Berkeley CSUA MOTD:2001:March:20 Tuesday <Monday, Wednesday>
Berkeley CSUA MOTD
2001/3/20 [Computer/SW/OS/Windows, Computer/SW/OS/Solaris] UID:20851 Activity:very high
3/19    So, i have discovered what i'm sure is a buffer overflow in
        an application server my company uses.  I can crash my server
        and send random stuff to the kernel.  However, I'm not a coder
        (just a Sys. Admin.) so i can't really determine which part of
        the garbage i'm sending gets executed.  If i had more foo,
        perhaps i could figure it out but...  My question is, who, if
        anyone, should i tell? (I am thinking of dropping everything
        and figuring out what i need to, just to see my name on a CERT.)
        \_ "fu", not "foo"
           \_ your fough is week, old man.
        \_ Which OS? I'm sure that if you're using Linux or {Free|Open|
           Net}BSD you could probably get a backtrace somehow. If you're
           using a comercial OS you won't be able to pin down the exact line
           number in the source code but you might be able to gather
           some amount of info that might be useful.
            \_ Solaris on a Sparc.
               \_ truss(1) is your friend.  But how do you know that you
                  can really execute arbitrary code?  Are you sure it's
                  more than DOS?  And is it a bug in the app server or
                  the applications themselves?
                   \_ I guess i don't know if it is a bug in the app
                      server or the app.  (that's a good point, i've
                      been giving our java guys too much credit).  I'm
                      convinced it is a bona-fide Buffer Overflow because
                      stress testing didn't just cause it to time-out or
                      crash, it effected everything.  BASH started saying
                      things like "cannot execute binary file" if i typed
                      hostname, exiting out of bash i'd get a "Sytax error
                      at line 1: ( unexpected" when i tried to do something
                      exotic like type "ls"  (basically "echo" was the only
                      \_ Wow.  Painful.  Is this BEA?
                         \_ No, believe it or not, this product is worse.
                            \_ Freeware?  or IBM?
                      \_ I'm guessing its IBM. They have lots of documented
                         buffer overflows.
                      command that worked).  I couldn't even log in from
                      the console.  I had to stop-A and reboot.
                      \_ You've made my day...  Mistaking process or VM
                         exhaustion for security hole...  That's 31337.
        \_ Sometimes people can't just jump above their heads. Get over it.
        \_ Find a copy of smashing the stack for fun and profit (just do
           a search on google).  Writing a buffer overflow isn't that hard.
           It shouldn't take more than an evening of work.
2001/3/20 [Science/Space] UID:20852 Activity:low
3/19    Mars polar lander found.  Maybe.  Intact.  Maybe.
        \_ better:
2001/3/20 [Uncategorized] UID:20853 Activity:nil
3/19    Dubya's dyslexia may prove to be as politically useful
        as poor Ronnie's dementia.
                \_ Reagan's alzihmers came about in 92-93 time
                   frame not while he was in office.
                   [ There are *NO* indenting rules for the MOTD
                     if you don't like it *TOUGH*. Feel free to
                     delete this, I've got a program to put it
                     back. ]
2001/3/20 [Reference/Tax] UID:20854 Activity:nil
3/19    The IRS 1040 form for recently laid-off dotcom employees:
        \_ That is SO 9:32 am...
           \_ Uh, this is so last week, like wednesday or so.
              Next you'll be telling us about that Tokyo Breakfast
2001/3/20 [Uncategorized] UID:20855 Activity:nil
3/19    http://www.CSUA.Berkeley.EDU/~paolo/csua
        \_ yeah i need to update that meeting time - paolo
2001/3/20 [Consumer/PDA] UID:20856 Activity:nil
3/19    What processor(s) do the Palm Pilots run on?  Thx.
        \_ most Palm OS PDAs run on 17 MHz Dragonball EZ or 33 MHz Dragonball VZ
           CPUs from Motorola.
2001/3/20-21 [Reference/Tax] UID:20857 Activity:moderate
3/19    Are Roth IRA, Rollover IRA, 401K, etc., etc. losses tax deductable?
                  \_ ERIN GO BRAUGH!
        \_ What do you think since you don't pay capital gains taxes on
           gains? --dim
           \_ Let me clarify.  I mean are these tax deductable IF I am to cash
              out on these funds (willing to pay the 10% penalty, regular
              taxes, etc.).  I can more than make up for the penalty and taxes
              with my deduction (even if it's over a couple of years).
              - original poster
           \_ NO. Stop fucking around.
           \_ Once you take it out, you can't get it back in, so you're
                                uhhuhuhuh. huhuhehuhuh. _/
              giving up N decades of tax advantaged gains. Very short sighted.
                \_ Or N decades of losses.  YMMV.
2001/3/20 [Computer/Networking] UID:20858 Activity:nil
3/19    When's Cisco laying off its employees? I can't wait to see them on
        \_ Uhh... they're still profiting, unlike dotcummers.
2001/3/20 [Recreation/Dating] UID:20859 Activity:nil
3/20    My GF is not strong enough to open most cans and jars.  When I asked
        her what she would do if I wasn't around, she said that she has always
        had a man in her life.  Whether it be a family member or BF. Is this
        \_ not typical.
        \_ For years, I thought a tourniquet was for opening jars.
           We'd wrap the thing around the tops of jars and open the jars.
           It wasn't until I was in college that they were used by
        \_ If there is a man around, I'd much rather not open jars myself.
           But I've always managed to open a jar myself if I need to. -girl
2001/3/20-21 [Science/Space] UID:20860 Activity:high
3/21    Does the water get hotter faster if you open the faucet more?
        \_Ever hear of 'empirical' data? try it at home.
        \_ yes because you remove the cold water in the pipes and
           fill the pipes with the hot water from the heater faster if
           you open the valve more.
           [ the indenter was here ]
              in the pipe which means it losses less heat to the pipe and the
           \_ Plus the water should also be hotter, because it spend less time
              in the pipe which means it loses less heat to the pipe and the
              surrounding.  (That's assuming you have a huge heater that can
              keep up with the consumption.)
             \_ yes, but since the water is in laminar flow, there is still
             cold water hugging the pipes so the water isn't completely
            hot until heat is transfered to the cold water hugging the pipes
            so it will take some more time.
                \_ Nonsense.  The slower flow is laminar too, and if at
                   faster speeds the flow becomes turbulent, your whole
                   bullshit argument is blown out of the water.
                  \_ the reynolds number is too low for turbulance and
                 and is mostly based on velocity:
                reynolds number = diameter * velocity / kinesmatic viscosity
                only turbulance would occur at fittings .etc. but in general
                In a pipe, water in contact with the pipe moves slower than
                water in the middle of the pipe.
                  \_ Regardless of whether the flow is laminar or turbulent,
                     the water, even at the EDGES, flows quicker if you
                     increase the flow, so it'll heat faster.
                    \_umm. definition of laminar is velocity = 0 at edge
                        \_ umm. definition of edge -> infinitesimal width
                          \_ umm. forget engineering as a practical  tool
        \_ go under your house and slap some insulating foam on those
           puppies.  instant hot showers for most of the year.
           \_ That's a good idea in any case.
           \_ Can the foam keep the water inside the pipes warm for eight
              hours or so?  E.g. when I turn on the faucet in the morning, is
              the stale water still hot?
              \_ Just buy heat on demand and stop with the annoying
                 questions. --dim
        \_ My neighbor has one of those attachments like I have at work
           that spits out very hot water from a different faucet.
        \_ Get heated water pipes.
2001/3/20-21 [Computer/SW/Database, Computer/Networking, Industry/Jobs] UID:20861 Activity:low
3/20    Of all the dot coms and mega corporations, which one do you want
        the most with a massive layoff?
        M$:     ..
        Oracle: ...
        Intel:  .
        Cisco:  ..
                \_ time to claim our scarce land and congested highways!!!
                \_ Time to get rid of the worthless newbie Gam3rz and bs
                   java programmers and 3rd line managers and directors with
                   one direct report (personal admin).
                   In the good old days, we build the best routers and
                   switches in the market with the fastest interfaces and
                   the most protocol support. Every engineer could rebuild
                   a basic router from parts and configure at least one ip
                   routing protocol in IOS and simple VLANs in CatOS.
                   Now we have a bunch of idiots who can't tell the difference
                   between L2 and L3 and don't know the difference between
                   IOS and WinNT. They need to go, NOW! Forget the fact that
                   they should never have been hired in the first place.
                   The old cisco culture made us #1 and it is what will save
                   - disgrunted Cisco oldtimer
2001/3/20 [Transportation/Car] UID:20862 Activity:nil
3/20    Does a particular car have better gas mileage when the engine is
        hotter or cooler?
        \_ hotter: the piston rings seal better and the fluids offer
           less resistance.
2001/3/20 [Finance/Investment] UID:20863 Activity:nil
3/20    How come when I use NT Netscape4.76 on <DEAD>csua/skey<DEAD> I can't copy
        the one-time password to the clipboard?  Can someone please either
        change it so that I can copy it, or change the font to be bigger or
        use a serif font so that I can distinguish the alphabets easier?
        Thanks a lot.
        \_ Ctrl-C doesn't copy it?
2001/3/20-22 [Computer/SW/Unix] UID:20864 Activity:low
3/21    Under most OS's how do control whether a program core dumps or not
        under a SIGSEGV?
        \_ man signal
        \_ you can also control it with things like limit. Note that certain
           cases should never dump core (i.e. setuid() programs.)
                \_ coreadm on Solaris lets you control that for people
                   who need to debug set*id programs.
2019/08/21 [General] UID:1000 Activity:popular
Berkeley CSUA MOTD:2001:March:20 Tuesday <Monday, Wednesday>