小文

A number of Windows 2000 machiens around MSU campus were hacked due to the recent Windows RPC exploit. The code is here. An analysis of this problem is posted here. DDos attack from those compromised machines made part of the compus network down.

Tried this on a couple of machines. It works fine. Patch now ! http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

If you are using Kazaa, be careful. RIAA is going to sue hundreds of Kazaa users who share a lot of songs. Part of the list is here.

Personally I think RIAA is showing off their stupidity in this case. Why not try to make use of this P2P technologies to profit more? Yes you've lost some money that SUPPOSED to be in your pocket. But as new tech emerges, face it and use it. There must be other ways to make money by selling artist's work, and that does not have to be CD. Check out Apple's online music program, and Buy.com is following (but this site requires IE5 on Windows, which sucks).

A recent paper showed some improvement to crack alphanumeric Windows password. As you may know, Windows stored two hashes of a user's password: the LANMan hash for those pre-NT and Mac machiens, and the windows hash (NTLM and NTLMv2). These are stored in the SAM database. What to take a look of these hashes? Try pwdump. A description of that can be found here. Related news is here.

A side note: before this new idea, well-known windows password cracker is L0phtCrack
.

The technique descriped in the paper only affects LANman and NTLM hashes. However, NTLMv2 is not enabled by default (HKLM\System\CurrentControlSet\Control\LSA\ LMCompatibilityLevel, default is 0) . Based on that paper, the authors' site offered a tool to crack these hashes (at least you should have LANMan hash). I submitted a test acccount hash to it and now wait for the result....

NY Times has a story of IBM's plan to outsource hi-tech jobs to India, China, Russia, etc. This seems a clear trend for almost all IT giants, Microsoft, Oracle, and many consulting companies. The reason? cost of course. As one IBM officer put, "You can get crackerjack Java programmers in India right out of college for $5,000 a year versus $60,000 here". The same job, much less cost, what you will do if you are the boss?

First it is manufacturing jobs, now it comes to IT, services, what's next?

The globalizatoin of economy has proved to be a double-edged sword for developing countries who have to focus on low-labor industry oursourced from Big 7. Now its negative impact is also evident here in the States. Nevertheless, Capitalism does not CARE.

Recent Cisco IOS vulnerability has been annonnced as a major problem for the Internet probably affecting every network manager. "By sending specially crafted IPv4 packets to an interface on a vulnerable device, an intruder can cause the device to stop processing packets destined to that interface".

Protocols are protocols[] = { 53, 55, 77, 103 }. They are IP encryption, IP mobility, SUN ND(?) , PIM(Protocol Independent Multicast). A complete list of protocol number assignment is IANA's list.

One has to make sure the sequence of those packets are destined to the Interfact instead of being routed. It is said the hping2 tool can be used like this:

hping2 (dest ip) -0 -t (ttl to make sure packet will hit the interface) -H (53,55,77,103) -d 128 -E /dev/urandom

Somehow the IOS will mistakenly flag the interface as full after processing those packets. Inbound traffic will be dropped accordingly. Cisco's workaround is to use ACL to block those packets to the interface.

Needless to talk about the benifit of distributed computing whereas similar type of operation is conducted on a number of hosts in accord with some protocols for collaboration. No central server means high scalability and fault tolerant, and, of course, no way to sue the person running the central server. By making use of a large number of hosts, aggregated computing or storage improvement could be huge.

However, in enterprise network, things look a bit different. Sometimes efficient administration, management, and migration could be the more important than computing power. In effect, one big server could run multiple instances of different OSs, and they are independent with each other. System admin only needs to maintain a limited number of machines.

Such a virtualization scheme is probably in reversion direction of distributed computing, primarily targeting bussiness systems.

A note of current business in this area: Microsoft Virtual Server (acquired from Connectix), VMware's GSX/ESX servers, Virtuozzo, and Leostream's VMC are the major players in this area.

"Virtual" here can be a bit confusing as sometimes it actually refers to a cluster of real servers acting as one single server, as in Linux Virtual Server project.

WASTE, developed by nullsoft founder and Gnutella author Justin Frankel, is likely the first IM tool, or P2P tool in other respect, that enable secure distributed messaging/file swaping using public/private keys. It allows 50 nodes to establish a group for secure communication. This is an open-source project.

In some sense, it looks like Microsoft's threedegrees.

Probably another iminent problem in this regard is, how to protect a user's anonymity since RIAA is taking action to sue file swappers soon. Freenet, among others, might be the first that comes into my mind. No IP will be traced. Sort of proxy is used. But currently the most popular one is Kazaa, in which you could easilly trace the IP you are downloading from.

You've got a file to backup. Pull a floppy? Burn a CD? Copy to another disk/machine? Save it in your Yahoo briefcase or somewhere on the Net? Or you already have RAID, mirrors, etc. When you want to restore the file, copy it back, right?

You can even have multiple saved copies on different locations.

How about break your file in some way and each portion of that is saved somewhere and you don't even need to know where the portion is physically located? When you want to recover this file, just grab those portions from those locations concurrently. Basically the Internet looks like a huge disk space with needed file backup/recover interface to you. You just click a menu item in you Microsoft Word "File->Save it to the Internet", and you are done. Of course you will have another menu item "File->Restore a previous copy from the Internet".

Similar to SETI, which makes use of spare cycles of ten of thousands of computers for a special computation, this scheme will make use of some free disk space for all the users.

Will this work? Will this benifit end-user in terms of reliability, accessibility, and performance? How about security concerns in terms of confidentiality and authentication?

Will you agree to share some disk space for others all over the Internet?

ACM Queue has a very interesting interview with Jim Gray, head of Microsoft bay area research, a recent Turing award winner, a guru in database and computer systems. Guess who asked questions? David Patterson.

"One thing is a no-brainer. Disks will replace tapes, and disks will have infinite capacity. Period." The problem is not where to store your data, but where to find something to put in your disk. Random disk access will be a huge problem when disk capacity increases dramatically. The fundamental disk access scheme and corresponding data storage scheme might need to be altered. Microsoft is "replacing the file system with object store, and using schematized storage to organize information". Take a peek of that later.

Another interesting point is, as Gray said, every device, disk, NIC, display, whatever will be having a powerful CPU, large RAM, OS, and software. No IDE or scsi or PCI bus, just IP over everything.

An interesting article talks about how to use google to find more useful information.
It seems a lot of people out there just save some private files into their www root directory.

Some useful hacks:
1) "link:" option: want to know which sites linked to a specified site?
link:www.cse.msu.edu/~zhengpei
This shows who linked to my site.
2) "inurl:"option: specifiy some words that must show up in a URL
3) "index of": oftern, a directory is open to browser, but not link is available to click on those files in the directory. Use "index of" as part of the search string can display all files in a open directory.

The primary players of Chinese web portal: sina, sohu, and netease now jump to over $25 now, from around $1 early this year. NetEast and Sohu are above $35 amazingly. Sina is about $26.
I remeber last November people are talking about junk stocks that include netease (less than $1 for more than 20 days) and its buddies.... Just unbelievable! Wish I have noticed this trend earlier....
Is there any upward space out there?

I ran into this problem in my distributed system research: How to generate multiple virtual machines (with full system call support) on one physical machine? For example, I want to have 2 virtual routers on a physical machine. each running an RIP/OSPF module. Is it possible to make the module well contained in the virtual router, i.e., it has no idea about the physical machine but only the virtual router?

Existing protocol modules by default operate on an independent system The module interfaces to the system by system calls such as gethostbyname, getdevname, etc. Those will give the overall information of the physical machine, not the virtual router.

It seems User Mode Linux (UML) might be a solution. UML is able to create mulitiple self-contained instance of Linux kernel in user-mode with full networking functionality. VMware could be another choice but it is not free.

Google offers a browser toolbar (ActiveX control?) that can block pop-up windows. When you want the pop-up, just hold 'Ctrl' key when clicking the link, or press the corresponding toolbar button to disable pop-ups.
With Mozilla, which I am currently using to write this post, the browser has built-in pop-up blocker. You can enter list of sites that you want pop-ups. Or, just click the a small icon (an exclamation) in the right bottom to enable pop-ups for current site.

Watched "Terminator 3: Rise of the Machines" at the night of July 4th. Frankly it would be a great hit from the point of view back to 1991, when "T2: Judgement Day" was released. It just repeats the plot that has been abused many times: save the furture leader, blah blah blah... Adding to its incompetence is the plain visual effect: car/truck/whatever chasing, body punch and punch again. No the cool silver liquid metal terminator as appeared in T2. No wonder currently T3 only gets 7.3/10, while T2 has 8/10 in user rating.

Anyway, tons of money are squashed on this project. So many cars got destroyed. So i guess it is still a good action move, but not as good as its predecessor.

The best step-by-step instruction of installing Linux on iPaQ 3600/3700 series is Here. However, new versions of boot loader (2.18.54) and Familiar Linux (0.7) should be used instead of the old versions. Be careful of H3670. Somebody reported data CRC error when transmitting file system to the device due to LCD overheat. "lcdoff" command in the boot loader could solve this problem.

Java for Familiar Linux on iPaQ could be downloaded and installed by "ipkg java1.3". This is a JDK on Compact Flash because the package is about 13Mbytes. Too big to fit into the 3670's ROM (16Mbytes). No compact flash memory?

InstantP2P(aka myJxta) works find on my desktop, but few people are using it right now.

Registered an account at jxta.org, and cvs-ed all the core sources of JXTA (platform, shell, security, cms)---they are needed for InstantP2P. Strictly (learn it the hard way) followed build instructions of these modules using ANT, finally everything is done. JARs/Classes have been created. How to run? "ant run" for InstantP2P just pops up the jxta shell. "ant runawt" is not available for InstantP2P. Well, would it be a better way to run the AWT interface without putting a long classpath of JARS for class "net.jxta.instantp2p.pda.InstantP2P"?

Anyway Jxta shell is sufficient to test the application ("ant run").