times!
To the name store which with the television hides from the prestige store
of topic the decoy of the cake and the harmony candy
[probably about phishing]
Information leakage from the personal computer which it abolishes is
prevented, concerning the data method of elimination.
Sending a Geek on a Guilt Trip
Sending a Geek on a Guilt Trip
[Jimmy] I nicked
