Berkeley CSUA MOTD:1998:September:24 Thursday <Wednesday, Friday>
Berkeley CSUA MOTD
1998/9/24-25 [Computer/SW/Languages/C_Cplusplus, Recreation/Dating] UID:14662 Activity:nil
9/23    How do I get a C program to read the default output of date?
        \_ char buffer[40];
           time_t now = time(NULL);
           strftime(buffer, 40, "%+", localtime(&now));
           printf("At the sound of the tone, the time will be: %s\n", buffer);
           You could also actually call /bin/date using popen(3), but that
           would be harder.
                \-i dont think that is what the question is asking.
                sounds to me he/she is trying to *parse* date output.
                i suppose youcan use mktime() ... what are you trying to
                do with the "default output" ... ? --psb
1998/9/24 [Uncategorized] UID:14663 Activity:nil
9/24    Items wanted
        1. Borland C++ 4.5x (or BC++ 5.0 containing a CD for version 4.5x)
           It's okay even if some manuals are missing.
        2. Novell 16-bit ODI Development Kit (not sure of exact naming).
        Please email me if you have some available.  Thanks.  --- yuen
1998/9/24-26 [Uncategorized] UID:14664 Activity:kinda low
9/24    What does the T1 in "T1 connection" stand for?
        \_ its useless telco jargon, which doesn't really mean anything
           significant any more.
        \_ T1 was used to describe a specfic type of carrier equipment way back
           when. Now is just describes a general carrier system..
                \-that's right. DS-1, OC-x ... these all stand for something
                but t1 doenst really. it might have meant "telephone co", but
                ds-1 is a more precise term. there is also E1 and E3 which are
                similar but for europe. --psb
        \_ What's the speed of T1 and T3 connections then?  What other Tx
           connections are there?
                \_ those are the only T's people use.  See DS-x & OC-x for
                   faster connections.
                \_ T-1 = 1.5 Mbps (slower than 10Mb ethernet)
                   T-3 = 45 Mbps
1998/9/24-26 [Computer/SW/Security] UID:14665 Activity:high
9/24    How do I find out what machines are in a certain domain, e.g.  Thanks.
        \_ ping -f
        \_ a little command many people forget about: host -l
        \_ echo "What machines are in your domain?" | mail
                \-You have to be so tall ... /tmp/ --psb
           You could try to use nslookup's ls command to list everything in the
           domain, but most nameservers (including's) won't let you.
                \-"You have to be this tall ... " ... /tmp/ --psb
           \_ you could get a map of what network addresses they use, and then
              try to get reverse dns mappings for everything in those addresses.
              This is why disabling zone transfers on a nameserver (i.e. ls)
              is pretty stupid unless you kill reverse dns too. -ERic
                \_ Disabling zone transfers stops the script kiddies for now
                   (until someone takes pity on them and writes them a script
                    to do things the hard way)
                   \_ so until then you end up making it harder on everyone
                        \_ stupidity in the name of security is rampant.
                           See soda's relaying policy.  -tom
                        \_ most everyone else doesn't need to do a zone xfer
                           or can ask nicely for one
                           \_ Disallowing them is a security through obscurity
                              policy, and impedes curiosity.  It's like turning
                              off finger on Unix.  Besides, crackers can still
                              scan easily, even without using DNS.
                                \_ or it's like using shadowed passwords
                                   \_ WTF are you smoking!?  Non shadow-passwd
                                      files are a huge security hole.  Give
                                      any user on your system instant access
                                      to all the poor sops' accounts and files
                                      who can't pick a decent password.
                                        \_ unshadowed passwrds aren't the
                                           cause of the security hole, stupid
                                           users are
                                \_ shadowed passwords provide little real
                                   security; it's not difficult to get the
                                   shadow file without root.  -tom
                                   \_ Um, by that logic, it's not hard to get
                                      root, so why bother having any security
                                      at all  --dbushong
                                   \_ Tom, you were the one who suggested
                                      using shadowed passwds and have, until
                                      now, continued to do so on the basis that
                                      it was "more secure" for at least 4 years
                                      now, see CSUA/OCF/XCF Help Session handout
                                      by Tom Holub
                                        \_ I haven't updated that in quite
                                           some time; I haven't taught the
                                           security help session in something
                                           like 3 years.  At the time, I
                                           wasn't aware that programs such as
                                           ftpd can leave large swaths of the
                                           shadow file in core dumps.  -tom
                                \_ That's not the logic.  The logic is that
                                   shadowed passwords provide a false sense
                                   of security.  The security problem with
                                   non-shadowed passwords is having bad
                                   passwords; having shadowed passwords does
                                   little or nothing to alleviate the only
                                   problem it could theoretically solve. -tom
                                        \-i think turning off zone xfers is
                                        basically free to do. of course you
                                        shouldnt rely on it and what is really
                                        the important thing to do is to be able
                                        to see who is asking forone and what
                                        they do right after that. a zone xfer
                                        a pretty good indicator of certain
                                        types of scans/signatures of certain
                                        tools. --psb
                                        \_ Or just curious network users.
                                           E.g. zone transfer of various
                                           things under is fun.
                \_ Please define "zone transfer"        -- clueless
                   \_ Simple answer: it's what you get when you run
                        host -l or nslookup ls.  Long answer: Read the
                        BIND book from O'Reilley
1998/9/24 [Uncategorized] UID:14666 Activity:kinda low
9/24    Wanted: Borland C++ 4.x (or BC++ 5.0x containing a CD for version
        4.5x).  It's okay even if some manuals are missing.  Please email
        me if you have one available.  Thanks.  --- yuen
        \_ how much are you willing to pay?
Berkeley CSUA MOTD:1998:September:24 Thursday <Wednesday, Friday>