| WIKI | FAQ | Tech FAQ | |
 http://csua.com/feed/ | |
| ||||||
| 11/23 |
| 2004/1/8 [Computer/SW/Security] UID:11716 Activity:kinda low |
1/7 I know soda runs a browser based ssh login scheme but I've never
had to use it so I know nothing about it. Now for various unimportant
reasons I need the same thing running on my home machine. What is
the name of the software that soda uses for this and where can I get
it? Thanks!
\_ Easier is just download putty ssh when you need it.
\_ Google for "mindterm", or just grab it from soda. There's different
versions. It is a 'ssh1' client implemented in java. -ERic
URL is http://www.mindbright.se/mindterm
\_ and an excellent FAQ for getting to systems from behind networks
with firewalls administered by idiot/bofh network admins:
http://www.tldp.org/HOWTO/Firewall-Piercing
\_ It sounds to me like he is looking for server software, not a client.
\_ OP here to clarify: a friend who recently can ssh out from a corp
\_ OP here to clarify: a friend who recently who ssh out from a corp
network no longer can. they only have some sort of http proxy to
the public net now. I'm looking for a way for them to abuse the
corp http proxy to ssh to remote hosts outside the corp net. I
thought the soda solution was running some sort of proxy abusing
ssh client which is why I asked about that.
\_ I could never get mindterm to work right with http proxies.
Mindterm2 has no problems, though. Run it as a local jarfile
if you have funky security settings. -John
ssh client which is why I asked about that.
\_ Thanks! |
| 2004/1/6 [Computer/SW/Security] UID:11680 Activity:nil |
1/6 How do I post to newgroup with an email account I don't have access
to? Thanks.
\_ Use your mad el8 haxz0r skillz! |
| 2003/12/22 [Computer/SW/Security] UID:11560 Activity:nil 75%like:10794 |
12/21 Anybody have any good or bad things to say about http://togetherhost.com? |
| 2003/12/13-14 [Computer/SW/Security] UID:11447 Activity:nil |
12/13 Why do yahoo, ebay, and a host of other sites that require a
password and may contain personal information still default to
use non SSL to transmit passwords? Several times I've forgotten
to click the elective secure login button!
\_ it puts more load on their systems, and really, they don't give
a shit about your account, unless they're providing financial
services.
\_ yes.. extra load on their systems.. also some people are in
environments where https is not an option. if you haven't
noticed, whenever you access something they think is trully
sensitive they switch to requiring https and ask for your
"security key" which is separate from your password |
| 2003/12/12 [Computer/SW/Security, Computer/Companies/Yahoo] UID:29714 Activity:nil |
12/12 Yahoo to use msg authentication for email:
http://www.newscientist.com/news/news.jsp?id=ns99994459
\_ That's like, so yesterday, and stuff |
| 2003/12/12-13 [Computer/SW/Unix, Computer/SW/Security] UID:11435 Activity:nil |
12/12 what in the hayell is <DEAD>writeme.com<DEAD>? like free webmail with no website? \_ see http://www.mail.com and try signing up. \_ aaaaaah hchaaaaaaa! cheerz. but no. \_ ??? http://mail.com offers many @domain options including <DEAD>writeme.com<DEAD>. What do you mean by your statement above? |
| 2003/12/12-13 [Computer/SW/Editors, Computer/SW/Mail, Computer/SW/Security] UID:11423 Activity:nil |
12/11 Does anyone know of a free SFTP client for MacOS 9? --dim
\_ http://versiontracker.com |
| 2003/12/11 [Computer/SW/OS/SCO, Computer/SW/Security] UID:11402 Activity:nil |
12/10 SCO's claim of a DDOS attack probably false:
http://www.groklaw.net/article.php?story=20031210163721614 |
| 2003/12/3 [Computer/SW/Security, Computer/SW/Graphics] UID:11295 Activity:low |
12/2 Research on Ecstacy is Clouded by Errors
http://www.nytimes.com/2003/12/02/science/02ECST.html
\_ Not surprising. Most people I've seen on X aren't the greatest
examples of lucidity.
\_ uh, the scientists who ran the flawed study weren't
the ones on ecstacy. in fact nobody in the study was.
\_ Whoosh!
\_ Whoa. Someone commented on an URL link without reading the
URL? SHOCKER!
\_ Okay. It was a joke. Sorry for confusing you.
\_ INCLUDE YOUR CHILDREN WHEN BAKING COOKIES
\_ NEW STUDY FOR OBESITY LOOKS FOR LARGER TEST GROUP.
\_ PROSTITUTES APPEAL TO POPE
\_ ALL DRUG ADDICTS HAVE EATEN A POTATO AT SOME
POINT IN THEIR LIVES.
\_ Y'all gonna keep them brain doctors working when you're 60. |
| 2003/11/25-26 [Computer/SW/Security] UID:11223 Activity:nil |
11/25 When I do "ssh machine command" it keeps asking me for password.
The weird thing is that it only happens on certain machines. Why
is that and how do I make it so it never prompts for a password? Thx
\_ create private keys
\_ man ssh-keygen, man ssh-agent
\_ Also man ssh, search for shosts.
\_ shost-like authentication is not enabled by default in newer
implementations of OpenSSH. Just use the key authentication. |
| 2003/11/23-24 [Recreation/Dating, Computer/SW/Security] UID:11197 Activity:low |
11/23 A friend has a website that's become very popular recently (no, it's
not porn). Up until now he's been relying on the kindness of strangers
to host it but recently the large amount of bandwidth it's taking up
has made that no longer an option. I'm trying to help him figure out
how/where to host his site, any advice would be appreciated. The
site had a recent spike in popularity which may or may not continue,
the last few days it's used up about 13 GB of bandwidth a day. It
doesn't need a lot of storage space (< 100 MB).
\_ http://www.communitycolo.net be sure your friend's site
is not for profit! No porn! -brain
\_ 13 gigs a day!?! wow, and it's really not porn? What is it.
That is a crazy amount of traffic for a non porn site.
\_ warez, mp3, porn. pick 2.
\_ no, none of these... it's just gotten some press in the last
few days. -op
\_ so what's the site?
\_ it's gotta be friendster, no?
\_ 13GB/(24 * 60 * 60) = 150KB/s or 1.2 Mb/s
This is not enough to fill a T1. How can CS students really
be this dense?
\_ Traffic is a spikey thing. Peaks of 10 times
your average traffic are not uncommon.
\_ Perhaps. But I work at a site that is not even
in the top 500 of web sites and we do 200X this
much traffic. Lots of sites that aren't porn do
much more than 13GB/day.
\_ it is a hell of a lot of traffic for a site that is
being run on dontated bandwidth.
\_ he just doesn't have the right friends. 1.5mbs
would barely show on the graph where I am.
\_ BitTorrent.
\_ http://FreeCache.org |
| 2003/11/11 [Computer/SW/Security] UID:11029 Activity:nil |
11/11 11:11:11 has passed.
\_ it isn't the year 1111
\_ Alright, what's the deal with 11:11:11? Is this one of those
mystical stoner things like 4:20 that no one understands the
origin of but everyone quotes?
\_ the 4:20 thing comes from a police code for marijuana.
-nonstoner
\_ That's a widely circulated but well-debunked myth. There
was a group of stoners from Cupertino or somewhere in the
south bay who called themselves the Waldos and got high
after school at 4:20 in the early 80's. I can't provide
URLs demonstrating that it's not the police code anywhere
but a little googling should provide it. -sometimesstoner
\_ a minute to remember those who have made sacrafices in the
fields of battle in service of our country. Hate the
Commander in Chief, but do not hate the foot soldier.
\_ Veteran's Day, originally Armistice Day, was held on
November 11th to celebrate the close of WWI. Supposedly
the terms of the armistice were signed around 11am |
| 2003/10/30 [Computer/SW/Security] UID:10865 Activity:high |
10/30 Somebody once mentioned editing the motd via scp. How does that work?
\_ See, when you edit by scp, you're off by one whole day.
\_ err, think about it. What does scp do? It copies files.
Copy, edit, copy back.
\_ Yes, thank you. I'm wondering *why* someone would do that,
instead of editing it on soda.
\_ to attempt greater anonymity, duh. |
| 2003/10/30 [Computer/SW/Security] UID:10857 Activity:nil |
10/29 Is there a way to turn off encryption of the data stream in openssh?
Encryption during the authentication process is fine and good, but
sometimes I want to transfer files across a fast network on slow
machines, and the data encryption becomes the bottleneck rather than
the network. I've check the manpage, but the openssh guys seem a little
fascist about encryption. Thanks.
\_ telnet rcp
\_ weird how a bunch of dudes writing security software would be so
anal about all that encryption stuff, huh?
\_ there's anal, then there's too anal.
\_ go ahead and write your own encryption method and compile it
in and just have it not encrypt. the source is always built
with an option to let the user change methods. use it.
\_ you can build it yourself with a null cipher, or just live with
-c arcfour as one of the faster ones. btw, if you are transfering
smallish files, tar cf - | ssh tar xf - will gain much more than
tinkering with ciphers on the crappy scp protocol.
\_ I would think that part of a secure transmission is ensuring that
the data stream hasn't been tampered with. If you don't encrypt
everything, someone could possibly inject bad data. |
| 2003/10/29 [Computer/SW/Security, Computer/SW/SpamAssassin, Computer/SW/Unix] UID:10836 Activity:nil |
10/28 Someone give me a quick way of installing/using spamassassin? Thanks!
\_ man spam
\_ can I install spamassassin as non-root on a machine that I don't
have root on, like... company machine, school, etc?
\_ yes but it's easier with root. with some tiny clue you can
do it as non-root. you're mostly changing paths around.
\_ ok I just installed it with non-root. However it only
filters 50% of the rules. Should I make it learn it
on a frequent basis (e.g. sa-learn --spam mail/spam) or
is there a better way? Also is razor a good thing to have? |
| 11/23 |
| 2003/10/22 [Computer/SW/Security] UID:10732 Activity:nil |
10/21 Security researcher and security content analyst positions at
Zone Labs. See ~sky/job/{zone,zone2}.txt. Sorry I was too
lazy to format nice. WARNING: may require sitting for for
extended periods of time. (More positions will be added soon)
Email sking@zonelabs.com
--sky
\_ do I have to bend over too? :(
\_ sygate is far more superior
\_ I respect your opinion... just curious why you think so.
thanks. --sky
\_ 1) sky is not on my favorite person list, 2) i have no contact
:( --sky _/
or association with zone labs beyond being a user, 3) your
lack of english skills are painful, 4) sygate sucks donkey dick.
I tried these and several others and zonelabs was the best at
dealing with rogue apps calling home. zonelabs + winroute for
port and protocol screening make a really good combo.
\_ Do you actually know sky, or is your opinion of the gent
strictly based on motd? -mice
\_ Either way, I wouldn't blame the poster for his/her
opinion. I've had more than my fair share of problems in
the past, which manifest themeselves both in my real
life interactions with people and in the motd. --sky |
| 2003/10/20-21 [Finance, Recreation/Food, Computer/SW/Security] UID:10707 Activity:low |
10/20 Ever wonder why you get some much junk mail? It's because the United
States Postal Service encourages such practice!
http://www.usps.com/features/fourstepstodirectmail.htm
\_ of the corporations, by the corporations and for the corporations...
\_ Yeah, they're self supporting.
\_ poor trees.
\_ theyre grown on tree farms for the purpose. so of like your
\_ theyre grown on tree farms for the purpose. sort of like your
lunch.
\_ yes the forests of Canada, Madagascar and Burma
are one vast tree farm.
\_ yawn. no one is chopping trees in madagascar to get
paper to send you junk mail. it takes 50,000 trees
to print *each* edition of the sunday NYT. you think
they're stripping madagascar? no, it's all tree farm
trees raised for that purpose.
\_ poor cows.
\_ and poor wheat and corn and everything else grown for
us to murder and eat. |
| 2003/10/10-12 [Reference/BayArea, Computer/SW/Security] UID:10580 Activity:nil |
10/10 Any recs. for the cheapestpossible cell service in the bay area that is
more-or-less decent? Only need for occasional use. Want to minimize
the $/month.
\_ Never used it myself, but they say MetroPCS is good if you only
call within bay area.
\_ Thanks, but I am looking for the CHEAPEST. MetroPCS is $35/mo
\_ I don't think you're gonna find any cheap plans below $30
these days with most providers. My gf's sister and parents
have a really old plan of $10 a month, and Verizon's gonna
kick them off the plan in few months. Perhaps you should
look into prepaid cells. AT&T and Virgin has 'em.
\_ Cingular also has prepaid. $0.35/minute for peak time
and $0.10/minute at off peak. Prepaid card starts
at $10 and must be refilled every 30 days. $20 and
above card expires 90 days. I think you get to keep
any leftover $ everytime you refill your account.
\_ Thanks, that's what I was thinking of
\_ http://www.attwireless.com/personal/prepaid
You can get wireless for as low as $10/45 day
period. Minutes will roll-over if you recharge
your acct before the minutes expire. |
| 2003/10/10-11 [Computer/SW/Security, Computer/SW/Unix] UID:10568 Activity:nil |
10/10 pretty entertaining AI/20 Questions website:
http://y.20q.net:8095/btest for anonymous login
<DEAD>q.20q.net/q.cgi?N<DEAD> to register, which makes it way
more entertaining.
Things I didn't know
The Earth's core is not something you can wear
You don't squeeze the Earth's core out of a bottle
The Earth's core is not in a traditional engagement ring
\_ Things I didn't know
A programmer is not fuzzy
\_ Bunny is, though.
A programmer might carry people
A programmer does bite
A programmer is not used to measure something
\_ Thing I didn't know
You don't put things in a testicle
\_ A mobile phone probably has leaves... and is a domesticated animal
\_ Things I didn't know
Religion is not made of plastic
Men might not find religion erotic
Religion is artificially built by human beings
\_ Can some one please install the *ancient* 'animal game' on soda
so these people can get their sillyness fix? Thanks. |
| 2003/10/3-5 [Computer/SW/Security, Computer/Domains] UID:10457 Activity:nil |
10/3 About freakin time...
http://boston.internet.com/news/article.php/3087071
\_ what? why? i found their search page a fresh and welcome change
to my dull typo-filled life. |
| 2003/10/2-3 [Computer/SW/Security] UID:10430 Activity:low |
10/2 someone posted a web page to access our soda mail, what was it
again? thx.
\_ I think it was shot down as insecure.
\_ John says everything is insecure so we should just do it. |
| 2003/10/1 [Computer/SW/Security, Computer/SW/Unix] UID:10391 Activity:nil |
9/30 I'm not a very mathy person, but I've found myself in dire need of
a good root-finding algorithm. I've currently got a piece of
software that uses Mueller's Method -- but it sometimes generates
whack results that crash a rather twitchy third party piece of
software as it iterates. The curves I'm examining can be assumed to
be monotonic. Can I do better than Mueller's, or am I SOL? TIA. -mice
\_ Use Mathworld to look up 'root finding' and find the root finding
method which will work best for the kind of function you have.
Using mathworld for this sort of thing is a good meta-skill to learn.
\_ you'd probably find a numerical analysis text more useful than
mathworld. try checking one out at a college library if you can.
there are not that many root-finding methods that are actually
used much in real life.
\_ One technique to explore-- see if you can parameterize your
curve on some region of interest by a [0,1] lambda. I.e.. munge
your algebra around until you can get a diff from root as a
function of some linear parameter. If your curve is nice,
consider golden section or binary search. Another thing to do
is just chop up lambda into increments, evaluate diff, and
pick the best guess at root (or refine search in a region of
the best approx from a linear visit across lambda). Not the
niftiest method in the universe, but it gets the job done. |
| 2003/10/1-3 [Computer/SW/Security, Computer/SW/WWW/Server] UID:10390 Activity:nil |
10/1 OpenSSL vulnerabilities. Patchpatchpatch...
http://www.openssl.org/news/secadv_20030930.txt -John
\_ is it enough to get install the new ssl rpm or does my mod_ssl
need to be recompiled?
\_ depends on whether mod_ssl is linked statically or not. I believe
it's not since the only new RedHat updates that showed up today
are openssl ones. In general, they a rarely use static linking,
so to update a library, you just need to install the new library
rpm and not worry about the applications that use it.
\_ My new plan. Fuck ssh/ssl. I'm changing all external connections
to vpn-only and then filtering the shit out of who is allowed to
even try to connect to that.
\_ Oh *that* will work. Because we all know that every VPN
solution out there is utterly foolproof and secure. Nobody
ever cracked DES or IOS. Blanket statements like that are
incredibly ignorant and dangerous (although if it makes you
feel safer, go ahead.) There is nothing fundamentally
wrong with OpenSSH/SSL--no computer or software is or
will ever be 100% secure. Just patch the fucking thing
and get on with your life. There'll be others. -John
\_ You're so ... manly! when you talk about security, John.
It makes my heart go "thump! thump! thump!" Can I have
your love child? Your IPSEC key?
\_ DOS vulnerability. Not remote exploit. |
| 2003/9/29 [Computer/SW/WWW/Browsers, Computer/SW/Security] UID:10359 Activity:nil |
9/29 What do you guys use to SFTP your files from soda to home Winbox?
I use WinSCP but it hangs too often. Thx.
\_ cygwin scp
\_ SecureCRT + zmodem
\_ SecureFX
\_ Putty's pscp. Though FileZilla works too. Both are free.
\_ http and mozilla |
| 2003/9/24-25 [Computer/SW/Security] UID:10315 Activity:high |
9/24 For Wind0ze users: SecureCRT or PuTTy, cost notwithstanding?
\_ putty seems perfectly sufficient for my needs. but i am using it
as i would a glass tty, so your needs may differ.
\_ never used putty, but SecureCRT has been more than adequate for
my needs.
\_ SecureCRT. I haven't tried PuTTy recently though. I like
SecureCRT's binding of PageUp/PageDown to scrollback, and reading
from my ssh private key files automatically, which are the same as
in my Cygwin ssh. I don't like that CPU goes to 100% and I can't
close the window when output is coming too fast.
\_ TTSSH is another free alternative. I like it, though if you don't
care about cost SecureCRT may be better.
\_ Is SecureCRT free? Last time I checked it has a trial period.
\_ My only beef with putty is that the config is in the registry. It's
X-tunnelling works great, etc. (TTerm can't tunnel IIRC.)
\_ Another great thing about putty is that it comes with
ssh-agent like functionality.
\_ Teraterm can definitely tunnel. Maybe the only bad thing about
Teraterm/TTSSH is it only supports ssh1. I like it.
\_ The only bad thing is that your secure client isn't secure?
\_ Have been using putty for over 2 years now (when forced to use a
windows machine, that is), and have been very satisfied with it. It
just seems to work right, no matter what, carry no bloat and
have no annoyances. Quite possibly the cleanest windows app that
I've used in a long, long time. -alexf
\_ Putty is very basic and simply works. If I could get work to pay
for SecureCRT, I'd use that instead.
in my Cygwin ssh. |
| 2003/9/24 [Computer/SW/Security, Computer/HW/Drives] UID:10308 Activity:nil |
9/23 I have some data tapes that I haven't touched in 5 years. I used
nbackup in DOS on a 486 to make the tapes. Using the same program
on the same computer, I am trying to restore those files. I was
able to open the tapes, but when I try to restore, it says
"Cannot access tape drive" or just keeps asking me to insert the
tape when it's already inserted. Is it possible that the tape is
old and that the data is lost, or is the problem more likely the
tape drive? How can I retrieve this data?
\_ Does it say this for *every* tape? Unless *all* your tapes have
been damaged by some environmental event or they were shitty tapes
to start with, it is more likely the tape drive is shot. If you
have a unix box with the right tape drive you should be able to
at least use dd to read raw data from the tapes as a test.
\_ Actually, since I posted that, I was able to get some data
from one of the tapes. But then it kept giving me error
messages again. I looked closely at the tape, and the tape
is physically only connected to one spool (this was not the
case originally), and it's not as easy as you might think
to get it back on the other spool neatly.
\_ I had this same thing happen years ago. There is an
"end of tape" optical sensor in the drive, and if it
gets dusty, the drive unspools the tapes. You could
try to put the tape back together after cleaning the
dust out of the drive, but I suspect you might be out
of luck. This is why I abandoned tapes, and switched
to hard disks backups. and disks don't make that
annoying whining sound when searching for files. Look
in the Sunday paper and get a 150GB disk for $90. use
an old extra computer as a backup server, or get an
external drive, but either way, make sure to spin it
up often: hard disks can die from stiction if left
unused in an "off" state for too long (years). |
| 2003/9/23-25 [Computer/SW/Security] UID:10293 Activity:kinda low |
9/22 OpenSSH 3.7.1p2 (portable, ie non-OpenBSD) has been released.
There are multiple vulnerabilities with the PAM auth code in
3.7.1p1, so if you use PAM (Solaris/Linux) you should upgrade.
http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=106432248411636&w=2
\_ Is there an sshd that just works? I'd be happy with a v2 sshd
without holes that just allows simple logins. Any other features
after that would be a bonus. Any suggestions? Please?
\_ Sigh. OpenSSH "just works". It's just that its vulnerabilities
are declared and found more frequently than commercial SSH
daemons. Not saying those are any better or worse, but you are
deluding yourself if you think that any piece of cryptographic
software is "secure" just because no bugs are ever publicly
announced. Patching system components is a part of life as a
sysadmin, get used to it. -John
\_ I am all for opensource but doesn't it bring as much harm
as benefit in terms of security? Sure patchs are made on
more frequently, but isn't it much easier in theory to find a
bug to exploit when the source is available than otherwise?
\_ Do you occasionally look at Bugtraq? I suggest you do,
if only to make it clear that having a commercial program
doesn't add much in the way of security. Ask Microsoft.
"Better the devil you know"... -John
\_ I'm not making my point. I can see that. I don't care
who wrote it or why or where it comes from. I just want
an sshd with minimal features and fewer holes than what
openssh has. If you don't know of one, thanks, that's
ok.
\_ would you prefer to know that holes are being found and
patched at the cost of having to upgrade, or instead
not know about holes and ignore upgrades in ignorant bliss?
\_ I'm not making my point. I can see that. I don't care
who wrote it or why or where it comes from. I just want
an sshd with minimal features and fewer holes than what
openssh has. If you don't know of one, thanks, that's
ok.
\_ You're very clear--I'm simply saying that OpenSSH
is pretty much "it" for open-souce sshd, and with
the non-open source ones, no, you probably won't be
patching so often, but that says nothing about the
amount of holes in them. -John
\_ I don't care if the alternative is commercial or not. I just
want something I won't be patching three times in a week. I'm
not concerned with open vs commercial philosophy.
\_ It's nothing to do with commercial or open source. It's
a question of security. If all you care about is not
patching something, then don't run OpenSSH. This is
what's known as 'sticking your head in the sand'. And
yes, what you don't know _can_ hurt you. Your call. -John
\_ I'm not making my point. I can see that. I don't care
who wrote it or why or where it comes from. I just want
an sshd with minimal features and fewer holes than what
openssh has. If you don't know of one, thanks, that's
ok.
\_ Argh! Nooo! Is this a joke? I had already had to upgrade OpenSSH
on nearly 200 hosts -twice- during last week.
What the #$(@)@*!!
\_ Pride goeth before a fall.
\_ Pride goes before destruction, a haughty spirit
before a fall. Proverbs 16:18
\_ That's why it makes sense to wait to upgrade. OpenSSH
*always* has one or two patches out within a week. --dim
\_ wait a week to upgrade while getting hacked in the meantime?
swell idea, i wish i'd thought of it.
\_ There are no known exploits for this vulnerability, nor for
most of the ones being found lately. "It is uncertain
whether these errors are potentially exploitable,
however, we prefer to see bugs fixed proactively." --dim
\_ so says them. securityfocus paints a different picture.
in any case, better safe than sorry.
\_ More than once the "new" OpenSSH has been more flawed
than the original. An example was when the privilege
separation code was first added. It is common for
the OpenSSH folks to fix a bug and then have to
fix their fix. Hence, we are at p2 already. Just wait
for the bozos to figure it out unless the bug is
easily exploited. --dim
\_ they're not exactly fixing their fix. they somewhat
hastily made a release with *new* functionality,
which was probably not well-tested. so just patch
the old 3.6.1p2 and you're fine.
\_ Jesus fucking Christ! Is there a simple v2 sshd out there that
just works?! I don't need all the whiz bang features, just a
login shell. If it could port forward that would be a bonus
but I could survive without it if it meant I could stop the
upgrade madness.
\_ what's this whole upgrade madness? it's been a while since
the last major openssh scare. fwiw, maybe you should've just
patched 3.6.1 and been done with it.
\_ lsh might be what you are looking for. Keep in mind that
OpenSSH has a larger user base, developer base and h4x0r
base so gets more auditing.
\_ and lsh had its own remote exploitable bug days later.
so what's the difference.
http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=106432248411636&w=2 |
| 2003/9/23-24 [Computer/SW/Security] UID:10287 Activity:nil |
9/22 I know of MindTerm, as well as a whole slew of httpstunnel
ssh-over-https scripts; does anyone know of a java applet which
combines the two? -John |
| 2003/9/17-18 [Computer/Networking, Computer/SW/Security] UID:10233 Activity:nil |
9/16 What's the cheapest internet access to be had in (west) Berkeley?
It's for my sister, a student... and I don't think piggybacking
onto someone's wireless is an option. Speed isn't important.
Thanks.
\_ Get dialup for $8 a month.
\_ Who has dial-up for $8 a month?
\_ i have dialup for $6.95 a month.
\_ NetZero. The ads are free too...
\_Netzero isn't free anymore.
\_ I haven't used it, but the last time I was looking, I got a couple
reccomendations to http://www.access4less.net $6/mo and supposedly good
service (can't vouch for this, apple-fan(atic) roommate went
and signed up for their partner earthlink) |
| 2003/9/17 [Computer/SW/Security, Computer/Rants] UID:10227 Activity:nil |
9/16 Shutterfly on http://fuckedcompany.com. Add this to my list of a few days ago about why *not* to use them. \_ Who cares if Best Buy is or isn't using them? It's a good service. -tom \_ Because they're a dotcom with no parent company, too many staff, high prices and one less big customer. I just hope you keep an original of all your pictures and copies of everything your friends have shared with you. When they go, they're going to go POP! really fast. \_ I ended up going with http://pbase.com. Yeah, it's a pay service ($23/yr), but it had all the features I wanted in an attractive package. |
| 2003/9/17-20 [Computer/SW/Security, Computer/SW/OS/FreeBSD] UID:10225 Activity:nil 74%like:10214 |
9/16 OpenSSH 3.7.1 released (fixes a buffer mgmt error):
http://marc.theaimsgroup.com/?l=openbsd-announce&m=106375547524560&w=2
OpenBSD: http://www.openssh.com/openbsd.html
Portable: http://www.openssh.com/portable.html
[ updated to 3.7.1 since 3.7 had a bug ]
emacs user was here
\_ I had a beta version of 097b ssl installed so I got the 4/10/03
version and the compile and install went clean but the ssh client
still says its using the old version.... I then recompiled and
installed ssh and same thing. I've tried a few other things but
nothing works. Any hints? There's no rpm for my system and
the compile isn't the issue anyway. Thanks!
\_ Have you killed and restarted sshd? Do you know where
your make install is putting things--is it the same place
your startup scripts are running them from? -John
\_ ssh -v shows the old openssl version. It has nothing
to do with sshd. It's getting it from
/usr/lib/libcrypto.so.8.0 according to ktrace. I don't
see where the openssl install is supposed to replace or
install a newer version of this file.
\_ If you build openssl from src it puts the libs
in /usr/local/ssl/lib or /usr/local/lib (depends
on your os). If you want your new version to
override the system installed default, then just
rename the version in /usr/lib and make a symlink
to the new version (provided you can build a .so
on your arch). If you are using *BSD you should
probably fetch the latest version of /usr/src/lib
and rebuild that way.
\_ Arrr!
\_ Avast! |
| 2003/9/16 [Computer/SW/Security, Computer/SW/OS/FreeBSD] UID:10214 Activity:nil 74%like:10225 |
9/16 OpenSSH 3.7 released (fixes a buffer mgmt error):
http://marc.theaimsgroup.com/?l=openbsd-announce&m=106373074626260&w=2
OpenBSD: http://www.openssh.com/openbsd.html
Portable: http://www.openssh.com/portable.html |
| 2003/9/13-15 [Computer/SW/Security] UID:10183 Activity:nil |
9/13 Which online photo sharing websites do you guys prefer?
\_ shutterfly. -tom
\_ http://www.csua.berkeley.edu/~login
\_ snapfish.
\_ Decide what you need. Here's the service summary on the 3 major
sites:
snapfish: uses Kodak paper and machines, lowest prices, but
ships from east coast so it takes a little longer
to get prints sent here, maybe an extra 2-3 days.
ofoto: owned by kodak but uses fuji equipment, etc. slightly
more expensive but you'll get your pics a day or two
sooner because they're printing locally,
shutterfly: same idea as ofoto except they're still a dotcom
and dont have large company backing them so they
have to charge more and they could go under and
take your pictures with them at any time. i
believe they use a variety of smaller development
firms, thus the higher prices since they don't get
the same kind of bulk rates snapfish and ofoto can.
If you're not printing and only want the free online storage
and the ability to share, it doesn't really matter. Bits are
bits, yes?
\_ ofoto requires your visitors to log on to view your
pictures, so it does really matter. -tom
\_ if they didn't then deep linking directly to photos
would allow rampant abuse of storage and bandwidth for
non-customer uses. It isn't 1998 anymore. They need
to control costs and make profit or die.
\_ that is easy enough to prevent without making someone
need to have an account. Just check the referal.
\_ See my comment about 1998. If they can get you to
sign up, you're more likely to continue using the
service. If you won't signup, what do they need
you for anyway?
\_ I'm just pointing out that your first argument
was flawed. As to the second, well, there are
two options I can go with that don't require
a visitor to sign in. All other things being
equal guess which choice is better?
\_ We have a different idea of what constitutes
abuse. To me if you're not a paying customer
or bringing in other paying customers yet
you're sucking bandwidth and storage, you're
useless to the company. True, it's only
really abuse if they allow it to happen and
in this case they're not. Additionally,
they're taking steps to try to get more
paying customers which is a good thing for
any business. We're splitting hairs at this
point. Since the accounts are free, it's
all pretty much the same in that regard.
There's probably a csuamotd/csuamotd account
on all three already. :-)
\_ no, because if I'm using the service I'm
also probably paying for prints and the
like. The point is by making people
need to log in to see my pictures I'm
going to go with one of the other two
and when I want to get prints I'll
get them from the company where I've
put my photos. Bandwidth and storage is
still pretty damn cheap compared to other
costs and it is pretty easy to catch the
serious abuses. (Say just give every
use a dl/day limit). |
| 2003/9/2-3 [Computer/SW/Security] UID:29520 Activity:insanely high 80%like:10043 |
9/2 What is the average density of yermom? I don't have anything to
measure weight near me and I need that info soon. Ok tnx.
\_ STFW? there's got to be something about this online somewhere.
\_ Use the scale at the post office. It also depends on the paper.
\_ I cannot easily access a post office right now. I need to
come up with a very rough estimate of lost of book. I have
only rulers in my disposal.
E.g. phone books are pretty light considering their sizes.
\_ I cannot access a post office right now. I need to estimate
very roughly the weight of many boxes of books with only rulers
and helpful info from the motd. If you have a big book and can
measure both its weight and dimensions, please let me know. Tnx.
\_ I know. Find a computer book at your office. Measure its
dimensions. Go to http://Amazon.com, and try to order 100 copies of
that book. See what the shipping charge is, and backward-
calculate its weight according to the shipping method. Then
cancel your order at the last step.
\_ That's a pretty good idea. Though you don't even need to do
this--Amazon should include the dimensions of the book. |
| 2003/8/29-30 [Computer/SW/Security] UID:10013 Activity:nil |
8/29 How does ssh generate the fingerprint for the rsa public key?
When I echo <pubkey from ssh_host_rsa_key.pub> | openssl sha1
I get a different fingerprint than what ssh shows me, but when
I look at the actual key they are the same.
\_ umm, you know doing that sums the string 'pubkey', and not
your actual key right?
\_ he does now.
\_ I figured it was obvious that 'pubkey' ment the public
key from /etc/ssh/ssh_host_rsa_key.pub. I've fixed it.
\_ cat /etc/ssh/ssh_host_rsa_key.pub | openssl sha1
\_ the right answer is ssh-keygen -l -f <keyf> |
| 2003/8/27-28 [Computer/HW/Memory, Computer/SW/Security] UID:29482 Activity:moderate |
8/27 I just gave a security presentation to a bunch of MBA students working
on a market strategy for http://www.giwano.com Aside from a mildly
unfortunate name, they have a cute idea, but it seems slightly
gimmicky to me. While I can think of nice roles for some kind of
"secure" storage like these, what's the almighty motd's opinion? -John
\_ sounds like hogwash. Either the user can't get data between the
two systems, or it's vulnerable to attack. -tom
\_ what do you have in mind re: unfortunate name? gitano? guano?
\_ Puerile, but yes. And as the PC (that's what it is) runs
XP, it is vulnerable to attack--the idea is to use the
flash memory between the two PC units to manually move
sensitive data back and forth. It's got a built-in KVM
switch to let you work on both units, so you could connect
the internal unit to a 'sensitive' network and share it with
PCs there. Or something. I think the idea has some merit,
but they're going about it all weird. -John
\_ Isn't this just reinventing sneaker net? --dim
\_ I tried to figure out exactly what they're doing but wasn't willing
to invest that much time doing so. Can you explain it in a few
short sentences? Generally, people with important data seem happy
with their current level of security. If they weren't then you'd
see products from the major vendors (EMC, Hitachi, IBM, Netapp, etc)
to address the issue. You don't but I wish them well anyway. |
| 2003/8/26 [Computer/SW/Security, Computer/SW/Unix] UID:29470 Activity:high |
8/26 http://nosuch.com/music/webtones.cgi \_ hm... I don't think this is that cool. \_ The arbiter has spoken! \_ more an attempt to stimulate conversation than to arbitrate. what do other people think? just seems to me like there are many arbitrary ways one could generate music from a web page, gif, whatever, and the results of thsi weren't particularly compelling musically. |
| 2003/8/15-16 [Computer/SW/Security, Computer/SW/Unix] UID:29359 Activity:low |
8/15 D00DZ GN00 WUZ 0WNZ!
http://csua.org/u/3xw (story.news.yahoo.com)
http://www.cert.org/advisories/CA-2003-21.html
\_ rms:rms |
| 2003/8/14-15 [Computer/SW/Security] UID:29342 Activity:high |
8/13 Read your Soda mail on the web: http://dev1.bnet.org/imp No warranties, but you can mail me w/ questions/comments. IMP does this semi-securely(?) using IMAPS (port 993). -abe \_ so wait, it uses imap-ssl but you suggest we login via plain text http? brilliant. why not just use something like http://www.mail2web.com instead? \_ who would trust your site anyway? if people want something like \_ and to connect to it over straight http... this, csua should just install squirrelmail or something. \_ Which could very easily be used to gather passwords. Come on, people... SSH tunnels and IMAPS are really not that hard to set up. --scotsman \_ Not that easy if you are on some webterminal while on vacation. \_ I found that going to the putty download page and running from there often worked to ssh in. \_ Of course I could easily use it to gather passwords. CSUA *should* install something like IMP (or squirrelmail, or whatever), but they haven't, so this is an alternative. of course, you have to trust me and my server (which I probably wouldn't). -op \_ not for "you" to gather passwords. for a man-in-the-middle between you and the hapless user. --scotsman \_ I guess it's about like http://csua.org/u but it's a potential security/privacy hazard. So, if I may speak for the motd, we thank you but respectfully decline. \_ Um. It's nothing like http://csua.org/u the url shortener doesn't have anything to do with your login on soda. and it doesn't \_ um. the reading comprehension thing again. -not 2 up open you up to having your account nabbed by a sniffer. Again I say come on... --scotsman \_ um. the reading comprehension thing again. -not 2 up \_ Wow that's great! It uses my MSPassPort(c), right? I use my MSPassPort(c) for everything! But if you're not MSPassPort(c) compatible your site will never grow! \_ guys, come on. It's a PROOF OF CONCEPT. Give the guy a break. Change your password and give it a try, then change it back. If it's cool maybe we could sign a petition to install similar stuff on trusted CSUA machines. Now if only we could petition a Recall on Poliburo, that'd be even better. \_ arnie for csua president! \_ Why would you trust a CSUA machine? \_ I trust any CSUA Linux/BSD machine over any corrupt and disfunctional CSUA Poliburo any time. \_ it is a nice program, thank you!! |
| 2003/8/11-12 [Computer/SW/Security, Computer/SW/Unix] UID:29315 Activity:kinda low |
8/11 http://www.craigslist.org/eby/eng/14754592.html They claim there's a "Secret password" encoded in there but it looks like every other "we don't have enough money" job posting to me. I'd never apply for a job like this but I'd like to know if there really is a "secret password" in there. \_ Read down the first letters of the first five paragraphs. I want 30% of your first month's salary. \_ bingo \_ Kinda sad actually. I thought it would be harder to find. \_ BSPTEFEEA? WTF does that mean??? \_ It means "you will continue to draw unemployment" |
| 2003/8/10-12 [Computer/SW/Security] UID:29299 Activity:very high |
8/10 I'm looking for an encryption software package for windows 2000 that
works on a per-directory or drive basis and is transparent. Meaning
once I authenticate myself I can create files or copy stuff into the
folder and it'll be encrypted automatically. Word, Excel, TurboTax,
etc should all work with this encrypted folder. For individual files
I can use pgp. But when working with a lot of files, I prefer not to
think and just dump the files into a directory. I'll buy the software.
Not looking for free stuff. Thanks.
\_ Whatever you do, avoid EFS. It has its uses, but its key management
is immature and difficult to manage. You may also want to have a
look at Utimaco Safeguard Easy (it's not on a per-directory basis,
but might give you something to work with.) -John
\_ for enterprise level you might consider a NAS or SAN product like
the datafort from Decru. the nas product does per file encryption
on the fly.. plus can do end-end cryption btwn it and your desktop.
for just local storage, i recommend either f-secure or pgpdisk,
both create a virtual volume on the local drive and maintain a
file system structure w/in that volume. from experience w/ both,
pgpdisk at least used to be easier to use. you can find it at
http://www.pgp.com of course. -shac
\_ You can also try BestCrypt. You can mount an encrypted file as a
removable drive. I've been using it for more than three years
now to keep my personal stuff secure on my work laptop.
http://www.jetico.com
\_ Steganos Security Suite. Tools include Steganos Safe (like PGPDisk),
Internet Trace Destructor, Email Encryption, Shredder, Password
Manager
\_ Which tools work on both Linux and Windows platforms?
\_ here is my stupid question. Where do you guys store your
private key ring when you are using any of these product?
the very same laptop/computer that you are encrypting upon?
\_ This is the problem. Probably the best place to store
a private encryption key is on something like a smart card,
which can itself be PIN-code protected. One of the main
weaknesses of most drive encryption products (this is my
beef with EFS) is that it's nearly impossible to keep
track of peoples' private encryption keys--Entrust does a
good job of this, I'm not sure of other PKIs (MS does not.)
Ideally you'd have the keys somewhere local and secure
(like a hardware token inside a protected container) as
well as archived *very* securely for recovery purposes in
something like an encrypted CA/RA database. For everyday
encryption (aunt Hilda's secret recipes, your porn) storing
keys in something like a GPG keyring should be enough. -John
\_ My PGP foo is weak. Please explain. So what if I store
all the key stuff in the same laptop? I thought that
without my passphrase people can't possibly crack it?
That's the whole point of the bigger and bigger sizes
I keep hearing about. E.g. 1024 vs 2048 bit encryption.
\_ OK when you lose your encryption keys, you have a
problem. A PKI (public key infrastructure) is a
mechanism that issues keys for encryption and
your transfer rates will sky rocke while your disk usage will
signing etc. and, ideally, archives your private
encryption key in a safe place. PGP/GPG work
differently, instead of having authoritative say
"Joe is OK", you have this idea of a "web of trust"
where you trust peoples' keys by consensus. Key
size, to oversimplify it, just affects how hard it
is to crack something by brute force. And as for
storing all your keys in one place, look at it like
a normal keychain--if you put all your keys on it
and it gets lost or stolen, you have a problem--you
should probably use a key safe or something. Hence
the password protection or storing it on some
secure medium, like a smart card. For some slightly
outdated docs on how a PKI (not PGP) works, have
a look at http://ospkibook.sourceforge.net -John
\_ I use PhilCrypt with the compression option. Works with all OS's,
local, over NFS, HTTP, etc to NAS, SAN, with udp, tcp, iscsi, you
name it! PhilCrypt is the best and the compression option means
your transfer rates will sky rocket while your disk usage will
actually go down the more data you add to your PhilCrypt DataVault!
Get "PhilCrypt DataVault Deluxe" (includes PhilCompression and
advanced management features)! |
| 2003/8/8-10 [Computer/SW/Security, Computer/SW/RevisionControl] UID:29286 Activity:moderate |
8/8 Is there any way to run a cvs server without root such that it can
support windows users without ssh.
\_ man pserver
\_ no joy.
\_ another way is to download cygwin, install it in windows,
use the cvs via ssh at the command line - danh
\_ man pserver
\_ no joy.
\_ Um.. okay, read up on pserver on the cvs howto page.
\_ You can use .rhosts file. Better to use ssh such as plink though. |
| 2003/8/8-10 [Computer/SW/Security] UID:29277 Activity:low |
8/7 Is it just me or is Soda's POP3/IMAP security certificate broken?
\_ Does anyone besides me read CSUA mail on the web (i use imp)?
\_ Yup, it expired. |
| 2003/7/30 [Computer/SW/Security, Computer/SW/Unix] UID:29175 Activity:kinda low |
7/29 I've been struggling with cygwin all day and getting nowhere.
I'm trying to get it to run init and startup xinetd, sshd, etc
from /etc/rc.d/rc?.d just like on a real unix box and I'm not
getting anywhere. There's an error in the init.d/functions file
which prevents anything running properly and when I try running
xinetd by hand, it runs as my user and not SYSTEM even though
I setuid'd xinetd.exe and tried a bunch of other things. Has
anyone here got any of this working and if so, please tell me
how explaining very very slowly because I'm feeling really
stupid right now. And no google didn't help at all. Thanks!
\_ there is a cyg program to install your sshd (and anything
else) as an NT service. Set that to start automagically
and you will be good to go. google for "cygwin sshd
install" and i'm sure you will find it. |
| 2003/7/25 [Politics/Domestic/California, Computer/SW/Security] UID:29134 Activity:kinda low |
7/24 Any recommendations for high-speed access in La Palma, Ca? I have
SBC for phone service, but ironically, I can't get the Yahoo/SBC DSL
deal where I live.
\_ try using http://www.dslreports.com to search |
| 2003/7/23-27 [Computer/SW/Security, Consumer/CellPhone] UID:29119 Activity:high |
7/23 Anyone have any experience checking their soda email thru t-mobile's
"t-zones" service? I just got a new phone that I'm messing around
with and it seems pretty cool except for a couple glitches that I've
been calling tech support about and wondering if anyone's gotten it
to work right. thanks. - rory
\_ http://www.ntk.net/2003/07/25/dohbad.gif -John
\_ Who the heck came up with that name. "combination skin and oily
\_ you need an exfoliating mMode cleanser. - rory
\_ rory! I fantasize about giving you a bikini wax.
\_ WTF is going on here.
\_ Probably the same people who tried putting a computer store
in the old Weird Stuff building in Sunnyvale (across from the
old Fry's) and decided T-Zone was a much cooler name than
Technology Zone. Didn't last long.
T-zones let me check my email ANYWHERE!" -chialea
\_ I haven't had any luck, except through very basic SSH
access through my P800.
\_ and does anyone use the t-mobile internet (unlimited gprs for
19.99 on top of voice plan)? does it suck? --karlcz
\_ I think the rates have changed. I'm getting 1MB for 2.99,
and I can upgrade to unlimited bandwidth for $10.
\_ that is for t-zones WAP service. tmobile internet
lets you use your phone (or pcmcia card) as a gprs
network interface for your laptop, pda, etc.
\_ I know a couple people with t-mobile and they are angrier about
lock of service than even the cingular users I know. Data, voice,
neither seem to work worth a damn. No wonder if is so cheap.
\_ I heartily disagree... perhaps the problem is your friends'
phones? I recently switched to a Nokia 6610 (been using
t-mobile for a while) and service dramatically improved. I'm
almost never w/out connection. Plus, their customer service
is fantastic. extremely helpful phone people. I lost my
previous phone and was given a full month credit just because.
\_ out of curiosity where in bay area are you?
\_ Manhattan. heh
\_ I get full signal in mid-peninsula and south bay. But I haven't
tried east bay where my friend has almost no signals.
\_ Update: alright, so I figured out the problem, but would like to
come up with a better solution. When I check my soda email with
my phone via POP3, it leaves all my msgs on the server but moves
them off the spool to a mailbox file named "mbox" in my home dir.
Usually I check my email with Outlook Express, which as far as I
can tell, just checkes for msgs on the spool. Is there any way
I can get these two different mail-checking methods to work
together? is this standard behavior?
\_ you have pop3 over ssl working with soda? i never got that
working
\_ I use pop3 over an ssh tunnel. ie, localhost:110 on my home
machine |
| 2003/7/15-16 [Computer/SW/Security] UID:29048 Activity:nil |
7/15 http://lwn.net/Articles/39909 Bruce Schneier's crypto-gram, scroll down and read the last part. |
| 2003/7/10-11 [Computer/SW/Security] UID:28998 Activity:moderate |
7/10 What is a good way to check to see if a host is alive when ICMP is
blocked? Attempting an ssh connection to it stinks if the host is down,
since the client takes a long time to give up. Other ideas? --dim
\_ Interesting, you'd need to know a service that is always up
when the host is up. If ssh is running, you could try
telnet host 22
\- not true
with udp --psb
when the host is up. then netcat that port.
'netcat hostname 22'
\- you cannot tell the difference between a host that is
blackholing you and one that is down ... i.e. you arent
getting any FIN/RST/ACK etc. i suppose you can hit random
udp ports and look for icmp port unreachables ... basically
you either need to know/guess something about the machine
to pick the "single" highest probability technique or
you need to OR together a bunch of tests, some of which
are expensive. i am assuming you are a few hops away
and you want an active rather than passive technique. --psb
\_ Port scan 'em.
\_ Call the sysadmin or send email and ask. If you're the admin,
then look at the screen. |
| 2003/7/10-11 [Computer/SW/Security, Computer/SW/WWW/Server] UID:28992 Activity:nil |
7/9 So, what are the cheapest "trusted" SSL certs out there?
\_ Get a standard Windows install, open MMC, look in the certificates
snap-in for trusted root certificates, go through those. Or failing
that, in the 'security' settings of any browser under whatever
incarnation of a 'certificate authorities' listing you have.
(Thawte no longer exists.) What do you need a trusted root CA
chain for? You can very often get away with issuing your own.
-John
\_ http://instantssl.com, price starting at $50
http://geotrust.com, price starting at $150
Never used either of them, so YMMV. |
| 2003/7/9-10 [Politics/Domestic/California, Computer/SW/Security] UID:28981 Activity:very high |
7/9 Diebold voting machines easily hackable:
http://www.scoop.co.nz/mason/stories/HL0307/S00065.htm
Why on earth would you use Microsoft Access to do something as
important as tabulating votes?
\_ because you care more about short-term profit than democracy?
\_ Well, there goes their profit.
\_ how is there profit in using a shrink wrap ware instead of a
free one? they're stupid but not for the reason you feel.
\_ thanks guys, once in a while this anti-corporate, "they
are all a bunch of evil greed heads" draws me in and i
forget that the answer is almost always "people are
stupid" rather than "people are evil", it's good that
\_ How about making software as "product" and subject to
product reliability law suit? duh
there are others who realize that and can remind me when
i forget. -phuqm
\_ only criminals would hack into systems. let law enforcement
do its job, fucker
\_ hmm, these sound like the words of a criminal who is aware
just how unlikely the "job" is to get done. You know, that
or a Troll. -phuqm
\_ Or corrupt/zealous/partial/party-affiliated voting officials
\_ That makes them criminals, DUH!
\_ hah! the great long tradition of police protecting voting...
\_ how about making software as a "product" (instead of this
licensing nonsense) and subject to product reliability law suit? |
| 2003/7/7 [Computer/SW/Security] UID:28943 Activity:low |
7/6 Is there any way to get scp to not overwrite a file that exists on
the remote host?
\_ Use rsync instead. You can use rsync through ssh for the
encryption and auth.
\_ Unison is a nice tool for syncing things between two machines. |
| 2003/7/2-3 [Computer/Domains, Computer/SW/Security] UID:28898 Activity:high |
7/2 I need to renew my domains soon. I'm currently registered under
http://joker.com but with the high cost of the euro, I think I'll switch.
Can anyone recommend a registrar for this? Does it cost money
to switch?
\_ http://godaddy.com It does not cost additional money to switch
\_ It looks like they offer only 5 subdomains with the basic
package. Can I add more? How much would they cost?
\_ http://www.tubgirl.com has the best domain registration service.
\_ but not quite as good as www.goatse.cx |
| 2003/7/1 [Computer/SW/Security, Computer/SW/OS/Windows] UID:28886 Activity:nil |
7/1 What's a .pif file?
\_ http://www.google.com/search?q=what+is+a+pif+file
\_ brilliant! |
| 2003/6/25-26 [Computer/SW/Security] UID:28837 Activity:high |
6/25 Does anyone have any day-to-day experience with encrypting
many (O(100s of MBs)) of files on their hard drives? For
instance, if you have a laptop with all of your electronic
bank statements/etc on it, and wanted to encrypt these with
a key that you have on a compact flash or something similar?
I know it is doable, but I'm wondering if it is in a way that
is still usable?
\_ why not use an encrypting file system...
\_ MS EFS has somehighly annoying problems, like making it
really easy to accidentally generate new keys (which are
not backed up easily.) Look at CFS under FreeBSD. -John
\_ The critical point would still be key management, right?
You don't want to have the key on the machine if it
gets stolen, but you still want fairly normal access to
the files... Put it on a "secret" web page so that you
can download it to use? Or on compact flash? Does
anyone do this kind of thing?
\_ but that would be cheating.
\_ is there any free/open source encrypted file system?
\_ pffft. You might as well just format the drive now.
\_ Abe's Linux Encrypted Filesystem howto:
http://www.abeowitz.com/crypto
Also I've seen similar stuff with windows that uses a
vxd to add encrypted filesystem support and mounts an
encrypted block file.
\_ no relation. -abe
\_ Just tell your g/f that you look at porn. Stop trying to hide
it from her. |
| 2003/6/24 [Computer/SW/Database, Computer/SW/Security, Reference/Law/Visa] UID:28824 Activity:high |
6/24 Oh god. I wish the EU (useless bunch of poltroons) would get at
least a semblance of a backbone.
http://www.theregister.co.uk/content/55/31380.html
Does anyone know more about new biometric passports the US is supposed
to be issuing? I'd frankly much rather deal with the hassle of a
visa with my Swiss passport than submit to this. -John
\_ Maybe it's just me, but John seems to talk about his Swiss passport
pretty frequently.
\_ Biometrics are such a huge mistake. No one seems to be addressing
the issue that if your biometrics are compromised, there is no way to
issue new ID--well, without replacing your eyes. -emarkp
\_ Hm? Perhaps I'm misunderstanding the process: you have an ID
or passport with your retinal scan/fingerprints on it. They
scan your ID, compare it to a db of such things, and then you
put your eye/hand to the scanner and verify that you are who
the system says you are. Are you saying that someone could
hack the db and sub their own particulars for yours and so take
your bank account? If so, you now have their fingerprints /
ret. scan on file-- should be fairly easy to find the duplicates
in the system and arrest the perp.
\_ No, if someone else can ID themself with your biometrics or
subvert the system somehow, you're screwed. You can't get
different biometrics. -emarkp
\_ What are we talking here? Fake fingerprint gloves?
False retinal scan contacts? Not saying it can't be done
but quite a stretch, no?
\_ Actually it's quite easy to fake out the fingerprint
thing. The retinal scans can be horribly difficult
obtain accurately at times. The real problem is identity
theft and proving that it wasn't you who shifted your
bank account/stock portfolio/real estate to party X.
VERY tough to dispute.
\_ I fail to see how biometrics makes this worse;
right now you're being authenticated on your
signature, which is way easier to forge than
even the simplest biometric. -tom
\_ It's not worse. It makes id theft much more
difficult. I'm more for dual source
authentication. Bio + PIN. However, businesses
might make it much harder to dispute id theft
and make corrections since it is technically so
difficult. I fear an overreliance on tech.
\_ I think this has less to do with tech, and
more to do with the nature of big business
and bureaucracy. Bureaucracy and silly
overhead happen just fine without any
technology at all. What you'd hope is that
intelligent policies will be put into place
to deal with situations that the tech makes
'unlikely'.
\_ You'll submit and you'll like it.
\_ Grey matter! Grey matter! |
| 2003/6/12 [Computer/SW/Security, Computer/SW/RevisionControl] UID:28711 Activity:high |
6/11 Which of the free email accounts are the most reliable? I have a
http://netscape.net account that recently has been getting flaky. Anyone
have any recommendations for yahoo, hotmail, or anything else? Thanks.
\_ CSUA
\_ You have broadband? Host yourself.
\_ No broadband. I need to use a web-based provider.
\_ http://www.horde.org/imp
http://www.squirrelmail.org
Work a charm, fast, and I'd trust them a lot more
than a free mail provider. -John
\_ Work a charm, foreigner!
\_ Fine. "They work very nicely", you
pedantic hun. -John
\_ That's Normandic Anglo-Saxon to you.
\_ How about trailer trash honky? |
| 2003/6/10 [Computer/SW/Mail, Computer/SW/Security] UID:28688 Activity:high |
6/9 is anyone using the following SSH client? Is it any good?
ssh windows client
version: Aug 4 1998 (32)
by: Cedomir Igaly, 1995/1998
Revision: 2.100
\_ If you're just looking for a recommendation, either SecureCRT
or TeraTerm Pro have worked well for me.
\_ Agree with the above, or putty (simply because it's the first google
hit on a search for putty, and is a single executable of about 500k.
i call it my tissue paper ssh client) --scotsman
\_ I use the free non-commercial ssh client from http://ssh.com. Works fine
and allows for easy file transfers.
\_ It also has the advantage of recognizing urls and letting you
click on them, which i like since i follow every link posted
on CSUA. It has the disadvantage of being very bugy.
\_ buggs ar eprobabyl frm cdoing typos, eh?
\_ PuTTY works very nicely:
http://www.chiark.greenend.org.uk/~sgtatham/putty
\_ Indeeed, I switched from TTerm to putty and haven't looked back
(the single executable/no install is very nice). It does X
tunnelling which IIRC TT doesn't.
\_ Actually, TT tunnelling is pretty good, and does X fine.
\_ Yup, and teraterm cut/paste is much more friendly. Also
its UI is much leaner, which I prefer. TeraTerm will also
do serial connections, which IIRC putty does not.
\_ Does TT do protocol 2 yet?
\_ Not the last time I checked. That's the *only* reason
to use putty.
\_ cygwin
\_ SecureCRT, hands down! Putty is not bad, but SecureCRT has
almost everything you ever wanted in a telnet client. Ultra
robust, highly customizable. |
| 2003/6/5 [Computer/SW/Languages/Misc, Computer/SW/Security] UID:28642 Activity:high |
6/4 Does anyone know if there's a web interface for FORTRAN? Basically,
I want to write and run FORTRAN programs from a Web browser without
having to install anything on my desktop. Thanks!
\_ no
\_ Hmmm. If your goal is just to write FORTRAN programs without
installing on your computer, you could SSH into soda and
use g77. Is using a web browser really important? Maybe
the Java SSH interface would suffice.
\_ Thanks for that thought. I have a need where it would be more
than just myself and not all my users would have an SSH
client... I just figured Web browsers are ubiquitous. Also, I
was hoping for a richer UI. Any other thoughts?... I
appreciate any ideas.
\_ How about install a VNC server? VNC has java applet client
and it works reasonably well.
\_ The problem with VNC is all users share the same desktop. So
if two people needed to work on their own project, they
couldn't. I didn't mention this as a requirement previously
so I definitely appreciate the suggestion... but I cannot use
it. Please keep 'em coming, though.
\_ you can run them from a browser as a cgi like anything else.
writing them is no different than any other web based input system
that you see message boards,etc using.
\_ In other words, you mean use an HTML TEXTAREA where the
programmer can write his/her code; but when the submit button
is clicked, the code is fed to the FORTRAN compiler on the
server?
\_ something like that. In short I mean "use CGI". that's what
it's there for.
\_ more stupid idea. How about install an X-client on the
FORTRASH computer, install an X-server on your own computer,
and access that way? It will resolve the problem. I know,
you said you don't want install anything on your computer, but
i personally think an x-server should be an exception: everyone
should installed X-server (and FTP server :p )
\_ and a kazaa server and put at least 200 gigs online so we can
all share because the information wants to be free!!! you're
truly brilliant in a k-12 sort of way. |
| 2003/6/4 [Computer/SW/OS/Linux, Computer/SW/Security] UID:28627 Activity:high |
6/2 So why did Anonymous Motd Censor remove the DIY Cruise Missle link?
\_ No one can truly understand the motives of AMC. Anyway here is the
link: http://www.interestingprojects.com/cruisemissile
\_ thanks for restoring the link. Now even I am curious and
want to build a pulsejet myself :p
\_ Because it had nothing to do with RIDE BIKE! or USE LINUX! of
course, which are the only topics that are allowed to be of any
interest to the "Berkeley computer science community". |
| 2003/5/20-21 [Computer/SW/Unix, Computer/SW/Security] UID:28496 Activity:moderate |
5/20 sun gurus, please help. My ultra 5 had some problem getting out of
suspend. I had to power cycle and do nvram-default to get it to boot
up normal again. Everything is up now. But the system is EXTERMELY
slow. I don't see any processes hogging up memory or anything strange.
I think the previous bad suspend left some bad stuff around that's
screwing up the system. What should I look for to get it back to
normal again? Thanks!
\_ It's an ultra5. How fast could it ever have been?
\_ I type 'top' and it takes 10 seconds for the display to come up.
Similarly with other commands. It's not environment related
because using the same dot files on another machine works just
fine.
\_ vmstat, iostat
\_ Don't use suspend. There is no point and it has problems. --dim
\_ When suspend hoses me I try this from the ok prompt:
boot -s
when it asks for the root password, I hit control D.
The machine should then come up fine. I login
as root, I remove /.CPR or /var/.CPR and edit
/etc/power.conf so I don't get hosed again. If you chmod
/usr/openwin/bin/sys-suspend not to be executable, that
will prevent accidentally suspending via the sleep key. -ax
\_ Just pkgrm the power related packages.
\_ pkgrm(in this order): SUNWcprx SUNWcpr SUNWpmux SUNWpmowm
SUNWpmowu SUNWpmowr SUNWpmr SUNWpmu |
| 2003/5/19-20 [Computer/SW/Security, Politics/Domestic/SocialSecurity] UID:28490 Activity:nil |
5/19 My refinance showed someone (LA) is using my SSN. What can I do?
Who do I report this to? This is a serious question. thx.
\_ First contact the police. One of the things they will do is
give you a form with a lot of different crdit agencies to
contact. Contact all major credit card companies as well.
Although you can get a free credit check if you suspect fraud
you get the wimpy version, so you want to shell out 25 bucks
for the full one you can double check. Hell, you probably want
to do it every couple of months for the next half year or so.
Yes it is a bitch, I've been there before, but it the long
run things got corrected and the person stopped using my SSN.
\_ Call your local SS office. They will give you the number of the SS
Inspector General. That office handles stuff having to do with SS
fraud and criminal activity.
\_ And the IRS. When you contact the three credit agencies,
ask to put a freeze or a fraud report on your listings.
\_ See if you can get an address and kill them. |
| 2003/5/12 [Science/GlobalWarming, Industry/Startup, Computer/SW/Security] UID:28410 Activity:very high |
5/11 http://www.workingassets.com - just a decent phone company that puts money toward good (progressive) causes (for when your email to your congressman stops making you feel good). \_ Shouldn't they be giving the service free!?? Capitalist swine - you are a sell out. \_ yermom gives it out for free and she's still swine. \_ If they are the cheapest and give (your) money away, then this is great. o/w give your own money away, and get the charitable deduction for yourself. \_ the nice thing about opting for world conscious services such as this one is that you show market preference for that type of corporation ethic. other companies will clean up their act if they see that the conscious stick gets customers. \_ wow.... I didn't know people actually believed that.... \_ Kinda like the U.N. I imagine. \_ Except the UN doesn't make a profit, isn't at all 'world conscious', doesn't provide real services, has no competition, and continues collecting money from it's 'members' no matter how well or poorly it does providing no incentive to improve, and has no effective means of controlling either it's own members or it's own staff, officers, and executives who don't ever get reviewed, demoted, fired, or replaced, and is trying to take over the entire world and reduce your national level rights to zero. Yeah, kinda like that. \_ Except for the profit thing, this sounds exactly like Microsoft! \_ You think the UN and MS are in cahoots? |
| 2003/5/8-9 [Computer/SW/Security] UID:28377 Activity:high |
5/8 I'm suing someone and it turns out that he gave me a fake address
and I can't serve the paper. What should I do now?
\_ why don't you post this to the motd three or four *more* times?
\_ hire a private detective.
\_ This is correct, assuming you don't have a cheaper option.
(Like a phone book.) I can put you in touch with a good one.
-jrleek
\_ What's the guy's name? Maybe we know him. Or is it a fake name?
And you still haven't told us what information you do have on him:
driver's license, license plates, etc.
\_ If the above does not work, but you have his real name and a
general idea of where he lives, you can petition the court for
service by publication. However, that should be a last resort
because it can get somewhat expensive.
\_ I have his real name and a general idea of where he lives.
What is service by publication and how much is it?
\_ Service by publication means that you take out ad
space in the local newspaper(s) saying "Hey, I am
suing you - Call me for details." If the person fails
to answer within a certain time, you can take that
person's default. Then you hire a private investigator
to find the person and his assets. The cost depends on
the judge, particularly on how many publications and
for how long - check your local rules, but hopefully,
you are in a situation where you can recover costs
and fees. Also, lest I forget, service by publication
generally does not work for small claims matters, but
once again, check your local rules. |
| 2003/5/7-8 [Computer/SW/Security, Computer/SW/OS/Windows] UID:28364 Activity:high |
5/7 "Microsoft Plans Toilets With Web Access "
http://csua.org/u/e60
Now, who wants to use a keyboard that has been touched by a thousand
other people while they wiped their butts and genitals?
\_ Only a thousand?
\_ This is a question you may not want to address to motd users.
\_ Well, you used the lab computers, didn't you?
\_ Oh no! And I was eating my sandwich with bare hands too!
\_ Yeah I always used gloves if you used it before me.
\_ This was on the motd almost a week ago.
\_ yes, although there was no explicit mention of genitals the
first time.
\_ Great, more shitty products.
\_ I'd hate to be in there when the server crashed. |
| 2003/4/30-5/1 [Computer/SW/Security, Computer/SW/Unix] UID:28273 Activity:low |
4/30 So can someone comment on the problem(s) with /var? Why does it keep
filling up, what are people doing to fix the problem each time? Maybe
somebody here already knows a longterm solution.
\_ It is some attachment problem. It goes away on its own.
Jon thinks it is related to SA. I cannot tell anymore than
that because I do not have root. You should email root or
the politburo for answers to questions like this. -ausman
\_ actually, it goes away when someone with root comes along
and cleans out whatever file(s) causing the prob. |
| 2003/4/28-29 [Computer/SW/Security] UID:28247 Activity:kinda low |
4/27 I share a shell-SSH-SCP account using ssh-keys.
Is there a way to log SCP access history of the other users.
\_ don't share accounts. and no you can't create a log that you can't
delete.
\_ What about a log that could be deleted? possible?
The intent of the log is not to log the technically
sophisticated folks who could delete it, but to
keep track of the stupid people. Where can I get
web-hosting with multiple accounts and a group as well? |
| 2003/4/20-21 [Computer/SW/Security] UID:28175 Activity:nil |
4/20 John, a question about swiss bank accounts (since you're there). I've
heard some news that they're going to stop issuing those secret
accounts where you don't need any ID to open one. Is that true?
And do you know of any banks there that use biometric data to access
the account? Like retinal scan or some finger printing device.
Thanks.
\_ There haven't been any id-less Swiss bank accounts for a very
long time now. A 'numbered' account simply means that once
you open an account, there is no longer an association between
your name and the account #--you lose the number, you're screwed.
Swiss banks nowadays do a lot of checking to make sure cash isn't
"dirty"--this includes verifying your ID. The main attraction is
the secrecy you get once the account is open. They generally don't
tell anyone. For even more confidentiality and better service, I'd
look at Liechtenstein. Also, I know of no banks that do biometric
ID for the type of money that you or I are looking at. And for
very large accounts (> $5 million) the service is usually personal
("private banking"). There's still a huge legal gap regarding
biometric ID and digital non-repudiation in most countries. I'd
be glad to ask around, though. -John
\_ If the account # and some password or passphrase is the only
thing you need to to access the account, isn't that dangerous?
If either of the two is stolen you're screwed since they don't
check IDs (rather there's no ID to check). That's why i thought
of some biometric system. |
| 2003/4/17 [Computer/SW/Security] UID:28156 Activity:very high |
4/17 In veneration of his computer science forbears, it is decided that Dan
Holliman will change his name to Dan Hollerith. danh, we expect
compliance and certifying documentation from the Social Security
Administration in a reasonably short time. Thank you and good night.
\_ huh?
\_ Perhaps a reference to the hollerith format flag in Fortran77?
-- ulysses |
| 2003/4/15-16 [Computer/SW/Security] UID:28135 Activity:very high |
4/15 What is a one-time pad, and why is it considered bad/insufficient
for security?
\_ Yeah, why is a one-time pad insufficient? Snicker. - !OP
\_ a one-time pad IS insufficent if it is the only thing
you are using for security. There better be some intelligent
system for sharing one-time pads/keeping them secure, etc.
Stop being an ass.
\_ So you're saying a one-time pad is insufficient if it is used
stupidly? Is there a security protocol that is sufficient
even if used stupidly?
\_ I'm saying that used alone it is far from sufficent because
there are far too many unresolved issues.
\_ declaring war on iraq
\_ which begs the question: if your system is idiot-proof,
won't someone just build a better idiot?
\_ It's an encryption algorithm: to send a (say) 5K message to your
friend, first generate 5K of random bits (the "pad") and share
those secretly with your friend. Then, to send your message,
just xor each bit with the corresponding bit from the pad. You
can't ever reuse pad data; you have to generate new random bits
for each message you want to send (hence the "one-time").
This algorithm is cool because it's provably unbreakable: if
someone sees your encrypted message, but has no information about
your pad, then it's impossible for them to decrypt your message.
However, this algorithm is usually not practical, because you have
to secretly share 5K of pad data for each 5K message you want to
send. (For comparison, an ordinary private-key encryption
algorithm like AES lets you secretly share a small key (128 to
256 bits) and then use that key to encrypt as much data as you
want.)
\_ because you're all being stupid and noone signs their names:
OTPs are useful for when you have only occasional trustworthy
contact with your sender/receiver (in-person contact, trusted
monthly courier ...), and have a need to share relatively short
messages in a highly secure fashion.
to respond to some of the points attempted above:
1) if you have a way to get someone a pad in a secret [trusted]
way, why not use the same way to transmit the message?
Because the way you transfer the pad may not be available
when a message needs to be sent.
2) if you get part of the pad, you can decrypt part of the message.
If you get an AES key, which is comparable in size to the
supposed partial pad, you get the whole message.
Issues of key management aside (which affect all crypto systems),
OTP offers the user high confidence at the expense of convenience
(large, non-reusable keys) and reliance on periodic OTP refreash.
(large, non-reusable keys) and reliance on periodic OTP refresh.
--4554660b1f82fae1e048ff6c1874d31b
\_ I think everyone who cares already knew that, since among
other things the OTP is about the simplest cryptosystem
imagineable. you have been trolled.
\_ only so that I could get the guy below to respond.
sometimes you gotta take a troll to get a better troll.
--3210615175eaa726402a9001bf8dbc6a
\_ OTP does not offer high confidence except in highly
controlled environments because there is no way to
perform adequate message authentication in OTP:
1) If the recv'd msg is off by even one bit/char the
message won't make any sense. While single bit/char
errors might be noticed in the decrypted PT,
multi-bit/char errors that can change the content of
the message without being detected (this depends on
the language, but for things like english the
probability of detecting multi-bit/char errors is not
that high).
2) If OTP is used for messages transmitted via a public
channel the big problem is that there is no way to
ensure that the message you recv'd was transmitted by
the person that should have sent it. In some cases
an attacker can mount a DOS on the system by tx'ing
fake messages.
\_ Why is it one-time? Why can't the same pad be used again to
transmit a different message to the same receiver?
\_ If a pad is reused, a pattern is formed in the ciphertext
which can be exploited by an opponent via a Analysis in
Depth Attack. Some of the venona decodes were the result
of the Russians reusing the same pad for multiple (different)
messages. |
| 2003/4/15-16 [Computer/SW/Security] UID:28129 Activity:very high |
4/14 So I quit my company 2 months ago but I'm still getting paycheck
from them. I'm pretty sure something's wrong with the accounting.
I guess it's just a matter of time before they find out. Can they
legally withdraw money from my account when they find out?
\_ accepting a paycheck from a job you no longer work at
is fraud, end of story. return the money and get on with
your life.
\_ Tell the payroll office about it now, and don't be helpful about
returning the money you have. You can hope that interdepartmental
politics will keep payroll from contacting legal and you might get
to keep it. The moral thing is something else of course... but
you did quit, so maybe they screwed you over? Eh...
\_ Blow up the accounting office or hack their computers. Be a MAN!
\_ of course. it's their money.
\_ it depends. If you're getting paper paychecks then no. But they
can sue you for it and will win. If you're EFT then yes they can.
Either way, I wouldn't spend the money until they're out of
business plus a year.
\_ Why can't the guy quit while he's ahead? That is, close the
bank account.
\_ Because they'll just sue him and he'll lose. Welcome to the
world of adults where accountability exists. Silly rabbit.
\_ No. BUT... Since you know you're not working for them, any money
received works as a claim of fraud. Since it's been a couple of
months and probably a good amount of money recieved, you could be
charged with embezzlement and felony fraud. Notify the company and
arrange to return the money. If you withdrew against this money,
it adds credence to the charges. After two months of getting checks,
you'll be hard pressed to claim ignorance and proving "good will"
in notifying the company of the error. Return the dough and hope
they don't ask for interest back.
\_ This happened to me and a fellow coworker at Cisco. He told them
after the first paycheck arrived and they told him to keep it...
I mailed them after receiving three paychecks (~$5K) and they
never mailed me back but stopped sending checks. A few months
later I deposited the checks into a money market account. I didn't
touch the money for two years. It's been three years since. ymmv. |
| 2003/4/9 [Computer/SW/Security] UID:28051 Activity:nil |
4/9 If I have access to a POP box full of mail, what's the easiest
way to get all the messages currently in the box forwarded to
somebody. I don't have access to the mail spool for this POP
box.
\_ fetchmail from the pop account and then forward. |
| 2003/4/5-6 [Computer/SW/WWW/Browsers, Computer/SW/Security] UID:28002 Activity:high |
4/5 On the http://netzero.com Terms and Conditions: * Software Downloads. As part of the NetZero Service, NetZero may from time to time download software owned by NetZero or third parties to your computer. Your use of the NetZero Service constitutes your consent to such downloads. What is this about? What type of software would they want to download to my computer? Is this to scan the files on my computer, or likely something more innocuous? \_ something to do with ads maybe? \_ why do you want to use netzero anyway? there are other choices that are cheaper and have worked okay for me. e.g., joi internet. \_ Thanks for the tip! I'll switch to joi. \_ does joi require you to use their own software? \_ no. \_ Welcome to Gator hell. Tried Ad-aware @ http://lavasoft.com? \_ Ad-aware sucks. Get Spybot Search and Destroy \_ It probably means pop up and other ad crap, data mining, and similar spyware crap. Legally it means *anything* they want and they're on safe legal ground. Some third party ware installed via them steals your CC or tax info and you're a victim of ID theft? You're SOL. Don't be cheap, get real net service without T&C like this. \_Just hack Netzero and get around their software. I used to do it when their accounts were free. \_ Why bother? |
| 2003/4/1-2 [Computer/SW/Security] UID:27947 Activity:low 63%like:27920 |
4/1 OpenSSH 3.6.1 is out. Fixes some interoperability problems with
other implementations.
Portable: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.6.1p1.tar.gz
OpenBSD: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/openssh-3.6.1.tgz
\_ Thanks, installed. --mconst |
| 2003/3/31-4/1 [Computer/SW/Security] UID:27920 Activity:low 63%like:27947 |
3/30 OpenSSH 3.6 will be out shortly. Changes include RSA blinding
and proper handling of priv. sep. when root login is permitted.
Portable: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.6p1.tar.gz
OpenBSD: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/openssh-3.6.tgz
\_ Thanks -- I've installed it in /usr/local/bin. --mconst
\_ thanks |
| 2003/3/26-27 [Computer/SW/Security, Computer/SW/Unix] UID:27858 Activity:moderate |
3/26 I just upgraded to Bind 9.2.2 and it seems that I can no longer
get responses from roots a and b (the other root serves work
fine). I've checked the routing, I can get to a and b, I just
can't get a response from them. Anyone else have this problem?
Any suggestions about where to start debugging? tia.
\_ I had a different problem. bind8 stopped being able to query
the root nameservers at all. So I upgraded to bind9.
--scotsman |
| 2003/3/26 [Computer/SW/Security] UID:27853 Activity:nil |
3/25 Anyone know if ther are providers that will sell DSL service
without phone service? I've had it with AT&T/Comcast. --jwm |
| 2003/3/20-21 [Computer/SW/Security] UID:27768 Activity:high |
3/20 anywhere to get an SSH2 client, someone just stole my SSH 1 since
i am using teratermpro and ssh for it (ie: a friend stole it)
\_ putty is a free ssh client for Windows.
\_ http://software.berkeley.edu or http://www.ssh.com if you're not a student
\_ stole it?
\_ huh? I thought teratermpro is free at first place. |
| 2003/3/19-20 [Computer/SW/Unix, Computer/SW/Security] UID:27751 Activity:high |
3/19 How did mconst fix /var, and what was wrong with it?
\_ The mail I sent to root is now in ~mconst/pub/var-mail. --mconst
\_ thanks, that was informative. Shouldn't that file be made
unreadable by non-root though?
\_ I think everything in there is public information -- but
please let me know if I missed something. --mconst
\_ I'm sorry, I meant /var/account/acct. It seems like
it contains somewhat private information of little use
to non-sysadmin types.
\_ You're absolutely right. Fixed, thanks. --mconst
\_ Does anybody else find this polite exchange as
refreshing as I do?
\_ Actually...yes. -mice
\_ PURE. REFRESHING. MCONST.
\_ Someone was trying to rotate accounting logs, and failed
miserably. |
| 2003/3/13 [Politics/Domestic/911, Computer/SW/Security] UID:27686 Activity:very high |
3/13 http://www.usatoday.com/usatonline/20030313/4942670s.htm "Much of the information on Mohammed's laptop computer was protected by an encryption code that CIA analysts cracked easily, U.S. intelligence officials said." It was probably RSA or PGP. What else is he likely to have used? Something from MS? \_ They threated to kill his preteen kids if he didn't give them the password. \_ Damn those unsecure end nodes. \_ Microsoft Visual ROT13++ \_ Microsoft Active Visual 2ROT13#. \_ Be sure to download the first three patches and upgrade before using. The fourth patch allows you to encrypt, but won't decrypt non-MS ROT13 encryptions. They are still working on it... \_ This stuff is getting so old it's not even funny anymore. \_ This stuff is still funny, because it is still the case, despite how long it has been the case. \_ Any system in which the key is shorter than the message is an inherently weak system. The only one "safe" encryption system is OTP (and even that is not safe if you have your own Guardian of Forever) \_ Guardian of Forever? Is this some nerdy book/tv/movie reference? \_ Here's a cookie for you. \_ I'm serious. What is it? \_ Watch TOS Ep. 28. \_ so what the fuck is TOS? \_ You do realize that no one is obligated to answer your question, yes? \_ Your geekdom passport has been revoked. \_ 'cause we all know jocks r00l. \_ oh no! What WILL I do? Oh that's right, have a life. Never mind. \_ Sorry, but we don't buy it. You've already proven you have no life by posting here. |
| 2003/3/12-13 [Computer/SW/Security] UID:27668 Activity:very high |
3/12 Call me paranoid. How likely is it for someone to decode traffic
sent to/from an ssh connection? The encryption is done end-to-end,
so if the govt is getting a copy of every packet between two boxes
is it possible for them to crack it? I'm not a technical guy BTW,
I just know the high level functionality of these things.
\_ If they really REALLY care and are willing to wait a couple of
weeks before the traffic is decoded and have some insane amount
of computer power... pretty unlikely. There is a reason this stuff
scares the shit out of the powers that be.
\_ It is much easier for them to attack at the unencrypted endpoints
\_ If the government wants to see your shit, they can get a tap for
your keyboard or put a van outside your home/office and read your
monitor. You're only fooling yourself thinking ssh will really
keep the United States' Federal Government from reading your shit.
I suggest you find a good defense lawyer and send good-bye notes to
your family and friends.
\_ any URLS with stories from people this has happened to?
\_ http://www.you.com.au/news/1009.htm
\_ If you are using SSHv1 there is a possibility that someone could
read your traffic. If you are using SSHv2 (AES128-HMAC SHA1) your
traffic will be unbreakable for the next several billion years
assuming that (1) the RSA factoring problem is impossibly hard,
(2) the Discrete Log problem is impossibly hard, (3) SHA1 is a
true 1 way hash and can't be inverted in less than 2^80 tries,
and (4) there are no weaknesses in the AES S-BOX.
There is a further concern among some about the way that HMAC
is performed in the SSH protocol, iirc SSH does E(K,P) HMAC(K,P)
rather than the more secure IPSEC method E(K1,P) HMAC(K2,E(P)).
I'll look this up in my notes and post later on.
\_ It might take decades, or even centuries, but the quantum
computers are coming.
\- we've broken ssh session keys when we were "really really
interested". ok tnx.
\_ what size session keys and did you break them using
brute force or via some other method?
\- "we measure computing power in acres"
\_ how much ct did you need?
\_ who's 'we'?
\_ "ok tnx" is the hallmark of PSB, and PSB works
at LLBL, so he could have "acres of computing power"
Was that you, PSB? |
| 2003/3/6-8 [Computer/SW/Security, Computer/SW/Unix] UID:27610 Activity:low |
3/5 All of a sudden my DNS server is not resolving http://mail.yahoo.com or http://calendar.yahoo.com. Everythign else I try seems to work. What could cause this? \_ is Earthlink your ISP by any chance? \_ no, why, do they have hte same problem? this is on my own dns server running BIND8.x \_ ; <<>> DiG 8.3 <<>> http://calendar.yahoo.com ;; res options: init recurs defnam dnsrch ;; res_nsend to server default -- 127.0.0.1: Connection timed out |
| 2003/3/5-6 [Computer/SW/Security] UID:27602 Activity:nil |
3/4 Any recommendations for a website, email, and DNS service provider? |
| 2003/3/5 [Recreation/Pets, Computer/SW/Security] UID:27600 Activity:high |
3/4 This is good:
jose CP 67.121.94.23 3:14PM 1:39 cat /etc/motd.public
How do you cat something as short as the motd for over 1.5 hours?
"So the guy at the bar says, 'that's no cat, that's my wife!'" hahahh!
\_ you can pipe it through "more"
\_ I guess... why not just 'more $file'?
\_ because $file expands to whatever $file is before the command
is execed.
\_ I was being generic. I'll spell it out for the anal among
you and try again, "why not just 'more /etc/motd.public'?
\_ or losing an ssh connection while executing the command.
\_ Doesn't sshd use tricks to detect such stale sessions and kill
them off, including all applications that belong to the same
session?
\_ maybe but it's pretty funky dropping a connection in the split
second it takes to cat the motd. im suspicious of this behavior. |
| 2003/2/28-3/1 [Computer/SW/Security] UID:27563 Activity:very high |
2/28 How come csua doesn't support imap, even when it's from csua itself?
\_ imap is disabled, but imaps (imap + ssl) is enabled in
/etc/inetd.conf.
\_ the certificate is self-signed though. wouldn't imap-over-ssh
be more secure?
\_ feel free to donate enough money for a verisign
cert. imaps also works straight out of the box
with Outlook and doesn't require running a ssh tunnel
\_ and you trust soda's SSH key why?
\_ I use the same key on all my production systems.
\_ And this helps why? Your SSH fu is weak. Train
harder.
\_ that way if I lose root i can login from anywhere
else just about because i use a passphraseless key.
soda's key is also on the auth'd list so its cool.
\_ that way if one of your machines is compromised
the '1337 h4x0r's have 0wn3d all your machines!
\_ And self-signed certs are insecure why? Your PKI fu is weak
train harder.
\_ do you memorize the signature on the certificate? at
least with ssh, i need to verify the key only once.
\_ A self signed cert presented by a server is equivalent to
yermom presenting a potential csua stud with a notarized
medical certifciate stating that the person presenting
this certificate is yermom and that she doesn't have any
up enough to go for it PKI fu boi!
the certificate is yermom and that she doesn't have any
stds where yermom was the both the obgyn who wrote up the
certificate and notary who signed it. Maybe you are hard
up enough that you'd go for it PKI fu boi...
\_ I only read email I have personally decrypted
with a PGP passphrase I store on a keychain attached
to my body at all times. I am also very attractive. |
| 2003/2/27-28 [Computer/SW/Security, Computer/SW/OS/Windows] UID:27551 Activity:moderate |
2/27 13823 files on a brand new w2k machine with no other software
installed. I remember copying dos from floppy to floppy using one
drive and had to do 26 disk swaps to get all the files....
\_ Uh, my copy of DOS 6 is only about 3 or 4 floppies.
\_ Did you count all the hidden files?
\_ There were only 1 or 2 which http://sys.com put on for me after a few
more swaps.
\_ DOS 3.2 -- 2 LD 5.25" floppies.
\_ DOS 1.1 -- 1 360k floppy.
\_ MacOS 1.0 -- 1 400k floppy. 127k used, 273k free. |
| 2003/2/27 [Computer/SW/Security] UID:27549 Activity:high |
2/26 MAPI gurus - do you know how to get encryption on MAPI? The online
docs are nasty, i've even looked at lotus's docs out of despereation
still nothing.
\_ Notes uses a proprietary 'encryption' algorithm. Little is known
about it. If you really want a certain degree of assurance that
your mapi connections aren't being snooped, think about running
ipsec. There aren't many MAPI security docs, period. -John
\_ XOR!
\_ 2ROT13! |
| 2003/2/27-28 [Computer/SW/Security, Computer/SW/Unix] UID:27548 Activity:high |
2/26 Wasn't csua passwd was compromised the other time? Could the hacker
had placed some program on csua that snoops our email? I think my
email account has been snooped on. I send out a email to a friend
giving him my server ip and port, but someone else visited my server
since my friend was not able to access my server. I got a foreign
ip accessed my server.
\_ obUsePGP!
\_ obUsePGP! If you send messages in the clear anyone can read them.
\_ PGP is useless until it is made more transparent. Even the people
who invented it have agreed on this. The existing tools are simply
too difficult to use and even people with clue end up sending
clear text or gibberish by accident half the time.
\_ The 'people'? Perhaps you mean the person, namely Phil
Zimmerman? And what you've just suggested does not sound
very much like the sort of thing Phil Zimmerman would say.
Could you post a citation so we know you're not talking out of
your ass here? If you are just talking out of your ass, could
you make a point of sticking your head up your ass before
doing this in the future so we don't have to listen to your
blather? Thanks.
\_ <Sigh> The most notable "blather" is Whitten & Tygar (1999).
cited in the GNU privacy handbook, chapter 5.
cited in the GNU privacy handbook, chapter 5. You are, of
course, correct that it does not very much sound like
something Phil Zimmerman would say.
\_ What makes you think it's not a problem on your friend's end?
\_ it may be possible too since the company uses MS Exchange and
Outlook, but they are very good at patching up the security
holes. =D Have you ever had nimda.a/e on you machine? if you
see httpodbc.dll in all your root drives, your machine is
infected with nimda.e. Most likely a hacker has already placed
a backdoor in your computer...
\_ More likely you were just port scanned.
\_ but he wouldn't know the exact path of the file to call even he
finds out that port is open. I had NAT forward that port to my
my server. And the web app is under a specific context-root, also
the file is has a unique url mapping. I see the visitor access
that exact path right after my email went out (well a few minutes
later).
\_ Foreign eh? Which country?
\_ foreign=alien=non-local
\_ You really should email root about this.
\_ Ya, that way root will be more careful about reading ppl's email.
Seriously though, what are the odds of someone having the
patience to go through and read your email? Did you look in your
apache logs to see what IP it was that looked up your site?
\_ Don't knock the propensity of individuals to do what normal
people like you and I would consider a complete lack of a
life for intrusive purposes. Security through obscurity
or even anonymity is not a good idea. -John
\_ last time I checked the IP belonged to http://prophetfinance.com, I
took a look at it subnet ips, they tranlated to greet, pride,
lust, stalin, roosevelt, churchill, etc <DEAD>.prophetfinance.com<DEAD>. It
is probably managed by some Russian sys-admin since he seems to
name the servers with Russian leaders.
\_ Churchill and greet are my favorite Russian leaders!
\_ Okay, machines with people names are name of Russsian
leaders. Damn, always some block head nit-picking posts while
totally ignoring the main point
\_ if you use a completely specious argument to back up your
contention that it's a Russian sysadmin and you get called
on it, I don't think it qualifies as nit-picking
\_ What is your site anyway?
\_ just some stuff to test my web configuration. |
| 2003/2/24-25 [Computer/Domains, Computer/SW/Security] UID:27509 Activity:very high |
2/24 Okay, I know this type of question has been asked before, but
here goes. I'm currently using http://domaindirect.com for my
registrar--they also handle my email (1 pop account + 5
forwarding addresses + catch-all). The problem is that they
only provide www forwarding (with perhaps "url keeper" which
wraps the page in a frame and it still looks like the domain,
but is a pretty cheesy technique). Anyway, I'd like to move to
a hosting service that allows me to keep the same (or better)
email services, and do either web hosting or aliasing to (say)
a http://dyndns.org site. domaindirect costs about $35/yr. and I'd
like it to be cheap, but I'm willing to pay more for better
service if necessary. Suggestions?
\_ DynDNS
\_ Um, did you notice that I mentioned dyndns? Do they handle
hosting? Do they handle email redirects? Do I have to run my own
mail server? Everything I checked about dyndns shows that it's a
partial solution, not a complete one.
\_ Um, did you notice that I mentioned dyndns? Do they
handle hosting? Do they handle email redirects? Do I
have to run my own mail server? Everything I checked
about dyndns shows that it's a partial solution, not a
complete one.
\_ http://gandi.net is cheap. They won't do hosting but they'll handle
mail forwarding and aliasing. the downside is they are in
Europe and you'll get all your e-mail in French (and English).
\_ I have had 5 domains with gandi for > 3 years now. They are
great, their service is fast, their TOS are unambiguous.
Regarding the DNS, you can do it with the public DNS service.
Look at http://soa.granitecanyon.com -- I found it very
difficult to get working, though, but it does work. And it's
free. -John |
| 2003/2/24 [Computer/SW/Security, Computer/SW/Unix] UID:27506 Activity:high |
2/24 http://csua.org/u/9db -finally they arrest the strike leaders. I wonder if that means oil will finally drop; the strike is 30% of the reason oil's been going up. \_ Yeah, I guess if getting rid of a corrupt political leader interferes with your getting a cheap tankful of gas by jailing a few brave souls, then god speed to ya'. \_ Gosh, in that case, would you like to join the general strike to remove a corrupt politician who gained his position through unconstitutional manipulation of a a corrupt electoral system? At the least, you wouldn't mind if we shut down the economy for a few days to do so, right? \_ if the people of the United States had enough savvy and guts to do just that I'd help in any way I could. \_ Yawn. Your own media spent months trying to prove your assertion and failed. Go back to alt.conspiracy. |
| 2003/2/21 [Computer/SW/Security, Transportation/PublicTransit] UID:27485 Activity:nil |
2/21 http://sfgate.com/cgi-bin/article.cgi?file=/c/a/2003/02/21/MN240732.DTL Crowd counting article restored, you censoring bastard. |
| 2003/2/14-15 [Computer/Rants, Computer/SW/Security] UID:27415 Activity:moderate |
2/14 What is a good internet phone card for calling China? Thanks.
\_ I usually use http://www.cybercalling.com I don't know how it
compares to others. Is 3.3 cent good price for calling
compares to others. I thought it has good prices for China,
Taiwan, and even US. Is 3.3 cent good price for calling
within the US?
\_ http://www.pincity.com : 4.9 cents (using local access #)
http://www.onesuite.com : 3.9 cents (using local acesss #) |
| 2003/2/13-14 [Computer/SW/Security] UID:27400 Activity:low |
2/13 Looking for <DEAD>anonymizer.com<DEAD> like websites that are free. Thanks. \_ like water for chocolate. \_ get a colo somewhere and run squid on it. set up the acls so you and your friends can access it by others can't. Enable https to http proxying and you've got all of the features of anonymizer for next to nothing. |
| 2003/2/12-7/5 [Computer/SW/Security] UID:27380 Activity:moderate |
2/11 At what point (in the course of my login) does DISPLAY get set,
and what does it get set to? I'm able to open X windows locally
(using Exceed) from soda, but not from another box I have access
to. On this other box, DISPLAY is not set and I'm trying to
figure how to set it. Thanks.
\_ Depends on the OS & login method.
\_ please expound or provide a link? the offending box is
running red hat, and I'm logging in over ssh.
\_ The remote system's sshd should be setting it. Make sure
that X forwarding is enabled on the remote system and on
your local system (try using ssh -v and looking for the
"X11 forwarding" lines); you might also want to make sure
your dotfiles aren't resetting your DISPLAY variable to
something wrong.
\_ Can you figure out your local machine's IP address and then manually
do "setenv DISPLAY local-IP-addr:0.0" after logging in to the other
box?
\_ Try ssh -X
\_ ssh -x |
| 2003/2/7-8 [Computer/Domains, Computer/SW/Security] UID:27337 Activity:nil |
2/6 Anybody have experience with http://pair.com for web hosting? Any other recommendations for quality, affordable web hosting? What about hooking up my own computer to a fat pipe somewhere? \_ my friends like http://pair.com. i like <DEAD>zapatec.com<DEAD> |
| 2003/2/7-8 [Recreation/Dating, Computer/SW/Security] UID:27330 Activity:high |
2/6 What's the best remote flower delivery service?
\_ Calling a florist in the remote area and being very exact in
what you want (or give them free rein to create).
\_ Don't use FTD or other large service. I agree with the first
reply. --aaron
\_ Except a lot of florists are part of the FTD network.
And they will deliver FTD's standard arrangements. Ask
them if they are a FTD member before you order.
\_ What's wrong with FTD? -florally clueless
\_ http://FTD.com was the first commercial launch of a Java website
\_ and then?
\_ Fuck Valentine's Day. Fuck it right in the ear.
\_ BDG? Is that you??
\_ this sounds more like doesn't-work-with-cable-modem
guy (DWWCMG)
\_ What?
\_ ERROR: EAR HOLE TOO SMALL.
\_ ~payam/squick.vt
\_ If recipient is in SF, I've always gone with http://frenchtulip.com
\_ I love Rose and Radish in SF myself, 415-864-4988. --chris
\_ Is that a hint?
\_ /usr/sbin/in.rflowersd
\_ I hope that you are ordering flowers for your ex-wife's
funeral. If you are ordering flowers for your girlfriend,
DON'T. You might think that you are being nice, caring,
considerate, etc. but in reality you are being drawn into
a bottomless pit of despair. You cannot imagine the endless
nightmare that your life will become if you allow yourself
to be drawn any further into this woman's web. If you do
not heed my advice the day will come when you will wish
that you had tied a noose around your neck rather than a
bow-tie.
\_ Now that's more like it! bdg #3 fan
\_ bdg, sign your post |
| 2003/2/6-7 [Computer/SW/Languages/C_Cplusplus, Computer/SW/Security] UID:27322 Activity:low |
2/5 I picked up this year's Taxcut and it won't import last year's turbotax
files. I'm gettign idiotic errors where it either wants to treat my
TT file as a TC file and then reports a corrupt file or it looks for
a TC named .T01 file when it's clearly a TT .tax file. I've played
around with filenames and even looked at hex editing the binaries. Is
anyone else trying to do the same thing? Is it working for you?
\_ importing is highly over-rated. Name, address, soc security, etc
can be easily typed in. The only other thing you need to worry
about is carryover capital losses (stock). It's more complicated
if you run a small business and need schedule C. But you probably
don't run a business.
\_ Hmm. Well that sucks. Thanks for the info. |
| 2003/2/4-5 [Computer/SW/Unix, Computer/SW/Security] UID:27305 Activity:high |
2/4 Anyone here use samhain? Any opinions?? (It claims to detect LKMs)
What is your favorite IDS/checksum program?
\_ Isn't that a Danzig song?
\_ snort
\_ don't be cheap, buy a IDS blade that goes into your router or
switch. It offers much higher performance and it's more
manageable.
\- that cant detect something like people doing rlogin -> ssh ->
su and typing root passwd onthe net can it? you can use BRO.
but it sounds like the above person is looking for something
run on the filesystem, like tripwire. i use veracity which
might not be right for you. --psb
\_ I don't use anything at all. SSH2 ports open to world+dog if you
can guess the root password, you get the whole site! Over 5
million active usable credit cards just waiting for the taking!
And the best part is we wouldn't even know you'd broken in and
stolen everything if you weren't an idiot about it. |
| 2003/2/4 [Computer/SW/Security] UID:27299 Activity:nil |
2/3 Soda's very own Nick Weaver makes news again.
http://news.com.com/2100-1001-983197.html?tag=fd_top
\_ So he's a "security expert" now?
\_ Yes he is. |
| 2003/2/1 [Computer/SW/Security, Computer/HW] UID:27266 Activity:moderate |
1/31 I find that http://terraserver.microsoft.com is not detailed enough. And I've been googling for another one. Can't seem to find another free server that provide satellite photos. I used another service before a few years back but can't remember the site anymore. Anybody know? \_ Call your local congressman today, and ask them to approve funding for the Total Information Awareness program. Soon, the server you seek will come into existence. Though your access to it may be on the 'need to know' basis... \_ Yermom won't show up on any civilian quality sat. photos. \_ Unfortunately, yermom does. \_ You're thinking of the military quality army boot sats. \_ No, I'm thinking "Yermom is SO fat ..." \_ her blood type is "crisco" \_ TIA program stillborn. Just another random pentagon concept that went nowhere. |
| 2003/1/21 [Computer/SW/Security] UID:27164 Activity:high |
1/20 Is there any tool on an SGI running IRIX 6.5 to play a .mp3 or .mid
file? I don't have root access. Thanks.
\_ um... build something in your homedir? If you don't have write
access to the sound device, you're just SOL.
\_ Oh, I'm sure there are plenty of tools running IRIX 6.5 |
| 2003/1/20-21 [Computer/SW/Security, Computer/SW/Languages, Computer/SW/Apps] UID:27161 Activity:high |
1/20 I have a pdf file that contains type 3 font. Since it is bitmapped
I can understand why it does not scale nicely, but why does it look
jagged even at 100% on acrobat reader while the print out looks fine?
How can I convert it to type 1 font? The program dvistripp.exe
that google points me to no longer seems to exist. Ok tnx.
\_ does this file have anything to do with ps2pdf? -chialea
\_ Yes typically I have the ps file and convert it to pdf using
ps2pdf or distiller. I don't have access to the original tex
or dvi files, however. --op
ps2pdf or distiller. It seems to be the problem of the ps
file, since many other ps files converts just fine. I don't
have access to the original tex or dvi files, btw. --op
\_ ps2psd does not do the right thing. |
| 2003/1/18 [Computer/SW/Security] UID:27141 Activity:moderate |
1/17 Do any other search engines besides google cache?
\_ I think the question is do any others provide public access to
their caches... I'm sure any reasonable search engine does
caching on some level. |
| 2003/1/9-10 [Computer/SW/Security, Computer/SW/RevisionControl] UID:27040 Activity:very high |
1/9 I need an archive/revision-control system that keep the repository,
which is left a relative public system, encrypted. CVS does not seem
to do that. What is an (free/open-source) alternative?
\_ Do you mean "encrypted on disk" or "requires encrypted
transmission"? CVS does the latter; you need to set CVS_RSH=ssh
and do some more config on the server (there are howtos online).
For the former, maybe a file system that encrypts data to disk?
\_ I mean that the (CVSROOT) repository is encrypted on disk.
I don't need heavy weight encryption. It is to thwart
opportunistic voyeur. -- OP
\_ rot13.
\_ rot26!
\_ chmod 600 your cvsroot |
| 2002/12/30 [Computer/SW/Security] UID:26940 Activity:nil |
12/31 Essential System Administration by Frisch refers to a "wheel group"
as being an added security feature for the assignment of root
privileges. Question: How is this an added security feature when
having the stolen root password allows login as root anyways? The
author also mentions that this feature is not available in Linux, but
used in BSD type OS's.
\_ False assumption. Given a wheel group, you can disallow external
logins by root altogether. This leaves at the very least a username
trail if the source IP is spoofed. |
| 2002/12/24 [Computer/SW/Security, Reference/Military] UID:26898 Activity:nil |
11/22 [stupid airport security thread deleted.]
\_ mandatory firearm safety training for everyone. give every
passenger a gun with rubber bullets. terrorism problem solved.
\_ Sheep |
| 2002/12/20-21 [Computer/SW/Security] UID:26874 Activity:high |
12/20 Is there a way to get SSH to do keepalives (for firewalls/dial-up
sessions with inactivity timeouts?) I currently do ssh -X and send
an xclock over it, but I usually have more than one host open, and
things get a bit cluttered. -John
\_ the inband keepalive is daemon configurable
\_ the inband keepalive is daemon configurable -shac
\_ I just have a script that echoes a character to the screen every 10
minutes. -- yuen
\_ Put "KeepAlive Yes" in /etc/ssh/sshd_config
\_ The line is already there. Guess it doesn't work.
\_ My office fw filters that so I do the same thing yuen does.
\_ KeepAlive actually sends out-of-band so.. it's not what it
seems.. you actually want ClientAliveInterval which sends
inband.. however its ssh2 only and some ssh clients will
barf when they see this packet.. if your client doesnt
barf at it, then it will keep your session alive -shac |
| 2002/12/17-18 [Recreation/Dating, Computer/SW/Security] UID:26831 Activity:insanely high |
12.16 Does anyone here get the economist? my subscription expired two days
ago and i want online access to an article called "Trapeze artists".
if you could post it in /csua/tmp it would be most appreciated
--tia.
\_ So why not resubscribe, rather than steal?
\_ Are you planning to resubscribe?
\_ I just did, and I have the print version of the article, but I
want to forward the article to a friend. Yes, I could scan it
or snail mail him the original, but that's a pain. Or I could
wait a month or two for my new subscription to kick in, but that
is more lame.
\_ Post a url to the article and your friend's email address
\_ So you're asking someone else to commit copyright crimes and then
put their name on it for you?
\_ yes, I am actually. thanks for clarifying the situation
though. prick.
and I will forward it for you.
\_ Thief.
\_ copyright violation is not theft. look up thief and theft in the
dictionary.
\_ Sure it is. You're taking or making use of something that
isn't yours without permission that normally costs money for
access. Take the rest of your argument to slashdot or k5
where you'll find like minded thieves who care.
\_ that's not theft. theft involves taking away. "making use"
of something -- which isn't even a thing, is not theft.
for you to say otherwise is just like my stating you are
a cunt.
\_ Yeah whatever. Take it to slashdot. In the meantime
do you mind if I have sex with your gf? It's not like
my making use of her while you're busy with copyright
violations is denying you your use of her.
\_ This is wrong on so many levels.
\_ Just another victory against copyright violators.
\_ i'm not the OP. i'm just saying it isn't theft.
\_ It only "normally costs money" because of a perversion
enshrined into law. Should breathing air cost money, too?
Would you support such a law, if passed? |
| 2002/12/15-17 [Computer/Companies/Google, Computer/SW/Security] UID:26819 Activity:moderate |
12/13 I was reading somewhere something that implied that google's popularity
algorithm could tell if the link to your site in someone's page was
"hidden." Can someone here confirm: if I have a link to may page on
another page that is either a.) The same color text as background or
b.) a "spacer" image that is a link. Will Google discount that link?
\_ No one knows how google really works. A form of security through
obscurity to protect their pagerank thing.
12/now Hey do ya think we could get the motd any shorter and more boring?
Let's see: 1) a link to chapter 1 of an old book, 2) trivial dns
lookup issue, 3) emacs question with joke answer. Why bother even
having a writable motd if it's going to be stripped of *everything*
worth reading? There's no technical questions/answers, no cool
stuff about, well... *anything*! And it's always worse on the
weekend when there's fewer bored people at work to add new things.
[*laugh* and then the same idiot deletes this whole thing]
\_ If you're so strapped for amusement that you rely on the motd,
I weep for you.
\_ weep away, just stop erasing everything. just because im pathetic
doesn't mean im not right about others stripping the motd.
\_ who knows? what makes these fucking censors tick? why do they
want the motd to become pointless? mysteries we may never know.
\_ Instead of trying to beat the system, why don't you just try to
make your page better and more relevant? How hard do you really
think it is to detect that technique? Can you guess how many
people we have who work on quality full-time to prevent this kind
of thing? --aaron@google
\_ because, 1.) I am starting a new service which competes with
long-existing services, Since I am funding this all myself,
I can not affort to pay SEO's to place "legitimate" links on
their already ranked web sites. 2.) Part of the service i am
offering to clients is that there page will not link back to
my page which in turn links to a bunch of their competitors.
This basically hozes me, since my competition creates sites
that then link back to themselves, racking up points, but i
am not going to be able to do this. Because of this, my site
could very easily be much better and "more relevant" and still
not have as high a score as my competition. -cuek_saja@yahoo.com
\_ If your site is good, people will come, regardless of what
you do. If your site is bad, people will not come,
regardless of what you do. If you are starting to ask these
sorts of questions now you have already lost.
\_ BS. If they can't find the site, they'll never know
whether it's good or not.
\_ Consider: http://www.google.com didn't have to circumvent
google. People found it because it was good. Be
good, don't be evil.
\_ As for your second question, i think the color trick would
be easy to dectect but the image trick would be hard. |
| 2002/12/10 [Computer/SW/Security, Computer/Theory] UID:26779 Activity:high |
12/9 Story on Blum at http://www.nytimes.com/2002/12/10/science/physical/10COMP.html Question - why is Blum "Professor Emeritus" of the CS dept when in fact he was happy enticed from Berkeley and is now ensconced at CMU with a full and productive lab? \_ Hey man, like what a traitor! I can't believe that! I'm just like ya know totally stunned and completely bummed! And like he ya know stole an emerity thingy from us! Man! \_Who said anything about him being a traitor? Just wondering why he has this title, which means "Retired but retaining an honorary title corresponding to that held immediately before retirement" when he's anything but retired. \_ From Webster's Revised Unabridged Dictionary (1913) [web1913]: Emeritus \E*mer"i*tus\, a. [L., having served out his time, p. p. of emerere, emereri, to obtain by service, serve out one's term; e out + merere, mereri, to merit, earn, serve.] Honorably discharged from the performance of public duty on account of age, infirmity, or __long and faithful services__; -- said of an officer of a college or pastor of a church. \_ enticed by his wife, no less. \_ yet another reason why marriage is evil. - bdg fan #3 |
| 2002/12/9 [Computer/SW/Security, Computer/SW/OS/Windows] UID:26754 Activity:high |
12/8 Has anyone been able to get sound working when running DOS 6.22
under VMWare? I want to play old DOS games and having no sound
sucks. thx. --sky
\_ I know there is a windows program that emulates an old sound
blaster so old dos games can use sound, maybe oyu can hunt that
down and use it?
\_ VDMSound? http://ntvdm.cjb.net
\_ sweet. I will try that. thx --sky
\_ It works great! --sky
\_ Maybe http://dosbox.zophar.net Doesn't do protected mode tho.
\_ there are several dos emulators around. Which game?
\_ old DOS adventure games. VDMSound seems to work with
them all. --sky
\_ which ones? (just curious)
\_ space quest, king's quest, monkey island, maniac mansion
\_ for the LucasArts games, you should use ScummVM instead.
http://scummvm.sourceforge.net |
| 2002/11/25-26 [Computer/SW/Security] UID:26630 Activity:high |
11/25 How do I get openssh to work with s/key? I've got skey working and
have passwords, but having trouble making openssh use them.
\_ obGoogle
\_ Google on "skey openssh" gives a million links on
the old ssh vulnerability
\_ Why not just use password-encrypted authorization keys?
\_ ChallengeResponseAuthentication yes
in sshd_config. -geordan (who dares to give actual answers)
\_ what should I then see when I do ssh -v in the
allowed authentications? publickey,password,
keyboard-interactive ?
should I continue to login as user or user:skey ?
do I need to change /etc/passwd or anything else ?
\_ Hm. keyboard-interactive is my guess. I don't
actually remember how to activate S/Key from the
client; I remember that OS X's ssh did it by default.
Why do you want to be using s/key with ssh, anyway?
-geordan
\_ sshing from untrusted machines
Tried this, but still didn't work. Any urls that
are openSSH specific?
\_ http://openssh.org? |
| 2002/11/22 [Politics/Domestic/California, Computer/SW/Security] UID:26597 Activity:nil |
11/20 How can I verify Soda's certificate?
...
\_ No. You can't add self signed certs to your cert store.
\_ yes, you can... the easiest way is if the machine is using
the same cert for https... you can import it simply using
IE... otherwise you need to manuall add import it, but it
can be done.
\_ Does the CSUA have a https site? Still haven't found
the self-signed cert ... -OP
\_ Not all versions of OE/IE support this.
\_ Really? That's dumb. Another reason not to use Lookout(tm)
\_ A self signed cert has no meaning in the PKI
model, since all it says that you vouch that
you are who you claim you are. If you really
want to implement the cert mgmt correctedly
there is no reason to allow such certs into
the cert store.
\_ Point taken. Where can I view this cert, and how was it
generated, for technical curiosity's sake? And does the
CSUA have a cert for https? -OP
\_ http://www.openssl.org has all the goodies
\_ By the way, is self-signed certificate different from
a certificate that was signed by an untrusted CA (say
you have setup a certificate authority within your company
for signing certificates)
\_ self-signed: signed by untrusted (your own) CA
\_ I like the original minty green certs best, but some of the more
orange flavored ones that came later were ok too.
\_ Before being bought out by RSA, Xcert minted their own brand for
a promo ... labeled obviously as: "XCerts"! -OP
\_ Sweet!
\_ Another approach if you really want secure POP is to set up
SSH forwarding on a local port to csua:110, then just set up
Outlook to retrieve email across the SSH (i.e., localhost: 110). |
| 2002/11/17-18 [Computer/SW/Security] UID:26571 Activity:kinda low |
11/17 the last five paragraphs of from this article:
http://www.cnn.com/2002/TRAVEL/11/16/airport.security.ap
__
Ed Karabinus, 56, was a security manager at Shepard Air Force Base
in Texas last winter when he traveled through Dallas-Fort Worth
International Airport and encountered inefficient screeners who
didn't speak English.
He decided to become a screener himself. He took the test, and in
March he was one of 61 people hired as supervisors. Eight months
later, he has been promoted to federal security director, a new
category of federal law enforcement officer, overseeing both Wichita
Falls Municipal Airport in Texas and nearby Lawton Municipal Airport
in Oklahoma.
Federal security directors earn between $108,400 and $150,000 a year.
Karabinus, who now drives a used Mercedes, motivates his screeners
by saying, "Look where I went, guys, in eight months."
--
DAMN, where can I get a job like that?
\_ There are always special people in all sorts of jobs doing really
well. They are the exceptions, not the rule. The typical airport
security jock is making $8.50/hr and will get a COLA in 2 years to
$8.75/hr.
\_ They are federal employees now making more than that. I don't
know how much more, but more than $17k/yr certainly. |
| 2002/11/15-17 [Computer/SW/P2P, Computer/SW/Security] UID:26558 Activity:nil |
11/15 http://journalism.berkeley.edu/projects/biplog Coming soon, a real hostname. -dans |
| 2002/11/14 [Computer/SW/Security, Computer/SW/Unix] UID:26540 Activity:very high |
11/13 back to the question regards to my problem of being f*cked up
by sys admin cuz they changed the UIDs... during the process
changing user ID, is hard-link ever used to accomplished the task?
I read somewhere that if hard-link is not being used carefully,
I may never able to get those files couting against my quota
unless the other person happened to deleted the file. Is that
true?
\_ Please supply host IP address, login name and password
and I'll check it out for you. It's too hard to debug with
so little, random, information.
\_ 198.137.241.41, gwb, bombiraq
\_ Sounds like you need to pay a contractor to go in there and fix
this idiot's mess. While you're at it, fire the stupid bastard
because he's making the rest of us look bad. --real sysadmin
\_ maybe your sysadmin is a BOFH who is persecuting you because you
just can't seem to use english properly.
\_ Napalm the fuckin bastard. -John
\_ thanks to all (except that grammar/spelling nazi, who didn't
really contribute anything useful).
For those who never step out of bay area / berkeley: you
would be suprised that sheer concentration of *GOOD*
system admin here at Cal, and alarming number of those
who are considered as mideocre at best at for the rest of
the world, even in an academic setting (where my account is)
For the rest... thanks for putting up with all sort of mis-
spellings and grammar errors from me.
\_ Actually a lot of the world has some pretty stellar
sysadmins; however, usually they lack a good academic
environment in which to hone their skills and find out about
others doing the same stuff. So they often end up doing crap
jobs tucked away in some company somewhere, underpaid and
underappreciated. I'm enjoy introducing people like that to
others in the field by organizing BOFs and the likes; I'm
always amazed at how little contact some of the good tech guys
have to the rest of the world. And I still say there are
enough decent good root-types to go ahead and napalm the
fuckin bastard. -John
\_ Ever owned a cat, John? Or are you just spouting?
\_ Yes and yes. -!john |
| 2002/11/13-14 [Computer/SW/Security] UID:26535 Activity:moderate |
11/13 http://privacy.yahoo.com/privacy/us/pixels/details.html \_ Your point? \_ I believe (s)he wants us all to click on that opt-out link. \_ bugnosis? |
| 2002/11/6-7 [Computer/SW/Security] UID:26428 Activity:kinda low |
11/5 Which free version of PGP provides a PGPDisk that works in WindowsXP?
I'm considering the International and CTK variants. Is any version
more secure or trustworthy than another?
\_ PGP is pretty good.
\_ HA HA HA HA HA HA HA HA. ha. ha. ugh. --aaron
\_ Screw it. PGP6.5.8ckt_build08 failed to install on XP, and
PGP6.0.2i could not read my PGPDisks made by PGP6.0.2 Desktop
Security in Windows2000. Now my question is: What other pretty
good encryption tools are there that does what PGPDisk does?
-OP
\_ nai actually stopped developing pgpdisk before XP and before their
latest versions of PGP.. and even announced that they would be
killing off pgpdisk entirely.. then sold of pgp to the current
PGP Corp. which says they will have support for XP in v8.0
which is currently in beta. check http://www.pgp.com -shac
\_ Thanks. I'm looking for something _FREE_, and their Freeware
products do not include PGPDisk.
\_ Cheap bastard. Pay for it if you want quality products with
full features. These people have to eat (sushi and Vik's
takeout daily) and pay rent (okay, well, condo association
fees) and buy shoes (and private school tuition and cell
phones) for their kids. |
| 2002/11/5-6 [Computer/SW/Security, Computer/SW/Database] UID:26423 Activity:nil |
11/05 What form of encryption is used for system passwords? Is it
possible to use that same form in mysql? I would like to be able to
take a users encrypted password from sql (which needs to be usable
through mysql) and give them a system account once they have jumped
through additional hurdles. Is this possible? how? URLs appreciated.
\_ ??? What's the project goal?
\_ man crypt |
| 2002/10/22 [Computer/SW/Languages, Computer/Rants, Computer/SW/Security] UID:26275 Activity:high |
10/21 Is there any service that takes email and sends regular mail?
Like bill pay, but with email instead of checks. I should be
able to set up "sendees" and they could print and send my emails
to them. Then i could correspond with my amish friends!
\_ don't you have a printer, stamps, paper, and envelopes?
\_ I'm VERY LAZY and am willing to pay someone else to
specialize in that and get the economies of scale.
\_ http://www.usps.com/mailingonline
\_ cool, thanks. |
| 2002/10/17-18 [Computer/SW/Unix, Computer/SW/Security] UID:26234 Activity:insanely high |
10/17 Is there a really easy way to forward all port 80 packets to another
machine? I want to migrate my web (but not mail/smtp/etc) packets to
a new machine. I don't want any sort of HTTP redirects because I want
the transition to be "seemless". Does my question even make sense?
\_ seamless
\_ Any firewall software can do this. Or you can point the DNS
name at your new web server and use MX'es to keep the mail on
the existing server. Or use mod_rewrite. -tom
\- writing a generic "port forwarder" to listen on localhost:tcp/###
and fwd that to A.B.C.D:### is pretty straght forward programming
exercise. in fact it is possible ssh can do it for you. i have a
tool i suppose i can send you which forwarded the pop protocol
but it should work for WEEB by just changing the port number.
[all WEEB is tcp, right?]. i seem to remember after looking at a
breakin there was some crackerware to do this too. --psb
\ are you calling nc "crackerware"?
\_ This is what I was going to do. Either this or just use ssh to
do the forwarding until I complete the migration.
do the forwarding until I complete the migration. But I was
hoping that someone had already written something (or gotten
netcat to work as such) so that I don't reinvent the wheel...
and don't have to worry about implementing error handling and
so forth.
\_ DNS! Why does no one use DNS for this stuff? The world wasn't
meant to be hard coded IPs. They made DNS for a reason. You don't
need clunky firewall kludges if you made proper use of DNS. You
wannabe sysadmins are getting more dangerous by the day. Please
tell me this isn't a commercial site.
\_ because dns wont forward port 80 packets. DNS will send all
packets to that hostname elsewhere. This is why a smart admin
will point several names at the same host, each name for each
service on the host, and then they can move the ip in the name
for that service without affecting the other services. I.e.
csua www service is 'www.csua', not 'soda.csua' (even those two
names point to the same IP), so we can move www service if
necessary without screwing other services.
If you weren't so smart, firewall-NAT /packet forwarding/
is your only option. -ERic
\_ Thank you for the description of "proper use of DNS" as
mentioned above. Anyone who doesn't know that DNS doesn't
forward packets needs to give up the root shell.
\_ DNS switches are not "seemless". Even if you have your TTL set
properly, there is a whole world of improperly set up DNS servers
(and microsoft DNS clients that mad-cache) that will not get up-
dated the instant you want them to. (Of course, just leaving the
service up at site 1 for a while is probably better than port
forwarding everything with good ol' nc -The SysAdmin.
\_ Gosh, you mean you actually figured out how to do a seamless
service migration with DNS? Wow. That was hard, huh?
\_ 1) You are a dumbass, as everyone else already pointed.
2) Even if what you said were correct (which it isn't), have you
considered the possibility that some people might be hard-
coding the IP's?
\_ 1) No one said any such thing. Learn to read.
2) It's correct and anyone who hard coded the IP's is a total
moron at step zero and shouldn't have root which was
already addressed earlier. If you could read, you'd have
read that, too.
3) Learn to read. Thanks.
\_ [ inane baiting deleted. ]
\_ OP here. Here's my solution:
www stream tcp nowait nobody /usr/local/bin/nc nc my.remote.host 80
im reposting my solution for the third time:
tcpserver 0 80 nc ncc 80 |
| 2002/10/15-16 [Computer/SW/Security] UID:26195 Activity:kinda low |
10/15 FYI OpenSSH 3.5 is out.
\_ Interesting. Is there a ChangeLog somewhere that summarizes
the changes in this release. In particular, I am wondering
if PAM and auditing problems have been fixed in Solaris
when privilege separation is enabled.
\_ ftp://ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/ChangeLog |
| 2002/10/15-16 [Computer/SW/Security] UID:26191 Activity:high |
10/15 I don't have a long dist carrier. I usually use 10-10-321, 811, 220,
etc. What's a good plan to use?
\_ http://www.onesuite.com Cheap, no hassles, portable.
\_ http://www.onesuite.com/faqs.htm#G13 , you can get 20 free
minuts (hey that's like 60 cents)!
but why don't they just bill the telephone like others?
\_ onesuite is actually a calling card which you can access
through a 1-800 number or local numbers. it is not a traditioal
long distance carrier. |
| 2002/10/15 [Computer/Rants, Computer/SW/Security] UID:26185 Activity:very high |
10/14 Why all the H1B posts? Our jobs, esp support and QA are already being
exported to countries like India and China. There was a report from
60 Minutes that says a few phone companies already shifted their
phone support ops to India. They even train the workers to be
knowledgeable about the American culture (football, beer, etc).
Face it, many jobs are indeed exportable. IT is just a glorified
auto/steel/whatever industry.
\_ You're a Cal grad and doing phone support and QA? Jesus F. Christ!
Did you graduate with a degree in English or something?
\_ I thought Jesus' middle initial was 'H'.
\_ You don't know what the 'F' is for?
\_ Agreed, IT = auto = steel = dockworkers. However, since most
motd readers are sys admins, they confuse themselves with
real software engineers and architects. We're not worried
about H1B workers.
\_ uh, it's the software development that can be easily exported,
not the sysadmin work. Think autoworker vs. policeman. -tom
\_ *laugh* As a sysadmin, the last thing I'm worried about is my
job getting exported to another country. No sysadmin confuses
what they do with what a coder monkey does. When a coder monkey
fucks up, you get a bug which gets caught by QA (in India). When
a sysadmin fucks up, the whole shop goes down. No one is going
to ship their servers to India. Silly troll, cookies are for
kids!
\_ Recently had trouble with an http://amazon.com order. Emailed them
(the only way to reach them) and all I got were replies
from folks with Indian-looking names. All replies either
had good english or good scripts or both. I suspect
amazon support may be outsourced?
\_ I have never gotten good customer service of any kind from
an Asian-outsourced helpdesk. In fact, this is the main reason
why I refuse to buy anything from http://Amazon.com anymore.
My experience with US helpdesk workers is mixed, although mainly
positive (unless you're dealing with a fucked up company like Sony.
The only consistently good tech support I've gotten was from Irish
call centers (most European tech firms redirect English-language
calls there.) -John
\_ Was on the phone with a Netapp chick in Singapore last night.
She didn't fix my problem but had a sexy voice so I still logged
the call as a "10" in their customer service records.
\_ I have never gotten good customer service of any kind
through the phone, period. Almost.
\_ B&H over the phone seems okay.
\_ Exporting software jobs is the best thing that ever happened to
the software industry. Perhaps now, we will realize that many
engineering positions are filled by glorified, semi-skilled
typists (software). Let's face it- software systems are LARGE
nowadays- but innovation is the crux of value, not WPM. Stop
complaining about your obsolete job. Coding is a monkey task
that should be outsourced, not protected by some archaic notion
of an ivory tower of academia.
\_ Which is why I would recommend moving up to a more architectural
or managerial level, to avoid your job being 'exported'. I agree,
coding, not only a 'monkey task' as the above posted noted, is
often considered a thankless job. Don't shoot the messenger, this
is what I heard.
\_ Put it this way. Number of engineers produced per year in US:
65000, in China 700000, and their quality is improving.
\_ This is exactly the kind of reasoning upper management uses to
justify H1b's shortly before they get a http://fuckedcompany.com entry.
Because if 1 american engineer can do it in X days, then 10 H1b
engineers can do it in X/10 days. Right? Good math. |
| 2002/9/28 [Computer/SW/Security, Computer/SW/Unix] UID:26038 Activity:nil |
9/28 I installed mysql 3.23.52_1 via pkg_add and I'm trying to set the
root password-- but I don't know the default password. This is a
fresh installation, and I'm using
% /usr/local/bin/mysqladmin -u root password 'blah'
/usr/local/bin/mysqladmin: connect to server at 'localhost' failed
error: 'Access denied for user: 'root@localhost' (Using password: NO)'
% /usr/local/bin/mysqladmin -u root -p password 'blah'
Also fails, because I don't know the stinking password. I've tried
the system's root password, "root", "toor", and various foul
language. |
| 2002/9/13 [Computer/SW/Security] UID:25874 Activity:kinda low |
9/12 Has anyone else noticed that their ssh session tends to die as
soon as they get notified of new mail?
\_ never happens to me.
\_ Mine is kindof twisted. If I have newmail running in the backgrnd
I cannot seem to log out of my ssh session cleanly (it just hangs
after the logout). But if I kill the newmail process prior to
logging out, it works fine. (this is on a Debian Linux). Clues?
\_ just a guess -- does newmail open an X connection?
\_ try ssh -v when making connections. without debugging info you
don't stand a chance. |
| 2002/9/12 [Computer/SW/Security] UID:25859 Activity:nil |
9/11 I hate people who block ping requests, it is so annoying and of so
little (in fact i'd go as far as to say NO) security value.
\_ some people just block all icmp.. for valid security reasons -shac |
| 2002/9/11-12 [Computer/SW/Security, Computer/SW/Unix] UID:25851 Activity:low |
9/11 Is it commonly accepted to use rsync between two machines using a
null passphrase? I haven't found any good workaround. The next best
thing would be to type the key once per reboot, but that is
inconvenient and the key stays in memory. So... after a few days of
googling, root+null passphrase is the best I could come up with.
\_ If it's a low security site, you can do the null passprase to a
junk account and then have cron or whatever copy/move the files
out. jailed shells and what-not are easy enough to setup without
jumping through too many flaming hoops. Are these both internal
machines? Maybe NFS is the answer?
\_ Install ssh, rsync over ssh instead of rsh and use a passkey. |
| 2002/9/9 [Computer/SW/Security] UID:25820 Activity:high |
9/8 Is @cal forwarding down again all day? What the hell? It's an
embarrassment to Berkeley! Shit I should've never trusted them
in the first place!! My ISP is far more reliable! They suck
you in with a permanent email forwarding address and then the
service goes down for days. Bunch of idiots!!!
\_ Is there a number we can call about the service?
\_ This gives Cal a bad name, just like the programming contest
and Cal Football.
\_ We've won our past three games against 5th tier teams!
\_ I think it may have come back up. |
| 2002/9/4-5 [Academia/Berkeley/CSUA, Computer/SW/Security] UID:25767 Activity:very high |
9/3 I'd like to donate equipments (eg 160G HD) so that I can influence
politburo members into giving me root access. How do I go about
doing that? P.S. I'm an alumni
\_ alumnus (possibly alumna) or alum
\_ are you female? I think most of them are tired of making love
to mr.hand
\_ rosie Palm and her five sisters are h07!
\_ The Palm SEXtet (pun intended) will make you blind!
\_ You mean *Miss* Hand? Or are they gay?
\_ No, you're just 100% clueless.
\_ mail politburo. ask. -chialea
\_ chialea! I want to kiss you! :-)
\_ are you an eastcoast or westcoast stalker of hers? !fan
\_ you're freaky
\_ No, they're dreamy! --chialea #1 fan #1 fan
\_ a.k.a. chialea
\_ Incorrect.
--chialea #1 fan #1 fan
\_ you're going about it the wrong way. you need to bribe a single
root person, not the whole politburo. you don't want official
access, just access. social hacking.
\_ is that how paolo got root?
\_ Speaking of bribing, have the recent politburo requested
alumni support yet for this year?
\_ still not getting it. you dont support politburo for root,
you buy some kid a few beers. sheesh. must i spell out
*everything* for you?
\_ Not looking for root, just wondering about funding.
\_ maybe they can request funding for a SCSI RAID card.
\_ if you're cute, you screw for root.
\_ The secretary?
\_ Good things I'm not sexy@csua anymore -chialea
\_ Get real. Sleep with csua root users instead of popping
5 bucks for cheap beer? Son, not all sex is good sex.
You should go for the beer option. |
| 2002/8/29-30 [Computer/SW/Security] UID:25734 Activity:high |
8/29 Do you guys have a different password for every single account you
own -- email, website, server, bank, etc?
\_ Yes.
\_ I have tiers of security-- like very secure, medium, and not at all
secure. Usually as I retire my very secure passwords, I move them
down to the lower tiers... except for the lowest level, which is
almost always just based on my name or something.
\_ I do this too. I wonder how commmon it is.
\_ How do you remember all the passwords? I have like 10 passwords
for maybe 30 accounts. I can never remember which to use for
what, except for the accounts I use daily.
\_ I use the same password for all my accounts, home, work, root,
hotmail, http://yermom.com pr0n sites, my secret password with Visa, my
home security company, everything.
\_ Have you been to http://yermom.com? What a fucking stupid website! |
| 2002/8/29-30 [Computer/SW/Security] UID:25732 Activity:high |
8/29 Has anyone tried DMA? Does it really work? I'm afraid to use it for
the same reason why I don't click on "unsubscribe me" from spams.
\_ Yes it works. Both for mail and phone-based junk. It works best if
you also request that the credit agencies not release your info as
well and you foregoe mail forwarding when you move.
\_ Those work very well for me, together with calling up companies
to cancel junk catalogs under whoever's names and my address.
--yuen
\_ Direct memory access? I love it. Great stuff. Works great and
less filling at the same time! Better than rogaine
\_ No but I've tried MDA. Is DMA some other analogue?
\_ Direct Marketing Association, Inc. http://www.the-dma.org
The posters are talking about DMA's Mail Preference Service which
helps you stop junk mail.
helps you stop junk mail. Saves time and trees. |
| 2002/8/29-30 [Computer/SW/Security] UID:25731 Activity:low |
8/29 Is there a website that tells you the elevation above sea-level
of all the cities in the US (at least the major ones)?
\_ No. I have encrypted all of my copywritted material
using an encryption algorithm based on US city elevation data,
and releasing it now would be in violation of the DMCA.
If you try to download that information from the web, I'll
DOS your server. -GIAA
\_ Uh, Yeah, the first link from the google query:
"us major cities elevation above sea level" -googled |
| 2002/8/27 [Computer/SW/Security, Computer/SW/Unix] UID:25705 Activity:high |
8/27 Is there a CSUA policy about deleting accounts of those who have died?
Or is it a respect sort of thing to keep the account for the deceased?
\_ There are deceased?
\_ gene kan
\_ What happened to him?
\_ He Cobained.
\_ gene can do what?
\_ was he active CSUA?
\_ How about deleting accounts for those who have been inactive for a
long time?
\_ and... why?
\_ To reclaim disk space? Free up login names and UIDs? Reduce
chance of break-ins since those people won't be changing
their passwords periodically?
\_ As if people who never really used their accounts are using
a lot of disk, someone else wants their name, we're near
out of UIDs or more than 1% of you slack bastards has
changed your password in the last 6 years....
\_ reclaim unused uids? Doesn't the account creator just
add a new uid after the highest used one? Are we even
anywhere near starvation for uids?
types.h lists the uid as:
typedef u_int32_t uid_t;
So thats what, 4 billion possibilities? I see only 2400
or so passwd entries. Try another excuse to delete
unused accounts...
To reduce chance of break-ins? I'd argue to delete the
active accounts -- theyre the ones most likely to have
their password leaked ( via social engineering , trojaned
software, or other means) or shared on another
site.
\_ ok genius so then why should the accts not
be deleted?
\_ The burden of proof is on those who desire
change in a functional environment. They should
not be deleted because there is no reason to and
it would waste someone's time to do so. Why
*should* any accounts be deleted?
\_ How come at line 2437 in /etc/passwd the UID goes up to
10958, but then at line 2438 it starts from 1003 again?
\_ I saw that old login names like achoi or choice no
longer exist.
\_ achoi/choice is now android. -geordan
\_ So any future Albert Choi or Ah-Ching Hoi can
re-use the login achoi.
\_ *hint* |
| 2002/8/26-27 [Computer/SW/Security, Computer/SW/OS/Windows] UID:25694 Activity:high |
8/26 After I save a file in win95, I need to process it from DOS prompt
(to use with sftp for putty for example). I find the file name to be
"currupted" - it's shorter and contains strange characters like "~".
I know this must be a feature from MS but how to get around it and
access the file from DOS using the real file name?
\_ try using cygwin
\_ the win95 shell displays that because it's DOS and DOS doesn't
do more than 8.1 filenames. Just use those shorter names
(i believe they show up correctly in windows), use the long name
with quotes around it (i think that works) or better yet
upgrade to win 2000.
\_ if you use the short file name with scp, you'll lose the long file
name on the other side. you need to double quote the LFN to do
what you're talking about. or as the above say use cygwin or w2k.
\_ By "DOS prompt", do you mean the DOS window in Win95, restarting
Win95 in DOS mode, or plain MS-DOS 6.xx?
\_ Enclose your long/full name with double quotes.
\_ Use double quotes.
\_ I think double quotes will do the trick. |
| 2002/8/26 [Computer/SW/Security] UID:25689 Activity:moderate |
8/26 Any recommendations for web hosting services with good latency from
campus? Looking for cheap service to host low traffic www site.
\_ Low latency? You're playing quake from your campus office? |
| 2002/8/20-21 [Computer/SW/Mail, Computer/SW/Security] UID:25623 Activity:very high |
8/20 using gpg i want to associate someones public_key with a wildly
different alias that they also use to mail me encrypted text.
I skimmed the long man-page but didn't find it.
\_ you really think the nsa cant read your text in real time? get
real. they can spot the gpg signature and flag your packets to
make certain a human reads the messages. sheesh. dont you know
the best way to hide is in plain sight where your traffic looks like
everyone else's and only the computers will read (and ignore) it?
\_ (!OP): I don't care about the NSA. I care about business
competitors, 1337 haxors, and the like.
\_ w3 @1r3d33 0wNz y00.
\_ (TOP) o.k. i love to ecourage trolls..
1) I'm trading commercial "secrets" not military ones so I
don't much care if some cypher-wonk in the basement of
the pentagon reads my mail.
2) By encrypting traffic "they"re not interested in i'm making
their job harder, if only a little, which makes me happy.
\_ What mail client do you use to (en|de)crypt mail w/ gpg?
\_ mutt
\_ pine. (flame away)
\_ So you trust foreign governments such as the French who are
known to engage in industrial espionage for their
corporations not to steal your data and hand it over to
your competitors? So much to learn, so little time.... |
| 2002/8/19 [Computer/SW/Security, Computer/SW/Unix] UID:25608 Activity:nil |
8/19 http://www.kuro5hin.org/story/2002/8/19/2952/21932 - php gui sucks. \_ gui's are bad. |
| 2002/8/15 [Computer/SW/Security] UID:25563 Activity:very high |
8/15 I am familar with SSH1 but just put SSH2 on my computer.
With SSH1, I know I put the contents of his identity.pub file in my
authorized_keys file. With SSH2, what is the analogous procedure?
Do I do something with the snippet that begins
"---- BEGIN SSH2 PUBLIC KEY ----" which he sent me? Where do I
put that on my server? Thanks!
\_ It depends on what kind of keys you use (SSH1 or SSH2 keys),
what client do you use, and whether the server is running
openssh or commercial sshd. In case of soda, you have to upload
your public key to your account, convert it to the format the openssh
understands using ssh-keygen command and then append it to your
.ssh/authorized_keys2 file.
\_ I think I need to add something in the .ssh2 directory.
I am running with "SSH-1.99-2.4.0 SSH Secure Shell".
\_ yes, consult the ssh2 man page
\_ place the public key (the entire file from '---- BEGIN...'
to '---- END SSH2 PUBLIC KEY ----' in a file under .ssh2
then create a .ssh2/authorization file containing the
line 'Key pubkeyfilename' (where pubkeyfilename is the
name of the public key file you just created) - max |
| 2002/8/8 [Computer/Domains, Computer/SW/Security] UID:25524 Activity:high |
8/8 If I use <DEAD>foo.bar.com<DEAD> in a root .rhosts file, can someone who controls DNS server in his own domain set up one of his addresses to reverse to <DEAD>foo.bar.com<DEAD> and get into my machine? \_ If you're using rsh? Probably. ssh, if you have it configured to, will check to see if the remote machine's host key is correct. \_ Yes I know this wont work for ssh. I think with rsh the only trick is to get him to look at your DNS server. If you can do that, I think it will work. |
| 2002/8/1-2 [Computer/SW/Security] UID:25470 Activity:high |
8/1 Bugtraq reports that openssh-3.4p1 was trojanned on http://ftp.openbsd.org, and its mirrors. \_ Link? And Is that what happened to csua? \_ http://online.securityfocus.com/archive/1/285492/2002-07-29/2002-08-04/0 \_ Don't think so. That seems to have affected the openssh-portable port. \_ which... soda runs... \_ dont bring facts into this. this is the motd, damn it! \_ It's okay, they didn't. \_ no it doesn't: $ telnet soda 22 Trying 128.32.112.233... Connected to http://soda.CSUA.Berkeley.EDU. Escape character is '^]'. SSH-1.99-OpenSSH_3.4 \_ genius wtf do you think that is? If it isn't an openbsd machine and it's running openssh, it's the portable one \_ I believe the FreeBSD uses the non-portable openssh too, perhaps with their own patches. If FreeBSD was using portable openssh, you'd see a version string that looks like this: SSH-1.99-OpenSSH_3.4p1 \_ Hi. You're an idiot. \_ Recent FreeBSD base system uses 3.4p1. There are also two ports: security/openssh and security/openssh-portable, which are a patched OpenBSD version and the portable version, respectively. Soda is running the former, AFAIK. --dbushong \_ The only installed openssh port I see is: /var/db/pkg/openssh-3.4_4 \_ What's the bottom line? Is soda's current version compromised? \_ I don't think so. Plus, the compromise is just a side effect of the build, and (supposedly) should not affect the built executables. \_ No. The MD5 on the src tar ball in /usr/ports/distfiles matches the correct MD5: MD5 (openssh-3.4.tgz) = 39659226ff5b0d16d0290b21f67c46f2 soda$ cd /usr/ports/distfiles/ && md5 openssh-3.4.tgz MD5 (openssh-3.4.tgz) = 39659226ff5b0d16d0290b21f67c46f2 \_ Here is what I've heard from a reliable source: (sorry, no url) "If you didn't rebuild OpenSSH from scratch in the past 36 hours you don't have to worry about it and the trojaned code was replaced with a clean copy by 6am PDT. The trojan was that someone added a line to a Makefile such that during compilation, a socket is opened to a hacked machine once an hour to await "commands" (or example, open a shell, or die). The OpenSSH code base wasn't touched. The hacked machine was wiped early early this AM. I haven't heard anything about whether the SunOS 4.1.X FTP server (the OpenSSH project hosts there because the people who offered to host it there have lots of bandwidth) was hacked, or if this was some kind of inside job from someone who had appropriate levels of access on that host. Like you doctor always said, check your md5 checksums and your PGP sigs. The FreeBSD "ports" system does that automatically and refused to build and install the tainted coded." |
| 2002/7/29 [Computer/SW/Security] UID:25436 Activity:nil |
7/29 Can some one tell us some definitive info about what's going on
with pop? it hasn't worked since the ip change. Do I need to
change port number?
\_ The sort-of official, and thoroughly unannounced answer is that
clear-text POP/IMAP has been disabled since the recent compromise.
You can only use SSL enabled POP/IMAP clients. Hopefully we will
soon have localhost clear-text service available for those who
prefer to ssh tunnel instead of trying to find an SSL enabled
mail client --scotsman
\_ okay, what settings do I use for POP3 over SSL? port 995?
\_ Y'know. looking at things, I don't see POP3s enabled..
I'd have to say mail root. --scotsman
\_ wasn't this always the case? I was never able to use POP w/
clear-text password remotely and have been ssh tunneling for
about the last year. - rory
\_ On a somewhat related note, is telnet / skey going to be
reenabled, or is it permanently disabled? |
| 2002/7/25 [Computer/SW/Unix, Computer/SW/Security] UID:25422 Activity:insanely high |
7/25 Just curious. How come 'last' shows the date went backwards? thx.
mikeh ttyA7 128.32.112.194 Thu Jul 25 01:09 - 01:11 (00:01)
root ttyv1 Thu Jul 25 01:08 - 01:09 (00:00)
root ttyv0 Thu Jul 25 01:07 - 01:08 (00:01)
emarkp ttyv3 Wed Jul 24 23:36 - 23:36 (00:00)
mehlhaff ttyA4 63.201.156.21 Wed Jul 24 23:30 still logged in
root ttyv2 Wed Jul 24 23:24 - 23:46 (00:22)
root ttyv1 Wed Jul 24 22:51 - 23:46 (00:54)
mikeh ttyv0 Wed Jul 24 22:50 - 23:47 (00:56)
reboot ~ Wed Jul 24 22:50
shutdown ~ Wed Jul 24 22:44
root ttyA1 10.32.43.51 Wed Jul 24 22:17 - shutdown (00:26)
mikeh ttyA1 10.32.43.51 Thu Jul 25 03:54 - 22:17 (18:23)
jon ttyA3 10.32.43.51 Thu Jul 25 03:07 - 03:08 (00:00)
root ttyA4 10.32.43.51 Thu Jul 25 03:00 - shutdown (19:43)
root ttyA1 10.32.43.51 Thu Jul 25 02:44 - 03:54 (01:10)
mikeh ttyA1 10.32.43.51 Thu Jul 25 02:44 - 02:44 (00:00)
root ttyA0 10.32.43.51 Thu Jul 25 01:45 - shutdown (20:59)
reboot ~ Thu Jul 25 01:35
\_ that's why it's called 'last'. it shows from most to least recent
who has logged in.
\_ so you saying july 24 is more recent than july 25? |
| 2002/7/25-26 [Computer/SW/Security] UID:25416 Activity:moderate |
7/25 Is there any ETA of a full report about the compromise? For
instance-- how long ago did the hack take place? Where did it
originate? How was it discovered? Was ssh-keygen hacked? Do we
need to replace our keys? Are we supposed to change ALL of our
passwords, or just ones that we used in the past X days?
\_ Also, what _isn't_ known about the hack?
\_ we believe that nweaver was responsible. --h@x0r
\_ Are we going to ask for the death penalty?
\_ Can't hurt to change your passwords and ssh keys anyhow... |
| 2002/7/25-2003/1/5 [Computer/SW/Security] UID:25415 Activity:nil |
07/25 Yes, soda's ssh, sshd, and sudo were compromised. Changing all
of your passwords is advised. Services that are down now will
come up in due time. --ajani |
| 2002/7/25 [Computer/SW/Security, Academia/Berkeley/CSUA/Troll] UID:25414 Activity:high |
7/25 Anybody know what's happening with alumni.eecs? Can't seem to ssh in.
\_ Last I herd they were having problems with secure shell.
\_ Sounds like they got 0wnz0red
\_ well, they told me because csua's ssh was trojaned, all accts
which have anything to do with soda is disabled. Talk to root
to reactivate it.
\_ csua's ssh was trojaned? when did this happen?
\_ Shoulda used coitus interruptus, but abstinence is
the best choice!
\_ You better be fucking kidding because there's nothing about
this on /etc/motd.official. If soda got owned we have the
right to know about it and root has a responsibility to tell.
I'd like to see official word on motd.official whether this is
true or not. This isn't funny if you're making it up.
\_ What even not funnier is how you're being such
a dick about asking for this information.
\_ Excuse me while I beg for critical security information.
Oh please please please let me know sometime after you
graduate what the fuck was going on. Security isn't a
joke and users shouldn't be left guessing wtf happened
or how much they might be fucked over. And for you
personally, fuck you, you know nothing fool.
\_ And for you personally, if your files and
whatever else are so critically dependent on
soda being completely secure, get your own
machine and connection and maintain it.
\_ Found on http://ucb.org.csua (7/24):
Soda.csua is down because it was compromised. It will
hopefully be fixed tomorrow. Galen
\_ which is unfortunately not very helpful when soda is the
only machine from which one can read ucb.*
\_ Try http://groups.google.com?
\_ how about a secondary webserver on, say, scotch that
gives news and downtime type stuff for soda. new A
record <DEAD>news.csua.berkeley.edu<DEAD>, etc.
\_ If you asked him really nicely, perhaps dbushong would
be willing to do something like this at http://www.csua.org
I'll bet you'd have better chances if you volunteered
to do the coding so that he could just post it.
\_ I know dbushong. dbushong is a good friend of
mine. and you, sir... wait.. what was i saying?
Really. Dave just runs http://csua.org. He doesn't
know or care about the daily goings on of soda.
This is something the politburo can and, i'm going
out on a limb here, should do.
\_ Ok that's a start, how about some info on how long it's
been compromised, what sort of compromise, how badly,
what were the hackers doing, what got installed, etc?
\_ Nice attitude. And how much have you contributed to
this group and its equipment lately? |
| 2002/7/25-26 [Academia/Berkeley/CSUA, Computer/SW/Security, Computer/SW/Unix] UID:25413 Activity:low |
7/25 Thanks to the root types who have been working hard to clean up the
recent mess on soda and in EECS in general. The masses are pleased
to have soda return. --PeterM
\_ Word.
\_ Hmm, is POP and IMAP still down?
\_ All praise the great root types!
\_ No HTTP service either
\_ Your work means a lot to us. Inability to use soda drives me nuts,
especially since I use it for love emails.
\_ specifically much praise is due to mikeh. He put alot of time into
the reinstall and cleaning up of things. 'course everybody put
effort in. |
| 2002/7/16-18 [Computer/SW/Security] UID:25372 Activity:high |
7/16 How do I generate a public key compatible for openssh on an SSH
(commercial) machine? openssh uses single-line keys, while
ssh uses multiline keys.
\_ I got out a text editor and re-arranged the entries to match. It
was lame but it worked.
\_ see openssh ssh-keygen man page
\_ If you're trying to use pre-existing keys and convert them this
won't do it for you but it will generate new ones in either
format.
\_ Yes it will, you apparently haven't read the manpage.
\_ Not in my version which is relatively recent.
-x This option will read a private OpenSSH DSA format file and print
a SSH2-compatible public key to stdout.
-X This option will read a unencrypted SSH2-compatible private (or
public) key file and print an OpenSSH compatible private (or pub-
lic) key to stdout.
\_ Yes and where's the option for ssh1? |
| 2002/7/13 [Computer/SW/Security, Computer/SW/Unix] UID:25347 Activity:moderate |
7/12 Anyone know of a lightweight secure ftp program like secure fx?
Putty PsFtp is *too* lightweight.
\_ try WinSCP
\_ ssh secure shell client for windows, available on http://depot.berkeley.edu
if you can't access http://depot.berkeley.edu, maybe you shouldn't be on
a machine that is supposedly for undergrads.
\_ I wake up every morning and try to fuck up everyone else's
day just a little bit too, cool! |
| 2002/7/6 [Computer/SW/Security] UID:25292 Activity:low |
7/5 What is the purpose of having subkeys in the PGP/GPG encryption
scheme?
\_ for rounds. |
| 2002/7/6-8/9 [Computer/SW/Security] UID:25290 Activity:nil |
07/05 Apache upgraded, bugs to dev-null@soda. In the future if you
see a problem mail root rather than venting on the motd. Yes,
we read bugtraq, as is demonstrated by the fact that security
issues are normally handled quickly. --Galen |
| 11/23 |