He is mounting "/dev/sdb1" to "/tmp". Most Linux systems mount the in-memory only "tmpfs" to "/tmp", so data written to it is in memory only. Unless the pages comprising "tmpfs" are swapped to disk, none of this information should ever even touch the hard disk. But the way he set it up, "/dev/sdb1" will capture all terminal data. Why would you even set it up this way to begin with? It's not the default setup.

This is pretty stupid. Not a security vunerability, just another thing to be careful of -- never mount a physical disk to "/tmp".

If someone exposes your dishonest scheme, lie, lie, lie, lie, and lie some more, repeat the same lies over and over again in every venue and on every news network so often that people start to think you are telling the truth. Accuse everyone else of being dishonest, accuse everyone else of conspiring against you, tell everyone who will listen, and if anyone who listens actually believes your lies, praise them for being fair and balanced.

The second rule of PR is...
lie, lie, lie, lie, and lie some more, repeat the same lies over and over again in every venue and on every news network so often that people start to think you are telling the truth. Accuse everyone else of being dishonest, accuse everyone else of conspiring against you, tell everyone who will listen, and if anyone who listens actually believes your lies, praise them for being fair and balanced.

Mod parent up, please.

I think what you are trying to say is, it won't help the people who really need help? Anyway, you're a great writer, and this was an awesome post.

That is so true. I was lucky, the Boy Scouts weren't as bad as they are now. Even so, the small college town I grew up in was so full of liberals, bigotry simply isn't an issue in our local troops. Discrimination may be the official policy of the Boy Scouts nowadays, but as long as there are liberals who know that it is wrong and who know how much of a positive influence the Scouts are to kids, discrimination will be hard to enforce.

Still, it would be nice if there were a more open, secular, perhaps even co-ed version of the scouts that were as popular. They exist, but not everywhere like the Boy Scouts do.

I had a similar experience in Boy Scouts. Someone in the Boy Scouts had the bright idea to send around invitations to a computer and software oriented extra-cirricular program, some guys at the local community college allowed us to use their computer lab. We learned things like how to put together a computer from components, and how to install MS-DOS from floppy disk. I was in the C programming group, and we learned the basics of the C language. The computer lab guys set us up with the Borland C compiler and we were off writing programs with "conio.h" for inventing fancy command-line programs.

Unfortunately, it was difficult to maintain interest after a while. We just ran out of ideas. Putting together a comptuer is so easy, even kids can do it in just a few hours, and so everyone shifted to the programming group where there weren't enough skilled instructors to teach everyone. Then, once you get the syntax down, programming is easy, but the more complex ideas related to computer science, like algorithms and data structures, are a bit too difficult for kids to understand. Even I didn't get it at the time.

If we had more skilled teachers, it might have worked out better. But that is always the problem, isn't it? How do find skilled teachers?

No, I DO NOT wonder why people don't do this. How can you ensure a democracy if everyone participating is anonymous? How can you ensure that one person has exactly one vote? How do you prevent criminals from influencing policy by voting hundreds of times for their own laws?

As it is now, wealthy people can make any laws they want, but it still requires the complicated process of bribing elected law makers with high-paying consulting jobs. If you take money out of the equation, anyone who figures out how to game your voting system will easily pass any laws they want by simply creating a huge number of sock-puppet voters.

I hate how money, rather than common sense and compromise, has more influence over law, but a digital democracy simply won't work unless you can uniquely identify voters with sensitive personal data which no one wants (nor should they have to) provide to anyone anyway.

If the signatures need to be verified by a signature authority controlled by the attackers, it would be much easier to find out who is issuing the commands, just trace all communications back to the signature authority. And a communication to the signature authority would happen every time a command message needs to be verified by one of the nodes.

Otherwise, the commands must be self-signed, so an ordinary man-in-the-middle attack on any one the nodes could reveal the signature to you. You could do it as soon as you are able to capture a signed command message to any one of the nodes, which are probably broadcast like chunks of a bit torrent -- if so, then these messages are pretty easy to find once you have enough nodes because the signed command message will be replicated so often. Then, just decrypt the signature with the private key you extracted from one of the nodes, and start issuing your own self-signed command messages.

But I have never done anything like that before, it is probably much more difficult than I am making it sound.

But on the other hand, you still need to issue commands to the C&C. If you can figure out the communication protocol used to assign C&C powers to a node, then security researchers can easily toss-out the command to become a C&C to all nodes and then sink-hole it.

Further, I am not aware of any way to encrypt communications between the botnet's controllers and the botnet's nodes because every node will need to have the private key to decrypt incoming communications. So anyone can analyze a node and just pick out the private key, and then start issuing commands to it as though they were the operators. It just adds bulk to the botnet code, and doesn't prevent anyone from sink-holing it.

I think the real difficulty is simply containment. If the virus is designed to spread as rapidly as possible, then you need to spend a lot of time finding nodes and taking control of them to shut them down. I think the designers of ZueS are counting on that, and hope sheer numbers will be better than more precise control.

I sympathize with your enthusiasm, but evolution of computer viruses is actually a million trillion times slower than in real life, because the "environment" in which the "random genetic mutations" occur is the much smaller and slower-moving world of man-made software. In real life, you've got a lot more space, time, and degrees of freedom, and the motion of atoms in DNA molecules is much faster than the clock of any computer.

Mod parent up.

It's unfortunate, but the Pope is way more wealthy than Bill Gates, and as long as he is sending hoards of priests/PR agents to Africa telling everyone "condoms spread AIDS", no amount of money Bill Gates spends is ever going improve things.

I hated Gates, but now that he is using his real monopoly money to do good things, I actually genuinely respect the guy. But I still despise Microsoft and it's crappy software. I would respect Bill Gates even more if he went back to Microsoft and said, "You know what, from now on we are going to open source all Microsoft software, past and present, because people will pay us to use our software, regardless of its license."

As long as regular people (corporations) are laying down the "tubes" the government will be there laying down the laws that let them see what goes in and comes out of those "tubes". Sure, we could have a 100% encrypted internet, that only trusted people could use. But there will come a day when sending encrypted data at all will be as obvious as painting a bulls-eye on your ass and mooning the police.

Oh yeah, this isn't the consumer electronics or entertainment industry, this is retail. They still usually compete with each other by strong-arming suppliers, eliminating competing mom and pop shops, short-changing local dealers in favor of products produced by slaver-labor overseas, and offering better products and services, rather than suing each other into oblivion. When will they ever learn, it's just easier to pay-off judges and senators.

I think you put way too much faith in the general public's attention span.

If the MAFIAA were to use their political clout and pass laws that made it illegal to watch a movie without a specific piece of hardware, which they have already done in a way, using region codes and forcing DRM on downloaded music, people will just sit back and take it, and continue to repeat the propaganda spoon-fed to them. "Its good for the economy, they have the right to make money in whatever way they want, pirates are bad, baaah baaah baaah baaah."

No one notices just how many liberties we have lost over the past 20 years (ironically, more and more so as technology has improved) because no one knows the technology well enough to know when a politician is passing yet another law to take their freedoms and property rights away. They think, "as long as I don't vote for those big-government Democrats, I'll be safe." If only it were that easy.

/* Fewer lines of code, more readable.
* Local variables should be contained in a structure that can be passed by pointer.
* Most compilers will optimize this code to look exactly the your code above with GOTO's.
*/
struct local_variables { ... };
typedef int (*local_var_update)(struct local_variables *);
void func() {

• local_var_update do_op[4] = { do_op1, do_op2, do_op3, do_op4 };
  local_var_update undo_op[4] = { undo_op1, undo_op2, undo_op3, undo_op4 };
  struct local_variables vars = { ... };
  int i = 0, ret = 0;
  while(i < 4) { if(! do_op[i](& vars)) { ret = -1; break; } i++; }
  if(ret == 0) { return ret; }
  while(i > 0) { undo_op[i](& vars); i--; }
  return ret;

}

Did you ever try to use the "strip" utility?