12/5    I am trying to write a report on SSH does anyone know why
        X11 forwarding makes a host more vulnerable to attack? Any
        good sites to find information on the weak spots of SSH?
        I have the RFC but don't know enough write about weak points of
        SSH. -nesim
        \_ If a bozo user types 'xhost +' on either end of the connection,
           then all the ssh in the world won't keep others from sniffing
           their keystrokes via X.
        \_ The argument goes as follows: if you ssh from your trusted host,
           to an untrusted host, then from there to a trusted host, and run
           X clients off of the remote trusted host, SHOCKER: root on the
           untrusted host might be able to do something nasty.  Fucking duh.
           I hate it when shit like this gets called a security hole.  Once
           and for all, people: YOU CAN NOT PROTECT YOURSELF FROM A MALICIOUS
           root USER.  PERIOD.  (Please don't cite non-unix operating systems
           or some silly securelevel hack as way of counter"proof")

4/249   I'm interested in tree-pattern matching algorithms. I'd like to
        implement a language independent, synthesized and inherited abstract
        syntax tree comparitor. Where is a good place to start?
        \_ well, I actually am looking into the same stuff, this work
           can do fuzzy tree matching, giving you replacements, renaming,
           insertions, etc. http://www.cis.njit.edu/~discdb/treematcher.html
        \_ probably not here.
        \_ http://www.google.com/search?q=tree+pattern+matching+algorithms
        \_ Check out the XML tree diff from IBM.  Not sure if there is code
           in PD, but they at least quote source references. <  O(n^4)

4/249   What's your gift budget this December?  What's the average
        price of your gifts?  (reasonable people (no show offs) only)
        \_ ~$20 for a CD for my wife.
        \_ $35 for a family gift trading game
           Same for girlfriend.
           Everyone else gets plants that I have raised from seed.
           (little basil plants).
        \_ $0. BAH HUMBUG! - scrooge
        \_ I don't know if this is bragging, but it is about $100/person
           for family members, with a $1000 computer for my brother and
           a plane ticket worth about $800 for my g/f.
                \_ shit, are you made of money??     doh!n
                \_ yes, you are bragging
        \_ $50-100 for family members. $30-50 for non-serious girlfriend.
           $10-20 for friends that I won't get something for them unless
           it fits them. -- student making <$10k/yr.
        \_ a watch for everyone in my family.
           \_ a freebee company watch?

12/5    If you run xdm rather than ssh-agent xinit, is there some way to use
        ssh-agent for everything and not just "ssh-agent xterm" ?
        \_ yes.
           \_ More helpfully: put the line
                eval `ssh-agent`
              near the beginning of your .xsession.

12/6    Anyone familiar with any solaris or linux auditing tools that
        will track all keystrokes by a given user?
        \_ ngrep, snoop
           \_ And this will help me when someone is ssh'd in how?
        \_ ttysnoop.. but, if you don't trust your users, why have them
           at all?
           \_ In the words of Soviet Communism, "Trust but Verify"
              \_ Also the words of QA engineers.
              \_ Kids these days... This was a slogan for American missle
                 policy near the end of the Reagan era, not of Communism.
           \_ Does ngrep or ttysnoop run on Solaris?

4/250   Seen on the whiteboard across 343 this morning: "YOU HAVE
        NO FRIENDS. We don't either. Come kick it with us in the
        CSUA office." Desperation...
        \_ Hi Paolo!
        \_ Damn you tjb!
        \_ I thought lila's free

4/250   yo politburo, who is the new ruling class?
        \_ maybe they're still counting ballots

4/250   jobs must go!
        \_ where?

4/250   What is DTS Digital format?
        \_ Competing sound system to Dolby. First introduced in
           Jurassic Park. Most popular in California.  Some say it sounds
           better, but that's for the individual to decide.
           \_ I thought that was THX
              \_ THX started with Return of the Jedi. THX & DTS/Dolby are
                 not competing, rather complementary.
                        \_ DTS competes with Dolby 5.1. THX is another
                           brand name tag that's been watered down
                           by a greedy lucas, prompting the equally
                           greed motivated THX Pro spec, which is
                           what THX origionally was, and is more $$$.

4/250   Any advice on making pesto sauce? I took some basil leaves and
        nuked them in a blender (at least that's what I tried to do).
        The leaves just sort of sat there, spun around a few times, and
        sank to the bottom.
        \_ mortar and pestle
           \_ Damn Cretan-age technology.
              \_ stupid cretins
                 \_ that's stupid creteans
                    \_ what?  you mean cretian?  cretin.
              \_ I think the wider base and shorter height makes it easier for
                 solid food to fall onto the blades, so it can blend better.
                 I've never used one though.  On the other hand if you blend
                 liquid food it wouldn't matter.
                \_ I used a mortar and pestle that i took from
                   chem 1a to make my pesto. it tasted kind of funny,
                   but that's alright.
                   \_ did you ever drink from the beakers?
                      \_ I took a brand-new 50CC beaker and used to carry it
                         around in my jacket. It makes an excellent
                         shot glass. -- Chemistry PhD
        \_ Maybe you need a low-speed food processor instead of a blender.
           \_ What's the difference? They seem to be functionally equivalent
              but look different.
              \_ I think the wider base, shorter height and a much smaller gap
                 between the blades and the base make it easier for solid food
                 to fall onto the blades, so it can blend better.  I've never
                 used one though.  On the other hand if you blend liquid food
                 it wouldn't matter.
        \_ You need olive oil and garlic too.  Some people even add
           pine nuts.
           \_ definately. lots of oil and pine nuts.
           \_ you can also use walnuts instead of pine nuts
        \_ Where in the heck did you get fresh basil at this time of year!?
           \_ (not original poster) Grow it - it isn't that hard.
              I have about 24 basil plants in my room that are getting
              close to ready for harvesting.  I planted them from seeds
              sometime between 4-6 weeks ago.  If you want a plant,
              email me.  -dlwhite

4/250   http://www.cs.washington.edu/education/courses/451/00au/overview.htm
        \_ isn't UW where Andersen went?
                \_ Yeah, that's where the High Priest of NACHOS is
                   spreading his unholy gospel now.
        \_ nice.
           \_ didn't they do this at one time here?
              \_ bharvey taught it in bsd one semester.  it has not been
                 repeated, and repetitive begging and pleading did not sway
                 him into teaching it again (nor will it ever).  current OS
                 faculty adj worked with msft to get a grant for laptops for
                 his research, and has personally ported nachos over to win9x
                 so you know where his interests lie.
                 \_ and has explicitly stated to me yesterday that (1) there
                    will be NO laptops in 162 next semester and (2) the *nix
                    environment will without question still be supported no
                    matter what. -alexf
                        \_ you mean solaris, not unix.  There sure wasn't a
                           3.x freebsd port for it when I took the class,
                           and I think the Great Unnamed one has the only
                           working linux ports.  Fact of the matter is that
                           adj _spent_ time porting over nachos to windows,
                           to secure msft a foothold in the teaching curricula
                           in 162.  His intentions are clear.
                           \_ this is beside the point.  why are they using
                              nachos anyway? Obviously other universities have
                              no need for an abstraction layer between the
                              student and course material.
                              \_ stanford uses nachos, as does mit. Having
                                 worked on nachos I knew more about how a
                                 system works. look at the projects, they
                                 are jokes.

12/6    Does @home allow services?  No.  Y'all were wrong yesterday.
        http://www.home.com/qa.html#server
        <DEAD>www.athome.att.com/faq.html#server<DEAD>
        \_ Genius, you're reading the generic @home agreement.  The local
           Bay Area one I signed when I got my service doesn't say I can't
           \_ but effective.  I run an ebusiness from an @home site. - small
              traffic, high price one, and haven't had any probs.
           run a service.  It only says I can't resell net or run a business
           and I'm responsible for my own security.  In fact the agreement is
           chock full of warnings about hax0rz if I run a service but *never*
           says I can't.  Thank you for using @home in the SF Bay Area.
           \_ The one I signed in Fremont explicitly says I can't run a
              server, and I get scanned for running NNTP every day --dbushong
        \_ Disallowing and preventing are entirely different.
           \_ Hey, that's naughty!
           \_ but effective.  I run an ebusiness from an @home site.
              - small traffic, high price one, and haven't had any
              and he's had no problems either. @home doesn't seem
              to mind/care. ----ranga
              probs.
           \_ My brother runs a Cobalt Qube3 with web/ftp/nat/ssh
              and he has had no problems. @home doesn't seem to
              mind/care. ----ranga

12/6    I know people are passionate about their presidential
        candidates but why do I see pictures of people protesting
        against CNN and local network affiliates?
        \_ The media likes showing off how much influence they have on
           people
        \_ How could they be passionate about such sorry sacks of shit?

12/6    How do you change the vertical separate in Emacs? Horizontal is done
        with click and drag but not the vertical one.
        \_ I can click and drag.  With keyboard, C-x } or {.

12/6    How to toggle the duplex and simplex modes on an HP printer
        if you are using a vanilla RedHat 6.0 lpd and printfilter?
        (Replacing the lpd with LPRng and such is NOT an option ..)
        \_ Why do I keep seeing questions being asked on the motd
           starting with "How to..."?

12/6    We're consolidating some older SPARCS into one newer server,
        and want to consolidate disk onto new media.  We've got 340GB
        to replace, but could use some expansion...any suggestions
        on a good product and source for the new disk? -jnat
        \_ clariion -shac

12/6    anyone know how of a script to extract from an xml file
        and save as some type of formatted text?  or can you point
        to where one should look online for that kind of info?
        \_ uh, xml is a formatted text file. what do you really
           want to do?
                \_ for instance, extracting tag information.
                input /whatever to look for it and return
                lists of values following the named tags...
                \_ You can really write this yourself in C or Perl, but
                   there is free XML parsing code in Java
        \_ Look on CPAN, I'm sure there's plenty.
        \_ XSL style sheets