Computer SW Security - Berkeley CSUA MOTD
Berkeley CSUA MOTD:Computer:SW:Security:
Results 451 - 600 of 1108   < 1 2 3 4 5 6 7 8 >
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2024/11/27 [General] UID:1000 Activity:popular
11/27   

2004/1/8 [Computer/SW/Security] UID:11716 Activity:kinda low
1/7     I know soda runs a browser based ssh login scheme but I've never
        had to use it so I know nothing about it.  Now for various unimportant
        reasons I need the same thing running on my home machine.  What is
        the name of the software that soda uses for this and where can I get
        it?  Thanks!
        \_ Easier is just download putty ssh when you need it.
        \_ Google for "mindterm", or just grab it from soda. There's different
            versions.  It is  a 'ssh1' client implemented in java. -ERic
            URL is http://www.mindbright.se/mindterm
        \_ and an excellent FAQ for getting to systems from behind networks
           with firewalls administered by idiot/bofh network admins:
           http://www.tldp.org/HOWTO/Firewall-Piercing
        \_ It sounds to me like he is looking for server software, not a client.
        \_ OP here to clarify: a friend who recently can ssh out from a corp
        \_ OP here to clarify: a friend who recently who ssh out from a corp
           network no longer can.  they only have some sort of http proxy to
           the public net now.  I'm looking for a way for them to abuse the
           corp http proxy to ssh to remote hosts outside the corp net.  I
           thought the soda solution was running some sort of proxy abusing
           ssh client which is why I asked about that.
           \_ I could never get mindterm to work right with http proxies.
              Mindterm2 has no problems, though.  Run it as a local jarfile
              if you have funky security settings.  -John
           ssh client which is why I asked about that.
              \_ Thanks!
2004/1/6 [Computer/SW/Security] UID:11680 Activity:nil
1/6     How do I post to newgroup with an email account I don't have access
        to? Thanks.
        \_ Use your mad el8 haxz0r skillz!
2003/12/22 [Computer/SW/Security] UID:11560 Activity:nil 75%like:10794
12/21   Anybody have any good or bad things to say about http://togetherhost.com?
2003/12/13-14 [Computer/SW/Security] UID:11447 Activity:nil
12/13   Why do yahoo, ebay, and a host of other sites that require a
        password and may contain personal information still default to
        use non SSL to transmit passwords?  Several times I've forgotten
        to click the elective secure login button!
        \_ it puts more load on their systems, and really, they don't give
           a shit about your account, unless they're providing financial
           services.
           \_ yes.. extra load on their systems.. also some people are in
              environments where https is not an option. if you haven't
              noticed, whenever you access something they think is trully
              sensitive they switch to requiring https and ask for your
              "security key" which is separate from your password
2003/12/12 [Computer/SW/Security, Computer/Companies/Yahoo] UID:29714 Activity:nil
12/12   Yahoo to use msg authentication for email:
        http://www.newscientist.com/news/news.jsp?id=ns99994459
        \_ That's like, so yesterday, and stuff
2003/12/12-13 [Computer/SW/Unix, Computer/SW/Security] UID:11435 Activity:nil
12/12   what in the hayell is <DEAD>writeme.com<DEAD>?  like free webmail with no
        website?
        \_ see http://www.mail.com and try signing up.
                \_ aaaaaah hchaaaaaaa!  cheerz.  but no.
                   \_ ???  http://mail.com offers many @domain options
                      including <DEAD>writeme.com<DEAD>.  What do you mean by
                      your statement above?
2003/12/12-13 [Computer/SW/Editors, Computer/SW/Mail, Computer/SW/Security] UID:11423 Activity:nil
12/11   Does anyone know of a free SFTP client for MacOS 9? --dim
        \_ http://versiontracker.com
2003/12/11 [Computer/SW/OS/SCO, Computer/SW/Security] UID:11402 Activity:nil
12/10   SCO's claim of a DDOS attack probably false:
        http://www.groklaw.net/article.php?story=20031210163721614
2003/12/3 [Computer/SW/Security, Computer/SW/Graphics] UID:11295 Activity:low
12/2    Research on Ecstacy is Clouded by Errors
        http://www.nytimes.com/2003/12/02/science/02ECST.html
        \_ Not surprising.  Most people I've seen on X aren't the greatest
           examples of lucidity.
           \_ uh, the scientists who ran the flawed study weren't
              the ones on ecstacy.  in fact nobody in the study was.
              \_ Whoosh!
           \_ Whoa.  Someone commented on an URL link without reading the
              URL?  SHOCKER!
              \_ Okay.  It was a joke.  Sorry for confusing you.
              \_ INCLUDE YOUR CHILDREN WHEN BAKING COOKIES
                 \_ NEW STUDY FOR OBESITY LOOKS FOR LARGER TEST GROUP.
                    \_ PROSTITUTES APPEAL TO POPE
                       \_ ALL DRUG ADDICTS HAVE EATEN A POTATO AT SOME
                          POINT IN THEIR LIVES.
        \_ Y'all gonna keep them brain doctors working when you're 60.
2003/11/25-26 [Computer/SW/Security] UID:11223 Activity:nil
11/25   When I do "ssh machine command" it keeps asking me for password.
        The weird thing is that it only happens on certain machines. Why
        is that and how do I make it so it never prompts for a password? Thx
        \_ create private keys
        \_ man ssh-keygen, man ssh-agent
           \_ Also man ssh, search for shosts.
              \_ shost-like authentication is not enabled by default in newer
                 implementations of OpenSSH. Just use the key authentication.
2024/11/27 [General] UID:1000 Activity:popular
11/27   

2003/11/23-24 [Recreation/Dating, Computer/SW/Security] UID:11197 Activity:low
11/23   A friend has a website that's become very popular recently (no, it's
        not porn). Up until now he's been relying on the kindness of strangers
        to host it but recently the large amount of bandwidth it's taking up
        has made that no longer an option. I'm trying to help him figure out
        how/where to host his site, any advice would be appreciated. The
        site had a recent spike in popularity which may or may not continue,
        the last few days it's used up about 13 GB of bandwidth a day. It
        doesn't need a lot of storage space (< 100 MB).
        \_ http://www.communitycolo.net          be sure your friend's site
                is not for profit!  No porn!            -brain
        \_ 13 gigs a day!?! wow, and it's really not porn?  What is it.
           That is a crazy amount of traffic for a non porn site.
           \_ warez, mp3, porn.  pick 2.
              \_ no, none of these... it's just gotten some press in the last
                 few days. -op
                 \_ so what's the site?
                \_ it's gotta be friendster, no?
           \_ 13GB/(24 * 60 * 60) = 150KB/s or 1.2 Mb/s
              This is not enough to fill a T1. How can CS students really
              be this dense?
              \_ Traffic is a spikey thing.  Peaks of 10 times
                 your average traffic are not uncommon.
                 \_ Perhaps. But I work at a site that is not even
                    in the top 500 of web sites and we do 200X this
                    much traffic. Lots of sites that aren't porn do
                    much more than 13GB/day.
                    \_ it is a hell of a lot of traffic for a site that is
                       being run on dontated bandwidth.
                       \_ he just doesn't have the right friends.  1.5mbs
                          would barely show on the graph where I am.
        \_ BitTorrent.
           \_ http://FreeCache.org
2003/11/11 [Computer/SW/Security] UID:11029 Activity:nil
11/11   11:11:11 has passed.
        \_ it isn't the year 1111
           \_ Alright, what's the deal with 11:11:11?  Is this one of those
              mystical stoner things like 4:20 that no one understands the
              origin of but everyone quotes?
              \_ the 4:20 thing comes from a police code for marijuana.
                 -nonstoner
                 \_ That's a widely circulated but well-debunked myth.  There
                    was a group of stoners from Cupertino or somewhere in the
                    south bay who called themselves the Waldos and got high
                    after school at 4:20 in the early 80's.  I can't provide
                    URLs demonstrating that it's not the police code anywhere
                    but a little googling should provide it. -sometimesstoner
              \_ a minute to remember those who have made sacrafices in the
                 fields of battle in service of our country.  Hate the
                 Commander in Chief, but do not hate the foot soldier.
                 \_ Veteran's Day, originally Armistice Day, was held on
                    November 11th to celebrate the close of WWI.  Supposedly
                    the terms of the armistice were signed around 11am
2003/10/30 [Computer/SW/Security] UID:10865 Activity:high
10/30   Somebody once mentioned editing the motd via scp.  How does that work?
        \_ See, when you edit by scp, you're off by one whole day.
        \_ err, think about it.  What does scp do?  It copies files.
           Copy, edit, copy back.
           \_ Yes, thank you.  I'm wondering *why* someone would do that,
              instead of editing it on soda.
              \_ to attempt greater anonymity, duh.
2003/10/30 [Computer/SW/Security] UID:10857 Activity:nil
10/29   Is there a way to turn off encryption of the data stream in openssh?
        Encryption during the authentication process is fine and good, but
        sometimes I want to transfer files across a fast network on slow
        machines, and the data encryption becomes the bottleneck rather than
        the network. I've check the manpage, but the openssh guys seem a little
        fascist about encryption. Thanks.
        \_ telnet rcp
        \_ weird how a bunch of dudes writing security software would be so
           anal about all that encryption stuff, huh?
           \_ there's anal, then there's too anal.
              \_ go ahead and write your own encryption method and compile it
                 in and just have it not encrypt.  the source is always built
                 with an option to let the user change methods.  use it.
        \_ you can build it yourself with a null cipher, or just live with
           -c arcfour as one of the faster ones.  btw, if you are transfering
           smallish files, tar cf - | ssh tar xf - will gain much more than
           tinkering with ciphers on the crappy scp protocol.
        \_ I would think that part of a secure transmission is ensuring that
           the data stream hasn't been tampered with. If you don't encrypt
           everything, someone could possibly inject bad data.
2003/10/29 [Computer/SW/Security, Computer/SW/SpamAssassin, Computer/SW/Unix] UID:10836 Activity:nil
10/28   Someone give me a quick way of installing/using spamassassin? Thanks!
        \_ man spam
        \_ can I install spamassassin as non-root on a machine that I don't
           have root on, like... company machine, school, etc?
           \_ yes but it's easier with root.  with some tiny clue you can
              do it as non-root.  you're mostly changing paths around.
                \_ ok I just installed it with non-root. However it only
                   filters 50% of the rules. Should I make it learn it
                   on a frequent basis (e.g. sa-learn --spam mail/spam) or
                   is there a better way? Also is razor a good thing to have?
2003/10/22 [Computer/SW/Security] UID:10732 Activity:nil
10/21   Security researcher and security content analyst positions at
        Zone Labs.  See ~sky/job/{zone,zone2}.txt.  Sorry I was too
        lazy to format nice.  WARNING: may require sitting for for
        extended periods of time.  (More positions will be added soon)
        Email sking@zonelabs.com
        --sky
                                      \_ do I have to bend over too? :(
        \_ sygate is far more superior
           \_ I respect your opinion...  just curious why you think so.
              thanks.   --sky
           \_ 1) sky is not on my favorite person list, 2) i have no contact
    :( --sky _/
              or association with zone labs beyond being a user, 3) your
              lack of english skills are painful, 4) sygate sucks donkey dick.
              I tried these and several others and zonelabs was the best at
              dealing with rogue apps calling home.  zonelabs + winroute for
              port and protocol screening make a really good combo.
              \_ Do you actually know sky, or is your opinion of the gent
                 strictly based on motd?                     -mice
                 \_ Either way, I wouldn't blame the poster for his/her
                    opinion.  I've had more than my fair share of problems in
                    the past, which manifest themeselves both in my real
                    life interactions with people and in the motd.  --sky
2003/10/20-21 [Finance, Recreation/Food, Computer/SW/Security] UID:10707 Activity:low
10/20   Ever wonder why you get some much junk mail?  It's because the United
        States Postal Service encourages such practice!
        http://www.usps.com/features/fourstepstodirectmail.htm
        \_ of the corporations, by the corporations and for the corporations...
        \_ Yeah, they're self supporting.
        \_ poor trees.
           \_ theyre grown on tree farms for the purpose.  so of like your
           \_ theyre grown on tree farms for the purpose.  sort of like your
              lunch.
                \_ yes the forests of Canada, Madagascar and Burma
                   are one vast tree farm.
                   \_ yawn.  no one is chopping trees in madagascar to get
                      paper to send you junk mail.  it takes 50,000 trees
                      to print *each* edition of the sunday NYT.  you think
                      they're stripping madagascar?  no, it's all tree farm
                      trees raised for that purpose.
              \_ poor cows.
                 \_ and poor wheat and corn and everything else grown for
                    us to murder and eat.
2003/10/10-12 [Reference/BayArea, Computer/SW/Security] UID:10580 Activity:nil
10/10   Any recs. for the cheapestpossible cell service in the bay area that is
        more-or-less decent?  Only need for occasional use.  Want to minimize
        the $/month.
        \_ Never used it myself, but they say MetroPCS is good if you only
           call within bay area.
           \_ Thanks, but I am looking for the CHEAPEST.  MetroPCS is $35/mo
              \_ I don't think you're gonna find any cheap plans below $30
                 these days with most providers.  My gf's sister and parents
                 have a really old plan of $10 a month, and Verizon's gonna
                 kick them off the plan in few months.  Perhaps you should
                 look into prepaid cells.  AT&T and Virgin has 'em.
                 \_ Cingular also has prepaid.  $0.35/minute for peak time
                    and $0.10/minute at off peak.  Prepaid card starts
                    at $10 and must be refilled every 30 days.  $20 and
                    above card expires 90 days.  I think you get to keep
                    any leftover $ everytime you refill your account.
                    \_ Thanks, that's what I was thinking of
                        \_ http://www.attwireless.com/personal/prepaid
                           You can get wireless for as low as $10/45 day
                           period. Minutes will roll-over if you recharge
                           your acct before the minutes expire.
2003/10/10-11 [Computer/SW/Security, Computer/SW/Unix] UID:10568 Activity:nil
10/10   pretty entertaining AI/20 Questions website:
        http://y.20q.net:8095/btest for anonymous login
        <DEAD>q.20q.net/q.cgi?N<DEAD>  to register, which makes it way
        more entertaining.

        Things I didn't know
        The Earth's core is not something you can wear
        You don't squeeze the Earth's core out of a bottle
        The Earth's core is not in a traditional engagement ring
        \_ Things I didn't know
           A programmer is not fuzzy
                \_ Bunny is, though.
           A programmer might carry people
           A programmer does bite
           A programmer is not used to measure something
        \_ Thing I didn't know
           You don't put things in a testicle
        \_ A mobile phone probably has leaves... and is a domesticated animal
        \_ Things I didn't know
           Religion is not made of plastic
           Men might not find religion erotic
           Religion is artificially built by human beings
        \_ Can some one please install the *ancient* 'animal game' on soda
           so these people can get their sillyness fix?  Thanks.
2003/10/3-5 [Computer/SW/Security, Computer/Domains] UID:10457 Activity:nil
10/3    About freakin time...
        http://boston.internet.com/news/article.php/3087071
        \_ what? why? i found their search page a fresh and welcome change
           to my dull typo-filled life.
2003/10/2-3 [Computer/SW/Security] UID:10430 Activity:low
10/2    someone posted a web page to access our soda mail, what was it
        again? thx.
        \_ I think it was shot down as insecure.
           \_ John says everything is insecure so we should just do it.
2003/10/1 [Computer/SW/Security, Computer/SW/Unix] UID:10391 Activity:nil
9/30    I'm not a very mathy person, but I've found myself in dire need of
        a good root-finding algorithm.  I've currently got a piece of
        software that uses Mueller's Method -- but it sometimes generates
        whack results that crash a rather twitchy third party piece of
        software as it iterates.  The curves I'm examining can be assumed to
        be monotonic.  Can I do better than Mueller's, or am I SOL?  TIA. -mice
        \_ Use Mathworld to look up 'root finding' and find the root finding
           method which will work best for the kind of function you have.
           Using mathworld for this sort of thing is a good meta-skill to learn.
        \_ you'd probably find a numerical analysis text more useful than
           mathworld. try checking one out at a college library if you can.
           there are not that many root-finding methods that are actually
           used much in real life.
        \_ One technique to explore-- see if you can parameterize your
           curve on some region of interest by a [0,1] lambda.  I.e.. munge
           your algebra around until you can get a diff from root as a
           function of some linear parameter.  If your curve is nice,
           consider golden section or binary search.  Another thing to do
           is just chop up lambda into increments, evaluate diff, and
           pick the best guess at root (or refine search in a region of
           the best approx from a linear visit across lambda).  Not the
           niftiest method in the universe, but it gets the job done.
2003/10/1-3 [Computer/SW/Security, Computer/SW/WWW/Server] UID:10390 Activity:nil
10/1    OpenSSL vulnerabilities.  Patchpatchpatch...
        http://www.openssl.org/news/secadv_20030930.txt  -John
        \_ is it enough to get install the new ssl rpm or does my mod_ssl
           need to be recompiled?
           \_ depends on whether mod_ssl is linked statically or not. I believe
              it's not since the only new RedHat updates that showed up today
              are openssl ones. In general, they a rarely use static linking,
              so to update a library, you just need to install the new library
              rpm and not worry about the applications that use it.
        \_ My new plan.  Fuck ssh/ssl.  I'm changing all external connections
           to vpn-only and then filtering the shit out of who is allowed to
           even try to connect to that.
                \_ Oh *that* will work.  Because we all know that every VPN
                   solution out there is utterly foolproof and secure.  Nobody
                   ever cracked DES or IOS.  Blanket statements like that are
                   incredibly ignorant and dangerous (although if it makes you
                   feel safer, go ahead.)  There is nothing fundamentally
                   wrong with OpenSSH/SSL--no computer or software is or
                   will ever be 100% secure.  Just patch the fucking thing
                   and get on with your life.  There'll be others.  -John
                   \_ You're so ... manly! when you talk about security, John.
                      It makes my heart go "thump! thump! thump!"  Can I have
                      your love child?  Your IPSEC key?
        \_ DOS vulnerability.  Not remote exploit.
2003/9/29 [Computer/SW/WWW/Browsers, Computer/SW/Security] UID:10359 Activity:nil
9/29    What do you guys use to SFTP your files from soda to home Winbox?
        I use WinSCP but it hangs too often.  Thx.
        \_ cygwin scp
        \_ SecureCRT + zmodem
                \_ SecureFX
        \_ Putty's pscp.  Though FileZilla works too.  Both are free.
        \_ http and mozilla
2003/9/24-25 [Computer/SW/Security] UID:10315 Activity:high
9/24    For Wind0ze users: SecureCRT or PuTTy, cost notwithstanding?
        \_ putty seems perfectly sufficient for my needs.  but i am using it
           as i would a glass tty, so your needs may differ.
        \_ never used putty, but SecureCRT has been more than adequate for
           my needs.
        \_ SecureCRT.  I haven't tried PuTTy recently though.  I like
           SecureCRT's binding of PageUp/PageDown to scrollback, and reading
           from my ssh private key files automatically, which are the same as
           in my Cygwin ssh.  I don't like that CPU goes to 100% and I can't
           close the window when output is coming too fast.
        \_ TTSSH is another free alternative. I like it, though if you don't
           care about cost SecureCRT may be better.
        \_ Is SecureCRT free?  Last time I checked it has a trial period.
        \_ My only beef with putty is that the config is in the registry.  It's
           X-tunnelling works great, etc.  (TTerm can't tunnel IIRC.)
           \_ Another great thing about putty is that it comes with
              ssh-agent like functionality.
           \_ Teraterm can definitely tunnel. Maybe the only bad thing about
              Teraterm/TTSSH is it only supports ssh1. I like it.
              \_ The only bad thing is that your secure client isn't secure?
        \_ Have been using putty for over 2 years now (when forced to use a
           windows machine, that is), and have been very satisfied with it. It
           just seems to work right, no matter what, carry no bloat and
           have no annoyances. Quite possibly the cleanest windows app that
           I've used in a long, long time.  -alexf
        \_ Putty is very basic and simply works.  If I could get work to pay
           for SecureCRT, I'd use that instead.
           in my Cygwin ssh.
2003/9/24 [Computer/SW/Security, Computer/HW/Drives] UID:10308 Activity:nil
9/23    I have some data tapes that I haven't touched in 5 years.  I used
        nbackup in DOS on a 486 to make the tapes.  Using the same program
        on the same computer, I am trying to restore those files.  I was
        able to open the tapes, but when I try to restore, it says
        "Cannot access tape drive" or just keeps asking me to insert the
        tape when it's already inserted.  Is it possible that the tape is
        old and that the data is lost, or is the problem more likely the
        tape drive?  How can I retrieve this data?
        \_ Does it say this for *every* tape?  Unless *all* your tapes have
           been damaged by some environmental event or they were shitty tapes
           to start with, it is more likely the tape drive is shot.  If you
           have a unix box with the right tape drive you should be able to
           at least use dd to read raw data from the tapes as a test.
             \_ Actually, since I posted that, I was able to get some data
                from one of the tapes.  But then it kept giving me error
                messages again.  I looked closely at the tape, and the tape
                is physically only connected to one spool (this was not the
                case originally), and it's not as easy as you might think
                to get it back on the other spool neatly.
                 \_ I had this same thing happen years ago. There is an
                    "end of tape" optical sensor in the drive, and if it
                     gets dusty, the drive unspools the tapes. You could
                     try to put the tape back together after cleaning the
                     dust out of the drive, but I suspect you might be out
                     of luck.  This is why I abandoned tapes, and switched
                     to hard disks backups. and disks don't make that
                     annoying whining sound when searching for files. Look
                     in the Sunday paper and get a 150GB disk for $90. use
                     an old extra computer as a backup server, or get an
                     external drive, but either way, make sure to spin it
                     up often:  hard disks can die from stiction if left
                     unused in an "off" state for too long (years).
2003/9/23-25 [Computer/SW/Security] UID:10293 Activity:kinda low
9/22    OpenSSH 3.7.1p2 (portable, ie non-OpenBSD) has been released.
        There are multiple vulnerabilities with the PAM auth code in
        3.7.1p1, so if you use PAM (Solaris/Linux) you should upgrade.

        http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=106432248411636&w=2
        \_ Is there an sshd that just works?  I'd be happy with a v2 sshd
           without holes that just allows simple logins.  Any other features
           after that would be a bonus.  Any suggestions?  Please?
           \_ Sigh.  OpenSSH "just works".  It's just that its vulnerabilities
              are declared and found more frequently than commercial SSH
              daemons.  Not saying those are any better or worse, but you are
              deluding yourself if you think that any piece of cryptographic
              software is "secure" just because no bugs are ever publicly
              announced.  Patching system components is a part of life as a
              sysadmin, get used to it.  -John
              \_ I am all for opensource but doesn't it bring as much harm
                 as benefit in terms of security?  Sure patchs are made on
                 more frequently, but isn't it much easier in theory to find a
                 bug to exploit when the source is available than otherwise?
                 \_ Do you occasionally look at Bugtraq?  I suggest you do,
                    if only to make it clear that having a commercial program
                    doesn't add much in the way of security.  Ask Microsoft.
                    "Better the devil you know"...  -John
                    \_ I'm not making my point.  I can see that.  I don't care
                       who wrote it or why or where it comes from.  I just want
                       an sshd with minimal features and fewer holes than what
                       openssh has.  If you don't know of one, thanks, that's
                       ok.
                 \_ would you prefer to know that holes are being found and
                    patched at the cost of having to upgrade, or instead
                    not know about holes and ignore upgrades in ignorant bliss?
                    \_ I'm not making my point.  I can see that.  I don't care
                       who wrote it or why or where it comes from.  I just want
                       an sshd with minimal features and fewer holes than what
                       openssh has.  If you don't know of one, thanks, that's
                       ok.
                        \_ You're very clear--I'm simply saying that OpenSSH
                           is pretty much "it" for open-souce sshd, and with
                           the non-open source ones, no, you probably won't be
                           patching so often, but that says nothing about the
                           amount of holes in them.  -John
              \_ I don't care if the alternative is commercial or not.  I just
                 want something I won't be patching three times in a week.  I'm
                 not concerned with open vs commercial philosophy.
                 \_ It's nothing to do with commercial or open source.  It's
                    a question of security.  If all you care about is not
                    patching something, then don't run OpenSSH.  This is
                    what's known as 'sticking your head in the sand'.  And
                    yes, what you don't know _can_ hurt you.  Your call. -John
                    \_ I'm not making my point.  I can see that.  I don't care
                       who wrote it or why or where it comes from.  I just want
                       an sshd with minimal features and fewer holes than what
                       openssh has.  If you don't know of one, thanks, that's
                       ok.
        \_ Argh! Nooo! Is this a joke? I had already had to upgrade OpenSSH
           on nearly 200 hosts -twice- during last week.
           What the #$(@)@*!!
           \_ Pride goeth before a fall.
              \_ Pride goes before destruction, a haughty spirit
                 before a fall. Proverbs 16:18
           \_ That's why it makes sense to wait to upgrade. OpenSSH
              *always* has one or two patches out within a week. --dim
              \_ wait a week to upgrade while getting hacked in the meantime?
                 swell idea, i wish i'd thought of it.
                 \_ There are no known exploits for this vulnerability, nor for
                    most of the ones being found lately. "It is uncertain
                    whether these errors are potentially exploitable,
                    however, we prefer to see bugs fixed proactively." --dim
                    \_ so says them. securityfocus paints a different picture.
                       in any case, better safe than sorry.
                       \_ More than once the "new" OpenSSH has been more flawed
                          than the original. An example was when the privilege
                          separation code was first added. It is common for
                          the OpenSSH folks to fix a bug and then have to
                          fix their fix. Hence, we are at p2 already. Just wait
                          for the bozos to figure it out unless the bug is
                          easily exploited. --dim
                          \_ they're not exactly fixing their fix. they somewhat
                             hastily made a release with *new* functionality,
                             which was probably not well-tested. so just patch
                             the old 3.6.1p2 and you're fine.
        \_ Jesus fucking Christ!  Is there a simple v2 sshd out there that
           just works?!  I don't need all the whiz bang features, just a
           login shell.  If it could port forward that would be a bonus
           but I could survive without it if it meant I could stop the
           upgrade madness.
           \_ what's this whole upgrade madness? it's been a while since
              the last major openssh scare. fwiw, maybe you should've just
              patched 3.6.1 and been done with it.
           \_ lsh might be what you are looking for. Keep in mind that
              OpenSSH has a larger user base, developer base and h4x0r
              base so gets more auditing.
              \_ and lsh had its own remote exploitable bug days later.
                 so what's the difference.

        http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=106432248411636&w=2
2003/9/23-24 [Computer/SW/Security] UID:10287 Activity:nil
9/22    I know of MindTerm, as well as a whole slew of httpstunnel
        ssh-over-https scripts;  does anyone know of a java applet which
        combines the two?  -John
2003/9/17-18 [Computer/Networking, Computer/SW/Security] UID:10233 Activity:nil
9/16    What's the cheapest internet access to be had in (west) Berkeley?
        It's for my sister, a student... and I don't think piggybacking
        onto someone's wireless is an option.  Speed isn't important.
        Thanks.
        \_ Get dialup for $8 a month.
           \_ Who has dial-up for $8 a month?
              \_ i have dialup for $6.95 a month.
        \_ NetZero.  The ads are free too...
           \_Netzero isn't free anymore.
        \_ I haven't used it, but the last time I was looking, I got a couple
           reccomendations to http://www.access4less.net $6/mo and supposedly good
           service (can't vouch for this, apple-fan(atic) roommate went
           and signed up for their partner earthlink)
2003/9/17 [Computer/SW/Security, Computer/Rants] UID:10227 Activity:nil
9/16    Shutterfly on http://fuckedcompany.com.  Add this to my list of a few days
        ago about why *not* to use them.
        \_ Who cares if Best Buy is or isn't using them?  It's a good
           service.  -tom
           \_ Because they're a dotcom with no parent company, too many staff,
              high prices and one less big customer.  I just hope you keep an
              original of all your pictures and copies of everything your
              friends have shared with you.  When they go, they're going to
              go POP! really fast.
        \_ I ended up going with http://pbase.com. Yeah, it's a pay service ($23/yr),
           but it had all the features I wanted in an attractive package.
2003/9/17-20 [Computer/SW/Security, Computer/SW/OS/FreeBSD] UID:10225 Activity:nil 74%like:10214
9/16    OpenSSH 3.7.1 released (fixes a buffer mgmt error):
        http://marc.theaimsgroup.com/?l=openbsd-announce&m=106375547524560&w=2
        OpenBSD: http://www.openssh.com/openbsd.html
        Portable: http://www.openssh.com/portable.html
        [ updated to 3.7.1 since 3.7 had a bug ]

emacs user was here
        \_ I had a beta version of 097b ssl installed so I got the 4/10/03
           version and the compile and install went clean but the ssh client
           still says its using the old version....  I then recompiled and
           installed ssh and same thing.  I've tried a few other things but
           nothing works.  Any hints?  There's no rpm for my system and
           the compile isn't the issue anyway.  Thanks!
                \_ Have you killed and restarted sshd?  Do you know where
                   your make install is putting things--is it the same place
                   your startup scripts are running them from?  -John
                   \_ ssh -v shows the old openssl version.  It has nothing
                      to do with sshd.  It's getting it from
                      /usr/lib/libcrypto.so.8.0 according to ktrace.  I don't
                      see where the openssl install is supposed to replace or
                      install a newer version of this file.
                        \_ If you build openssl from src it puts the libs
                           in /usr/local/ssl/lib or /usr/local/lib (depends
                           on your os). If you want your new version to
                           override the system installed default, then just
                           rename the version in /usr/lib and make a symlink
                           to the new version (provided you can build a .so
                           on your arch). If you are using *BSD you should
                           probably fetch the latest version of /usr/src/lib
                           and rebuild that way.
        \_ Arrr!
           \_ Avast!
2003/9/16 [Computer/SW/Security, Computer/SW/OS/FreeBSD] UID:10214 Activity:nil 74%like:10225
9/16    OpenSSH 3.7 released (fixes a buffer mgmt error):
        http://marc.theaimsgroup.com/?l=openbsd-announce&m=106373074626260&w=2
        OpenBSD: http://www.openssh.com/openbsd.html
        Portable: http://www.openssh.com/portable.html
2003/9/13-15 [Computer/SW/Security] UID:10183 Activity:nil
9/13    Which online photo sharing websites do you guys prefer?
        \_ shutterfly.  -tom
        \_ http://www.csua.berkeley.edu/~login
        \_ snapfish.
        \_ Decide what you need.  Here's the service summary on the 3 major
           sites:
                snapfish: uses Kodak paper and machines, lowest prices, but
                          ships from east coast so it takes a little longer
                          to get prints sent here, maybe an extra 2-3 days.
                ofoto: owned by kodak but uses fuji equipment, etc.  slightly
                       more expensive but you'll get your pics a day or two
                       sooner because they're printing locally,
                shutterfly: same idea as ofoto except they're still a dotcom
                            and dont have large company backing them so they
                            have to charge more and they could go under and
                            take your pictures with them at any time.  i
                            believe they use a variety of smaller development
                            firms, thus the higher prices since they don't get
                            the same kind of bulk rates snapfish and ofoto can.
                If you're not printing and only want the free online storage
                and the ability to share, it doesn't really matter.  Bits are
                bits, yes?
                \_ ofoto requires your visitors to log on to view your
                   pictures, so it does really matter.  -tom
                   \_ if they didn't then deep linking directly to photos
                      would allow rampant abuse of storage and bandwidth for
                      non-customer uses.  It isn't 1998 anymore.  They need
                      to control costs and make profit or die.
                      \_ that is easy enough to prevent without making someone
                         need to have an account.  Just check the referal.
                         \_ See my comment about 1998.  If they can get you to
                            sign up, you're more likely to continue using the
                            service.  If you won't signup, what do they need
                            you for anyway?
                            \_ I'm just pointing out that your first argument
                               was flawed.  As to the second, well, there are
                               two options I can go with that don't require
                               a visitor to sign in.  All other things being
                               equal guess which choice is better?
                               \_ We have a different idea of what constitutes
                                  abuse.  To me if you're not a paying customer
                                  or bringing in other paying customers yet
                                  you're sucking bandwidth and storage, you're
                                  useless to the company.  True, it's only
                                  really abuse if they allow it to happen and
                                  in this case they're not.  Additionally,
                                  they're taking steps to try to get more
                                  paying customers which is a good thing for
                                  any business.  We're splitting hairs at this
                                  point.  Since the accounts are free, it's
                                  all pretty much the same in that regard.
                                  There's probably a csuamotd/csuamotd account
                                  on all three already.  :-)
                                  \_ no, because if I'm using the service I'm
                                     also probably paying for prints and the
                                     like.   The point is by making people
                                     need to log in to see my pictures I'm
                                     going to go with one of the other two
                                     and when I want to get prints I'll
                                     get them from the company where I've
                                     put my photos.  Bandwidth and storage is
                                     still pretty damn cheap compared to other
                                     costs and it is pretty easy to catch the
                                     serious abuses.  (Say just give every
                                     use a dl/day limit).
2003/9/2-3 [Computer/SW/Security] UID:29520 Activity:insanely high 80%like:10043
9/2     What is the average density of yermom?  I don't have anything to
        measure weight near me and I need that info soon.  Ok tnx.
        \_ STFW?  there's got to be something about this online somewhere.
        \_ Use the scale at the post office.  It also depends on the paper.
           \_ I cannot easily access a post office right now.  I need to
              come up with a very rough estimate of lost of book.  I have
              only rulers in my disposal.
           E.g. phone books are pretty light considering their sizes.
           \_ I cannot access a post office right now.  I need to estimate
              very roughly the weight of many boxes of books with only rulers
              and helpful info from the motd.  If you have a big book and can
              measure both its weight and dimensions, please let me know. Tnx.
              \_ I know.  Find a computer book at your office.  Measure its
                 dimensions.  Go to http://Amazon.com, and try to order 100 copies of
                 that book.  See what the shipping charge is, and backward-
                 calculate its weight according to the shipping method.  Then
                 cancel your order at the last step.
                 \_ That's a pretty good idea.  Though you don't even need to do
                    this--Amazon should include the dimensions of the book.
2003/8/29-30 [Computer/SW/Security] UID:10013 Activity:nil
8/29    How does ssh generate the fingerprint for the rsa public key?
        When I echo <pubkey from ssh_host_rsa_key.pub> | openssl sha1
        I get a different fingerprint than what ssh shows me, but when
        I look at the actual key they are the same.
        \_ umm, you know doing that sums the string 'pubkey', and not
           your actual key right?
           \_ he does now.
           \_ I figured it was obvious that 'pubkey' ment the public
              key from /etc/ssh/ssh_host_rsa_key.pub. I've fixed it.
              \_ cat /etc/ssh/ssh_host_rsa_key.pub | openssl sha1
                 \_ the right answer is ssh-keygen -l -f <keyf>
2003/8/27-28 [Computer/HW/Memory, Computer/SW/Security] UID:29482 Activity:moderate
8/27    I just gave a security presentation to a bunch of MBA students working
        on a market strategy for http://www.giwano.com  Aside from a mildly
        unfortunate name, they have a cute idea, but it seems slightly
        gimmicky to me.  While I can think of nice roles for some kind of
        "secure" storage like these, what's the almighty motd's opinion?  -John
        \_ sounds like hogwash.  Either the user can't get data between the
           two systems, or it's vulnerable to attack.  -tom
        \_ what do you have in mind re: unfortunate name? gitano? guano?
                \_ Puerile, but yes.  And as the PC (that's what it is) runs
                   XP, it is vulnerable to attack--the idea is to use the
                   flash memory between the two PC units to manually move
                   sensitive data back and forth.  It's got a built-in KVM
                   switch to let you work on both units, so you could connect
                   the internal unit to a 'sensitive' network and share it with
                   PCs there.  Or something.  I think the idea has some merit,
                   but they're going about it all weird.  -John
                   \_ Isn't this just reinventing sneaker net? --dim
        \_ I tried to figure out exactly what they're doing but wasn't willing
           to invest that much time doing so.  Can you explain it in a few
           short sentences?  Generally, people with important data seem happy
           with their current level of security.  If they weren't then you'd
           see products from the major vendors (EMC, Hitachi, IBM, Netapp, etc)
           to address the issue.  You don't but I wish them well anyway.
2003/8/26 [Computer/SW/Security, Computer/SW/Unix] UID:29470 Activity:high
8/26    http://nosuch.com/music/webtones.cgi
        \_ hm... I don't think this is that cool.
           \_ The arbiter has spoken!
              \_ more an attempt to stimulate conversation than to
                 arbitrate. what do other people think? just seems to
                 me like there are many arbitrary ways one could
                 generate music from a web page, gif, whatever, and the
                 results of thsi weren't particularly compelling musically.
2003/8/15-16 [Computer/SW/Security, Computer/SW/Unix] UID:29359 Activity:low
8/15    D00DZ GN00 WUZ 0WNZ!
        http://csua.org/u/3xw (story.news.yahoo.com)
        http://www.cert.org/advisories/CA-2003-21.html
        \_ rms:rms
2003/8/14-15 [Computer/SW/Security] UID:29342 Activity:high
8/13    Read your Soda mail on the web: http://dev1.bnet.org/imp
        No warranties, but you can mail me w/ questions/comments.
        IMP does this semi-securely(?) using IMAPS (port 993). -abe
        \_ so wait, it uses imap-ssl but you suggest we login via
           plain text http? brilliant. why not just use something
           like http://www.mail2web.com instead?
        \_ who would trust your site anyway? if people want something like
           \_ and to connect to it over straight http...
           this, csua should just install squirrelmail or something.
        \_ Which could very easily be used to gather passwords.  Come on,
           people... SSH tunnels and IMAPS are really not that hard to set up.
           --scotsman
           \_ Not that easy if you are on some webterminal while on vacation.
                \_ I found that going to the putty download page and running
                   from there often worked to ssh in.
        \_ Of course I could easily use it to gather passwords. CSUA *should*
           install something like IMP (or squirrelmail, or whatever), but they
           haven't, so this is an alternative. of course, you have to trust
           me and my server (which I probably wouldn't). -op
           \_ not for "you" to gather passwords.  for a man-in-the-middle
              between you and the hapless user. --scotsman
           \_ I guess it's about like http://csua.org/u but it's a potential
              security/privacy hazard.  So, if I may speak for the motd,
              we thank you but respectfully decline.
              \_ Um.  It's nothing like http://csua.org/u  the url shortener doesn't
                 have anything to do with your login on soda.  and it doesn't
                 \_ um. the reading comprehension thing again. -not 2 up
                 open you up to having your account nabbed by a sniffer.
                 Again I say come on... --scotsman
                 \_ um. the reading comprehension thing again. -not 2 up
        \_ Wow that's great!  It uses my MSPassPort(c), right?  I use my
           MSPassPort(c) for everything!  But if you're not MSPassPort(c)
           compatible your site will never grow!
        \_ guys, come on. It's a PROOF OF CONCEPT. Give the guy a break.
           Change your password and give it a try, then change it back.
           If it's cool maybe we could sign a petition to install similar
           stuff on trusted CSUA machines. Now if only we could petition
           a Recall on Poliburo, that'd be even better.
           \_ arnie for csua president!
           \_ Why would you trust a CSUA machine?
                \_ I trust any CSUA Linux/BSD machine over any corrupt and
                   disfunctional CSUA Poliburo any time.
        \_ it is a nice program, thank you!!
2003/8/11-12 [Computer/SW/Security, Computer/SW/Unix] UID:29315 Activity:kinda low
8/11    http://www.craigslist.org/eby/eng/14754592.html
        They claim there's a "Secret password" encoded in there but it
        looks like every other "we don't have enough money" job posting
        to me.  I'd never apply for a job like this but I'd like to know
        if there really is a "secret password" in there.
        \_ Read down the first letters of the first five paragraphs. I want 30%
           of your first month's salary.
           \_ bingo
           \_ Kinda sad actually. I thought it would be harder to find.
           \_ BSPTEFEEA? WTF does that mean???
              \_ It means "you will continue to draw unemployment"
2003/8/10-12 [Computer/SW/Security] UID:29299 Activity:very high
8/10    I'm looking for an encryption software package for windows 2000 that
        works on a per-directory or drive basis and is transparent.  Meaning
        once I authenticate myself I can create files or copy stuff into the
        folder and it'll be encrypted automatically.  Word, Excel, TurboTax,
        etc should all work with this encrypted folder.  For individual files
        I can use pgp.  But when working with a lot of files, I prefer not to
        think and just dump the files into a directory. I'll buy the software.
        Not looking for free stuff.  Thanks.
        \_ Whatever you do, avoid EFS.  It has its uses, but its key management
           is immature and difficult to manage.  You may also want to have a
           look at Utimaco Safeguard Easy (it's not on a per-directory basis,
           but might give you something to work with.)  -John
        \_ for enterprise level you might consider a NAS or SAN product like
           the datafort from Decru. the nas product does per file encryption
           on the fly.. plus can do end-end cryption btwn it and your desktop.
           for just local storage, i recommend either f-secure or pgpdisk,
           both create a virtual volume on the local drive and maintain a
           file system structure w/in that volume. from experience w/ both,
           pgpdisk at least used to be easier to use. you can find it at
           http://www.pgp.com of course. -shac
        \_ You can also try BestCrypt.  You can mount an encrypted file as a
           removable drive.  I've been using it for more than three years
           now to keep my personal stuff secure on my work laptop.
           http://www.jetico.com
        \_ Steganos Security Suite.  Tools include Steganos Safe (like PGPDisk),
           Internet Trace Destructor, Email Encryption, Shredder, Password
           Manager
        \_ Which tools work on both Linux and Windows platforms?
        \_ here is my stupid question.  Where do you guys store your
           private key ring when you are using any of these product?
           the very same laptop/computer that you are encrypting upon?
                \_ This is the problem.  Probably the best place to store
                   a private encryption key is on something like a smart card,
                   which can itself be PIN-code protected.  One of the main
                   weaknesses of most drive encryption products (this is my
                   beef with EFS) is that it's nearly impossible to keep
                   track of peoples' private encryption keys--Entrust does a
                   good job of this, I'm not sure of other PKIs (MS does not.)
                   Ideally you'd have the keys somewhere local and secure
                   (like a hardware token inside a protected container) as
                   well as archived *very* securely for recovery purposes in
                   something like an encrypted CA/RA database.  For everyday
                   encryption (aunt Hilda's secret recipes, your porn) storing
                   keys in something like a GPG keyring should be enough.  -John
                   \_ My PGP foo is weak.  Please explain.  So what if I store
                      all the key stuff in the same laptop?  I thought that
                      without my passphrase people can't possibly crack it?
                      That's the whole point of the bigger and bigger sizes
                      I keep hearing about.  E.g. 1024 vs 2048 bit encryption.
                        \_ OK when you lose your encryption keys, you have a
                           problem.  A PKI (public key infrastructure) is a
                           mechanism that issues keys for encryption and
           your transfer rates will sky rocke while your disk usage will
                           signing etc. and, ideally, archives your private
                           encryption key in a safe place.  PGP/GPG work
                           differently, instead of having authoritative say
                           "Joe is OK", you have this idea of a "web of trust"
                           where you trust peoples' keys by consensus.  Key
                           size, to oversimplify it, just affects how hard it
                           is to crack something by brute force.  And as for
                           storing all your keys in one place, look at it like
                           a normal keychain--if you put all your keys on it
                           and it gets lost or stolen, you have a problem--you
                           should probably use a key safe or something.  Hence
                           the password protection or storing it on some
                           secure medium, like a smart card.  For some slightly
                           outdated docs on how a PKI (not PGP) works, have
                           a look at http://ospkibook.sourceforge.net  -John
        \_ I use PhilCrypt with the compression option.  Works with all OS's,
           local, over NFS, HTTP, etc to NAS, SAN, with udp, tcp, iscsi, you
           name it!  PhilCrypt is the best and the compression option means
           your transfer rates will sky rocket while your disk usage will
           actually go down the more data you add to your PhilCrypt DataVault!
           Get "PhilCrypt DataVault Deluxe" (includes PhilCompression and
           advanced management features)!
2003/8/8-10 [Computer/SW/Security, Computer/SW/RevisionControl] UID:29286 Activity:moderate
8/8     Is there any way to run a cvs server without root such that it can
        support windows users without ssh.
        \_ man pserver
           \_ no joy.
        \_ another way is to download cygwin, install it in windows,
           use the cvs via ssh at the command line - danh
        \_ man pserver
           \_ no joy.
              \_ Um.. okay, read up on pserver on the cvs howto page.
        \_ You can use .rhosts file.  Better to use ssh such as plink though.
2003/8/8-10 [Computer/SW/Security] UID:29277 Activity:low
8/7     Is it just me or is Soda's POP3/IMAP security certificate broken?
        \_ Does anyone besides me read CSUA mail on the web (i use imp)?
        \_ Yup, it expired.
2003/7/30 [Computer/SW/Security, Computer/SW/Unix] UID:29175 Activity:kinda low
7/29    I've been struggling with cygwin all day and getting nowhere.
        I'm trying to get it to run init and startup xinetd, sshd, etc
        from /etc/rc.d/rc?.d just like on a real unix box and I'm not
        getting anywhere.  There's an error in the init.d/functions file
        which prevents anything running properly and when I try running
        xinetd by hand, it runs as my user and not SYSTEM even though
        I setuid'd xinetd.exe and tried a bunch of other things.  Has
        anyone here got any of this working and if so, please tell me
        how explaining very very slowly because I'm feeling really
        stupid right now.  And no google didn't help at all.  Thanks!
        \_ there is a cyg program to install your sshd (and anything
           else) as an NT service.  Set that to start automagically
           and you will be good to go.  google for "cygwin sshd
           install" and i'm sure you will find it.
2003/7/25 [Politics/Domestic/California, Computer/SW/Security] UID:29134 Activity:kinda low
7/24    Any recommendations for high-speed access in La Palma, Ca?  I have
        SBC for phone service, but ironically, I can't get the Yahoo/SBC DSL
        deal where I live.
        \_ try using http://www.dslreports.com to search
2003/7/23-27 [Computer/SW/Security, Consumer/CellPhone] UID:29119 Activity:high
7/23    Anyone have any experience checking their soda email thru t-mobile's
        "t-zones" service? I just got a new phone that I'm messing around
        with and it seems pretty cool except for a couple glitches that I've
        been calling tech support about and wondering if anyone's gotten it
        to work right. thanks.                  - rory
        \_ http://www.ntk.net/2003/07/25/dohbad.gif  -John
        \_ Who the heck came up with that name. "combination skin and oily
           \_ you need an exfoliating mMode cleanser.           - rory
                \_ rory!  I fantasize about giving you a bikini wax.
                   \_ WTF is going on here.
           \_ Probably the same people who tried putting a computer store
              in the old Weird Stuff building in Sunnyvale (across from the
              old Fry's) and decided T-Zone was a much cooler name than
              Technology Zone.  Didn't last long.
           T-zones let me check my email ANYWHERE!" -chialea
        \_ I haven't had any luck, except through very basic SSH
           access through my P800.
        \_ and does anyone use the t-mobile internet (unlimited gprs for
           19.99 on top of voice plan)?  does it suck?  --karlcz
           \_ I think the rates have changed. I'm getting 1MB for 2.99,
              and I can upgrade to unlimited bandwidth for $10.
              \_ that is for t-zones WAP service.  tmobile internet
                 lets you use your phone (or pcmcia card) as a gprs
                 network interface for your laptop, pda, etc.
        \_ I know a couple people with t-mobile and they are angrier about
           lock of service than even the cingular users I know.  Data, voice,
           neither seem to work worth a damn.  No wonder if is so cheap.
           \_ I heartily disagree... perhaps the problem is your friends'
              phones? I recently switched to a Nokia 6610 (been using
              t-mobile for a while) and service dramatically improved. I'm
              almost never w/out connection. Plus, their customer service
              is fantastic. extremely helpful phone people. I lost my
              previous phone and was given a full month credit just because.
                \_ out of curiosity where in bay area are you?
                   \_ Manhattan. heh
          \_ I get full signal in mid-peninsula and south bay.  But I haven't
             tried east bay where my friend has almost no signals.
        \_ Update: alright, so I figured out the problem, but would like to
           come up with a better solution. When I check my soda email with
           my phone via POP3, it leaves all my msgs on the server but moves
           them off the spool to a mailbox file named "mbox" in my home dir.
           Usually I check my email with Outlook Express, which as far as I
           can tell, just checkes for msgs on the spool. Is there any way
           I can get these two different mail-checking methods to work
           together? is this standard behavior?
           \_ you have pop3 over ssl working with soda? i never got that
              working
              \_ I use pop3 over an ssh tunnel. ie, localhost:110 on my home
                 machine
2003/7/15-16 [Computer/SW/Security] UID:29048 Activity:nil
7/15    http://lwn.net/Articles/39909
        Bruce Schneier's crypto-gram, scroll down and read the last part.
2003/7/10-11 [Computer/SW/Security] UID:28998 Activity:moderate
7/10    What is a good way to check to see if a host is alive when ICMP is
        blocked? Attempting an ssh connection to it stinks if the host is down,
        since the client takes a long time to give up. Other ideas? --dim
        \_ Interesting, you'd need to know a service that is always up
           when the host is up. If ssh is running, you could try
           telnet host 22
                                                             \- not true
                                                                with udp --psb
           when the host is up. then netcat that port.
           'netcat hostname 22'
           \- you cannot tell the difference between a host that is
              blackholing you and one that is down ... i.e. you arent
              getting any FIN/RST/ACK etc. i suppose you can hit random
              udp ports and look for icmp port unreachables ... basically
              you either need to know/guess something about the machine
              to pick the "single" highest probability technique or
              you need to OR together a bunch of tests, some of which
              are expensive. i am assuming you are a few hops away
              and you want an active rather than passive technique. --psb
        \_ Port scan 'em.
        \_ Call the sysadmin or send email and ask.  If you're the admin,
           then look at the screen.
2003/7/10-11 [Computer/SW/Security, Computer/SW/WWW/Server] UID:28992 Activity:nil
7/9     So, what are the cheapest "trusted" SSL certs out there?
        \_ Get a standard Windows install, open MMC, look in the certificates
           snap-in for trusted root certificates, go through those.  Or failing
           that, in the 'security' settings of any browser under whatever
           incarnation of a 'certificate authorities' listing you have.
           (Thawte no longer exists.)  What do you need a trusted root CA
           chain for?  You can very often get away with issuing your own.
                                                                -John
        \_ http://instantssl.com, price starting at $50
           http://geotrust.com, price starting at $150
           Never used either of them, so YMMV.
2003/7/9-10 [Politics/Domestic/California, Computer/SW/Security] UID:28981 Activity:very high
7/9     Diebold voting machines easily hackable:
        http://www.scoop.co.nz/mason/stories/HL0307/S00065.htm
        Why on earth would you use Microsoft Access to do something as
        important as tabulating votes?
        \_ because you care more about short-term profit than democracy?
           \_ Well, there goes their profit.
           \_ how is there profit in using a shrink wrap ware instead of a
              free one?  they're stupid but not for the reason you feel.
                \_ thanks guys, once in a while this anti-corporate, "they
                   are all a bunch of evil greed heads" draws me in and i
                   forget that the answer is almost always "people are
                   stupid" rather than "people are evil", it's good that
           \_ How about making software as "product" and subject to
              product reliability law suit? duh
                   there are others who realize that and can remind me when
                   i forget. -phuqm
        \_ only criminals would hack into systems.  let law enforcement
           do its job, fucker
           \_ hmm, these sound like the words of a criminal who is aware
              just how unlikely the "job" is to get done.  You know, that
              or a Troll. -phuqm
           \_ Or corrupt/zealous/partial/party-affiliated voting officials
              \_ That makes them criminals, DUH!
           \_ hah!  the great long tradition of police protecting voting...
        \_ how about making software as a "product" (instead of this
           licensing nonsense) and subject to product reliability law suit?
2003/7/7 [Computer/SW/Security] UID:28943 Activity:low
7/6     Is there any way to get scp to not overwrite a file that exists on
        the remote host?
        \_ Use rsync instead.  You can use rsync through ssh for the
           encryption and auth.
        \_ Unison is a nice tool for syncing things between two machines.
2003/7/2-3 [Computer/Domains, Computer/SW/Security] UID:28898 Activity:high
7/2     I need to renew my domains soon.  I'm currently registered under
        http://joker.com but with the high cost of the euro, I think I'll switch.
        Can anyone recommend a registrar for this?  Does it cost money
        to switch?
        \_  http://godaddy.com    It does not cost additional money to switch
           \_ It looks like they offer only 5 subdomains with the basic
              package.  Can I add more?  How much would they cost?
        \_ http://www.tubgirl.com has the best domain registration service.
           \_ but not quite as good as www.goatse.cx
2003/7/1 [Computer/SW/Security, Computer/SW/OS/Windows] UID:28886 Activity:nil
7/1     What's a .pif file?
        \_ http://www.google.com/search?q=what+is+a+pif+file
           \_ brilliant!
2003/6/25-26 [Computer/SW/Security] UID:28837 Activity:high
6/25    Does anyone have any day-to-day experience with encrypting
        many (O(100s of MBs)) of files on their hard drives?  For
        instance, if you have a laptop with all of your electronic
        bank statements/etc on it, and wanted to encrypt these with
        a key that you have on a compact flash or something similar?
        I know it is doable, but I'm wondering if it is in a way that
        is still usable?
        \_ why not use an encrypting file system...
                \_ MS EFS has somehighly annoying problems, like making it
                   really easy to accidentally generate new keys (which are
                   not backed up easily.)  Look at CFS under FreeBSD.  -John
           \_ The critical point would still be key management, right?
              You don't want to have the key on the machine if it
              gets stolen, but you still want fairly normal access to
              the files...  Put it on a "secret" web page so that you
              can download it to use?  Or on compact flash?  Does
              anyone do this kind of thing?
           \_ but that would be cheating.
           \_ is there any free/open source encrypted file system?
              \_ pffft.  You might as well just format the drive now.
           \_ Abe's Linux Encrypted Filesystem howto:
              http://www.abeowitz.com/crypto
              Also I've seen similar stuff with windows that uses a
              vxd to add encrypted filesystem support and mounts an
              encrypted block file.
              \_ no relation. -abe
        \_ Just tell your g/f that you look at porn. Stop trying to hide
           it from her.
2003/6/24 [Computer/SW/Database, Computer/SW/Security, Reference/Law/Visa] UID:28824 Activity:high
6/24    Oh god.  I wish the EU (useless bunch of poltroons) would get at
        least a semblance of a backbone.
        http://www.theregister.co.uk/content/55/31380.html
        Does anyone know more about new biometric passports the US is supposed
        to be issuing?  I'd frankly much rather deal with the hassle of a
        visa with my Swiss passport than submit to this.  -John
        \_ Maybe it's just me, but John seems to talk about his Swiss passport
           pretty frequently.
        \_ Biometrics are such a huge mistake.  No one seems to be addressing
           the issue that if your biometrics are compromised, there is no way to
           issue new ID--well, without replacing your eyes.  -emarkp
           \_ Hm?  Perhaps I'm misunderstanding the process:  you have an ID
              or passport with your retinal scan/fingerprints on it.  They
              scan your ID, compare it to a db of such things, and then you
              put your eye/hand to the scanner and verify that you are who
              the system says you are.  Are you saying that someone could
              hack the db and sub their own particulars for yours and so take
              your bank account?  If so, you now have their fingerprints /
              ret. scan on file-- should be fairly easy to find the duplicates
              in the system and arrest the perp.
              \_ No, if someone else can ID themself with your biometrics or
                 subvert the system somehow, you're screwed.  You can't get
                 different biometrics. -emarkp
                 \_ What are we talking here?  Fake fingerprint gloves?
                    False retinal scan contacts?  Not saying it can't be done
                    but quite a stretch, no?
                    \_ Actually it's quite easy to fake out the fingerprint
                       thing. The retinal scans can be horribly difficult
                       obtain accurately at times. The real problem is identity
                       theft and proving that it wasn't you who shifted your
                       bank account/stock portfolio/real estate to party X.
                       VERY tough to dispute.
                        \_ I fail to see how biometrics makes this worse;
                           right now you're being authenticated on your
                           signature, which is way easier to forge than
                           even the simplest biometric.  -tom
                           \_ It's not worse. It makes id theft much more
                              difficult. I'm more for dual source
                              authentication. Bio + PIN. However, businesses
                              might make it much harder to dispute id theft
                              and make corrections since it is technically so
                              difficult. I fear an overreliance on tech.
                              \_ I think this has less to do with tech, and
                                 more to do with the nature of big business
                                 and bureaucracy.  Bureaucracy and silly
                                 overhead happen just fine without any
                                 technology at all.  What you'd hope is that
                                 intelligent policies will be put into place
                                 to deal with situations that the tech makes
                                 'unlikely'.
        \_ You'll submit and you'll like it.
           \_ Grey matter! Grey matter!
2003/6/12 [Computer/SW/Security, Computer/SW/RevisionControl] UID:28711 Activity:high
6/11    Which of the free email accounts are the most reliable? I have a
        http://netscape.net account that recently has been getting flaky. Anyone
        have any recommendations for yahoo, hotmail, or anything else? Thanks.
        \_ CSUA
        \_ You have broadband?  Host yourself.
                \_ No broadband. I need to use a web-based provider.
                        \_ http://www.horde.org/imp
                           http://www.squirrelmail.org
                           Work a charm, fast, and I'd trust them a lot more
                           than a free mail provider.  -John
                           \_ Work a charm, foreigner!
                                \_ Fine.  "They work very nicely", you
                                   pedantic hun.  -John
                                   \_ That's Normandic Anglo-Saxon to you.
                                      \_ How about trailer trash honky?
2003/6/10 [Computer/SW/Mail, Computer/SW/Security] UID:28688 Activity:high
6/9     is anyone using the following SSH client?  Is it any good?
                ssh windows client
                version: Aug 4 1998 (32)
                by: Cedomir Igaly, 1995/1998
                Revision: 2.100
        \_ If you're just looking for a recommendation, either SecureCRT
           or TeraTerm Pro have worked well for me.
        \_ Agree with the above, or putty (simply because it's the first google
           hit on a search for putty, and is a single executable of about 500k.
           i call it my tissue paper ssh client) --scotsman
        \_ I use the free non-commercial ssh client from http://ssh.com. Works fine
           and allows for easy file transfers.
           \_ It also has the advantage of recognizing urls and letting you
              click on them, which i like since i follow every link posted
              on CSUA.  It has the disadvantage of being very bugy.
              \_ buggs ar eprobabyl frm cdoing typos, eh?
        \_ PuTTY works very nicely:
           http://www.chiark.greenend.org.uk/~sgtatham/putty
           \_ Indeeed, I switched from TTerm to putty and haven't looked back
              (the single executable/no install is very nice).  It does X
              tunnelling which IIRC TT doesn't.
              \_ Actually, TT tunnelling is pretty good, and does X fine.
                 \_ Yup, and teraterm cut/paste is much more friendly.  Also
                    its UI is much leaner, which I prefer.  TeraTerm will also
                    do serial connections, which IIRC putty does not.
                 \_ Does TT do protocol 2 yet?
                    \_ Not the last time I checked.  That's the *only* reason
                       to use putty.
        \_ cygwin
        \_ SecureCRT, hands down! Putty is not bad, but SecureCRT has
           almost everything you ever wanted in a telnet client. Ultra
           robust, highly customizable.
2003/6/5 [Computer/SW/Languages/Misc, Computer/SW/Security] UID:28642 Activity:high
6/4     Does anyone know if there's a web interface for FORTRAN?  Basically,
        I want to write and run FORTRAN programs from a Web browser without
        having to install anything on my desktop.  Thanks!
        \_ no
        \_ Hmmm. If your goal is just to write FORTRAN programs without
           installing on your computer, you could SSH into soda and
           use g77. Is using a web browser really important? Maybe
           the Java SSH interface would suffice.
           \_ Thanks for that thought.  I have a need where it would be more
              than just myself and not all my users would have an SSH
              client... I just figured Web browsers are ubiquitous.  Also, I
              was hoping for a richer UI.  Any other thoughts?... I
              appreciate any ideas.
        \_ How about install a VNC server?  VNC has java applet client
           and it works reasonably well.
           \_ The problem with VNC is all users share the same desktop.  So
              if two people needed to work on their own project, they
              couldn't.  I didn't mention this as a requirement previously
              so I definitely appreciate the suggestion... but I cannot use
              it.  Please keep 'em coming, though.
        \_ you can run them from a browser as a cgi like anything else.
           writing them is no different than any other web based input system
           that you see message boards,etc using.
           \_ In other words, you mean use an HTML TEXTAREA where the
              programmer can write his/her code; but when the submit button
              is clicked, the code is fed to the FORTRAN compiler on the
              server?
              \_ something like that.  In short I mean "use CGI".  that's what
                 it's there for.
        \_ more stupid idea.  How about install an X-client on the
           FORTRASH computer, install an X-server on your own computer,
           and access that way?  It will resolve the problem.  I know,
           you said you don't want install anything on your computer, but
           i personally think an x-server should be an exception: everyone
           should installed X-server (and FTP server :p )
           \_ and a kazaa server and put at least 200 gigs online so we can
              all share because the information wants to be free!!!  you're
              truly brilliant in a k-12 sort of way.
2003/6/4 [Computer/SW/OS/Linux, Computer/SW/Security] UID:28627 Activity:high
6/2     So why did Anonymous Motd Censor remove the DIY Cruise Missle link?
        \_ No one can truly understand the motives of AMC. Anyway here is the
           link: http://www.interestingprojects.com/cruisemissile
           \_ thanks for restoring the link.  Now even I am curious and
              want to build a pulsejet myself :p
        \_ Because it had nothing to do with RIDE BIKE! or USE LINUX! of
           course, which are the only topics that are allowed to be of any
           interest to the "Berkeley computer science community".
2003/5/20-21 [Computer/SW/Unix, Computer/SW/Security] UID:28496 Activity:moderate
5/20    sun gurus, please help.  My ultra 5 had some problem getting out of
        suspend.  I had to power cycle and do nvram-default to get it to boot
        up normal again.  Everything is up now.  But the system is EXTERMELY
        slow.  I don't see any processes hogging up memory or anything strange.
        I think the previous bad suspend left some bad stuff around that's
        screwing up the system.  What should I look for to get it back to
        normal again?  Thanks!
        \_ It's an ultra5.  How fast could it ever have been?
           \_ I type 'top' and it takes 10 seconds for the display to come up.
              Similarly with other commands.  It's not environment related
              because using the same dot files on another machine works just
              fine.
              \_ vmstat, iostat
        \_ Don't use suspend. There is no point and it has problems. --dim
        \_ When suspend hoses me I try this from the ok prompt:
                boot -s
           when it asks for the root password, I hit control D.
           The machine should then come up fine.  I login
           as root, I remove /.CPR or /var/.CPR and edit
           /etc/power.conf so I don't get hosed again.  If you chmod
           /usr/openwin/bin/sys-suspend not to be executable, that
           will prevent accidentally suspending via the sleep key.  -ax
           \_ Just pkgrm the power related packages.
           \_ pkgrm(in this order): SUNWcprx SUNWcpr SUNWpmux SUNWpmowm
              SUNWpmowu SUNWpmowr SUNWpmr SUNWpmu
2003/5/19-20 [Computer/SW/Security, Politics/Domestic/SocialSecurity] UID:28490 Activity:nil
5/19    My refinance showed someone (LA) is using my SSN. What can I do?
        Who do I report this to? This is a serious question. thx.
        \_ First contact the police.  One of the things they will do is
           give you a form with a lot of different crdit agencies to
           contact.  Contact all major credit card companies as well.
           Although you can get a free credit check if you suspect fraud
           you get the wimpy version, so you want to shell out 25 bucks
           for the full one you can double check.  Hell, you probably want
           to do it every couple of months for the next half year or so.
           Yes it is a bitch, I've been there before, but it the long
           run things got corrected and the person stopped using my SSN.
        \_ Call your local SS office.  They will give you the number of the SS
           Inspector General.  That office handles stuff having to do with SS
           fraud and criminal activity.
           \_ And the IRS. When you contact the three credit agencies,
              ask to put a freeze or a fraud report on your listings.
        \_ See if you can get an address and kill them.
2003/5/12 [Science/GlobalWarming, Industry/Startup, Computer/SW/Security] UID:28410 Activity:very high
5/11    http://www.workingassets.com - just a decent phone company that puts
        money toward good (progressive) causes (for when your email to
        your congressman stops making you feel good).
        \_ Shouldn't they be giving the service free!??  Capitalist swine -
           you are a sell out.
           \_ yermom gives it out for free and she's still swine.
        \_ If they are the cheapest and give (your) money away, then this
           is great. o/w give your own money away, and get the charitable
           deduction for yourself.
           \_ the nice thing about opting for world conscious services such
              as this one is that you show market preference for that type
              of corporation ethic. other companies will clean up their act
              if they see that the conscious stick gets customers.
              \_ wow.... I didn't know people actually believed that....
              \_ Kinda like the U.N. I imagine.
                 \_ Except the UN doesn't make a profit, isn't at all 'world
                    conscious', doesn't provide real services, has no
                    competition, and continues collecting money from it's
                    'members' no matter how well or poorly it does providing
                    no incentive to improve, and has no effective means of
                    controlling either it's own members or it's own staff,
                    officers, and executives who don't ever get reviewed,
                    demoted, fired, or replaced, and is trying to take over
                    the entire world and reduce your national level rights to
                    zero.  Yeah, kinda like that.
                    \_ Except for the profit thing, this sounds exactly
                       like Microsoft!
                       \_ You think the UN and MS are in cahoots?
2003/5/8-9 [Computer/SW/Security] UID:28377 Activity:high
5/8     I'm suing someone and it turns out that he gave me a fake address
        and I can't serve the paper. What should I do now?
        \_ why don't you post this to the motd three or four *more* times?
        \_ hire a private detective.
           \_ This is correct, assuming you don't have a cheaper option.
              (Like a phone book.)  I can put you in touch with a good one.
                -jrleek
        \_ What's the guy's name?  Maybe we know him.  Or is it a fake name?
           And you still haven't told us what information you do have on him:
           driver's license, license plates, etc.
        \_ If the above does not work, but you have his real name and a
           general idea of where he lives, you can petition the court for
           service by publication. However, that should be a last resort
           because it can get somewhat expensive.
                \_ I have his real name and a general idea of where he lives.
                   What is service by publication and how much is it?
                   \_ Service by publication means that you take out ad
                      space in the local newspaper(s) saying "Hey, I am
                      suing you - Call me for details." If the person fails
                      to answer within a certain time, you can take that
                      person's default. Then you hire a private investigator
                      to find the person and his assets. The cost depends on
                      the judge, particularly on how many publications and
                      for how long - check your local rules, but hopefully,
                      you are in a situation where you can recover costs
                      and fees. Also, lest I forget, service by publication
                      generally does not work for small claims matters, but
                      once again, check your local rules.
2003/5/7-8 [Computer/SW/Security, Computer/SW/OS/Windows] UID:28364 Activity:high
5/7     "Microsoft Plans Toilets With Web Access "
        http://csua.org/u/e60
        Now, who wants to use a keyboard that has been touched by a thousand
        other people while they wiped their butts and genitals?
        \_ Only a thousand?
        \_ This is a question you may not want to address to motd users.
        \_ Well, you used the lab computers, didn't you?
           \_ Oh no!  And I was eating my sandwich with bare hands too!
           \_ Yeah I always used gloves if you used it before me.
        \_ This was on the motd almost a week ago.
           \_ yes, although there was no explicit mention of genitals the
              first time.
        \_ Great, more shitty products.
        \_ I'd hate to be in there when the server crashed.
2003/4/30-5/1 [Computer/SW/Security, Computer/SW/Unix] UID:28273 Activity:low
4/30    So can someone comment on the problem(s) with /var?  Why does it keep
        filling up, what are people doing to fix the problem each time?  Maybe
        somebody here already knows a longterm solution.
        \_ It is some attachment problem. It goes away on its own.
           Jon thinks it is related to SA. I cannot tell anymore than
           that because I do not have root. You should email root or
           the politburo for answers to questions like this. -ausman
           \_ actually, it goes away when someone with root comes along
              and cleans out whatever file(s) causing the prob.
2003/4/28-29 [Computer/SW/Security] UID:28247 Activity:kinda low
4/27    I share a shell-SSH-SCP account using ssh-keys.
        Is there a way to log SCP access history of the other users.
        \_ don't share accounts.  and no you can't create a log that you can't
           delete.
            \_ What about a log that could be deleted? possible?
               The intent of the log is not to log the technically
               sophisticated folks who could delete it, but to
               keep track of the stupid people. Where can I get
               web-hosting with multiple accounts and a group as well?
2003/4/20-21 [Computer/SW/Security] UID:28175 Activity:nil
4/20    John, a question about swiss bank accounts (since you're there).  I've
        heard some news that they're going to stop issuing those secret
        accounts where you don't need any ID to open one.  Is that true?
        And do you know of any banks there that use biometric data to access
        the account?  Like retinal scan or some finger printing device.
        Thanks.
        \_ There haven't been any id-less Swiss bank accounts for a very
           long time now.  A 'numbered' account simply means that once
           you open an account, there is no longer an association between
           your name and the account #--you lose the number, you're screwed.
           Swiss banks nowadays do a lot of checking to make sure cash isn't
           "dirty"--this includes verifying your ID.  The main attraction is
           the secrecy you get once the account is open.  They generally don't
           tell anyone.  For even more confidentiality and better service, I'd
           look at Liechtenstein.  Also, I know of no banks that do biometric
           ID for the type of money that you or I are looking at.  And for
           very large accounts (> $5 million) the service is usually personal
           ("private banking").  There's still a huge legal gap regarding
           biometric ID and digital non-repudiation in most countries.  I'd
           be glad to ask around, though.   -John
           \_ If the account # and some password or passphrase is the only
              thing you need to to access the account, isn't that dangerous?
              If either of the two is stolen you're screwed since they don't
              check IDs (rather there's no ID to check). That's why i thought
              of some biometric system.
2003/4/17 [Computer/SW/Security] UID:28156 Activity:very high
4/17    In veneration of his computer science forbears, it is decided that Dan
        Holliman will change his name to Dan Hollerith. danh, we expect
        compliance and certifying documentation from the Social Security
        Administration in a reasonably short time. Thank you and good night.
        \_ huh?
           \_ Perhaps a reference to the hollerith format flag in Fortran77?
              -- ulysses
2003/4/15-16 [Computer/SW/Security] UID:28135 Activity:very high
4/15    What is a one-time pad, and why is it considered bad/insufficient
        for security?
        \_ Yeah, why is a one-time pad insufficient?  Snicker. - !OP
         \_ a one-time pad IS insufficent if it is the only thing
            you are using for security.  There better be some intelligent
            system for sharing one-time pads/keeping them secure, etc.
            Stop being an ass.
            \_ So you're saying a one-time pad is insufficient if it is used
               stupidly?  Is there a security protocol that is sufficient
               even if used stupidly?
                \_ I'm saying that used alone it is far from sufficent because
                   there are far too many unresolved issues.
                \_ declaring war on iraq
                \_ which begs the question: if your system is idiot-proof,
                   won't someone just build a better idiot?
        \_ It's an encryption algorithm: to send a (say) 5K message to your
           friend, first generate 5K of random bits (the "pad") and share
           those secretly with your friend.  Then, to send your message,
           just xor each bit with the corresponding bit from the pad.  You
           can't ever reuse pad data; you have to generate new random bits
           for each message you want to send (hence the "one-time").

           This algorithm is cool because it's provably unbreakable: if
           someone sees your encrypted message, but has no information about
           your pad, then it's impossible for them to decrypt your message.
           However, this algorithm is usually not practical, because you have
           to secretly share 5K of pad data for each 5K message you want to
           send.  (For comparison, an ordinary private-key encryption
           algorithm like AES lets you secretly share a small key (128 to
           256 bits) and then use that key to encrypt as much data as you
           want.)
        \_ because you're all being stupid and noone signs their names:
           OTPs are useful for when you have only occasional trustworthy
           contact with your sender/receiver (in-person contact, trusted
           monthly courier ...), and have a need to share relatively short
           messages in a highly secure fashion.
           to respond to some of the points attempted above:
           1) if you have a way to get someone a pad in a secret [trusted]
              way, why not use the same way to transmit the message?
              Because the way you transfer the pad may not be available
              when a message needs to be sent.
           2) if you get part of the pad, you can decrypt part of the message.
              If you get an AES key, which is comparable in size to the
              supposed partial pad, you get the whole message.
           Issues of key management aside (which affect all crypto systems),
           OTP offers the user high confidence at the expense of convenience
           (large, non-reusable keys) and reliance on periodic OTP refreash.
           (large, non-reusable keys) and reliance on periodic OTP refresh.
           --4554660b1f82fae1e048ff6c1874d31b
           \_ I think everyone who cares already knew that, since among
              other things the OTP is about the simplest cryptosystem
              imagineable. you have been trolled.
              \_ only so that I could get the guy below to respond.
                 sometimes you gotta take a troll to get a better troll.
                 --3210615175eaa726402a9001bf8dbc6a
           \_ OTP does not offer high confidence except in highly
              controlled environments because there is no way to
              perform adequate message authentication in OTP:
              1) If the recv'd msg is off by even one bit/char the
                 message won't make any sense. While single bit/char
                 errors might be noticed in the decrypted PT,
                 multi-bit/char errors that can change the content of
                 the message without being detected (this depends on
                 the language, but for things like english the
                 probability of detecting multi-bit/char errors is not
                 that high).
              2) If OTP is used for messages transmitted via a public
                 channel the big problem is that there is no way to
                 ensure that the message you recv'd was transmitted by
                 the person that should have sent it. In some cases
                 an attacker can mount a DOS on the system by tx'ing
                 fake messages.
        \_ Why is it one-time?  Why can't the same pad be used again to
           transmit a different message to the same receiver?
           \_ If a pad is reused, a pattern is formed in the ciphertext
              which can be exploited by an opponent via a Analysis in
              Depth Attack. Some of the venona decodes were the result
              of the Russians reusing the same pad for multiple (different)
              messages.
2003/4/15-16 [Computer/SW/Security] UID:28129 Activity:very high
4/14    So I quit my company 2 months ago but I'm still getting paycheck
        from them. I'm pretty sure something's wrong with the accounting.
        I guess it's just a matter of time before they find out. Can they
        legally withdraw money from my account when they find out?
        \_ accepting a paycheck from a job you no longer work at
           is fraud, end of story.  return the money and get on with
           your life.
        \_ Tell the payroll office about it now, and don't be helpful about
           returning the money you have.  You can hope that interdepartmental
           politics will keep payroll from contacting legal and you might get
           to keep it.  The moral thing is something else of course... but
           you did quit, so maybe they screwed you over?  Eh...
        \_ Blow up the accounting office or hack their computers.  Be a MAN!
        \_ of course.  it's their money.
        \_ it depends.  If you're getting paper paychecks then no.  But they
           can sue you for it and will win.  If you're EFT then yes they can.
           Either way, I wouldn't spend the money until they're out of
           business plus a year.
        \_ Why can't the guy quit while he's ahead?  That is, close the
           bank account.
           \_ Because they'll just sue him and he'll lose.  Welcome to the
              world of adults where accountability exists.  Silly rabbit.
        \_ No. BUT... Since you know you're not working for them, any money
           received works as a claim of fraud. Since it's been a couple of
           months and probably a good amount of money recieved, you could be
           charged with embezzlement and felony fraud. Notify the company and
           arrange to return the money. If you withdrew against this money,
           it adds credence to the charges. After two months of getting checks,
           you'll be hard pressed to claim ignorance and proving "good will"
           in notifying the company of the error. Return the dough and hope
           they don't ask for interest back.
        \_ This happened to me and a fellow coworker at Cisco. He told them
           after the first paycheck arrived and they told him to keep it...
           I mailed them after receiving three paychecks (~$5K) and they
           never mailed me back but stopped sending checks. A few months
           later I deposited the checks into a money market account. I didn't
           touch the money for two years. It's been three years since. ymmv.
2003/4/9 [Computer/SW/Security] UID:28051 Activity:nil
4/9      If I have access to a POP box full of mail, what's the easiest
        way to get all the messages currently in the box forwarded to
        somebody. I don't have access to the mail spool for this POP
        box.
        \_ fetchmail from the pop account and then forward.
2003/4/5-6 [Computer/SW/WWW/Browsers, Computer/SW/Security] UID:28002 Activity:high
4/5     On the http://netzero.com Terms and Conditions:
                * Software Downloads. As part of the NetZero Service,
                NetZero may from time to time download software
                owned by NetZero or third parties to your computer.
                Your use of the NetZero Service constitutes your
                consent to such downloads.
        What is this about?  What type of software would they want to
        download to my computer?  Is this to scan the files on my computer,
        or likely something more innocuous?
        \_ something to do with ads maybe?
        \_ why do you want to use netzero anyway? there are other choices that
           are cheaper and have worked okay for me. e.g., joi internet.
                \_ Thanks for the tip!  I'll switch to joi.
           \_ does joi require you to use their own software?
                \_ no.
        \_ Welcome to Gator hell.  Tried Ad-aware @ http://lavasoft.com?
           \_ Ad-aware sucks. Get Spybot Search and Destroy
        \_ It probably means pop up and other ad crap, data mining, and similar
           spyware crap.  Legally it means *anything* they want and they're
           on safe legal ground.  Some third party ware installed via them
           steals your CC or tax info and you're a victim of ID theft?  You're
           SOL.  Don't be cheap, get real net service without T&C like this.
         \_Just hack Netzero and get around their software. I used to do it
           when their accounts were free.
           \_ Why bother?
2003/4/1-2 [Computer/SW/Security] UID:27947 Activity:low 63%like:27920
4/1     OpenSSH 3.6.1 is out. Fixes some interoperability problems with
        other implementations.
        Portable: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.6.1p1.tar.gz
        OpenBSD:  ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/openssh-3.6.1.tgz
        \_ Thanks, installed.  --mconst
2003/3/31-4/1 [Computer/SW/Security] UID:27920 Activity:low 63%like:27947
3/30    OpenSSH 3.6 will be out shortly. Changes include RSA blinding
        and proper handling of priv. sep. when root login is permitted.
        Portable: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.6p1.tar.gz
        OpenBSD:  ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/openssh-3.6.tgz
        \_ Thanks -- I've installed it in /usr/local/bin.  --mconst
        \_ thanks
2003/3/26-27 [Computer/SW/Security, Computer/SW/Unix] UID:27858 Activity:moderate
3/26    I just upgraded to Bind 9.2.2 and it seems that I can no longer
        get responses from roots a and b (the other root serves work
        fine). I've checked the routing, I can get to a and b, I just
        can't get a response from them. Anyone else have this problem?
        Any suggestions about where to start debugging? tia.
        \_ I had a different problem.  bind8 stopped being able to query
           the root nameservers at all.  So I upgraded to bind9.
           --scotsman
2003/3/26 [Computer/SW/Security] UID:27853 Activity:nil
3/25    Anyone know if ther are providers that will sell DSL service
        without phone service?  I've had it with AT&T/Comcast. --jwm
2003/3/20-21 [Computer/SW/Security] UID:27768 Activity:high
3/20    anywhere to get an SSH2 client, someone just stole my SSH 1 since
        i am using teratermpro and ssh for it (ie: a friend stole it)
        \_ putty is a free ssh client for Windows.
        \_ http://software.berkeley.edu or http://www.ssh.com if you're not a student
        \_ stole it?
        \_ huh? I thought teratermpro is free at first place.
2003/3/19-20 [Computer/SW/Unix, Computer/SW/Security] UID:27751 Activity:high
3/19    How did mconst fix /var, and what was wrong with it?
        \_ The mail I sent to root is now in ~mconst/pub/var-mail.  --mconst
           \_ thanks, that was informative.  Shouldn't that file be made
              unreadable by non-root though?
              \_ I think everything in there is public information -- but
                 please let me know if I missed something.  --mconst
                 \_ I'm sorry, I meant /var/account/acct.  It seems like
                    it contains somewhat private information of little use
                    to non-sysadmin types.
                    \_ You're absolutely right.  Fixed, thanks.  --mconst
                       \_ Does anybody else find this polite exchange as
                          refreshing as I do?
                          \_ Actually...yes.       -mice
                          \_ PURE.  REFRESHING.  MCONST.
        \_ Someone was trying to rotate accounting logs, and failed
           miserably.
2003/3/13 [Politics/Domestic/911, Computer/SW/Security] UID:27686 Activity:very high
3/13    http://www.usatoday.com/usatonline/20030313/4942670s.htm
        "Much of the information on Mohammed's laptop computer was protected
        by an encryption code that CIA analysts cracked easily, U.S.
        intelligence officials said."  It was probably RSA or PGP.  What else
        is he likely to have used?  Something from MS?
        \_ They threated to kill his preteen kids if he didn't give them
           the password.
           \_ Damn those unsecure end nodes.
        \_ Microsoft Visual ROT13++
           \_ Microsoft Active Visual 2ROT13#.
              \_ Be sure to download the first three patches and upgrade
                 before using. The fourth patch allows you to encrypt, but
                 won't decrypt non-MS ROT13 encryptions. They are still working
                 on it...
                 \_ This stuff is getting so old it's not even funny anymore.
                     \_ This stuff is still funny, because it is still
                        the case, despite how long it has been the case.
        \_ Any system in which the key is shorter than the message is an
           inherently weak system. The only one "safe" encryption system
           is OTP (and even that is not safe if you have your own Guardian
           of Forever)
           \_ Guardian of Forever?  Is this some nerdy book/tv/movie reference?
              \_ Here's a cookie for you.
                 \_ I'm serious.  What is it?
                    \_ Watch TOS Ep. 28.
                        \_ so what the fuck is TOS?
                           \_ You do realize that no one is obligated to
                              answer your question, yes?
                           \_ Your geekdom passport has been revoked.
                              \_ 'cause we all know jocks r00l.
                              \_ oh no!  What WILL I do?  Oh that's right,
                                 have a life.  Never mind.
                                 \_ Sorry, but we don't buy it.  You've
                                    already proven you have no life by
                                    posting here.
2003/3/12-13 [Computer/SW/Security] UID:27668 Activity:very high
3/12    Call me paranoid.  How likely is it for someone to decode traffic
        sent to/from an ssh connection?  The encryption is done end-to-end,
        so if the govt is getting a copy of every packet between two boxes
        is it possible for them to crack it?  I'm not a technical guy BTW,
        I just know the high level functionality of these things.
        \_ If they really REALLY care and are willing to wait a couple of
           weeks before the traffic is decoded and have some insane amount
           of computer power... pretty unlikely.  There is a reason this stuff
           scares the shit out of the powers that be.
           \_ It is much easier for them to attack at the unencrypted endpoints
        \_ If the government wants to see your shit, they can get a tap for
           your keyboard or put a van outside your home/office and read your
           monitor.  You're only fooling yourself thinking ssh will really
           keep the United States' Federal Government from reading your shit.
           I suggest you find a good defense lawyer and send good-bye notes to
           your family and friends.
                \_ any URLS with stories from people this has happened to?
                   \_ http://www.you.com.au/news/1009.htm
        \_ If you are using SSHv1 there is a possibility that someone could
           read your traffic. If you are using SSHv2 (AES128-HMAC SHA1) your
           traffic will be unbreakable for the next several billion years
           assuming that (1) the RSA factoring problem is impossibly hard,
           (2) the Discrete Log problem is impossibly hard, (3) SHA1 is a
           true 1 way hash and can't be inverted in less than 2^80 tries,
           and (4) there are no weaknesses in the AES S-BOX.
           There is a further concern among some about the way that HMAC
           is performed in the SSH protocol, iirc SSH does E(K,P) HMAC(K,P)
           rather than the more secure IPSEC method E(K1,P) HMAC(K2,E(P)).
           I'll look this up in my notes and post later on.
           \_ It might take decades, or even centuries, but the quantum
              computers are coming.
           \- we've broken ssh session keys when we were "really really
              interested". ok tnx.
                \_ what size session keys and did you break them using
                   brute force or via some other method?
                   \- "we measure computing power in acres"
                        \_ how much ct did you need?
                \_ who's 'we'?
                        \_ "ok tnx" is the hallmark of PSB, and PSB works
                           at LLBL, so he could have "acres of computing power"
                           Was that you, PSB?
2003/3/6-8 [Computer/SW/Security, Computer/SW/Unix] UID:27610 Activity:low
3/5     All of a sudden my DNS server is not resolving http://mail.yahoo.com or
        http://calendar.yahoo.com. Everythign else I try seems to work. What could
        cause this?
        \_ is Earthlink your ISP by any chance?
           \_ no, why, do they have hte same problem? this is on my own dns
              server running BIND8.x
        \_
        ; <<>> DiG 8.3 <<>> http://calendar.yahoo.com
        ;; res options: init recurs defnam dnsrch
        ;; res_nsend to server default -- 127.0.0.1: Connection timed out
2003/3/5-6 [Computer/SW/Security] UID:27602 Activity:nil
3/4     Any recommendations for a website, email, and DNS service provider?
2003/3/5 [Recreation/Pets, Computer/SW/Security] UID:27600 Activity:high
3/4     This is good:
jose             CP       67.121.94.23      3:14PM  1:39 cat /etc/motd.public
        How do you cat something as short as the motd for over 1.5 hours?
        "So the guy at the bar says, 'that's no cat, that's my wife!'" hahahh!
        \_ you can pipe it through "more"
           \_ I guess...  why not just 'more $file'?
              \_ because $file expands to whatever $file is before the command
                 is execed.
                 \_ I was being generic.  I'll spell it out for the anal among
                    you and try again, "why not just 'more /etc/motd.public'?
        \_ or losing an ssh connection while executing the command.
          \_ Doesn't sshd use tricks to detect such stale sessions and kill
             them off, including all applications that belong to the same
             session?
          \_ maybe but it's pretty funky dropping a connection in the split
             second it takes to cat the motd.  im suspicious of this behavior.
2003/2/28-3/1 [Computer/SW/Security] UID:27563 Activity:very high
2/28    How come csua doesn't support imap, even when it's from csua itself?
        \_ imap is disabled, but imaps (imap + ssl) is enabled in
           /etc/inetd.conf.
           \_ the certificate is self-signed though.  wouldn't imap-over-ssh
              be more secure?
                \_ feel free to donate enough money for a verisign
                   cert.  imaps also works straight out of the box
                   with Outlook and doesn't require running a ssh tunnel
              \_ and you trust soda's SSH key why?
                 \_ I use the same key on all my production systems.
                    \_ And this helps why?  Your SSH fu is weak.  Train
                       harder.
                       \_ that way if I lose root i can login from anywhere
                          else just about because i use a passphraseless key.
                          soda's key is also on the auth'd list so its cool.
                          \_ that way if one of your machines is compromised
                             the '1337 h4x0r's have 0wn3d all your machines!
              \_ And self-signed certs are insecure why?  Your PKI fu is weak
                 train harder.
                 \_ do you memorize the signature on the certificate?  at
                    least with ssh, i need to verify the key only once.
                \_ A self signed cert presented by a server is equivalent to
                   yermom presenting a potential csua stud with a notarized
                   medical certifciate stating that the person presenting
                   this certificate is yermom and that she doesn't have any
                   up enough to go for it PKI fu boi!
                   the certificate is yermom and that she doesn't have any
                   stds where yermom was the both the obgyn who wrote up the
                   certificate and notary who signed it. Maybe you are hard
                   up enough that you'd go for it PKI fu boi...
                   \_ I only read email I have personally decrypted
                      with a PGP passphrase I store on a keychain attached
                      to my body at all times.  I am also very attractive.
2003/2/27-28 [Computer/SW/Security, Computer/SW/OS/Windows] UID:27551 Activity:moderate
2/27    13823 files on a brand new w2k machine with no other software
        installed.  I remember copying dos from floppy to floppy using one
        drive and had to do 26 disk swaps to get all the files....
        \_ Uh, my copy of DOS 6 is only about 3 or 4 floppies.
        \_ Did you count all the hidden files?
           \_ There were only 1 or 2 which http://sys.com put on for me after a few
              more swaps.
        \_ DOS 3.2 -- 2 LD 5.25" floppies.
        \_ DOS 1.1 -- 1 360k floppy.
        \_ MacOS 1.0 -- 1 400k floppy. 127k used, 273k free.
2003/2/27 [Computer/SW/Security] UID:27549 Activity:high
2/26    MAPI gurus - do you know how to get encryption on MAPI?  The online
        docs are nasty, i've even looked at lotus's docs out of despereation
        still nothing.
        \_ Notes uses a proprietary 'encryption' algorithm.  Little is known
           about it.  If you really want a certain degree of assurance that
           your mapi connections aren't being snooped, think about running
           ipsec.  There aren't many MAPI security docs, period.  -John
           \_ XOR!
                \_ 2ROT13!
2003/2/27-28 [Computer/SW/Security, Computer/SW/Unix] UID:27548 Activity:high
2/26    Wasn't csua passwd was compromised the other time?  Could the hacker
        had placed some program on csua that snoops our email?  I think my
        email account has been snooped on.  I send out a email to a friend
        giving him my server ip and port, but someone else visited my server
        since my friend was not able to access my server.  I got a foreign
        ip accessed my server.
        \_ obUsePGP!
        \_ obUsePGP! If you send messages in the clear anyone can read them.
          \_ PGP is useless until it is made more transparent. Even the people
             who invented it have agreed on this. The existing tools are simply
             too difficult to use and even people with clue end up sending
             clear text or gibberish by accident half the time.
             \_ The 'people'?  Perhaps you mean the person, namely Phil
                Zimmerman?  And what you've just suggested does not sound
                very much like the sort of thing Phil Zimmerman would say.
                Could you post a citation so we know you're not talking out of
                your ass here?  If you are just talking out of your ass, could
                you make a point of sticking your head up your ass before
                doing this in the future so we don't have to listen to your
                blather?  Thanks.
                \_ <Sigh> The most notable "blather" is Whitten & Tygar (1999).
                   cited in the GNU privacy handbook, chapter 5.
                   cited in the GNU privacy handbook, chapter 5. You are, of
                   course, correct that it does not very much sound like
                   something Phil Zimmerman would say.
        \_ What makes you think it's not a problem on your friend's end?
           \_ it may be possible too since the company uses MS Exchange and
              Outlook, but they are very good at patching up the security
              holes. =D  Have you ever had nimda.a/e on you machine? if you
              see httpodbc.dll in all your root drives, your machine is
              infected with nimda.e.  Most likely a hacker has already placed
              a backdoor in your computer...
        \_ More likely you were just port scanned.
          \_ but he wouldn't know the exact path of the file to call even he
          finds out that port is open.  I had NAT forward that port to my
          my server.  And the web app is under a specific context-root, also
          the file is has a unique url mapping.  I see the visitor access
          that exact path right after my email went out (well a few minutes
          later).
          \_ Foreign eh? Which country?
             \_ foreign=alien=non-local
        \_ You really should email root about this.
           \_ Ya, that way root will be more careful about reading ppl's email.
              Seriously though, what are the odds of someone having the
              patience to go through and read your email? Did you look in your
              apache logs to see what IP it was that looked up your site?
                \_ Don't knock the propensity of individuals to do what normal
                   people like you and I would consider a complete lack of a
                   life for intrusive purposes.  Security through obscurity
                   or even anonymity is not a good idea.  -John
              \_ last time I checked the IP belonged to http://prophetfinance.com, I
              took a look at it subnet ips, they tranlated to greet, pride,
              lust, stalin, roosevelt, churchill, etc <DEAD>.prophetfinance.com<DEAD>. It
              is probably managed by some Russian sys-admin since he seems to
              name the servers with Russian leaders.
              \_ Churchill and greet are my favorite Russian leaders!
                \_ Okay, machines with people names are name of Russsian
                leaders.  Damn, always some block head nit-picking posts while
                totally ignoring the main point
                \_ if you use a completely specious argument to back up your
                   contention that it's a Russian sysadmin and you get called
                   on it, I don't think it qualifies as nit-picking
        \_ What is your site anyway?
          \_ just some stuff to test my web configuration.
2003/2/24-25 [Computer/Domains, Computer/SW/Security] UID:27509 Activity:very high
2/24    Okay, I know this type of question has been asked before, but
        here goes. I'm currently using http://domaindirect.com for my
        registrar--they also handle my email (1 pop account + 5
        forwarding addresses + catch-all).  The problem is that they
        only provide www forwarding (with perhaps "url keeper" which
        wraps the page in a frame and it still looks like the domain,
        but is a pretty cheesy technique). Anyway, I'd like to move to
        a hosting service that allows me to keep the same (or better)
        email services, and do either web hosting or aliasing to (say)
        a http://dyndns.org site.  domaindirect costs about $35/yr. and I'd
        like it to be cheap, but I'm willing to pay more for better
        service if necessary.  Suggestions?
        \_ DynDNS
           \_ Um, did you notice that I mentioned dyndns?  Do they handle
              hosting?  Do they handle email redirects?  Do I have to run my own
              mail server?  Everything I checked about dyndns shows that it's a
              partial solution, not a complete one.
           \_ Um, did you notice that I mentioned dyndns?  Do they
              handle hosting?  Do they handle email redirects?  Do I
              have to run my own mail server?  Everything I checked
              about dyndns shows that it's a partial solution, not a
              complete one.
        \_ http://gandi.net is cheap. They won't do hosting but they'll handle
           mail forwarding and aliasing. the downside is they are in
           Europe and you'll get all your e-mail in French (and English).
           \_ I have had 5 domains with gandi for > 3 years now.  They are
              great, their service is fast, their TOS are unambiguous.
              Regarding the DNS, you can do it with the public DNS service.
              Look at http://soa.granitecanyon.com -- I found it very
              difficult to get working, though, but it does work.  And it's
              free.  -John
2003/2/24 [Computer/SW/Security, Computer/SW/Unix] UID:27506 Activity:high
2/24    http://csua.org/u/9db -finally they arrest the strike leaders.
        I wonder if that means oil will finally drop; the strike is 30%
        of the reason oil's been going up.
        \_ Yeah, I guess if getting rid of a corrupt political leader
           interferes with your getting a cheap tankful of gas by
           jailing a few brave souls, then god speed to ya'.
           \_ Gosh, in that case, would you like to join the general
              strike to remove a corrupt politician who gained his
              position through unconstitutional manipulation of a
              a corrupt electoral system?  At the least, you wouldn't
              mind if we shut down the economy for a few days to do so,
              right?
                \_ if the people of the United States had enough savvy and
                   guts to do just that I'd help in any way I could.
                \_ Yawn.  Your own media spent months trying to prove your
                   assertion and failed.  Go back to alt.conspiracy.
2003/2/21 [Computer/SW/Security, Transportation/PublicTransit] UID:27485 Activity:nil
2/21    http://sfgate.com/cgi-bin/article.cgi?file=/c/a/2003/02/21/MN240732.DTL
        Crowd counting article restored, you censoring bastard.
2003/2/14-15 [Computer/Rants, Computer/SW/Security] UID:27415 Activity:moderate
2/14    What is a good internet phone card for calling China?  Thanks.
        \_ I usually use http://www.cybercalling.com  I don't know how it
           compares to others.  Is 3.3 cent good price for calling
           compares to others.  I thought it has good prices for China,
           Taiwan, and even US.  Is 3.3 cent good price for calling
           within the US?
        \_ http://www.pincity.com  : 4.9 cents (using local access #)
           http://www.onesuite.com : 3.9 cents (using local acesss #)
2003/2/13-14 [Computer/SW/Security] UID:27400 Activity:low
2/13    Looking for <DEAD>anonymizer.com<DEAD> like websites that are free. Thanks.
        \_ like water for chocolate.
        \_ get a colo somewhere and run squid on it. set up the acls
           so you and your friends can access it by others can't. Enable
           https to http proxying and you've got all of the features
           of anonymizer for next to nothing.
2003/2/12-7/5 [Computer/SW/Security] UID:27380 Activity:moderate
2/11    At what point (in the course of my login) does DISPLAY get set,
        and what does it get set to? I'm able to open X windows locally
        (using Exceed) from soda, but not from another box I have access
        to. On this other box, DISPLAY is not set and I'm trying to
        figure how to set it. Thanks.
        \_ Depends on the OS & login method.
           \_ please expound or provide a link? the offending box is
              running red hat, and I'm logging in over ssh.
              \_ The remote system's sshd should be setting it.  Make sure
                 that X forwarding is enabled on the remote system and on
                 your local system (try using ssh -v and looking for the
                 "X11 forwarding" lines); you might also want to make sure
                 your dotfiles aren't resetting your DISPLAY variable to
                 something wrong.
        \_ Can you figure out your local machine's IP address and then manually
           do "setenv DISPLAY local-IP-addr:0.0" after logging in to the other
           box?
        \_ Try ssh -X
           \_ ssh -x
2003/2/7-8 [Computer/Domains, Computer/SW/Security] UID:27337 Activity:nil
2/6     Anybody have experience with http://pair.com for web hosting?
        Any other recommendations for quality, affordable web hosting?
        What about hooking up my own computer to a fat pipe somewhere?
        \_ my friends like http://pair.com. i like <DEAD>zapatec.com<DEAD>
2003/2/7-8 [Recreation/Dating, Computer/SW/Security] UID:27330 Activity:high
2/6     What's the best remote flower delivery service?
        \_ Calling a florist in the remote area and being very exact in
           what you want (or give them free rein to create).
        \_ Don't use FTD or other large service. I agree with the first
           reply. --aaron
           \_ Except a lot of florists are part of the FTD network.
              And they will deliver FTD's standard arrangements.  Ask
              them if they are a FTD member before you order.
           \_ What's wrong with FTD? -florally clueless
           \_ http://FTD.com was the first commercial launch of a Java website
              \_ and then?
        \_ Fuck Valentine's Day.  Fuck it right in the ear.
           \_ BDG?  Is that you??
                \_ this sounds more like doesn't-work-with-cable-modem
                   guy (DWWCMG)
                   \_ What?
           \_ ERROR:  EAR HOLE TOO SMALL.
              \_ ~payam/squick.vt
        \_ If recipient is in SF, I've always gone with http://frenchtulip.com
           \_ I love Rose and Radish in SF myself, 415-864-4988. --chris
              \_ Is that a hint?
        \_ /usr/sbin/in.rflowersd
        \_ I hope that you are ordering flowers for your ex-wife's
           funeral. If you are ordering flowers for your girlfriend,
           DON'T. You might think that you are being nice, caring,
           considerate, etc. but in reality you are being drawn into
           a bottomless pit of despair. You cannot imagine the endless
           nightmare that your life will become if you allow yourself
           to be drawn any further into this woman's web. If you do
           not heed my advice the day will come when you will wish
           that you had tied a noose around your neck rather than a
           bow-tie.
           \_ Now that's more like it! bdg #3 fan
           \_ bdg, sign your post
2003/2/6-7 [Computer/SW/Languages/C_Cplusplus, Computer/SW/Security] UID:27322 Activity:low
2/5     I picked up this year's Taxcut and it won't import last year's turbotax
        files. I'm gettign idiotic errors where it either wants to treat my
        TT file as a TC file and then reports a corrupt file or it looks for
        a TC named .T01 file when it's clearly a TT .tax file. I've played
        around with filenames and even looked at hex editing the binaries.  Is
        anyone else trying to do the same thing?  Is it working for you?
        \_ importing is highly over-rated.  Name, address, soc security, etc
           can be easily typed in.  The only other thing you need to worry
           about is carryover capital losses (stock).  It's more complicated
           if you run a small business and need schedule C.  But you probably
           don't run a business.
           \_ Hmm. Well that sucks.  Thanks for the info.
2003/2/4-5 [Computer/SW/Unix, Computer/SW/Security] UID:27305 Activity:high
2/4     Anyone here use samhain?  Any opinions?? (It claims to detect LKMs)
        What is your favorite IDS/checksum program?
        \_ Isn't that a Danzig song?
        \_ snort
        \_ don't be cheap, buy a IDS blade that goes into your router or
           switch.  It offers much higher performance and it's more
           manageable.
           \- that cant detect something like people doing rlogin -> ssh ->
              su and typing root passwd onthe net can it? you can use BRO.
              but it sounds like the above person is looking for something
              run on the filesystem, like tripwire. i use veracity which
              might not be right for you. --psb
        \_ I don't use anything at all.  SSH2 ports open to world+dog if you
           can guess the root password, you get the whole site!  Over 5
           million active usable credit cards just waiting for the taking!
           And the best part is we wouldn't even know you'd broken in and
           stolen everything if you weren't an idiot about it.
2003/2/4 [Computer/SW/Security] UID:27299 Activity:nil
2/3     Soda's very own Nick Weaver makes news again.
        http://news.com.com/2100-1001-983197.html?tag=fd_top
        \_ So he's a "security expert" now?
           \_ Yes he is.
2003/2/1 [Computer/SW/Security, Computer/HW] UID:27266 Activity:moderate
1/31    I find that http://terraserver.microsoft.com is not detailed enough. And
        I've been googling for another one.  Can't seem to find another free
        server that provide satellite photos.  I used another service before
        a few years back but can't remember the site anymore.  Anybody know?
        \_ Call your local congressman today, and ask them to approve funding
           for the Total Information Awareness program.  Soon, the server you
           seek will come into existence.  Though your access to it may be on
           the 'need to know' basis...
        \_ Yermom won't show up on any civilian quality sat. photos.
                \_ Unfortunately, yermom does.
                   \_ You're thinking of the military quality army boot sats.
                       \_ No, I'm thinking "Yermom is SO fat ..."
                          \_ her blood type is "crisco"
           \_ TIA program stillborn.  Just another random pentagon concept that
              went nowhere.
2003/1/21 [Computer/SW/Security] UID:27164 Activity:high
1/20    Is there any tool on an SGI running IRIX 6.5 to play a .mp3 or .mid
        file?  I don't have root access.  Thanks.
        \_ um... build something in your homedir?  If you don't have write
           access to the sound device, you're just SOL.
        \_ Oh, I'm sure there are plenty of tools running IRIX 6.5
2003/1/20-21 [Computer/SW/Security, Computer/SW/Languages, Computer/SW/Apps] UID:27161 Activity:high
1/20    I have a pdf file that contains type 3 font.  Since it is bitmapped
        I can understand why it does not scale nicely, but why does it look
        jagged even at 100% on acrobat reader while the print out looks fine?
        How can I convert it to type 1 font?  The program dvistripp.exe
        that google points me to no longer seems to exist.  Ok tnx.
        \_ does this file have anything to do with ps2pdf? -chialea
           \_ Yes typically I have the ps file and convert it to pdf using
              ps2pdf or distiller.  I don't have access to the original tex
              or dvi files, however.  --op
              ps2pdf or distiller.  It seems to be the problem of the ps
              file, since many other ps files converts just fine.  I don't
              have access to the original tex or dvi files, btw.  --op
              \_ ps2psd does not do the right thing.
2003/1/18 [Computer/SW/Security] UID:27141 Activity:moderate
1/17    Do any other search engines besides google cache?
        \_ I think the question is do any others provide public access to
           their caches... I'm sure any reasonable search engine does
           caching on some level.
2003/1/9-10 [Computer/SW/Security, Computer/SW/RevisionControl] UID:27040 Activity:very high
1/9     I need an archive/revision-control system that keep the repository,
        which is left a relative public system, encrypted.  CVS does not seem
        to do that.  What is an (free/open-source) alternative?
        \_ Do you mean "encrypted on disk" or "requires encrypted
           transmission"?  CVS does the latter; you need to set CVS_RSH=ssh
           and do some more config on the server (there are howtos online).
           For the former, maybe a file system that encrypts data to disk?
           \_ I mean that the (CVSROOT) repository is encrypted on disk.
              I don't need heavy weight encryption.  It is to thwart
              opportunistic voyeur.  -- OP
              \_ rot13.
                 \_ rot26!
              \_ chmod 600 your cvsroot
2002/12/30 [Computer/SW/Security] UID:26940 Activity:nil
12/31   Essential System Administration by Frisch refers to a "wheel group"
        as being an added security feature for the assignment of root
        privileges.  Question: How is this an added security feature when
        having the stolen root password allows login as root anyways?  The
        author also mentions that this feature is not available in Linux, but
        used in BSD type OS's.
        \_ False assumption.  Given a wheel group, you can disallow external
           logins by root altogether.  This leaves at the very least a username
           trail if the source IP is spoofed.
2002/12/24 [Computer/SW/Security, Reference/Military] UID:26898 Activity:nil
11/22   [stupid airport security thread deleted.]
        \_ mandatory firearm safety training for everyone.  give every
           passenger a gun with rubber bullets.  terrorism problem solved.
        \_ Sheep
2002/12/20-21 [Computer/SW/Security] UID:26874 Activity:high
12/20   Is there a way to get SSH to do keepalives (for firewalls/dial-up
        sessions with inactivity timeouts?)  I currently do ssh -X and send
        an xclock over it, but I usually have more than one host open, and
        things get a bit cluttered.  -John
        \_ the inband keepalive is daemon configurable
        \_ the inband keepalive is daemon configurable -shac
        \_ I just have a script that echoes a character to the screen every 10
           minutes.  -- yuen
        \_ Put "KeepAlive Yes" in /etc/ssh/sshd_config
           \_ The line is already there.  Guess it doesn't work.
           \_ My office fw filters that so I do the same thing yuen does.
           \_ KeepAlive actually sends out-of-band so.. it's not what it
              seems.. you actually want ClientAliveInterval which sends
              inband.. however its ssh2 only and some ssh clients will
              barf when they see this packet.. if your client doesnt
              barf at it, then it will keep your session alive -shac
2002/12/17-18 [Recreation/Dating, Computer/SW/Security] UID:26831 Activity:insanely high
12.16   Does anyone here get the economist? my subscription expired two days
        ago and i want online access to an article called "Trapeze artists".
        if you could post it in /csua/tmp it would be most appreciated
        --tia.
        \_ So why not resubscribe, rather than steal?
        \_ Are you planning to resubscribe?
           \_ I just did, and I have the print version of the article, but I
              want to forward the article to a friend. Yes, I could scan it
              or snail mail him the original, but that's a pain. Or I could
              wait a month or two for my new subscription to kick in, but that
              is more lame.
                \_ Post a url to the article and your friend's email address
        \_ So you're asking someone else to commit copyright crimes and then
           put their name on it for you?
                \_ yes, I am actually. thanks for clarifying the situation
                   though. prick.
                   and I will forward it for you.
        \_ Thief.
           \_ copyright violation is not theft. look up thief and theft in the
              dictionary.
              \_ Sure it is.  You're taking or making use of something that
                 isn't yours without permission that normally costs money for
                 access.  Take the rest of your argument to slashdot or k5
                 where you'll find like minded thieves who care.
                 \_ that's not theft. theft involves taking away. "making use"
                    of something -- which isn't even a thing, is not theft.
                    for you to say otherwise is just like my stating you are
                    a cunt.
                    \_ Yeah whatever.  Take it to slashdot.  In the meantime
                       do you mind if I have sex with your gf?  It's not like
                       my making use of her while you're busy with copyright
                       violations is denying you your use of her.
                       \_ This is wrong on so many levels.
                         \_ Just another victory against copyright violators.
                            \_ i'm not the OP. i'm just saying it isn't theft.
                   \_ It only "normally costs money" because of a perversion
                      enshrined into law. Should breathing air cost money, too?
                      Would you support such a law, if passed?
2002/12/15-17 [Computer/Companies/Google, Computer/SW/Security] UID:26819 Activity:moderate
12/13   I was reading somewhere something that implied that google's popularity
        algorithm could tell if the link to your site in someone's page was
        "hidden."  Can someone here confirm: if I have a link to may page on
        another page that is either a.)  The same color text as background or
        b.) a "spacer" image that is a link.  Will Google discount that link?
        \_ No one knows how google really works.  A form of security through
           obscurity to protect their pagerank thing.

12/now  Hey do ya think we could get the motd any shorter and more boring?
        Let's see: 1) a link to chapter 1 of an old book, 2) trivial dns
        lookup issue, 3) emacs question with joke answer.  Why bother even
        having a writable motd if it's going to be stripped of *everything*
        worth reading?  There's no technical questions/answers, no cool
        stuff about, well... *anything*!  And it's always worse on the
        weekend when there's fewer bored people at work to add new things.
        [*laugh* and then the same idiot deletes this whole thing]
        \_ If you're so strapped for amusement that you rely on the motd,
           I weep for you.
           \_ weep away, just stop erasing everything. just because im pathetic
              doesn't mean im not right about others stripping the motd.
        \_ who knows?  what makes these fucking censors tick?  why do they
           want the motd to become pointless?  mysteries we may never know.
        \_ Instead of trying to beat the system, why don't you just try to
           make your page better and more relevant? How hard do you really
           think it is to detect that technique? Can you guess how many
           people we have who work on quality full-time to prevent this kind
           of thing? --aaron@google
            \_ because, 1.) I am starting a new service which competes with
               long-existing services,  Since I am funding this all myself,
               I can not affort to pay SEO's to place "legitimate" links on
               their already ranked web sites. 2.)  Part of the service i am
               offering to clients is that there page will not link back to
               my page which in turn links to a bunch of their competitors.
               This basically hozes me, since my competition creates sites
               that then link back to themselves, racking up points, but i
               am not going to be able to do this.  Because of this, my site
               could very easily be much better and "more relevant" and still
               not have as high a score as my competition. -cuek_saja@yahoo.com
               \_ If your site is good, people will come, regardless of what
                  you do.  If your site is bad, people will not come,
                  regardless of what you do.  If you are starting to ask these
                  sorts of questions now you have already lost.
                  \_ BS.  If they can't find the site, they'll never know
                     whether it's good or not.
                     \_ Consider: http://www.google.com didn't have to circumvent
                        google.  People found it because it was good.  Be
                        good, don't be evil.
             \_ As for your second question, i think the color trick would
                be easy to dectect but the image trick would be hard.
2002/12/10 [Computer/SW/Security, Computer/Theory] UID:26779 Activity:high
12/9    Story on Blum at
http://www.nytimes.com/2002/12/10/science/physical/10COMP.html
        Question - why is Blum "Professor Emeritus" of the CS dept when in
        fact he was happy enticed from Berkeley and is now ensconced at CMU
        with a full and productive lab?
        \_ Hey man, like what a traitor!  I can't believe that!  I'm just like
           ya know totally stunned and completely bummed!  And like he ya know
           stole an emerity thingy from us!  Man!
                \_Who said anything about him being a traitor?  Just wondering
                why he has this title, which means "Retired but retaining an
                honorary title corresponding to that held immediately before
                 retirement" when he's anything but retired.
        \_ From Webster's Revised Unabridged Dictionary (1913) [web1913]:
           Emeritus \E*mer"i*tus\, a. [L., having served out his time, p.
           p. of emerere, emereri, to obtain by service, serve out one's
           term; e out + merere, mereri, to merit, earn, serve.]
           Honorably discharged from the performance of public duty on
           account of age, infirmity, or __long and faithful services__; --
           said of an officer of a college or pastor of a church.
        \_ enticed by his wife, no less.
           \_ yet another reason why marriage is evil.  - bdg fan #3
2002/12/9 [Computer/SW/Security, Computer/SW/OS/Windows] UID:26754 Activity:high
12/8    Has anyone been able to get sound working when running DOS 6.22
        under VMWare?  I want to play old DOS games and having no sound
        sucks.  thx.  --sky
        \_ I know there is a windows program that emulates an old sound
           blaster so old dos games can use sound, maybe oyu can hunt that
           down and use it?
           \_ VDMSound? http://ntvdm.cjb.net
              \_ sweet.  I will try that.  thx  --sky
                 \_ It works great!  --sky
        \_ Maybe http://dosbox.zophar.net Doesn't do protected mode tho.
        \_ there are several dos emulators around.  Which game?
           \_ old DOS adventure games.  VDMSound seems to work with
              them all.  --sky
              \_ which ones? (just curious)
                 \_ space quest, king's quest, monkey island, maniac mansion
                    \_ for the LucasArts games, you should use ScummVM instead.
                       http://scummvm.sourceforge.net
2002/11/25-26 [Computer/SW/Security] UID:26630 Activity:high
11/25   How do I get openssh to work with s/key? I've got skey working and
        have passwords, but having trouble making openssh use them.
        \_ obGoogle
                \_ Google on "skey openssh" gives a million links on
                   the old ssh vulnerability
        \_ Why not just use password-encrypted authorization keys?
        \_ ChallengeResponseAuthentication yes
           in sshd_config. -geordan (who dares to give actual answers)
                \_ what should I then see when I do ssh -v in the
                   allowed authentications? publickey,password,
                   keyboard-interactive ?
                   should I continue to login as user or user:skey ?
                   do I need to change /etc/passwd or anything else ?
                   \_ Hm.  keyboard-interactive is my guess.  I don't
                      actually remember how to activate S/Key from the
                      client; I remember that OS X's ssh did it by default.
                      Why do you want to be using s/key with ssh, anyway?
                      -geordan
                        \_ sshing from untrusted machines
                           Tried this, but still didn't work. Any urls that
                           are openSSH specific?
                           \_ http://openssh.org?
2002/11/22 [Politics/Domestic/California, Computer/SW/Security] UID:26597 Activity:nil
11/20 How can I verify Soda's certificate?
       ...
       \_ No. You can't add self signed certs to your cert store.
          \_ yes, you can... the easiest way is if the machine is using
             the same cert for https... you can import it simply using
             IE... otherwise you need to manuall add import it, but it
             can be done.
             \_ Does the CSUA have a https site?  Still haven't found
                the self-signed cert ... -OP
             \_ Not all versions of OE/IE support this.
          \_ Really? That's dumb. Another reason not to use Lookout(tm)
             \_ A self signed cert has no meaning in the PKI
                model, since all it says that you vouch that
                you are who you claim you are. If you really
                want to implement the cert mgmt correctedly
                there is no reason to allow such certs into
                the cert store.
                \_ Point taken.  Where can I view this cert, and how was it
                   generated, for technical curiosity's sake?  And does the
                   CSUA have a cert for https?  -OP
                       \_ http://www.openssl.org has all the goodies
                \_ By the way, is self-signed certificate different from
                   a certificate that was signed by an untrusted CA (say
                   you have setup a certificate authority within your company
                   for signing certificates)
                       \_ self-signed: signed by untrusted (your own) CA
       \_ I like the original minty green certs best, but some of the more
          orange flavored ones that came later were ok too.
          \_ Before being bought out by RSA, Xcert minted their own brand for
             a promo ... labeled obviously as: "XCerts"! -OP
             \_ Sweet!
         \_ Another approach if you really want secure POP is to set up
            SSH forwarding on a local port to csua:110, then just set up
            Outlook to retrieve email across the SSH (i.e., localhost: 110).
2002/11/17-18 [Computer/SW/Security] UID:26571 Activity:kinda low
11/17   the last five paragraphs of from this article:
        http://www.cnn.com/2002/TRAVEL/11/16/airport.security.ap
        __
        Ed Karabinus, 56, was a security manager at Shepard Air Force Base
        in Texas last winter when he traveled through Dallas-Fort Worth
        International Airport and encountered inefficient screeners who
        didn't speak English.

        He decided to become a screener himself. He took the test, and in
        March he was one of 61 people hired as supervisors.  Eight months
        later, he has been promoted to federal security director, a new
        category of federal law enforcement officer, overseeing both Wichita
        Falls Municipal Airport in Texas and nearby Lawton Municipal Airport
        in Oklahoma.

        Federal security directors earn between $108,400 and $150,000 a year.

        Karabinus, who now drives a used Mercedes, motivates his screeners
        by saying, "Look where I went, guys, in eight months."
        --
        DAMN, where can I get a job like that?
        \_ There are always special people in all sorts of jobs doing really
           well.  They are the exceptions, not the rule.  The typical airport
           security jock is making $8.50/hr and will get a COLA in 2 years to
           $8.75/hr.
           \_ They are federal employees now making more than that. I don't
              know how much more, but more than $17k/yr certainly.
2002/11/15-17 [Computer/SW/P2P, Computer/SW/Security] UID:26558 Activity:nil
11/15   http://journalism.berkeley.edu/projects/biplog
        Coming soon, a real hostname. -dans
2002/11/14 [Computer/SW/Security, Computer/SW/Unix] UID:26540 Activity:very high
11/13   back to the question regards to my problem of being f*cked up
        by sys admin cuz they changed the UIDs... during the process
        changing user ID, is hard-link ever used to accomplished the task?
        I read somewhere that if hard-link is not being used carefully,
        I may never able to get those files couting against my quota
        unless the other person happened to deleted the file.  Is that
        true?
        \_ Please supply host IP address, login name and password
           and I'll check it out for you. It's too hard to debug with
           so little, random, information.
           \_ 198.137.241.41, gwb, bombiraq
        \_ Sounds like you need to pay a contractor to go in there and fix
           this idiot's mess.  While you're at it, fire the stupid bastard
           because he's making the rest of us look bad.  --real sysadmin
        \_ maybe your sysadmin is a BOFH who is persecuting you because you
           just can't seem to use english properly.
        \_ Napalm the fuckin bastard.  -John
           \_ thanks to all (except that grammar/spelling nazi, who didn't
              really contribute anything useful).
              For those who never step out of bay area / berkeley: you
              would be suprised that sheer concentration of *GOOD*
              system admin here at Cal, and alarming number of those
              who are considered as mideocre at best at for the rest of
              the world, even in an academic setting (where my account is)
              For the rest... thanks for putting up with all sort of mis-
              spellings and grammar errors from me.
             \_ Actually a lot of the world has some pretty stellar
                sysadmins;  however, usually they lack a good academic
                environment in which to hone their skills and find out about
                others doing the same stuff.  So they often end up doing crap
                jobs tucked away in some company somewhere, underpaid and
                underappreciated.  I'm enjoy introducing people like that to
                others in the field by organizing BOFs and the likes;  I'm
                always amazed at how little contact some of the good tech guys
                have to the rest of the world.  And I still say there are
                enough decent good root-types to go ahead and napalm the
                fuckin bastard.  -John
                \_ Ever owned a cat, John?  Or are you just spouting?
                   \_ Yes and yes.  -!john
2002/11/13-14 [Computer/SW/Security] UID:26535 Activity:moderate
11/13   http://privacy.yahoo.com/privacy/us/pixels/details.html
        \_ Your point?
           \_ I believe (s)he wants us all to click on that opt-out link.
                \_ bugnosis?
2002/11/6-7 [Computer/SW/Security] UID:26428 Activity:kinda low
11/5    Which free version of PGP provides a PGPDisk that works in WindowsXP?
        I'm considering the International and CTK variants.  Is any version
        more secure or trustworthy than another?
        \_ PGP is pretty good.
                   \_ HA HA HA HA HA HA HA HA. ha. ha. ugh. --aaron
        \_ Screw it.  PGP6.5.8ckt_build08 failed to install on XP, and
           PGP6.0.2i could not read my PGPDisks made by PGP6.0.2 Desktop
           Security in Windows2000.  Now my question is: What other pretty
           good encryption tools are there that does what PGPDisk does?
           -OP
        \_ nai actually stopped developing pgpdisk before XP and before their
           latest versions of PGP.. and even announced that they would be
           killing off pgpdisk entirely.. then sold of pgp to the current
           PGP Corp. which says they will have support for XP in v8.0
           which is currently in beta. check http://www.pgp.com -shac
           \_ Thanks.  I'm looking for something _FREE_, and their Freeware
              products do not include PGPDisk.
              \_ Cheap bastard.  Pay for it if you want quality products with
                 full features.  These people have to eat (sushi and Vik's
                 takeout daily) and pay rent (okay, well, condo association
                 fees) and buy shoes (and private school tuition and cell
                 phones) for their kids.
2002/11/5-6 [Computer/SW/Security, Computer/SW/Database] UID:26423 Activity:nil
11/05   What form of encryption is used for system passwords?  Is it
        possible to use that same form in mysql?  I would like to be able to
        take a users encrypted password from sql (which needs to be usable
        through mysql) and give them a system account once they have jumped
        through additional hurdles.  Is this possible? how? URLs appreciated.
        \_ ???  What's the project goal?
        \_ man crypt
2002/10/22 [Computer/SW/Languages, Computer/Rants, Computer/SW/Security] UID:26275 Activity:high
10/21   Is there any service that takes email and sends regular mail?
        Like bill pay, but with email instead of checks.  I should be
        able to set up "sendees" and they could print and send my emails
        to them.  Then i could correspond with my amish friends!
        \_ don't you have a printer, stamps, paper, and envelopes?
           \_ I'm VERY LAZY and am willing to pay someone else to
              specialize in that and get the economies of scale.
        \_ http://www.usps.com/mailingonline
            \_ cool, thanks.
2002/10/17-18 [Computer/SW/Unix, Computer/SW/Security] UID:26234 Activity:insanely high
10/17   Is there a really easy way to forward all port 80 packets to another
        machine? I want to migrate my web (but not mail/smtp/etc) packets to
        a new machine. I don't want any sort of HTTP redirects because I want
        the transition to be "seemless". Does my question even make sense?
                              \_ seamless
        \_ Any firewall software can do this.  Or you can point the DNS
           name at your new web server and use MX'es to keep the mail on
           the existing server.  Or use mod_rewrite.  -tom
           \- writing a generic "port forwarder" to listen on localhost:tcp/###
           and fwd that to A.B.C.D:### is pretty straght forward programming
           exercise. in fact it is possible ssh can do it for you. i have a
           tool i suppose i can send you which forwarded the pop protocol
           but it should work for WEEB by just changing the port number.
           [all WEEB is tcp, right?]. i seem to remember after looking at a
           breakin there was some crackerware to do this too. --psb
                                  \ are you calling nc "crackerware"?
           \_ This is what I was going to do. Either this or just use ssh to
              do the forwarding until I complete the migration.
              do the forwarding until I complete the migration. But I was
              hoping that someone had already written something (or gotten
              netcat to work as such) so that I don't reinvent the wheel...
              and don't have to worry about implementing error handling and
              so forth.
        \_ DNS!  Why does no one use DNS for this stuff?  The world wasn't
           meant to be hard coded IPs.  They made DNS for a reason.  You don't
           need clunky firewall kludges if you made proper use of DNS.  You
           wannabe sysadmins are getting more dangerous by the day.  Please
           tell me this isn't a commercial site.
           \_ because dns wont forward port 80 packets.  DNS will send all
              packets to that hostname elsewhere.  This is why a smart admin
              will point several names at the same host, each name for each
              service on the host, and then they can move the ip in the name
              for that service without affecting the other services.  I.e.
              csua www service is 'www.csua',  not 'soda.csua' (even those two
              names point to the same IP), so we can move www service if
              necessary without screwing other services.
              If you weren't so smart, firewall-NAT /packet forwarding/
              is your only option. -ERic
              \_ Thank you for the description of "proper use of DNS" as
                 mentioned above.  Anyone who doesn't know that DNS doesn't
                 forward packets needs to give up the root shell.
           \_ DNS switches are not "seemless".  Even if you have your TTL set
              properly, there is a whole world of improperly set up DNS servers
              (and microsoft DNS clients that mad-cache) that will not get up-
              dated the instant you want them to.  (Of course, just leaving the
              service up at site 1 for a while is probably better than port
              forwarding everything with good ol' nc  -The SysAdmin.
              \_ Gosh, you mean you actually figured out how to do a seamless
                 service migration with DNS?  Wow.  That was hard, huh?
           \_ 1) You are a dumbass, as everyone else already pointed.
              2) Even if what you said were correct (which it isn't), have you
                 considered the possibility that some people might be hard-
                 coding the IP's?
              \_ 1) No one said any such thing.  Learn to read.
                 2) It's correct and anyone who hard coded the IP's is a total
                    moron at step zero and shouldn't have root which was
                    already addressed earlier.  If you could read, you'd have
                    read that, too.
                 3) Learn to read.  Thanks.
              \_ [ inane baiting deleted. ]
        \_ OP here. Here's my solution:
        www stream tcp nowait nobody /usr/local/bin/nc nc my.remote.host 80
        im reposting my solution for the third time:
        tcpserver 0 80 nc ncc 80
2002/10/15-16 [Computer/SW/Security] UID:26195 Activity:kinda low
10/15   FYI OpenSSH 3.5 is out.
        \_ Interesting. Is there a ChangeLog somewhere that summarizes
           the changes in this release. In particular, I am wondering
           if PAM and auditing problems have been fixed in Solaris
           when privilege separation is enabled.
           \_ ftp://ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/ChangeLog
2002/10/15-16 [Computer/SW/Security] UID:26191 Activity:high
10/15   I don't have a long dist carrier. I usually use 10-10-321, 811, 220,
        etc. What's a good plan to use?
        \_ http://www.onesuite.com  Cheap, no hassles, portable.
           \_ http://www.onesuite.com/faqs.htm#G13 , you can get 20 free
              minuts (hey that's like 60 cents)!
              but why don't they just bill the telephone like others?
              \_ onesuite is actually a calling card which you can access
                 through a 1-800 number or local numbers.  it is not a traditioal
                 long distance carrier.
2002/10/15 [Computer/Rants, Computer/SW/Security] UID:26185 Activity:very high
10/14   Why all the H1B posts? Our jobs, esp support and QA are already being
        exported to countries like India and China. There was a report from
        60 Minutes that says a few phone companies already shifted their
        phone support ops to India. They even train the workers to be
        knowledgeable about the American culture (football, beer, etc).
        Face it, many jobs are indeed exportable. IT is just a glorified
        auto/steel/whatever industry.
        \_ You're a Cal grad and doing phone support and QA?  Jesus F. Christ!
           Did you graduate with a degree in English or something?
           \_ I thought Jesus' middle initial was 'H'.
              \_ You don't know what the 'F' is for?
        \_ Agreed, IT = auto = steel = dockworkers.  However, since most
           motd readers are sys admins, they confuse themselves with
           real software engineers and architects.  We're not worried
           about H1B workers.
           \_ uh, it's the software development that can be easily exported,
              not the sysadmin work.  Think autoworker vs. policeman.  -tom
           \_ *laugh* As a sysadmin, the last thing I'm worried about is my
              job getting exported to another country.  No sysadmin confuses
              what they do with what a coder monkey does.  When a coder monkey
              fucks up, you get a bug which gets caught by QA (in India). When
              a sysadmin fucks up, the whole shop goes down.  No one is going
              to ship their servers to India.  Silly troll, cookies are for
              kids!
        \_ Recently had trouble with an http://amazon.com order. Emailed them
           (the only way to reach them) and all I got were replies
           from folks with Indian-looking names. All replies either
           had good english or good scripts or both. I suspect
           amazon support may be outsourced?
        \_ I have never gotten good customer service of any kind from
           an Asian-outsourced helpdesk.  In fact, this is the main reason
           why I refuse to buy anything from http://Amazon.com anymore.
           My experience with US helpdesk workers is mixed, although mainly
           positive (unless you're dealing with a fucked up company like Sony.
           The only consistently good tech support I've gotten was from Irish
           call centers (most European tech firms redirect English-language
           calls there.)  -John
           \_ Was on the phone with a Netapp chick in Singapore last night.
              She didn't fix my problem but had a sexy voice so I still logged
              the call as a "10" in their customer service records.
           \_ I have never gotten good customer service of any kind
              through the phone, period.  Almost.
              \_ B&H over the phone seems okay.
        \_ Exporting software jobs is the best thing that ever happened to
           the software industry.  Perhaps now, we will realize that many
           engineering positions are filled by glorified, semi-skilled
           typists (software).  Let's face it-  software systems are LARGE
           nowadays-  but innovation is the crux of value, not WPM.  Stop
           complaining about your obsolete job.  Coding is a monkey task
           that should be outsourced, not protected by some archaic notion
           of an ivory tower of academia.
        \_ Which is why I would recommend moving up to a more architectural
           or managerial level, to avoid your job being 'exported'. I agree,
           coding, not only a 'monkey task' as the above posted noted, is
           often considered a thankless job. Don't shoot the messenger, this
           is what I heard.
        \_ Put it this way.  Number of engineers produced per year in US:
           65000, in China 700000, and their quality is improving.
           \_ This is exactly the kind of reasoning upper management uses to
              justify H1b's shortly before they get a http://fuckedcompany.com entry.
              Because if 1 american engineer can do it in X days, then 10 H1b
              engineers can do it in X/10 days.  Right?  Good math.
2002/9/28 [Computer/SW/Security, Computer/SW/Unix] UID:26038 Activity:nil
9/28    I installed mysql 3.23.52_1 via pkg_add and I'm trying to set the
        root password-- but I don't know the default password.  This is a
        fresh installation, and I'm using
% /usr/local/bin/mysqladmin -u root password 'blah'
/usr/local/bin/mysqladmin: connect to server at 'localhost' failed
error: 'Access denied for user: 'root@localhost' (Using password: NO)'
% /usr/local/bin/mysqladmin -u root -p password 'blah'
        Also fails, because I don't know the stinking password.  I've tried
        the system's root password, "root", "toor", and various foul
        language.
2002/9/13 [Computer/SW/Security] UID:25874 Activity:kinda low
9/12    Has anyone else noticed that their ssh session tends to die as
        soon as they get notified of new mail?
        \_ never happens to me.
        \_ Mine is kindof twisted. If I have newmail running in the backgrnd
           I cannot seem to log out of my ssh session cleanly (it just hangs
           after the logout). But if I kill the newmail process prior to
           logging out, it works fine. (this is on a Debian Linux). Clues?
           \_ just a guess -- does newmail open an X connection?
        \_ try ssh -v when making connections.  without debugging info you
           don't stand a chance.
2002/9/12 [Computer/SW/Security] UID:25859 Activity:nil
9/11    I hate people who block ping requests, it is so annoying and of so
        little (in fact i'd go as far as to say NO) security value.
        \_ some people just block all icmp.. for valid security reasons -shac
2002/9/11-12 [Computer/SW/Security, Computer/SW/Unix] UID:25851 Activity:low
9/11    Is it commonly accepted to use rsync between two machines using a
        null passphrase? I haven't found any good workaround. The next best
        thing would be to type the key once per reboot, but that is
        inconvenient and the key stays in memory. So... after a few days of
        googling, root+null passphrase is the best I could come up with.
        \_ If it's a low security site, you can do the null passprase to a
           junk account and then have cron or whatever copy/move the files
           out.  jailed shells and what-not are easy enough to setup without
           jumping through too many flaming hoops.  Are these both internal
           machines?  Maybe NFS is the answer?
        \_ Install ssh, rsync over ssh instead of rsh and use a passkey.
2002/9/9 [Computer/SW/Security] UID:25820 Activity:high
9/8     Is @cal forwarding down again all day? What the hell? It's an
        embarrassment to Berkeley! Shit I should've never trusted them
        in the first place!! My ISP is far more reliable! They suck
        you in with a permanent email forwarding address and then the
        service goes down for days. Bunch of idiots!!!
        \_ Is there a number we can call about the service?
        \_ This gives Cal a bad name, just like the programming contest
           and Cal Football.
           \_ We've won our past three games against 5th tier teams!
        \_ I think it may have come back up.
2002/9/4-5 [Academia/Berkeley/CSUA, Computer/SW/Security] UID:25767 Activity:very high
9/3     I'd like to donate equipments (eg 160G HD) so that I can influence
        politburo members into giving me root access. How do I go about
        doing that? P.S. I'm an alumni
                                \_ alumnus (possibly alumna) or alum
        \_ are you female? I think most of them are tired of making love
           to mr.hand
           \_ rosie Palm and her five sisters are h07!
              \_ The Palm SEXtet (pun intended) will make you blind!
           \_ You mean *Miss* Hand?  Or are they gay?
              \_ No, you're just 100% clueless.
        \_ mail politburo. ask. -chialea
           \_ chialea!  I want to kiss you!  :-)
              \_ are you an eastcoast or westcoast stalker of hers? !fan
              \_ you're freaky
                 \_ No, they're dreamy!  --chialea #1 fan #1 fan
                                            \_ a.k.a. chialea
                                               \_ Incorrect.
                                                  --chialea #1 fan #1 fan
        \_ you're going about it the wrong way.  you need to bribe a single
           root person, not the whole politburo.  you don't want official
           access, just access.  social hacking.
           \_ is that how paolo got root?
           \_ Speaking of bribing, have the recent politburo requested
              alumni support yet for this year?
              \_ still not getting it.  you dont support politburo for root,
                 you buy some kid a few beers.  sheesh.  must i spell out
                 *everything* for you?
                 \_ Not looking for root, just wondering about funding.
                    \_ maybe they can request funding for a SCSI RAID card.
                 \_ if you're cute, you screw for root.
                    \_ The secretary?
                       \_ Good things I'm not sexy@csua anymore -chialea
                    \_ Get real. Sleep with csua root users instead of popping
                       5 bucks for cheap beer?  Son, not all sex is good sex.
                       You should go for the beer option.
2002/8/29-30 [Computer/SW/Security] UID:25734 Activity:high
8/29    Do you guys have a different password for every single account you
        own -- email, website, server, bank, etc?
        \_ Yes.
        \_ I have tiers of security-- like very secure, medium, and not at all
           secure. Usually as I retire my very secure passwords, I move them
           down to the lower tiers... except for the lowest level, which is
           almost always just based on my name or something.
           \_ I do this too.  I wonder how commmon it is.
           \_ How do you remember all the passwords?  I have like 10 passwords
              for maybe 30 accounts.  I can never remember which to use for
              what, except for the accounts I use daily.
        \_ I use the same password for all my accounts, home, work, root,
           hotmail, http://yermom.com pr0n sites, my secret password with Visa, my
           home security company, everything.
           \_ Have you been to http://yermom.com?  What a fucking stupid website!
2002/8/29-30 [Computer/SW/Security] UID:25732 Activity:high
8/29    Has anyone tried DMA? Does it really work? I'm afraid to use it for
        the same reason why I don't click on "unsubscribe me" from spams.
        \_ Yes it works. Both for mail and phone-based junk. It works best if
           you also request that the credit agencies not release your info as
           well and you foregoe mail forwarding when you move.
           \_ Those work very well for me, together with calling up companies
              to cancel junk catalogs under whoever's names and my address.
              --yuen
        \_ Direct memory access?  I love it.  Great stuff.  Works great and
           less filling at the same time!  Better than rogaine
        \_ No but I've tried MDA.  Is DMA some other analogue?
           \_ Direct Marketing Association, Inc.  http://www.the-dma.org
              The posters are talking about DMA's Mail Preference Service which
              helps you stop junk mail.
              helps you stop junk mail.  Saves time and trees.
2002/8/29-30 [Computer/SW/Security] UID:25731 Activity:low
8/29    Is there a website that tells you the elevation above sea-level
        of all the cities in the US (at least the major ones)?
        \_ No.  I have encrypted all of my copywritted material
           using an encryption algorithm based on US city elevation data,
           and releasing it now would be in violation of the DMCA.
           If you try to download that information from the web, I'll
           DOS your server.  -GIAA
        \_ Uh, Yeah, the first link from the google query:
        "us major cities elevation above sea level" -googled
2002/8/27 [Computer/SW/Security, Computer/SW/Unix] UID:25705 Activity:high
8/27    Is there a CSUA policy about deleting accounts of those who have died?
        Or is it a respect sort of thing to keep the account for the deceased?
        \_ There are deceased?
           \_ gene kan
              \_ What happened to him?
                 \_ He Cobained.
              \_ gene can do what?
           \_ was he active CSUA?
        \_ How about deleting accounts for those who have been inactive for a
           long time?
           \_ and... why?
              \_ To reclaim disk space?  Free up login names and UIDs?  Reduce
                 chance of break-ins since those people won't be changing
                 their passwords periodically?
                 \_ As if people who never really used their accounts are using
                    a lot of disk, someone else wants their name, we're near
                    out of UIDs or more than 1% of you slack bastards has
                    changed your password in the last 6 years....
                 \_ reclaim unused uids?  Doesn't the account creator just
                    add a new uid after the highest used one?   Are we even
                    anywhere near starvation for uids?
                    types.h lists the uid as:
                        typedef u_int32_t       uid_t;
                    So thats what, 4 billion possibilities?  I see only 2400
                    or so passwd entries.  Try another excuse to delete
                    unused accounts...

                    To reduce chance of break-ins?   I'd argue to delete the
                    active accounts -- theyre the ones most likely to have
                    their password leaked ( via social engineering , trojaned
                    software, or other means) or shared on another
                    site.
                    \_ ok genius so then why should the accts not
                       be deleted?
                       \_ The burden of proof is on those who desire
                          change in a functional environment.  They should
                          not be deleted because there is no reason to and
                          it would waste someone's time to do so.  Why
                          *should* any accounts be deleted?
                    \_ How come at line 2437 in /etc/passwd the UID goes up to
                       10958, but then at line 2438 it starts from 1003 again?
                    \_ I saw that old login names like achoi or choice no
                       longer exist.
                       \_ achoi/choice is now android. -geordan
                          \_ So any future Albert Choi or Ah-Ching Hoi can
                             re-use the login achoi.
                             \_ *hint*
2002/8/26-27 [Computer/SW/Security, Computer/SW/OS/Windows] UID:25694 Activity:high
8/26    After I save a file in win95, I need to process it from DOS prompt
        (to use with sftp for putty for example). I find the file name to be
        "currupted" - it's shorter and contains strange characters like "~".
        I know this must be a feature from MS but how to get around it and
        access the file from DOS using the real file name?
        \_ try using cygwin
        \_ the win95 shell displays that because it's DOS and DOS doesn't
           do more than 8.1 filenames. Just use those shorter names
           (i believe they show up correctly in windows), use the long name
           with quotes around it (i think that works) or better yet
           upgrade to win 2000.
        \_ if you use the short file name with scp, you'll lose the long file
           name on the other side.  you need to double quote the LFN to do
           what you're talking about.  or as the above say use cygwin or w2k.
        \_ By "DOS prompt", do you mean the DOS window in Win95, restarting
           Win95 in DOS mode, or plain MS-DOS 6.xx?
        \_ Enclose your long/full name with double quotes.
        \_ Use double quotes.
        \_ I think double quotes will do the trick.
2002/8/26 [Computer/SW/Security] UID:25689 Activity:moderate
8/26    Any recommendations for web hosting services with good latency from
        campus? Looking for cheap service to host low traffic www site.
        \_ Low latency?  You're playing quake from your campus office?
2002/8/20-21 [Computer/SW/Mail, Computer/SW/Security] UID:25623 Activity:very high
8/20    using gpg i want to associate someones public_key with a wildly
        different alias that they also use to mail me encrypted text.
        I skimmed the long man-page but didn't find it.
        \_ you really think the nsa cant read your text in real time?  get
           real.  they can spot the gpg signature and flag your packets to
           make certain a human reads the messages.  sheesh.  dont you know
           the best way to hide is in plain sight where your traffic looks like
           everyone else's and only the computers will read (and ignore) it?
           \_ (!OP): I don't care about the NSA. I care about business
              competitors, 1337 haxors, and the like.
              \_ w3 @1r3d33 0wNz y00.
           \_ (TOP) o.k. i love to ecourage trolls..
                1)  I'm trading commercial "secrets" not military ones so I
                    don't much care if some cypher-wonk in the basement of
                    the pentagon reads my mail.
                2)  By encrypting traffic "they"re not interested in i'm making
                    their job harder, if only a little, which makes me happy.
                \_ What mail client do you use to (en|de)crypt mail w/ gpg?
                   \_ mutt
                   \_ pine.  (flame away)
                \_ So you trust foreign governments such as the French who are
                   known to engage in industrial espionage for their
                   corporations not to steal your data and hand it over to
                   your competitors?  So much to learn, so little time....
2002/8/19 [Computer/SW/Security, Computer/SW/Unix] UID:25608 Activity:nil
8/19    http://www.kuro5hin.org/story/2002/8/19/2952/21932 - php gui sucks.
        \_ gui's are bad.
2002/8/15 [Computer/SW/Security] UID:25563 Activity:very high
8/15    I am familar with SSH1 but just put SSH2 on my computer.
        With SSH1, I know I put the contents of his identity.pub file in my
        authorized_keys file.  With SSH2, what is the analogous procedure?
        Do I do something with the snippet that begins
        "---- BEGIN SSH2 PUBLIC KEY ----" which he sent me?  Where do I
        put that on my server?  Thanks!
        \_ It depends on what kind of keys you use (SSH1 or SSH2 keys),
           what client do you use, and whether the server is running
           openssh or commercial sshd. In case of soda, you have to upload
           your public key to your account, convert it to the format the openssh
           understands using ssh-keygen command and then append it to your
           .ssh/authorized_keys2 file.
           \_ I think I need to add something in the .ssh2 directory.
              I am running with "SSH-1.99-2.4.0 SSH Secure Shell".
              \_ yes, consult the ssh2 man page
              \_ place the public key (the entire file from '---- BEGIN...'
                 to '---- END SSH2 PUBLIC KEY ----' in a file under .ssh2
                 then create a .ssh2/authorization file containing the
                 line 'Key pubkeyfilename' (where pubkeyfilename is the
                 name of the public key file you just created) - max
2002/8/8 [Computer/Domains, Computer/SW/Security] UID:25524 Activity:high
8/8     If I use <DEAD>foo.bar.com<DEAD> in a root .rhosts file, can someone who controls
        DNS server in his own domain set up one of his addresses to reverse
        to <DEAD>foo.bar.com<DEAD> and get into my machine?
        \_ If you're using rsh?  Probably.  ssh, if you have it configured
           to, will check to see if the remote machine's host key is
           correct.
           \_ Yes I know this wont work for ssh.  I think with rsh the only
              trick is to get him to look at your DNS server.  If you can do
              that, I think it will work.
2002/8/1-2 [Computer/SW/Security] UID:25470 Activity:high
8/1     Bugtraq reports that openssh-3.4p1 was trojanned on http://ftp.openbsd.org,
        and its mirrors.
        \_ Link?  And Is that what happened to csua?
           \_ http://online.securityfocus.com/archive/1/285492/2002-07-29/2002-08-04/0
           \_ Don't think so.  That seems to have affected the
              openssh-portable port.
              \_ which... soda runs...
                 \_ dont bring facts into this.  this is the motd, damn it!
                    \_ It's okay, they didn't.
                 \_ no it doesn't:
                    $ telnet soda 22
                    Trying 128.32.112.233...
                    Connected to http://soda.CSUA.Berkeley.EDU.
                    Escape character is '^]'.
                    SSH-1.99-OpenSSH_3.4
                    \_ genius wtf do you think that is?  If it isn't an openbsd
                       machine and it's running openssh, it's the portable one
                       \_ I believe the FreeBSD uses the non-portable openssh
                          too, perhaps with their own patches. If FreeBSD was
                          using portable openssh, you'd see a version string
                          that looks like this: SSH-1.99-OpenSSH_3.4p1
                       \_ Hi.  You're an idiot.
                       \_ Recent FreeBSD base system uses 3.4p1.  There are
                          also two ports: security/openssh and
                          security/openssh-portable, which are a patched
                          OpenBSD version and the portable version,
                          respectively.  Soda is running the former, AFAIK.
                          --dbushong
              \_ The only installed openssh port I see is:
                 /var/db/pkg/openssh-3.4_4
        \_ What's the bottom line? Is soda's current version compromised?
           \_ I don't think so.  Plus, the compromise is just a side effect
              of the build, and (supposedly) should not affect the built
              executables.
           \_ No. The MD5 on the src tar ball in /usr/ports/distfiles
              matches the correct MD5:
              MD5 (openssh-3.4.tgz) = 39659226ff5b0d16d0290b21f67c46f2
              soda$ cd /usr/ports/distfiles/ && md5 openssh-3.4.tgz
              MD5 (openssh-3.4.tgz) = 39659226ff5b0d16d0290b21f67c46f2
           \_ Here is what I've heard from a reliable source: (sorry, no
              url)
              "If you didn't rebuild OpenSSH from scratch in the past 36
              hours you don't have to worry about it and the trojaned
              code was replaced with a clean copy by 6am PDT. The trojan
              was that someone added a line to a Makefile such that during
              compilation, a socket is opened to a hacked machine once an
              hour to await "commands" (or example, open a shell, or die).
              The OpenSSH code base wasn't touched. The hacked machine was
              wiped early early this AM.

              I haven't heard anything about whether the SunOS 4.1.X FTP
              server (the OpenSSH project hosts there because the people
              who offered to host it there have lots of bandwidth) was
              hacked, or if this was some kind of inside job from someone
              who had appropriate levels of access on that host.

              Like you doctor always said, check your md5 checksums and your
              PGP sigs. The FreeBSD "ports" system does that automatically
              and refused to build and install the tainted coded."
2002/7/29 [Computer/SW/Security] UID:25436 Activity:nil
7/29    Can some one tell us some definitive info about what's going on
        with pop?  it hasn't worked since the ip change.  Do I need to
        change port number?
        \_ The sort-of official, and thoroughly unannounced answer is that
           clear-text POP/IMAP has been disabled since the recent compromise.
           You can only use SSL enabled POP/IMAP clients.  Hopefully we will
           soon have localhost clear-text service available for those who
           prefer to ssh tunnel instead of trying to find an SSL enabled
           mail client --scotsman
           \_ okay, what settings do I use for POP3 over SSL?  port 995?
              \_ Y'know.  looking at things, I don't see POP3s enabled..
                 I'd have to say mail root. --scotsman
           \_ wasn't this always the case? I was never able to use POP w/
              clear-text password remotely and have been ssh tunneling for
              about the last year.              - rory
        \_ On a somewhat related note, is telnet / skey going to be
           reenabled, or is it permanently disabled?
2002/7/25 [Computer/SW/Unix, Computer/SW/Security] UID:25422 Activity:insanely high
7/25    Just curious. How come 'last' shows the date went backwards? thx.
mikeh            ttyA7    128.32.112.194   Thu Jul 25 01:09 - 01:11  (00:01)
root             ttyv1                     Thu Jul 25 01:08 - 01:09  (00:00)
root             ttyv0                     Thu Jul 25 01:07 - 01:08  (00:01)
emarkp           ttyv3                     Wed Jul 24 23:36 - 23:36  (00:00)
mehlhaff         ttyA4    63.201.156.21    Wed Jul 24 23:30   still logged in
root             ttyv2                     Wed Jul 24 23:24 - 23:46  (00:22)
root             ttyv1                     Wed Jul 24 22:51 - 23:46  (00:54)
mikeh            ttyv0                     Wed Jul 24 22:50 - 23:47  (00:56)
reboot           ~                         Wed Jul 24 22:50
shutdown         ~                         Wed Jul 24 22:44
root             ttyA1    10.32.43.51      Wed Jul 24 22:17 - shutdown  (00:26)
mikeh            ttyA1    10.32.43.51      Thu Jul 25 03:54 - 22:17  (18:23)
jon              ttyA3    10.32.43.51      Thu Jul 25 03:07 - 03:08  (00:00)
root             ttyA4    10.32.43.51      Thu Jul 25 03:00 - shutdown  (19:43)
root             ttyA1    10.32.43.51      Thu Jul 25 02:44 - 03:54  (01:10)
mikeh            ttyA1    10.32.43.51      Thu Jul 25 02:44 - 02:44  (00:00)
root             ttyA0    10.32.43.51      Thu Jul 25 01:45 - shutdown  (20:59)
reboot           ~                         Thu Jul 25 01:35
        \_ that's why it's called 'last'.  it shows from most to least recent
           who has logged in.
           \_ so you saying july 24 is more recent than july 25?
2002/7/25-26 [Computer/SW/Security] UID:25416 Activity:moderate
7/25    Is there any ETA of a full report about the compromise?  For
        instance-- how long ago did the hack take place?  Where did it
        originate?  How was it discovered?  Was ssh-keygen hacked?  Do we
        need to replace our keys?  Are we supposed to change ALL of our
        passwords, or just ones that we used in the past X days?
        \_ Also, what _isn't_ known about the hack?
           \_ we believe that nweaver was responsible. --h@x0r
        \_ Are we going to ask for the death penalty?
        \_ Can't hurt to change your passwords and ssh keys anyhow...
2002/7/25-2003/1/5 [Computer/SW/Security] UID:25415 Activity:nil
07/25   Yes, soda's ssh, sshd, and sudo were compromised. Changing all
        of your passwords is advised. Services that are down now will
        come up in due time. --ajani
2002/7/25 [Computer/SW/Security, Academia/Berkeley/CSUA/Troll] UID:25414 Activity:high
7/25    Anybody know what's happening with alumni.eecs?  Can't seem to ssh in.
        \_ Last I herd they were having problems with secure shell.
        \_ Sounds like they got 0wnz0red
          \_ well, they told me because csua's ssh was trojaned, all accts
             which have anything to do with soda is disabled.  Talk to root
             to reactivate it.
             \_ csua's ssh was trojaned?  when did this happen?
                \_ Shoulda used coitus interruptus, but abstinence is
                   the best choice!
             \_ You better be fucking kidding because there's nothing about
                this on /etc/motd.official.  If soda got owned we have the
                right to know about it and root has a responsibility to tell.
                I'd like to see official word on motd.official whether this is
                true or not.  This isn't funny if you're making it up.
                \_ What even not funnier is how you're being such
                   a dick about asking for this information.
                   \_ Excuse me while I beg for critical security information.
                      Oh please please please let me know sometime after you
                      graduate what the fuck was going on.  Security isn't a
                      joke and users shouldn't be left guessing wtf happened
                      or how much they might be fucked over.  And for you
                      personally, fuck you, you know nothing fool.
                        \_ And for you personally, if your files and
                           whatever else are so critically dependent on
                           soda being completely secure, get your own
                           machine and connection and maintain it.
                \_ Found on http://ucb.org.csua (7/24):
                   Soda.csua is down because it was compromised. It will
                   hopefully be fixed tomorrow.  Galen
                   \_ which is unfortunately not very helpful when soda is the
                      only machine from which one can read ucb.*
                      \_ Try http://groups.google.com?
                   \_ how about a secondary webserver on, say, scotch that
                      gives news and downtime type stuff for soda.  new A
                      record <DEAD>news.csua.berkeley.edu<DEAD>, etc.
                      \_ If you asked him really nicely, perhaps dbushong would
                         be willing to do something like this at http://www.csua.org
                         I'll bet you'd have better chances if you volunteered
                         to do the coding so that he could just post it.
                         \_ I know dbushong.  dbushong is a good friend of
                            mine.  and you, sir...  wait.. what was i saying?
                            Really.  Dave just runs http://csua.org.  He doesn't
                            know or care about the daily goings on of soda.
                            This is something the politburo can and, i'm going
                            out on a limb here, should do.
                   \_ Ok that's a start, how about some info on how long it's
                      been compromised, what sort of compromise, how badly,
                      what were the hackers doing, what got installed, etc?
                      \_ Nice attitude. And how much have you contributed to
                         this group and its equipment lately?
2002/7/25-26 [Academia/Berkeley/CSUA, Computer/SW/Security, Computer/SW/Unix] UID:25413 Activity:low
7/25    Thanks to the root types who have been working hard to clean up the
        recent mess on soda and in EECS in general.  The masses are pleased
        to have soda return.  --PeterM
        \_ Word.
        \_ Hmm, is POP and IMAP still down?
        \_ All praise the great root types!
        \_ No HTTP service either
        \_ Your work means a lot to us.  Inability to use soda drives me nuts,
           especially since I use it for love emails.
        \_ specifically much praise is due to mikeh.  He put alot of time into
           the reinstall and cleaning up of things.  'course everybody put
           effort in.
2002/7/16-18 [Computer/SW/Security] UID:25372 Activity:high
7/16    How do I generate a public key compatible for openssh on an SSH
        (commercial) machine?  openssh uses single-line keys, while
        ssh uses multiline keys.
        \_ I got out a text editor and re-arranged the entries to match.  It
           was lame but it worked.
        \_ see openssh ssh-keygen man page
           \_ If you're trying to use pre-existing keys and convert them this
              won't do it for you but it will generate new ones in either
              format.
              \_ Yes it will, you apparently haven't read the manpage.
                 \_ Not in my version which is relatively recent.
     -x      This option will read a private OpenSSH DSA format file and print
             a SSH2-compatible public key to stdout.

     -X      This option will read a unencrypted SSH2-compatible private (or
             public) key file and print an OpenSSH compatible private (or pub-
             lic) key to stdout.
                \_ Yes and where's the option for ssh1?
2002/7/13 [Computer/SW/Security, Computer/SW/Unix] UID:25347 Activity:moderate
7/12    Anyone know of a lightweight secure ftp program like secure fx?
        Putty PsFtp is *too* lightweight.
        \_ try WinSCP
        \_ ssh secure shell client for windows, available on http://depot.berkeley.edu
           if you can't access http://depot.berkeley.edu, maybe you shouldn't be on
           a machine that is supposedly for undergrads.
           \_ I wake up every morning and try to fuck up everyone else's
              day just a little bit too, cool!
2002/7/6 [Computer/SW/Security] UID:25292 Activity:low
7/5     What is the purpose of having subkeys in the PGP/GPG encryption
        scheme?
        \_ for rounds.
2002/7/6-8/9 [Computer/SW/Security] UID:25290 Activity:nil
07/05   Apache upgraded, bugs to dev-null@soda. In the future if you
        see a problem mail root rather than venting on the motd. Yes,
        we read bugtraq, as is demonstrated by the fact that security
        issues are normally handled quickly. --Galen
2024/11/27 [General] UID:1000 Activity:popular
11/27   
Results 451 - 600 of 1108   < 1 2 3 4 5 6 7 8 >
Berkeley CSUA MOTD:Computer:SW:Security:
.