On Thu, Feb 19, 2009 at 21:21, <valdis.kletni...@vt.edu> wrote: > On Thu, 19 Feb 2009 23:38:37 EST, T Biehn said: > >> God Valdis, >> Dont concentrate on the mundane, the core issue is the unpredictable nature >> of it. >> You have them all coordinate reading the news at 12:00 AM GMT. >> You build some silly algorithm that ensures they pick the right article. > > Right, so now you need this insanely complicated system to make sure that you > get the right article at midnight, even if you have a race condition or you're > getting an old copy because of a caching proxy in the path or if they hit > different boxes on a load balancer and the articles update a few seconds > apart, > and then make sure they all pick the "right" article - which means they need > to > *agree* on the right article without knowing for sure what article the *other* > bots are looking at. And that also means that the botnet owner (or at least > a system they have) has to *also* be online so it can also check CNN and > figure > out what domain to register - which sucks if Godaddy just put up the "Down for > 3 hours due to unexpected system problem" sign or any of a zillion other > failure > modes in trying to register that next domain in real time. You can't register > the next 3-4 day's worth of domains ahead of time and make sure they went > live. > > Lots of failure modes there. > > Or you can just hash the damned clock once an hour, which seems to be quite > sufficient to keep the average botnet running. > > *THAT* is why they don't base it off a news RSS feed - all these mundane > issues > make it *harder*. You wanna do it the hard way that has more ways to fail and > sprout bugs, be my guest. Most of the coders out there prefer something > just a bit simpler.
Not necessarily as insanely complicated as you might think - an RSS feed can include some interesting numbers, such as stock quotes, etc., where the non-integer portion of the number(s) are pretty random, and reporting on them is pretty standardized. And, I don't think, for the purposes of discussion, it *has* to be an RSS feed. It could be any publicly available, regularly updated text, including www.wsj.com. Kurt _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
