| WIKI | FAQ | Tech FAQ | |
 http://csua.com/feed/ | |
| ||||||
| 11/23 |
| 2005/2/21-22 [Computer/SW/Security] UID:36354 Activity:kinda low |
2/21 I just got a PayPal spam mail asking me to confirm my PayPal account.
It says to go here: http://202.108.69.147/webscr which obviously is
a fraud, but omg it looks 100% authentic and everything looks exactly
like PayPal. I'm very impressed at scammers and their sophistications.
\_ Yeah, it's downright eerie how people can use HTML to fake other
sites.
\_ try logging in with a wrong password, then a right password.
See what happens? It's not trivial. Make sure to change your
password to something new after this experiment.
\_ Yeah, it's downright eerie how people can use HTML and
basic perl to fake other sites.
\_ Have some fun with it with a browser running in a vmware session,
fake username/password, and some basic xss exploits. Dump the
whole session into ethereal, and if you're not concerned about
engaging in wire fraud and other illegal stuff, for bonus points
see what hilarious vulnerabilities you can find on their box and
on others they run. -John
\_ Yeah. I found a list of ATM numbers and PINs and CC numbers on
one site. |
| 2005/2/21-22 [Computer/SW/Security] UID:36351 Activity:very high |
2/21 List of big design blunders in computer science, I'll start:
\_ IP6 needed because IP4's running out (reality: NAT made IP4 more
abundant hence IP6 adoption has been slow to a crawl)
\_ IPv6 needed because IPv4's running out (reality: NAT made IPv4
more abundant hence IPv6 adoption has been slow to a crawl)
\_ That's not a design blunder; IPv6 is still needed, just not
as quickly as was first anticipated. -tom
\_ NAT is a bad thing(tm). It breaks applications that need
end to end connectivity. It also makes it difficult to
manage large clusters of systems each using the same
NAT address space. In the IPv4 world we have been stuck
using overlay networks to deal with these problems. If
everyone was using IPv6 people would not need these type
of hacks.
\_ I'm increasingly convinced that the future is IPv6
overlays that have to be negotiated/constructed dynamically
by some sort of link control protocol where all the
paranoid authz checks can be done by the folks who
think firewalls and NAT are the greatest thing since
sliced cables.
\_ Therac 25, baby.
\_ DOS, 640K RAM is enough for everyone (reality: never enough RAM)
\_ Why is DOS a blunder? For many applications DOS works well
enough (ex. my DSLR runs DOS and it works just fine).
\_ gets(), strcpy(), strcat(), and all other C standard library
functions that assume infinite buffer sizes.
\_ C++, period. Ugly, ugly, ugly.
\_ Go away troll.
\_ Y2K: first the prevelance of the bug, then the overblown reaction
to it
\_ bug != design decision. People designed systems with two digits
to hold the year because it was the right design tradeoff at the
time. If any of the designers really expected the systems to
stay in use for literally decades they would have decided
otherwise.
\_ wouldn't it have been more space efficient to represent the
year as a single byte, offset from 1900? that would have kept
them safe until 2155 and saved a byte. Would that have been
more computationally expensive?
\_ You obviously aren't familiar with BCD and its prevalence
in the financial world.
\_ Microsoft Bob. -gm
\_ I just looked at it. It actually seems pretty cool albeit the
primitive looking GUI. What happened to it?
\_ I was referring in particular to its "password reset" feature,
which would prompt you for a new password if you entered the
wrong password three times. As for Bob in general, I don't
think it was ever really adopted, and its purpose (make the
Windows UI easier to use) became obsolete. -gm
\_ The password thing is just an implementation fuckup. -John
\_ MBONE SHALL RULE ZE VORLD!!! MUAHAHHA!!
--Professor Larry "The Slammer" Rowe.
\_ slammer?
\_ JavaScript. Language sucks, feature sucks, security sucks.
\_ That's ECMAscript beotch!!!
\_ The unification of data types and conceptual types in programming
languages. Unification isn't even the right word, because these
two generally have not been separated to begin with.
Also, the general philosophy of early CS pioneers of designing
for non-malicious, cooperative use. We are still dealing with the
repercussions of THAT (unsafe languages, problems with network
protocols, etc). -- ilyas
protocols, etc).
Designing languages for the 'average case' rather than the
'best case' (I am talking about users of languages). Designing for
the average gives you Java. -- ilyas
\_ Multics. The entire x86 security ring architecture. Java.
SMTP (sans authentication).
\_ Java? Yeah, that's big design blunder -- a language that is
easy to program in and works on all sorts of different devices,
not to mention fuels my paycheck every month. Maybe the
transistor is another big mistake?
\_ I see your "Multics" and raise you a "Nachos". -gm |
| 2005/2/19-21 [Computer/SW/Security, Computer/Companies/Yahoo] UID:36253 Activity:nil |
2/19 So I spend hours loading pics to yahoo photo albums and arranging
them in the order that I want. And then I go back and all the
pictures in every album are out of order. Why does this happen?
And maybe more importantly, what's a similar service that people
recommend that won't have this problem. Basically just somewhere
I can load my pics to that anyone can look at, even without them
having a passwd or account or anything. -pissed off at yahoo
\_ Definitely send them a pissed off email. Maybe someone will get
yelled at.
\_ shutterfly. |
| 2005/2/17 [Computer/SW/Security, Politics/Domestic/President/Bush] UID:36213 Activity:high |
2/17 Bush warned 52 times before 9/11 attacks:
http://csua.org/u/b3f
\_ we are constantly warned of an attack from Al Qaeeda,
it's going to happen, what are you doing about it?
\_ Heed the warnings and order up a full complement of armed air
marshals. Oh wait, we only did that after 9/11, right?
\_ You missed the point. There is no way to know which method
Al Qaeda will use to attack us. They might not use planes
at all. They have just threatened attack. So how do you
stop them?
\_ did you read the URL? yes, the whole thing.
\_ Did you read my post? Yes, the whole thing. I'm
Al Qaeda. I tell you I am going to "attack the USA".
What will you do about it? The point here is that
Bush would get the blame in that instance, but what
can he do about it, really? The instance in the
article is specific. I am talking about a general case.
\_ You increase security and alert law enforcement. You
take it as an actual problem and work to increase
human intelligence. You look at the outgoing
administration's thoughts on the matter and develop
a strategy. You don't go back to crawford to "clear
brush". If it had been a priority issue, maybe the
FAA would have said yes when NORAD asked them if they
wanted an intercept on the off-course flights.
\_ Yes, I read your post, the whole thing.
I got your point, a long time ago.
You missed my point.
Your point is obvious to everyone.
My point, the same one in the article, is not.
That's why I asked you if you read the whole URL.
Had we heeded the warnings and ordered up a full
complement of armed air marshalls prior to 9/11,
we might not have had a 9/11, or at least had
competently placed security to afford a chance.
And, you still haven't said whether or not you've
read the entire URL, which was my question.
-- If you really did, maybe you wouldn't have wasted
your words on me.
\_ You are talking about a general case that did
not exist.
\_ It exists at this very moment and as such is
more pertinent than what someone did or did
not do 5 years ago. |
| 2005/2/10 [Computer/SW/Security] UID:36124 Activity:kinda low |
2/9 just a coincidence with thread below...
The Genocide That Wasn't: Ward Churchill's Research Fraud
http://hal.lamar.edu/~browntf/Churchill1.htm
\_ I've also read some funny stuff about how he goes around
claiming to be a member of various indian tribes, none of
which, it turns out, have him listed as a member.
\_ Yeah, like most nutjobs, his screeds have brought him attention
and scrutiny that wouldn't have happened elsewere, exposing his
*factual* errors instead of just his nutjob opinions.
http://hal.lamar.edu/~browntf |
| 2005/2/6-7 [Computer/HW/Laptop, Computer/SW/Security] UID:36077 Activity:very high |
2/6 Our parent company is considering forbidding us from taking laptops
off the premises due to possible src code loss. Considering that
many of us work from home the majority of the time, this does not
sit well. We need to come up with a proposal for keeping the
src (or entire disk) on an encyrpted drive. I used PGP desktop
a while back but never did any disk intensive activity (eg compilation)
on it. Has anyone been subjected to similar measures and have any
suggestions? Thanks.
\_ Yeah, plenty of companies are hiring. Start looking for another
job now.
\_ I love my job. Not interested in a new one. -op
\_ Do you think this is the last PHB decision they will make?
You love it now, but this is just a harbinger of things
to come. I am sorry I cannot be more positive. There has
got to be some way of encrypting things for you but I
don't know what it is.
\_ Maybe not, CHKP is an agent of the Mossad, so I wouldn't
put anything past them, but, regardless, i need to wait
a few more years for the remainder of my options to vest.
-op
\_ Write up a reasoned explanation of why this won't help. Particularly
in a technical field (development), it's always near trivial to find
ways around this unless they completely isolate your work network
from the internet. (i.e. you can't go to websites, check popmail,
etc) If there are any such "holes" that those evil, evil employees
could just copy the code out through, encrypting it locally won't
help.
\_ The issue is not that they don't want employees stealing the
src, the issue is that laptops are prime targets for theft and
if someone were to get their laptop stolen, release of the
src code would be disasterous. Of course there are plenty
of ways to get around it. -op
\_ Out of curiosity, does anyone know how often data from
stolen laptops ends up getting into the wrong hands?
I would have guessed that most laptops get stolen
by crackheads who sell them to the local pawn shop for a
hundred dollars, who then erases the harddrive and sells
it for two hundred to some random moron. At what point in
this chain does data get sent to some competing software
company? Are there people out there making a living
cruising the silicon valley pawn shops for sellable data on
stolen hard drives?
\_ magnetic tape, flashdrive/CF/SD/etc, laptop HD in a USB/FW case ...
iPod/etc ...
\_ Again I'm not looking for ways to take src code home. I'm
looking for a reasonable solution for securing the data on
the laptop to mollify their concerns and to prevent me
from having to jump through such hoops. I still have VPN
access to CVS from my desktop at home and if it were to come to
it would just ditch the laptop. -op
\_ it was meant as examples to give your company to prove
how fucking stupid they are.
\_ Uhm, if you have VPN access to the company what makes
the company think that someone can't just steal your
computer at home and get the source code there? I'm sure
that you encrypt your data, but that's not a guarentee
that someone else who works under similar conditions will.
Anyway, what's so important about the source code? MS had
its source code for Winblows leaked, it's not like someone
is going to go and develop a competing product anytime soon.
And if your software is that valuable, people can just
reverse it through brute-force decompilation and analysis.
\_ It looks like PGP Corporate deployed using smart cards or tokens
(e.g. RSA SecurID doodads) is probably what you want. I just
glanced at the marketing drivel on the website so you'll need to
read further to be sure, but this looks like a reasonable place to
start:
http://www.pgp.com/products/desktop/disk
-dans
\_ We had very good success with Safeguard Easy (both boot sector
protection and on-the-fly disk crypto.) If you're feeling
adventurous, you can play with MS EFS on top, but your PKI
admins had better know what they're doing. -John
\_ Most responses don't really understand the problem. Working in
an environment where much of our software is classified as a
munition, I do. It is about accountability more than actual
prevention of theft. They *know* you can steal the source and
if they were concerned about that they'd do what the DoD does
and make you leave it at work. They are concerned about the
laptop being stolen. Whether or not it is easy to obtain the
source by hacking into the system over VPN is irrelevant. In
our particular case, it is just disallowed. Period. You can
take the executables, but not the source. I, too, am interested
in a good solution but I think none exists. However, I do not
understand why the desktop is allowed. That is just as much of
a no-no.
\_ I would just take the source code home and be done with it. |
| 2005/1/25-26 [Computer/SW/Security] UID:35897 Activity:nil |
1/26 Was there some talk going on tonight in Mountain View? Any details?
\_ Diffie is giving a talk tomorrow at the computer history
museum:
http://www.computerhistory.org/events/index.php?id=1105901815 |
| 2005/1/22-24 [Computer/SW/Security] UID:35856 Activity:moderate |
1/22 I've had netflix now for about 6 months now, and their turn-around
time is slowing down; it used to be about a day or two, and now it's
a few days. Has anyone else experienced similar service?
\_ I've had netflix since 2001 and have noticed no slow down at all
and have lived in 3 different places. It did get a bit rough when
I started filling my queue with New Releases and freeing up space
right when they released, but that was because they were shipping
the movies to me from Texas and Boston since the demand here was
too high.
\_ I just signed up two weeks ago. Day 1: Mail old stuff in
Day 2: Gets there, they mail new stuff Day 3: I get it
\_ wasn't there some talk about how netflix slows down service for
users who borrow too much?
\_ New and light users get priority for high-demand discs. It
doesn't affect your throughput, but if you have high throughput
and like new releases you'll have a bunch of stuff stagnant at
the top of your queue.
\_ I think it's more dependant on the vagaries of the post office.
I have noticed an increase in the <stddev> of arrival time which
might be that they opened up more shipping centers and will mail
your #1 disc from which ever center gets it back in first.
\_ Netflix gives priority to new customers over old customers. This
happened to me before, and my DVD turn around time went from
3 days to 5+ days within span of 6 months. I discontinued
the service for a while resubscribed again.
\_ Did you primarily rent new releases?
\_ I've had Netflix since 2001 and my turn around time has always
been 1-2 days (except during the holidays). I'm in SJ, less
than 1 zip code away from the distribution center and I mostly
only watch PBS/BBC/SciFi so perhaps my experience is better
than can be expected. If you want an alternative, my cousin
has had pretty good luck with greencine.
\_ I subscribed to greencine for about 6 months now and turn around
has always been 2 days. But they dont have pr0n and I'm thinking
of also subscribing to bushdvd unless anyone here knows a better
competitor. |
| 2005/1/21-25 [Computer/SW/Security] UID:35855 Activity:nil |
1/21 Diffie is giving a lecture about the history of information
security this wednesday from 7-8:30 PM at the Computer Hist.
Museum in Mt. View (best part is that its free):
http://www.computerhistory.org/events/index.php?id=1105901815
\_ I _highly_ recommend going to see this guy talk. He's one of the
most fascinating speakers I've seen--he'll ramble for hours about
things that may only peripherally relate to the nominal topic of
the talks, and it's all incredibly interesting, even if you have
no clue what he's on about from time to time. -John |
| 2005/1/21 [Computer/SW/Security] UID:35836 Activity:moderate |
1/20 Someone was asking for eggs?
http://www.hundredpercenter.com/sitebuilder/images/P19-361x232.png
\_ That's a snowball dork! Anyway, the security was way too tight
for eggs.
http://www.washingtonpost.com/wp-dyn/articles/A25250-2005Jan20.html
\_ A snowball?! Obviously my elementary school teacher was not
on Bush's security detail. I was told those things were really
dangerous. Repeatedly.
\_ It must be hard being so stupid. |
| 2005/1/20 [Computer/SW/Security, Transportation/Car/Hybrid] UID:35824 Activity:high |
1/20 If I go through the bridge toll plaza on a "FastTrak/cash" lane, is the
transponder supposed to beep? I did it twice on the San Mateo bridge
and it didn't beep. I got worried and now I only use the FastTrak-only
lanes.
\_ there is a sign which says Valid
\_ This is STFW day today, isn't it:
http://511.org/fastrak/faq.asp
\_ do you have the regular transponder or the Continuum Transponster? |
| 2005/1/20 [Computer/SW/Security] UID:35806 Activity:nil |
1/20 Is there an option to subversion to keep it from storing your
password in cleartext? The file in ~/.subversion/auth/svn.simple
seems to do so by default. Thanks.
\_ Use svn+ssh:// or http:// not svn://. In 1.1.x, you can turn off
password caching with the store-passwords option. |
| 2005/1/18-19 [Computer/SW/Security] UID:35774 Activity:moderate |
1/18 Looking for a good backup program on XP. I like the simplicity
of the default XP backup program, but I'd like to have encryption
on top of it. I've considered WinZIP with encryption but it is a
bit clumsy, and I've considered tar/pgp, but I'd hate to tar and
then pgp separately. What are some alternatives? Thanks.
\_ Can you just create an encrypted volume with Pro and just dump
all your data on a backup drive? I tend to do USB HDs since
dumping stuff to CDR/DVD isn't practical anymore these days with
hundreds of gigs of data.
\_ well if your primary disk is hosed and lose the keys you'll
never retrieve your content. I don't know how/and have enough
faith to backup/restore the keys.
\_ See post and URL in other thread about username / password
based retrieval of WinNT-encrypted files. |
| 2005/1/18-19 [Computer/SW/OS/Windows, Computer/SW/Security] UID:35767 Activity:nil |
1/18 WinXP question. Let's say I have a backup folder, encrypted using
EFS. Then I backup my private keys using "cipher /x:keys".
Then one day my computer crashes and I'd like to read the
backup folder. How do I export the keys to a newly installed
WinXP so that it'll read the encrypted files? ok thx.
\_ I believe all you need is to attach the hard drive to another
computer (via IDE or external drive) and login with the same
username and password, and the files will magically decrypt
as you open them.
If you want to access the files with another username, there
are steps in the link (search for "import your keys"), but it
sounds complicated.
http://www.microsoft.com/technet/security/topics/crypto/efs.mspx |
| 2005/1/18 [Computer/SW/Security] UID:35763 Activity:nil |
1/18 Between Fannie Mae (Gorelick and Raines), Berger, and this you
really have to wonder.
Cut-Rate Diplomas:How doubts about the government's
own Dr. Laura exposed a fraud
http://www.reason.com/0501/fe.ps.cut.shtml
\_ Who is Laura Callahan? |
| 2005/1/17-18 [Computer/SW/Security] UID:35747 Activity:nil |
1/17 For the person who asked about AFP over SSH, just start
a ssh tunnel on your client:
ssh -N -L [localport]:localhost:548 [user]@[afpserver]
Now you can connect using ssh via the finder using the
afp url: afp://localhost:[localport]
\_ note: must be root to bind to <1024 |
| 2005/1/4-5 [Computer/SW/Security, Computer/SW/Unix] UID:35542 Activity:low |
1/4 I added a user to my Windows 2000 machine, and now I can't login as
Administrator or any of the other user accounts. I think I changed
the automatically login user without password box. I think I need
to reset the administrator password. Any ideas?
\_ obgoogle. try system internal's website. they got tools
\_ http://home.eunet.no/~pnordahl/ntpasswd
\_ Perfect! That worked very well, I'm keeping that CD in my kit.
\_ Get tweakui for win2k. It will allow you to turn the proper login
back on. |
| 2004/12/28 [Computer/SW/OS/Linux, Computer/SW/Security] UID:35455 Activity:high |
12/28 I have access to a large supply of psx, n64 and snes...besides
games are there any good uses for these consoles? Are there
ways to use them for parallel computing or educational
purposes? -scottyg
\- see e.g. http://arrakis.ncsa.uiuc.edu/ps2/cluster.php
i wonder if they were able to buy the hardware subsidized. --psb
\_ got any spare saturns? Want to sell one? -aspo
\_sure, go to http://www.squaredealonline.com -scottyg
\_ 50 bucks??? That isn't so square.
\_ Check ebay, Saturns are having a bit of a revival. I'll
be putting mine up soon, with games, if you're
interested. -jrleek
\- see e.g. http://arrakis.ncsa.uiuc.edu/ps2/cluster.php
i wonder if they were able to buy the hardware subsidized. --psb
\_ got any spare saturns? Want to sell one? -aspo |
| 11/23 |
| 2004/12/24-25 [Computer/SW/Security] UID:35429 Activity:nil |
12/24 so I have a giant proprietary format microsoft access db file
i think mail collection file used with Earthlink Total Access
on a PC. how do i convert it to something usable in maildir
or mbox format for use with another email processing
program? - danh
\_ perl DBIx::MSAccess::Convert2Db -tom |
| 2004/12/16-17 [Computer/SW/Security, Computer/SW/Virus] UID:35331 Activity:moderate |
12/16 Odd sort of viral marketing (as in computer virus viral)-- the site
invitation.sms.ac will send you an email from your friend asking you to
sign up for free text messaging (sms) service on their site; they then
comb your address book and auto send an invitation to all your friends.
The most insidious feature of this is that the invitation uses passably
decent grammar and spelling. May God have mercy on us all.
\_ How did a website comb your personal address book? Did you
actually install something from a untrusted and unknown site?
\_ Lots of people are security-unaware enough to do it, especially
if a friend 'invites' them to do it.
\_ I don't know how it works; I got the invite from a friend
who subsequently mailed me saying it was a scam. The email
invite looked pretty legit though; I can't say anything about
the website since I didn't visit. |
| 2004/12/14-15 [Computer/SW/OS/OsX, Computer/SW/Security] UID:35293 Activity:moderate |
12/14 Has anyone successfully gotten ssh/scp public key
authentication to work on Mac OS X? I'm going from a 10.3.6 client
machine to a 10.3.6 Server machine, but it doesn't seem to be
looking at the key. Is there some strange config setting I'm
missing or am I just a tard? -sax
\_ - On client machine type: ssh-keygen -t dsa
- Enter nothing for passphrase
- Add ~/.ssh/id_dsa.pub from client as a line in
~/.ssh/authorized_keys on server
\_ You can actually have passphrases and not have to wrestle
with the authentication agent. Check out keychain
(http://www.gentoo.org/proj/en/keychain/index.xml It works
great, I use it all the time on my Mac. (as for the ssh prob,
I don't have anything to add that hasn't been said) - ajani
\_ I have, and I don't particularly recall any voodoo needed to make
it work. Try connecting with -vvv, and see what it says. You
could also try turning sshd's log level way up. -dans
\_ Are PubkeyAuthentication and RSAAuthentication both set to yes
in /etc/sshd_config? (They should be by default)
I haven't had a problem getting this to work with OS X. --ranga
\_ As a follow up, I've gotten passwordless dsa keys to work from
my client->soda, soda->client, and server->client, I just can't
get anything to work going into my server. I even tried over-
writing my sshd_config with both soda's and my client's files,
to no effect. I can ssh to the server, it just won't recognize
the public key. I'm not sure if this is a configuration problem,
or something particular about 10.3 Server... I'm now going to
try some of these suggestions, thanks! -sax
\_ Turns out it's an ownership problem of the home directories
on the server. The server was set up as an AFP server, and
the permissions on the home folders are screwy. -sax |
| 2004/11/29-30 [Computer/SW/Security, Computer/SW/Unix] UID:35115 Activity:low |
11/29 I archived a big direcotry (3GB) using tar with bzip2 compression (-j)
and I notice that to extract any file, tar seems to read through
the whole archive decompressing it byte by byte and takes a VERY long
time, no matter how small that file is. Is there a better archive
method? (I am archiving on to a file, so dump does not work.)
\_ Use zip. The compression isn't as good, but you can access any
file instantly.
\_ I need good compression but I won't add files to the archive,
so a tool that puts all the directory information at one place,
compress the files individually and allow random access is what
I am looking for. (And it has to be available for Macs too.)
\_ Why don't you just run bzip2 on foreach i ( * )? -John
\_ Perhaps RAR, http://www.rarlab.com Not free, though.
\_ 3GB is not that much. Burn it on a DVD. |
| 2004/11/27 [Computer/SW/Security] UID:35085 Activity:nil |
11/27 What's the purpose of having/requesting the three-digit
"security code" on the back of credit cards? I don't see
how it makes transactions more secure; anyone tapping into
a phone call or computer network can pick up that number as
easily as the CC# itself and expiration date.
\_ It does prevent dumpster divers (aka, employees) from taking
all the necessary information off of the carbon copy. In stores,
you are never asked for the extra 3 digits, as they can see you
have the card, but online, it is supposed to prove that you are
holding the card. But, if you can monitor the communications,
you can do anything you want. |
| 2004/11/25-27 [Computer/SW/Security, Computer/SW/Unix] UID:35077 Activity:kinda low |
11/26 Is there any reason to give directory world Readable permission but
not eXecute permission? I encountered this on a public ftp site.
Is this just a mistake or are they trying to block access?
[Thanks for deleting a lot of crap]
\_ no, you can't get into that directory on the porn site.
\_ well, with just read, you can list the names of the files in the
directory, but that's about it. i don't know if that's considered
useful.
\_ No you can't, unless you mean read in the sense of od/cat/etc.
\_ Yes, you can. Try it. You can use ls to list the filenames,
but you won't be able to stat the file for more details.
\_ You try it.
% ls -ld bar
drw------- 2 xxx csua 512 Nov 26 22:38 bar/
% ls bar
% chmod 700 bar
% ls bar
baz
\_ Your ls program is too smart -- it's trying to get extra
information about the files, which fails. Try /bin/ls. |
| 2004/11/19 [Computer/SW/Security, Politics/Domestic/President/Bush] UID:34980 Activity:nil |
11/19 Hey angry voter fraud guy, Bush received more votes than the number
of registered voters in several Ohio counties. Where's your
outrage???
\_ COOK COUNTY!!!1! KENNEDY WAS A FRAUD!!! YEAAAARGHHHHH!!!!1!! |
| 2004/11/19 [Finance/Banking, Computer/SW/Security] UID:34977 Activity:high |
11/18 Should cows be tipped?
\_ of course. though I (and I think most people) usually just
round up to the next dollar, and if that is less than 10%,
add a dollar.
\_ Why tip them? They are being paid for the services. Who started
this kind of tipping system. It so ridiculous.
\_ shut up, overpaid software engineer - danh
\_ also taxi drivers make like $2.00 an hour. I know
it's not your job to make their careers viable
but it's something to keep in mind. - danh
\_ If your're going to tip taxi drivers, barbers, waiters, etc,
you might as well tip other people providing services to
you such as garbage collector, postman, cashiers, etc.
\_ Well, if all those other jobs had their wages lowered to
reflect expected tipping, then sure. Now if you want to
question which, if any jobs should be largely paid in
tips, that's another matter.
\_ Don't forget to tip your local software engineer.
\_ Most civilized people give their garbage collector,
postal delivery guy, etc a Christmas gift of some kind.
\_ You can lament the tipping system all you want, but the fact is
that, particularly in the U.S., we've adjusted salaries based on
the expectation of tipping, so in a real sense you are only paying
for the service if you tip the expected amount. -tom
\_ Well I was really asking what's "THE STANDARD". -op
\_ http://www.tipping.org/tips/TipsPageTipsUS.html. -tom
\_ You need to tip furniture delivery person??? I tip
people all the time but never to a delivery person.
\_ http://csua.com/?entry=11672
\_ Please tell me you tip your pizza delivery guy at least
\_ Oddly topical article from last Friday:
http://www.kcrg.com/article.aspx?art_id=92666&cat_id=123
Gist being that driving a cab even in Cedar Rapids is dangerous.
\-so is it ok to not tip if the service is seriously bad ... and
i mean stuff under the service employee's control. --psb
\_ No; you should tip the expected about even if the service is
^ should be a comma.
\_ No. It should be a period.
\_ A semicolon is perfectly correct, if a little odd,
as it is. The sentiment, however, is wrong -phuqm
seriously bad, according to Miss Manners. -tom
\_ Miss Manners can suck a dick. The whole point of tipping
vs. salary is that with tipping the customer can punish the
employee for doing a bad job or reward them for a good job.
It's basically an economic system of performance evaluation.
\_ Wrong. 15% tip for the waiter is part of his salary.
You can give more for good service. -tom
\_ It's part of their earnings, but not part of their
salary. If it was, it wouldn't be a tip. They're
not entitled to a tip if they do a terrible job, and
that's borne out both in custom and law. I always tip
but if someone was really rude or incompetant I would
not feel obligated.
\_ Yes, of course. The understanding implicit in tips is that
your pay is performance-based. Bad performance = less or no
tip. --erikred
\_ Sure, but some people feel it's OK to withold a tip for things
out of a server's control, like bad food or a slow kitchen.
\-yeah i dont mean for a minor slight like "my water glass
was empty for 5min. i mean something like a seriously
fucked up haircut. or a taxi driver who gets lost after
you specifically asked do you know where X is. --psb
\_ If I ask for more water twice and it doesn't come, that's
bad service.
\- if the wait person is stupid vs. surley vs. the
restaurant is understaffed, those are all different
scenarios in my book. there is bad service and then
there is stuff that actually will cost you money ...
waiter spills liquid on your clothes. it's the latter
cases where i think it is not unreasonable to imply
"this is coming out of your tip". --psb
\_ and of course, you think it's fine for people to
withhold your salary based on their own criteria,
and never tell you why. -tom
\_ I have a legally binding contract governing my
salary. I may also receive an additional bonus
as an incentive to perform; said bonus may be
allotted on purely subjective criteria, so
essentially, yes. Service industry employees
hold jobs which involve providing service. I
pay for this service already. If they are not
being paid enough, it is a contractual issue
between themselves and their employers. It is
not my problem. I am already compromising far
more than I feel obliged to by adhering to
cultural norms suggesting I pay the service
staff extra for making an effort to provide
particularly good service. -John
\-holube: do you think it is "better" that
to you tip a waiter than drops soup on you
and then write a letter to management
suggesting he/she is a lamer? the analogy
to "me and my employer" doesnt work because
one relationship is between 2 parties and the
other is between 3 parties ... and norms
that are sustainable in long term relationship
may not work in one-shot cases. it is not
feasible for me to tip 15% and then go to the
employer and ask for a partial refund because
of some problem. again i am talking about
cases where something fairly dramatic has
gone wrong. also the restaurant case is
likely different from others because tip
pooling is likely. there are certanly micro-
differences in service and tipping is one
place to allow for some flexibility [are you
a regular who is seated before other people
who got there before you? are you seated next
to the bathroom etc]. so why arent flight
attendants tipped? --psb
\_ I can't believe you guys had a whole tipping
conversation without once mentioning Mr.
White. Philistines!
\_ Do you know what this is? It's the world
smallest violin, playing just for the
waitresses.
\_ Yeah! FUCK POOR PEOPLE!!
\_ I always forget to leave a tip for the room service people
in hotels. Those people make atrocious wages too. |
| 2004/11/18-19 [Computer/SW/Security, Finance/Banking] UID:34956 Activity:very high |
11/18 Should taxi drivers be tipped?
\_ of course. though I (and I think most people) usually just
round up to the next dollar, and if that is less than 10%,
add a dollar.
\_ Why tip them? They are being paid for the services. Who started
this kind of tipping system. It so ridiculous.
\_ shut up, overpaid software engineer - danh
\_ also taxi drivers make like $2.00 an hour. I know
it's not your job to make their careers viable
but it's something to keep in mind. - danh
\_ If your're going to tip taxi drivers, barbers, waiters, etc,
you might as well tip other people providing services to
you such as garbage collector, postman, cashiers, etc.
\_ Well, if all those other jobs had their wages lowered to
reflect expected tipping, then sure. Now if you want to
question which, if any jobs should be largely paid in
tips, that's another matter.
\_ Don't forget to tip your local software engineer.
\_ Most civilized people give their garbage collector,
postal delivery guy, etc a Christmas gift of some kind.
\_ You can lament the tipping system all you want, but the fact is
that, particularly in the U.S., we've adjusted salaries based on
the expectation of tipping, so in a real sense you are only paying
for the service if you tip the expected amount. -tom
\_ Well I was really asking what's "THE STANDARD". -op
\_ http://www.tipping.org/tips/TipsPageTipsUS.html. -tom
\_ You need to tip furniture delivery person??? I tip
people all the time but never to a delivery person.
\_ http://csua.com/?entry=11672
\_ Please tell me you tip your pizza delivery guy at least
\_ Oddly topical article from last Friday:
http://www.kcrg.com/article.aspx?art_id=92666&cat_id=123
Gist being that driving a cab even in Cedar Rapids is dangerous.
\-so is it ok to not tip if the service is seriously bad ... and
i mean stuff under the service employee's control. --psb
\_ No; you should tip the expected about even if the service is
^ should be a comma.
\_ No. It should be a period.
\_ A semicolon is perfectly correct, if a little odd,
as it is. The sentiment, however, is wrong -phuqm
seriously bad, according to Miss Manners. -tom
\_ Miss Manners can suck a dick. The whole point of tipping
vs. salary is that with tipping the customer can punish the
employee for doing a bad job or reward them for a good job.
It's basically an economic system of performance evaluation.
\_ Wrong. 15% tip for the waiter is part of his salary.
You can give more for good service. -tom
\_ It's part of their earnings, but not part of their
salary. If it was, it wouldn't be a tip. They're
not entitled to a tip if they do a terrible job, and
that's borne out both in custom and law. I always tip
but if someone was really rude or incompetant I would
not feel obligated.
\_ Yes, of course. The understanding implicit in tips is that
your pay is performance-based. Bad performance = less or no
tip. --erikred
\_ Sure, but some people feel it's OK to withold a tip for things
out of a server's control, like bad food or a slow kitchen.
\-yeah i dont mean for a minor slight like "my water glass
was empty for 5min. i mean something like a seriously
fucked up haircut. or a taxi driver who gets lost after
you specifically asked do you know where X is. --psb
\_ If I ask for more water twice and it doesn't come, that's
bad service.
\- if the wait person is stupid vs. surley vs. the
restaurant is understaffed, those are all different
scenarios in my book. there is bad service and then
there is stuff that actually will cost you money ...
waiter spills liquid on your clothes. it's the latter
cases where i think it is not unreasonable to imply
"this is coming out of your tip". --psb
\_ and of course, you think it's fine for people to
withhold your salary based on their own criteria,
and never tell you why. -tom
\_ I have a legally binding contract governing my
salary. I may also receive an additional bonus
as an incentive to perform; said bonus may be
allotted on purely subjective criteria, so
essentially, yes. Service industry employees
hold jobs which involve providing service. I
pay for this service already. If they are not
being paid enough, it is a contractual issue
between themselves and their employers. It is
not my problem. I am already compromising far
more than I feel obliged to by adhering to
cultural norms suggesting I pay the service
staff extra for making an effort to provide
particularly good service. -John
\-holube: do you think it is "better" that
to you tip a waiter than drops soup on you
and then write a letter to management
suggesting he/she is a lamer? the analogy
to "me and my employer" doesnt work because
one relationship is between 2 parties and the
other is between 3 parties ... and norms
that are sustainable in long term relationship
may not work in one-shot cases. it is not
feasible for me to tip 15% and then go to the
employer and ask for a partial refund because
of some problem. again i am talking about
cases where something fairly dramatic has
gone wrong. also the restaurant case is
likely different from others because tip
pooling is likely. there are certanly micro-
differences in service and tipping is one
place to allow for some flexibility [are you
a regular who is seated before other people
who got there before you? are you seated next
to the bathroom etc]. so why arent flight
attendants tipped? --psb |
| 2004/11/15-16 [Computer/SW/Security, Computer/SW/Unix] UID:34896 Activity:nil |
11/15 I can't access webpages on Soda.
\_ Looking at the logs, it appears things stopped working a little
after 7:00PM Sunday because of nfs problems at the time. Can
someone give apache a kick ("apachectl restart")?
\_ Fixed. Is anything going to work today? - root
\_ Thanks. U = awesome. |
| 2004/11/9 [Computer/SW/Security, Computer/SW/Virus] UID:34770 Activity:high |
11/8 http://www.fcw.com/fcw/articles/2004/1011/web-manh-10-15-04.asp So the NSA wants a ned center to work on, in part, detecting malicious code hidden in software. How is this any easier than 'solving' the halting problem? \_ Dubya can do anything he sets his devious and evil monkey mind to. \_ The fact that a problem is undecidable in general does not stop entire industries from springing up around it (anti-virus stuff comes to mind). -- ilyas \_ Remedying parts of a problem (anti-virus stuff comes to mind) but not eliminating the problem entirely is better than not doing anything at all, unless your partial measures create a false sense of security (anti-virus stuff comes to mind). This is especially true for infosec. Even if AV vendors create false panic & hysteria, there is nonetheless a real problem out there, which they are partially addressing. The same with this malicious code initiative. I have corporate clients who have enormous issues with this; it is a real problem just crying for someone to do something, anything, about it. Infosec problems cannot ever be 100% solved. -John \_ "infosec". This sounds like something Orwell or Philip K Dick would come up with. \_ Sorry, you're right. We've just all taken to calling it that here, you get used to it. You have always been at war with Eurasia. -John \_ Damn eurocommunists. -- ilyas \_ Mao! Mao is the standard! \_ Ooh mao mao, ooh papa mao \_ Are you chinese? Do you understand the effects opium trade had on china!? effects holocaust had on china!? \_ No I don't, explain it to me. \_ Penalty. |
| 2004/11/1 [Computer/SW/Security] UID:34505 Activity:nil |
11/1 So I'd like to use Visual SourceSafe through ssh-tunneling. (I'd
rather chuck VSS entirely, but that's another story). I have no
problem getting VNC to work with ssh (using putty on a WinXP box) but
though I've tried this with ports 139 and 445 for file sharing
(following some guides online) I've been unable to get this working.
Has anyone successfully done this? How? (BTW, the reason I don't want
to use VPN is that VPN on XP sucks rocks for performance.)
\_ WTF does this have to do with the elections? Get outta here! |
| 2004/10/25-26 [Computer/SW/Languages/C_Cplusplus, Computer/SW/Security] UID:34329 Activity:low |
10/25 I have a problem in C++. I have a bunch of autogenerated classes
that I need to be able to convert between. I made a templeted
cast function in a common header file, but it needs to access a
protected function in the generated classes. Is there any way to
make a templeted friend function shared between all those
auto-generated classes? I tried, but I got an error that the
function hadn't been defined. From the first auto-gen'd class.
\_ My head hurts.
\_ Hahahaha, you made my day!
\_ is there some reason you can't make better use of polymorphism
and virtual functions instead of all this conversion crap?
\_ Yes. http://www.llnl.gov/CASC/components/babel.html
\_ Could you explain the relevance of this URL to why
you can make better use of polymorphism and v-fncs? -npp
\_ Any reason not to use a public accessor?
\_ This is what I've done for now, but I would prefer not to.
\_ Thing is, friend templates are a mess with current compiler
implementations. I'd hesitate to depend on that feature if
you want any kind of portability. Another possibility would
be a template member which does the conversion for you from/to
an intermediate type.
\_ are you allowed to modify the autogened files at all? you could
convert the private members to protected. then use explicit
naming to access the protected members from your casting function.
\_ I'm not sure what you mean by this. Can I access protected
data with a non-member function through some kind of
explicit naming? |
| 2004/10/22-24 [Computer/SW/Security, Computer/SW/OS/Windows] UID:34300 Activity:kinda low 72%like:34296 |
10/22 XP Service Pack 2: Good or bad?
\_ No problem for me. I've installed it on a few systems.
\_ Mostly good, and no. It changes your TCP/IP stack such that if
are 10 half-open TCP connections, you can't open any more until
time out. This greatly slows the spread of worms but screws you
if you're running a mail server or P2P. The only fix is a hex-edit
of tcpip.sys
\_ I had some issues with regards to stability that were traced
to SP2's security center. Had to play around a bit to keep
the machine from locking up every hour or so. Others I've
talked to had problems with certain software, particularly
games, so they just went back to SP1.
\_ Mucked up my brother's Outlook Express such that he can't open
messages with attachments, but that's what he gets for using OE.
He switched to Thunderbird, and all is well.
\_ It takes five seconds to turn this off from the preferences
menu. Give me a break, you don't even know how to turn off
a preference in OE?
\_ My sister-in-law called my up and has been on the phone with
Microsoft because the XP SP2 failed halfway through and messed up
the system. It seems to be hit-and-miss in terms of the chances
for disaster. |
| 2004/10/20-21 [Computer/SW/Security] UID:34256 Activity:nil |
10/20 I need to call long distance (to canada) tonight and somehow my phone
card does not work. Since I never signed up for a long distance
carrier, is there a 1010* service that does not charge a minimum or
monthly fee? Ok tnx!
\_ http://1010phonerates.com/index.html |
| 2004/10/20-21 [Politics/Domestic/California, Computer/SW/Security] UID:34254 Activity:moderate Edit_by:auto |
10/20 Hi, I've created a toy web site that will hopefully be a bit of
insightful for people who want to know the "slant-ness" of different
news source: http://www.slantcheck.org
I already bought the domain names, I'm now looking for a place
to host it. If you would like to help please email me. -kchang
\_ http://www.free-webhosts.com/webhosting-01.php
\_ Kevin, does it occur to you that averaging faulty sensor
readings doesn't produce meaningful results? Maybe if we
had some sort of pagerank for people this could work. -- ilyas
\_ the same is true for web votes on http://cnn.com, http://cbsnews.com, etc.
Also read his disclaimer. It's not meant to be scientific at all
\_ I know. I am saying why add to the garbage? -- ilyas
\_ ilyas-- what is trash to you may be useful to others.
To say categorically that something has no value,
says a lot about you. Secondly, most systems require
some level of trust and certainly all systems are
subject to abuse. Just look at the electoral college,
Gerrymandering, e-vote machines crashing, etc.
No system is abuse free -- some systems are much
more abuse prone than the others (case in point informal
internet vote). It's good to have a starting point
somewhere, and in time, refine the system to a point
that it is much less abuse prone and that it is
generating acceptible results.
\_ It does say a lot about me. It says that I think
systems where a vote is trivial to fake, where
a single person can trivially cast arbitrary
numbers of votes, where the opinions of all
people are weighed equally, etc. etc. etc.
will produce garbage. No one will
rely on such a system for anything other
than generating empty motd conversations.
Having said that, I welcome differing opinions
of 'others,' because I am curious how http://cnn.com
polls can possibly be of any use to anyone.
I want to be proven wrong here. If you honestly
want to make progress in this area, you can
look at social networks/pagerank research,
or computer security. -- ilyas
\_ Aw, I thought it was going to run news articles through some sort
of analysis program to compute the results. Instead I find it's
just an unfiltered click poll.
\_ that itself is a PhD thesis right there. Context sensitive
weight analysis.
\_ Yeah, well I could hope for some arbitrary heuristics at
least. A poll isn't right... the name evokes http://factcheck.org
which at least provides human analysis. A <DEAD>slantcheck.org<DEAD>
run by some dedicated individuals who analyze submitted
instances of "slant" could actually be an interesting
service that could get national attention.
\_ Is this thing just a cry for attention?
\_ I dunno. But a http://factcheck.org comparison is natural...
hey I would enjoy doing that analysis as part of
some funded group. Those http://factcheck.org people get
paid to sit around and analyze the same shit you
guys all do on the motd every day.
\_ thanks for the response guys. The bottom line is that there are
a lot of improvements and changes that need to be made in
order to make the results fair and meaningful. I'd love to
implement some of the features that were suggested, but most
of them require a lot of time and/or money. Please keep up these
great suggestions, but even more importantly, send me money
via PayPay. Once I generate enough interests and funding,
I'll be able to hire someone to implement these
features. Thanks. -kchang
\_ How are we supposed to know you aren't going to spend it all
on h07 42n ch1x, or hire one to "implement" your features?
\_ he's gonna hire hot UCLA chicks to implement the features :) |
| 2004/10/18-19 [Computer/Companies/Ebay, Computer/SW/Security] UID:34197 Activity:low |
10/18 Has anyone been a victim of ebay fraud?
\_ Yes, although it was for shipping costs rather than the full
price of the item. Sold $600 of records to a buyer in the UK.
Shipping was over $200. He sent me a "FedEx id number" that the
FedEx driver accepted, but which later turned out to be fraudulent.
I was later charged the full amount for shipping and threatened with
collections if I did not pay up. The buyer disappeared, and since
I had already given him "good feedback" for his payment of the
goods cost, I couldn't ding him through the feedback system.
Ebay was COMPLETELY unresponsive on this issue, and I have heard
*very bad things* about their response to fraud issues.
\_ If I were selling $600 stuff on ebay, I'd have required buyers
w/ excellent feedbacks only. What was that guys's feedback?
\_ Uniformly excellent.
\_ Isn't this a special case of the 'collusion problem'
Google's trying to solve? -- ilyas
\_ Not necessarily. This guy got ripped off but has
now joined the others who gave positive feedback.
\_ Right. Lesson learned: don't give any feedback
until ALL costs are sorted out, and never believe
that a FedEx or UPS account number is real until
double checking. --ripped off guy.
\_ Is there some credit-reporting agency in the UK you can talk to
to shit all over this guy's credit?
\_ I have. Bought an item and similar (but less valuable) item was
shipped in return. I took it as a loss. I had very many good
experiences also, but I am thinking fraud is more common now
than it was when I used eBay more heavily (5-6 years ago).
\_ I was indirectly. A company I briefly worked for had a service
where you could buy a money order with a credit card and have it
mailed to a purchaser (to allow eBay buyers to pay with a money
order). When I heard about this my immediate reaction was something
like "Um, isn't this a huge risk?". The next month we lost $5000 in
charge-backs from people who didn't get their purchases. They all
bought from the same seller who did good business for 4 years and
then moved to Turkey. Oh yeah, when I heard about this I looked at
the seller's address and recognized it as the International House. |
| 2004/10/4 [Computer/SW/Unix, Computer/SW/Security] UID:33892 Activity:moderate |
10/4 Hey, jvarga. What the heck is bonnie and why is it sucking up
all of soda's resources. And why are you running sshd?
7803 jvarga 56 0 5544K 1816K RUN 1:38 4.49% 4.49% sshd
58395 jvarga -6 0 884K 448K nfsaio 3:27 3.56% 3.56% bonnie
58396 jvarga -6 0 884K 448K nfsaio 3:27 3.52% 3.52% bonnie
58393 jvarga -6 0 884K 448K nfsaio 3:27 3.37% 3.37% bonnie
58391 jvarga -6 0 884K 448K nfsaio 3:26 3.32% 3.32% bonnie
58397 jvarga -6 0 884K 448K nfsaio 3:28 3.27% 3.27% bonnie
58394 jvarga -6 0 884K 448K nfsaio 3:27 3.27% 3.27% bonnie
58398 jvarga -6 0 884K 448K nfsaio 3:27 3.12% 3.12% bonnie
58399 jvarga -6 0 884K 448K nfsaio 3:27 3.12% 3.12% bonnie
58392 jvarga -6 0 884K 448K nfsaio 3:25 3.03% 3.03% bonnie
\_ An sshd process is started as the user whenever you log in with ssh.
\_ Stress testing nfs for soda upgrades. I'll nice my processes a bit
more to keep the load from interfering.
\_ What are you testing? Dont be absurd. Re: nicing ... you
are certainly giving signs of not knowing what you are doing.
\_ And those signs would be??? Nicing processes will cause them
to be much lower in the priority queue than other processes,
like sendmail, and make life for you better. Nicing has
absolutly nothing to do with testing NFS.
\_ What a lamer. I wouldn't be surprised if jvarga isn't
a l33t u|\|1X H4X@r. But he's doing a pretty good job,
and a whole lot more than you are. If you have something
constructive to say, go ahead, otherwise, shut your pie
hole.
\_ You dont know who I am. By anybody's measure I've
done far more for the CSUA than jvarga. root@soda/
politburo has been quite unresponsive to requests and
has made a number of boneheaded decisions like the
"kchang finger denial of service" thing.
\_ he was evil when I met him in 97 and deserves a
permanent squishage. The decision was anything but
boneheaded. -former polit
\_ So, by "by anybody's measure", you mean "anybody who
hasn't been around to actually see how much work he's
done."
\_ How about a list of things?
\_ Said the anonymous loser.
\_ Anonymous Loser, just like you? If I signed, then
I'd be dismissed as a bitter alumnus.
\_ Like I said, lamer. We've got this thing in English,
indeed most languages. It's called present tense.
indeed most languages, it's called present tense.
Used for such words as "doing", and "sitting." Maybe
you should google for it.
\_ bonnie is a file system stress-testing benchmark. It *should* be
heavily I/O bound. Bearing that in mind, what's renicing it supposed
to accomplish?
\_ It should be I/O bound, and it is. Renicing the processes will
ensure that they don't consume CPU when others want it. It has
nothing to do with the I/O bound nature.
\_ Not to mention running a benchmark on a system with a lot
of baseline use. "Stress testing for soda upgrade" ... yeah
right.
\_ Actualy, yes, stress testing for a soda upgrade. Those bonnie
processes are hammering on an NFS mounted partition. |
| 2004/9/28-29 [Computer/SW/Security] UID:33814 Activity:nil |
9/28 Anyone know if it is possible (how?) to get the firmware image
from an existing alteon (AD3) (without having to take the box apart)?
I got a replacement AD3 for my existing failing one but it has a
REAL old software version that doesn't support some of the features
I use and want (like ssh) but I'm unwilling to pay nortel $1000 for a
support contract.
\_ What's wrong with taking the box apart? |
| 2004/9/27-28 [Computer/SW/Mail, Computer/SW/Security] UID:33783 Activity:kinda low |
9/27 Looking for colo in Berkeley/Oakland/SF (we provide box)
The best I've seen so far is http://coloserve.com $100/mo for 100GB transfer
Has anyone dealt with them/know anyone better? Thanks
\_ check http://www.vix.com/personalcolo ? -EricM
\_ That works out to about 320kbps. Maybe you should just get
DSL and host it yourself.
\_ Think about traffic patterns for a minute. Also, colo gives
you dedicated power/AC maintenance. Depending on how you're
going to use the connection, the colo is likely the more cost
effective way to go.
\_ I was looking for same thing yesterday. If you http://HE.net down in
Fremont is okay with you, you can go to:
http://www.nationhosts.com
http://www.netspaceinternet.com
they give 1mbps at 95%(~200GB) for $75-85 for 1U. If this is
just a personal thing and you'll have low bandwidth, I've actually
decided to rent out a space on a friend's rack. E-mail me and I'll
see if he's interested more tenants. - johndkim |
| 2004/9/26-27 [Computer/SW/Security, Politics/Domestic/SocialSecurity] UID:33764 Activity:high |
9/26 What kind of secret service protection do senators receive? Also,
do presidential candidates receive special secret service protection?
\_ Um, this is kind of a strange question to ask on the motd, but
Presidential candidates all recieve SS protection... ever since
Robert Kennedy. I am pretty sure that the SS has nothing to do
with the Senate, but I know that Feinstein has some kind of her
own security detail. I don't know who pays for it.
\_ Thanks, but why is this a strange questino to ask on
the motd?
\_ Remember the Steve Jackson games case? The SS doesn't
take well to jokes or even idle curiosity.
\_ Enjoy Ashcroft's be-latexed fingers icily probing your rectal
cavity while you are denied access to counsel!
\_ You have Ashcroft all wrong. He'd never use latex,
he'd dive right in.
\_ Enemy combatants and people who format weirdly on the motd
have no right to lubricant under the Geneva Conventions. |
| 2004/9/21 [Computer/Networking, Computer/SW/Security] UID:33658 Activity:very high |
9/21 A question for everyone. My mother is a libertarian. She wants a
\_ Librarians are sexy
\_ Not in Hayward Pub. Lib.
few computers in her library to only be allowed to visit certain
webpages. (Various refernece and database pages). Basically, she
wants a browser with build in white listing for page viewing. Is
there anyway to do this?
\_ stick them on a unrouted/private network with a firewall/proxy
between them an the outside. Setup access rules on the proxy
to ONLY allow the desired sites. Make sure it doesn't do
any other routing. Lock down the PC's to prevent physical access
hacking.
\_ That's the usual solution, but since it's a public library,
we were hoping for something simpler. What would your
recommend as a router? A linux box?
\_ cheap (if you have the expertise to set it up handy)
linux/bsd box, running squid.
\_ I used to work in a company that made a low-cost machine whose
browser has built-in parental control. But it went bankrupt three
years ago.
\_ Implement this with a firewall. Iptables on Linux will do it.
I am sure Windows has a firewall software.
\_ A firewall local to the machine, or in the gateway, or does
it not matter?
\_ It's easier to do it once in the gateway, but you can
implement it on each host locally just as well. I just
recalled that we use 'Sygate' for Windows.
\_ You want an easy and fast way to do this? Buy one of those wireless
router things for $50 and turn off wireless. Then use the Parental
Control feature to deny access to all domains except those you
enter. I have a D-Link DI-614+ and DI-624 and they both do this.
Admin access is by username/password and you can add/delete domains.
\_ The eminently hackable Linux-running Linksys WRT54G also has this
feature.
\_ Mozilla extention: Weblock http://www.brownhen.com/weblock
\_ I would NOT recommend trussting any access control in PC's that
end-users will have access to.
\_ Really, it just doesn't matter that much. There are other
completely open computers in the library. If someone
really wants to use a access controlled computer to
access other stuff, it's not really going to matter much,
and eventually someone will notice and kick them off.
In general the idea is to have some computers that will
be generally open to people actually doing research. -op
\_ they should whitelist http://Amazon.com as well as the database
searches. I often use amazon when I'm using a library
to figure out more information about a book than
is available in library databases. |
| 2004/9/21 [Computer/SW/Security, Academia/Berkeley/CSUA/Motd, Computer/SW/Unix] UID:33656 Activity:high |
9/21 Say, why don't the proponents of a logged motd actually hack it and
put it in /etc/motd.logged, and let people vote with their feet?
-- ilyas
\_ why don't you create /etc/motd.stupid and post your crap there? -tom
\_ Every account should have its own /etc/motd.<accountname>.
Only you will be allowed to post to your own motd. No one
else will be allowed to touch it, and /etc/motd.public
will be turned off. This way, everyone who wants to can rant
to the heart's content, and no one will have to worry about
their rants being baleated. Everyone else can just ignore
you if they want to. We can have special zones set up for
those that love to argue, as well - for instance,
/etc/motd.tomvsilyas, /etc/motd.freepernutzo,
/etc/motd.aaronallcapsrant, and /etc/motd.mormons. The AMC
can have his own empty file for his motd, but it will be
owned by root so that he can remain "anonymous." It will
be world readable but not writeable by anyone.
\_ and we could call these files ".plan" files, and have a
special command to read these motd files called "finger."
\_ Well, I was trying not to belabor the point too much, but
then again...
\_ you have just used the slippery slope tactic.
\_ And tom used a red herring AND an ad hominem in 1 line!
\_ uh, ilyas is the one with the red herring. -tom
\_ ilyas just volunteered! |
| 2004/9/8 [Computer/SW/Security, Recreation/Shopping, Computer/SW/Unix] UID:33417 Activity:very high |
9/8 What are some wedding registry web sites to use?
\_ http://www.uscav.com
\_ http://www.weddingchannel.com handles the registries for most
of the major stores, including Macy's, Williams-Sonoma, Pottery
Barn, Crate & Barrel... etc. Even REI!
\_ The most popular. Does what most people want to do. But of
course, if you do it with Wal-Mart (and I think Target too),
you get to walk around the store scanning whatever the hell you
feel like...
\_ You can also walk around with a scanner at a Williams-Sonoma
or Pottery Barn store.
\_ You can't scan catfood, cigarettes, and t.p. at WS or PB.
\_ It's really more a question of what store(s) you're registering at
isn't it?
\_ http://bushong.net/wishlist
\_ http://www.williams-sonoma.com |
| 2004/9/4-6 [Computer/HW/CPU, Computer/SW/Security] UID:33348 Activity:moderate |
9/3 Thinking about getting an opteron? If security is your concern,
maybe you should think again: http://csua.org/u/8x7
\_ Erm, maybe I'm missing something, but that page argues that
if someone can gain root access and flash the system with
malicious microcode, they can in the future gain full access
through mere userspace privilege. True, but wouldn't that apply
to any box where you can flash the bios as root? -John
\_ on the PC, linux for example bypasses the BIOS except for
initial bootstrapping. modifying processor microdoce gives
a more persistent hook, as would modifying firmware of
any DMA-master capable device that is not reprogrammed
by the OS. this isn't the end of the world, but surely
adds to the "security is hard" mountain.
\_ Very few places need to be this concerned about security. The
financial industry, for example. The finance and high security
government facilities I'm aware of would be no more or less
freaked out by this than the idea that someone got root in the
first place. If they take a gun to your sysadmin's head at a
party they'll get access, too. So, if you're thinking about
hiring sysadmins who might show at a party maybe you should
think again.
\- hello, it is interesting to talk to people in the
financial world about some of the "attacks" they
face, for example organized crime infiltrating the
mail room. also you have problems like say how to
not let the backup staff read the data. ok tnx.
\_ Yes, that is what I was getting at with the sysadmin
at a party line. There are lots of easier ways to
do nasty things that don't involve updating micro-code
or anything high tech at all.
\_ Wow, someone who actually knows something. Thank you for
showing up.
\_ That's why I avoid parties. It has helped me land better
jobs. :-) |
| 2004/9/2-3 [Computer/SW/Security] UID:33311 Activity:moderate |
9/2 If I want to put images on my (non-profit) website that were
not mine (e.g. scanned in from a book or grabbed from other
webpages) but I did credit the original source, is that allowed?
\_ I've seen more and more sites putting up explicit "fair use" notices
which explain that the work is being used for research purposes or
public benefit, that the original copyright terms still apply for
downstream usages, etc. etc. You can probably google for an example,
which may or may not be copyright restricted itself. What's your
site?
\_ No, you need explicit permission.
\_ It's a very sticky situation. In some cases, it's allowed, but in
many cases it's not. Can you be more specific?
\_ Do some research, find out who owns the copyright, and ask for
permission. Unless it's an original for-profit work of art,
most people will let you use it as long as 1) they don't find
your page insulting, and 2) you credit the source. I used animal
pictures from kidsdomain and a regional park service to build my
Ecosystem game: http://www.ecosystemgame.us
\_ aaaaaaah! you got me! I can no longer resist the urge to
become a marine biologist! you've ruined my life!
\_ Wow, really? I was really aiming for the 8 to 11 age range,
but a convert's a convert.
\_ I'm kidding. I'm a physicist, so any system with more than
two kinds of atoms is probably out of my reach. Cool
website, though.
\_ Thank you. |
| 2004/9/2 [Politics/Domestic/911, Computer/SW/Security] UID:33308 Activity:nil |
9/2 http://csua.org/u/8wm (LA Times) A senior Russian security official said authorities are faced with a dilemma even worse than the 2002 seizure of the Dubrovka Theater in Moscow by Chechen militants, which led to the death of 129 hostages and 41 guerrillas when Russian troops gassed the theater and stormed in. "The situation is much worse than Dubrovka. Believe me, much worse ... It seems almost certain that the hostage-takers are not really interested in negotiations, or any demands. So far, we haven't gotten any coherent statement of what they really want. ... They are just biding their time, as if waiting for us to start storming this school, and then they will blow everything up. I think they are ready to blow themselves up, together with the hostages, in any case. It seems to be their one and only plan." So, you are Putin. What do you do? Please withold jibes about vodka and "In Soviet Russia ...". \_ Decimate the Chechens (i.e. kill every 10th). Do so after every terrorist act by the Chechens. \_ I read that as Chickens and was very confused... \_ "Fear...will keep the local systems in line." \_ As far as the current crisis, there is really only 2 options. A siege, starve them out, or gas 'em again. Probably niether would be very effiective. I guess the previous guy's idea might work over the long run. \_ Why not a standoff while you try to bring in some hostage-taker's relatives and religious authority figures and see if they can convince them to let everyone go in exchange for amnesty. \_ Oooo, family members. Good idea. But who's getting the amnesty? The terrorists or the family members? North N. Korean style would be to kill the terrorists AND their extended families. \_ tactical nukes over rebel hideouts \_ Why do you hate thermonuclear weapons? \_ You're really a moron, you know that? You undercut any sensible counter-argument Cheney and friends *could* have. \_ I don't think the thermonuclear comment was made seriously. You're STILL the moron. \_ Cheney offers to help with Russian hostage situation! "We have to many of these things anyway, and I've always wanted to drop one or two on Ruskies!" |
| 2004/8/27 [Computer/SW/Security, Computer/SW/Unix] UID:33177 Activity:moderate |
8/27 Is anyone else haveing a probllem w/ spamassassin not working since
sometime late last night?
\_ Yes. I am using spamc.
\_ Fixed. Emailing root is the fastest way to get this resolved
when spamd hozes itself -njh (root)
\_ root messed up, root must be squished! |
| 2004/8/26-27 [Computer/Domains, Computer/SW/Security] UID:33160 Activity:moderate |
8/26 So I just transfered from http://register.com to http://godaddy.com. I filled out a few simple forms and http://godaddy.com says "You have successfully accepted the transfer of the domain." Isn't there anything I have to do on the http://register.com side? \_ A couple weeks ago, I transferred a .org from http://register.com to http://000domains.com and learned that the loosing registrar has 5 days to acknowledge or deny the transfer. If, after 5 days, the loosing registrar (in this case http://register.com) does nothing, the transfer will automatically happen. transfer and it happend moments later. What TLD is your domain? \_ my domain ends on Sept. 1. I just transfered today. Does that mean when it expires it should transfer? What is TLD and how do you contact http://pir.org? By the way I just disabled SafeRenew Automatic Renewal Service on http://register.com, is that the same as "locking"? Thanks. -op \_ TLD is Top Level Domain. Each TLD has one registry. http://pir.org (Public Interest Registry) is the .org registry. Example TLD's: com, net, org, biz, be, us, cc, to \_ Unless you have locked the domain, no. If you have locked it you have to inform the losing registrar. \_ Be careful and make sure they haven't been 'helpful' and locked it for you. That happened to me and was a nightmare. |
| 2004/8/24-25 [Computer/SW/OS/Windows, Computer/SW/Security] UID:33120 Activity:low |
8/24 Anyone has any suggestions to hack a Windows XP system if you have
physical access to the machine? Can one just boot from a USB drive and
start to read other files on the machine?
\_ Yes. Assuming the drive isn't encrypted, all you have to do is
boot to something that will let you mount/slave/etc the winxp drive.
\_ Lots of programs let you boot off of a floppy and reset the
Administrator password from there. |
| 2004/8/24-25 [Computer/SW/Security] UID:33112 Activity:kinda low |
8/24 Is there a way to to disable tunneled clear text passwords on a
per/user basis in OpenSSH? Can this configuration be set in a file
in the user's .ssh directory?
\_ They can edit that file so what good is it as a security measure?
\_ Because I I want to disable password logins for my own account.
\_ Because I want to disable password logins for my own account.
\- just * your passwd/shadow entry. i think this is a
good thing to do in nis domains. --psb
\_ That sounds like it could be useful, though also an easy
way for an attacker to lock a user out of his own account,
temporarily at least. If this is your own machine, you
could write a PAM module that denies password auth requests
to users on some list. |
| 2004/8/24 [Computer/SW/Security] UID:33093 Activity:moderate |
8/24 Anyone have problem logging into ebay?
\_ As a security precaution, your account has been suspended. Please
take a moment of your time to update your account information to
keep your account secure. After you update your information, your
account will be reinstated. Thank you. -Ebay Security |
| 2004/8/20 [Computer/SW/Security, Computer/SW/Unix] UID:33038 Activity:high |
8/20 Would someone (root type person) make mail to motd world readable,
or is it so somehow already?
\_ Why?
\_ Password registration.
\_ mailinator.
\_ I want the password and updates to be soda accessible.
\_ rcpt to: motd@csua.berkeley.edu
553 5.3.0 motd@csua.berkeley.edu... motd does not accept mail. |
| 2004/8/18-19 [Computer/SW/Security] UID:32999 Activity:nil |
8/18 OpenSSH 3.9 is out: http://tinyurl.com/67632 Some cool new features are: - Session multiplexing - Reintroduction of PAM support |
| 2004/8/18 [Computer/SW/Security, Computer/HW/Laptop] UID:32983 Activity:moderate |
8/17 I used to use a POP3 client on my laptop to check my soda email
through a secure, encrypted ssh tunnel. This does not seem to
be working anymore... has this been disabled?
\_ no, you broke something on your side. |
| 2004/8/18 [Computer/SW/Security, Computer/SW/OS/Windows] UID:32977 Activity:low |
8/17 No free speech for fascists!
http://www.wired.com/news/politics/0,1283,64602,00.html?tw=wn_tophead_1
(Hackers plan to DOS Rebublican websites)
\_ Expecting ethical behavior from crackers is 'Sofa King, We Tod-Ed'
\_ Um, freedom of speech is a protection against government crackdown
on speech. |
| 2004/8/16 [Computer/SW/Unix, Computer/SW/Security] UID:32938 Activity:very high |
8/16 Some douche changed the password for the csuamotd nytimes account
because he said he didn't like political threads. They're not going
away and you just inconvenianced a lot of people. Where do you live?
I'd like to piss in your swimming pool.
\_ if you figure out who it is, post their name.
\_ I second that.
\_ Is there a "I forgot my password, please email it" option?
\_ Yes, and it will probably go to motd@csua.berkeley.edu
\_ Yes, and it will probably go to motd@csua.berkeley.ed |
| 2004/8/16-17 [Computer/SW/Security, Computer/SW/OS, Computer/SW/OS/OsX] UID:32937 Activity:moderate |
8/16 Why does it always take apple a couple weeks after realsing a system
upgrade before posting the sha digest for the download? -- still
waiting for 10.3.5
\_ FWIW, people using Software Update (post 07-12-2002) does have
the benefit of cryptographic signature verification.
http://www.macmegasite.com/modules.php?name=News&file=print&sid=228
http://www.macmegasite.com/modules.php?name=News&file=print&sid=228
\_ Ever since it is released, people on macintouch and macfixit
have complained S.U. screws the system and recommend download
directly the (combo if possible) updater. They never offered
a reason for this but I followed it just to be safe.
\_ I use SU on my G5, and all is well with my computer. YMMV. |
| 2004/8/14-16 [Computer/SW/Security, Computer/Networking] UID:32899 Activity:moderate |
8/14 How much do you pay each month for home net access, what speeds are
you getting, what additional services, if any, are part of the package
and how happy are you with the service? I'm paying about $65/month
for cable. I get great speeds, it's been very reliable but I think
it's a bit pricey.
\_ forgot, something like $45 for cable with basic TV also. don't
remember any downtime, speeds are more than I need but I haven't
measured lately (at least 1.5 mbps). mountain view.
\_ $40/mo with DSL. Speed is about 1mbps. That's good enough for
me. No downtime so far.
\_ me to.
\_ $109/mo with Speakeasy, 6.0mbps/768kbps, static IPs, very reliable.
\_ $49/mo DSL through Cyberonic. My house is old, the cu is bad and
my co is overloaded, so I'm limited to 640Kbps-768Kbps/786Kbps
and suffer some downtime. The downside is that I have to use
a router that has a 'static ip' but performs pppoe authentication.
All in all I'm okay with Cyberonic, its much faster than my old
DSL.
Before Cyberonic I had 384/128 DSL via http://Sonic.net and paid $57/mo.
Sonic provided excellent service and decent webmail, but I switched
because I wanted faster service for a lower monthly cost. Sonic
tried to convince PacHell to fix my line so I didn't have as much
downtime, but PacHell refused which is another reason I switched.
I hate PacHELL.
\_ I swear those cocksuckers have a computerized blacklist of
hated customers who get the special "screw you" treatment.
Every time I moved when I lived in california it would take
them about a month to "set up" my new phone line, yet somehow
other people would get service in a couple of days.
Fuck pacbell. If I ever live in Ca again, I'm not even going
to bother with a landline.
\_ I thought pacbell was no more? -only owns cell phone
\_ They're now called SBC, but they still provide the same
PacBell service you know and love. |
| 2004/8/12 [Computer/HW/Laptop, Computer/SW/Security] UID:32847 Activity:nil |
8/11 I am not paranoid, but I put sensitive personal information on my
laptop and I go everywhere with it. Is encrypted disk image reliable
and fast? I googled for filevault but it is hard to find article
with clue/analysis. Any other suggestion is nice too. tia.
\_ Using Windows XP Professional? Right-click on folder -> Properties
-> Advanced -> Encrypt contents to secure data
\_ Tnx. Actually I am using OS X, but I appreciate the answer about
window and if there is something for general *nix I'd like to
hear it too. By the way, are such encryption really effective
against id thieves, safe from corruptions, and fast? |
| 2004/8/9-10 [Computer/SW/Security] UID:32798 Activity:moderate |
8/9 [If you want to selectively delete posts from the thread, you might
as well delete the whole thread.]
\_ Don't take it personally, it happens to me all the time. Some
people use scp to change the motd, so as to preserve their
privacy, nuking recent changes. Yeah, I think they are kind
of paranoid assholes too, but they have their reasons and
they will not change.
\_ Why would using scp protect privacy? People can see motd.public
on your commmand line.
\_ BoxAtHome% scp luser@csua.berkeley.edu:/etc/motd.public foo
BoxAtHome% vi foo
BoxAtHome% scp foo luser@csua.berkeley.edu:/etc/motd.public
\_ soda% ps -aux | fgrep motd
.... scp ... /etc/motd.public
One can write a script to check process data regularly,
and root can check lastcomm. So unless you have a program
running on soda that mirros motd, you will still be
caught. |
| 2004/8/9 [Computer/SW/Security, Computer/Rants] UID:32779 Activity:high |
8/9 On IT outsourcing failures.
http://www.theregister.co.uk/2004/08/09/customer_always_wrong
\_ What I don't understand about this is the accusatory undertone
towards the outsources. It's commonly known that Accidenture, EDS
and their ilk have screwed up projects big-time (just look up
"national police computer" for a good example.) However, they're
just trying to make money. What I object to is that people rarely
take a long, hard look at who makes the decisions to hire these
people. "Nobody ever got fired for hiring HP/IBM/whoever"" is a
bit too deeply ingrained in a lot of management thinking. -John |
| 2004/8/4 [Computer/SW/Security] UID:32678 Activity:moderate |
8/4 PuTTY 0.55 is out. Fixes a big SSHv2 vulnerability:
Release Notes: http://tinyurl.com/2rpub
Download: link:tinyurl.com/4z2k4
MD5s: http://the.earth.li/~sgtatham/putty/0.55/md5sums
\_ Speaking of putty, anyone know how to prevent ^? from being sent? I
have backspace set to ^H, but if I have shift held down and hit
backspace it sends ^?. |
| 2004/8/2 [Computer/SW/Security, Computer/SW/Virus, Computer/SW/OS/Windows] UID:32630 Activity:high |
8/3 I found this virus email fairly amusing:
"Dear user of http://soda.csua.berkeley.edu,
Your account was used to send a huge amount of unsolicited e-mail
during the last week. Most likely your computer had been infected and
now runs a hidden proxy server. We recommend you to follow our
instruction in order to keep your computer safe.
Best wishes,
http://soda.csua.berkeley.edu technical support team."
Included was the usual zipped executable file. Who falls for this?!
\_ yermom's got trojans
\_ Many people at my workplace did. Most non-engineers, and even some
young engineers who have never seen a DOS prompt, don't realize that
a file with a name "foo@bar.com" is an DOS/Windoze executable. |
| 2004/8/2-3 [Computer/SW/Security] UID:32623 Activity:high |
8/3 For anyone who's been having trouble using the Java SSH client on
the web page, could you please try http://csua.berkeley.edu/new-ssh
If it works for everyone, I'll make it the default. --mconst
\_ Doesn't work through transparent proxies (at least for browsers
using a proxy.pac.) To be honest, I also had this with
MindTerm 2.0 (I guess being able to store proxy values you give
it would break the sandbox, no?) -John
\_ Cut and paste isn't working for me. Also having problems with
vi that I didn't have with the old ssh.
\_ Could you please make sure $TERM is set to vt320? The new
ssh sets it automatically on login, but your dotfiles might
be setting it to something else. Cut and paste doesn't work
for me in either ssh client; does it work for you in one but
not the other? --mconst
\_ Cut and paste between ssh windows works in the old ssh
only. Cut and paste between ssh window and other window
doesn't work in either.
\_ Worked fine for me--shift-insert and control-insert (this
is on XP) -John
\_ Posting from it now, <tab> doesn't work, ditto w/
copy-paste. It renders better (eg, when I pipe to less)
OTOH, the old ssh closes immediately after authentication.
(Thanks for your work on this, it is appreciated). |
| 2004/7/31-8/1 [Computer/SW/Security, Computer/SW/RevisionControl, Recreation/Humor] UID:32613 Activity:insanely high |
7/31 [ no, see, you need to restore the entire thread. ]
\_ Grow up you self-righteous little worm and stop seeing so called
censorship everywhere. It was a partial restore because that was
what was easily extractable from the logs. If you want to do
better, then restore everything yourself. It was clear this was
not an ideologically driven edit.
\_ I don't care whether it was ideologically driven, petty, or
another kind of edit. Whenever it happens, surrounding context
will get nuked. End of story. Don't edit other people's shit.
\_ Yep, temper tantrum.
\_ Hey little worm, do you understand this is not a matter of
any "editing"...it's a matter of a best effort *restore*.
You are punishing the wrong person. It probably isn't worth
my time to catch you doing this, but let's not beat around
the bush and pretend there is some principle in what you
are doing.
\_ No, *this* is the temper tantrum.
\_ No, this is aggrivation.
\_ And this is bad spelling.
\_ Shrug. Not my thread, not my posts. I just restored as a public
service. Why don't you restore what I missed, if it means so
much to you? Don't know how to run rcs, do you?
\_ Nuking all discussion as a response to partial deletes is much
more effective than restores.
\_ great, now we have an effective way to get rid of trolls
\_ Gee, and I thought you were just a child throwing a temper
tantrum.
\_ Nuking all discussion as a response to anything is stupid.
Restoring the damaged thread to an undamaged state immediately
and without comment is the best way to fight childish partial
deletes and the typical not-at-all-funny edits on the motd.
\_ Not all discussion, just the thread in question. The
reasoning goes like this: any edit (except accidental ones)
whether ideological, joke, etc entails a lack of respect
for what the (edited) person had to say. Why should that
person be singled out for said lack of respect? Let's
apply it uniformly. The environment we are shooting for is
"edit someone's post -> no one gets to have any more fun."
\_ You need to make a distinction between ideological
edits and partial restores because a thread was
"damaged" ... partial edits, then added to, then
partial restores etc ... which someone tries to
unideologically restore the bulk of rather than
leaving it truncated.
\_ I appreciate the attempt at public service, but
frankly, if you are just restoring a truncated
version then don't bother. It has the same effect
as just leaving partial edits be. I am not going to
let partial edits be. |
| 2004/7/30 [Computer/SW/Security] UID:32582 Activity:moderate |
7/30 What's with the slew of security updates from Gentoo/Red Hat/
Mandrake recently? -John
\_ The terror alert was raised to orange.
\_ the fat hackers decided to focus their energy on linux?
\_ M$-sponsered hackers.
\_ Linux security sucks because the many-eyes concept is a failure?
\_ Linux security sucks? |
| 2004/7/29 [Computer/SW/Security, Computer/SW/OS/Windows] UID:32562 Activity:high |
7/29 If I use my own personal notebook at a company, airport, etc. or at
someone's house going through their networks, how
easy/hard/cheap/expensive for someone to monitor and capture my
passwords, URLs, IM messages, etc. if these are not encrypted nor going
through HTTPS and/or SSL? I have both Winblows 2000 and XP. I am just
wondering if it's possible for them to have some specialized routers
and such that can sniff my network traffic.
\_ if you don't encrypt end-to-end, it's completely trivial for anyone
in antenna range, or the antenna owner, to capture all your
traffic. -tom
\_ To that add 'anyone with accesss to an intermediate network'.
\_ Trivial? How would I do that?
\_ Google 'promiscuous mode' and 'packet sniffing'.
\_ Pi - ka - chuuu!!!1!
\_ Tamagotchi. Doraemon. |
| 2004/7/27 [Computer/SW/Security] UID:32500 Activity:very high |
7/27 Is there any freewares out that that I can use to recover my locked
Word Excel, and Outlook files? I have not opened them for about 2
years and can only remember some, but not all of the them. I have
found some that costs about $40-$70 but are not good enough. There's
one that cost $150+ that told it located my password, but would not
show it to me since I have not registered for it yet. Better yet, is
there some simple sample programs that I can programmatically try to
open the files? I can write a simple brute-force program to do it. I
am in no hurry to recover my passwords.
\_ If you had used PGP, you wouldn't have to worry about this now.
\_ explain
\_ If the files were PGP-encrypted and you lost your key, there'd
be no point in worrying about getting your data back because
you wouldn't.
It's a bit like locking up a bike with a toy lock. If you
lose the key it's not too hard to break the lock, but if
someone else wanted to steal your bike, the lock would be
pretty useless.
\_ Try Apache POI. It's Java API that can open Word and Excel files.
Their website also has links to other competing packages.
Also, if you want to use the API interactively, consider using
it through Jython. -jeffwong
\_ http://www.elcomsoft.com/prs.html |
| 2004/7/17-18 [Computer/SW/Security, Recreation/Humor, Computer/SW/Unix] UID:32331 Activity:high |
7/16 The new official North Korean webpage! Get your free email
account! Would someone mind making a csua account we all can use
to read it?
http://www.kcckp.net/external_e
\_ bah! if you like dictators with web pages, check out this one:
Qadhafi's official homepage.
http://www.qadhafi.org
\_ I don't find NK very funny. -- ilyas
\_ You don't find anything very funny.
\_ These days it seems every anonymous motd macaque knows more
about me than I do myself. -- ilyas
\_ I think you're funny.
\_ Oh, I think ilyas is funny. I just don't think ilyas
finds anything funny. I think that's part of what
makes him funny.
\_ Login/Pass: phillip/philspell enjoy. -John
\_ Thanks! I heartily recommend Politics->Leader->KJ IL->Anecdotes
\_ Goddamn! It's as if Francis Fukuyama lost a third of his
brain and kept on writing! |
| 2004/7/16-18 [Computer/SW/Security] UID:32324 Activity:moderate |
7/16 Is there anyway to tell what service USED to have open a given port?
the port was open 15 minutes ago but not now, so i can't use lsof to
look and see.
\_ if you had ippl running and logging this information, or some
other process accounting/logging
\_ I think ippl only tells you what ports are being connected to
and what the /etc/services entry for that port is, not what
process is actually listening there.
\_ oops, yes you are right. I misremembered. |
| 2004/7/13-14 [Computer/SW/Apps, Computer/SW/Security] UID:32257 Activity:high |
7/12 I have a pdf file that is somehow corrupted. I want to recover
its first page. What tool can do that? This is an image only pdf.
\_ try opening it with illustrator. I've seen that work.
\_ Elcomsoft has a cool toy for breaking pdf security and saving
the result as another file. Maybe it can read it. -John |
| 2004/7/12 [Computer/SW/Security, Politics/Domestic/911] UID:32227 Activity:moderate |
7/11 LIVE IN FEAR PESANTS!
http://www.chron.com/cs/CDA/ssistory.mpl/editorial/outlook/2660471
\_ Do you mean 'peasants'?
\_ Ok so you won't mind if we profile Muslims and kick out all of
the illegals? Which is it?
\_ Your reply makes no sense to me, but I'm sure it's exactly what
the TSA folks think too.
\_ The fact that they talked to him seemed reasonable, but I think
any sane police agency would have quickly said, "ok, no big
deal" pretty damn fast. Although I think the person who
reported him is a moron, I do understand the "we have to
follow up" reponse. I don't understand the "we have to look
tough and try to scare him" response.
\_ I don't think your version would make a very good newspaper
story.
\_ It's just the way cops are. You never met a cop before? This
idiot writes like he's never met one either. But really, the
above is correct. The guy had a deadline for X column inches
so he wrote some crap. Since nothing happened and you can't
check his story, who says it even happened at all? The URL
and the original 'story' and I do mean 'story' are trolls.
\_ He's not an idiot; this is unacceptable behavior by stupid
and officious thugs in uniform. I was approached by a
little toad bitch in St. Louis (after they'd lost my
luggage) who asked me if I were visiting on business or
pleasure--I replied "pleasure", at which point she started
snapping at me "then why are you wearing business
clothes?!?" (Khakis and a shirt.) These are the menial
and uneducated, placed in uniform with a mandate to
intimidate. See comment about paying what you get for
in the camera discussion below. -John
\_ America: land of the free, home of the brave. |
| 2004/7/5-6 [Computer/SW/Security, Computer/SW/OS/FreeBSD] UID:31168 Activity:nil |
05/07 A while ago I was having a lot of trouble getting Postfix to use
SASL2 auth for sending mail on FreeBSD. This link (including the
errata at the bottom!) shows how to do it painlessly:
http://ezine.daemonnews.org/200306/postfix-sasl.html -John |
| 2004/7/2 [Computer/SW/Security, Politics/Domestic/SocialSecurity] UID:31147 Activity:nil 66%like:31139 |
7/2 With Social Security everybody wins!
http://www.ssa.gov/kids/kids.htm
\_ I am a Grasshopper.
When I saw my friends relaxing, I said that we had to store our
money away for the winter. Sure none of it will go to _our_
retirement because the system will go bankrupt, but at least that's
money that won't go into a 401(k), ensuring a solvent retirement
for our generation! |
| 2004/7/2 [Computer/SW/Security, Politics/Domestic/SocialSecurity] UID:31139 Activity:nil 66%like:31147 |
7/2 With Social Security everybody wins!
http://www.ssa.gov/kids/kids.htm |
| 2004/6/30-7/1 [Computer/SW/Languages/Misc, Computer/SW/Security] UID:31095 Activity:low |
6/30 I have a ps file probably made from a (la)tex source but I do not have
access to the source. ps2pdf renders it but only with totally ugly
result - the fonts look like scaled up bitmaps. How do I make it look
normal?
\_ Try a more recent version of ghostscript. |
| 2004/6/25-26 [Computer/SW/Security, Computer/SW/OS/Windows, Computer/SW/OS/OsX] UID:31009 Activity:high |
6/24 Yay, IE6 vulnerability that affects fully patched systems, that
allows local machine access (downloading and running any .exe) on
previewing an e-mail or browsing a web site (including pop-up)!
System administrators rejoice!
http://csua.org/u/7xe
\_ IE on mac os x not affected, supposedly. :-)
\_ The payload is a Windows executable, but I wonder if the same
IE hole doesn't exist on Macs too...
\_ It's probably not as easy to execute arbitrary due to diff.
in underlying API. Also the mac division of MS is complete
separate and semi-autonomous/forgotten from the rest.
\_ But the report I read from the "Get the Facts" Roadshow said
that Microsoft is the fastest at fixing security holes!
\_ That's because their security holes are all the same. They just
keep on making the same mistakes over and over again. Besides,
how hard is it to fix a buffer overrun hole?
\_ Infect yourself! (with a "harmless" one)
http://62.131.86.111/security/idiots/repro/installer.htm
It overwrites C:\Program Files\Windows Media Player\wmplayer.exe
and runs the new one, then restores it when it's done.
\_ Gee, this sounds like GREAT advice.
\_ Has no visible effect on safari.
\_ sploit only affects IE, and probably only on Windows. |
| 2004/6/23 [Computer/SW/Security] UID:30965 Activity:kinda low |
6/23 Does anyone SSH via scotch.csua, port 80? I am seeing a lot of
lag via scotch versus SSH directly to csua. I want to confirm
this before emailing root.
\_ network lag is more widespread on scotch then just ssh tunneling.
looking into it - erikk |
| 2004/6/22 [Transportation/Car, Computer/SW/Security] UID:30948 Activity:high |
6/22 Does anyone here know anything about San Francisco Mercedes-Benz,
specifically their service department? I've heard really bad things
about the service guys at SFBMW, so I'm wondering if I should take
my car to a dealer in another town.
\_ You heard bad things so obviously you should take your car there!
\_ No no. I heard bad things about SF BMW - really bad things from
someone that worked at their service department, stuff involving
forged service documentation etc... SF M-B might be wonderful
but it got me thinking, so I thought I'd ask...
\_ What do the two have in common other than being in SF?!
\_ Nothing. He's just stoned or something. |
| 2004/6/22 [Computer/SW/Security, Computer/SW/Unix] UID:30947 Activity:nil |
6/22 What's gmail's tech support email? I cannot log in for more than 16
hours now, this is unacceptable. Thanks.
Server Error: The server encountered a temporary error and
could not complete your request. Please try again in 30
seconds.
\_ erase all google-related cookies. purge cache. retry. worked for me.
\_ and if that fails: http://gmail.google.com/support/bin/request.py
\_ I tried erasing all cookies/cache, and still happens on both
mozilla/ie. I can't even visit the support page, because it
requires a login, and I can't login. Shit. any ideas?
\_ was this just after creating an account? try the above
steps again, but also change your password (with the Forgot
Your Password? link). i couldn't log in either all
yesterday until i did this.
\_ yes. that's very unacceptable for a service still in beta.
\_ Fine, don't accept it. Go back to Hotmail. |
| 2004/6/18 [Computer/SW/Security, Computer/SW/Unix] UID:30882 Activity:high |
6/18 Is anybody else not able to log into their office account?
My password is rejected.
\_ It looks like ypserv crashed on scotch; I've restarted it. Could
you please try logging in again? --mconst
\_ It seems to be working now. Thanks mconst!
\_ REQUEST DENIED. |
| 2004/6/11 [Computer/HW/CPU, Computer/SW/Security] UID:30750 Activity:high |
6/11 I want to give my compile really high priority, in hopes of
getting it to compile a little faster, so I ran : nice -20 make
but all i got was the error: setpriority: Permission denied. help?
\_ Only root can set a priority higher than default.
\_ only root can raise priority, dude.
\_ Dang. I need to get root on this box (my work box).
There's all kinds of stuff that needs fixin'
\_ If you have a dual-cpu or a P4 with HT you can try spawning more
compile threads.
\_ what else are you running on the box that would lead you
to think that renicing will have an impact?
\_ Actually the problem is I'm running Enterprise Linux 3
(Kernel 2.4), in which the VM sucks. Either way, I'm
running a dual processor Xeon, but only about 2% of
the processor time is being used. I thought I'd take
a shot at raising priority, just because I knew I
couldn't fix the problem without root access. (My
sysadmin hasn't helped.)
\_ if you're not CPU bound, nice won't change anything.
\_ Let me guess, you have a big fat shitty 5400 rpm
Maxtor? Probably sharing the IDE bus.
\_ Sorry, it's a 15000 RPM Seagate Cheetah on
Ultra SCSI. The probelm really is Linux. |
| 2004/6/9-10 [Computer/SW/Security] UID:30708 Activity:kinda low |
6/9 pgp/gpg: I'm trying to verify the authenticity of an iso file.
I've read the gpg man page and HOWTO, and I still don't understand
what is the right way to do this. Shouldn't it take 2 commands?
Here are the three filenames: DC0FCB63.asc
dban-1.0.3_i386.iso dban-1.0.3_i386.iso.asc
What's the correct incantation?
\_ wow it's sad that this software is so arcane to use.
\_ Is this correct? -op
gpg --import DC0FCB63.asc
gpg --verify dban-1.0.3_i386.iso.asc |
| 2004/6/9-10 [Computer/SW/Security] UID:30707 Activity:high |
6/9 Microsoft Security Summit at Moscone Center on June 22. Has anyone
here actually been to one of these? Are they worth going to?
http://csua.org/u/7o6
\_ Pretty much they say, "We're secure, just patch and reboot a lot,
those smelly hippies wore the same sock yesterday so who wants to
use their icky software?" |
| 2004/6/7 [Computer/SW/Security] UID:30642 Activity:nil |
6/5 I can't reach some sites from my company, including sameer's
anonymizer. What are some good anonymizing sites I can use? Thanks.
\_ I recommend setting up nph-proxy or something similar on your
home machine. For added yuks, run it over OpenSSL and password
protect it. -John |
| 2004/6/6-7 [Computer/SW/Security, Computer/SW/Unix] UID:30639 Activity:moderate |
6/5 I have no idea what changed, I may have accidently changed some
option I can no longer find, or my friend's 2 year old may have
hit some obscure key combo, but Now WinXP now logs me out every
time the screen saver goes off. I only have 1 account on this
machine, and there's no password. This is the epitome of a stupid,
useless extersize. Anyone know how to turn it off?
\_ Right-click the desktop | Properties | Screen Saver | Password
Protected.
\_ Turn off the screen saver.
\_ I don't think you get logged off, but you are probably screen
locked. The idle-logoff feature is a separate utility you have
to install.
\_ is it a normal screen saver? The resource kit comes with a screen
saver that logs you out automatically...
\_ the log-off screen saver on the resource kit is a separate
purchase. So I don't think he as the resource kit with his
winXP. |
| 2004/6/6-7 [Computer/SW/Security] UID:30636 Activity:very high |
6/5 I got an unauthorized charge of $9.99 on my credit card from
Privacy Guard. To my surprised the company does credit check
for that exact same amount. Can someone tell me what's going on?
Is my identity being stolen?
\_ I think it's more likely you unwittingly signed up for some stupid
service when you made some online purchase.
\_ a response to my own post. Basically Chase called me in January
and asked me if I wanted this service for free for 2 months.
I said ok, but they never sent me any info on how to log in or
use the service. Now that I got charged, they're telling me
how I could log on and use the service.
\_ Let us know if you manage to get them to reverse the charge.
\_ they're not obligated to. technically, op agreed to it.
failing to cancel is how they make money.
\_ Yes, true, and yet, in the interests of good customer
service, a lot of companies will reverse the charges if
you object to them. I've had success with PacBell and
Blockbuster over implicit consent agreements. |
| 2004/6/4 [Computer/SW/Security] UID:30592 Activity:nil |
6/4 MacOS X Screensaver Passwd lock security issue:
Vulnerability: http://tinyurl.com/2ghmz (macosxhints.com)
Workaround: http://tinyurl.com/2muab (macosxhints.com) |
| 2004/6/3-4 [Computer/SW/Security] UID:30585 Activity:high |
6/3 What kind of encryption scheme is used in the German Enigma Machine?
Is it symmetrical encryption? Why was it so hard to crack in the 40s?
\_ I believe it was a poly-alphabetic cypher that changed on each
letter (therefore, yes it was symmetric). So, the first
letter in a mesage would use one cypher, the next would use
another. The standard machine used 3 wheels, so the opertator
would set the 3 wheels to that day's setting, and type in
either the message or the cypher-text. Each would produce the
other. This kind of message is easy to break with a computer,
and lots of example messages, but I wouldn't want to work it
out on a sheet of paper. Of course the setting changed
(daily?) frequently, and when the settings changed, you got
almost a whole new encryption problem. There are LOTS of pages
on this, and example java applets. Google.
\_ And if you like novelisations, Neal Stephenson's _Cryptonomicon_
and Robert Harris' _Enigma_ cover both the math and the history
quite nicely.
\_ Actually, the German field soldiers tended to set them (there
were more wheels later on) to swear words, so there was
actually a decent message depth. -chialea
\_ They had plenty of sample messages when nearly every unit that
had one all sent happy birthday messages to hitler.
\_ interesting weakness- the rotors were hard-wired- so for a given
position the mapping of one letter was reversible. Say the code
key was XXX and you typed A and got a Z... if you had typed a Z
you would also get a A. For the rotors in that position. Ask
chialea for how useful that actually would be. -brain
\_ Applet http://www.ugrad.cs.jhu.edu/~russell/classes/enigma |
| 2004/5/31 [Computer/SW/Security] UID:30504 Activity:high |
5/31 Is there a way in Windows XP to make particular files or directories
password protected. This would be so that someone could you the
administrator account, but not be able to access particular
directories without reentering the password.
\_ http://www.google.com/search?q=password+protected+folders+windows
\_ EFS or pgpdisk. EFS key mgt. is ass, pgpdisk costs money. -John
\_ any tips on using EFS and managing keys well for it? Can you
just put your key in lots of places (and depend on the password),
e.g. on your webservers, to not lose it? Not as secure, true,
but I'm mostly interested in a casual thief stealing my
laptop and getting my financial records. (anyone who really
wants them has probably already broken into them anyway...) -!op
\_ http://www.cypherix.com/index.htm
I have never used it, but it claims to be free. Let me know if
it works. |
| 2004/5/29 [Computer/SW/Security] UID:30491 Activity:high |
5/30 Does X packet forwarding forward sound data?
\_ It's 5/29 you idiot!!
\_ Yell at the previous poster, dude. He started it.
\_ Rule 1 in local politics: Blame your own stupidity on others'.
\_ W00t! I'm a trendsetter! -5/30
\_ Soon, soon it will be!!
\_ No.
\_ If you mean X forwarding over SSH, it is not specifically X but any
TCP stream can be forwarded over SSH. With tunnels-over-ssh you can
do general network traffic over SSH too. If you can get yoru sound
data over a TCP socket forwarding it over SSH is not too difficult
to accompilsh. -- someone who routinely uses SSH forwarding to
tunnel ssh connections back through work firewall.
\_ Thanks. --op.
\_ I didn't think sound support was built into X.
\_ It isn't; there are number of sound servers, most of which have
network support though: esd (enlightenment sound daemon),
artsd (dunno what it stands for; it's the KDE one), and
nas (network audio server or something; the oldest one) |
| 2004/5/26-27 [Computer/SW/Security, Computer/SW/Unix] UID:30440 Activity:very high |
5/26 Just curious... Are people supposed to be running their own
drug store off soda's website? I assume it's commercial.
\_ definitely a violation of soda and university policy. -tom
\_ Only if they're offering discount v1agkra
\_ No. Mail root with the location and it will be taken
care of.
\_ URL please? Just curious.
\_ ~chrchan/public_html last I saw it. I saw the raw files, but did
not point a browser at it. Not my call. I don't have root, access
to read logs, etc. "Someone" should politely ask him about it in
case it is just for practice or for somewhere else.
\_ What made you think he was running a drug store instead of just
trying out some ecommerce code? And how the hell did you stumble
across this? Were you really bored enough to just be randomly
searching soda?
\_ I said I didn't check it in detail, duh. That he might just
be testing something, duh. That a polite query was in order
IMHO and nothing more at this point, duh. You, duh. Duh.
\_ No, that is not yellowcake in his directory.
\_ I think it's a false alarm. Most of the code isn't even
world readable. |
| 2004/5/22-23 [Computer/SW/Security] UID:30361 Activity:high |
5/22 Is Yahoo IM authentication at least somewhat secure? i.e., does it
send out the password in clear text or simple hash? What about MSN
IM? Google didn't help.
\_ It's been a long time but I used to share a hub with a coworker.
One day I fired up a network sniffer for a work thing and was able
to see all her IMs in clear text. This was frightfully boring so I
moved her to her own connection.
\_ i know for sure that msn uses a simple hash scheme... they
send a random challenge string, you append the challenge to your
password, run md5 on (password+challenge), and send the digest
back to the server. i don't remember what yahoo does, but i vaguely
remember it was some kind of hashing scheme. |
| 2004/5/19 [Computer/SW/Security] UID:30302 Activity:nil |
5/19 Is it true there haven't been any successful suicide bombers in
Israel since the building of the security barrier?
\_ A very small number. The fence isn't finished yet. The fence is
also not going to reduce the number to zero either. Just reduce
the murder rate to something the EU and UN can continue ignoring.
\_ IMO the israelis should fence off another square km of
'buffer space' territory for every bomber that gets through. If
the Palestinians send enough bombers through to get themselves
pushed into the mediterranean, its their problem.
\_ Where can I get info for this?
\_ There was at least one bombing at a seaport about 2-3 months
ago. There have been a few random rockets/shell fired semi-
randomly into Israeli civilian areas. The 14 year old was
caught wearing a bomb at a check point. Maybe a few others
I've forgotten.
\_ I asked about SUCCESSFUL suicide bombers. I know
there was at least one successful conventinal attack,
some dude stopped a lady and her 4 kinds on the road
and shot them all.
\_ pft. Google. I gave you the basic story lines. |
| 2004/5/18 [Computer/SW/Security, Computer/SW/Unix] UID:30279 Activity:nil |
5/18 is tere a generic csua account to view contracostatimes articles?
\_ I think we should make this list of username/passwd a public
file that everyone could edit (like motd). It can't all be
csuamotd/csuamotd because each site as different password rules.
\_ csuamotd/csuamotd doesn't work?
\_ it wanted an email. i went ahead and created
csuamotd@example.com / csuamotd |
| 2004/5/18 [Computer/SW/Security, Computer/SW/Compilers] UID:30276 Activity:nil |
5/18 http://anitaborg.org/events/careers_in_cs.htm Women in Computer Science, sponsored by Google. |
| 2004/5/14 [Computer/SW/Security, Politics/Foreign/MiddleEast/Israel] UID:30229 Activity:high |
5/14 Strong case for Freeper complicity in Berg's death. I had to
grab it out of Google's cache, because of course, it has been
"Freeped" off the air:
http://csua.org/u/7bk
\_ freepers turned me into a newt!!
\_ Not a very strong case really. Tin foil hat territory actually.
Let's list the irregularities about Nick Berg:
1) A Jew in Iraq, without any personal security (not exactly the
safest thing in the world--but it appears he was motivated to help
the reconstruction, and I respect his resolve for that).
2) Had a Koran in Arabic and anti-semitic literature with him.
3) Had an Israel stamp on his passport, and then stamps from other
countries that typically don't allow people in if they've been
through Israel.
4) Zaccarias Moussaoui used his email in 2002. In Oklahoma.
5) He refused help from the US government to get home.
That doesn't add up to a conspiracy, but it does mean that it's not
a surprise that he was picked up by Iraqi police, and was
interviewed by the FBI. It also suggests he might have been a prize
for Al Qaeda.
\_ is there anything weird about the death video? like i read some
stuff about how it looks edited or whatever. i haven't seen it.
\_ ...and without missing a beat, we're right back in tinfoil
hat land. nice. |
| 2004/5/6-7 [Computer/SW/Unix, Computer/SW/Security] UID:30070 Activity:high |
5/6 Let the good times roll!: http://csua.org/u/77k \_ Instead of me just purging your link, how about you give it a brief description so we know if there's a reason to check it and if it is work safe or not? Then it might have reason to live. \_ Its something about the current oil prices, an opinion piece from an investment website. I suspect PeakOil guy posted it. -- !op \_ Oil has Peaked! Jesus is coming! Look busy! |
| 2004/5/4 [Computer/SW/Security, Computer/SW/OS/Windows] UID:29996 Activity:high |
5/4 Anyone know of a way to send SMS message to mobile phone in China
for free, ie, via the web? thx.
\_ Find the service provider of the person you're trying to SMS.
Then go do a web search for web-based and e-mail SMS gateways
for that provider. |
| 2004/5/4 [Academia/Berkeley/CSUA, Computer/SW/Security, Computer/SW/Unix] UID:29995 Activity:very high |
5/4 /csua/tmp has about 2.8 GB used in publicly readable directories.
About 2.3 GB is random stuff from individual users. The top 20 files
in /csua/tmp are a total of 800MB and the most recent is 3 months old.
Please clean out your old files. --anonymous but trying to be polite
\_ fyi, /csua/tmp/hozers has a list of directories sorted by size
\_ Wow, I had no idea we had so much world readable crap on soda!
\_ If you have any cool files in /csua/tmp please post the filename
and a brief description here.
\_ If you don't, root will delete your files in 24 hours.
(Ok, not really, but I wish root would. :P )
* Sims.mpg are virtual creatures evolved to moved around in
different environs (water, on land, etc.)
\_ crabvspipe1.mpg is an unlucky crab which gets sucked through a
tiny hole in a pipe due to a huge pressure difference.
\_ moab_munifest.avi is some dumb bicycling thing.
\_ clearly you didn't watch it. -tom
\_ Wait for it...Wait for it...RIIIIIIIIIIIII-
\_ DELETE FILE!
\_ Don't you mean BALEEATED?!
\_ theplay_long.ram is the highest quality clip I've seen.
(thanks tom!)
\_ any good porn? -hornyguy
\_ Heavens I hope not. The CSUA has had enough pornishment.
\_ tranthra.avi-- dorm+hooker porn. Not good porn.
\_ So when is William "Hung" going to film one of these?
\_ Ok root, I don't think anyone can argue if you delete
that. (Not to mention it's a year old)
\_ It's a classic!
\_ is this a ucb dude?
\_ yes. it takes place in the units.
\_ Is this the one where some kid take a hooker with
flat breasts into his dorm room while his computer
camera on and they have some kind of argument about
why the computer needs to be on?
\_ Does that mean there's no actual sex in it?
\_ There's sex. It's just not well-filmed or erotic.
\_ It's a hilarious video. Not erotic but definitely humorous. |
| 2004/5/2 [Computer/SW/Editors, Computer/SW/Security, Computer/SW/Unix] UID:29944 Activity:very high |
5/1 waner, cut the binary shit out.
\_ waner is smushing the motd with binaries? waner the good
stalker christian? no way!
\_ what binary was he using? I ran strings on it the first time
but I couldn't really see.
\_ how did you figure it out? -waner
\_ I propose waner's account be suspended.
\_ second that. tell us how did you figure this out. by
knowing who did the last motd destruction/censoring, may be
we could stop motd censoring altogether.
\_ If you squish tom you'll end most motd censorship.
\_ Maybe keep one window tracking changes, and another tracking
people's idle or last login. This would only work for hosings
in the middle of the night.
\_ there is no middle of the night. people post from all
time zones.
\_ Some time zones are more active than others. There is
a middle of the night for a machine where most of the
users are in California.
\_ I'm going to measure activity as a function of time
over a few 24 hour periods and see if you're right.
i'll get back to you on this.
\_ I haven't measured it scientifically but I know
motd activity is primarily M-F/8-6. I'd like to
see what you measure and what the numbers look
like when you're done.
\_ i log fstat and diff on motd.public. it's usually not hard to
figure out who's modifying the file with what, particularly if
the person does it repeatedly.
\_ except that some (many?) editors don't keep a file open while
they're editing. so the window during which they have the
file open (i.e., reading or writing) is rather small.
\_ he's a stalker too? do tell.
\_ There was a world-readable text file in his home directory which
in obsessive detail chronicled his every interaction with this
particular girl over the past year or two. Someone posted the
filename to the motd. Then everyone was creeped out, then waner
made the file non-readable.
\_ It was a great file. I've never had such a deep look into the
mind of a psychotic/stalker before. Did anyone figure out who
the girl is and warn her?
\_ maybe if anyone knows felicia, presumably ex-cal student,
religious, looks like the righthand chick in
http://tinyurl.com/yubsf |
| 2004/4/29-5/1 [Computer/SW/Security] UID:13480 Activity:nil |
4/29 FYI, Microsoft does support publishing using iCalendar.
http://freebusy.office.microsoft.com/freebusy/freebusy.dll |
| 2004/4/28-29 [Computer/SW/Security] UID:13441 Activity:very high Edit_by:auto |
4/28 What happened to the INSPEC database? Where can I do a periodical
search nowadays?
\_ nothing happened to it. you may be confused about what it is.
it's a pay-for-use database that has no affiliation with the
University, but which almost all universities pay to use. That
means that from an ip address on the campus of any major university
there's generally some easy way to access it, often via web, but
that off campus you generally have to pay. I think it's possible
to use your csua account to get access, but I've never bothered.
\_ I forgot to say that I meant melvyl's access to INSPEC. Now
it's gone, as is CC (current content). Actually it seems all
auxillary databases are removed from melvyl now.
\_ Transfer to a less cheap ass school.
\_ You know, it's *possible* that someone might actually
*not* go to school for their whole life, but still want
to look up journal articles. It's also possible that
someone goes to a school with access via their library
computers, but wants access at home. |
| 2004/4/27 [Computer/SW/Security, Computer/SW/Unix] UID:13397 Activity:nil |
4/26 I want to find out weathers of the bay area in the past few days.
Is there a website that keep recorded temperatures?
\_ http://tinyurl.com/23jol (http://www.wrh.noaa.gov
Click on the links on the right.
\_ http://www.wunderground.com has a DIY version of the above. |
| 2004/4/23 [Computer/SW/Security] UID:13348 Activity:nil |
4/23 Any good Free SSH server for WinXP?
\_ the only servers i'm aware of for windows are
openssh under cygwin, and http://ssh.com's windows ssh server (which
might have a non-comm version, but i doubt it).
\_ http://sshwindows.sourceforge.net |
| 2004/4/20 [Computer/SW/Security] UID:13284 Activity:nil |
4/20 BBC: 70% of computer users would trade password for chocolate bar.
http://news.bbc.co.uk/1/hi/technology/3639679.stm
\_ That is, 70% of computer users would make up a random word for a
chocolate bar.
\_ *snicker*
\_ No. Snickers.
\_ eat bar, change password.
\_ wrong order. get bar, change password, eat bar.
\_ (get bar - assume) , change password first could risk
loosing the bar when they cant login
\_ correct, trick is to eat the bar fast enuf to
be able to change password before they try to login
\_ converted into an interview question: you're fired! |
| 2004/4/13 [Computer/SW/Security] UID:13178 Activity:nil |
4/13 I found the ucla stud guy! He's here: http://www.asian-man.com and he lives in Westwood \_ he seems a little too hairy to be an asian guy. \_ I've seen hairier asian guys. |
| 2004/4/12 [Computer/SW/Mail, Computer/SW/Security] UID:13138 Activity:high |
4/11 anyway- things here have quiting down a little, A LOT of people
took off, fucking whimps, fluor might end up loking like the bad
asses out here since we are sticking it out, hell even our client
took off and just screwed everyone doing so, so while the fluor
group is just kicking ass and taking names, the guys we work for
(who are responsible for proviing power), just took off. The damn
military is taking over the power situation which in a lot of
sears really saves our ass from some maintance and warrantee
situations. we are all still
.... old message.. the fucking intenet here goes down like all
the time. hey maybe it is up again,
work here has gotten really boring as of late, I use to be able
to walk around the site and check out all teh action, as the
controls guy that is my job- to know exactly what is going on
everywhere and make sure I can report up to upper guys what the
status is plus the game plan and time requirements for the future
plus any snaggs in the way, I never had a car here and the job
site is like a mile away but it was no big deal since I would
just walk or hitch a ride, but NOW it is like impossible, since
everyone is required to have their flack vest aand helmut walking
out there is made quite difficult, everyone just keeps theres in
the car, so ya I guess I could hitch a ride but i would be tied
to that guy for the whole time which restricts his activities, of
course 3 of the guys now have NOTHING to do since their sub
contractors walke out of here today. but still boss hasn't
asigned a car to me.
plus our mess hall is closed and now we have to use the miltiary
DFAC for food, of course that means I have to hitch a ride with
someone,god damn this place is filled with flys, anyway using the
DFAC is ok but due to the shear number of troops on this base it
is just so damn crowded you wouldn't believe it- this base is
lieterally bursting at the seems
opps there goes the net again,
i'll tell you getting p3 installed on my computer is a god send
(is that the right phrase- god send?) anyway hoefully I can use
that to parlay into a decent paying job, it really sucks never
have access to the cool software which allows people to do there
jobs, its like you really need to hook up with the right company
which will prpvide you the training ) and see that is the whole
key or I should say problem- even though as of 2 weeks ago I had
never touched p3, I would consider myself an expert- I understanf
all the theory behond scheduling- just not the actual commands
and where they are on the software product,
people use train to train people on business fucntions while at
the same time training them on software intricacies, that is BS
the 2 are totally seperate, I understand all the thoery just need
to know where to find ceertain functions, of course that is just
because most people are just stupid.. that is really weird, I
mean when i grew up it wasn't like I was that much smarter than
everyone else, but know from my experience working I can walk
cicles around these guys have you noticed that as well..
anyway this delay is really bugging me again more later mor bomds
are hitting later - kinney |
| 2004/4/6-7 [Computer, Computer/SW/Security] UID:13039 Activity:nil |
4/6 I just conducted a minor transaction with a cool guy who recently
started his own business. He's got a web page, but virtually no Google
presence. Can I buy adwords for his site if I don't run it? Are there
other means I can help him out in this area?
\_ what business?
\_ machine shop; he rethreaded a bolt hole on my intake manifold.
His main business is removing broken off pieces of bolts and
screws, which is specific enough that he gets nationwide business
(hence the google thing seems helpful). http://www.extractit.com
\_ that's awsome! too bad he doesn't list rates at all on the
site, though. it would be nice to have a ballpark idea of
what he charges before calling.
\_ I paid him $20 for the thread insert and cleaning up the
other hole; he also polished the mating surface. It's a
lot more to have him do it on the actual car, of course;
I removed this part.
\_ Do you have a well-known web presence? Consider
putting a mention on your web page or blog. Better
yet, if you're a well known blogger, get your friends
to link to your entry.
\_ A well known blog? Only among the small group of
other 'bloggers' in the 'bloggosphere'.
\_ That's blogosphere. And the blog echo chamber is
very good at pushing up google rankings. |
| 2004/4/5-6 [Computer/SW/Security, Computer/SW/Unix] UID:13025 Activity:moderate |
4/5 What's going on with http://scotch.csua.berkeley.edu? (our faithful port 23 SSH proxy...) As a test... <4> telnet http://scotch.csua.berkeley.edu Trying... Connected to http://scotch.csua.berkeley.edu. Escape character is '^]'. 128.32.112.230: connect: Connection refusedLocal flow control off Connection closed by foreign host. \_ send this shit to root not the motd. \_ Calm down. You act like this is the first time someone has posted a problem involving soda on \_ He probably just wanted faster abuse^H^H^H^H^Hservice. the motd. \_ im calm. yes, its not the first time. and like every other time he needs to send his shit to the right people. the motd. \_ He probably just wanted faster abuse^H^H^H^H^Hservice. |
| 2004/4/2 [Computer/SW/Security] UID:12984 Activity:nil |
4/2 "leading software companies' including Microsoft and Computer
Associates and industry organisations such as the BSA, has asked
the Department of Homeland Security to regulate what they call
'Cyber Security'" What will be the impact of this?
http://www.forbes.com/business/newswire/2004/04/01/rtr1320997.html
\_ I'm guessing they want to shut down the people announcing all the
donkey sized security holes in their products so they stop looking
so stupid. |
| 2004/3/31-4/1 [Computer/SW/Security] UID:12954 Activity:moderate |
3/31 I want a second line for fax but alas my studio apt. does not
seem to have the inside wall wiring. Is there a way to get virtual
fax or fax mailbox, where I can download incoming fax to my computer?
\_ ok I googled and found some service, but would appreciate comments
from users of these kind of service.
\_ support your fellow Cal alumni's company:
http://www.packetel.com
\_ funny I was trying to sign up with it without knowing its
cal connection, but alas it has run out of # in 650 area code.
Any other suggestion? Or they are willing to give an alumni
a reserve number?
\_ Bummer, I just ordered more #s, they will come in
couple of days...too many orders these days. Can you
wait a couple of days or just get a different area
code?
\_ Is it really just a couple (like 2) of days? Or can
I change to a 650 # later.
\_ http://www.efax.com
\_ they charge $.10 per outgoing fax. Anyone know of a service that
charges something like $25/mo that will let me send ~3000 fax/mo.
the local chamber of commerce asked me if i knew of any solution.
or... i can have them buy something like Symantec WinFax. any
recommendations? |
| 2004/3/30-4/1 [Computer/SW/Security, Computer/SW/OS/Windows] UID:12932 Activity:nil |
3/30 My spankin' new Windows 2003 Server doesn't come with the wonderful
"NT LM Security Support Provider" service, which is required by the
Message Queueing service, which I need. How do I install that
service? I don't see it anywhere under "Add or Remove Windows
Components". Thanks.
\_ Get yourself a real server OS.
\_ Call Microsoft. You paid for support.
\_ ditto above. don't expect community-style support when you
use Microsoft product. It's a cultural thing.
\_ USE LINUX! RIDE BIKE!
\_ I don't know how this originated but this is the stupidest
thing posted on the motd. Even if it was funny at one point,
the same joke told 50 million times gets old.
\_ ENJOY JOKE!
\_ It's there for a reason. It has a purpose.
\_ Whatever, Morpheus.
\_ dont listen to these twinks, microsoft website has newsgroups
found your answer in 10 seconds, but you must learn to google
\_ Here's a nickel kid, get yourself a real computer. |
| 2004/3/28-29 [Computer/SW/Security] UID:12892 Activity:nil |
3/27 What's the easiest way to temporarily disable SSH access on a per-user
basis without changing the user's shell?
\_ Add a DenyUsers line to sshd_config and restart sshd.
\_ Perfect. Thanks! --op |
| 2004/3/26 [Computer/SW/Security] UID:12881 Activity:nil |
3/26 Is there a transformation to convert encrypted shadow passwords to
MD5 hashes? I'm guessing the answer is no...
\_ you need to decrypt the passwords then hash them.
\_ I thought those shadowed passwords are one-way hashing, cant
be decrypted.
\_ first shadowed hashed, then encrypted it seems
first decrypt, but hashed passwords mean nothing
because hashing is one-way, you could only match
strings at the end of two hashed passwords to see
if they are equal.
\_ If you want to switch to MD5 passwords, you can "enable" MD5
passwords, and then tell users to change their passwords.
Both the new MD5 passwords and the old non-MD5 passwords
will both work during the transition. In Debian
add md5 to the line in /etc/pam.d/passwd. I don't know if
that's what you are trying to do. |
| 2004/3/26-27 [Computer/SW/Security] UID:12875 Activity:nil |
3/26 I'm required to have a local phone line by SBC for DSL. I was
looking at their web page to find the lowest monthly rate for
local service (didn't there used to be a metered rate that was
cheaper than flat?), but of course they're purely focused on
selling you every bell and whistle, and don't even list basic
services like that. Anyone know if this still exists?
Also, does anyone remember the code to selectively *open* the
caller id block? (onesuite.com has some cool services that would
be nice to use occasionally, but their identifying you by phone
# requires you to get through the caller id block...)
\_ *82 to unblock. BTW, does onesuite really have no monthly fee,
or other kind of hideous hidden charges? Is it a good deal
whether you make 1, 100, or 0 call in a month?
\_ Thanks! I've been testing for 3 weeks, with no problems/charges.
zipdial and rapiddial are really cool - I can call the local
access # from my cell or home phone, it automatically
authenticates, and then just 2 digits + # to call my
frequently called international numbers... Admittedly,
their rates aren't as cheap as some of the calling cards,
but the convenience is worth it to me. I've had good luck
with HK and Malaysia, at least. - OP
\_ I dumped flat rate local service for metered service last year.
SBC charges $5.60 (or $5.80) per month (before tax). I get
$3.00 of local calls without additional cost. Since most of my
calls are not local or on cell phone, this is great for me.
For comparison, flat rate is $11+/month.
\_ thanks! How does $3.00 actually translate to call minutes,
is it still reasonable for occasional? (with 1000 anytime
minutes I'll be using cell phone more, but the home phone
might still get used occasionally...). Toll-free numbers
and incoming calls still work as they should, right? (sorry,
paranoid when it comes to SBC :P )
\_ Minutes are charged differently depending on time of day and
week, etc. Figure 5 cents/minute to be on the safe side.
You can check your bill to adjust your habits.
Toll-free calls are free. Incoming calls are free. |
| 2004/3/25-28 [Computer/SW/Security, Computer/SW/Unix] UID:12868 Activity:moderate |
3/25 as of today i can't get my imaps mail off of csua port 993. anyone
else have this problem?
\_ I have this problem not, with openssl as the connector.
* OK [CAPABILITY IMAP4REV1 LOGIN-REFERRALS AUTH=PLAIN AUTH=LOGIN]
http://soda.CSUA.Berkeley.EDU IMAP4rev1 2002.332 at Thu, 25 Mar 2004
19:23:26 -0800 (PST)
1 LOGIN <snip>
1 OK [CAPABILITY IMAP4REV1 IDLE NAMESPACE MAILBOX-REFERRALS BINARY
SCAN SORT THREAD=REFERENCES THREAD=ORDEREDSUBJECT MULTIAPPEND]
User <snip> authenticated
...
6 LOGOUT
* BYE http://soda.csua.berkeley.edu IMAP4rev1 server terminating connection
\_ use the source, luke!
\_ I'm also having troubles connecting from Mail in MacOS X after
Thursday morning. What changed? --jeffwong
\_ I am using Mail.app as well. Didn't state it originally
for fear of Mac vs. PC vs. Linux flames. -op |
| 2004/3/17-30 [Computer/SW/Security, Computer/SW/Unix] UID:12722 Activity:nil |
3/17 What are some URL condensing sites?
there's tinyurl, http://csua.org, what else?
\_ http://hugeurl.com
\_ My favorite: http://makeashorterlink.com
\_ I like http://snurl.com. It does some cool stuff with the clipboard
so you just have to copy, visit the site, and paste the url.
No need to fill out a web form or anything. |
| 2004/3/16-17 [Computer/SW/Security, Computer/SW/Unix] UID:12711 Activity:nil |
3/16 somebody tell rms that http://www.gnu.org is down. \_ you can login as rms/rms to fix it yourself. \_ Permission denied. \_ holy shit! you killed http://gnu.org!!!! \_ You bastards! |
| 2004/3/11 [Computer/SW/Languages/Misc, Computer/SW/Security] UID:29863 Activity:nil |
3/11 Truck carrying $1e6 in computers stolen:
http://www.indystar.com/articles/6/128121-2046-127.html |
| 2004/3/9-10 [Computer/SW/OS/Linux, Computer/SW/Languages/Perl, Computer/SW/Security] UID:12588 Activity:nil |
3/8 Where can I find the definitions of the 3 timestamps associated
with a file on a linux system: "Access Modify Change"
\_ On most OS's that informaion is in the ls man page. Or do you
need something more detailed?
\_ Yes, I need to know the exact technical definition
of "Changed" in this context. I'm trying to track down
when/how my /usr/bin/perl file got changed from the debian
"stable" version to the "testing" 5.8.2 version. Thanks.
\_ is man 2 stat sufficient?
\_ Yes siree. Perfect. Thank You! |
| 2004/3/6-7 [Computer/SW/Security, Computer/SW/SpamAssassin] UID:12550 Activity:kinda low |
3/5 This is fantastic. Free instant access no verification email account.
See the page for details.
http://www.mailinator.com/mailinator/Welcome.do
\_ The first time a spammer runs a dictionary attack against them,
they are toast.
\_ Mmmm... pointless comment.
\_ not my problem. it works right now. why would a spammer bother?
everyone is a potential DOS victim on the net.
\_ gee, why would a spammer bother to set up a bunch of free
access no verification email accounts? I can't imagine... |
| 2004/3/4-5 [Computer/SW/Security] UID:12529 Activity:nil |
3/4 Anyone get fed up with an unrewarding high tech career and try
changing to something completely different? How'd it go?
\_ Friend quit a security job at Warburg in London to teach diving
in Bali. His flight was to leave the morning that the bombs
went off. I'm not doing anything totally different (I enjoy what
I do too much) but got so sick of companies and politics that
I went consulting. I have a good network, I like the people I
work with, and aside from the occasional attack of nerves over
finances, it's great. I think if you're intelligent, single and
don't have many debts, the sky's pretty much the limit in whatever
you do. -John
\_ I'm a pilot flying turbo props in the midwest. i make peanuts
now but will make more in 10 years.
\_ What kind of tech career do you have that would prompt such
a response? I mean, seriously, unless you are in a totally
crappy work environment tech jobs are much much better than
menial work. It certainly is better and more interesting than
most marketing/sales jobs, and it certainly is much much better
than menial jobs such as running a restaurant. I guess maybe
you've never had it really tough or you don't actually have
a passion for technology. -williamc
\_ just the idea of getting away from people who are so fucking
assanine that they think all non-tech jobs are "menial"
is a great reason to consider getting out of tech.
fortunetely as a non-software tech guy i don't have to work
with fucktards like you on a daily basis.
\_ Yur inglis skils ar probly te reson yu stil not geting
menial job yu want so mush.
\_ i'm doing great in the sanitation department.
\_ ^sanitation^homeland security
\_ I'm doing great in the homeland sanitation department
- hate arabs
\_ parents dropped out and started two candy companies, friend
dropped out and started a cafe. Both are more work and more
freedom. -brain
\_ freedom is relative. there's a local guy running a burger joint
who did the same thing. he works harder than i ever did and
makes less. what freedom? he doesn't even have his own
weekends.
\_ I'm quitting my high-tech job to become a Professional Poker Player |
| 2004/3/4-5 [Computer/SW/Security] UID:12524 Activity:nil |
4/3 How ofter does soda change the root password? I'm asking because
soda is like a big cheese, it's got a lot of holes and god know
who (esp. the old guys) still has access to it.
\_ what do you mean by the old guys?
\_ he means the ancient sobs that were either given or stole the
root password over the years. that's about 90% of the user
base from pre-2001.
\_ That's what I love about the motd--differentiated,
informed opinions. -John the Old Sob |
| 2004/3/3 [Computer/SW/Security] UID:29848 Activity:nil 66%like:12490 |
3/2 Is it normal for a public library to restrict outgoing laptop access
to port 80 and 443 only? All others "filtered". |
| 2004/3/3-4 [Computer/SW/Security] UID:12499 Activity:nil |
3/3 If a public library blocks outgoing internet traffic on all ports
except 80 and 443, originating from patron's laptops located on
the library's network, are they violating the free speech rights?
Seems wrong that I can download tons of porn w/o restrinction, but
I can not SSH to soda. Do you know of any cases about this? Seems
just as constitutionallly problematic as web content filtering.
\_ It's not unconstitutional for them to use a filter, it's
unconstitutional for Congress to require them to use one. It's
unconstitutional to filter traffic on an internet connection you
own, but as the library is giving you a service, they can place
whatever limits they want on it.
\_ As a taxpayer, don't I have more of a right to open internet
service through a public library than through a commercial
ISP that I clearly do not own.
\_ Your rights to an internet connection through an ISP are
regulated by your contract and AUP. The government can't
censor that speach. You have no 'right' to use a library
internet connection. You have a right to non-discriminantory
access to taxpayer resources, but the extent of resources
provided to taxpayers is not gauranteed to be unlimited.
There have been no laws passed saying all taxpayers in your
jurisdiction have rights to internet access. In the case of
such a system, like what's being built in Utah, users would
have constitutional protection of how they use the connection.
\_ csua runs a port 80 redirector to soda:22 for people stuck behind
such idiotic "security" setups. So quit yer whining and just
ssh to scotch.csua port 80
\_ Thanks for your attitude and your help.
\_ He gave you what you needed to know without bashing your
whiney ass too much. Free speech? To port 22? Sheesh.
\_ "porn" = "free speech" seems no more absurd.
\_ I don't think op was being sarcastic. He needed the
attitude he got, and he was grateful for it. [formatd]
\_ advice with attitude. I like it.
\_ first, how is the library violating /your/ free speech rights by
restricting the material you can retrieve? free speech, not free
access. second, would you also argue that the library not carrying
a book you're looking for is also a violation of your rights?
\_ "not carrying a book" = "not having net access". If they have
a book and refuse to let me see it, that seems like a better
analogy. I see no valid reason to block port 22. justify it.
\_ It's not a free speech issue. If you want a justification,
you should be asking the library, not the motd.
\_ Yeah, good point. I've already done that, and while
I'm waiting to hear back from them, I thought I'd
get some additional info from the smart folks on soda.
Thanks for your opinions and ideas. -complete idiot
\_ Are you really this stupid? -tom
\_ justify it
\_ I don't have to justify it, and neither does the
library. You don't have a right to port 22 access;
you're being completely obtuse.
And anyway, it's easy to justify--keeping kids from
getting the library into trouble. -tom
\_ maybe they should just unplug their net.
\_ maybe you're a complete idiot. -tom
\_ yeah, maybe. |
| 2004/3/2-3 [Computer/SW/Security] UID:12490 Activity:nil 66%like:29848 |
3/2 When a public library offers laptop connections, is it normal
to restrict outgoing access to port 80 and 443 only? |
| 2004/3/1-2 [Computer/SW/Security] UID:12473 Activity:low |
3/1 Another WiFi question: If there was an ESS network, and there were
areas that got signal from only a few APs, couldn't you mount a DoS
attack on a client by forging their MAC and sending lots of forged
reassociation messages to an AP they can't get signal from?
\_ Of course.
\_ So doesn't this throw cold water on any large ESS network without
strong authentication? You can break the access of anyone you've
been in range of.
\_ Even if there is strong authentication, you can break the
access of anyone. It's called "jamming," and it's true of
every form of wireless communication. -tom
\_ But jamming breaks the access of everyone over a specific
area. Spoofed reassociation breaks access for specific
victims across the entire ESS network.
\_ so what? Don't you have better things to do than
worry about DOS on wireless networks? It's trivially
easy to do, but it's not a significant problem in
the real world. Why would anyone bother? -tom
\_ Do you work for MS's security division?
\_ I was just thinking about sfwireless and some big
community networks and bad people. I know wireless
has security problems, and was just exploring a
single potential problem
\_ you can stop thinking now, you don't seem to be
very good at it. -tom
\_ This also works on wired networks, modulo arp spoofing. What's
your point? -dans
\_ He's trying to learn. Why are you and tom being such assholes
to him? And then everyone wonders why so few people want to
attend csua social functions, hang out on wall, or post anon to
the motd. Actually I know why tom is being an asshole. What
exactly is your beef with the guy?
\_ He's not trying to learn. He's trying to show us how
clever he is. -tom
\_ considering no one "knows" who he is, there's not much
point in strutting his stuff. i think he really is just
somewhat amazed at how fallible some things in the real
world are, and i think you're just being an asshole.
\_ Huh? How was he being an asshole? tom's "not good at thinking"
was the only thing, which is pretty tame for the motd. |
| 2004/2/29-3/1 [Computer/SW/Security] UID:12457 Activity:nil |
2/29 Anyone here have access to an openbsd machine? I'd like to know if
their implementation of s/key is broken for SHA-1 and RIPEMD-160
(at least, it's broken in Yuri Yudin's port of openbsd s/key).
From RFC 2289, running 'skey -sha1 99 correct' and using
"OTP's are good" as the passphrase should give
"AURA ALOE HURL WING BERG WAIT". If someone can try that, I'd
appreciate it. Also, if that does work, can you tell me what the
result of 'skey -rmd160 99 correct' with the same passphrase as
above is? Thanks.
\_ s/key on my OpenBSD 3.3 system produces the following output:
sha1: AURA ALOE HURL WING BERG WAIT
rmd160: ONCE FRAY EROS JADE GINA ONE
--ranga |
| 2004/2/24-26 [Computer/SW/Security] UID:12390 Activity:nil |
2/24 OpenSSH 3.8 released:
http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=107764058601617&w=2
http://www.openssh.com/openbsd.html
ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.8p1.tar.gz |
| 2004/2/24-25 [Computer/SW/WWW/Browsers, Computer/SW/Security] UID:12387 Activity:nil |
2/23 Is there a web based free email compatible with lynx?
\_ kinda curious why you'd want this... if you have access
to a command line, can't you use a command-line mail
program or log into a box that has one?
\_ it's useful to have throw-away mailboxes.
\_ http://spamgourmet.com
\_ throw away mailboxes don't have to be web-based...
that said, I use an extra netzero account for throw
away mail... it has POP3 mail. Perhaps there's a
reason they want web-based?
\_ why not use sneakemail for throw-away mailboxes?
\_ It's nice to have an email acct. that is 1) fully functional
with SSL login, 2) completely disposable and anonymous,
3) can be accessed anywhere, whether from a comand line host or
public library shared web machines.
\_ sure, that's nice. it's also not profitable, which is why
you don't see that kind of thing. free email services
need to serve ads, which are predominantly graphical.
\_ find a non-free service that satisfies 1 and 3, and then you
use sneakemail to satisify 2. |
| 2004/2/23-24 [Computer/SW/OS/Windows, Computer/SW/Security] UID:12364 Activity:nil |
2/23 Sorry I missed the answer to this last week. Reposting...
What's up with these new "high-speed" or "optimized" or
"pick your own buzzword" dial-ups? Are they actually faster?
Do they cache, compress, etc??
\_ They compress uncompressed data (txt, html, etc.) and some may
recompress jpegs to lower quality on the fly. Depending on your
type of usage, them may be signifigantly faster, or useless. YMMV.
\_ http://www.earthlink.net/accelerator/faq
It is sad that the EarthLink web site seems to be slow. |
| 2004/2/18 [Computer/Networking, Computer/SW/Security] UID:12299 Activity:nil |
2/18 Wireless Bank "Hack": http://www.math.org.il/post-office.html \_ Does Haifa have the largest nerd density in Israel? |
| 2004/2/17-18 [Computer/SW/WWW/Browsers, Computer/SW/Security] UID:29813 Activity:nil |
2/17 Anyone using http://communitycolo.net? Is it absolutely free? (bandwidth, power, storage) If you donate, how much do you donate? |
| 2004/2/11 [Computer/SW/Security, Politics/Foreign/Europe, Politics/Foreign/MiddleEast/Israel] UID:29796 Activity:very high |
2/10 I'm beginning to think mandatory military service should be instituted
in the USA, say for 2 years after high school. It would help all these
kids to grow up, learn to be away from home and stop being pansies.
They'd be older and more mature going into college, and maybe have a
better sense of direction and perspective in life. It would force rich
kids to serve alongside poor kids and make people care more about US
policy and think about what it means to live here.
\_ Back in MY day, sonny, we walked six miles uphill through the snow
to do our military service! [again, restored]
\_ Uphill both ways?
\_ This isn't Israel or Singapore where land is scarce and border
security requires every able body to participate in the armed
forces. Having such a large non-volunteer force would have no
practical value to the security of this country
\_ Ok 2 years is too much, I was just reading how Euro countries do
it. 9 mo. would still be good, plus there is the possibility of
alternate service in something like Peace Corps. There is all
kinds of stuff they could do. There are lots of non-combat roles
in all the military branches too.
\- would you make females and homosexuals serve? --psb |
| 2004/2/9 [Computer/SW/Security] UID:12173 Activity:nil |
2/9 A colleague is starting an IDS user group in silicon valley. If any
security types are interested, have a look at
http://idug.cryptojail.net/mailman/listinfo/idug -John
\_ Okay, went there, it's a mailing list setup. Now what? Does
your colleague want us to sign up for the mailing list? |
| 2004/2/9 [Computer/SW/Mail, Computer/SW/Security, Computer/SW/Unix] UID:12170 Activity:nil |
2/8 prompt: mutt
/usr/libexec/ld-elf.so.1: Shared object "libintl.so.4" not found
\_ YAY, pine is fuxored too. I think admin SNAFUS like this and the
spreading soda relay ban (which apparently root doesn't want to do
anything about) means that I'll be bringing to an end my use of
soda for email. Ah well, its been a nice one guys.
\_ Spreading soda relay ban? Yahoo has a fucked up test and has
blocked much of the world, and their abuse department is nearly
always unhelpful. As for spreading, the complaint below ended
up being a typo. So unless you have evidence of this, I would
say you're full of shit. If you aren't, mail root with the
evidence. Don't fucking complain on the motd. --scotsman
(P.S. The problem described above is probably something like
a broken LD_LIBRARY_PATH env variable. If there was another
problem it must have since been fixed. Both work for me.)
\_ Well, it worked for me yesterday, and it worked for me now.
But it didn't when I posted the above. I guess either my
env variables are in a quantum state or someone with root
has been tinkering. Thanks for making it work again. -- op
\_ Is there a free alumni email account at cal?
\ <DEAD>cal.berkeley.edu<DEAD>: free forwarding for life
\_ they do ok for the salary they get. |
| 2004/2/8-9 [Computer/SW/Security] UID:12163 Activity:nil |
2/8 On FreeBSD, what's the best way to let a service use a user's system
authentication (postfix SMTP AUTH via TLS and apache) so that he
can use his unix username/password to authenticate? -John
\_ man postfix
\_ pam?
\_ for apache, i found mod_auth_external the easiest to use, but this
was 3 or 4 years ago --dbushong
\_ Can SASL do this? Postfix supports sasl auth nicely, but I can't
seem to get it to use FreeBSD passwords. -John
\_ I don't think so. Most SASL schemes rely on having the
password cleartext on both ends so it can be encrypted with
a datestamp or something like that. It can't get the
cleartext pass out of the password file... If you're doing
SMTP w/ TLS you might be able to get it to work w/ one of
the cleartext AUTH methods (LOGIN or PLAIN, IIRC) --dbushong |
| 2004/2/5 [Computer/SW/Security, Computer/Networking, Computer/SW/WWW/Browsers] UID:12105 Activity:nil |
2/4 Since ipfw rules does not care which program is making the outbound
access, how do I block, say all outgoing traffic except that generated
by ssh and mozilla?
\_ That's not really what ipfw does. Block all outbound traffic
destined for ports other than 80, 443 and 22.
\_ Okay, is there a way to block based on program name in FreeBSD?
(I heard ZoneAlarm Pro does that, but it only runs on windows?)
\- there are some sort of hairy ways to do with with
fbsd involving complicated jail setups. with linux i suppose
you can try grsecurity. solaris-next is supposed to have much
finer-grain control but i'm not the best person here to talk
about that. what about traffic genreated by say your resolver
routines? --psb
\_ ob"we don't need no stinkin resolver routines!" |
| 2004/2/4-5 [Computer/SW/Security] UID:12093 Activity:nil |
2/3 what's the best free telnet program that supports ssh, etc?
I remember someone posted a name a while ago but can't remember
the program's name. it is a small program with no install! thx.
\_ Uhm, by definition, telnet != ssh. They have nothing to do
with each other. Why not just use ssh?
\_ PuTTY, use google
a lot of people also use Tera Term Pro with the TTSSH extension
\_ i used it but not anymore, IT guy saw everything in the
clear (including pwd) snooping packets even with TTSSH
extension
\_ have you ever stopped to consider that maybe you're just
stupid? sorry, stupid question.
\_ used port 22 twink w/ ttssh extension, still got it
\_ reconsider.
\_ just spell it out, if i got into soda using
tera term pro and ssh and port 22, how can
he see my password in the clear still?
\_ If you connected to port 22, and didn't do proper
key exchange, then teraterm wouldn't have even
prompted you for a password. Try it for fun
(and profit!). telnet localhost 22.
\_ But you know what? A supposed ssh client that
doesn't tell even somewhat clued users that
it is transmitting cleartext is not well-
designed. That sounds like reason enough to
use one of the alternatives.
\_ i am unclear as to how you concluded that
the user is somewhat clued.
\_ See that's just it. It doesn't. Did you
verify that it did yourself?
\_ I'm confused by this. How did the user get
an ssh connection in clear text??
\_ Stupid, Nasty admin, he plays tricksies on
Poor, Innocent user!
\_ Fat, Stupid, Nasty adminses!
\_ you forgot greasy and virginal.
\_ you'd think that such a big hole would have been reported
or fixed by now
\_ maybe IT guy has a keylogger installed on your system?
\_ putty also has versions of scp (pscp) and sftp (psftp). |
| 2004/2/2-3 [Computer/SW/Unix, Computer/SW/Security] UID:12071 Activity:low |
2/2 Happy Square Root Day!
\_ huh?
\_ 2/2/4?
\_ 1/1/01, 9/9/1981, 3/3/2009
Happy Addition Day! |
| 2004/2/2 [Computer/SW/Security] UID:12070 Activity:nil |
2/2 A Bellovin and Cheswick paper on encrypted searching. Comments
welcome. http://csua.org/u/5sw |
| 2004/2/2 [Computer/SW/Security] UID:12068 Activity:nil |
2/1 A draft paper I wrote on building better cryptographic authentication
protocols. Feedback appreciated (either constructive or amusing).
http://tinyurl.com/3buxo |
| 2004/1/28 [Computer/SW/Security, Computer/SW/Unix] UID:11981 Activity:nil |
1/28 What is the policy of yahoo in terms of account inactivity? How
long does your account have to be inactive before they delete it?
On their "Terms of Service" page, it says that the account could be
closed due to inactivity, but it doesn't specify how long.
\_ It's crazy long. I talked to a person a yahoo once about an
account i had setup with fake data (which i couldn't remember
and so couldn't get the password). It was my whole name though
(and an uncommon one) so i figured i could wait for it to
to expire and re-sign up, (it had already been a year) the guy
basically said i was doomed. My other yahoo account i have
left sitting for over 6 months and come back to it with no
problems.
\_ I created the account "ausman" on yahoo and forgot my password
and switched jobs, so password recovery no longer worked. The
account still exists. I created it back in 1995 or 1996 and
last used it in Jan 1997. -ausman
\_ I had something similar happen with eBay. They were cool about it
though. They put the old account in some special status and once
no one rescued it after 30 days it died and they let me change my
user name. -dgies |
| 2004/1/26-27 [Computer/SW/Security] UID:11943 Activity:low |
1/26 http://www.microsoft.com/education/default.asp?ID=SecurityPosters Free M$ security posters. Dunno if it was posted before due to to lame-ass URL shorteners found in the archives. \_what is the point? the poster is not even cool. |
| 2004/1/23 [Computer/SW/Security] UID:11906 Activity:nil |
1/23 http://tinyurl.com/2utfc JWZ vs Mailman, round ONE fight! \_ Do you get a kickback from Pants Factory? If not, try posting a direct link: http://www.jwz.org/doc/mailman.html \_ normally I would, but the rebuttals from mailman's OG writer are on http://pantsfactory.org |
| 2004/1/21 [Computer/SW/Security] UID:11860 Activity:nil |
1/20 Hungry Programmers raided by FBI:
http://csua.org/u/5mp
\_ wow, bummer. A related question is, suppose you use RSA or some
hard to crack stuff and encrypt your criminal activities. Would
they have the resource to crack it?
\_ you'd go to jail for contempt a la kevein mitnick until you
gave up the passphrase or died of AIDS. they don't have to
crack it, they just have to crack you. stop thinking like
some nerd. they don't play by your grade school nerdling rules.
\_ What if you say "I forgot." What if you do forget?
\_ You lose. |
| 2004/1/20 [Computer/SW/Security, Computer/SW/OS/FreeBSD, Computer/SW/OS/OsX] UID:11846 Activity:nil |
1/19 Slow to load, but worth it.
This guy is no crook, I used to work with him, he is just
a geeky programmer:
http://squeedlyspooch.com/blog/archives/000072.html
\_ He was being accused of ...?
\_ Raping his cats.
\_ Close enough: hacking Valve and stealing the source code
for Half-Life 2. So, wtf? did he do it?
\_ I suspect this particular guy probably didn't or he
wouldn't be spewing his story over the net, but I wouldn't
be surprised if one of his friends or net.friends did it.
\_ http://www.csua.org/u/5m7 |
| 2004/1/16-17 [Recreation/Pets, Computer/SW/Security] UID:11810 Activity:nil |
1/16 The Fish That Threatened National Security:
http://www.post-gazette.com/pg/03362/255283.stm
\_ Petty tyrants can arise in even the smallest domains (and no, I'm not
talking about the fish--I'm talking about airport security).
\_ story sounds fishy (hah!) People routinely take pets through
passenger screening at airports. Maybe the TSA folks were being
particularly annoying at LGA. -- Someone who works airport secy.
\_ the newspaper probably fact checked this
it doesn't appear they've printed a retraction for the last
three weeks, anyway
to me it just looks like overzealous and mistaken TSA there
\_ The TSA allows pets on the plane, and they will not x-ray them:
http://www.tsa.gov/public/interapp/editorial/editorial_1036.xml
\_ If you want to smuggle something through, having a cute cat
probably helps -- I had my cat, who was drugged beyond belief
and when they made me take him out all the TSA people stood
around and ooohed and aahed and petted him. -chialea
\_ The TSA recently destroyed a very expensive flight case of a
friend of mine who travels for business. Apparently the goons
at the TSA didn't understand the latching mechanism and so
used a crowbar on the joints instead. He has a claim in but
it may take a VERY long time to get any money out of them, knowing
the feds.
\_ Did your idiotic friend understand the big sign that says to not
lock stuff or they'll have to break them open? Did he take the
very simple precaution of unlatching it for them or opening his
stupid mouth to explain at some point or whine like a stupid
bitch afterwards and file his paperwork? Are *you* the friend
with no clue? Frankly, I'm glad they busted open his case. I
would've done the same thing just to teach him a lesson.
\_ I am not the one who posted the above, but somettimes a case
has to latched just to keep the content from spilling out,
esp. if you put too much stuff in. The above post does not
say the latch was locked. This would be like someone breaking
a closed door without trying to turn the knob. |
| 2004/1/16 [Computer/SW/Security] UID:11807 Activity:high |
1/16 How do you allow remote root logins on FreeBSD? I can ssh in as a
user but not as root.
\_ Same as any system, edit your sshd_config.
\_ How do I restart sshd on FreeBSD4?
\_ reboot!
\_ kill -HUP sshd
\_ There isn't a script?
\_ Not in FreeBSD 4.x. In 5.x the netbsd rc.d
system has scripts. BTW, why do you need/want
a script for something so simple?
\_ I was just wondering if there was a script.
For example /etc/mail/Makefile does this.
\_ Sheesh, no, go write one. ps | grep ; kill -hup
\_ why don't you do it the traditional way and ssh, then su?
\- thats not always reasonable. ssh is used for more than
isn't that hard.
\_ why don't you do it the traditional way and ssh, then su?
interactive logins ... e.g. scp etc. --psb
\_ /etc/ssh/sshd_config |
| 2004/1/9-10 [Computer/SW/Security] UID:11728 Activity:nil |
1/8 Hey, if anyone owns wizardry 8 and wants to do me a favor, can
you post your login or email me? -- ilyas
\_ That reminds me: I registered DOOM 1 for DOS and my floppies went
bad a few years ago. Anyone have DOOM 1? --dgies
\_ In my case, one of my cds got really scratched when I moved,
and I need one of the files from it. -- ilyas
\_ http://www.dosgamesarchive.com/download/game/7
\_ Thanks, but I know where to get the shareware version. I paid
for the full version back in the day and was wondering if I
could still get it somehow... |
| 11/23 |