Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Topic Options
#244370 - 19/12/2004 22:47 Beat the Slashdot crowd...
DWallach
carpal tunnel

Registered: 30/04/2000
Posts: 3810
The story, in a nutshell, is that we found a security flaw in Google's Desktop search tool. We told Google a few weeks ago and they've already pushed out a fix. Still, it's a good story. An article about this should be running in tomorrow's New York Times and the inevitable Slashdot hoardes will descent on my site like vultures. We've got the site, all to itself, on a Mac Xserve G4 (dual proc, 4GB of memory) with Apache. Hopefully, it won't get crushed.

Thanks also to Cybjorg for his help with the CSS style sheets, and check out the cool logo that my sister put together. I now owe her a favor.

http://seclab.cs.rice.edu

P.S. Please, if any of you guys want to post something to Slashdot or whatever, wait until the story hits the New York Times tomorrow. I offered them an "exclusive" on the story, so hopefully they'll tell the story correctly. There's nothing worse than a story getting butchered by a bad reporter.

Top
#244371 - 19/12/2004 22:53 NO SUBJECT [Re: DWallach]
jimhogan
carpal tunnel

Registered: 06/10/1999
Posts: 2591
Loc: Seattle, WA, U.S.A.
If you want to achieve your objective, my feelings won't be hurt if you delete your post.

I am now going top place a wager with myself.

Please note that this response is 100 percent content-free.

edit: spelling


Edited by jimhogan (19/12/2004 23:19)
_________________________
Jim


'Tis the exceptional fellow who lies awake at night thinking of his successes.

Top
#244372 - 20/12/2004 00:30 Re: NO SUBJECT [Re: jimhogan]
DWallach
carpal tunnel

Registered: 30/04/2000
Posts: 3810
Call me naive, but I assume this board is a community of people who like to know about things first and know how to keep things under their hat (which is often a condition of knowing about things first).

Top
#244373 - 20/12/2004 00:54 Re: NO SUBJECT [Re: DWallach]
jimhogan
carpal tunnel

Registered: 06/10/1999
Posts: 2591
Loc: Seattle, WA, U.S.A.
Quote:
Call me naive

Never. You're just not as jaundiced as some of us.

I don't have any questions about the overt community. It's just that lurker Anonymous Coward. He gets around!

Well, I haven't lost my bet yet. Handy, that, betting with myself.

Congratulations on your work.
_________________________
Jim


'Tis the exceptional fellow who lies awake at night thinking of his successes.

Top
#244374 - 20/12/2004 01:20 Re: Beat the Slashdot crowd... [Re: DWallach]
tonyc
carpal tunnel

Registered: 27/06/1999
Posts: 7058
Loc: Pittsburgh, PA
Great stuff, Dan. Good to see hard work pay off, and especially good to see that it was handled the right way with all parties involved. Best of luck to your poor server!
_________________________
- Tony C
my empeg stuff

Top
#244375 - 20/12/2004 01:25 Re: NO SUBJECT [Re: jimhogan]
DWallach
carpal tunnel

Registered: 30/04/2000
Posts: 3810
Quote:
Never. You're just not as jaundiced as some of us.


Well, tomorrow's edition of the NY Times should be hitting their web page in about 90 minutes. It's not like I posted something here a few weeks ago, although cybjorg knew about it because he helped me get the web site working. I had no idea how bizzare the world of style sheets could be.

Edit: it appears to be online right now (90 minutes early) http://www.nytimes.com/2004/12/20/technology/20flaw.html


Edited by DWallach (20/12/2004 01:33)

Top
#244376 - 20/12/2004 01:42 Re: NO SUBJECT [Re: DWallach]
jimhogan
carpal tunnel

Registered: 06/10/1999
Posts: 2591
Loc: Seattle, WA, U.S.A.
Quote:
I had no idea how bizzare the world of style sheets could be.

I'm learning that if you can completely ignore IE, they ain't that bad

Quote:
Edit: it appears to be online right now (90 minutes early) http://www.nytimes.com/2004/12/20/technology/20flaw.html

Ha! I lost my bet!...(or won, I can't remember).

Just read it. That is quite the piece. Well done. And y'all are famous!
_________________________
Jim


'Tis the exceptional fellow who lies awake at night thinking of his successes.

Top
#244377 - 20/12/2004 01:47 Re: NO SUBJECT [Re: jimhogan]
DWallach
carpal tunnel

Registered: 30/04/2000
Posts: 3810
Quote:
And y'all are famous!


To quote from the otherwise forgettable ¡Three Amigos!: "Not just famous, IN-famous."

Top
#244378 - 20/12/2004 01:49 Re: NO SUBJECT [Re: DWallach]
tonyc
carpal tunnel

Registered: 27/06/1999
Posts: 7058
Loc: Pittsburgh, PA
Woohoo! Now I'll know what a "composition flaw" is when I start my new job at the CERT in a couple weeks!
_________________________
- Tony C
my empeg stuff

Top
#244379 - 20/12/2004 02:03 Re: NO SUBJECT [Re: tonyc]
jimhogan
carpal tunnel

Registered: 06/10/1999
Posts: 2591
Loc: Seattle, WA, U.S.A.
Quote:
Woohoo! Now I'll know what a "composition flaw" is when I start my new job at the CERT in a couple weeks!

Well, Woohoo yourself!

Edit: No, I'm not that stupid. No recent mention of CERT (that I missed). Congratulations! New job!

Hey, why aren't you over there getting Dan slashdotted?


Edited by jimhogan (20/12/2004 02:05)
_________________________
Jim


'Tis the exceptional fellow who lies awake at night thinking of his successes.

Top
#244380 - 20/12/2004 02:07 Re: NO SUBJECT [Re: jimhogan]
Daria
carpal tunnel

Registered: 24/01/2002
Posts: 3937
Loc: Providence, RI
Quote:
Quote:
Call me naive

Never. You're just not as jaundiced as some of us.



It's only jaundiced if there's no justification.

Top
#244381 - 20/12/2004 02:28 Re: NO SUBJECT [Re: tonyc]
DWallach
carpal tunnel

Registered: 30/04/2000
Posts: 3810
Quote:
Woohoo! Now I'll know what a "composition flaw" is when I start my new job at the CERT in a couple weeks!


It's not exactly a common term. For all I know, I just coined it. It just seems like a way to describe how many security attacks go. It's the opposite of normal computer programming, where you (hopefully) have nice, clean APIs where all the relevant functionality is all in one place. Instead, you're trying to mash something from over here into the slot over there.

Top
#244382 - 20/12/2004 03:52 Re: NO SUBJECT [Re: jimhogan]
tonyc
carpal tunnel

Registered: 27/06/1999
Posts: 7058
Loc: Pittsburgh, PA
Quote:
Edit: No, I'm not that stupid. No recent mention of CERT (that I missed). Congratulations! New job!

Thanks! did plan on crafting a "life update" post over the Xmas -> New Year's week when I'll be up visiting family and thus bored for extended periods of time after everyone goes to bed. I've actually been very scarce on the BBS lately, trying to move into my new (to me) townhouse and adjust to the new surroundings here in the Pittsburgh area. Anyway, I have a few minutes, so I'll go ahead and post that now, but in another thread, so as not to cloud this one up with autobiographical nonsense.
Quote:
Hey, why aren't you over there getting Dan slashdotted?

<whoosh> Over where?
_________________________
- Tony C
my empeg stuff

Top
#244383 - 20/12/2004 03:58 Re: "composition flaw" [Re: DWallach]
tonyc
carpal tunnel

Registered: 27/06/1999
Posts: 7058
Loc: Pittsburgh, PA
Quote:
It's not exactly a common term. For all I know, I just coined it.

Cool. I had never heard the term, but it does sound like an appropriate way to describe it.
_________________________
- Tony C
my empeg stuff

Top
#244384 - 20/12/2004 05:31 Re: Beat the Slashdot crowd... [Re: DWallach]
bonzi
pooh-bah

Registered: 13/09/1999
Posts: 2401
Loc: Croatia
Congrats, Dan! I find especially impressive the fact that this work was a part of a student project. You certainly seem to be teaching them well down there in Texas! (But what else to expect from someone with results like yours )

I also like the web page about the discovery - clear, complete, slightly understated. No symptoms of slashdotting yet, BTW.

Heck, even NYT almost got it right (first paragraphs are a bit off ("which could permit an attacker to secretly search the contents of a personal computer via the Internet"), but they cleared it up later in the text).

Impressive, all together!
_________________________
Dragi "Bonzi" Raos Q#5196 MkII #080000376, 18GB green MkIIa #040103247, 60GB blue

Top
#244385 - 20/12/2004 05:34 Re: NO SUBJECT [Re: DWallach]
bonzi
pooh-bah

Registered: 13/09/1999
Posts: 2401
Loc: Croatia
Quote:
"Not just famous, IN-famous."

Heh, especially with Diebold
_________________________
Dragi "Bonzi" Raos Q#5196 MkII #080000376, 18GB green MkIIa #040103247, 60GB blue

Top
#244386 - 20/12/2004 14:15 Re: Beat the Slashdot crowd... [Re: DWallach]
cushman
veteran

Registered: 21/01/2002
Posts: 1380
Loc: Erie, CO
http://www.pcworld.com/news/article/0,aid,118999,pg,1,RSS,RSS,00.asp

PC World article posted, mentions your website, but does not provide a link.
_________________________
Mark Cushman

Top
#244387 - 20/12/2004 14:47 Re: Beat the Slashdot crowd... [Re: cushman]
msaeger
carpal tunnel

Registered: 23/09/2000
Posts: 3608
Loc: Minnetonka, MN
HardOCP mentioned it also they linked to cnet news.com
_________________________

Matt

Top
#244388 - 20/12/2004 16:04 Re: Beat the Slashdot crowd... [Re: DWallach]
tonyc
carpal tunnel

Registered: 27/06/1999
Posts: 7058
Loc: Pittsburgh, PA
And here they come! At least they were kind enough to just post the NY Times link in the story... Maybe that'll save the server.
_________________________
- Tony C
my empeg stuff

Top
#244389 - 20/12/2004 17:14 Re: Beat the Slashdot crowd... [Re: tonyc]
DWallach
carpal tunnel

Registered: 30/04/2000
Posts: 3810
So far, the load on the server has been relatively light - a couple hundred hits.

Top
#244390 - 20/12/2004 20:56 Re: Beat the Slashdot crowd... [Re: DWallach]
DWallach
carpal tunnel

Registered: 30/04/2000
Posts: 3810
All said and done, we're currently at 924 visitors to the home page and 1144 downloads of the tech report. Slashdot never linked to us from their home page; those downloads are from newspaper articles or from Slashdot readers. Eventually, I'll do a more detailed breakdown on the referrer logs, but this hardly even counts as a Slashdotting.

Top
#244391 - 21/12/2004 03:01 Re: Beat the Slashdot crowd... [Re: DWallach]
tonyc
carpal tunnel

Registered: 27/06/1999
Posts: 7058
Loc: Pittsburgh, PA
Quote:
but this hardly even counts as a Slashdotting.

You sound so... disappointed.

I know, I know, it was the anticipation.. the buildup.. and then.... nothing.

Kinda like Y2K...
_________________________
- Tony C
my empeg stuff

Top
#244392 - 21/12/2004 07:57 Re: Beat the Slashdot crowd... [Re: DWallach]
g_attrill
old hand

Registered: 14/04/2002
Posts: 1172
Loc: Hants, UK
Woo, a mention on The Register too, top story this morning:

http://www.theregister.co.uk/2004/12/20/google_desktop_flaw/

Still no link though!

Gareth

Top
#244393 - 21/12/2004 09:08 Re: Beat the Slashdot crowd... [Re: DWallach]
mdavey
enthusiast

Registered: 06/03/2003
Posts: 269
Loc: Wellingborough, UK
_________________________
Michael
Ex-owner of stolen empeg #030102741

Top
#244394 - 21/12/2004 15:53 Re: Beat the Slashdot crowd... [Re: DWallach]
Ezekiel
pooh-bah

Registered: 25/08/2000
Posts: 2413
Loc: NH USA
Dan - you know no real Slashdotter actually reads the article!

-Zeke
_________________________
WWFSMD?

Top
#244395 - 21/12/2004 16:27 Re: Beat the Slashdot crowd... [Re: Ezekiel]
DWallach
carpal tunnel

Registered: 30/04/2000
Posts: 3810
Or, 1000 out of, what, hundreds of thousands, actually decided to dig deeper. Now I just have to get the class grades done. They're due today...

Top
#244396 - 22/12/2004 04:24 Re: Beat the Slashdot crowd... [Re: DWallach]
mcomb
pooh-bah

Registered: 31/08/1999
Posts: 1649
Loc: San Carlos, CA
I'm pretty sure you made the SF bay area news last night as well. I saw a preview mentioning a Google bug and a screenshot that looked an awful lot like your web page. Unfortunately, I missed the actual report and I'm not sure which network it was.

-Mike
_________________________
EmpMenuX - ext3 filesystem - Empeg iTunes integration

Top
#244397 - 22/12/2004 11:41 Re: NO SUBJECT [Re: DWallach]
ashmoore
addict

Registered: 24/08/1999
Posts: 564
Loc: TX
Hey! You even made News8Austin !!
_________________________
========================== the chewtoy for the dog of Life

Top
#244398 - 22/12/2004 12:23 Re: Beat the Slashdot crowd... [Re: DWallach]
bonzi
pooh-bah

Registered: 13/09/1999
Posts: 2401
Loc: Croatia
You have been for over a day one of "top seven but not top two" Google news stories (those in right top corner), and still only a thousand hits? People seem to have very short attention span these days...
_________________________
Dragi "Bonzi" Raos Q#5196 MkII #080000376, 18GB green MkIIa #040103247, 60GB blue

Top
#244399 - 22/12/2004 15:48 Re: Beat the Slashdot crowd... [Re: bonzi]
DWallach
carpal tunnel

Registered: 30/04/2000
Posts: 3810
The latest stats:
- 3647 hits for the CSS style sheet (which says something about unique visitors)
- 4687 hits for the PDF tech report (several news reports linked directly to the PDF)

Not bad, I suppose...

Top