| WIKI | FAQ | Tech FAQ | |
 http://csua.com/feed/ | |
| ||||||
| 2001/3/20 [Computer/SW/OS/Windows, Computer/SW/OS/Solaris] UID:20851 Activity:very high |
3/19 So, i have discovered what i'm sure is a buffer overflow in
an application server my company uses. I can crash my server
and send random stuff to the kernel. However, I'm not a coder
(just a Sys. Admin.) so i can't really determine which part of
the garbage i'm sending gets executed. If i had more foo,
perhaps i could figure it out but... My question is, who, if
anyone, should i tell? (I am thinking of dropping everything
and figuring out what i need to, just to see my name on a CERT.)
\_ "fu", not "foo"
\_ your fough is week, old man.
\_ Which OS? I'm sure that if you're using Linux or {Free|Open|
Net}BSD you could probably get a backtrace somehow. If you're
using a comercial OS you won't be able to pin down the exact line
number in the source code but you might be able to gather
some amount of info that might be useful.
\_ Solaris on a Sparc.
\_ truss(1) is your friend. But how do you know that you
can really execute arbitrary code? Are you sure it's
more than DOS? And is it a bug in the app server or
the applications themselves?
\_ I guess i don't know if it is a bug in the app
server or the app. (that's a good point, i've
been giving our java guys too much credit). I'm
convinced it is a bona-fide Buffer Overflow because
stress testing didn't just cause it to time-out or
crash, it effected everything. BASH started saying
things like "cannot execute binary file" if i typed
hostname, exiting out of bash i'd get a "Sytax error
at line 1: ( unexpected" when i tried to do something
exotic like type "ls" (basically "echo" was the only
\_ Wow. Painful. Is this BEA?
\_ No, believe it or not, this product is worse.
\_ Freeware? or IBM?
\_ I'm guessing its IBM. They have lots of documented
buffer overflows.
command that worked). I couldn't even log in from
the console. I had to stop-A and reboot.
\_ You've made my day... Mistaking process or VM
exhaustion for security hole... That's 31337.
\_ Sometimes people can't just jump above their heads. Get over it.
\_ Find a copy of smashing the stack for fun and profit (just do
a search on google). Writing a buffer overflow isn't that hard.
It shouldn't take more than an evening of work. |
| 2001/3/20 [Science/Space] UID:20852 Activity:low |
3/19 Mars polar lander found. Maybe. Intact. Maybe.
http://dailynews.yahoo.com/h/space/20010319/sc/exclusive_spy_agency_may_have_located_mars_polar_lander_1.html
\_ better: http://www.cs.wisc.edu/~kovar/hall.html |
| 2001/3/20 [Uncategorized] UID:20853 Activity:nil |
3/19 Dubya's dyslexia may prove to be as politically useful
as poor Ronnie's dementia.
\_ Reagan's alzihmers came about in 92-93 time
frame not while he was in office.
[ There are *NO* indenting rules for the MOTD
if you don't like it *TOUGH*. Feel free to
delete this, I've got a program to put it
back. ] |
| 2001/3/20 [Reference/Tax] UID:20854 Activity:nil |
3/19 The IRS 1040 form for recently laid-off dotcom employees:
http://www.girlchick.com/erin/Pics/DotCom1040.jpg
\_ That is SO 9:32 am...
\_ Uh, this is so last week, like wednesday or so.
Next you'll be telling us about that Tokyo Breakfast
skit. |
| 2001/3/20 [Uncategorized] UID:20855 Activity:nil |
3/19 http://www.CSUA.Berkeley.EDU/~paolo/csua \_ yeah i need to update that meeting time - paolo |
| 2001/3/20 [Consumer/PDA] UID:20856 Activity:nil |
3/19 What processor(s) do the Palm Pilots run on? Thx.
\_ most Palm OS PDAs run on 17 MHz Dragonball EZ or 33 MHz Dragonball VZ
CPUs from Motorola. |
| 2001/3/20-21 [Reference/Tax] UID:20857 Activity:moderate |
3/19 Are Roth IRA, Rollover IRA, 401K, etc., etc. losses tax deductable?
\_ ERIN GO BRAUGH!
URL?
\_ What do you think since you don't pay capital gains taxes on
gains? --dim
\_ Let me clarify. I mean are these tax deductable IF I am to cash
out on these funds (willing to pay the 10% penalty, regular
taxes, etc.). I can more than make up for the penalty and taxes
with my deduction (even if it's over a couple of years).
- original poster
\_ NO. Stop fucking around.
\_ Once you take it out, you can't get it back in, so you're
uhhuhuhuh. huhuhehuhuh. _/
giving up N decades of tax advantaged gains. Very short sighted.
\_ Or N decades of losses. YMMV. |
| 2001/3/20 [Computer/Networking] UID:20858 Activity:nil |
3/19 When's Cisco laying off its employees? I can't wait to see them on
http://fuckedcompany.com.
\_ Uhh... they're still profiting, unlike dotcummers. |
| 2001/3/20 [Recreation/Dating] UID:20859 Activity:nil |
3/20 My GF is not strong enough to open most cans and jars. When I asked
her what she would do if I wasn't around, she said that she has always
had a man in her life. Whether it be a family member or BF. Is this
typical?
\_ not typical.
\_ For years, I thought a tourniquet was for opening jars.
We'd wrap the thing around the tops of jars and open the jars.
It wasn't until I was in college that they were used by
phlebotomists.
\_ If there is a man around, I'd much rather not open jars myself.
But I've always managed to open a jar myself if I need to. -girl |
| 2001/3/20-21 [Science/Space] UID:20860 Activity:high |
3/21 Does the water get hotter faster if you open the faucet more?
\_Ever hear of 'empirical' data? try it at home.
\_ yes because you remove the cold water in the pipes and
fill the pipes with the hot water from the heater faster if
you open the valve more.
[ the indenter was here ]
in the pipe which means it losses less heat to the pipe and the
surrounding.
\_ Plus the water should also be hotter, because it spend less time
in the pipe which means it loses less heat to the pipe and the
surrounding. (That's assuming you have a huge heater that can
keep up with the consumption.)
\_ yes, but since the water is in laminar flow, there is still
cold water hugging the pipes so the water isn't completely
hot until heat is transfered to the cold water hugging the pipes
so it will take some more time.
\_ Nonsense. The slower flow is laminar too, and if at
faster speeds the flow becomes turbulent, your whole
bullshit argument is blown out of the water.
\_ the reynolds number is too low for turbulance and
and is mostly based on velocity:
reynolds number = diameter * velocity / kinesmatic viscosity
only turbulance would occur at fittings .etc. but in general
In a pipe, water in contact with the pipe moves slower than
water in the middle of the pipe.
\_ Regardless of whether the flow is laminar or turbulent,
the water, even at the EDGES, flows quicker if you
increase the flow, so it'll heat faster.
\_umm. definition of laminar is velocity = 0 at edge
\_ umm. definition of edge -> infinitesimal width
\_ umm. forget engineering as a practical tool
\_ go under your house and slap some insulating foam on those
puppies. instant hot showers for most of the year.
\_ That's a good idea in any case.
\_ Can the foam keep the water inside the pipes warm for eight
hours or so? E.g. when I turn on the faucet in the morning, is
the stale water still hot?
\_ Just buy heat on demand and stop with the annoying
questions. --dim
\_ My neighbor has one of those attachments like I have at work
that spits out very hot water from a different faucet.
\_ Get heated water pipes. |
| 2001/3/20-21 [Industry/Jobs, Computer/SW/Database, Computer/Networking] UID:20861 Activity:low |
3/20 Of all the dot coms and mega corporations, which one do you want
the most with a massive layoff?
M$: ..
Oracle: ...
Intel: .
Cisco: ..
\_ time to claim our scarce land and congested highways!!!
\_ Time to get rid of the worthless newbie Gam3rz and bs
java programmers and 3rd line managers and directors with
one direct report (personal admin).
In the good old days, we build the best routers and
switches in the market with the fastest interfaces and
the most protocol support. Every engineer could rebuild
a basic router from parts and configure at least one ip
routing protocol in IOS and simple VLANs in CatOS.
Now we have a bunch of idiots who can't tell the difference
between L2 and L3 and don't know the difference between
IOS and WinNT. They need to go, NOW! Forget the fact that
they should never have been hired in the first place.
The old cisco culture made us #1 and it is what will save
us.
- disgrunted Cisco oldtimer |
| 2001/3/20 [Transportation/Car] UID:20862 Activity:nil |
3/20 Does a particular car have better gas mileage when the engine is
hotter or cooler?
\_ hotter: the piston rings seal better and the fluids offer
less resistance. |
| 2001/3/20 [Finance/Investment] UID:20863 Activity:nil |
3/20 How come when I use NT Netscape4.76 on <DEAD>csua/skey<DEAD> I can't copy the one-time password to the clipboard? Can someone please either change it so that I can copy it, or change the font to be bigger or use a serif font so that I can distinguish the alphabets easier? Thanks a lot. \_ Ctrl-C doesn't copy it? |
| 2001/3/20-22 [Computer/SW/Unix] UID:20864 Activity:low |
3/21 Under most OS's how do control whether a program core dumps or not
under a SIGSEGV?
\_ man signal
\_ you can also control it with things like limit. Note that certain
cases should never dump core (i.e. setuid() programs.)
\_ coreadm on Solaris lets you control that for people
who need to debug set*id programs. |
| 5/17 |