|
11/23 |
2005/2/21-22 [Computer/SW/Security] UID:36354 Activity:kinda low |
2/21 I just got a PayPal spam mail asking me to confirm my PayPal account. It says to go here: http://202.108.69.147/webscr which obviously is a fraud, but omg it looks 100% authentic and everything looks exactly like PayPal. I'm very impressed at scammers and their sophistications. \_ Yeah, it's downright eerie how people can use HTML to fake other sites. \_ try logging in with a wrong password, then a right password. See what happens? It's not trivial. Make sure to change your password to something new after this experiment. \_ Yeah, it's downright eerie how people can use HTML and basic perl to fake other sites. \_ Have some fun with it with a browser running in a vmware session, fake username/password, and some basic xss exploits. Dump the whole session into ethereal, and if you're not concerned about engaging in wire fraud and other illegal stuff, for bonus points see what hilarious vulnerabilities you can find on their box and on others they run. -John \_ Yeah. I found a list of ATM numbers and PINs and CC numbers on one site. |
2005/2/21-22 [Computer/SW/Security] UID:36351 Activity:very high |
2/21 List of big design blunders in computer science, I'll start: \_ IP6 needed because IP4's running out (reality: NAT made IP4 more abundant hence IP6 adoption has been slow to a crawl) \_ IPv6 needed because IPv4's running out (reality: NAT made IPv4 more abundant hence IPv6 adoption has been slow to a crawl) \_ That's not a design blunder; IPv6 is still needed, just not as quickly as was first anticipated. -tom \_ NAT is a bad thing(tm). It breaks applications that need end to end connectivity. It also makes it difficult to manage large clusters of systems each using the same NAT address space. In the IPv4 world we have been stuck using overlay networks to deal with these problems. If everyone was using IPv6 people would not need these type of hacks. \_ I'm increasingly convinced that the future is IPv6 overlays that have to be negotiated/constructed dynamically by some sort of link control protocol where all the paranoid authz checks can be done by the folks who think firewalls and NAT are the greatest thing since sliced cables. \_ Therac 25, baby. \_ DOS, 640K RAM is enough for everyone (reality: never enough RAM) \_ Why is DOS a blunder? For many applications DOS works well enough (ex. my DSLR runs DOS and it works just fine). \_ gets(), strcpy(), strcat(), and all other C standard library functions that assume infinite buffer sizes. \_ C++, period. Ugly, ugly, ugly. \_ Go away troll. \_ Y2K: first the prevelance of the bug, then the overblown reaction to it \_ bug != design decision. People designed systems with two digits to hold the year because it was the right design tradeoff at the time. If any of the designers really expected the systems to stay in use for literally decades they would have decided otherwise. \_ wouldn't it have been more space efficient to represent the year as a single byte, offset from 1900? that would have kept them safe until 2155 and saved a byte. Would that have been more computationally expensive? \_ You obviously aren't familiar with BCD and its prevalence in the financial world. \_ Microsoft Bob. -gm \_ I just looked at it. It actually seems pretty cool albeit the primitive looking GUI. What happened to it? \_ I was referring in particular to its "password reset" feature, which would prompt you for a new password if you entered the wrong password three times. As for Bob in general, I don't think it was ever really adopted, and its purpose (make the Windows UI easier to use) became obsolete. -gm \_ The password thing is just an implementation fuckup. -John \_ MBONE SHALL RULE ZE VORLD!!! MUAHAHHA!! --Professor Larry "The Slammer" Rowe. \_ slammer? \_ JavaScript. Language sucks, feature sucks, security sucks. \_ That's ECMAscript beotch!!! \_ The unification of data types and conceptual types in programming languages. Unification isn't even the right word, because these two generally have not been separated to begin with. Also, the general philosophy of early CS pioneers of designing for non-malicious, cooperative use. We are still dealing with the repercussions of THAT (unsafe languages, problems with network protocols, etc). -- ilyas protocols, etc). Designing languages for the 'average case' rather than the 'best case' (I am talking about users of languages). Designing for the average gives you Java. -- ilyas \_ Multics. The entire x86 security ring architecture. Java. SMTP (sans authentication). \_ Java? Yeah, that's big design blunder -- a language that is easy to program in and works on all sorts of different devices, not to mention fuels my paycheck every month. Maybe the transistor is another big mistake? \_ I see your "Multics" and raise you a "Nachos". -gm |
2005/2/19-21 [Computer/SW/Security, Computer/Companies/Yahoo] UID:36253 Activity:nil |
2/19 So I spend hours loading pics to yahoo photo albums and arranging them in the order that I want. And then I go back and all the pictures in every album are out of order. Why does this happen? And maybe more importantly, what's a similar service that people recommend that won't have this problem. Basically just somewhere I can load my pics to that anyone can look at, even without them having a passwd or account or anything. -pissed off at yahoo \_ Definitely send them a pissed off email. Maybe someone will get yelled at. \_ shutterfly. |
2005/2/17 [Computer/SW/Security, Politics/Domestic/President/Bush] UID:36213 Activity:high |
2/17 Bush warned 52 times before 9/11 attacks: http://csua.org/u/b3f \_ we are constantly warned of an attack from Al Qaeeda, it's going to happen, what are you doing about it? \_ Heed the warnings and order up a full complement of armed air marshals. Oh wait, we only did that after 9/11, right? \_ You missed the point. There is no way to know which method Al Qaeda will use to attack us. They might not use planes at all. They have just threatened attack. So how do you stop them? \_ did you read the URL? yes, the whole thing. \_ Did you read my post? Yes, the whole thing. I'm Al Qaeda. I tell you I am going to "attack the USA". What will you do about it? The point here is that Bush would get the blame in that instance, but what can he do about it, really? The instance in the article is specific. I am talking about a general case. \_ You increase security and alert law enforcement. You take it as an actual problem and work to increase human intelligence. You look at the outgoing administration's thoughts on the matter and develop a strategy. You don't go back to crawford to "clear brush". If it had been a priority issue, maybe the FAA would have said yes when NORAD asked them if they wanted an intercept on the off-course flights. \_ Yes, I read your post, the whole thing. I got your point, a long time ago. You missed my point. Your point is obvious to everyone. My point, the same one in the article, is not. That's why I asked you if you read the whole URL. Had we heeded the warnings and ordered up a full complement of armed air marshalls prior to 9/11, we might not have had a 9/11, or at least had competently placed security to afford a chance. And, you still haven't said whether or not you've read the entire URL, which was my question. -- If you really did, maybe you wouldn't have wasted your words on me. \_ You are talking about a general case that did not exist. \_ It exists at this very moment and as such is more pertinent than what someone did or did not do 5 years ago. |
2005/2/10 [Computer/SW/Security] UID:36124 Activity:kinda low |
2/9 just a coincidence with thread below... The Genocide That Wasn't: Ward Churchill's Research Fraud http://hal.lamar.edu/~browntf/Churchill1.htm \_ I've also read some funny stuff about how he goes around claiming to be a member of various indian tribes, none of which, it turns out, have him listed as a member. \_ Yeah, like most nutjobs, his screeds have brought him attention and scrutiny that wouldn't have happened elsewere, exposing his *factual* errors instead of just his nutjob opinions. http://hal.lamar.edu/~browntf |
2005/2/6-7 [Computer/HW/Laptop, Computer/SW/Security] UID:36077 Activity:very high |
2/6 Our parent company is considering forbidding us from taking laptops off the premises due to possible src code loss. Considering that many of us work from home the majority of the time, this does not sit well. We need to come up with a proposal for keeping the src (or entire disk) on an encyrpted drive. I used PGP desktop a while back but never did any disk intensive activity (eg compilation) on it. Has anyone been subjected to similar measures and have any suggestions? Thanks. \_ Yeah, plenty of companies are hiring. Start looking for another job now. \_ I love my job. Not interested in a new one. -op \_ Do you think this is the last PHB decision they will make? You love it now, but this is just a harbinger of things to come. I am sorry I cannot be more positive. There has got to be some way of encrypting things for you but I don't know what it is. \_ Maybe not, CHKP is an agent of the Mossad, so I wouldn't put anything past them, but, regardless, i need to wait a few more years for the remainder of my options to vest. -op \_ Write up a reasoned explanation of why this won't help. Particularly in a technical field (development), it's always near trivial to find ways around this unless they completely isolate your work network from the internet. (i.e. you can't go to websites, check popmail, etc) If there are any such "holes" that those evil, evil employees could just copy the code out through, encrypting it locally won't help. \_ The issue is not that they don't want employees stealing the src, the issue is that laptops are prime targets for theft and if someone were to get their laptop stolen, release of the src code would be disasterous. Of course there are plenty of ways to get around it. -op \_ Out of curiosity, does anyone know how often data from stolen laptops ends up getting into the wrong hands? I would have guessed that most laptops get stolen by crackheads who sell them to the local pawn shop for a hundred dollars, who then erases the harddrive and sells it for two hundred to some random moron. At what point in this chain does data get sent to some competing software company? Are there people out there making a living cruising the silicon valley pawn shops for sellable data on stolen hard drives? \_ magnetic tape, flashdrive/CF/SD/etc, laptop HD in a USB/FW case ... iPod/etc ... \_ Again I'm not looking for ways to take src code home. I'm looking for a reasonable solution for securing the data on the laptop to mollify their concerns and to prevent me from having to jump through such hoops. I still have VPN access to CVS from my desktop at home and if it were to come to it would just ditch the laptop. -op \_ it was meant as examples to give your company to prove how fucking stupid they are. \_ Uhm, if you have VPN access to the company what makes the company think that someone can't just steal your computer at home and get the source code there? I'm sure that you encrypt your data, but that's not a guarentee that someone else who works under similar conditions will. Anyway, what's so important about the source code? MS had its source code for Winblows leaked, it's not like someone is going to go and develop a competing product anytime soon. And if your software is that valuable, people can just reverse it through brute-force decompilation and analysis. \_ It looks like PGP Corporate deployed using smart cards or tokens (e.g. RSA SecurID doodads) is probably what you want. I just glanced at the marketing drivel on the website so you'll need to read further to be sure, but this looks like a reasonable place to start: http://www.pgp.com/products/desktop/disk -dans \_ We had very good success with Safeguard Easy (both boot sector protection and on-the-fly disk crypto.) If you're feeling adventurous, you can play with MS EFS on top, but your PKI admins had better know what they're doing. -John \_ Most responses don't really understand the problem. Working in an environment where much of our software is classified as a munition, I do. It is about accountability more than actual prevention of theft. They *know* you can steal the source and if they were concerned about that they'd do what the DoD does and make you leave it at work. They are concerned about the laptop being stolen. Whether or not it is easy to obtain the source by hacking into the system over VPN is irrelevant. In our particular case, it is just disallowed. Period. You can take the executables, but not the source. I, too, am interested in a good solution but I think none exists. However, I do not understand why the desktop is allowed. That is just as much of a no-no. \_ I would just take the source code home and be done with it. |
2005/1/25-26 [Computer/SW/Security] UID:35897 Activity:nil |
1/26 Was there some talk going on tonight in Mountain View? Any details? \_ Diffie is giving a talk tomorrow at the computer history museum: http://www.computerhistory.org/events/index.php?id=1105901815 |
2005/1/22-24 [Computer/SW/Security] UID:35856 Activity:moderate |
1/22 I've had netflix now for about 6 months now, and their turn-around time is slowing down; it used to be about a day or two, and now it's a few days. Has anyone else experienced similar service? \_ I've had netflix since 2001 and have noticed no slow down at all and have lived in 3 different places. It did get a bit rough when I started filling my queue with New Releases and freeing up space right when they released, but that was because they were shipping the movies to me from Texas and Boston since the demand here was too high. \_ I just signed up two weeks ago. Day 1: Mail old stuff in Day 2: Gets there, they mail new stuff Day 3: I get it \_ wasn't there some talk about how netflix slows down service for users who borrow too much? \_ New and light users get priority for high-demand discs. It doesn't affect your throughput, but if you have high throughput and like new releases you'll have a bunch of stuff stagnant at the top of your queue. \_ I think it's more dependant on the vagaries of the post office. I have noticed an increase in the <stddev> of arrival time which might be that they opened up more shipping centers and will mail your #1 disc from which ever center gets it back in first. \_ Netflix gives priority to new customers over old customers. This happened to me before, and my DVD turn around time went from 3 days to 5+ days within span of 6 months. I discontinued the service for a while resubscribed again. \_ Did you primarily rent new releases? \_ I've had Netflix since 2001 and my turn around time has always been 1-2 days (except during the holidays). I'm in SJ, less than 1 zip code away from the distribution center and I mostly only watch PBS/BBC/SciFi so perhaps my experience is better than can be expected. If you want an alternative, my cousin has had pretty good luck with greencine. \_ I subscribed to greencine for about 6 months now and turn around has always been 2 days. But they dont have pr0n and I'm thinking of also subscribing to bushdvd unless anyone here knows a better competitor. |
11/23 |
2005/1/21-25 [Computer/SW/Security] UID:35855 Activity:nil |
1/21 Diffie is giving a lecture about the history of information security this wednesday from 7-8:30 PM at the Computer Hist. Museum in Mt. View (best part is that its free): http://www.computerhistory.org/events/index.php?id=1105901815 \_ I _highly_ recommend going to see this guy talk. He's one of the most fascinating speakers I've seen--he'll ramble for hours about things that may only peripherally relate to the nominal topic of the talks, and it's all incredibly interesting, even if you have no clue what he's on about from time to time. -John |
2005/1/21 [Computer/SW/Security] UID:35836 Activity:moderate |
1/20 Someone was asking for eggs? http://www.hundredpercenter.com/sitebuilder/images/P19-361x232.png \_ That's a snowball dork! Anyway, the security was way too tight for eggs. http://www.washingtonpost.com/wp-dyn/articles/A25250-2005Jan20.html \_ A snowball?! Obviously my elementary school teacher was not on Bush's security detail. I was told those things were really dangerous. Repeatedly. \_ It must be hard being so stupid. |
2005/1/20 [Computer/SW/Security, Transportation/Car/Hybrid] UID:35824 Activity:high |
1/20 If I go through the bridge toll plaza on a "FastTrak/cash" lane, is the transponder supposed to beep? I did it twice on the San Mateo bridge and it didn't beep. I got worried and now I only use the FastTrak-only lanes. \_ there is a sign which says Valid \_ This is STFW day today, isn't it: http://511.org/fastrak/faq.asp \_ do you have the regular transponder or the Continuum Transponster? |
2005/1/20 [Computer/SW/Security] UID:35806 Activity:nil |
1/20 Is there an option to subversion to keep it from storing your password in cleartext? The file in ~/.subversion/auth/svn.simple seems to do so by default. Thanks. \_ Use svn+ssh:// or http:// not svn://. In 1.1.x, you can turn off password caching with the store-passwords option. |
2005/1/18-19 [Computer/SW/Security] UID:35774 Activity:moderate |
1/18 Looking for a good backup program on XP. I like the simplicity of the default XP backup program, but I'd like to have encryption on top of it. I've considered WinZIP with encryption but it is a bit clumsy, and I've considered tar/pgp, but I'd hate to tar and then pgp separately. What are some alternatives? Thanks. \_ Can you just create an encrypted volume with Pro and just dump all your data on a backup drive? I tend to do USB HDs since dumping stuff to CDR/DVD isn't practical anymore these days with hundreds of gigs of data. \_ well if your primary disk is hosed and lose the keys you'll never retrieve your content. I don't know how/and have enough faith to backup/restore the keys. \_ See post and URL in other thread about username / password based retrieval of WinNT-encrypted files. |
2005/1/18-19 [Computer/SW/OS/Windows, Computer/SW/Security] UID:35767 Activity:nil |
1/18 WinXP question. Let's say I have a backup folder, encrypted using EFS. Then I backup my private keys using "cipher /x:keys". Then one day my computer crashes and I'd like to read the backup folder. How do I export the keys to a newly installed WinXP so that it'll read the encrypted files? ok thx. \_ I believe all you need is to attach the hard drive to another computer (via IDE or external drive) and login with the same username and password, and the files will magically decrypt as you open them. If you want to access the files with another username, there are steps in the link (search for "import your keys"), but it sounds complicated. http://www.microsoft.com/technet/security/topics/crypto/efs.mspx |
2005/1/18 [Computer/SW/Security] UID:35763 Activity:nil |
1/18 Between Fannie Mae (Gorelick and Raines), Berger, and this you really have to wonder. Cut-Rate Diplomas:How doubts about the government's own Dr. Laura exposed a fraud http://www.reason.com/0501/fe.ps.cut.shtml \_ Who is Laura Callahan? |
2005/1/17-18 [Computer/SW/Security] UID:35747 Activity:nil |
1/17 For the person who asked about AFP over SSH, just start a ssh tunnel on your client: ssh -N -L [localport]:localhost:548 [user]@[afpserver] Now you can connect using ssh via the finder using the afp url: afp://localhost:[localport] \_ note: must be root to bind to <1024 |
2005/1/4-5 [Computer/SW/Security, Computer/SW/Unix] UID:35542 Activity:low |
1/4 I added a user to my Windows 2000 machine, and now I can't login as Administrator or any of the other user accounts. I think I changed the automatically login user without password box. I think I need to reset the administrator password. Any ideas? \_ obgoogle. try system internal's website. they got tools \_ http://home.eunet.no/~pnordahl/ntpasswd \_ Perfect! That worked very well, I'm keeping that CD in my kit. \_ Get tweakui for win2k. It will allow you to turn the proper login back on. |
2004/12/28 [Computer/SW/OS/Linux, Computer/SW/Security] UID:35455 Activity:high |
12/28 I have access to a large supply of psx, n64 and snes...besides games are there any good uses for these consoles? Are there ways to use them for parallel computing or educational purposes? -scottyg \- see e.g. http://arrakis.ncsa.uiuc.edu/ps2/cluster.php i wonder if they were able to buy the hardware subsidized. --psb \_ got any spare saturns? Want to sell one? -aspo \_sure, go to http://www.squaredealonline.com -scottyg \_ 50 bucks??? That isn't so square. \_ Check ebay, Saturns are having a bit of a revival. I'll be putting mine up soon, with games, if you're interested. -jrleek \- see e.g. http://arrakis.ncsa.uiuc.edu/ps2/cluster.php i wonder if they were able to buy the hardware subsidized. --psb \_ got any spare saturns? Want to sell one? -aspo |
2004/12/24-25 [Computer/SW/Security] UID:35429 Activity:nil |
12/24 so I have a giant proprietary format microsoft access db file i think mail collection file used with Earthlink Total Access on a PC. how do i convert it to something usable in maildir or mbox format for use with another email processing program? - danh \_ perl DBIx::MSAccess::Convert2Db -tom |
2004/12/16-17 [Computer/SW/Security, Computer/SW/Virus] UID:35331 Activity:moderate |
12/16 Odd sort of viral marketing (as in computer virus viral)-- the site invitation.sms.ac will send you an email from your friend asking you to sign up for free text messaging (sms) service on their site; they then comb your address book and auto send an invitation to all your friends. The most insidious feature of this is that the invitation uses passably decent grammar and spelling. May God have mercy on us all. \_ How did a website comb your personal address book? Did you actually install something from a untrusted and unknown site? \_ Lots of people are security-unaware enough to do it, especially if a friend 'invites' them to do it. \_ I don't know how it works; I got the invite from a friend who subsequently mailed me saying it was a scam. The email invite looked pretty legit though; I can't say anything about the website since I didn't visit. |
2004/12/14-15 [Computer/SW/OS/OsX, Computer/SW/Security] UID:35293 Activity:moderate |
12/14 Has anyone successfully gotten ssh/scp public key authentication to work on Mac OS X? I'm going from a 10.3.6 client machine to a 10.3.6 Server machine, but it doesn't seem to be looking at the key. Is there some strange config setting I'm missing or am I just a tard? -sax \_ - On client machine type: ssh-keygen -t dsa - Enter nothing for passphrase - Add ~/.ssh/id_dsa.pub from client as a line in ~/.ssh/authorized_keys on server \_ You can actually have passphrases and not have to wrestle with the authentication agent. Check out keychain (http://www.gentoo.org/proj/en/keychain/index.xml It works great, I use it all the time on my Mac. (as for the ssh prob, I don't have anything to add that hasn't been said) - ajani \_ I have, and I don't particularly recall any voodoo needed to make it work. Try connecting with -vvv, and see what it says. You could also try turning sshd's log level way up. -dans \_ Are PubkeyAuthentication and RSAAuthentication both set to yes in /etc/sshd_config? (They should be by default) I haven't had a problem getting this to work with OS X. --ranga \_ As a follow up, I've gotten passwordless dsa keys to work from my client->soda, soda->client, and server->client, I just can't get anything to work going into my server. I even tried over- writing my sshd_config with both soda's and my client's files, to no effect. I can ssh to the server, it just won't recognize the public key. I'm not sure if this is a configuration problem, or something particular about 10.3 Server... I'm now going to try some of these suggestions, thanks! -sax \_ Turns out it's an ownership problem of the home directories on the server. The server was set up as an AFP server, and the permissions on the home folders are screwy. -sax |
2004/11/29-30 [Computer/SW/Security, Computer/SW/Unix] UID:35115 Activity:low |
11/29 I archived a big direcotry (3GB) using tar with bzip2 compression (-j) and I notice that to extract any file, tar seems to read through the whole archive decompressing it byte by byte and takes a VERY long time, no matter how small that file is. Is there a better archive method? (I am archiving on to a file, so dump does not work.) \_ Use zip. The compression isn't as good, but you can access any file instantly. \_ I need good compression but I won't add files to the archive, so a tool that puts all the directory information at one place, compress the files individually and allow random access is what I am looking for. (And it has to be available for Macs too.) \_ Why don't you just run bzip2 on foreach i ( * )? -John \_ Perhaps RAR, http://www.rarlab.com Not free, though. \_ 3GB is not that much. Burn it on a DVD. |
2004/11/27 [Computer/SW/Security] UID:35085 Activity:nil |
11/27 What's the purpose of having/requesting the three-digit "security code" on the back of credit cards? I don't see how it makes transactions more secure; anyone tapping into a phone call or computer network can pick up that number as easily as the CC# itself and expiration date. \_ It does prevent dumpster divers (aka, employees) from taking all the necessary information off of the carbon copy. In stores, you are never asked for the extra 3 digits, as they can see you have the card, but online, it is supposed to prove that you are holding the card. But, if you can monitor the communications, you can do anything you want. |
2004/11/25-27 [Computer/SW/Security, Computer/SW/Unix] UID:35077 Activity:kinda low |
11/26 Is there any reason to give directory world Readable permission but not eXecute permission? I encountered this on a public ftp site. Is this just a mistake or are they trying to block access? [Thanks for deleting a lot of crap] \_ no, you can't get into that directory on the porn site. \_ well, with just read, you can list the names of the files in the directory, but that's about it. i don't know if that's considered useful. \_ No you can't, unless you mean read in the sense of od/cat/etc. \_ Yes, you can. Try it. You can use ls to list the filenames, but you won't be able to stat the file for more details. \_ You try it. % ls -ld bar drw------- 2 xxx csua 512 Nov 26 22:38 bar/ % ls bar % chmod 700 bar % ls bar baz \_ Your ls program is too smart -- it's trying to get extra information about the files, which fails. Try /bin/ls. |
2004/11/19 [Computer/SW/Security, Politics/Domestic/President/Bush] UID:34980 Activity:nil |
11/19 Hey angry voter fraud guy, Bush received more votes than the number of registered voters in several Ohio counties. Where's your outrage??? \_ COOK COUNTY!!!1! KENNEDY WAS A FRAUD!!! YEAAAARGHHHHH!!!!1!! |
2004/11/19 [Finance/Banking, Computer/SW/Security] UID:34977 Activity:high |
11/18 Should cows be tipped? \_ of course. though I (and I think most people) usually just round up to the next dollar, and if that is less than 10%, add a dollar. \_ Why tip them? They are being paid for the services. Who started this kind of tipping system. It so ridiculous. \_ shut up, overpaid software engineer - danh \_ also taxi drivers make like $2.00 an hour. I know it's not your job to make their careers viable but it's something to keep in mind. - danh \_ If your're going to tip taxi drivers, barbers, waiters, etc, you might as well tip other people providing services to you such as garbage collector, postman, cashiers, etc. \_ Well, if all those other jobs had their wages lowered to reflect expected tipping, then sure. Now if you want to question which, if any jobs should be largely paid in tips, that's another matter. \_ Don't forget to tip your local software engineer. \_ Most civilized people give their garbage collector, postal delivery guy, etc a Christmas gift of some kind. \_ You can lament the tipping system all you want, but the fact is that, particularly in the U.S., we've adjusted salaries based on the expectation of tipping, so in a real sense you are only paying for the service if you tip the expected amount. -tom \_ Well I was really asking what's "THE STANDARD". -op \_ http://www.tipping.org/tips/TipsPageTipsUS.html. -tom \_ You need to tip furniture delivery person??? I tip people all the time but never to a delivery person. \_ http://csua.com/?entry=11672 \_ Please tell me you tip your pizza delivery guy at least \_ Oddly topical article from last Friday: http://www.kcrg.com/article.aspx?art_id=92666&cat_id=123 Gist being that driving a cab even in Cedar Rapids is dangerous. \-so is it ok to not tip if the service is seriously bad ... and i mean stuff under the service employee's control. --psb \_ No; you should tip the expected about even if the service is ^ should be a comma. \_ No. It should be a period. \_ A semicolon is perfectly correct, if a little odd, as it is. The sentiment, however, is wrong -phuqm seriously bad, according to Miss Manners. -tom \_ Miss Manners can suck a dick. The whole point of tipping vs. salary is that with tipping the customer can punish the employee for doing a bad job or reward them for a good job. It's basically an economic system of performance evaluation. \_ Wrong. 15% tip for the waiter is part of his salary. You can give more for good service. -tom \_ It's part of their earnings, but not part of their salary. If it was, it wouldn't be a tip. They're not entitled to a tip if they do a terrible job, and that's borne out both in custom and law. I always tip but if someone was really rude or incompetant I would not feel obligated. \_ Yes, of course. The understanding implicit in tips is that your pay is performance-based. Bad performance = less or no tip. --erikred \_ Sure, but some people feel it's OK to withold a tip for things out of a server's control, like bad food or a slow kitchen. \-yeah i dont mean for a minor slight like "my water glass was empty for 5min. i mean something like a seriously fucked up haircut. or a taxi driver who gets lost after you specifically asked do you know where X is. --psb \_ If I ask for more water twice and it doesn't come, that's bad service. \- if the wait person is stupid vs. surley vs. the restaurant is understaffed, those are all different scenarios in my book. there is bad service and then there is stuff that actually will cost you money ... waiter spills liquid on your clothes. it's the latter cases where i think it is not unreasonable to imply "this is coming out of your tip". --psb \_ and of course, you think it's fine for people to withhold your salary based on their own criteria, and never tell you why. -tom \_ I have a legally binding contract governing my salary. I may also receive an additional bonus as an incentive to perform; said bonus may be allotted on purely subjective criteria, so essentially, yes. Service industry employees hold jobs which involve providing service. I pay for this service already. If they are not being paid enough, it is a contractual issue between themselves and their employers. It is not my problem. I am already compromising far more than I feel obliged to by adhering to cultural norms suggesting I pay the service staff extra for making an effort to provide particularly good service. -John \-holube: do you think it is "better" that to you tip a waiter than drops soup on you and then write a letter to management suggesting he/she is a lamer? the analogy to "me and my employer" doesnt work because one relationship is between 2 parties and the other is between 3 parties ... and norms that are sustainable in long term relationship may not work in one-shot cases. it is not feasible for me to tip 15% and then go to the employer and ask for a partial refund because of some problem. again i am talking about cases where something fairly dramatic has gone wrong. also the restaurant case is likely different from others because tip pooling is likely. there are certanly micro- differences in service and tipping is one place to allow for some flexibility [are you a regular who is seated before other people who got there before you? are you seated next to the bathroom etc]. so why arent flight attendants tipped? --psb \_ I can't believe you guys had a whole tipping conversation without once mentioning Mr. White. Philistines! \_ Do you know what this is? It's the world smallest violin, playing just for the waitresses. \_ Yeah! FUCK POOR PEOPLE!! \_ I always forget to leave a tip for the room service people in hotels. Those people make atrocious wages too. |
2004/11/18-19 [Computer/SW/Security, Finance/Banking] UID:34956 Activity:very high |
11/18 Should taxi drivers be tipped? \_ of course. though I (and I think most people) usually just round up to the next dollar, and if that is less than 10%, add a dollar. \_ Why tip them? They are being paid for the services. Who started this kind of tipping system. It so ridiculous. \_ shut up, overpaid software engineer - danh \_ also taxi drivers make like $2.00 an hour. I know it's not your job to make their careers viable but it's something to keep in mind. - danh \_ If your're going to tip taxi drivers, barbers, waiters, etc, you might as well tip other people providing services to you such as garbage collector, postman, cashiers, etc. \_ Well, if all those other jobs had their wages lowered to reflect expected tipping, then sure. Now if you want to question which, if any jobs should be largely paid in tips, that's another matter. \_ Don't forget to tip your local software engineer. \_ Most civilized people give their garbage collector, postal delivery guy, etc a Christmas gift of some kind. \_ You can lament the tipping system all you want, but the fact is that, particularly in the U.S., we've adjusted salaries based on the expectation of tipping, so in a real sense you are only paying for the service if you tip the expected amount. -tom \_ Well I was really asking what's "THE STANDARD". -op \_ http://www.tipping.org/tips/TipsPageTipsUS.html. -tom \_ You need to tip furniture delivery person??? I tip people all the time but never to a delivery person. \_ http://csua.com/?entry=11672 \_ Please tell me you tip your pizza delivery guy at least \_ Oddly topical article from last Friday: http://www.kcrg.com/article.aspx?art_id=92666&cat_id=123 Gist being that driving a cab even in Cedar Rapids is dangerous. \-so is it ok to not tip if the service is seriously bad ... and i mean stuff under the service employee's control. --psb \_ No; you should tip the expected about even if the service is ^ should be a comma. \_ No. It should be a period. \_ A semicolon is perfectly correct, if a little odd, as it is. The sentiment, however, is wrong -phuqm seriously bad, according to Miss Manners. -tom \_ Miss Manners can suck a dick. The whole point of tipping vs. salary is that with tipping the customer can punish the employee for doing a bad job or reward them for a good job. It's basically an economic system of performance evaluation. \_ Wrong. 15% tip for the waiter is part of his salary. You can give more for good service. -tom \_ It's part of their earnings, but not part of their salary. If it was, it wouldn't be a tip. They're not entitled to a tip if they do a terrible job, and that's borne out both in custom and law. I always tip but if someone was really rude or incompetant I would not feel obligated. \_ Yes, of course. The understanding implicit in tips is that your pay is performance-based. Bad performance = less or no tip. --erikred \_ Sure, but some people feel it's OK to withold a tip for things out of a server's control, like bad food or a slow kitchen. \-yeah i dont mean for a minor slight like "my water glass was empty for 5min. i mean something like a seriously fucked up haircut. or a taxi driver who gets lost after you specifically asked do you know where X is. --psb \_ If I ask for more water twice and it doesn't come, that's bad service. \- if the wait person is stupid vs. surley vs. the restaurant is understaffed, those are all different scenarios in my book. there is bad service and then there is stuff that actually will cost you money ... waiter spills liquid on your clothes. it's the latter cases where i think it is not unreasonable to imply "this is coming out of your tip". --psb \_ and of course, you think it's fine for people to withhold your salary based on their own criteria, and never tell you why. -tom \_ I have a legally binding contract governing my salary. I may also receive an additional bonus as an incentive to perform; said bonus may be allotted on purely subjective criteria, so essentially, yes. Service industry employees hold jobs which involve providing service. I pay for this service already. If they are not being paid enough, it is a contractual issue between themselves and their employers. It is not my problem. I am already compromising far more than I feel obliged to by adhering to cultural norms suggesting I pay the service staff extra for making an effort to provide particularly good service. -John \-holube: do you think it is "better" that to you tip a waiter than drops soup on you and then write a letter to management suggesting he/she is a lamer? the analogy to "me and my employer" doesnt work because one relationship is between 2 parties and the other is between 3 parties ... and norms that are sustainable in long term relationship may not work in one-shot cases. it is not feasible for me to tip 15% and then go to the employer and ask for a partial refund because of some problem. again i am talking about cases where something fairly dramatic has gone wrong. also the restaurant case is likely different from others because tip pooling is likely. there are certanly micro- differences in service and tipping is one place to allow for some flexibility [are you a regular who is seated before other people who got there before you? are you seated next to the bathroom etc]. so why arent flight attendants tipped? --psb |
2004/11/15-16 [Computer/SW/Security, Computer/SW/Unix] UID:34896 Activity:nil |
11/15 I can't access webpages on Soda. \_ Looking at the logs, it appears things stopped working a little after 7:00PM Sunday because of nfs problems at the time. Can someone give apache a kick ("apachectl restart")? \_ Fixed. Is anything going to work today? - root \_ Thanks. U = awesome. |
2004/11/9 [Computer/SW/Security, Computer/SW/Virus] UID:34770 Activity:high |
11/8 http://www.fcw.com/fcw/articles/2004/1011/web-manh-10-15-04.asp So the NSA wants a ned center to work on, in part, detecting malicious code hidden in software. How is this any easier than 'solving' the halting problem? \_ Dubya can do anything he sets his devious and evil monkey mind to. \_ The fact that a problem is undecidable in general does not stop entire industries from springing up around it (anti-virus stuff comes to mind). -- ilyas \_ Remedying parts of a problem (anti-virus stuff comes to mind) but not eliminating the problem entirely is better than not doing anything at all, unless your partial measures create a false sense of security (anti-virus stuff comes to mind). This is especially true for infosec. Even if AV vendors create false panic & hysteria, there is nonetheless a real problem out there, which they are partially addressing. The same with this malicious code initiative. I have corporate clients who have enormous issues with this; it is a real problem just crying for someone to do something, anything, about it. Infosec problems cannot ever be 100% solved. -John \_ "infosec". This sounds like something Orwell or Philip K Dick would come up with. \_ Sorry, you're right. We've just all taken to calling it that here, you get used to it. You have always been at war with Eurasia. -John \_ Damn eurocommunists. -- ilyas \_ Mao! Mao is the standard! \_ Ooh mao mao, ooh papa mao \_ Are you chinese? Do you understand the effects opium trade had on china!? effects holocaust had on china!? \_ No I don't, explain it to me. \_ Penalty. |
2004/11/1 [Computer/SW/Security] UID:34505 Activity:nil |
11/1 So I'd like to use Visual SourceSafe through ssh-tunneling. (I'd rather chuck VSS entirely, but that's another story). I have no problem getting VNC to work with ssh (using putty on a WinXP box) but though I've tried this with ports 139 and 445 for file sharing (following some guides online) I've been unable to get this working. Has anyone successfully done this? How? (BTW, the reason I don't want to use VPN is that VPN on XP sucks rocks for performance.) \_ WTF does this have to do with the elections? Get outta here! |
2004/10/25-26 [Computer/SW/Languages/C_Cplusplus, Computer/SW/Security] UID:34329 Activity:low |
10/25 I have a problem in C++. I have a bunch of autogenerated classes that I need to be able to convert between. I made a templeted cast function in a common header file, but it needs to access a protected function in the generated classes. Is there any way to make a templeted friend function shared between all those auto-generated classes? I tried, but I got an error that the function hadn't been defined. From the first auto-gen'd class. \_ My head hurts. \_ Hahahaha, you made my day! \_ is there some reason you can't make better use of polymorphism and virtual functions instead of all this conversion crap? \_ Yes. http://www.llnl.gov/CASC/components/babel.html \_ Could you explain the relevance of this URL to why you can make better use of polymorphism and v-fncs? -npp \_ Any reason not to use a public accessor? \_ This is what I've done for now, but I would prefer not to. \_ Thing is, friend templates are a mess with current compiler implementations. I'd hesitate to depend on that feature if you want any kind of portability. Another possibility would be a template member which does the conversion for you from/to an intermediate type. \_ are you allowed to modify the autogened files at all? you could convert the private members to protected. then use explicit naming to access the protected members from your casting function. \_ I'm not sure what you mean by this. Can I access protected data with a non-member function through some kind of explicit naming? |
2004/10/22-24 [Computer/SW/Security, Computer/SW/OS/Windows] UID:34300 Activity:kinda low 72%like:34296 |
10/22 XP Service Pack 2: Good or bad? \_ No problem for me. I've installed it on a few systems. \_ Mostly good, and no. It changes your TCP/IP stack such that if are 10 half-open TCP connections, you can't open any more until time out. This greatly slows the spread of worms but screws you if you're running a mail server or P2P. The only fix is a hex-edit of tcpip.sys \_ I had some issues with regards to stability that were traced to SP2's security center. Had to play around a bit to keep the machine from locking up every hour or so. Others I've talked to had problems with certain software, particularly games, so they just went back to SP1. \_ Mucked up my brother's Outlook Express such that he can't open messages with attachments, but that's what he gets for using OE. He switched to Thunderbird, and all is well. \_ It takes five seconds to turn this off from the preferences menu. Give me a break, you don't even know how to turn off a preference in OE? \_ My sister-in-law called my up and has been on the phone with Microsoft because the XP SP2 failed halfway through and messed up the system. It seems to be hit-and-miss in terms of the chances for disaster. |
2004/10/20-21 [Computer/SW/Security] UID:34256 Activity:nil |
10/20 I need to call long distance (to canada) tonight and somehow my phone card does not work. Since I never signed up for a long distance carrier, is there a 1010* service that does not charge a minimum or monthly fee? Ok tnx! \_ http://1010phonerates.com/index.html |
2004/10/20-21 [Politics/Domestic/California, Computer/SW/Security] UID:34254 Activity:moderate Edit_by:auto |
10/20 Hi, I've created a toy web site that will hopefully be a bit of insightful for people who want to know the "slant-ness" of different news source: http://www.slantcheck.org I already bought the domain names, I'm now looking for a place to host it. If you would like to help please email me. -kchang \_ http://www.free-webhosts.com/webhosting-01.php \_ Kevin, does it occur to you that averaging faulty sensor readings doesn't produce meaningful results? Maybe if we had some sort of pagerank for people this could work. -- ilyas \_ the same is true for web votes on http://cnn.com, http://cbsnews.com, etc. Also read his disclaimer. It's not meant to be scientific at all \_ I know. I am saying why add to the garbage? -- ilyas \_ ilyas-- what is trash to you may be useful to others. To say categorically that something has no value, says a lot about you. Secondly, most systems require some level of trust and certainly all systems are subject to abuse. Just look at the electoral college, Gerrymandering, e-vote machines crashing, etc. No system is abuse free -- some systems are much more abuse prone than the others (case in point informal internet vote). It's good to have a starting point somewhere, and in time, refine the system to a point that it is much less abuse prone and that it is generating acceptible results. \_ It does say a lot about me. It says that I think systems where a vote is trivial to fake, where a single person can trivially cast arbitrary numbers of votes, where the opinions of all people are weighed equally, etc. etc. etc. will produce garbage. No one will rely on such a system for anything other than generating empty motd conversations. Having said that, I welcome differing opinions of 'others,' because I am curious how http://cnn.com polls can possibly be of any use to anyone. I want to be proven wrong here. If you honestly want to make progress in this area, you can look at social networks/pagerank research, or computer security. -- ilyas \_ Aw, I thought it was going to run news articles through some sort of analysis program to compute the results. Instead I find it's just an unfiltered click poll. \_ that itself is a PhD thesis right there. Context sensitive weight analysis. \_ Yeah, well I could hope for some arbitrary heuristics at least. A poll isn't right... the name evokes http://factcheck.org which at least provides human analysis. A <DEAD>slantcheck.org<DEAD> run by some dedicated individuals who analyze submitted instances of "slant" could actually be an interesting service that could get national attention. \_ Is this thing just a cry for attention? \_ I dunno. But a http://factcheck.org comparison is natural... hey I would enjoy doing that analysis as part of some funded group. Those http://factcheck.org people get paid to sit around and analyze the same shit you guys all do on the motd every day. \_ thanks for the response guys. The bottom line is that there are a lot of improvements and changes that need to be made in order to make the results fair and meaningful. I'd love to implement some of the features that were suggested, but most of them require a lot of time and/or money. Please keep up these great suggestions, but even more importantly, send me money via PayPay. Once I generate enough interests and funding, I'll be able to hire someone to implement these features. Thanks. -kchang \_ How are we supposed to know you aren't going to spend it all on h07 42n ch1x, or hire one to "implement" your features? \_ he's gonna hire hot UCLA chicks to implement the features :) |
2004/10/18-19 [Computer/Companies/Ebay, Computer/SW/Security] UID:34197 Activity:low |
10/18 Has anyone been a victim of ebay fraud? \_ Yes, although it was for shipping costs rather than the full price of the item. Sold $600 of records to a buyer in the UK. Shipping was over $200. He sent me a "FedEx id number" that the FedEx driver accepted, but which later turned out to be fraudulent. I was later charged the full amount for shipping and threatened with collections if I did not pay up. The buyer disappeared, and since I had already given him "good feedback" for his payment of the goods cost, I couldn't ding him through the feedback system. Ebay was COMPLETELY unresponsive on this issue, and I have heard *very bad things* about their response to fraud issues. \_ If I were selling $600 stuff on ebay, I'd have required buyers w/ excellent feedbacks only. What was that guys's feedback? \_ Uniformly excellent. \_ Isn't this a special case of the 'collusion problem' Google's trying to solve? -- ilyas \_ Not necessarily. This guy got ripped off but has now joined the others who gave positive feedback. \_ Right. Lesson learned: don't give any feedback until ALL costs are sorted out, and never believe that a FedEx or UPS account number is real until double checking. --ripped off guy. \_ Is there some credit-reporting agency in the UK you can talk to to shit all over this guy's credit? \_ I have. Bought an item and similar (but less valuable) item was shipped in return. I took it as a loss. I had very many good experiences also, but I am thinking fraud is more common now than it was when I used eBay more heavily (5-6 years ago). \_ I was indirectly. A company I briefly worked for had a service where you could buy a money order with a credit card and have it mailed to a purchaser (to allow eBay buyers to pay with a money order). When I heard about this my immediate reaction was something like "Um, isn't this a huge risk?". The next month we lost $5000 in charge-backs from people who didn't get their purchases. They all bought from the same seller who did good business for 4 years and then moved to Turkey. Oh yeah, when I heard about this I looked at the seller's address and recognized it as the International House. |
2004/10/4 [Computer/SW/Unix, Computer/SW/Security] UID:33892 Activity:moderate |
10/4 Hey, jvarga. What the heck is bonnie and why is it sucking up all of soda's resources. And why are you running sshd? 7803 jvarga 56 0 5544K 1816K RUN 1:38 4.49% 4.49% sshd 58395 jvarga -6 0 884K 448K nfsaio 3:27 3.56% 3.56% bonnie 58396 jvarga -6 0 884K 448K nfsaio 3:27 3.52% 3.52% bonnie 58393 jvarga -6 0 884K 448K nfsaio 3:27 3.37% 3.37% bonnie 58391 jvarga -6 0 884K 448K nfsaio 3:26 3.32% 3.32% bonnie 58397 jvarga -6 0 884K 448K nfsaio 3:28 3.27% 3.27% bonnie 58394 jvarga -6 0 884K 448K nfsaio 3:27 3.27% 3.27% bonnie 58398 jvarga -6 0 884K 448K nfsaio 3:27 3.12% 3.12% bonnie 58399 jvarga -6 0 884K 448K nfsaio 3:27 3.12% 3.12% bonnie 58392 jvarga -6 0 884K 448K nfsaio 3:25 3.03% 3.03% bonnie \_ An sshd process is started as the user whenever you log in with ssh. \_ Stress testing nfs for soda upgrades. I'll nice my processes a bit more to keep the load from interfering. \_ What are you testing? Dont be absurd. Re: nicing ... you are certainly giving signs of not knowing what you are doing. \_ And those signs would be??? Nicing processes will cause them to be much lower in the priority queue than other processes, like sendmail, and make life for you better. Nicing has absolutly nothing to do with testing NFS. \_ What a lamer. I wouldn't be surprised if jvarga isn't a l33t u|\|1X H4X@r. But he's doing a pretty good job, and a whole lot more than you are. If you have something constructive to say, go ahead, otherwise, shut your pie hole. \_ You dont know who I am. By anybody's measure I've done far more for the CSUA than jvarga. root@soda/ politburo has been quite unresponsive to requests and has made a number of boneheaded decisions like the "kchang finger denial of service" thing. \_ he was evil when I met him in 97 and deserves a permanent squishage. The decision was anything but boneheaded. -former polit \_ So, by "by anybody's measure", you mean "anybody who hasn't been around to actually see how much work he's done." \_ How about a list of things? \_ Said the anonymous loser. \_ Anonymous Loser, just like you? If I signed, then I'd be dismissed as a bitter alumnus. \_ Like I said, lamer. We've got this thing in English, indeed most languages. It's called present tense. indeed most languages, it's called present tense. Used for such words as "doing", and "sitting." Maybe you should google for it. \_ bonnie is a file system stress-testing benchmark. It *should* be heavily I/O bound. Bearing that in mind, what's renicing it supposed to accomplish? \_ It should be I/O bound, and it is. Renicing the processes will ensure that they don't consume CPU when others want it. It has nothing to do with the I/O bound nature. \_ Not to mention running a benchmark on a system with a lot of baseline use. "Stress testing for soda upgrade" ... yeah right. \_ Actualy, yes, stress testing for a soda upgrade. Those bonnie processes are hammering on an NFS mounted partition. |
2004/9/28-29 [Computer/SW/Security] UID:33814 Activity:nil |
9/28 Anyone know if it is possible (how?) to get the firmware image from an existing alteon (AD3) (without having to take the box apart)? I got a replacement AD3 for my existing failing one but it has a REAL old software version that doesn't support some of the features I use and want (like ssh) but I'm unwilling to pay nortel $1000 for a support contract. \_ What's wrong with taking the box apart? |
2004/9/27-28 [Computer/SW/Mail, Computer/SW/Security] UID:33783 Activity:kinda low |
9/27 Looking for colo in Berkeley/Oakland/SF (we provide box) The best I've seen so far is http://coloserve.com $100/mo for 100GB transfer Has anyone dealt with them/know anyone better? Thanks \_ check http://www.vix.com/personalcolo ? -EricM \_ That works out to about 320kbps. Maybe you should just get DSL and host it yourself. \_ Think about traffic patterns for a minute. Also, colo gives you dedicated power/AC maintenance. Depending on how you're going to use the connection, the colo is likely the more cost effective way to go. \_ I was looking for same thing yesterday. If you http://HE.net down in Fremont is okay with you, you can go to: http://www.nationhosts.com http://www.netspaceinternet.com they give 1mbps at 95%(~200GB) for $75-85 for 1U. If this is just a personal thing and you'll have low bandwidth, I've actually decided to rent out a space on a friend's rack. E-mail me and I'll see if he's interested more tenants. - johndkim |
2004/9/26-27 [Computer/SW/Security, Politics/Domestic/SocialSecurity] UID:33764 Activity:high |
9/26 What kind of secret service protection do senators receive? Also, do presidential candidates receive special secret service protection? \_ Um, this is kind of a strange question to ask on the motd, but Presidential candidates all recieve SS protection... ever since Robert Kennedy. I am pretty sure that the SS has nothing to do with the Senate, but I know that Feinstein has some kind of her own security detail. I don't know who pays for it. \_ Thanks, but why is this a strange questino to ask on the motd? \_ Remember the Steve Jackson games case? The SS doesn't take well to jokes or even idle curiosity. \_ Enjoy Ashcroft's be-latexed fingers icily probing your rectal cavity while you are denied access to counsel! \_ You have Ashcroft all wrong. He'd never use latex, he'd dive right in. \_ Enemy combatants and people who format weirdly on the motd have no right to lubricant under the Geneva Conventions. |
2004/9/21 [Computer/Networking, Computer/SW/Security] UID:33658 Activity:very high |
9/21 A question for everyone. My mother is a libertarian. She wants a \_ Librarians are sexy \_ Not in Hayward Pub. Lib. few computers in her library to only be allowed to visit certain webpages. (Various refernece and database pages). Basically, she wants a browser with build in white listing for page viewing. Is there anyway to do this? \_ stick them on a unrouted/private network with a firewall/proxy between them an the outside. Setup access rules on the proxy to ONLY allow the desired sites. Make sure it doesn't do any other routing. Lock down the PC's to prevent physical access hacking. \_ That's the usual solution, but since it's a public library, we were hoping for something simpler. What would your recommend as a router? A linux box? \_ cheap (if you have the expertise to set it up handy) linux/bsd box, running squid. \_ I used to work in a company that made a low-cost machine whose browser has built-in parental control. But it went bankrupt three years ago. \_ Implement this with a firewall. Iptables on Linux will do it. I am sure Windows has a firewall software. \_ A firewall local to the machine, or in the gateway, or does it not matter? \_ It's easier to do it once in the gateway, but you can implement it on each host locally just as well. I just recalled that we use 'Sygate' for Windows. \_ You want an easy and fast way to do this? Buy one of those wireless router things for $50 and turn off wireless. Then use the Parental Control feature to deny access to all domains except those you enter. I have a D-Link DI-614+ and DI-624 and they both do this. Admin access is by username/password and you can add/delete domains. \_ The eminently hackable Linux-running Linksys WRT54G also has this feature. \_ Mozilla extention: Weblock http://www.brownhen.com/weblock \_ I would NOT recommend trussting any access control in PC's that end-users will have access to. \_ Really, it just doesn't matter that much. There are other completely open computers in the library. If someone really wants to use a access controlled computer to access other stuff, it's not really going to matter much, and eventually someone will notice and kick them off. In general the idea is to have some computers that will be generally open to people actually doing research. -op \_ they should whitelist http://Amazon.com as well as the database searches. I often use amazon when I'm using a library to figure out more information about a book than is available in library databases. |
2004/9/21 [Computer/SW/Security, Academia/Berkeley/CSUA/Motd, Computer/SW/Unix] UID:33656 Activity:high |
9/21 Say, why don't the proponents of a logged motd actually hack it and put it in /etc/motd.logged, and let people vote with their feet? -- ilyas \_ why don't you create /etc/motd.stupid and post your crap there? -tom \_ Every account should have its own /etc/motd.<accountname>. Only you will be allowed to post to your own motd. No one else will be allowed to touch it, and /etc/motd.public will be turned off. This way, everyone who wants to can rant to the heart's content, and no one will have to worry about their rants being baleated. Everyone else can just ignore you if they want to. We can have special zones set up for those that love to argue, as well - for instance, /etc/motd.tomvsilyas, /etc/motd.freepernutzo, /etc/motd.aaronallcapsrant, and /etc/motd.mormons. The AMC can have his own empty file for his motd, but it will be owned by root so that he can remain "anonymous." It will be world readable but not writeable by anyone. \_ and we could call these files ".plan" files, and have a special command to read these motd files called "finger." \_ Well, I was trying not to belabor the point too much, but then again... \_ you have just used the slippery slope tactic. \_ And tom used a red herring AND an ad hominem in 1 line! \_ uh, ilyas is the one with the red herring. -tom \_ ilyas just volunteered! |
2004/9/8 [Computer/SW/Security, Recreation/Shopping, Computer/SW/Unix] UID:33417 Activity:very high |
9/8 What are some wedding registry web sites to use? \_ http://www.uscav.com \_ http://www.weddingchannel.com handles the registries for most of the major stores, including Macy's, Williams-Sonoma, Pottery Barn, Crate & Barrel... etc. Even REI! \_ The most popular. Does what most people want to do. But of course, if you do it with Wal-Mart (and I think Target too), you get to walk around the store scanning whatever the hell you feel like... \_ You can also walk around with a scanner at a Williams-Sonoma or Pottery Barn store. \_ You can't scan catfood, cigarettes, and t.p. at WS or PB. \_ It's really more a question of what store(s) you're registering at isn't it? \_ http://bushong.net/wishlist \_ http://www.williams-sonoma.com |
2004/9/4-6 [Computer/HW/CPU, Computer/SW/Security] UID:33348 Activity:moderate |
9/3 Thinking about getting an opteron? If security is your concern, maybe you should think again: http://csua.org/u/8x7 \_ Erm, maybe I'm missing something, but that page argues that if someone can gain root access and flash the system with malicious microcode, they can in the future gain full access through mere userspace privilege. True, but wouldn't that apply to any box where you can flash the bios as root? -John \_ on the PC, linux for example bypasses the BIOS except for initial bootstrapping. modifying processor microdoce gives a more persistent hook, as would modifying firmware of any DMA-master capable device that is not reprogrammed by the OS. this isn't the end of the world, but surely adds to the "security is hard" mountain. \_ Very few places need to be this concerned about security. The financial industry, for example. The finance and high security government facilities I'm aware of would be no more or less freaked out by this than the idea that someone got root in the first place. If they take a gun to your sysadmin's head at a party they'll get access, too. So, if you're thinking about hiring sysadmins who might show at a party maybe you should think again. \- hello, it is interesting to talk to people in the financial world about some of the "attacks" they face, for example organized crime infiltrating the mail room. also you have problems like say how to not let the backup staff read the data. ok tnx. \_ Yes, that is what I was getting at with the sysadmin at a party line. There are lots of easier ways to do nasty things that don't involve updating micro-code or anything high tech at all. \_ Wow, someone who actually knows something. Thank you for showing up. \_ That's why I avoid parties. It has helped me land better jobs. :-) |
2004/9/2-3 [Computer/SW/Security] UID:33311 Activity:moderate |
9/2 If I want to put images on my (non-profit) website that were not mine (e.g. scanned in from a book or grabbed from other webpages) but I did credit the original source, is that allowed? \_ I've seen more and more sites putting up explicit "fair use" notices which explain that the work is being used for research purposes or public benefit, that the original copyright terms still apply for downstream usages, etc. etc. You can probably google for an example, which may or may not be copyright restricted itself. What's your site? \_ No, you need explicit permission. \_ It's a very sticky situation. In some cases, it's allowed, but in many cases it's not. Can you be more specific? \_ Do some research, find out who owns the copyright, and ask for permission. Unless it's an original for-profit work of art, most people will let you use it as long as 1) they don't find your page insulting, and 2) you credit the source. I used animal pictures from kidsdomain and a regional park service to build my Ecosystem game: http://www.ecosystemgame.us \_ aaaaaaah! you got me! I can no longer resist the urge to become a marine biologist! you've ruined my life! \_ Wow, really? I was really aiming for the 8 to 11 age range, but a convert's a convert. \_ I'm kidding. I'm a physicist, so any system with more than two kinds of atoms is probably out of my reach. Cool website, though. \_ Thank you. |
2004/9/2 [Politics/Domestic/911, Computer/SW/Security] UID:33308 Activity:nil |
9/2 http://csua.org/u/8wm (LA Times) A senior Russian security official said authorities are faced with a dilemma even worse than the 2002 seizure of the Dubrovka Theater in Moscow by Chechen militants, which led to the death of 129 hostages and 41 guerrillas when Russian troops gassed the theater and stormed in. "The situation is much worse than Dubrovka. Believe me, much worse ... It seems almost certain that the hostage-takers are not really interested in negotiations, or any demands. So far, we haven't gotten any coherent statement of what they really want. ... They are just biding their time, as if waiting for us to start storming this school, and then they will blow everything up. I think they are ready to blow themselves up, together with the hostages, in any case. It seems to be their one and only plan." So, you are Putin. What do you do? Please withold jibes about vodka and "In Soviet Russia ...". \_ Decimate the Chechens (i.e. kill every 10th). Do so after every terrorist act by the Chechens. \_ I read that as Chickens and was very confused... \_ "Fear...will keep the local systems in line." \_ As far as the current crisis, there is really only 2 options. A siege, starve them out, or gas 'em again. Probably niether would be very effiective. I guess the previous guy's idea might work over the long run. \_ Why not a standoff while you try to bring in some hostage-taker's relatives and religious authority figures and see if they can convince them to let everyone go in exchange for amnesty. \_ Oooo, family members. Good idea. But who's getting the amnesty? The terrorists or the family members? North N. Korean style would be to kill the terrorists AND their extended families. \_ tactical nukes over rebel hideouts \_ Why do you hate thermonuclear weapons? \_ You're really a moron, you know that? You undercut any sensible counter-argument Cheney and friends *could* have. \_ I don't think the thermonuclear comment was made seriously. You're STILL the moron. \_ Cheney offers to help with Russian hostage situation! "We have to many of these things anyway, and I've always wanted to drop one or two on Ruskies!" |
2004/8/27 [Computer/SW/Security, Computer/SW/Unix] UID:33177 Activity:moderate |
8/27 Is anyone else haveing a probllem w/ spamassassin not working since sometime late last night? \_ Yes. I am using spamc. \_ Fixed. Emailing root is the fastest way to get this resolved when spamd hozes itself -njh (root) \_ root messed up, root must be squished! |
2004/8/26-27 [Computer/Domains, Computer/SW/Security] UID:33160 Activity:moderate |
8/26 So I just transfered from http://register.com to http://godaddy.com. I filled out a few simple forms and http://godaddy.com says "You have successfully accepted the transfer of the domain." Isn't there anything I have to do on the http://register.com side? \_ A couple weeks ago, I transferred a .org from http://register.com to http://000domains.com and learned that the loosing registrar has 5 days to acknowledge or deny the transfer. If, after 5 days, the loosing registrar (in this case http://register.com) does nothing, the transfer will automatically happen. transfer and it happend moments later. What TLD is your domain? \_ my domain ends on Sept. 1. I just transfered today. Does that mean when it expires it should transfer? What is TLD and how do you contact http://pir.org? By the way I just disabled SafeRenew Automatic Renewal Service on http://register.com, is that the same as "locking"? Thanks. -op \_ TLD is Top Level Domain. Each TLD has one registry. http://pir.org (Public Interest Registry) is the .org registry. Example TLD's: com, net, org, biz, be, us, cc, to \_ Unless you have locked the domain, no. If you have locked it you have to inform the losing registrar. \_ Be careful and make sure they haven't been 'helpful' and locked it for you. That happened to me and was a nightmare. |
2004/8/24-25 [Computer/SW/OS/Windows, Computer/SW/Security] UID:33120 Activity:low |
8/24 Anyone has any suggestions to hack a Windows XP system if you have physical access to the machine? Can one just boot from a USB drive and start to read other files on the machine? \_ Yes. Assuming the drive isn't encrypted, all you have to do is boot to something that will let you mount/slave/etc the winxp drive. \_ Lots of programs let you boot off of a floppy and reset the Administrator password from there. |
2004/8/24-25 [Computer/SW/Security] UID:33112 Activity:kinda low |
8/24 Is there a way to to disable tunneled clear text passwords on a per/user basis in OpenSSH? Can this configuration be set in a file in the user's .ssh directory? \_ They can edit that file so what good is it as a security measure? \_ Because I I want to disable password logins for my own account. \_ Because I want to disable password logins for my own account. \- just * your passwd/shadow entry. i think this is a good thing to do in nis domains. --psb \_ That sounds like it could be useful, though also an easy way for an attacker to lock a user out of his own account, temporarily at least. If this is your own machine, you could write a PAM module that denies password auth requests to users on some list. |
2004/8/24 [Computer/SW/Security] UID:33093 Activity:moderate |
8/24 Anyone have problem logging into ebay? \_ As a security precaution, your account has been suspended. Please take a moment of your time to update your account information to keep your account secure. After you update your information, your account will be reinstated. Thank you. -Ebay Security |
2004/8/20 [Computer/SW/Security, Computer/SW/Unix] UID:33038 Activity:high |
8/20 Would someone (root type person) make mail to motd world readable, or is it so somehow already? \_ Why? \_ Password registration. \_ mailinator. \_ I want the password and updates to be soda accessible. \_ rcpt to: motd@csua.berkeley.edu 553 5.3.0 motd@csua.berkeley.edu... motd does not accept mail. |
2004/8/18-19 [Computer/SW/Security] UID:32999 Activity:nil |
8/18 OpenSSH 3.9 is out: http://tinyurl.com/67632 Some cool new features are: - Session multiplexing - Reintroduction of PAM support |
2004/8/18 [Computer/SW/Security, Computer/HW/Laptop] UID:32983 Activity:moderate |
8/17 I used to use a POP3 client on my laptop to check my soda email through a secure, encrypted ssh tunnel. This does not seem to be working anymore... has this been disabled? \_ no, you broke something on your side. |
2004/8/18 [Computer/SW/Security, Computer/SW/OS/Windows] UID:32977 Activity:low |
8/17 No free speech for fascists! http://www.wired.com/news/politics/0,1283,64602,00.html?tw=wn_tophead_1 (Hackers plan to DOS Rebublican websites) \_ Expecting ethical behavior from crackers is 'Sofa King, We Tod-Ed' \_ Um, freedom of speech is a protection against government crackdown on speech. |
2004/8/16 [Computer/SW/Unix, Computer/SW/Security] UID:32938 Activity:very high |
8/16 Some douche changed the password for the csuamotd nytimes account because he said he didn't like political threads. They're not going away and you just inconvenianced a lot of people. Where do you live? I'd like to piss in your swimming pool. \_ if you figure out who it is, post their name. \_ I second that. \_ Is there a "I forgot my password, please email it" option? \_ Yes, and it will probably go to motd@csua.berkeley.edu \_ Yes, and it will probably go to motd@csua.berkeley.ed |
2004/8/16-17 [Computer/SW/Security, Computer/SW/OS, Computer/SW/OS/OsX] UID:32937 Activity:moderate |
8/16 Why does it always take apple a couple weeks after realsing a system upgrade before posting the sha digest for the download? -- still waiting for 10.3.5 \_ FWIW, people using Software Update (post 07-12-2002) does have the benefit of cryptographic signature verification. http://www.macmegasite.com/modules.php?name=News&file=print&sid=228 http://www.macmegasite.com/modules.php?name=News&file=print&sid=228 \_ Ever since it is released, people on macintouch and macfixit have complained S.U. screws the system and recommend download directly the (combo if possible) updater. They never offered a reason for this but I followed it just to be safe. \_ I use SU on my G5, and all is well with my computer. YMMV. |
2004/8/14-16 [Computer/SW/Security, Computer/Networking] UID:32899 Activity:moderate |
8/14 How much do you pay each month for home net access, what speeds are you getting, what additional services, if any, are part of the package and how happy are you with the service? I'm paying about $65/month for cable. I get great speeds, it's been very reliable but I think it's a bit pricey. \_ forgot, something like $45 for cable with basic TV also. don't remember any downtime, speeds are more than I need but I haven't measured lately (at least 1.5 mbps). mountain view. \_ $40/mo with DSL. Speed is about 1mbps. That's good enough for me. No downtime so far. \_ me to. \_ $109/mo with Speakeasy, 6.0mbps/768kbps, static IPs, very reliable. \_ $49/mo DSL through Cyberonic. My house is old, the cu is bad and my co is overloaded, so I'm limited to 640Kbps-768Kbps/786Kbps and suffer some downtime. The downside is that I have to use a router that has a 'static ip' but performs pppoe authentication. All in all I'm okay with Cyberonic, its much faster than my old DSL. Before Cyberonic I had 384/128 DSL via http://Sonic.net and paid $57/mo. Sonic provided excellent service and decent webmail, but I switched because I wanted faster service for a lower monthly cost. Sonic tried to convince PacHell to fix my line so I didn't have as much downtime, but PacHell refused which is another reason I switched. I hate PacHELL. \_ I swear those cocksuckers have a computerized blacklist of hated customers who get the special "screw you" treatment. Every time I moved when I lived in california it would take them about a month to "set up" my new phone line, yet somehow other people would get service in a couple of days. Fuck pacbell. If I ever live in Ca again, I'm not even going to bother with a landline. \_ I thought pacbell was no more? -only owns cell phone \_ They're now called SBC, but they still provide the same PacBell service you know and love. |
2004/8/12 [Computer/HW/Laptop, Computer/SW/Security] UID:32847 Activity:nil |
8/11 I am not paranoid, but I put sensitive personal information on my laptop and I go everywhere with it. Is encrypted disk image reliable and fast? I googled for filevault but it is hard to find article with clue/analysis. Any other suggestion is nice too. tia. \_ Using Windows XP Professional? Right-click on folder -> Properties -> Advanced -> Encrypt contents to secure data \_ Tnx. Actually I am using OS X, but I appreciate the answer about window and if there is something for general *nix I'd like to hear it too. By the way, are such encryption really effective against id thieves, safe from corruptions, and fast? |
2004/8/9-10 [Computer/SW/Security] UID:32798 Activity:moderate |
8/9 [If you want to selectively delete posts from the thread, you might as well delete the whole thread.] \_ Don't take it personally, it happens to me all the time. Some people use scp to change the motd, so as to preserve their privacy, nuking recent changes. Yeah, I think they are kind of paranoid assholes too, but they have their reasons and they will not change. \_ Why would using scp protect privacy? People can see motd.public on your commmand line. \_ BoxAtHome% scp luser@csua.berkeley.edu:/etc/motd.public foo BoxAtHome% vi foo BoxAtHome% scp foo luser@csua.berkeley.edu:/etc/motd.public \_ soda% ps -aux | fgrep motd .... scp ... /etc/motd.public One can write a script to check process data regularly, and root can check lastcomm. So unless you have a program running on soda that mirros motd, you will still be caught. |
2004/8/9 [Computer/SW/Security, Computer/Rants] UID:32779 Activity:high |
8/9 On IT outsourcing failures. http://www.theregister.co.uk/2004/08/09/customer_always_wrong \_ What I don't understand about this is the accusatory undertone towards the outsources. It's commonly known that Accidenture, EDS and their ilk have screwed up projects big-time (just look up "national police computer" for a good example.) However, they're just trying to make money. What I object to is that people rarely take a long, hard look at who makes the decisions to hire these people. "Nobody ever got fired for hiring HP/IBM/whoever"" is a bit too deeply ingrained in a lot of management thinking. -John |
2004/8/4 [Computer/SW/Security] UID:32678 Activity:moderate |
8/4 PuTTY 0.55 is out. Fixes a big SSHv2 vulnerability: Release Notes: http://tinyurl.com/2rpub Download: link:tinyurl.com/4z2k4 MD5s: http://the.earth.li/~sgtatham/putty/0.55/md5sums \_ Speaking of putty, anyone know how to prevent ^? from being sent? I have backspace set to ^H, but if I have shift held down and hit backspace it sends ^?. |
2004/8/2 [Computer/SW/Security, Computer/SW/Virus, Computer/SW/OS/Windows] UID:32630 Activity:high |
8/3 I found this virus email fairly amusing: "Dear user of http://soda.csua.berkeley.edu, Your account was used to send a huge amount of unsolicited e-mail during the last week. Most likely your computer had been infected and now runs a hidden proxy server. We recommend you to follow our instruction in order to keep your computer safe. Best wishes, http://soda.csua.berkeley.edu technical support team." Included was the usual zipped executable file. Who falls for this?! \_ yermom's got trojans \_ Many people at my workplace did. Most non-engineers, and even some young engineers who have never seen a DOS prompt, don't realize that a file with a name "foo@bar.com" is an DOS/Windoze executable. |
2004/8/2-3 [Computer/SW/Security] UID:32623 Activity:high |
8/3 For anyone who's been having trouble using the Java SSH client on the web page, could you please try http://csua.berkeley.edu/new-ssh If it works for everyone, I'll make it the default. --mconst \_ Doesn't work through transparent proxies (at least for browsers using a proxy.pac.) To be honest, I also had this with MindTerm 2.0 (I guess being able to store proxy values you give it would break the sandbox, no?) -John \_ Cut and paste isn't working for me. Also having problems with vi that I didn't have with the old ssh. \_ Could you please make sure $TERM is set to vt320? The new ssh sets it automatically on login, but your dotfiles might be setting it to something else. Cut and paste doesn't work for me in either ssh client; does it work for you in one but not the other? --mconst \_ Cut and paste between ssh windows works in the old ssh only. Cut and paste between ssh window and other window doesn't work in either. \_ Worked fine for me--shift-insert and control-insert (this is on XP) -John \_ Posting from it now, <tab> doesn't work, ditto w/ copy-paste. It renders better (eg, when I pipe to less) OTOH, the old ssh closes immediately after authentication. (Thanks for your work on this, it is appreciated). |
2004/7/31-8/1 [Computer/SW/Security, Computer/SW/RevisionControl, Recreation/Humor] UID:32613 Activity:insanely high |
7/31 [ no, see, you need to restore the entire thread. ] \_ Grow up you self-righteous little worm and stop seeing so called censorship everywhere. It was a partial restore because that was what was easily extractable from the logs. If you want to do better, then restore everything yourself. It was clear this was not an ideologically driven edit. \_ I don't care whether it was ideologically driven, petty, or another kind of edit. Whenever it happens, surrounding context will get nuked. End of story. Don't edit other people's shit. \_ Yep, temper tantrum. \_ Hey little worm, do you understand this is not a matter of any "editing"...it's a matter of a best effort *restore*. You are punishing the wrong person. It probably isn't worth my time to catch you doing this, but let's not beat around the bush and pretend there is some principle in what you are doing. \_ No, *this* is the temper tantrum. \_ No, this is aggrivation. \_ And this is bad spelling. \_ Shrug. Not my thread, not my posts. I just restored as a public service. Why don't you restore what I missed, if it means so much to you? Don't know how to run rcs, do you? \_ Nuking all discussion as a response to partial deletes is much more effective than restores. \_ great, now we have an effective way to get rid of trolls \_ Gee, and I thought you were just a child throwing a temper tantrum. \_ Nuking all discussion as a response to anything is stupid. Restoring the damaged thread to an undamaged state immediately and without comment is the best way to fight childish partial deletes and the typical not-at-all-funny edits on the motd. \_ Not all discussion, just the thread in question. The reasoning goes like this: any edit (except accidental ones) whether ideological, joke, etc entails a lack of respect for what the (edited) person had to say. Why should that person be singled out for said lack of respect? Let's apply it uniformly. The environment we are shooting for is "edit someone's post -> no one gets to have any more fun." \_ You need to make a distinction between ideological edits and partial restores because a thread was "damaged" ... partial edits, then added to, then partial restores etc ... which someone tries to unideologically restore the bulk of rather than leaving it truncated. \_ I appreciate the attempt at public service, but frankly, if you are just restoring a truncated version then don't bother. It has the same effect as just leaving partial edits be. I am not going to let partial edits be. |
2004/7/30 [Computer/SW/Security] UID:32582 Activity:moderate |
7/30 What's with the slew of security updates from Gentoo/Red Hat/ Mandrake recently? -John \_ The terror alert was raised to orange. \_ the fat hackers decided to focus their energy on linux? \_ M$-sponsered hackers. \_ Linux security sucks because the many-eyes concept is a failure? \_ Linux security sucks? |
2004/7/29 [Computer/SW/Security, Computer/SW/OS/Windows] UID:32562 Activity:high |
7/29 If I use my own personal notebook at a company, airport, etc. or at someone's house going through their networks, how easy/hard/cheap/expensive for someone to monitor and capture my passwords, URLs, IM messages, etc. if these are not encrypted nor going through HTTPS and/or SSL? I have both Winblows 2000 and XP. I am just wondering if it's possible for them to have some specialized routers and such that can sniff my network traffic. \_ if you don't encrypt end-to-end, it's completely trivial for anyone in antenna range, or the antenna owner, to capture all your traffic. -tom \_ To that add 'anyone with accesss to an intermediate network'. \_ Trivial? How would I do that? \_ Google 'promiscuous mode' and 'packet sniffing'. \_ Pi - ka - chuuu!!!1! \_ Tamagotchi. Doraemon. |
2004/7/27 [Computer/SW/Security] UID:32500 Activity:very high |
7/27 Is there any freewares out that that I can use to recover my locked Word Excel, and Outlook files? I have not opened them for about 2 years and can only remember some, but not all of the them. I have found some that costs about $40-$70 but are not good enough. There's one that cost $150+ that told it located my password, but would not show it to me since I have not registered for it yet. Better yet, is there some simple sample programs that I can programmatically try to open the files? I can write a simple brute-force program to do it. I am in no hurry to recover my passwords. \_ If you had used PGP, you wouldn't have to worry about this now. \_ explain \_ If the files were PGP-encrypted and you lost your key, there'd be no point in worrying about getting your data back because you wouldn't. It's a bit like locking up a bike with a toy lock. If you lose the key it's not too hard to break the lock, but if someone else wanted to steal your bike, the lock would be pretty useless. \_ Try Apache POI. It's Java API that can open Word and Excel files. Their website also has links to other competing packages. Also, if you want to use the API interactively, consider using it through Jython. -jeffwong \_ http://www.elcomsoft.com/prs.html |
2004/7/17-18 [Computer/SW/Security, Recreation/Humor, Computer/SW/Unix] UID:32331 Activity:high |
7/16 The new official North Korean webpage! Get your free email account! Would someone mind making a csua account we all can use to read it? http://www.kcckp.net/external_e \_ bah! if you like dictators with web pages, check out this one: Qadhafi's official homepage. http://www.qadhafi.org \_ I don't find NK very funny. -- ilyas \_ You don't find anything very funny. \_ These days it seems every anonymous motd macaque knows more about me than I do myself. -- ilyas \_ I think you're funny. \_ Oh, I think ilyas is funny. I just don't think ilyas finds anything funny. I think that's part of what makes him funny. \_ Login/Pass: phillip/philspell enjoy. -John \_ Thanks! I heartily recommend Politics->Leader->KJ IL->Anecdotes \_ Goddamn! It's as if Francis Fukuyama lost a third of his brain and kept on writing! |
2004/7/16-18 [Computer/SW/Security] UID:32324 Activity:moderate |
7/16 Is there anyway to tell what service USED to have open a given port? the port was open 15 minutes ago but not now, so i can't use lsof to look and see. \_ if you had ippl running and logging this information, or some other process accounting/logging \_ I think ippl only tells you what ports are being connected to and what the /etc/services entry for that port is, not what process is actually listening there. \_ oops, yes you are right. I misremembered. |
2004/7/13-14 [Computer/SW/Apps, Computer/SW/Security] UID:32257 Activity:high |
7/12 I have a pdf file that is somehow corrupted. I want to recover its first page. What tool can do that? This is an image only pdf. \_ try opening it with illustrator. I've seen that work. \_ Elcomsoft has a cool toy for breaking pdf security and saving the result as another file. Maybe it can read it. -John |
2004/7/12 [Computer/SW/Security, Politics/Domestic/911] UID:32227 Activity:moderate |
7/11 LIVE IN FEAR PESANTS! http://www.chron.com/cs/CDA/ssistory.mpl/editorial/outlook/2660471 \_ Do you mean 'peasants'? \_ Ok so you won't mind if we profile Muslims and kick out all of the illegals? Which is it? \_ Your reply makes no sense to me, but I'm sure it's exactly what the TSA folks think too. \_ The fact that they talked to him seemed reasonable, but I think any sane police agency would have quickly said, "ok, no big deal" pretty damn fast. Although I think the person who reported him is a moron, I do understand the "we have to follow up" reponse. I don't understand the "we have to look tough and try to scare him" response. \_ I don't think your version would make a very good newspaper story. \_ It's just the way cops are. You never met a cop before? This idiot writes like he's never met one either. But really, the above is correct. The guy had a deadline for X column inches so he wrote some crap. Since nothing happened and you can't check his story, who says it even happened at all? The URL and the original 'story' and I do mean 'story' are trolls. \_ He's not an idiot; this is unacceptable behavior by stupid and officious thugs in uniform. I was approached by a little toad bitch in St. Louis (after they'd lost my luggage) who asked me if I were visiting on business or pleasure--I replied "pleasure", at which point she started snapping at me "then why are you wearing business clothes?!?" (Khakis and a shirt.) These are the menial and uneducated, placed in uniform with a mandate to intimidate. See comment about paying what you get for in the camera discussion below. -John \_ America: land of the free, home of the brave. |
2004/7/5-6 [Computer/SW/Security, Computer/SW/OS/FreeBSD] UID:31168 Activity:nil |
05/07 A while ago I was having a lot of trouble getting Postfix to use SASL2 auth for sending mail on FreeBSD. This link (including the errata at the bottom!) shows how to do it painlessly: http://ezine.daemonnews.org/200306/postfix-sasl.html -John |
2004/7/2 [Computer/SW/Security, Politics/Domestic/SocialSecurity] UID:31147 Activity:nil 66%like:31139 |
7/2 With Social Security everybody wins! http://www.ssa.gov/kids/kids.htm \_ I am a Grasshopper. When I saw my friends relaxing, I said that we had to store our money away for the winter. Sure none of it will go to _our_ retirement because the system will go bankrupt, but at least that's money that won't go into a 401(k), ensuring a solvent retirement for our generation! |
2004/7/2 [Computer/SW/Security, Politics/Domestic/SocialSecurity] UID:31139 Activity:nil 66%like:31147 |
7/2 With Social Security everybody wins! http://www.ssa.gov/kids/kids.htm |
2004/6/30-7/1 [Computer/SW/Languages/Misc, Computer/SW/Security] UID:31095 Activity:low |
6/30 I have a ps file probably made from a (la)tex source but I do not have access to the source. ps2pdf renders it but only with totally ugly result - the fonts look like scaled up bitmaps. How do I make it look normal? \_ Try a more recent version of ghostscript. |
2004/6/25-26 [Computer/SW/Security, Computer/SW/OS/Windows, Computer/SW/OS/OsX] UID:31009 Activity:high |
6/24 Yay, IE6 vulnerability that affects fully patched systems, that allows local machine access (downloading and running any .exe) on previewing an e-mail or browsing a web site (including pop-up)! System administrators rejoice! http://csua.org/u/7xe \_ IE on mac os x not affected, supposedly. :-) \_ The payload is a Windows executable, but I wonder if the same IE hole doesn't exist on Macs too... \_ It's probably not as easy to execute arbitrary due to diff. in underlying API. Also the mac division of MS is complete separate and semi-autonomous/forgotten from the rest. \_ But the report I read from the "Get the Facts" Roadshow said that Microsoft is the fastest at fixing security holes! \_ That's because their security holes are all the same. They just keep on making the same mistakes over and over again. Besides, how hard is it to fix a buffer overrun hole? \_ Infect yourself! (with a "harmless" one) http://62.131.86.111/security/idiots/repro/installer.htm It overwrites C:\Program Files\Windows Media Player\wmplayer.exe and runs the new one, then restores it when it's done. \_ Gee, this sounds like GREAT advice. \_ Has no visible effect on safari. \_ sploit only affects IE, and probably only on Windows. |
2004/6/23 [Computer/SW/Security] UID:30965 Activity:kinda low |
6/23 Does anyone SSH via scotch.csua, port 80? I am seeing a lot of lag via scotch versus SSH directly to csua. I want to confirm this before emailing root. \_ network lag is more widespread on scotch then just ssh tunneling. looking into it - erikk |
2004/6/22 [Transportation/Car, Computer/SW/Security] UID:30948 Activity:high |
6/22 Does anyone here know anything about San Francisco Mercedes-Benz, specifically their service department? I've heard really bad things about the service guys at SFBMW, so I'm wondering if I should take my car to a dealer in another town. \_ You heard bad things so obviously you should take your car there! \_ No no. I heard bad things about SF BMW - really bad things from someone that worked at their service department, stuff involving forged service documentation etc... SF M-B might be wonderful but it got me thinking, so I thought I'd ask... \_ What do the two have in common other than being in SF?! \_ Nothing. He's just stoned or something. |
2004/6/22 [Computer/SW/Security, Computer/SW/Unix] UID:30947 Activity:nil |
6/22 What's gmail's tech support email? I cannot log in for more than 16 hours now, this is unacceptable. Thanks. Server Error: The server encountered a temporary error and could not complete your request. Please try again in 30 seconds. \_ erase all google-related cookies. purge cache. retry. worked for me. \_ and if that fails: http://gmail.google.com/support/bin/request.py \_ I tried erasing all cookies/cache, and still happens on both mozilla/ie. I can't even visit the support page, because it requires a login, and I can't login. Shit. any ideas? \_ was this just after creating an account? try the above steps again, but also change your password (with the Forgot Your Password? link). i couldn't log in either all yesterday until i did this. \_ yes. that's very unacceptable for a service still in beta. \_ Fine, don't accept it. Go back to Hotmail. |
2004/6/18 [Computer/SW/Security, Computer/SW/Unix] UID:30882 Activity:high |
6/18 Is anybody else not able to log into their office account? My password is rejected. \_ It looks like ypserv crashed on scotch; I've restarted it. Could you please try logging in again? --mconst \_ It seems to be working now. Thanks mconst! \_ REQUEST DENIED. |
2004/6/11 [Computer/HW/CPU, Computer/SW/Security] UID:30750 Activity:high |
6/11 I want to give my compile really high priority, in hopes of getting it to compile a little faster, so I ran : nice -20 make but all i got was the error: setpriority: Permission denied. help? \_ Only root can set a priority higher than default. \_ only root can raise priority, dude. \_ Dang. I need to get root on this box (my work box). There's all kinds of stuff that needs fixin' \_ If you have a dual-cpu or a P4 with HT you can try spawning more compile threads. \_ what else are you running on the box that would lead you to think that renicing will have an impact? \_ Actually the problem is I'm running Enterprise Linux 3 (Kernel 2.4), in which the VM sucks. Either way, I'm running a dual processor Xeon, but only about 2% of the processor time is being used. I thought I'd take a shot at raising priority, just because I knew I couldn't fix the problem without root access. (My sysadmin hasn't helped.) \_ if you're not CPU bound, nice won't change anything. \_ Let me guess, you have a big fat shitty 5400 rpm Maxtor? Probably sharing the IDE bus. \_ Sorry, it's a 15000 RPM Seagate Cheetah on Ultra SCSI. The probelm really is Linux. |
2004/6/9-10 [Computer/SW/Security] UID:30708 Activity:kinda low |
6/9 pgp/gpg: I'm trying to verify the authenticity of an iso file. I've read the gpg man page and HOWTO, and I still don't understand what is the right way to do this. Shouldn't it take 2 commands? Here are the three filenames: DC0FCB63.asc dban-1.0.3_i386.iso dban-1.0.3_i386.iso.asc What's the correct incantation? \_ wow it's sad that this software is so arcane to use. \_ Is this correct? -op gpg --import DC0FCB63.asc gpg --verify dban-1.0.3_i386.iso.asc |
2004/6/9-10 [Computer/SW/Security] UID:30707 Activity:high |
6/9 Microsoft Security Summit at Moscone Center on June 22. Has anyone here actually been to one of these? Are they worth going to? http://csua.org/u/7o6 \_ Pretty much they say, "We're secure, just patch and reboot a lot, those smelly hippies wore the same sock yesterday so who wants to use their icky software?" |
2004/6/7 [Computer/SW/Security] UID:30642 Activity:nil |
6/5 I can't reach some sites from my company, including sameer's anonymizer. What are some good anonymizing sites I can use? Thanks. \_ I recommend setting up nph-proxy or something similar on your home machine. For added yuks, run it over OpenSSL and password protect it. -John |
2004/6/6-7 [Computer/SW/Security, Computer/SW/Unix] UID:30639 Activity:moderate |
6/5 I have no idea what changed, I may have accidently changed some option I can no longer find, or my friend's 2 year old may have hit some obscure key combo, but Now WinXP now logs me out every time the screen saver goes off. I only have 1 account on this machine, and there's no password. This is the epitome of a stupid, useless extersize. Anyone know how to turn it off? \_ Right-click the desktop | Properties | Screen Saver | Password Protected. \_ Turn off the screen saver. \_ I don't think you get logged off, but you are probably screen locked. The idle-logoff feature is a separate utility you have to install. \_ is it a normal screen saver? The resource kit comes with a screen saver that logs you out automatically... \_ the log-off screen saver on the resource kit is a separate purchase. So I don't think he as the resource kit with his winXP. |
2004/6/6-7 [Computer/SW/Security] UID:30636 Activity:very high |
6/5 I got an unauthorized charge of $9.99 on my credit card from Privacy Guard. To my surprised the company does credit check for that exact same amount. Can someone tell me what's going on? Is my identity being stolen? \_ I think it's more likely you unwittingly signed up for some stupid service when you made some online purchase. \_ a response to my own post. Basically Chase called me in January and asked me if I wanted this service for free for 2 months. I said ok, but they never sent me any info on how to log in or use the service. Now that I got charged, they're telling me how I could log on and use the service. \_ Let us know if you manage to get them to reverse the charge. \_ they're not obligated to. technically, op agreed to it. failing to cancel is how they make money. \_ Yes, true, and yet, in the interests of good customer service, a lot of companies will reverse the charges if you object to them. I've had success with PacBell and Blockbuster over implicit consent agreements. |
2004/6/4 [Computer/SW/Security] UID:30592 Activity:nil |
6/4 MacOS X Screensaver Passwd lock security issue: Vulnerability: http://tinyurl.com/2ghmz (macosxhints.com) Workaround: http://tinyurl.com/2muab (macosxhints.com) |
2004/6/3-4 [Computer/SW/Security] UID:30585 Activity:high |
6/3 What kind of encryption scheme is used in the German Enigma Machine? Is it symmetrical encryption? Why was it so hard to crack in the 40s? \_ I believe it was a poly-alphabetic cypher that changed on each letter (therefore, yes it was symmetric). So, the first letter in a mesage would use one cypher, the next would use another. The standard machine used 3 wheels, so the opertator would set the 3 wheels to that day's setting, and type in either the message or the cypher-text. Each would produce the other. This kind of message is easy to break with a computer, and lots of example messages, but I wouldn't want to work it out on a sheet of paper. Of course the setting changed (daily?) frequently, and when the settings changed, you got almost a whole new encryption problem. There are LOTS of pages on this, and example java applets. Google. \_ And if you like novelisations, Neal Stephenson's _Cryptonomicon_ and Robert Harris' _Enigma_ cover both the math and the history quite nicely. \_ Actually, the German field soldiers tended to set them (there were more wheels later on) to swear words, so there was actually a decent message depth. -chialea \_ They had plenty of sample messages when nearly every unit that had one all sent happy birthday messages to hitler. \_ interesting weakness- the rotors were hard-wired- so for a given position the mapping of one letter was reversible. Say the code key was XXX and you typed A and got a Z... if you had typed a Z you would also get a A. For the rotors in that position. Ask chialea for how useful that actually would be. -brain \_ Applet http://www.ugrad.cs.jhu.edu/~russell/classes/enigma |
2004/5/31 [Computer/SW/Security] UID:30504 Activity:high |
5/31 Is there a way in Windows XP to make particular files or directories password protected. This would be so that someone could you the administrator account, but not be able to access particular directories without reentering the password. \_ http://www.google.com/search?q=password+protected+folders+windows \_ EFS or pgpdisk. EFS key mgt. is ass, pgpdisk costs money. -John \_ any tips on using EFS and managing keys well for it? Can you just put your key in lots of places (and depend on the password), e.g. on your webservers, to not lose it? Not as secure, true, but I'm mostly interested in a casual thief stealing my laptop and getting my financial records. (anyone who really wants them has probably already broken into them anyway...) -!op \_ http://www.cypherix.com/index.htm I have never used it, but it claims to be free. Let me know if it works. |
2004/5/29 [Computer/SW/Security] UID:30491 Activity:high |
5/30 Does X packet forwarding forward sound data? \_ It's 5/29 you idiot!! \_ Yell at the previous poster, dude. He started it. \_ Rule 1 in local politics: Blame your own stupidity on others'. \_ W00t! I'm a trendsetter! -5/30 \_ Soon, soon it will be!! \_ No. \_ If you mean X forwarding over SSH, it is not specifically X but any TCP stream can be forwarded over SSH. With tunnels-over-ssh you can do general network traffic over SSH too. If you can get yoru sound data over a TCP socket forwarding it over SSH is not too difficult to accompilsh. -- someone who routinely uses SSH forwarding to tunnel ssh connections back through work firewall. \_ Thanks. --op. \_ I didn't think sound support was built into X. \_ It isn't; there are number of sound servers, most of which have network support though: esd (enlightenment sound daemon), artsd (dunno what it stands for; it's the KDE one), and nas (network audio server or something; the oldest one) |
2004/5/26-27 [Computer/SW/Security, Computer/SW/Unix] UID:30440 Activity:very high |
5/26 Just curious... Are people supposed to be running their own drug store off soda's website? I assume it's commercial. \_ definitely a violation of soda and university policy. -tom \_ Only if they're offering discount v1agkra \_ No. Mail root with the location and it will be taken care of. \_ URL please? Just curious. \_ ~chrchan/public_html last I saw it. I saw the raw files, but did not point a browser at it. Not my call. I don't have root, access to read logs, etc. "Someone" should politely ask him about it in case it is just for practice or for somewhere else. \_ What made you think he was running a drug store instead of just trying out some ecommerce code? And how the hell did you stumble across this? Were you really bored enough to just be randomly searching soda? \_ I said I didn't check it in detail, duh. That he might just be testing something, duh. That a polite query was in order IMHO and nothing more at this point, duh. You, duh. Duh. \_ No, that is not yellowcake in his directory. \_ I think it's a false alarm. Most of the code isn't even world readable. |
2004/5/22-23 [Computer/SW/Security] UID:30361 Activity:high |
5/22 Is Yahoo IM authentication at least somewhat secure? i.e., does it send out the password in clear text or simple hash? What about MSN IM? Google didn't help. \_ It's been a long time but I used to share a hub with a coworker. One day I fired up a network sniffer for a work thing and was able to see all her IMs in clear text. This was frightfully boring so I moved her to her own connection. \_ i know for sure that msn uses a simple hash scheme... they send a random challenge string, you append the challenge to your password, run md5 on (password+challenge), and send the digest back to the server. i don't remember what yahoo does, but i vaguely remember it was some kind of hashing scheme. |
2004/5/19 [Computer/SW/Security] UID:30302 Activity:nil |
5/19 Is it true there haven't been any successful suicide bombers in Israel since the building of the security barrier? \_ A very small number. The fence isn't finished yet. The fence is also not going to reduce the number to zero either. Just reduce the murder rate to something the EU and UN can continue ignoring. \_ IMO the israelis should fence off another square km of 'buffer space' territory for every bomber that gets through. If the Palestinians send enough bombers through to get themselves pushed into the mediterranean, its their problem. \_ Where can I get info for this? \_ There was at least one bombing at a seaport about 2-3 months ago. There have been a few random rockets/shell fired semi- randomly into Israeli civilian areas. The 14 year old was caught wearing a bomb at a check point. Maybe a few others I've forgotten. \_ I asked about SUCCESSFUL suicide bombers. I know there was at least one successful conventinal attack, some dude stopped a lady and her 4 kinds on the road and shot them all. \_ pft. Google. I gave you the basic story lines. |
2004/5/18 [Computer/SW/Security, Computer/SW/Unix] UID:30279 Activity:nil |
5/18 is tere a generic csua account to view contracostatimes articles? \_ I think we should make this list of username/passwd a public file that everyone could edit (like motd). It can't all be csuamotd/csuamotd because each site as different password rules. \_ csuamotd/csuamotd doesn't work? \_ it wanted an email. i went ahead and created csuamotd@example.com / csuamotd |
2004/5/18 [Computer/SW/Security, Computer/SW/Compilers] UID:30276 Activity:nil |
5/18 http://anitaborg.org/events/careers_in_cs.htm Women in Computer Science, sponsored by Google. |
2004/5/14 [Computer/SW/Security, Politics/Foreign/MiddleEast/Israel] UID:30229 Activity:high |
5/14 Strong case for Freeper complicity in Berg's death. I had to grab it out of Google's cache, because of course, it has been "Freeped" off the air: http://csua.org/u/7bk \_ freepers turned me into a newt!! \_ Not a very strong case really. Tin foil hat territory actually. Let's list the irregularities about Nick Berg: 1) A Jew in Iraq, without any personal security (not exactly the safest thing in the world--but it appears he was motivated to help the reconstruction, and I respect his resolve for that). 2) Had a Koran in Arabic and anti-semitic literature with him. 3) Had an Israel stamp on his passport, and then stamps from other countries that typically don't allow people in if they've been through Israel. 4) Zaccarias Moussaoui used his email in 2002. In Oklahoma. 5) He refused help from the US government to get home. That doesn't add up to a conspiracy, but it does mean that it's not a surprise that he was picked up by Iraqi police, and was interviewed by the FBI. It also suggests he might have been a prize for Al Qaeda. \_ is there anything weird about the death video? like i read some stuff about how it looks edited or whatever. i haven't seen it. \_ ...and without missing a beat, we're right back in tinfoil hat land. nice. |
2004/5/6-7 [Computer/SW/Unix, Computer/SW/Security] UID:30070 Activity:high |
5/6 Let the good times roll!: http://csua.org/u/77k \_ Instead of me just purging your link, how about you give it a brief description so we know if there's a reason to check it and if it is work safe or not? Then it might have reason to live. \_ Its something about the current oil prices, an opinion piece from an investment website. I suspect PeakOil guy posted it. -- !op \_ Oil has Peaked! Jesus is coming! Look busy! |
2004/5/4 [Computer/SW/Security, Computer/SW/OS/Windows] UID:29996 Activity:high |
5/4 Anyone know of a way to send SMS message to mobile phone in China for free, ie, via the web? thx. \_ Find the service provider of the person you're trying to SMS. Then go do a web search for web-based and e-mail SMS gateways for that provider. |
2004/5/4 [Academia/Berkeley/CSUA, Computer/SW/Security, Computer/SW/Unix] UID:29995 Activity:very high |
5/4 /csua/tmp has about 2.8 GB used in publicly readable directories. About 2.3 GB is random stuff from individual users. The top 20 files in /csua/tmp are a total of 800MB and the most recent is 3 months old. Please clean out your old files. --anonymous but trying to be polite \_ fyi, /csua/tmp/hozers has a list of directories sorted by size \_ Wow, I had no idea we had so much world readable crap on soda! \_ If you have any cool files in /csua/tmp please post the filename and a brief description here. \_ If you don't, root will delete your files in 24 hours. (Ok, not really, but I wish root would. :P ) * Sims.mpg are virtual creatures evolved to moved around in different environs (water, on land, etc.) \_ crabvspipe1.mpg is an unlucky crab which gets sucked through a tiny hole in a pipe due to a huge pressure difference. \_ moab_munifest.avi is some dumb bicycling thing. \_ clearly you didn't watch it. -tom \_ Wait for it...Wait for it...RIIIIIIIIIIIII- \_ DELETE FILE! \_ Don't you mean BALEEATED?! \_ theplay_long.ram is the highest quality clip I've seen. (thanks tom!) \_ any good porn? -hornyguy \_ Heavens I hope not. The CSUA has had enough pornishment. \_ tranthra.avi-- dorm+hooker porn. Not good porn. \_ So when is William "Hung" going to film one of these? \_ Ok root, I don't think anyone can argue if you delete that. (Not to mention it's a year old) \_ It's a classic! \_ is this a ucb dude? \_ yes. it takes place in the units. \_ Is this the one where some kid take a hooker with flat breasts into his dorm room while his computer camera on and they have some kind of argument about why the computer needs to be on? \_ Does that mean there's no actual sex in it? \_ There's sex. It's just not well-filmed or erotic. \_ It's a hilarious video. Not erotic but definitely humorous. |
2004/5/2 [Computer/SW/Editors, Computer/SW/Security, Computer/SW/Unix] UID:29944 Activity:very high |
5/1 waner, cut the binary shit out. \_ waner is smushing the motd with binaries? waner the good stalker christian? no way! \_ what binary was he using? I ran strings on it the first time but I couldn't really see. \_ how did you figure it out? -waner \_ I propose waner's account be suspended. \_ second that. tell us how did you figure this out. by knowing who did the last motd destruction/censoring, may be we could stop motd censoring altogether. \_ If you squish tom you'll end most motd censorship. \_ Maybe keep one window tracking changes, and another tracking people's idle or last login. This would only work for hosings in the middle of the night. \_ there is no middle of the night. people post from all time zones. \_ Some time zones are more active than others. There is a middle of the night for a machine where most of the users are in California. \_ I'm going to measure activity as a function of time over a few 24 hour periods and see if you're right. i'll get back to you on this. \_ I haven't measured it scientifically but I know motd activity is primarily M-F/8-6. I'd like to see what you measure and what the numbers look like when you're done. \_ i log fstat and diff on motd.public. it's usually not hard to figure out who's modifying the file with what, particularly if the person does it repeatedly. \_ except that some (many?) editors don't keep a file open while they're editing. so the window during which they have the file open (i.e., reading or writing) is rather small. \_ he's a stalker too? do tell. \_ There was a world-readable text file in his home directory which in obsessive detail chronicled his every interaction with this particular girl over the past year or two. Someone posted the filename to the motd. Then everyone was creeped out, then waner made the file non-readable. \_ It was a great file. I've never had such a deep look into the mind of a psychotic/stalker before. Did anyone figure out who the girl is and warn her? \_ maybe if anyone knows felicia, presumably ex-cal student, religious, looks like the righthand chick in http://tinyurl.com/yubsf |
2004/4/29-5/1 [Computer/SW/Security] UID:13480 Activity:nil |
4/29 FYI, Microsoft does support publishing using iCalendar. http://freebusy.office.microsoft.com/freebusy/freebusy.dll |
2004/4/28-29 [Computer/SW/Security] UID:13441 Activity:very high Edit_by:auto |
4/28 What happened to the INSPEC database? Where can I do a periodical search nowadays? \_ nothing happened to it. you may be confused about what it is. it's a pay-for-use database that has no affiliation with the University, but which almost all universities pay to use. That means that from an ip address on the campus of any major university there's generally some easy way to access it, often via web, but that off campus you generally have to pay. I think it's possible to use your csua account to get access, but I've never bothered. \_ I forgot to say that I meant melvyl's access to INSPEC. Now it's gone, as is CC (current content). Actually it seems all auxillary databases are removed from melvyl now. \_ Transfer to a less cheap ass school. \_ You know, it's *possible* that someone might actually *not* go to school for their whole life, but still want to look up journal articles. It's also possible that someone goes to a school with access via their library computers, but wants access at home. |
2004/4/27 [Computer/SW/Security, Computer/SW/Unix] UID:13397 Activity:nil |
4/26 I want to find out weathers of the bay area in the past few days. Is there a website that keep recorded temperatures? \_ http://tinyurl.com/23jol (http://www.wrh.noaa.gov Click on the links on the right. \_ http://www.wunderground.com has a DIY version of the above. |
2004/4/23 [Computer/SW/Security] UID:13348 Activity:nil |
4/23 Any good Free SSH server for WinXP? \_ the only servers i'm aware of for windows are openssh under cygwin, and http://ssh.com's windows ssh server (which might have a non-comm version, but i doubt it). \_ http://sshwindows.sourceforge.net |
2004/4/20 [Computer/SW/Security] UID:13284 Activity:nil |
4/20 BBC: 70% of computer users would trade password for chocolate bar. http://news.bbc.co.uk/1/hi/technology/3639679.stm \_ That is, 70% of computer users would make up a random word for a chocolate bar. \_ *snicker* \_ No. Snickers. \_ eat bar, change password. \_ wrong order. get bar, change password, eat bar. \_ (get bar - assume) , change password first could risk loosing the bar when they cant login \_ correct, trick is to eat the bar fast enuf to be able to change password before they try to login \_ converted into an interview question: you're fired! |
2004/4/13 [Computer/SW/Security] UID:13178 Activity:nil |
4/13 I found the ucla stud guy! He's here: http://www.asian-man.com and he lives in Westwood \_ he seems a little too hairy to be an asian guy. \_ I've seen hairier asian guys. |
2004/4/12 [Computer/SW/Mail, Computer/SW/Security] UID:13138 Activity:high |
4/11 anyway- things here have quiting down a little, A LOT of people took off, fucking whimps, fluor might end up loking like the bad asses out here since we are sticking it out, hell even our client took off and just screwed everyone doing so, so while the fluor group is just kicking ass and taking names, the guys we work for (who are responsible for proviing power), just took off. The damn military is taking over the power situation which in a lot of sears really saves our ass from some maintance and warrantee situations. we are all still .... old message.. the fucking intenet here goes down like all the time. hey maybe it is up again, work here has gotten really boring as of late, I use to be able to walk around the site and check out all teh action, as the controls guy that is my job- to know exactly what is going on everywhere and make sure I can report up to upper guys what the status is plus the game plan and time requirements for the future plus any snaggs in the way, I never had a car here and the job site is like a mile away but it was no big deal since I would just walk or hitch a ride, but NOW it is like impossible, since everyone is required to have their flack vest aand helmut walking out there is made quite difficult, everyone just keeps theres in the car, so ya I guess I could hitch a ride but i would be tied to that guy for the whole time which restricts his activities, of course 3 of the guys now have NOTHING to do since their sub contractors walke out of here today. but still boss hasn't asigned a car to me. plus our mess hall is closed and now we have to use the miltiary DFAC for food, of course that means I have to hitch a ride with someone,god damn this place is filled with flys, anyway using the DFAC is ok but due to the shear number of troops on this base it is just so damn crowded you wouldn't believe it- this base is lieterally bursting at the seems opps there goes the net again, i'll tell you getting p3 installed on my computer is a god send (is that the right phrase- god send?) anyway hoefully I can use that to parlay into a decent paying job, it really sucks never have access to the cool software which allows people to do there jobs, its like you really need to hook up with the right company which will prpvide you the training ) and see that is the whole key or I should say problem- even though as of 2 weeks ago I had never touched p3, I would consider myself an expert- I understanf all the theory behond scheduling- just not the actual commands and where they are on the software product, people use train to train people on business fucntions while at the same time training them on software intricacies, that is BS the 2 are totally seperate, I understand all the thoery just need to know where to find ceertain functions, of course that is just because most people are just stupid.. that is really weird, I mean when i grew up it wasn't like I was that much smarter than everyone else, but know from my experience working I can walk cicles around these guys have you noticed that as well.. anyway this delay is really bugging me again more later mor bomds are hitting later - kinney |
2004/4/6-7 [Computer, Computer/SW/Security] UID:13039 Activity:nil |
4/6 I just conducted a minor transaction with a cool guy who recently started his own business. He's got a web page, but virtually no Google presence. Can I buy adwords for his site if I don't run it? Are there other means I can help him out in this area? \_ what business? \_ machine shop; he rethreaded a bolt hole on my intake manifold. His main business is removing broken off pieces of bolts and screws, which is specific enough that he gets nationwide business (hence the google thing seems helpful). http://www.extractit.com \_ that's awsome! too bad he doesn't list rates at all on the site, though. it would be nice to have a ballpark idea of what he charges before calling. \_ I paid him $20 for the thread insert and cleaning up the other hole; he also polished the mating surface. It's a lot more to have him do it on the actual car, of course; I removed this part. \_ Do you have a well-known web presence? Consider putting a mention on your web page or blog. Better yet, if you're a well known blogger, get your friends to link to your entry. \_ A well known blog? Only among the small group of other 'bloggers' in the 'bloggosphere'. \_ That's blogosphere. And the blog echo chamber is very good at pushing up google rankings. |
2004/4/5-6 [Computer/SW/Security, Computer/SW/Unix] UID:13025 Activity:moderate |
4/5 What's going on with http://scotch.csua.berkeley.edu? (our faithful port 23 SSH proxy...) As a test... <4> telnet http://scotch.csua.berkeley.edu Trying... Connected to http://scotch.csua.berkeley.edu. Escape character is '^]'. 128.32.112.230: connect: Connection refusedLocal flow control off Connection closed by foreign host. \_ send this shit to root not the motd. \_ Calm down. You act like this is the first time someone has posted a problem involving soda on \_ He probably just wanted faster abuse^H^H^H^H^Hservice. the motd. \_ im calm. yes, its not the first time. and like every other time he needs to send his shit to the right people. the motd. \_ He probably just wanted faster abuse^H^H^H^H^Hservice. |
2004/4/2 [Computer/SW/Security] UID:12984 Activity:nil |
4/2 "leading software companies' including Microsoft and Computer Associates and industry organisations such as the BSA, has asked the Department of Homeland Security to regulate what they call 'Cyber Security'" What will be the impact of this? http://www.forbes.com/business/newswire/2004/04/01/rtr1320997.html \_ I'm guessing they want to shut down the people announcing all the donkey sized security holes in their products so they stop looking so stupid. |
2004/3/31-4/1 [Computer/SW/Security] UID:12954 Activity:moderate |
3/31 I want a second line for fax but alas my studio apt. does not seem to have the inside wall wiring. Is there a way to get virtual fax or fax mailbox, where I can download incoming fax to my computer? \_ ok I googled and found some service, but would appreciate comments from users of these kind of service. \_ support your fellow Cal alumni's company: http://www.packetel.com \_ funny I was trying to sign up with it without knowing its cal connection, but alas it has run out of # in 650 area code. Any other suggestion? Or they are willing to give an alumni a reserve number? \_ Bummer, I just ordered more #s, they will come in couple of days...too many orders these days. Can you wait a couple of days or just get a different area code? \_ Is it really just a couple (like 2) of days? Or can I change to a 650 # later. \_ http://www.efax.com \_ they charge $.10 per outgoing fax. Anyone know of a service that charges something like $25/mo that will let me send ~3000 fax/mo. the local chamber of commerce asked me if i knew of any solution. or... i can have them buy something like Symantec WinFax. any recommendations? |
2004/3/30-4/1 [Computer/SW/Security, Computer/SW/OS/Windows] UID:12932 Activity:nil |
3/30 My spankin' new Windows 2003 Server doesn't come with the wonderful "NT LM Security Support Provider" service, which is required by the Message Queueing service, which I need. How do I install that service? I don't see it anywhere under "Add or Remove Windows Components". Thanks. \_ Get yourself a real server OS. \_ Call Microsoft. You paid for support. \_ ditto above. don't expect community-style support when you use Microsoft product. It's a cultural thing. \_ USE LINUX! RIDE BIKE! \_ I don't know how this originated but this is the stupidest thing posted on the motd. Even if it was funny at one point, the same joke told 50 million times gets old. \_ ENJOY JOKE! \_ It's there for a reason. It has a purpose. \_ Whatever, Morpheus. \_ dont listen to these twinks, microsoft website has newsgroups found your answer in 10 seconds, but you must learn to google \_ Here's a nickel kid, get yourself a real computer. |
2004/3/28-29 [Computer/SW/Security] UID:12892 Activity:nil |
3/27 What's the easiest way to temporarily disable SSH access on a per-user basis without changing the user's shell? \_ Add a DenyUsers line to sshd_config and restart sshd. \_ Perfect. Thanks! --op |
2004/3/26 [Computer/SW/Security] UID:12881 Activity:nil |
3/26 Is there a transformation to convert encrypted shadow passwords to MD5 hashes? I'm guessing the answer is no... \_ you need to decrypt the passwords then hash them. \_ I thought those shadowed passwords are one-way hashing, cant be decrypted. \_ first shadowed hashed, then encrypted it seems first decrypt, but hashed passwords mean nothing because hashing is one-way, you could only match strings at the end of two hashed passwords to see if they are equal. \_ If you want to switch to MD5 passwords, you can "enable" MD5 passwords, and then tell users to change their passwords. Both the new MD5 passwords and the old non-MD5 passwords will both work during the transition. In Debian add md5 to the line in /etc/pam.d/passwd. I don't know if that's what you are trying to do. |
2004/3/26-27 [Computer/SW/Security] UID:12875 Activity:nil |
3/26 I'm required to have a local phone line by SBC for DSL. I was looking at their web page to find the lowest monthly rate for local service (didn't there used to be a metered rate that was cheaper than flat?), but of course they're purely focused on selling you every bell and whistle, and don't even list basic services like that. Anyone know if this still exists? Also, does anyone remember the code to selectively *open* the caller id block? (onesuite.com has some cool services that would be nice to use occasionally, but their identifying you by phone # requires you to get through the caller id block...) \_ *82 to unblock. BTW, does onesuite really have no monthly fee, or other kind of hideous hidden charges? Is it a good deal whether you make 1, 100, or 0 call in a month? \_ Thanks! I've been testing for 3 weeks, with no problems/charges. zipdial and rapiddial are really cool - I can call the local access # from my cell or home phone, it automatically authenticates, and then just 2 digits + # to call my frequently called international numbers... Admittedly, their rates aren't as cheap as some of the calling cards, but the convenience is worth it to me. I've had good luck with HK and Malaysia, at least. - OP \_ I dumped flat rate local service for metered service last year. SBC charges $5.60 (or $5.80) per month (before tax). I get $3.00 of local calls without additional cost. Since most of my calls are not local or on cell phone, this is great for me. For comparison, flat rate is $11+/month. \_ thanks! How does $3.00 actually translate to call minutes, is it still reasonable for occasional? (with 1000 anytime minutes I'll be using cell phone more, but the home phone might still get used occasionally...). Toll-free numbers and incoming calls still work as they should, right? (sorry, paranoid when it comes to SBC :P ) \_ Minutes are charged differently depending on time of day and week, etc. Figure 5 cents/minute to be on the safe side. You can check your bill to adjust your habits. Toll-free calls are free. Incoming calls are free. |
2004/3/25-28 [Computer/SW/Security, Computer/SW/Unix] UID:12868 Activity:moderate |
3/25 as of today i can't get my imaps mail off of csua port 993. anyone else have this problem? \_ I have this problem not, with openssl as the connector. * OK [CAPABILITY IMAP4REV1 LOGIN-REFERRALS AUTH=PLAIN AUTH=LOGIN] http://soda.CSUA.Berkeley.EDU IMAP4rev1 2002.332 at Thu, 25 Mar 2004 19:23:26 -0800 (PST) 1 LOGIN <snip> 1 OK [CAPABILITY IMAP4REV1 IDLE NAMESPACE MAILBOX-REFERRALS BINARY SCAN SORT THREAD=REFERENCES THREAD=ORDEREDSUBJECT MULTIAPPEND] User <snip> authenticated ... 6 LOGOUT * BYE http://soda.csua.berkeley.edu IMAP4rev1 server terminating connection \_ use the source, luke! \_ I'm also having troubles connecting from Mail in MacOS X after Thursday morning. What changed? --jeffwong \_ I am using Mail.app as well. Didn't state it originally for fear of Mac vs. PC vs. Linux flames. -op |
2004/3/17-30 [Computer/SW/Security, Computer/SW/Unix] UID:12722 Activity:nil |
3/17 What are some URL condensing sites? there's tinyurl, http://csua.org, what else? \_ http://hugeurl.com \_ My favorite: http://makeashorterlink.com \_ I like http://snurl.com. It does some cool stuff with the clipboard so you just have to copy, visit the site, and paste the url. No need to fill out a web form or anything. |
2004/3/16-17 [Computer/SW/Security, Computer/SW/Unix] UID:12711 Activity:nil |
3/16 somebody tell rms that http://www.gnu.org is down. \_ you can login as rms/rms to fix it yourself. \_ Permission denied. \_ holy shit! you killed http://gnu.org!!!! \_ You bastards! |
2004/3/11 [Computer/SW/Languages/Misc, Computer/SW/Security] UID:29863 Activity:nil |
3/11 Truck carrying $1e6 in computers stolen: http://www.indystar.com/articles/6/128121-2046-127.html |
2004/3/9-10 [Computer/SW/OS/Linux, Computer/SW/Languages/Perl, Computer/SW/Security] UID:12588 Activity:nil |
3/8 Where can I find the definitions of the 3 timestamps associated with a file on a linux system: "Access Modify Change" \_ On most OS's that informaion is in the ls man page. Or do you need something more detailed? \_ Yes, I need to know the exact technical definition of "Changed" in this context. I'm trying to track down when/how my /usr/bin/perl file got changed from the debian "stable" version to the "testing" 5.8.2 version. Thanks. \_ is man 2 stat sufficient? \_ Yes siree. Perfect. Thank You! |
2004/3/6-7 [Computer/SW/Security, Computer/SW/SpamAssassin] UID:12550 Activity:kinda low |
3/5 This is fantastic. Free instant access no verification email account. See the page for details. http://www.mailinator.com/mailinator/Welcome.do \_ The first time a spammer runs a dictionary attack against them, they are toast. \_ Mmmm... pointless comment. \_ not my problem. it works right now. why would a spammer bother? everyone is a potential DOS victim on the net. \_ gee, why would a spammer bother to set up a bunch of free access no verification email accounts? I can't imagine... |
2004/3/4-5 [Computer/SW/Security] UID:12529 Activity:nil |
3/4 Anyone get fed up with an unrewarding high tech career and try changing to something completely different? How'd it go? \_ Friend quit a security job at Warburg in London to teach diving in Bali. His flight was to leave the morning that the bombs went off. I'm not doing anything totally different (I enjoy what I do too much) but got so sick of companies and politics that I went consulting. I have a good network, I like the people I work with, and aside from the occasional attack of nerves over finances, it's great. I think if you're intelligent, single and don't have many debts, the sky's pretty much the limit in whatever you do. -John \_ I'm a pilot flying turbo props in the midwest. i make peanuts now but will make more in 10 years. \_ What kind of tech career do you have that would prompt such a response? I mean, seriously, unless you are in a totally crappy work environment tech jobs are much much better than menial work. It certainly is better and more interesting than most marketing/sales jobs, and it certainly is much much better than menial jobs such as running a restaurant. I guess maybe you've never had it really tough or you don't actually have a passion for technology. -williamc \_ just the idea of getting away from people who are so fucking assanine that they think all non-tech jobs are "menial" is a great reason to consider getting out of tech. fortunetely as a non-software tech guy i don't have to work with fucktards like you on a daily basis. \_ Yur inglis skils ar probly te reson yu stil not geting menial job yu want so mush. \_ i'm doing great in the sanitation department. \_ ^sanitation^homeland security \_ I'm doing great in the homeland sanitation department - hate arabs \_ parents dropped out and started two candy companies, friend dropped out and started a cafe. Both are more work and more freedom. -brain \_ freedom is relative. there's a local guy running a burger joint who did the same thing. he works harder than i ever did and makes less. what freedom? he doesn't even have his own weekends. \_ I'm quitting my high-tech job to become a Professional Poker Player |
2004/3/4-5 [Computer/SW/Security] UID:12524 Activity:nil |
4/3 How ofter does soda change the root password? I'm asking because soda is like a big cheese, it's got a lot of holes and god know who (esp. the old guys) still has access to it. \_ what do you mean by the old guys? \_ he means the ancient sobs that were either given or stole the root password over the years. that's about 90% of the user base from pre-2001. \_ That's what I love about the motd--differentiated, informed opinions. -John the Old Sob |
2004/3/3 [Computer/SW/Security] UID:29848 Activity:nil 66%like:12490 |
3/2 Is it normal for a public library to restrict outgoing laptop access to port 80 and 443 only? All others "filtered". |
2004/3/3-4 [Computer/SW/Security] UID:12499 Activity:nil |
3/3 If a public library blocks outgoing internet traffic on all ports except 80 and 443, originating from patron's laptops located on the library's network, are they violating the free speech rights? Seems wrong that I can download tons of porn w/o restrinction, but I can not SSH to soda. Do you know of any cases about this? Seems just as constitutionallly problematic as web content filtering. \_ It's not unconstitutional for them to use a filter, it's unconstitutional for Congress to require them to use one. It's unconstitutional to filter traffic on an internet connection you own, but as the library is giving you a service, they can place whatever limits they want on it. \_ As a taxpayer, don't I have more of a right to open internet service through a public library than through a commercial ISP that I clearly do not own. \_ Your rights to an internet connection through an ISP are regulated by your contract and AUP. The government can't censor that speach. You have no 'right' to use a library internet connection. You have a right to non-discriminantory access to taxpayer resources, but the extent of resources provided to taxpayers is not gauranteed to be unlimited. There have been no laws passed saying all taxpayers in your jurisdiction have rights to internet access. In the case of such a system, like what's being built in Utah, users would have constitutional protection of how they use the connection. \_ csua runs a port 80 redirector to soda:22 for people stuck behind such idiotic "security" setups. So quit yer whining and just ssh to scotch.csua port 80 \_ Thanks for your attitude and your help. \_ He gave you what you needed to know without bashing your whiney ass too much. Free speech? To port 22? Sheesh. \_ "porn" = "free speech" seems no more absurd. \_ I don't think op was being sarcastic. He needed the attitude he got, and he was grateful for it. [formatd] \_ advice with attitude. I like it. \_ first, how is the library violating /your/ free speech rights by restricting the material you can retrieve? free speech, not free access. second, would you also argue that the library not carrying a book you're looking for is also a violation of your rights? \_ "not carrying a book" = "not having net access". If they have a book and refuse to let me see it, that seems like a better analogy. I see no valid reason to block port 22. justify it. \_ It's not a free speech issue. If you want a justification, you should be asking the library, not the motd. \_ Yeah, good point. I've already done that, and while I'm waiting to hear back from them, I thought I'd get some additional info from the smart folks on soda. Thanks for your opinions and ideas. -complete idiot \_ Are you really this stupid? -tom \_ justify it \_ I don't have to justify it, and neither does the library. You don't have a right to port 22 access; you're being completely obtuse. And anyway, it's easy to justify--keeping kids from getting the library into trouble. -tom \_ maybe they should just unplug their net. \_ maybe you're a complete idiot. -tom \_ yeah, maybe. |
2004/3/2-3 [Computer/SW/Security] UID:12490 Activity:nil 66%like:29848 |
3/2 When a public library offers laptop connections, is it normal to restrict outgoing access to port 80 and 443 only? |
2004/3/1-2 [Computer/SW/Security] UID:12473 Activity:low |
3/1 Another WiFi question: If there was an ESS network, and there were areas that got signal from only a few APs, couldn't you mount a DoS attack on a client by forging their MAC and sending lots of forged reassociation messages to an AP they can't get signal from? \_ Of course. \_ So doesn't this throw cold water on any large ESS network without strong authentication? You can break the access of anyone you've been in range of. \_ Even if there is strong authentication, you can break the access of anyone. It's called "jamming," and it's true of every form of wireless communication. -tom \_ But jamming breaks the access of everyone over a specific area. Spoofed reassociation breaks access for specific victims across the entire ESS network. \_ so what? Don't you have better things to do than worry about DOS on wireless networks? It's trivially easy to do, but it's not a significant problem in the real world. Why would anyone bother? -tom \_ Do you work for MS's security division? \_ I was just thinking about sfwireless and some big community networks and bad people. I know wireless has security problems, and was just exploring a single potential problem \_ you can stop thinking now, you don't seem to be very good at it. -tom \_ This also works on wired networks, modulo arp spoofing. What's your point? -dans \_ He's trying to learn. Why are you and tom being such assholes to him? And then everyone wonders why so few people want to attend csua social functions, hang out on wall, or post anon to the motd. Actually I know why tom is being an asshole. What exactly is your beef with the guy? \_ He's not trying to learn. He's trying to show us how clever he is. -tom \_ considering no one "knows" who he is, there's not much point in strutting his stuff. i think he really is just somewhat amazed at how fallible some things in the real world are, and i think you're just being an asshole. \_ Huh? How was he being an asshole? tom's "not good at thinking" was the only thing, which is pretty tame for the motd. |
2004/2/29-3/1 [Computer/SW/Security] UID:12457 Activity:nil |
2/29 Anyone here have access to an openbsd machine? I'd like to know if their implementation of s/key is broken for SHA-1 and RIPEMD-160 (at least, it's broken in Yuri Yudin's port of openbsd s/key). From RFC 2289, running 'skey -sha1 99 correct' and using "OTP's are good" as the passphrase should give "AURA ALOE HURL WING BERG WAIT". If someone can try that, I'd appreciate it. Also, if that does work, can you tell me what the result of 'skey -rmd160 99 correct' with the same passphrase as above is? Thanks. \_ s/key on my OpenBSD 3.3 system produces the following output: sha1: AURA ALOE HURL WING BERG WAIT rmd160: ONCE FRAY EROS JADE GINA ONE --ranga |
2004/2/24-26 [Computer/SW/Security] UID:12390 Activity:nil |
2/24 OpenSSH 3.8 released: http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=107764058601617&w=2 http://www.openssh.com/openbsd.html ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.8p1.tar.gz |
2004/2/24-25 [Computer/SW/WWW/Browsers, Computer/SW/Security] UID:12387 Activity:nil |
2/23 Is there a web based free email compatible with lynx? \_ kinda curious why you'd want this... if you have access to a command line, can't you use a command-line mail program or log into a box that has one? \_ it's useful to have throw-away mailboxes. \_ http://spamgourmet.com \_ throw away mailboxes don't have to be web-based... that said, I use an extra netzero account for throw away mail... it has POP3 mail. Perhaps there's a reason they want web-based? \_ why not use sneakemail for throw-away mailboxes? \_ It's nice to have an email acct. that is 1) fully functional with SSL login, 2) completely disposable and anonymous, 3) can be accessed anywhere, whether from a comand line host or public library shared web machines. \_ sure, that's nice. it's also not profitable, which is why you don't see that kind of thing. free email services need to serve ads, which are predominantly graphical. \_ find a non-free service that satisfies 1 and 3, and then you use sneakemail to satisify 2. |
2004/2/23-24 [Computer/SW/OS/Windows, Computer/SW/Security] UID:12364 Activity:nil |
2/23 Sorry I missed the answer to this last week. Reposting... What's up with these new "high-speed" or "optimized" or "pick your own buzzword" dial-ups? Are they actually faster? Do they cache, compress, etc?? \_ They compress uncompressed data (txt, html, etc.) and some may recompress jpegs to lower quality on the fly. Depending on your type of usage, them may be signifigantly faster, or useless. YMMV. \_ http://www.earthlink.net/accelerator/faq It is sad that the EarthLink web site seems to be slow. |
2004/2/18 [Computer/Networking, Computer/SW/Security] UID:12299 Activity:nil |
2/18 Wireless Bank "Hack": http://www.math.org.il/post-office.html \_ Does Haifa have the largest nerd density in Israel? |
2004/2/17-18 [Computer/SW/WWW/Browsers, Computer/SW/Security] UID:29813 Activity:nil |
2/17 Anyone using http://communitycolo.net? Is it absolutely free? (bandwidth, power, storage) If you donate, how much do you donate? |
2004/2/11 [Computer/SW/Security, Politics/Foreign/Europe, Politics/Foreign/MiddleEast/Israel] UID:29796 Activity:very high |
2/10 I'm beginning to think mandatory military service should be instituted in the USA, say for 2 years after high school. It would help all these kids to grow up, learn to be away from home and stop being pansies. They'd be older and more mature going into college, and maybe have a better sense of direction and perspective in life. It would force rich kids to serve alongside poor kids and make people care more about US policy and think about what it means to live here. \_ Back in MY day, sonny, we walked six miles uphill through the snow to do our military service! [again, restored] \_ Uphill both ways? \_ This isn't Israel or Singapore where land is scarce and border security requires every able body to participate in the armed forces. Having such a large non-volunteer force would have no practical value to the security of this country \_ Ok 2 years is too much, I was just reading how Euro countries do it. 9 mo. would still be good, plus there is the possibility of alternate service in something like Peace Corps. There is all kinds of stuff they could do. There are lots of non-combat roles in all the military branches too. \- would you make females and homosexuals serve? --psb |
2004/2/9 [Computer/SW/Security] UID:12173 Activity:nil |
2/9 A colleague is starting an IDS user group in silicon valley. If any security types are interested, have a look at http://idug.cryptojail.net/mailman/listinfo/idug -John \_ Okay, went there, it's a mailing list setup. Now what? Does your colleague want us to sign up for the mailing list? |
2004/2/9 [Computer/SW/Mail, Computer/SW/Security, Computer/SW/Unix] UID:12170 Activity:nil |
2/8 prompt: mutt /usr/libexec/ld-elf.so.1: Shared object "libintl.so.4" not found \_ YAY, pine is fuxored too. I think admin SNAFUS like this and the spreading soda relay ban (which apparently root doesn't want to do anything about) means that I'll be bringing to an end my use of soda for email. Ah well, its been a nice one guys. \_ Spreading soda relay ban? Yahoo has a fucked up test and has blocked much of the world, and their abuse department is nearly always unhelpful. As for spreading, the complaint below ended up being a typo. So unless you have evidence of this, I would say you're full of shit. If you aren't, mail root with the evidence. Don't fucking complain on the motd. --scotsman (P.S. The problem described above is probably something like a broken LD_LIBRARY_PATH env variable. If there was another problem it must have since been fixed. Both work for me.) \_ Well, it worked for me yesterday, and it worked for me now. But it didn't when I posted the above. I guess either my env variables are in a quantum state or someone with root has been tinkering. Thanks for making it work again. -- op \_ Is there a free alumni email account at cal? \ <DEAD>cal.berkeley.edu<DEAD>: free forwarding for life \_ they do ok for the salary they get. |
2004/2/8-9 [Computer/SW/Security] UID:12163 Activity:nil |
2/8 On FreeBSD, what's the best way to let a service use a user's system authentication (postfix SMTP AUTH via TLS and apache) so that he can use his unix username/password to authenticate? -John \_ man postfix \_ pam? \_ for apache, i found mod_auth_external the easiest to use, but this was 3 or 4 years ago --dbushong \_ Can SASL do this? Postfix supports sasl auth nicely, but I can't seem to get it to use FreeBSD passwords. -John \_ I don't think so. Most SASL schemes rely on having the password cleartext on both ends so it can be encrypted with a datestamp or something like that. It can't get the cleartext pass out of the password file... If you're doing SMTP w/ TLS you might be able to get it to work w/ one of the cleartext AUTH methods (LOGIN or PLAIN, IIRC) --dbushong |
2004/2/5 [Computer/SW/Security, Computer/Networking, Computer/SW/WWW/Browsers] UID:12105 Activity:nil |
2/4 Since ipfw rules does not care which program is making the outbound access, how do I block, say all outgoing traffic except that generated by ssh and mozilla? \_ That's not really what ipfw does. Block all outbound traffic destined for ports other than 80, 443 and 22. \_ Okay, is there a way to block based on program name in FreeBSD? (I heard ZoneAlarm Pro does that, but it only runs on windows?) \- there are some sort of hairy ways to do with with fbsd involving complicated jail setups. with linux i suppose you can try grsecurity. solaris-next is supposed to have much finer-grain control but i'm not the best person here to talk about that. what about traffic genreated by say your resolver routines? --psb \_ ob"we don't need no stinkin resolver routines!" |
2004/2/4-5 [Computer/SW/Security] UID:12093 Activity:nil |
2/3 what's the best free telnet program that supports ssh, etc? I remember someone posted a name a while ago but can't remember the program's name. it is a small program with no install! thx. \_ Uhm, by definition, telnet != ssh. They have nothing to do with each other. Why not just use ssh? \_ PuTTY, use google a lot of people also use Tera Term Pro with the TTSSH extension \_ i used it but not anymore, IT guy saw everything in the clear (including pwd) snooping packets even with TTSSH extension \_ have you ever stopped to consider that maybe you're just stupid? sorry, stupid question. \_ used port 22 twink w/ ttssh extension, still got it \_ reconsider. \_ just spell it out, if i got into soda using tera term pro and ssh and port 22, how can he see my password in the clear still? \_ If you connected to port 22, and didn't do proper key exchange, then teraterm wouldn't have even prompted you for a password. Try it for fun (and profit!). telnet localhost 22. \_ But you know what? A supposed ssh client that doesn't tell even somewhat clued users that it is transmitting cleartext is not well- designed. That sounds like reason enough to use one of the alternatives. \_ i am unclear as to how you concluded that the user is somewhat clued. \_ See that's just it. It doesn't. Did you verify that it did yourself? \_ I'm confused by this. How did the user get an ssh connection in clear text?? \_ Stupid, Nasty admin, he plays tricksies on Poor, Innocent user! \_ Fat, Stupid, Nasty adminses! \_ you forgot greasy and virginal. \_ you'd think that such a big hole would have been reported or fixed by now \_ maybe IT guy has a keylogger installed on your system? \_ putty also has versions of scp (pscp) and sftp (psftp). |
2004/2/2-3 [Computer/SW/Unix, Computer/SW/Security] UID:12071 Activity:low |
2/2 Happy Square Root Day! \_ huh? \_ 2/2/4? \_ 1/1/01, 9/9/1981, 3/3/2009 Happy Addition Day! |
2004/2/2 [Computer/SW/Security] UID:12070 Activity:nil |
2/2 A Bellovin and Cheswick paper on encrypted searching. Comments welcome. http://csua.org/u/5sw |
2004/2/2 [Computer/SW/Security] UID:12068 Activity:nil |
2/1 A draft paper I wrote on building better cryptographic authentication protocols. Feedback appreciated (either constructive or amusing). http://tinyurl.com/3buxo |
2004/1/28 [Computer/SW/Security, Computer/SW/Unix] UID:11981 Activity:nil |
1/28 What is the policy of yahoo in terms of account inactivity? How long does your account have to be inactive before they delete it? On their "Terms of Service" page, it says that the account could be closed due to inactivity, but it doesn't specify how long. \_ It's crazy long. I talked to a person a yahoo once about an account i had setup with fake data (which i couldn't remember and so couldn't get the password). It was my whole name though (and an uncommon one) so i figured i could wait for it to to expire and re-sign up, (it had already been a year) the guy basically said i was doomed. My other yahoo account i have left sitting for over 6 months and come back to it with no problems. \_ I created the account "ausman" on yahoo and forgot my password and switched jobs, so password recovery no longer worked. The account still exists. I created it back in 1995 or 1996 and last used it in Jan 1997. -ausman \_ I had something similar happen with eBay. They were cool about it though. They put the old account in some special status and once no one rescued it after 30 days it died and they let me change my user name. -dgies |
2004/1/26-27 [Computer/SW/Security] UID:11943 Activity:low |
1/26 http://www.microsoft.com/education/default.asp?ID=SecurityPosters Free M$ security posters. Dunno if it was posted before due to to lame-ass URL shorteners found in the archives. \_what is the point? the poster is not even cool. |
2004/1/23 [Computer/SW/Security] UID:11906 Activity:nil |
1/23 http://tinyurl.com/2utfc JWZ vs Mailman, round ONE fight! \_ Do you get a kickback from Pants Factory? If not, try posting a direct link: http://www.jwz.org/doc/mailman.html \_ normally I would, but the rebuttals from mailman's OG writer are on http://pantsfactory.org |
2004/1/21 [Computer/SW/Security] UID:11860 Activity:nil |
1/20 Hungry Programmers raided by FBI: http://csua.org/u/5mp \_ wow, bummer. A related question is, suppose you use RSA or some hard to crack stuff and encrypt your criminal activities. Would they have the resource to crack it? \_ you'd go to jail for contempt a la kevein mitnick until you gave up the passphrase or died of AIDS. they don't have to crack it, they just have to crack you. stop thinking like some nerd. they don't play by your grade school nerdling rules. \_ What if you say "I forgot." What if you do forget? \_ You lose. |
2004/1/20 [Computer/SW/Security, Computer/SW/OS/FreeBSD, Computer/SW/OS/OsX] UID:11846 Activity:nil |
1/19 Slow to load, but worth it. This guy is no crook, I used to work with him, he is just a geeky programmer: http://squeedlyspooch.com/blog/archives/000072.html \_ He was being accused of ...? \_ Raping his cats. \_ Close enough: hacking Valve and stealing the source code for Half-Life 2. So, wtf? did he do it? \_ I suspect this particular guy probably didn't or he wouldn't be spewing his story over the net, but I wouldn't be surprised if one of his friends or net.friends did it. \_ http://www.csua.org/u/5m7 |
2004/1/16-17 [Recreation/Pets, Computer/SW/Security] UID:11810 Activity:nil |
1/16 The Fish That Threatened National Security: http://www.post-gazette.com/pg/03362/255283.stm \_ Petty tyrants can arise in even the smallest domains (and no, I'm not talking about the fish--I'm talking about airport security). \_ story sounds fishy (hah!) People routinely take pets through passenger screening at airports. Maybe the TSA folks were being particularly annoying at LGA. -- Someone who works airport secy. \_ the newspaper probably fact checked this it doesn't appear they've printed a retraction for the last three weeks, anyway to me it just looks like overzealous and mistaken TSA there \_ The TSA allows pets on the plane, and they will not x-ray them: http://www.tsa.gov/public/interapp/editorial/editorial_1036.xml \_ If you want to smuggle something through, having a cute cat probably helps -- I had my cat, who was drugged beyond belief and when they made me take him out all the TSA people stood around and ooohed and aahed and petted him. -chialea \_ The TSA recently destroyed a very expensive flight case of a friend of mine who travels for business. Apparently the goons at the TSA didn't understand the latching mechanism and so used a crowbar on the joints instead. He has a claim in but it may take a VERY long time to get any money out of them, knowing the feds. \_ Did your idiotic friend understand the big sign that says to not lock stuff or they'll have to break them open? Did he take the very simple precaution of unlatching it for them or opening his stupid mouth to explain at some point or whine like a stupid bitch afterwards and file his paperwork? Are *you* the friend with no clue? Frankly, I'm glad they busted open his case. I would've done the same thing just to teach him a lesson. \_ I am not the one who posted the above, but somettimes a case has to latched just to keep the content from spilling out, esp. if you put too much stuff in. The above post does not say the latch was locked. This would be like someone breaking a closed door without trying to turn the knob. |
2004/1/16 [Computer/SW/Security] UID:11807 Activity:high |
1/16 How do you allow remote root logins on FreeBSD? I can ssh in as a user but not as root. \_ Same as any system, edit your sshd_config. \_ How do I restart sshd on FreeBSD4? \_ reboot! \_ kill -HUP sshd \_ There isn't a script? \_ Not in FreeBSD 4.x. In 5.x the netbsd rc.d system has scripts. BTW, why do you need/want a script for something so simple? \_ I was just wondering if there was a script. For example /etc/mail/Makefile does this. \_ Sheesh, no, go write one. ps | grep ; kill -hup \_ why don't you do it the traditional way and ssh, then su? \- thats not always reasonable. ssh is used for more than isn't that hard. \_ why don't you do it the traditional way and ssh, then su? interactive logins ... e.g. scp etc. --psb \_ /etc/ssh/sshd_config |
2004/1/9-10 [Computer/SW/Security] UID:11728 Activity:nil |
1/8 Hey, if anyone owns wizardry 8 and wants to do me a favor, can you post your login or email me? -- ilyas \_ That reminds me: I registered DOOM 1 for DOS and my floppies went bad a few years ago. Anyone have DOOM 1? --dgies \_ In my case, one of my cds got really scratched when I moved, and I need one of the files from it. -- ilyas \_ http://www.dosgamesarchive.com/download/game/7 \_ Thanks, but I know where to get the shareware version. I paid for the full version back in the day and was wondering if I could still get it somehow... |
11/23 |