Since you've done this before, I may as well ask you -- how hard is retrieval? From launch point to drop point, how far off is it, and how do you keep from landing in irretrievable spaces?

For simplicity, let's just abbreviate it as CLOWN and watch the novices try to puzzle it out.

Not to pressure one too much, but automaton is rooted in Greek, not Latin. :)

As others have pointed out, no, it is not rooted in Latin. The article you linked makes no such claim. You would have had to read the Wiki link you posted for automaton in order to know that, though.

It's the control which is automated, not the propagation. The idea is that if I root a hundred systems, and instead of OO, I put on a rootkit that forces them to participate in a network where I can issue a single command to my zombie army that forces them to DDoS you, I've got a botnet. If I have to ssh into each of them individually and manually instruct them to participate, I have a bunch of rooted systems.

Your stated requirement that a botnet depend on a worm is not a requirement in my professional opinion, and according to the definition you gave us earlier, it is not yours either.

The word BOTNET is short for the combination of the word robot and network . The term often applies to groups of computer systems that have had malicious software installed by worms, Trojan horses or other malicious software that allows the "botnet herder " or botnet's originator to control the group remotely.

These are not my definitions -- they are yours. It was you who posted the definition of "botnet," and it was you who suggested that we look up "robot." I did so, even going so far as to make sure to consider each of the definitions of two major dictionaries, and used those terms to evaluate your claim. Was there another widely-recognized resource you wanted us to use for the definition of "robot?"

The AC and those claiming that there is no requirement for a botnet to propagate automatically are correct. Here is the definition of 'robot,' courtesy Merriam-Webster:

1 a : a machine that looks like a human being and performs various complex acts (as walking or talking) of a human being; also : a similar but fictional machine whose lack of capacity for human emotions is often emphasized b : an efficient insensitive person who functions automatically
2 : a device that automatically performs complicated often repetitive tasks
3 : a mechanism guided by automatic controls

And courtesy OED:

noun a machine capable of carrying out a complex series of actions automatically, especially one programmable by a computer.

And, 'bot' courtesy OED, since they have a listing for it:

noun an autonomous program on a network which can interact with systems or users, especially in the manner of a player in some computer games.

Merriam-Webster offers an individual definition of "bot," but only the context of botfly larvae.

On their face, none of these definitions require a robot to be capable of generating other robots automatically -- merely that the robot must be capable of performing some function automatically. Thus, we must turn more directly to your preferred definition in search of such a requirement:

The word BOTNET is short for the combination of the word robot and network . The term often applies to groups of computer systems that have had malicious software installed by worms, Trojan horses or other malicious software that allows the "botnet herder " or botnet's originator to control the group remotely.

Once again, there is no requirement for a botnet to be automatically propagated. Indeed, strictly speaking, there is no requirement here that any host have any malware at all. The use of the kind of botnet we're discussing here -- one in which participants are unwilling -- is used only as an example, due to the phrasing "the term is often applied..." which prefaces the discussion.

For example, a distributed network of systems configured by their owner and operator to automatically ping a host from a variety of locations in order to determine average latency, satisfies definitions 2 and 3 of Merriam-Webster's definition, and the OED's definitions of robot and bot, along with this definition of 'botnet.'

However, even in the discussion of a malicious botnet, nowhere does it require a botnet to propagate itself automatically. In fact, the definition explicitly distances itself from this claim. It suggests that while the malicious software that has made a host into a botnet member can be installed via worm (malware capable of automatic propagation), it can also be installed by other means, and it explicitly mentions that these means include via trojan horse (malware installed by tricking an unsuspecting user of sufficient privilege into executing it), which is a decidedly manual method of installation.

I could see this as being nice once I get to the airport. I try to time my arrival close to boarding, and once I'm there, the gate area is usually pretty full. I can go down a few gates and make myself comfortable, maybe even get a drink, but if my flight really does start boarding in 5-10 minutes, why bother?

If I knew that there was an 80% chance that I'd be waiting there for an extra half hour or so, I'd be more inclined to go grab a bite to eat, or at least find a power plug and do some e-mail. There's a 20% chance that I turn right around and head back to my on-time departure, feeling a bit silly.

They tell you at the airport if your flight is delayed, when the airline actually posts that your flight is delayed. For various reasons, this does not necessarily happen promptly. For example, airlines may hold off announcing a delay until very close to departure, because they haven't ruled out using a different plane than what was scheduled, or because they think it'll be a close enough delay that it's worth keeping everyone at the gate ready to board, or because the information just didn't get posted. Anyone who's ever waited at the gate 10 minutes past departure next to a sign that says "ON TIME" with no plane in sight knows what I'm talking about here.

Supposedly, this software tries to analyze airport traffic across airlines to try and figure out which flights are going to get delayed by ATC. So, its aim is to predict certain delays before they happen, much less before they make it onto the airport departure and arrivals screens, or the airline websites.

How well it works, I couldn't tell you.

Agreed. If one is unwilling to accept the browser deciding to make that extra page request, your solution is quite nice. I think the question just then becomes, what's "acceptable" for a browser to do?

I think as a user, I have to assume that when I click a link or type in a URL, my browser can be making just one HTTP request from one domain, or 100 HTTP requests from 100 different domains, depending on what resources are referenced in the HTML. I might even get redirected to another site entirely.

So, given that, I guess I wouldn't be too torn up if my browser ends up at Google or Bing or whoever -- once again, providing the big provision that there is SOME indication of why I ended up there, and for as interesting as the discussion is, I thus far haven't been able to motivate myself to find a patched Windows box to test it on.

For myself, I tend to gravitate towards the solution that takes me as close to where I want to be as possible. The ideal in my mind would be a browser that can magically identify the site I thought I typed in, then take me to it. Obviously, that's not going to happen. But, second to that is a browser that can say "hey, that ain't right, and here's my best shot at what you meant." So I guess what I'd REALLY like would be a small modification of yours:

"There does not appear to be a web server named sexy.foxterriers.com. Perhaps sexy.foxterriers.com is not the correct name? Did you mean sexy.foxyterriers.com?"

where sexy.foxyterriers.com is the first hit on a search for sexy.foxterriers.com on the search engine. It's an extra query to the search engine, but it wouldn't need any supporting requests for images or other resources. In the interim, maybe the browser can be smart enough to say in place of the recommendation sentence, "please wait while we search Bing, your search engine of choice, for a recommendation." If that request times out, it can say, "It is possible that your Internet connection is not functioning," or some variant thereof.

Of course, that depends on reliable extraction of the URL from each supported search engine, and I'm sure there are issues there.

I can see that we've mutually misinterpreted one another's tones and meanings. My apologies if I came off more rudely than I intended. If we're going to continue this discussion, then let me clarify my tone in the opening sentence that I think you found provocative: I had intended it to be challenging in the style of two guys having a sporting conversation about a subject they both know quite a bit about, as opposed to downright insulting. I can see why that may not have come off as intended, however, particularly since a fair number of posts here really are simply insulting. I agree that the "flamebait" tag was inappropriate. All that aside, I am glad to read your reply. If you're interested in continuing this conversation with a bit more mutual understanding, then so am I. On to more interesting matters.

You mention that this is a standards violation if you believe that the RFCs governing DNS also govern presentation-layer applications which utilize DNS. I don't see this to be the case, and I don't really see how that could be justified based on the content of the DNS RFCs. They define, in rigid detail, how DNS is structured, and how clients and servers may request and transmit information. The actual use of that is left to the application.

But let's say that's not true. Let's say, hey, the application using DNS has a requirement to faithfully present all information that would be meaningful in every response to the user. Obviously, this can't be done in a literal sense. I can't take the exact section you quoted, which defines how DNS clients and servers express an NXDOMAIN, and hand that off to the user, unless I expect them to read and decode the packet by hand. If I'm an application, I HAVE to render that in a way that's actually helpful to the human being who's operating me, and the exact way I do that is certainly not defined in any DNS-related RFC.

Still, I think a reasonable presentation is being made here. The goal here is not to trick the user into thinking that "www.amazon.ocm" is a valid domain which happens to be Bing (or whatever their default engine is), but to make them aware of their mistake, and take a shot at presenting a nice graphical way for the typical user, to get where she meant to go. After all, when Joe Blow types in a bad URL, here's about as much as I bet he'll actually read from Firefox's default response:

"Server not found"

and here's how much information he'll glean from that:
""

Offering a list of possible things that you might have meant is really not such a bad take on how to approach this. I agree that this is a pretty noisy way to accomplish that, and I'm not going to be anxiously watching the Firefox release notes to see when they add it, but the concerns you and I have are pretty different from the concerns of the overwhelming majority of users.

On a more technical point, I don't doubt that there are scripts that rely on IE in certain respects. But, if you're expecting IE to present an error in a specific way when you ask for something that's not there, and you use that in a mission-critical (or heaven forbid, as in your hospital example, life-critical) application, Microsoft is about the last door you should knock on to lay blame.

If anything, it might be nice if they shook things up a bit more often to remind such people that their browser isn't exactly a sturdy foundation on which to rest your scripts.

Whoops, somehow posted that anon. Must have hit the box by mistake.