Berkeley CSUA MOTD:2002:August:01 Thursday <Wednesday, Friday>
Berkeley CSUA MOTD
2002/8/1 [Uncategorized] UID:25466 Activity:nil 66%like:25467
7/31    How many sodans have anal sex?
        1) .
        3) .
2002/8/1 [Uncategorized] UID:25467 Activity:nil 66%like:25466
7/31    Anyone had anal sex? How hard is it?
        \_ It's pretty easy. Why don't you try it on yourself instead of
           going around editing people's posts?
2002/8/1 [Computer/SW/Database, Politics/Domestic/California/Arnold] UID:25468 Activity:kinda low
7/31    What's the DB equivalent of
           \_ uhhh...right. what exactly does DB stand for?
2002/8/1-2 [Finance/Investment] UID:25469 Activity:kinda low
8/1     If persons A and B, customers at two different brokerage firms, try to
        sell 100 shares of a certain stock at an asking price P, then later
        someone at a third brokerage firm tries to buy 100 shares at a bidding
        price P, who gets priority to sell first?  Thanks.
        \_ Not meaningful.  Odds are the buyer is the brokerage firm anyway.
           \_ So when you look at stock quotes on Yahoo or ETrade web sites,
              are the bid and ask prices the ones by the brokers or the ones by
              the actual clients?
2002/8/1-2 [Computer/SW/Security] UID:25470 Activity:high
8/1     Bugtraq reports that openssh-3.4p1 was trojanned on,
        and its mirrors.
        \_ Link?  And Is that what happened to csua?
           \_ Don't think so.  That seems to have affected the
              openssh-portable port.
              \_ which... soda runs...
                 \_ dont bring facts into this.  this is the motd, damn it!
                    \_ It's okay, they didn't.
                 \_ no it doesn't:
                    $ telnet soda 22
                    Connected to http://soda.CSUA.Berkeley.EDU.
                    Escape character is '^]'.
                    \_ genius wtf do you think that is?  If it isn't an openbsd
                       machine and it's running openssh, it's the portable one
                       \_ I believe the FreeBSD uses the non-portable openssh
                          too, perhaps with their own patches. If FreeBSD was
                          using portable openssh, you'd see a version string
                          that looks like this: SSH-1.99-OpenSSH_3.4p1
                       \_ Hi.  You're an idiot.
                       \_ Recent FreeBSD base system uses 3.4p1.  There are
                          also two ports: security/openssh and
                          security/openssh-portable, which are a patched
                          OpenBSD version and the portable version,
                          respectively.  Soda is running the former, AFAIK.
              \_ The only installed openssh port I see is:
        \_ What's the bottom line? Is soda's current version compromised?
           \_ I don't think so.  Plus, the compromise is just a side effect
              of the build, and (supposedly) should not affect the built
           \_ No. The MD5 on the src tar ball in /usr/ports/distfiles
              matches the correct MD5:
              MD5 (openssh-3.4.tgz) = 39659226ff5b0d16d0290b21f67c46f2
              soda$ cd /usr/ports/distfiles/ && md5 openssh-3.4.tgz
              MD5 (openssh-3.4.tgz) = 39659226ff5b0d16d0290b21f67c46f2
           \_ Here is what I've heard from a reliable source: (sorry, no
              "If you didn't rebuild OpenSSH from scratch in the past 36
              hours you don't have to worry about it and the trojaned
              code was replaced with a clean copy by 6am PDT. The trojan
              was that someone added a line to a Makefile such that during
              compilation, a socket is opened to a hacked machine once an
              hour to await "commands" (or example, open a shell, or die).
              The OpenSSH code base wasn't touched. The hacked machine was
              wiped early early this AM.

              I haven't heard anything about whether the SunOS 4.1.X FTP
              server (the OpenSSH project hosts there because the people
              who offered to host it there have lots of bandwidth) was
              hacked, or if this was some kind of inside job from someone
              who had appropriate levels of access on that host.

              Like you doctor always said, check your md5 checksums and your
              PGP sigs. The FreeBSD "ports" system does that automatically
              and refused to build and install the tainted coded."
2002/8/1 [Computer/SW/OS/Linux] UID:25471 Activity:high
8/1     rise and fall of va linux :
        \_ And all "linux companies".  Hey leik d00de this kewl thing is leik
           all the rage lets do _something_ related to this linuks thing and
           then IPO!  The stereo typical Linux Business Model blatantly stolen
           from many others on the web:
           1: Linux based business model
           2: ....
           3: IPO and vast riches!
           \_ I thought phase 1 was collect underwear
           \_ This is a sign your company is going to be fucked: "We were
              all a big group of friends." Someone somewhere needs to be
              the boss. --dim
2002/8/1-2 [Computer/SW/Apps/Media] UID:25472 Activity:moderate
8/1     At the very end of "West Wing" last night, there was a song
        playing in the background...who sings it or what song was it? I think
        it might have been Bob Dylan.
        \_ motdformatd was here
        \_ Brothers in Arms by Dire Straits
        \_ Who watches West Wing?
2002/8/1 [Uncategorized] UID:25473 Activity:nil
8/1     Is okay?
        \_ ... its working for me right now... ?
Berkeley CSUA MOTD:2002:August:01 Thursday <Wednesday, Friday>