Berkeley CSUA MOTD:1998:February:02 Monday <Sunday, Tuesday>
Berkeley CSUA MOTD
1998/2/2-3 [Computer/Networking] UID:13606 Activity:high
2/1     Autobahn (aka Baycis) sucks big time. Is there another 56kbps
        isp with berkeley numbers and competitive prices? Thx.
        \_ <DEAD><DEAD>
           \_ I was going to laugh at this, but then I notice the person
              wasn't asking at all about reliability.
            \_ yeah IS&T ... j/k most ISPs suck in some way or another IMO
                \_ IS&T tops out at 28.8k - no 56k lines
                \_actually, is a real, commercial
                  ISP with no relation to the university....
        \_ <DEAD><DEAD>.
1998/2/2-3 [Computer/SW/Languages/Misc, Computer/SW/Security, Computer/SW/Unix] UID:13607 Activity:high
2/1     What is the easiest way to allow people (actually myself) to upload
        stuff through my web page?  --- clueless
        \_ DON'T DO IT.
        \_ This may open you up to a lot of security risks; think carefully
           when you implement something.  How do you want to do it?  Do you
           want to enter text into a form and then have it available as a
           file in an account somewhere?
           \_ Don't listen to these idiots.  The easiest way is probably
              HTTP PUT; see the Apache documentation.
                \_ Oh really?  So where's a page you wrote that allows
                   uploads?  Post the URL so we can all have fun hacking it.
                   \_ Why don't you just tell us how to hack HTTP PUT.
                      \_ "There are few scripts available which implement PUT
                         handling securely." _Apache Week_, April 4 1997
                         In concept it _can_ be secure, but it's not an
                         unrealistic concern; frequently the PUT scripts
                         have holes, even more than other CGI stuff.
                         \_ PUT is fairly simple; it is not difficult to write
                            a secure PUT script.  You don't need "many"
                            scripts available which implement PUT securely,
                            you only need one.
                            \_ right, but first you've got to find it. :-)
                                \_ If you use suexec, it's not hard to
                                   write one.  Just make all paths relative
                                   to the document root and disallow ".."
                                   and other funky characters.
                \_ YES! suexec is much more secure! We really should run
                   httpd on soda instead of scotch so that one will not be
                   able to kill the "nobody" process arbitrarily.
                                   \_ I'm still waiting to see your secure
                                      page.  Post the URL when you're ready.
                   \_ Oh, give it up.
        \_ thanks for all your responses.  I wanted to do this as a way to
           replace ftp to transfer my manifestos:-).  The web server is going
           to be running only when I need to transfer file and is shut down
           the moment the transfer is done.  So I guess it does not need to
           be too secure.  Anyway, the question is now whether I will get
           enough clue to find out how to write a minimal script. -- clueless
           \_ You must be too sexy to use scp.
              \_  No, Jobs is too sexy to have scp developed for mac.
1998/2/2-3 [Computer/SW/Security] UID:13608 Activity:moderate
2/2     If you've experienced frequent lost of connection to soda it's
        because you turned on your wall (wallall y).  Try turn them off
        and tail the wall log instead (tail -f) and see if that improves
        the reliability for you.
        \_ Do you have any basis for this statement at all?
                \_ Trust me on this one.
        \_ So you're saying that wallall affects my packets not being able to
           get through some router btwn my ISP and UCB? Wow.
           \_ Yeah, didn't you read the CERT advisory of April 1, 1997,
              "wallall Denial of Service Attack"?
        \_ Wall is more than just a program; it is a way of life.
        \_ Beware The Wall.  We don't need no education.
1998/2/2-3 [Uncategorized] UID:13609 Activity:kinda low 54%like:13768
2/2     I have the utmost respect for Black Cherry Blow Pops.
        \_ Why?  They don't respect you... everything about them tells
           you, "You suck... and blow..."
        \_ I have the utmost respect for Cherry Pop Tart.
                \_ There's really no comparison but I can respect that.
                \_ Oh yeaaaaaaaah...
Berkeley CSUA MOTD:1998:February:02 Monday <Sunday, Tuesday>