| WIKI | FAQ | Tech FAQ | |
 http://csua.com/feed/ | |
| ||||||
| 5/16 |
| 2006/4/11-24 [Academia/Berkeley/CSUA, Computer/SW/Security] UID:42732 Activity:nil |
4/12 Soda - very unstable. Is POP3/S disabled?
\_ Alright, who keeps rebooting soda?
\- soda is currently rebooting itself for an unknown reason.
someone on root is working on it, or if not, will be very soon.
-lin
\_ V FOR VENDETTA!
\_ From the csua home page:
Soda was recently compromised and the root staff have rebuilt it
from scratch. Soda was down all weekend for repairs. Due to the
scope of the attack, all user accounts have been disabled. Please
note, that if you logged into another machine from Soda in the
last two weeks, that account is compromised or if you used
keyboard authentication to access soda, your password has been
logged. The root staff has not yet restored POP and IMAP, but
plan to do so in the near future. In addition, certain parts of
~user public_html pages are presently disabled.
. |
| 2006/4/11-18 [Computer/SW/Security] UID:42729 Activity:nil |
4/11 so any suggestions how I can try and verify that other machines
to which I have access have not been compromised? in which case
hopefully it shoudl be enough to change my passwords. I dont
think I logged in anywhere from soda but woudl like to be sure.
\_ If you have logged in with keyboard interactive to soda, or ssh'ed
with keyboard interactive from soda your passwords are likely
compromised. Sorry for the instability.
\_ The machine I logged into soda from's password is
compromised? How does that work? |
| 2006/4/11-17 [Computer/SW/Security] UID:42724 Activity:low |
4/11 So is there a trail of evidence as to where this compromise came from?
\_ A theory is that someone caused the crash by trojanning
ssh/sshd and then instaling a rootkit when he temporarily had root.
\_ ZOMG remember remember, the 5th of november!
\_ Well, yeah that letter was involved.
\_ Let's go through some suspects. Who are some of the past
disgruntled root members?
\_ Historically the most digruntled root members are those who
still HAVE root (not by choice). --dbushong
\_ Yeah, but, erm, doesn't that kind of beg the question?
\_ A certain person installed and put the old vulnerable sendmail
back even on this current incarnation of soda. Seems like
maybe you should question him/his motiVes.
ssh/sshd and then instaling a rootkit when he temporarily
had root. |
| 2006/4/6-7 [Computer/SW/Security, Reference/Law/Court] UID:42708 Activity:kinda low |
4/6 http://csua.org/u/fg6 (orlandosentinel.com) Lawyer for DHS ICE Operation Predator chief (who pleaded no contest to exposing sexual organs and disorderly conduct), says he could have won the case: "The victim's account is not credible, Phillips said, saying that if the teen could see 2 centimeters of flesh from 20 feet away when others sitting much closer to Figueroa didn't notice anything, 'she has the visual acuity of most birds of prey.'" \_ 2 centimeters? Now I feel sorry for the guy ... \_ It's not too hard to see 2cm at 20 feet distance. \_ He thinks the average juror Joe would know how long a centimeter is? \_ because clearly, 20 feet from someone is a safe distance to be masturbating. |
| 2006/4/6-7 [Computer/SW/Security, Computer/SW/Unix] UID:42706 Activity:low |
4/6 /var/mail is full. I'd mail root, but...
\_ soda: [~] % du -h /var/mail/kislyuk
16G /var/mail/kislyuk
\_ Last login Sun Dec 4 18:44 (PST) on ttyB5 from ....
New mail received Thu Apr 6 09:12 2006 (PDT)
Unread since Sat Dec 3 12:47 2005 (PST)
\_ Isn't there a 25M quota on /var/mail? How did it get to 16G? |
| 2006/4/6-7 [Computer/SW/Security, Computer/SW/Unix] UID:42704 Activity:nil |
4/5 Problem: sshd acting weird. Platform: Linux 2.6.x. Symptoms: Ssh
\_ I thought Soda ran FreeBSD
connection got stuck all of a sudden. Cannot ssh into the machine.
Ping ok, and apache2 apparently working. Console log-in takes +5 min &
nothing weird in /var/log/*.log. Restarted sshd a few times, no luck.
Restarted the machine, everything's normal. Two hours later, sshd
is weird again. Same symptoms. What are some possible culprits?
\_ NIS or NFS?
\_ Hmm... any chance you have a bad disk? sshd's virtual memory is
writing to bad blocks, which causes it to run very slow? Or the
blocks where your auth.log or something else that gets written to
on login? -dans
\_ NFS mounted home dir on remote file server. DNS lookup failure
on that NFS mount, or DNS reverse lookup failure on remote host
but the console login delay implies NFS failure. Or it could be
something entirely different. :-) But I'd check those two first. |
| 5/16 |
| 2006/4/6 [Computer/SW/Security] UID:42696 Activity:high |
4/5 Problem: sshd acting weird. Platform: Linux 2.6.x. Symptoms: Ssh
connection got stuck all of a sudden. Cannot ssh into the machine.
Ping ok, and apache2 apparently working. Console log-in takes +5 min &
nothing weird in /var/log/*.log. Restarted sshd a few times, no luck.
Restarted the machine, everything's normal. Two hours later, sshd
is weird again. Same symptoms. What are some possible culprits?
\_ NIS or NFS?
\_ Hmm... any chance you have a bad disk? sshd's virtual memory is
writing to bad blocks, which causes it to run very slow? Or the
blocks where your auth.log or something else that gets written to
on login? -dans |
| 2006/4/5-7 [Computer/SW/Security] UID:42685 Activity:nil |
4/5 A few days ago someone asked for technical details for BART's fuckup.
Here it is: http://www.bart.gov/news/press/news20060405.asp
\_ well, they seem well-intentioned. I don't think anyone's
about to boycott Bart because of the downtime anyway.
\_ In one of those links posted I found it interesting to read that
one of BART's design goals is that a technical incident that
causes the shutdown of all trains for more than 5 seconds is
supposed to occur with a mean frequency of no more than once in
20,000 service hours. I think if you count the recent screwups
as a single incident, they probably meet that goal. Individual
trains obviously fail more often though. |
| 2006/4/4 [Computer/SW/Security, Computer/SW/Apps/Media, Industry/Startup] UID:42653 Activity:nil |
4/4 http://news.yahoo.com/s/ap/20060404/ap_on_bi_ge/computer_sciences Computer Sciences Cutting 5,000 Jobs. Don't worry it's not CS CS, but CS Corp. What a dumb ass company name, it's like Merck naming itself "Pharmaceuticle Company" \_ How do you feel about Microchip, LSI, or VLSI? \_ Or Analog Devices. But yea, CSC is bad. My company uses them and they are incompetent. \_ Usually they are called 'CSC'. As other have noted, how is that much different from, say, SAIC? |
| 2006/4/3-4 [Computer/SW/Security] UID:42641 Activity:nil |
4/3 Can someone explain why some people where getting "Connection Closed" when
trying to SSH to soda? -clueless
\_ something is wrong w/ password authentication. try ssh -v to get
more info.
\_ yea i did that. ssh -vvv What could be wrong with password
authentication?
\_ on putty/win32. I checked "x-forwarding." and it worked for
some reason |
| 2006/4/3-4 [Computer/SW/Security] UID:42632 Activity:nil 75%like:42634 |
4/3 Any idea why soda's SSH has been flaky the past few days?
\_ It has something to do with LDAP being a terrorist and sshd dying
randomly.
\_ I always knew El-Dap was fishy. |
| 2006/4/3-7 [Computer/SW/Security] UID:42630 Activity:nil |
4/3 SSH is being flaky. We are working on the issue. Please be patient.
In the meantime, we suggest using screen. Soda's ssh key has been
changed, sorry about that (ssh was restarted, as well).
We will post more as we work on the problem.
Thanks, students-not-in-class - edilaic |
| 2006/4/2-3 [Computer/SW/Security] UID:42607 Activity:nil |
4/2 Anyone been getting a "Connection closed by 128.32.112.233" when
attempting to ssh into soda? I'm getting this when using OS X's
OpenSSH but not when using Java SSH. [motd format god was here]
\_ I've been getting this too from OS X and from a Linux machine.
Clever idea to use the Java SSH client though -- i hadn't thought
of that.
\_ Works fine with putty. Something wonky happened recently.
Local ssh also fails. The sshd must have been broken.
\_ I am using putty and I am not able to get in.
\_ Further investigation: I added my key to authorized_hosts2
and can login from my OS X box now. It seems that the
keyboard-interactive method is broken. -pp
\- Starting last thursday around 5-6pm or so, we saw
some RSTs resetting ssh connections of certain network
segments I cant go into details about. We haven't figured
out where they came from and a fair number of people
are quite converned about this. I'd may attention to
chaning hostkeys and generally go to DEFCON4 for a while.
This was not in the http://berkeley.edu domain. If you see
this is other domains, can you list them here. Tnx. |
| 2006/3/31-4/3 [Computer/SW/Apps/Media, Computer/SW/Security] UID:42568 Activity:high |
3/31 Anyone want to engage in wild speculation on 30th anniversary Apple
announcements?
\ OMFG TEH 1337 LIMITED EDITION 30th ANNIVERSARY IPOD! -John
\_ More very expensive consumer electronics toys that lock you in.
\_ The iPod locks you in how? Well, ITMS does but frankly, ITMS
is lame. (Not the implementation, the whole DRM + too damn
much a song)
\_ I have plans to write an application that adds some of your
fair use rights back in to iTunes, but does not circumvent
the terms of the DMCA. -dans
\_ That's cute dan.
\_ I'm not sure how to interpret this. -dans
\_ Ignoring the fact that you will likely be in violation
of the itms terms of use, how exactly do you propose to
go about doing this in light of the 2d cir's ruling in
Corely (273 F.3d 429 (2d Cir 2001)) that "fair use"
doesn't mean that you have a right to use in your pre-
fered format?
And if you do decide to take up the challenge, you may
wish to speak to Robin Gross who handled the Corley
matter.
\_ I don't know how you can make such wild claims.
\_ Reckless posting like this will destabilize the motd for
generations!
\_ I bet BUD DAY never posts recklessly!
\_ Probably just an accident, but I find it odd that this thread from
the middle of 3/31 was nuked while threads with fewer comments or
responses from 3/30 and 3/29 were not. In response to the person
who mentioned terms of use as well as the Corley case: Actually,
the app I plan to release is something that facilitates legal
sharing, not format shifting. Also, isn't there more recent case
law that does support format and time-shifting as fair use?
Basically, it allows you to authorize a friend's computer for your
iTunes purchases for a limited amount of time, and then
automatically deauthorize. This in no way allows you to circumvent
having more than the max (5?) machines authorized at any one time.
I still need to look at the iTunes EULA to see if *using* this app
violates the terms of service. Even if it does, it's a contract
violation, not an illegal act. Regardless, it's definitely legal
for me to write and distribute it since it is intended to
facilitate legitimate, non-infringinging fair use of copyrighted
works. Also, I'm not 100% certain that my app is feasible, I still
need to look into some technical odds and ends to verify this.
Fortunately, we have many very good electronic rights lawyers in
and around this area, Robin Gross among them, as well as Berkeley's
own Pamela Samuelson, Lawrence Lessig, and Fred von Lohmann to name
a few. -dans
\_ AFAIK, most of there haven't been any recent cases of any
significance wrt time/space shifting.
You are probably thinking of the 9th Cir. ruling in RIAA v.
Diamond, 180 F. 3d 1072 (9th Cir 1999). Diamond dealt w/
what constitutes a digital audio recorder; not w/ DMCA
violations. The DMCA wasn't at issue b/c (1) it hadn't been
passed when the case was brought, (2) may not have taken
effect until 2000 (Sec 1201(a)(1) 2d sentence) and (3) CDs
don't have DRM/TPM so they are not covered under the DMCA.
Corley was 2 yrs later (2001) and dealt w/ the DMCA directly.
My understanding is that the Corley view that fair use doesn't
mean you have the right to make a digital reproduction pretty
much dominates.
It is of some note that the USSC avoided the whole time/shape
shifting Sony argument in Grokster. I'd personally be VERY
hesitant to get involved in any US effort in this area (but
then again I don't want to have to cool my heels in the
clink).
Re production of the app, I'm not sure that your interpretation
of Sec. 1201 is correct. You might be making a "device" whose
primary purpose is to circumvent Apple's access control mechan-
ism under Sec 1201(a)(2) (if one were to adopt the view of the
unholy hordes of darkness). You might also be making a device
whoe primary prupose is to circument a copy control mechanism
under Sec 1201(b)(2)(A) (perhaps the RIAA could use some 100W
bulbs in their offices so that they would not be forced to take
so dim a view of the law).
BTW, I took a class from Robin last summer and could probably
put you in touch w/ her if needed "more/better" info re the
DMCA, &c.
\_ Oh, cool. Thanks. I'm fairly confident that writing and
releasing the app is not going to get me sued. Of course,
before it comes to that, I'll almost certainly get a cease
and desist letter. I'll cross that bridge when I come to it.
I'm good friends with a former EFF staff technologist, and
reasonably acquainted with (one of?) the current one(s) so I
should have some inroads. As I understand it the law is
ultimately about arguments. So if this actually came to a
challenge, it would be up to a judge to determine whether or
not this consitutes a device who's primary purpose is
circumventing an access control or if this is a device who's
primary purpose was to facilitate contributory copyright
infringement. Is that a reasonable assessment? Thank you
anonymous motd legal advisor, I appreciate the insights.
-dans
\_ I love it when someone is more pedantic and long winded
on the motd. it makes me so hot.
\_ wtf? I asked a question. I'm not a lawyer or a law
student. Whoever posted the post I was responding to
clearly knows his/her shit. If my understanding of
theory or process is flawed, I'd like to know it. -dans
\_ Wow, so you post an honest question addressing
something your ignorant about, someone gives a
something you're ignorant about, someone gives a
snarky reply...and you get all pissy about it? I
remember you having a similar conversation not so
long ago, only with positions reversed....
long ago, only with positions reversed and you
getting very righteous about being snarky....
\_ My MOTD with Dans:
1. Sweeping comment Made by Dans.
2. Disagreement expressed.
3. Dans goes nuts and says "where are the facts"
(not that he has really presented any)
May remind you that he is Jewish.
4. You or somebody else tries to give a short
reply ... Dans broadens/changes the topic ...
and spends a lot of time ignorantly but
occasionally entertainingly (isn't that what
make it all worth it?) foaming.
5. You or somebody else takes the time to
post a long informed reply in an area of
expertise or experience.
6. Dans now says "I'm glad we had a civilized
discussion," not realizing he has been taken
to skool.
\_ sic --dans #1 Fan
\- that is olde english, used by
people too cool for school
\_ Please support your statement with facts!!
--dans #1 Fan
\_ Yup. Get over it. Hey look, I got my answer
below, which is all I care about! -dans
\_ Typical Jew.
\_ This is such an obvious troll, but say
that to my face some time and see what
happens. -dans
\_ Well, at least you're honest about your
hypocrisy....
\_ Your posts lack either insight or humor?
Do you have a point? If your goal is to
upset me, you failed. -dans
\_ You are mostly in the ballpark. There is more to
the law than simply arguments, and judges are
usually limited in their application of a statute
to a higher ct's interpretation of that statute.
I am not 100% sure, but iirc the word "primarily"
has pretty much been read out of the Sec 1201(a)
(2)(A). Note also that Sec 1201(a)(1) doesn't even
require "primarily."
There are two theories of vicarious liability you
probably need to know about:
1. Contributory Infringment - You knew that users
were infringing and either caused or contributed
to the infringment.
2. Inducement - You knew that users were infringing,
you materially contributed to that infringement
and you encouraged them to infringe for personal
gain.
If you gave the software away, you probably could
avoid the whole Inducement issue (the Grokster
theory of liability), but this is still an open
issue. hic sunt dracones.
After reading the itms music license, contributory
infringement seems like it could be a problem for
you. If you look at Section 9(b) Use of Products,
one may not actually own the bits that constitute
a song purchased from itms:
http://www.apple.com/support/itunes/legal/terms.html
[ This is one reason I won't buy from itms, even
though I drink a considerable amt of iKoolAid ]
\_ Cool, thanks! -dans |
| 2006/3/15-17 [Computer/SW/Security, Politics/Domestic/911] UID:42248 Activity:nil |
3/15 Homeland Security is everyone's business:
http://www.twotigersonline.com/banners.html -John |
| 2006/3/15-16 [Computer/SW/Security] UID:42246 Activity:kinda low |
3/14 http://news.yahoo.com/s/nm/20060315/od_nm/media_discovery1_dc Look you can look smart in front of your kids by relearning things you forgot in school! (In other words, people become dumber and dumber as they get older). \_ No, people forget things they don't use as they learn new things. \_ Just finished reading a Time article where it talks about how your brain becomes more efficient until around age 60 or so, when it starts to deteriorate. Of course, if you DON'T USE IT, then yes you will become dumber and dumber as you get older. |
| 2006/3/15-16 [Computer/SW/Security] UID:42245 Activity:nil |
3/15 Zfone Beta is out (secure VoIP software from Phil "PGP" Zimmermann):
http://www.philzimmermann.com/EN/zfone/index.html
\_ What do you have to hide? Hmmmm? |
| 2006/3/13-14 [Computer/SW/Security] UID:42206 Activity:nil |
3/13 "Big Boost Begins March 19"
http://www.actransit.org/news/articledetail.wu?articleid=c1e6ca52
New transbay bus lines crossing the Bay Bridge and San Mateo Bridge,
service increase to many existing lines, and the new All Nighter
service. |
| 2006/3/10-13 [Computer/SW/Security, Computer/SW/OS/FreeBSD] UID:42188 Activity:low 72%like:42184 |
3/10 Isn't posner supposed to be smart?
http://csua.org/u/f7i (news.com.com)
\- What is your point? also since he would have been hearing it
at the appelate level, his comment may be on some narrow legal
point. i imagine he approaches this in interms of his econ
approach about what ruling produces "efficient outcomes".
\_ this is so fcuked up.
\_ The guy who wrote the http://news.com.com must have read a different
opinion than the linked Posner one. Reading the linked Posner
decision, what the http://news.com.com article claims are "two
remarkable leaps" are actually just direct application of the
US Code ("damage" includes "any impairment to the integrity or
*availability* of data" [emphasis added]) or a previous decision
\_ I disagree. That US Code is "unconstitutionaly vague".
Simply deleting the files constitutes "impairent" to the
"availability of data." If attempting to delete the files
was a violation, then fine. But the fact that he happened
(unlike most people) to know how to *actually* delete the
files, is, im(ns)ho, irrelevant.
("violating the duty of loyalty, or failing to disclose adverse
interests, voids the agency relationship" State v. DiBiulio).
\_ The way I read the statute, IAC needs to show the following
in order to state a claim under the statute:
1. Citrin knowingly transmitted a program
2. To a protected computer; AND
3. Citirn intentionally used that program
4. To cause damage to the data on the computer; AND
5. Citrin was not authorized to cause that damage.
Posner is hearing the case on appeal from a dismissal for
failure to state a claim. Basically, at this point his
job is to assume that Citrin actually did all the things
IAC says he did and figure out if that would be enough
for IAC to get relief.
Added to this is the suggestion that some of the data
that was deleted may have been incriminating evidence
re a breach of contract or breach of the duty of loyalty
claim.
Given that it is so early in the game and the potential
destruction of evidence Posner seems to think that it is
probably a good idea to have Citrin tell the trial judge
his side of the story before the case is dismissed.
Re "damage" == "delete": To me, it seems clear that it is
within Congress' power to reach unauthorized deletions of
data from a protected computer under the Commerce Clause.
If you access my computer w/o my authorization, intentionally
install srm(1) and then srm /bsd, I think Congress has the
power to hold you liable.
I don't see the 5th amend vaguness argument, please explain. |
| 2006/3/2 [Computer/SW/Security, Computer/SW/Unix] UID:42066 Activity:nil |
3/2 very bizarre pass login behavior on soda ... I am able to login
using an old password, and variations of that password ... anyone
ever heard of this behavior before? I emailed root ... is anyone
checking that now???? |
| 2006/3/1-2 [Computer/SW/Security] UID:42050 Activity:nil |
3/1 Every once in a while my ssh and X11 via port forwarding would get
stuck and wouldn't respond anymore and I'd have to reconnect.
Does anyone know why this is happening and how to fix it? Thanks.
\_ Does this only happen after you've been idle for a while? |
| 2006/2/16-17 [Computer/SW/Security] UID:41894 Activity:kinda low |
2/16 When are these people going to realize how to correctly black out text
in a PDF file? It's fortunate it's only driver's license numbers that
were "blacked out".
link:csua.org/u/f05 (latimes.com) Sheriff's report on Cheney shooting
\_ I don't see what is wrong, give me a clue?
\_ Try to copy out the blacked out text.
\_ Try to think of the most stupid way imaginable to try to black
out text in an electronic document. Bingo.
\_ Hey, it might not be the stupidest. Never (mis)underestimate
stupidity.
\_ Beautiful. This happens almost too often in court, and people are
constantly calling to see if they can get what they thought was a
redacted copy off the website. --erikred
\_ "I was to report to the main house." "I was instructed to park my
vehicle ..." "I ... was turned over to another agent ...". Gee,
how submissive. County Sheriffs work for the county, not the Fed,
right? This Chief Deputy has no balls. That is, unless his report
on a typical highway pullover also reads like this:
"I was to report to the speeding driver's window."
"I was instructed that the driver's license has expired."
"I was turned over to the passenger who judged my (lack of) genital
size."
"I humbly submitted the written citation to the driver. Then I
excused myself back to the insignificant patrol car."
\_ Well, if he just ignored the secret service he'd be liable to
get his ass shot. Does he have authority over them?
\_ I know a guy who used to drive in nuke convoys when he was in
the army. The Colorado highway patrol used to try to pull
them over. They had helicopter gunship and F-15 escorts,
and U.S. gov't plates, generally were not speeding, and these
fuckers would come up with their little cop pistols and try
to start shit. It did not generally end well for the cops.
No one was ever hurt beyond a bruised ego, but they were very
very lucky.
\_ How do F-15 jets escort trucks going 65mph?
\_ Secret Service *is* law enforcement. They can make arrests,
etc. They most likely have jurisdiction wherever they are.
\_ If the County Sheriff don't have jurisdiction over this
incident, why was the Chief Deputy taking statements? |
| 2006/2/15 [Computer/SW/Security, Computer/SW/Unix] UID:41851 Activity:low |
2/15 Can one of you root guys please explain how tom has been
eearily and correctly identifying anonymous motd posters? Is he
abusing root or abusing his connection to root?
\_ I don't think tom's been abusing root. Unfortunately, it's not
too hard to identify most motd posters even without root. If you
have ideas for how to make it harder, please let us know. --root
\_ why should it be hard to identify who is posting to the MOTD?
Do we really think the MOTD is a better place for not having
the basic auditing capability that every other forum on the
net has? -tom
\_ I bet tom doesn't need technical means to know identify most
posters.
\_ Several of us have various scripted ways of figuring out who other
posters are but only a childish schmuck would descend to that
level in a cheap attempt to 'score' points on the motd. And his
predictive abilities are hardly "eery". He has a terrible track
record of identifying people especially considering how often he
names names.
\_ ooh, big bad tom naming names... Grow up, reiffin.
\_ nice try but wrong. |
| 2006/2/14-15 [Computer/SW/Security, Computer/SW/Languages/Misc, Recreation/Computer/Games] UID:41841 Activity:moderate |
2/14 Related to the gaming thread below. What made you/inspired you to
take CS? Computer gaming as a kid?
\_ Hott CS women. I was obviously misled.
\_ Isn't karen hot?
\_ Note that the comment is plural.
\_ If you're CS, yes.
\_ I liked computers and liked the idea of controlling them. I guess
I got started with LOGO and a toy robot that could be given simple
programs like "go forward, turn left, go forward, flash lights" etc.
\_ When I was 7 years old I used a Heathkit computer that my uncle had
bought. Just seeing some of the retarded games on it got me
interested.
\_ Anthro 193 survey form filled out by 200+ undergrads: all but a
trivial number said "money" or "parents made me for money".
\_ must have been during the boom years. I liked CS because it
was interesting.
\_ Early 90s. Definitely pre-boom. It was a recession.
\_ Writing really simple games in basic/pascal.
\_ Writing really simple but cool graphics code on an old Atari.
Pixels and sprites 4 life!
\_ Writing machine code on Apple II with no assembler to read some
hardware switches, and interfacing it with BASIC, was fun.
\_ Fuckin' a.
\_ Reminds me of when I wrote machine code to access the sectors of
a disk directly so I could read the Ultima IV map off the disks.
Then I remapped the character set of my dot-matrix printer to
match the game. The map was 256x256 squares. Ah, those were the
days of hand-assembled 6502.
\_ Just goes to show that practical application is a powerful
motivator; I learned ResEdit just so's I screw around with
hex code in Prince of Persia.
\_ We made our own maps on Ultima IV & III once we learned what
all the codes stood for.
\_ My mom was a ai researcher. |
| 2006/2/3-7 [Computer/SW/Security] UID:41689 Activity:nil |
2/3 OpenSSH 4.3 is out. Mostly bug fixes.
http://marc.theaimsgroup.com/?l=secure-shell&m=113881090315376&w=2 |
| 2006/2/1-3 [Consumer/CellPhone, Computer/SW/Security] UID:41652 Activity:low |
2/1 Dear old farts. What was the consumer end of telecomm like before
the 1983 divestiture of AT&T into 7 baby Bells, in terms of price
for consumers, sound quality, reliability, and service?
\_ Most of you youngin' were too young to remember this but back
then long distance calls were prohibitively expensive. On the
other hand, you didn't have tons of long distance carriers to
choose from each with confusing plans, and you didn't have to
worry about MCI or 1010220 or 1010-RIPOFF that exist today, each
ripping you off one way or another because you didn't read the
fine prints. The quality and reliability of service was CONSISTENT,
meaning it wasn't all that great by today's standards but at least
you knew that your line sucked as much as everyone elses. Nowadays
the quality varies so much (cell, landline, voip) that it's hard
to make an informed decision on choosing a good plan-- e.g. in
one year Cingular's great, but next year it'll be oversaturated
again. To sum up, I miss the accountability and consistency of
service in the old days. I miss not having to read 10 different
plans before choosing one. I miss the easy to read telephone
bills-- you ever read today's bills and see how confusing it
is? I wish that today's companies would offer more
accountability, more independent auditing of quality of service,
and above all else making plans and fine prints much clearer for
consumers to make informed decisions. -old man
\_ i thought it's just AT&T :p the quality and reliability was
pretty good in my experience. During Chinese New Year time,
however, I would have to keep dialing for hours at the time to
get the international phone call through. Long Distance phone
call was expensive. The most important thing, IMHO, is that there
isn't much innovation when AT&T dominated the phone landscape.
Call-waiting, call-forwarding, caller-ID, i think all these things
cames up *AFTER* the break up of AT&T.
- cant wait to see wave of innovation comes out after we
breaks up Microsoft
\_ Let's see how many units M$ can break up to: OS, browser and web
server, dev tools, games, office apps. Browser and web server
might need to break up further into two.
\_ I remember standing in line with my dad so he could get a phone.
You would rent your phone from AT&T, you didn't own it. I read
an article about little old ladies who have been paying the phone
rental fees for 20+ years because the phone companies never bothered
to tell them they can have their own phones for free now. It's
a not-insignificant revenue stream.
\_ I might be wrong, but from what I recall you could own a
phone or rent one. However, it was expensive to buy one
and most people rented.
\_ You could own a cheap one, but it voided out your AT&T service
agreement. If something happened, they would "check the line"
since your non-standard equipment might have caused the
problem. Since your agreement was now void, they could charge
you whatever and take care of it whenever they felt like.
Mmmm... Taste that monopoly goodness. Then AT&T figured they
could get around complaints and make money by selling AT&T
approved phones. Welcome Princess and Slimline phones!
\_ Cost of long-distance calls (let alone international calls) was
prohibitive. For a modern equivalent, cf. Japan's NTT five to
ten years ago, complete with phone renting, no competition.
\_ "So I feel like a real consumer fool about my money, and now
I have to feel like a fool about my phone, too. I liked it
better back when we all had to belong to the same Telephone
Company, and phones were phones -- black, heavy objects
that were routinely used in the movies as murder weapons
(try that with today's phones!). Also, they were
permanently attached to your house, and only highly trained
Telephone Company personnel could "install" them. This
involved attaching four wires, but the Telephone Company
always made it sound like brain surgery. It was part of the
mystique. When you called for your installation
appointment, the Telephone Company would say: "We will have
an installer in your area between the hours of 9
A.M. October 3 and the following spring. Will someone be at
home?" And you would say yes, if you wanted a phone. You
would stay at home, the anxious hours ticking by, and you
would wait for your Phone Man. It was as close as most
people came to experiencing what heroin addicts go through,
the difference being that heroin addicts have the option of
going to another supplier. Phone customer's didn't. They
feared the power of the Telephone Company.
I remember when I was in college, and my roommate Rob
somehow obtained a phone. It was a Hot Phone. Rob hooked it
up to our legal, wall-mounted phone with a long wire, which
gave us the capability of calling the pizza-delivery man
without getting up off the floor. This capability was
essential, many nights. But we lived in fear. Because we
knew we were breaking the rule -- not a local, state, or
federal rule, but a Telephone Company rule -- and that any
moment, agents of the Telephone Company, accompanied by
heavy black dogs, might burst through the door and seize
the Hot Phone and write our names down and we would never
be allowed to have phone service again. And the dogs would
seize our pizza." --Dave Barry |
| 2006/1/25-27 [Academia/Berkeley/CSUA, Computer/SW/Security, Computer/SW/Unix] UID:41509 Activity:nil |
1/25 to root: just curious... what might be the causes of recent
Soda unstability? are you guys doing something that may crash soda?
are you guys trying to fix something?
\_ The root of the problem is that the root used to be run by
experienced late 20/early 30 something folks, and when the
root was handed down by the new gen-Y 20 year old kids, they
don't know how to run the system. In fact they prefer soda
running on Windown XP.
\_ http://csua.org/u/erg
Rest assured, when Soda recovers from its Jan. 24th funk, it
will be much happier and stable. -mrauser
\_ I prefer the more straight-forward approach of the VP bat.
- jvarga |
| 2006/1/21-24 [Computer/SW/Security, Computer/SW/OS/OsX] UID:41471 Activity:low |
1/21 How does one usually write a log file from a multi-threaded
server? Is there a way to avoid using locks around the file
writes? Relying on some kind of low-level atmoic writes and
fsync() or something?
\_ I would create a class to act as the single point of access
to the log file. Have the other threads go through the logger
singleton to write the info into a ring buffer and signal
a separate thread to actually write to the file. - ciyer
\_ Well you will need a lock to write into the ring buffer, and once
one thread has that lock then if the buffer is getting full you
can have that thread write the buffer and flush the output stream
right? -!op
\_ That should work too. I work with audio and parts of my
code run in realtime threads which should not block, so
I've implemented a lockless ring buffer (using
CompareAndSwap on OS X) so the thread writing into the log
never takes a lock and can't access the disk |
| 2006/1/10-12 [Computer/SW/Security] UID:41329 Activity:nil |
1/10 I added X11 forwarding (said "yes") in /etc/ssh/ssh*_config
and /etc/init.d/ssh restart. However, my win ssh client
still says "server does not allow X11 forwarding." What's up?
\_ Silly question (or maybe not).. Are you running an X server
on your windows box? Another silly question. Is X installed
on said server? sshd needs to be able to find xauth, etc to
do X forwarding. Make sure they're in your path.
\_ THANK YOU. After thinking about this, I simply did an
apt-get install xbase-clients which then pulled in all
the X dependencies. Afterwards, I can do X!!! Yay!
Thank you so much. By the way how do I check which
package depends on others? I have no idea what package
I pulled in.
\_ rpm -q --requires xbase-clients -tom |
| 2006/1/4-6 [Computer/Theory, Computer/SW/Security] UID:41226 Activity:nil |
1/4 "Mo. Researchers Find Largest Prime Number"
http://news.yahoo.com/s/ap/20060104/ap_on_sc/largest_prime_number
Why are people interested in finding large prime numbers? They already
know that there are infinte number of primes, so what's the point of
finding them?
\_ because they are there. finding more may help with proving
(or disproving) conjectures about dist. of primes, etc
\_ You know that prime numbers have a lot to do with public key
cryptography right?
\_ Yeah, but with a prime as large as 30 million bits?
\_ This is usually tangential to burning in a new supercomputer.
They let it sit there and compute prime for a bit. As computers
get ever faster, they find new primes and it generates a little
PR for the guys running the new computer. At least this is how
most of these ginormous primes are discovered.
\_ Learning how to work with large primes has value. We used to
compute pi to billions of digits. Now we test primes.
\_ This particular project is more like SETI-at-home and
is validating a s/w concept re: distributed computing.
Lots of these primes are incidental discoveries.
\_ This is usually tangential to burning in a new supercomputer.
They let it sit there and compute prime for a bit. As computers
get ever faster, they find new primes and it generates a little
PR for the guys running the new computer. At least this is how
most of these ginormous primes are discovered. |
| 2005/12/26-28 [Academia/Berkeley/CSUA, Computer/SW/Security] UID:41141 Activity:nil |
12/25 I can't log into soda from my home machine. (I can ssh to beer
and ssh to soda from there, however) -jrleek |
| 2005/12/20-22 [Computer/SW/Security, Politics/Domestic/SocialSecurity] UID:41088 Activity:nil |
12/20 Update on the "DHS visits student for book ILL" story. At least one
fact is wrong. The ILL doesn't require a social security number:
http://acrlblog.org/2005/12/19/interlibrary-loan-causes-a-stir |
| 2005/12/12-14 [Computer/SW/Security] UID:40978 Activity:nil |
12/12 On the hardware page the SSH rsa and dsa keys are listed as:
RSA - 96:0d:44:65:af:9b:c2:9a:b3:19:6f:28:bc:07:85:e4
DSA - 91:cc:22:95:03:1d:92:3f:a3:4b:1d:5c:0c:44:d6:69
I think these are the keys for coke. Anyway, when I run
ssh-keygen -l on soda (or when I get the keys via keyscan)
I get the following values:
RSA - e1:9c:e5:c7:f9:9f:f3:af:04:ef:df:2d:63:b0:84:4a
DSA - 2a:5f:0c:23:c2:80:dc:ef:d4:ee:bb:4e:a5:80:25:d5
Can someone fix the webpage?
http://www.csua.berkeley.edu/computing/hardware
tia.
\_ Finally did it. - jvarga
\_ Thanks. You rock. |
| 2005/12/10-12 [Academia/Berkeley/CSUA, Computer/SW/Security] UID:40952 Activity:nil |
12/10 Where can I find the new ssh keys?
\_ http://csua.berkeley.edu/computing/hardware |
| 2005/12/9-11 [Recreation/Computer, Academia/Berkeley/CSUA, Computer/SW/Security] UID:40941 Activity:nil 77%like:40940 |
12/9 Looking for a job? Come work with us at Snapfish (now a service of HP).
It's fun and neat and all that stuff. Take a look at
/csua/pub/jobs/Snapfish for the latest postings, and feel free to
drop me a line with questions or whatnot. - ajani |
| 2005/12/7-9 [Computer/SW/Database, Computer/SW/Security, Industry/Jobs] UID:40906 Activity:nil |
12/7 We're looking for interns for a 3-5 month project helping us
populate our security policy database for various windows applications.
The work involves installing the application, using it for a while,
determining the appropriate security policy, and entering it
in to a database. Work is 15+ hours a week (however much you want
to work above min. 15 is fine), pays $12-$15 an hour, and can be
done offsite from the comfort of your own home.
email sking@zonelabs.com if you are interested.
--sky
\_ Don't you know students don't read motd?
\_ Good point. i should email jobs@csua |
| 2005/12/4-6 [Computer/SW/Security, Computer/SW/Unix] UID:40845 Activity:nil |
12/3 Free rootcow!
\_ Freed. --mconst
\_ What does this mean?
______________________________
< Someone may be abusing root! >
------------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| || |
| 2005/12/4-6 [Computer/SW/Security] UID:40837 Activity:low |
12/3 Hey root, did someone p0wn soda? Why'd the host keys change?! Is
this a man in the middle attack? Do we all have to change our
passwords and keys now? [Someone had to do it. ;-)] Thanks jvarga,
you're the best.
\_ I stole all your passwords. hahahahaha. Or something like that.
I figure I'll actually field this question: I actually intentionally
did not keep old-soda's keys. I'll post the new keys on the website
when I am a bit more conscious. For anyone that is interested:
http://soda.berkeley.edu/computing/hardware/soda-mark-vii.html
- jvarga |
| 2005/11/22-24 [Computer/SW/OS/Windows, Computer/SW/Security] UID:40691 Activity:kinda low |
11/21 In windows I can disconnect anyone who's using shares on my computer.
How do I disconnect from shares I'm using on another computer--for
instance because I'm using a common computer and I want to revoke my
authentication?
\_ right-click and hit 'disconnect'? -John
\_ "net use /?" from cmd shell. --sky
\_ No, not a mapped drive. I mean I browse to \\server\dir and want
to close the explorer windows and when I browse again I get
reauthenticated.
\_ Uh, as sky said: net use. It has nothing to do with whether
the drives are mapped.
\_ "net use \\server\dir /del". On the other hand, please tell
me how to disconnect anyone who's using shares on my computer.
Thanks.
\_ Right click on My Computer > Manage > System Tools >
Shared Folders > Sessions |
| 2005/11/16-18 [Computer/SW/Security, Politics/Domestic/President/Bush] UID:40626 Activity:moderate |
11/16 So, it was Hadley who was Woodward's source.
He was Deputy Natl Security Advisor at the time (NSA was Rice), and is
NSA now.
\_ url?
\_ http://news.google.com/news?q=hadley+woodward
\_ "In his book, Plan of Attack, Woodward says he was given access to
classified minutes of National Security Council meetings. Both
Rice and Hadley were major players in these meetings."
Okay, so he was given access to classified minutes and info. If he
was aware that the information was classified and he revealed it,
then he's guilty of revealing classified info. If he did not
reveal it, then Woodward's a dead-end in this investigation,
except perhaps to point out that the Administration tried to leak
the info from multiple sources.
\_ Are you suggesting that Woodward had some sort of s00perd00per
sekr!t clearance, and thus revealing classified info to him
would not be a crime?
\_ If not, then yes, it's a crime, and Hadley should be charged.
If he _was_ given clearance, then no. Either way, Scooter's
still in the fryer.
\_ NYT has hinted the Senior administration official might be Cheney.
\_ but the NYT is a proven fraud, many times over.
\_ You don't know what the word "fraud" means. It has not
been 100% correct, nothing is, but it has won many
Pulitzers for fine reporting. It has certainly got
more integrity than the Bush Administration. At least
they fire the liars in house, instead of promoting them
and giving them Freedom medals. |
| 2005/11/16-18 [Computer/SW/Security] UID:40622 Activity:nil |
11/16 Why doesn't Yahoo Mail use secure web pages? Does it take a lot more
hardware resource to run a secure web site? Thanks.
\_ Yes. You need to actually encrypt the pages, which is probably about
10x as expensive as serving them unencrypted. So, while not
resource intensive by modern standards in an absolute sense, 10x
means 10x as many servers to serve the same load. That's nothing to
sniff at for a big provider.
\_ there are SSL engine systems they could put in front of the
actual web servers to handle the encryption load and separate
it from the mail servers. They're not cheap however. What
were you paying for Yahoo Mail's secure mail service, again?
\_ Are you saying they aren't making any money off of me? |
| 2005/11/12-14 [Computer/SW/Security, Computer/SW/OS/Windows] UID:40559 Activity:low |
11/11 I'm phone shopping and looking for suggestions. I don't need anything
but good phone service and the ability to swap files easily with a
computer. I'm on Cingular. I just found out the only data swap package
for the Samsung phone I bought (SGH-X497) uses a serial port. No USB
options available which kind of blows. -- ulysses
\_ what kind of file you need to swap? Best addressbook /desktop
integration belongs to Microsoft :( If you want to swap photos,
ringtone, wall papers, etc, both Nokia and SonyEricsson has good
data suite for their phones.
\_ The addressbooki is all I care about. The rest is fluff AFAIAC. |
| 2005/11/9-11 [Computer/SW/Security] UID:40516 Activity:nil |
11/9 Does anyone know of a web hosting service that provides unix shell
access that can access IMAP files? I was looking at 1and1, which
offers good space/bdw and ssh access, but their mail is maintained
separately from the hosted files, which is kind of lame. I'd like
to be able to easily import or backup IMAP files using something
like scp. Thanks! -mds
\_ price range?
\_ Yes.
\_ 1and1 with shell access an 10GB of space is $10/month. I'd
like something similar (e.g. < $20/month if possible) that
has a shared pool of mail and web data. It would have to be
less than the cost of co-hosting my own box (which I don't
have time for right now). Alternatively, I guess some means
of doing bulk transfers of IMAP data might work in a pinch, but
I haven't seen a client capable of doing that? -mds
\_ Typically your IMAP data is owned by one of the mail server
accounts and couldn't be read by your UNIX account.
\_ so then you're completely at the mercy of the server
backups? I'd think there would be some way to take
a dump of those remote files as well? Haven't found
a thunderbird plug-in or similar to do so, though.
\_ belay that, found the link below. Thanks! -mds_
http://gemal.dk/blog/2004/02/19/backup_your_imap_mail
\_ How about fetchmail? --dbushong |
| 2005/11/8-10 [Computer/SW/Security] UID:40487 Activity:nil |
11/8 Don't forget, there's talk on software election security by one
of the leaders in the field, Dr. David Jefferson. It's tonight
at 6pm in 306 Soda,
\_ How long is the talk supposed to run?
\_ Probably about 1 hour.
\_ Why is it not held before the election day?
\_ Basically logistical reasons. David Jefferson is a busy
guy, and originally he was going to speak on something
totally different. We didn't get it all figured out until
last week, and the room is availible today. -jrleek |
| 2005/10/31-11/1 [Computer/SW/Security, Computer/Networking] UID:40347 Activity:moderate |
10/31 What's the best tool out there to crack WEP?
\_ pissed that your neighbor finally enabled encryption?
\_ Can't hack into the webcam in their daughter's bedroom?
\_ mmm, daughter cam.
\_ Auditor collection. http://www.remote-exploit.org and make a donation
to Max. You owe me a coke. -John |
| 2005/10/30-31 [Computer/Networking, Computer/SW/Security] UID:40339 Activity:nil |
10/29 I'm using ssh X port forwarding and just got a DLINK game router.
Which port should I prioritize?
\_ its all over ssh -- port 22 |
| 2005/10/28-31 [Computer/SW/Security, Computer/SW/Mail] UID:40324 Activity:nil |
10/28 Abandon the Web! guerrilla platform warfare: http://csua.org/u/dus |
| 2005/10/27-29 [Computer/SW/Security, Computer/SW/Unix] UID:40291 Activity:low |
10/27 Okay, is ftp completely gone? I'd search the motd archives but,
wait for it, there are none.
\_ try sftp or scp. most sftp clients that I've used have scp
support for transfering multiple files or directories.
\_ Hm, does WS_FTP do sftp?
\_ Use Filezilla.
\_ putty has a free command line scp binary that I use all
the time. I've never tried their sftp client, but it can
be found here: http://www.putty.nl/download.html -sax
\_ See section 3 of last week's minutes. -gm |
| 2005/10/22-24 [Computer/SW/Security, Computer/SW/WWW/Server] UID:40230 Activity:nil |
10/22 I want to set up a Wiki site for users of a software framework, but
I'm concerned about security. Are there any Wiki engines that are
particularly good about security? Any good sites discussing this?
Thanks. - ciyer
\_ Not twiki.
\_ google for natswiki. It's a mod of twiki. |
| 2005/10/22-24 [Computer/SW/Security] UID:40227 Activity:nil |
10/22 How come .nofinger does not prevent people from getting my last login
remotely?
\_ Make sure fingerd has permission to access your home directory --
otherwise it can't see your .nofinger file. Try "chmod a+x ~".
\_ Can't reproduce. Sanity check: soda has a hacked up fingerd. Are
you trying to put a .nofinger somewhere else? |
| 2005/10/16-19 [Computer/SW/Security, Computer/SW/Unix] UID:40126 Activity:nil |
10/16 I accidently overwrote a file in my home dir. Is there a process
where I can request the version of this file from, say, 1 month
ago? Or are there even backups/archives like this at all?
\_ mail root
\_ Yes, backups do exist. Right now, they are not mounted, so
you will need to email root. Be aware that backups do rotate out,
and are currently being sporadically manually done, so email sooner
than later -- njh (the guy who runs backups)
\_ Thanks!! Now that I think about it, I might actually have my
own backup from the time I want, though it would be on a PC
that I don't have access to today. I'll check for my own
backup before emailing root, but it's good to know that root
can help me if necessary. Thanks! -op |
| 2005/10/15-16 [Computer/SW/Security, Computer/SW/Unix] UID:40104 Activity:nil |
10/15 Here is a proposal, a compromise for both parties. Split
/etc/motd.public into two files-- one is /etc/motd.civil
which is logged and viewable by root only, and is viewed in
default .login. The other one is /etc/motd.wild, which is
unlogged and is pretty much like our current motd.
\_ The problem with this "solution" is that it does not fix
the problem of threats, slander, etc, from the point of
view of the politburo. They are still responsible for
hosting it. -ausman
\_ Your welcome to create ~user/cesspool.motd if you really want a
place where you can be threatened at will by anyone. Root will
not breach the anonimity of the logs unless there is a specific
post which requires it. -mrauser
\_ I have a better idea. We'll have one file called /etc/motd.public
which is an open forum for discussing politics, fundamental
computer science, the computer industry, general science, sex,
and the meanining of life in a lively, free form, while also
posting timely links about current events and giving recent grads
a leg up on their careers. Then we'll have another file called
/etc/motd.jamf, where a small group of people can have a
carefully logged and moderated discussion of vi/EMACS, the
latest linux kernel and monty python. Anyone who mentions
politics, sex, violence, industry, uses a swear word, or says
anything remotely useful or interesting on /etc/motd.jamf
will recieve a demerit. Three demerits will banish them forever
from /etc/motd.jamf. |
| 2005/10/14-2010/9/30 [Academia/Berkeley/CSUA, Computer/SW/Security, Computer/SW/Unix] UID:40095 Activity:nil |
**/** Do not mail individual members of root for assistance. You will be
ignored! Your root staff are: steven, edilaic, mconst, jvarga,
mikeh, mrauser, kimbrel, toulouse, vaheder
Your Politburo are: kimbrel (P), steven (VP), toulouse (S),
yns88 (T), vidya (L), steven (E), bordicon (A)
Your new Politburo are: toulouse (P), steven (VP), eyung (T),
stevenk (S), sakura (L), dw5ight (E), scotspin (A)
The uncensored messages below this line may not reflect opinions of the CSUA. |
| 2005/10/13-14 [Computer/SW/Unix, Computer/SW/Security] UID:40061 Activity:very high |
10/12 [moved to top]
I strongly suggest everyone read the minutes from the last
meeting. Both changes to the motd and soda itself were
discussed. -jrleek
\_ (Put up front since it's relevant) One thing that was left out of
the minutes is this: although we decided to enable logging of the
MOTD, we would like the implementation to be put in place by the
users OF the MOTD. The decision stands and is not debatable, but
the flavor of it is up to you guys. The current proposition is
to enable kernel auditing, such that only root can view the logs.
If you have a more palatable idea, you're welcome to submit your
opinions to root@csua. Of course, 'ideas' are not nearly as
useful as 'implementations', if you propose something non-trivial.
\_ I don't have any complaint on any of this. I just like to
ask if you guys can consider making the list of people who
have root public, and tighten access control to only those
who should have root. Secondly, I'd like to ask if you guys
can make all user complaints and requests to expose offenders
public. I'd hate to see root exercising power under the hood
without any form of auditing. Without public auditing
there is no check and no balance.
\_ Why perpetuate the scam and make us lend the logging an air of
respectability?
\_ I am amused by the fact that this was posted anonymously. -gm
\_ Exact proposition: "To allow, when necessary, root-types to
identify exactly who posted any message in the MOTD"
\_ If I read these correctly, the change that will be implemented is
a foolproof way for root-types to know who is posting to the motd,
so that people who make direct threats can be found. Somehow I
doubt this is gonna raise the quality of the discourse around
here.
\_ The problem is we've apparently seen root-type people abuse their
root in the past to un-anon people on the motd they simply don't
like. I'd like to know who the root-type people are and that
there is some official (as official as the csua can get) process
in place to a) make sure no one else has root and b) make sure
the very limited set of people with root are known and c) revoke
root privs of abusers. I was once in favor of a totally anon
motd, but given some of the vicious and excessive personal
attacks, threats, and named posts clearly intended to destroy
other people, I've changed my mind on the topic. Free speech
is a good thing but yelling fire in a theatre is not ok nor is
abusing anonymity to harass or ruin others.
\_ The root list has been getting cleaned up, and I have made
sure that the only people with root on any of the new
machines are active, trustworthy root types. Furthermore,
abuse of root power by anyone to un-anonymify someone for
any reason other than official business is an immediately
squishable offense in my book. If I caught someone using
root logs to spite someone on the motd, I would not hesitate
to not only revoke the root cookie, but also sorry that
person's account. I would even take such action on a
current member of Politburo if they did such. I consider
the privacy of the people on this server, and the
professionalness of those who have access to priviledged
information on this server very important. - jvarga
\_ You are a thin-skinned idiot.
\_ Haven't been around here that long, huh?
\_ Only about 8 years. What'd I miss?
\_ Pfft. n00b! -meyers
\_ You missed the part where not abusing root is a good
thing, and an obvious thing. Where have you been?
\_ Vicious and excessive personal attacks? Perhaps, but the
motd is not for the faint of heart. This is less "fire" in a
theater and more theater of the absurd. More Sproul Plaza than
debate club. Keep it anon. How else am I supposed to make my
snide "yermom" comments without looking like a total sleeze?
\_ yer mom doesn't mind looking like a total sleaze.
\_ You're correct that too many people have root. We'll get
an automatic reset when we switch to new soda, we should
set up some new rules then.
\_ So let's say some user provides a web- or e-mail based front-end to
let anonymous types modify motd. The soda log will show that the
creator of the interface is making changes, even though it could be
Joe Loser off the Internet. I suppose at the first abuse then that
interface should be shut off?
\_ Before the first abuse; it's against policy to share your
account. -tom
\_ Has this specific example been tested yet? ("share your
account" encompasses providing a web/e-mail interface for
people outside soda to anonymously modify motd)
\_ "share your account" means whatever they want it to mean.
\_ This would also qualify under "don't be a hoser." -tom
\_ Just curious, but how many of you outraged motders are actual
csua voters?
\_ I'm disappointed that the CSUA would run Linux, I'm not sure what
the issue was with BSD. There was a big push to get it working
at the end of last year, and as far as I know it was. What
happened? --jwm
\_ How competent is the vp? This is not intended to be a put
down as such, but failing to get bsd to boot may be
\_ How competent is the vp? Failing to get bsd to boot may be
meaningful or meaningless, depending on vp cluefulness.
\_ As freebsd developers have trouble getting 5.4 to run on
certain amd boxes, I wouldn't use this as a guide to VP
cluefulness
\_ You do know that my question regarding vp cluefulness
still applies until you show (boot_bsd(clueless admin)
== 1) for all values of clueless admin.
\_ What's wrong with Linux these days? (Aside from TRADITION!)
\_ If you have to ask, you don't know.
\_ Yes, that would be why I'm asking.
\_ Install the 2.6 kernel and see how long it lasts
under load.
\- can you elaborate on this a little. i have some
crunching farms and the people who run them for
me appear to slowly be moving toward 2.6. tnx. |
| 2005/10/13 [Computer/SW/Unix, Computer/SW/Security, Politics/Domestic/President/Bush] UID:40060 Activity:nil |
10/12 root, please do not squish me for posting this treasonous
url anonymously. also the picture is wrong, p bush
was funding them until 1951.
http://www.indybay.org/uploads/p1090147a.jpg - danh
\_ It's been nice knowing you danh, I shall miss you after your
mysterious disappearance.
\_ Huh, I didn't realize we were into punishing the sons for the
sins of the fathers. |
| 2005/10/8-9 [Computer/SW/Security] UID:40023 Activity:nil |
10/7 putty seems to lock up on Windows about 10 minutes after I don't type
anything ... Even with the keepalive with a "Network error: Software
caused connection abort" ... Adding the keepalives didn't make any
difference. Had to switch since soda no longer supports ssh1 ...
How do I stop this from happening?
\_ are you implying that your previous ssh client didn't do this?
\_ Yes teraterm + ttssh never had this problem.
\_ Same problem here--I am behind a firewall with a timeout setting
(haven't checked yet how long). This is the same for OpenSSH
3.8.1p1 on OSX, commercial SSH on XP and Mindterm. Use spinner,
that usually works for me. -John
\_ try both TCPKeepAlive and ServerAliveInterval on openssh...
curious to know if one helps and not the other. |
| 2005/10/6-9 [Computer/SW/Security] UID:40007 Activity:nil |
10/6 What's the easiest way to get the ip from the env var
SSH_CLIENT="10.10.10.10 1212 22" in bash? I want to use it to
set the DISPLAY env var.
\_ see man pages for any/all of: sed, awk, perl, cut, tr (and many
others).
\_ Why are you doing this? ssh will set DISPLAY itself if you
run it with the right options, and it will do it securely. -tom
\_ Ah, thx.
\_ ssh -X -l mylogin hostname
\_ ssh -Y -l mylogin hostname
\_ Ok, now it's slow. ;) What's the fastest cipher and mac
to use? The choices are:
rc4/blowfish/aes-128/192/256/twofish/3des...
\_ plaintext.
\_ IMO, blowfish is the best blend of speed and security
\_ RC4 is by far the fastest, and secure enough for joe averages
using SSH2.
\_ After you log in, how do you see what cipher/mac is in use?
\_ depends on what ssh you use, obviously. i don't know of
a way for openssh. use -v to see what's being
negotiated.
\_ Ok, now it's slow. ;) What's the fastest cipher and mac to use? |
| 2005/10/4-6 [Computer/SW/Security] UID:39972 Activity:nil |
10/4 New AC Transit Transbay Service Begins December 5th
http://www.actransit.org/news/articledetail.wu?articleid=35e17163 |
| 2005/10/3-5 [Computer/SW/Security] UID:39961 Activity:nil |
10/3 I would like to download my work calendar to my personal
laptop which is running XP outlook whilst the server is
Exchange 2003. The computer is not a member of the domain;
the standard " add exchange account" fails once it can not
resolve the username via check name. I have no problems using
imap or the web access to get access to the mail. I can also
log into shares on the machine as well. is there a way to
download the calendar via the cli ?
\_ You don't need to use 'check name'. It'll be something like
windowsloginname@exchangeserver.domain.com where domain is your
AD domain (AD usually but not always corresponds to your DNS
domain.) Check with a co-worker's outcrook that works. If you
can't figure it out, let me know and I'll check in a few days. -John
-- I found out what the problem was. There is a value in
mapisvc.inf called PR_RESOURCE_FLAGS that needed to be
changed in MSEX section. Thanks for responding |
| 2005/9/21-23 [Computer/SW/Languages/C_Cplusplus, Computer/SW/P2P, Computer/SW/Security] UID:39809 Activity:nil |
9/21 http://tinyurl.com/7swro It's the dawn of the age of uninhibited file sharing! LionShare is creates a neat, private sheltered place where people could shop music and movies to their heart's content without entertainment companies ever knowing. |
| 2005/9/20-21 [Computer/SW/Security] UID:39782 Activity:high |
9/20 what is 'fan service' in anime?
\_ scantily clad female characters
\_ It has more to do with very extraneous scenery that doesn't
enhance plot, character, etc. Mostly yeah, it's little
revealing clips (random upskirt shots, etc) but depending on the
feature and subject "fan service" can refer to anything 'extra'.
\_ I think wikipedia is pretty good here:
http://en.wikipedia.org/wiki/Fan_service
\_ Wikipedia failed on the word BBFS, bare back full service
\_ Go in and fix it! |
| 2005/9/17-20 [Computer/SW/Security] UID:39722 Activity:nil |
9/17 While using eMule, after some hours, it loses the internet
connection, sort of. eMule continues to work fine. If I have an
open ssh connection to csua, that's working fine. But I can no
longer go to any web pages, open any new ssh connections, and some
of the IM programs lose their connection and won't reconnect. The
only solution I've found is to reboot. Is there any other way? |
| 2005/9/11-13 [Politics/Foreign/Asia/China, Computer/SW/Security] UID:39626 Activity:nil |
9/10 One more data point that libertarianism leads to chaos:
http://news.bbc.co.uk/2/hi/programmes/click_online/4227578.stm
\_ "It can be used for many good things, like giving the oppressed a
voice, but users can also preach race-hatred or share child
pornography with complete impunity." Gee, what else does that sound
like to you... I know! Speech! Hands! Computers! Brains!
Ban them all!
\_ Any politcal/economic system can be a problem if unchecked. That
why we have limits on speech, captialism, etc. |
| 2005/9/9 [Computer/SW/Security, Computer/SW/WWW/Browsers] UID:39585 Activity:kinda low |
9/9 Dear Park B1 (Firefox 1.5) is out:
\_ "Deer" Park you moron.
http://www.mozilla.org/projects/firefox
OpenSSH 4.2 is out as well:
http://marc.theaimsgroup.com/?l=secure-shell&m=112558710925132&w=2
Portable: http://www.openssh.org/portable.html
OpenBSD: http://www.openssh.org/openbsd.html
\_ fyi, that B1 means Beta 1 (didn't know myself) |
| 2005/9/7-9 [Computer/SW/Security, Politics] UID:39549 Activity:nil |
9/7 Awesome, London's mayor thinks the bombers families should be
allowed to attend the national memorial service for the victims.
http://news.bbc.co.uk/1/hi/england/london/4220836.stm
\_ I think it's a good gesture. Or shall the sins of the father be
visited upon the son, and his son, and further unto 5 generations?
\_ Ob affirmative action.
\_ It would be a nice gesture if the victim's families invited
them (highly unlikely), not the frinkin' mayor. Inviting
the murder's family to the victim's funeral is asking for
trouble.
\_ True, but it's suicide 'victims' too. |
| 2005/9/6-8 [Computer/SW/Security, Computer/SW/Unix] UID:39525 Activity:nil |
9/7 Is there a way to change passwords on windows from the cmd line?
I only have a telnet session... Thx.
\_ Your google fu is weak.
http://support.microsoft.com/?kbid=149427 -John |
| 2005/9/6-7 [Computer/SW/Editors, Computer/SW/Security] UID:39523 Activity:low |
9/6 Probably old news to some of you, but what do you all think of the
"Street Performer Protocol"?
http://www.firstmonday.org/issues/issue4_6/kelsey
\_ I'd probably never go for it.
\_ I think the ideas sounds interesting in parts, but I don't
see how it could work as the primary mechanism for funding of
copyrighted works. An author who wishes to publish his first
novel will not be able to get donations, so he needs someone
else (i.e., a publishing house) to decide he is worth it,
market the book and put it in stores. That publishing house
needs to have control of the copyright to at least some extent,
because they publish and promote a lot of books by first-time
authors and most of them don't make money, so to fund their
operations they need to make their money from the few successful
books.
The idea might work for Stephen King. -tom
\_ Stephen King tried it and it failed him if I recall.
\_ King tried putting his books up for download by serial,
with small payments, but without any escrow. So very
few people actually paid for them because they were all
available on the the file-swapping services for free.
If he said "OK I want to make $100K off this book" and
waited until there was $100K in escrow, the file-swapping
problem would be mitigated. -tom
\_ It's overly optomistic about a performer's skill. One of the
greatest resource of a publishing house is it's editors. First
novels are hardly ever insta-classics without the vicious advice
of an editor. Plotholes, meandering writing, lack of character,
inaccurate facts, etc. sinks books even before they are finished.
A good editor will fix that. Plus, a partially written book does
nobody any good. Authors should create a finished product or they
will find themselves lost like a potter trying to glaze a wet
piece of clay. |
| 2005/9/2-3 [Computer/Rants, Computer/SW/Security] UID:39448 Activity:low 52%like:39356 |
9/2 Evil Corporation Wal-Mart response to New Orleans looters:
http://informationweek.com/story/showArticle.jhtml?articleID=170102839
\_ $15m in goods at retail prices or Wal-Mart prices?
\_ When is Bill Gates going do donate some Office 97 to the victims?
\_ I wish you'd post your names so I could hate you both properly.
Fucktards.
\_ What do you think the "sandbags" are filled with? |
| 2005/8/30-31 [Computer/SW/Security, Consumer/TV] UID:39354 Activity:nil |
8/30 http://cbs5.com/business/finance_story_228124420.html Interesting map idea, but I think would would be even cooler is a 3-D satellite map. Right now Google has a 2D satellite map, but if they can scan, interpret, and re-render the terrain in 3-D that'd be even cooler |
| 2005/8/29 [Computer/SW/Security, Academia/Berkeley/CSUA] UID:39326 Activity:nil |
8/28 The yellow triangle "Time Warner Full Service Network" poster has
been taken down from the CSUA Office. If this has any lore-value
to anyone, come grab it ASAP. First come, first serve. - amckee |
| 2005/8/23-24 [Computer/SW/Security, Computer/SW/Unix] UID:39241 Activity:nil |
8/23 Looking for a good backup software for Windows. Preferably free,
or something cheap with encryption. I'm sick and tired of manually
using MS's backup software to create a tar-like file and then
using my pirated Nero to burn it on the DVD. ok thx.
\_ Check out the backup reviews first.
http://www.backup-software-reviews.com
I downloaded a copy of Genie Backup Manager, trial version.
It is very good. I got it from Bittorrent with serial keys
but I liked it so much that I decided to buy it from them.
\_ I use Acronis True Image to back up my Windoze disk to an
external hard drive. It's fast: 1 gigabyte / minute over
FireWire or an efficient Hi-Speed USB 2.0 interface.
Image is password-protected (though not encrypted, but I think
the password protection is good enough). Buy the download version
off http://newegg.com. |
| 2005/8/23-24 [Computer/SW/Security] UID:39233 Activity:low |
8/23 Hi motd. I recently got a Dell Latitude D610 from work. There is a
"Hard Drive Password" feature in BIOS. After setting it, now every
time I boot it asks me for this before it loads the OS.
Does anyone know if this password is stored on the drive or on the
mobo? E.g., if the latter, I can just put the drive in an external
enclosure and access all files. Thanks. I suspect the latter.
Okay, I see here it looks like the former:
http://www.pcreview.co.uk/forums/thread-1942031.php
\_ Depends on the make & model. A lot of mfgrs deal with the password
with a combination of bios and either an eeprom or a reserved area
on the drive. Generally it's some variant of the bios being a
sort of "handler" for the password info which is stored elsewhere.
The good news is, there are ways of breaking this with some
understanding of electronics diagrams and a degree of proficiency
with a soldering iron. With some IBMs, for example, you need to
nuke the password on the particular laptop it was set on before you
can use it for something else (unless of course you break it, which
is difficult-but-not-impossible.) I did some research on this a
while ago for a project, but my info may be out of date. -John
\_ fyi, I downloaded the spec doc for the Hitachi 5K80 Travelstar,
and there's a whole section on this, which leads with: "With a
device lock password, a user can prevent unauthorized access to a
device even if it is removed from the computer." It sounds like
\_ fyi, I downloaded the spec doc for the Hitachi 7K100 Travelstar,
and there's oodles about password set/clear/change. Presumably
this is all stored on the HD.
Upon further reading, it looks like the drive supports a Master
Password and User Password. Presumably the Master Password is
known only to Dell and is different for different service tags,
and is used to unlock the drive if the user forgets the User
Password that he or she used to lock the drive.
Unfortunately it looks like all you need is a keygen program
to get the Master Password for Dell Latitudes:
http://www.techspot.com/vb/topic18780-pg4.html&pp=20
Doh! -op
I do agree that if you speak with Dell they'll probably tell
you a special way of clearing the "Hard Drive Password" if
you authenticate with them completely. And DriveSavers probably
knows exactly how to do it without any trouble.
After googling for a while, it looks like this is the only way to
clear the hard drive password: http://dp.allhyper.com
Much easier to clear the non-hard-drive passwords. -op
\_ OK the mechanism I found consisted of soldering together a
bit of electronic gymcrackery according to a set of wiring
specs I found, which would slurp the password hash off the
laptop via serial and let you dump it on a PC in order to
crack it. I'd be very interested in what you find, so if you
would like to look at the bit of poking around that I did,
drop me a mail (non-bouncing email in my .plan) -John
\_ Oh, it's just the link I posted -- run the keygen
against the reported hard drive code, obtain the password
which clears the other passwords. Apparently another
mechanism involves a paperclip shorting some pins. -op
\_ Good news. That keygen only works for old service tags
(ending with extension -D35B). Then, I e-mailed the owner of
the document that describes how to unlock passwords using
a paperclip (shorting some pins). He says his method is
only for the BIOS passwords, and there is nothing he knows
of that can unlock the "hard drive password". Yay. -op
\_ See above, offer still stands (dunno if it'll be of any use
but might give you some pointers of where to look.) -John |
| 2005/8/8-11 [Computer/SW/Security] UID:39058 Activity:nil |
8/8 Any tips on getting a bank, cell phone company, or utility to properly
acknowledge a change of address? With my recent move, both PG&E and
Cingular fucked up the change. In PG&E's case, they moved the
location of the account (i.e., where the gas and electricity was
being delivered), but not where the bill was being sent. In Cingular's
case, they just dropped the ball completely and failed to move the
account at all. In both cases I called specifically ahead of time to
move the account. Since the Post Office acknowledged my forwarding
request, but never forwarded any of my mail, I never got any
bills and got hit with all sorts of "surprise" disconnection notices
recently.
\_ You could try praying.
\_ Cingular's customer service is so f*cked up. Best bet is to
contact their customer service and get someone to give you their
direct phone number for future inquiries. If you get a different
person for each customer service inquiry, then just start praying.
\_ I moved several times in the past. Every time PG&E always sent the
bills of the old and new accounts to my new address properly. USPS
forwarded most of my mail properly for a year or so. Once a while a
piece of mail slipped USPS's forwarding mechanism and went to the
old addresse.
\_ I had a serious snafu with PG&E that took 6 months to resolve.
The short version is they couldn't keep track of what money was
supposed to go toward a deposit and what was towards my bill.
Even after you call them, the rate they actually fix things
is much slower than the rate the computers send out "we're
shutting off your electricity" notices, so I had to call a lot
to confirm with someone "Yes, I see the notes here, the
paperwork just hasn't gone through yet. Don't worry, we won't
shut you off." I'd say call once a month until things are
resolved, and when you call, just give them your account
number so they can bring up your case history and catch up
on the story. Thank goodness I don't have to deal with
PG&E anymore. -bz |
| 2005/8/8 [Science, Computer/SW/Security] UID:39036 Activity:nil |
8/7 I heard something about someone attempting to utilize NIS
authentication on Sloda. What was the exact nature for this,
was it to allow for a centralized system to manage users
amongst the different computers within the CSUA? What is
currently being utilized for this, and why was NIS chosen
vs. a less obsolete technology like LDAP?
\_ Why do you think somebody owes anonymous you an
explanation? Check the wall, motd logs. |
| 2005/8/4-19 [Academia/Berkeley/CSUA, Computer/SW/Security] UID:38981 Activity:nil |
8/3 Soda home directory quotas increased. Don't spend it all in one place.
--dlong
\_ So quit your bitchin'.
\_ Home dirs are now mounted off the new file server. Quota increases
abound, faster home dir access (no more home dirs on TDA!), etc.
*prepares for flames* Logins unified under NIS.
Everything appears to be working. Please email root if not. I need
a very long vacation. Hopefully new soda will be up soon. - jvarga
\_ Looks like keg is having issues with updating quotas on the fly.
Looking into it. - jvarga
\_ Anyone with a UID over 20000 didn't get a home dir quota
assigned to them. I've fixed that. Sorry! - jvarga |
| 2005/8/2-4 [Computer/SW/Security, Computer/SW/Unix] UID:38939 Activity:nil |
8/2 How do you create an NDMP user/pass on a netapp? The docs seem to
tell me how to check a given user for a password but not set up a
new user. thanks.
\_ Just use the admin/root user. |
| 2005/7/26 [Computer/SW/Security] UID:38825 Activity:high |
7/26 Doing the jobs American's won't do...
Mexican accused of leading document-fraud ring - Millions
of phony IDs for illegal aliens
http://www.freerepublic.com/focus/f-news/1450601/posts
\_ Yay, freeper is back! --freeper #1 fan
\_ And Freeper doesn't know how use an apostrophe! What a
dolt.
\_ Nice way to duck the issue raised with a weak personal attack.
I don't read freeperlinks or like freeperguy but you're
making yourself look more stupid than freeperguy. Either
respond intelligently, putting him in his place, or ignore it
if you have nothing worth saying.
\_ What's the issue to duck? Freeperguy hates immigrants.
This has been long established. There really isn't much
to do except make fun of him.
<<<<<<< /home/sgi/dcs/tms
\_ I'm not ducking anything. I didn't even read the article,
sounds boring. He didn't even make a point.
=======
\_ You haven't made fun of him. You've made yourself
look petty, stupid, and childish, assuming it was you
getting personal above. Just ignore it. Why can't
you see you're only encouraging it?
\_ FWIW, I wasn't the one making fun of freeperguy's
grammatical problems. --pp
\_ And he's getting incredibly good at hiding his identity
>>>>>>> /etc/motd.public |
| 2005/7/18 [Computer/SW/Security] UID:38675 Activity:nil |
7/18 I'm trying to infiltrate into the freeper site but apparently they
already blocked off an entire class D network, both at school and at
home. Does anyone have a similar problem? Can I get an anonymizer
to work? Anyone recommend a good and FREE anonymizer? Sameer's
<DEAD>anonymizer.com<DEAD> stops working after clicking a few times.
\_ Don't you have anything better to do?
\_ A real hacker would know how w/o using crap like anonymizer. |
| 2005/7/14-16 [Computer/SW/Security, Computer/HW/Drives] UID:38619 Activity:moderate |
7/14 Anybody upgrade to PGP desktop 9.0? I'm wondering how the
"Whole Disk" encryption is working out. Comments would be
appreciated. Thanks.
\_ I would also appreciate if anyone could give any feedback
on this. We are thinking about using it as an encryption
system where multiple users need access to the files.
-mrauser
\_ Go to class, mrauser. - jvarga
\_ Why? Are you hiding porn from Cisco's tough anti-porn initiatives?
\_ I consider it the ultimate crime to hide porn on any server I
administer. If you have pr0n on soda, you must make it publicly
accessible or face my wrath. Pr0n is a glorious resource that
should be shared freely with all who seek it. To summarize: no
hiding porn! - jvarga
\_ Addenum: if I have to su to get to it, you're making me do
too much work. - jvarga
\_ I vote jvarga as the most humorous admin EVER!!!
\_ I may have a backup of the j-pr0n archive lying around (from
around the same time as safari, I think.) Let me know if you
want this magnificent piece of CSUA history. -John
\_ upgrading to 9.0 broke a lot of stuff. we downgraded back to
8.x. |
| 2005/7/14-15 [Computer/SW/Unix, Computer/SW/Security] UID:38611 Activity:moderate |
7/13 Soda is back up, and the rest of the servers are slowly being brought
back. We're fixing lots of errors on all machines. We'll keep you
all posted. - jvarga
\_ DikuMUD doesn't work anymore. Can you please restore it, or if
you can't find it at least install a new version? I'd like to
start as level 29, one level before immortal. Thanks jvarga!
\_ Office accounts are going to be dead until I can figure out why the
*(#)&^*)#$ debian doesn't like netgroups. Anyone with insight on
this, please email me/root. Thanks. - jvarga
\_ Looks like I've fixed office accounts on everything but martini.
Problems to root. Moving on to the next stupid issues that came
out of this move... - jvarga (needs a life, and a raise)
\_ Great work. Thanks.
\_ Thanks for the time and effort you've put into this.
\_ Many thanks for seeing this through.
\_ Come now, all this nicey nice is unbecoming. Where's the
obligatory alumni bitchfest?
\_ Err, I still remember what it was like being a ugrad in cs.
I appreciate the work being put in for little reward. -mice
\_ Perhaps most of us are used to the trials and tribs of this
sort of thing.
\_ Awesome, thanks. But when do we get new soda?
\_ This is the first step to getting new soda online. But in the
interim, new soda needs to stop doing things like playing the
"OS not found" game on boot, and tell me why sshd is dead.
- jvarga |
| 2005/7/14-8/4 [Computer/SW/Unix, Computer/SW/Security] UID:38609 Activity:nil |
7/13 Scotch will be coming down tonight. Expect disruption in CSUA service
between 7pm and wheneverweactuallyfinish. We don't intend on bringing
soda down for more than a few minutes to rotate it in the rack (so
that it cooks evenly). Probability of list disruption will be high.
Office accounts will be unavailable. Njh will be piss drunk. - jvarga
\_ 7/14 Soda is back up, scotch is back up, lists are down, office
accounts are down. We're working on things, but I have to be
up at 6am for work. - jvarga
\_ 7/15 Office accounts are working again after much mudwrestling with
all systems involved. Debian mirror and other services on
screwdriver are back up. Send booze to root. - jvarga
\_ 7/24 Just realized that soda's FTP was being mounted off of scotch
(wtf?) and that's the cause of people's complaining. Am
looking at possible solutions. Please be patient. - jvarga
\_ 7/24 Lounge machines should be working again for the most part.
Still screwing with xterm logins. Send booze. Now. - jvarga
/
/
July 12, 2005
Root is planning to swap out scotch.CSUA for a newer machine in the next few
days as part of planned server upgrades. Scotch serves DNS, NIS for the
office, mailing lists, and is soda's backup mail server. During the
downtime, some or all of these services will be unavailable. The length of
the outage depends on our luck, but we hope to have everything back
available within a few hours with as little disruption as possible. Note
that the soda motd will continue to be as troll-filled as usual.
Additionally, the scotch replacement will bring in phase 1 of the new soda
upgrade. We will be unifying soda logins and office logins (but not home
directories), which means that I will be pulling the password database off
of soda to serve as the master list for office logins. This means that if
you have an office account, your office password will be the same as your
soda password. If you did not have an office account before, this change
will not grant you an office account.
The exact date and time of this switchover will be announced soon. Please
direct all questions/comments/concerns to root.
jvarga |
| 2005/7/13-14 [Politics/Foreign, Computer/SW/Security, Politics/Domestic/Crime] UID:38600 Activity:nil |
7/13 http://csua.org/u/cp6 (findlaw.com) "Whoever, having or having had authorized access to classified information that identifies a covert agent, intentionally discloses any information identifying such covert agent to any individual not authorized to receive classified information, knowing that the information disclosed so identifies such covert agent and that the United States is taking affirmative measures to conceal such covert agent's intelligence relationship to the United States, shall be fined under title 18 or imprisoned not more than ten years, or both." ... so, what do you think? I don't see "name" in the above, just "identifies", so I guess it depends on what the meaning of "identifies" is. A lot of it is also intent and foreknowledge. \_ Rove's claim that "I didn't know her name" is totally irrelevant. Identifying someone as "his wife" uniquely establishes her identity, except possibly in Utah. |
| 2005/7/12-13 [Computer/SW/Unix, Computer/SW/Security] UID:38553 Activity:low |
7/13 Scotch will be coming down tonight. Expect disruption in CSUA service
between 7pm and wheneverweactuallyfinish. We don't intend on bringing
soda down for more than a few minutes to rotate it in the rack (so
that it cooks evenly). Probability of list disruption will be high.
Office accounts will be unavailable. Njh will be piss drunk. - jvarga
/
/
July 12, 2005
Root is planning to swap out scotch.CSUA for a newer machine in the next few
days as part of planned server upgrades. Scotch serves DNS, NIS for the
office, mailing lists, and is soda's backup mail server. During the
downtime, some or all of these services will be unavailable. The length of
the outage depends on our luck, but we hope to have everything back
available within a few hours with as little disruption as possible. Note
that the soda motd will continue to be as troll-filled as usual.
Additionally, the scotch replacement will bring in phase 1 of the new soda
upgrade. We will be unifying soda logins and office logins (but not home
directories), which means that I will be pulling the password database off
of soda to serve as the master list for office logins. This means that if
you have an office account, your office password will be the same as your
soda password. If you did not have an office account before, this change
will not grant you an office account.
The exact date and time of this switchover will be announced soon. Please
direct all questions/comments/concerns to root.
jvarga |
| 2005/7/8 [Computer/SW/Security] UID:38481 Activity:nil |
7/8 Anybody use PGP mobile (from http://pgp.com) for PalmOS? How is it? It doesn't seem to support the "encrypted virtual disk" feature like on the PGP desktop versions. I'm wondering if that's even possible under PalmOS. I have files on my PC that I dump into the PGP disk. I want to take that PGP disk (just a file actually) and view it on a Palm PDA. Is that possible? http://pgp.com discontinued their pgp mobile product. Note that file-by-file encryption is not practical. I don't want to do this manually one by one. Thanks. [reposted; not sure why it was deleted -thanks] |
| 2005/7/7 [Computer/Networking, Computer/SW/Security] UID:38458 Activity:nil 80%like:38453 |
7/6 Steal someone else's wife, go to jail:
http://news.yahoo.com/s/ap/techbits_wi_fi_theft |
| 2005/7/1 [Computer/SW/Unix, Computer/SW/Security] UID:38391 Activity:moderate |
7/1 Is there some way for a non-root person to figure out when
someone's account was created?
\_ How would a root person figure this out?
\_ The adduser script used to keep a log file. -tom
\_ You're an idiot. |
| 2005/6/30-7/1 [Politics/Domestic/California, Computer/SW/Security] UID:38384 Activity:high |
6/30 Whenever I watch celebrity news I hear so and so is guilty in the
court and have to perform community service. They don't get fined or
go to jail, but have to perform community service. What's so bad
about serving your community? I mean, isn't it noble to serve food
for the homeless, paint houses for the poor, and clean up highways
trash? Imagine the United States drafting men between 18-25 to
perform mandatory community service for just one year. We'd
have a huge [free] labor force to clean up grafitti, recycle
cans, and other wonderful things that make our community more
beautiful. In our ever increasingly busy digital lives, we rarely
have time to even help ourselves, let alone help others out. We
are increasingly isolated from one another, and have very little
understanding on this "sense of community" that our grandparents
talked about. Perhaps incentives and rewards should be given to
those that help our community, to make everyone's lives better.
Community service is an honor performed by those who honor community
and brotherhood. It is sad and ironic that criminals have the honor
to serve our community. Just my two cents for today. -2 cents guy
\_ For reasons I won't elaborate on, I had to spend some time cleaning
up trash with the other "community service" people in People's
Park at one point. There is actually a pretty huge pool of
people who have "community service" hours to do at any given time.
Several of the people there had 1000 hours of service they had to
do. I was, as far as I could tell, the only person there who was
actually working. Mostly people would just show up and loaf around
all day, then get double that number of hours signed off for by
the dude who runs the park. If the dude who runs any given park
doesn't want to be corrupt, people just migrate somewhere where
it *is* corrupt. Of all those community service hours that get
handed out by judges, very little real service gets done (although
I busted ass cleaning up the park).
\_ This is a fairly old idea. This was called a 'subbotnik' in
USSR (only this was done on Saturdays, hence the name 'subbota =
saturday'.) You should ask someone who participated in a subbotnik
what they think of it. -- ilyas
\_ why didn't you participate in a subbotnik?
\_ I was too young. -- ilyas
\_ Switzerland requires you to serve the military or perform
substitute service (community service). Maybe John can tell
you all about it.
\_ Yes, and it's pointless, a waste of money, bad for the
economy (by forcing people to take a large, unproductive
gap between school and work, and by forcing employers,
including SMEs, to subsidize long absences), and exposes
young men to drugs and cigarettes. In the abasence of
enemies or funding for all these recruits, there are many
make-work projects to occupy the ~60% or so who don't
manage to get out of it. It's state slavery; totally
pointless and philosophically repulsive. -John
\_ One might obtain a somewhat less grim view of such matters by
looking at the Works Projects Administration established in the
US during the great depression. I believe modern Germany has a
similar program where one may choose between military or
`alternative' civilian service, but don't know much about it.
Also, why constrain this sort of thing to men only? That seems
backwards and silly. That said, if you're going to encourage
community service, I don't think picking up trash and cleaning
up graffiti are particularly inspiring tasks or the most useful
application of that sort of workforce. What made the WPA cool
was that it took on really ambitious projects. Even if you take
all this into account, I don't know how much it's going to do
for instilling a sense of community in people. I know there's a
geographic component to this: Many of my grandparents'
present-day friends are people they grew up with on the same
*block* in Brooklyn. They joined the service together. After
the war they settled on Long Island together. In their later
years, part of the group moved to the same communities in
Florida. Of your friends today, how many lived on the same
street you did when you were young? Do you still keep in touch
with your friends from high school? Personally, I think my
sense of community is as strong as my grandparents, just
oriented along different axes (e.g. cultural vs. geographic).
-dans
\_ I think the CCC also did something similar in the same time
frame.
\_ Why community service? Because we supposively live in a classless
society. Billioniares pay the same amount for a moving violation
as the average Joe. Community service forces the culprit to give
up time, which means the rich don't get off easy and the poor
aren't forced to pay fines. Both beat jail which puts the burden
on society. All of this is separate from enforcing a draft
(military or community works) or volunteerism. Much of the
reasons behind why not lay with the relationship of citizens and
government and society in general. And those discussions get ugly.
\_ Where is the claim made that we live in a classless society?
There have never been, and perhaps never will be a classless
society. -- ilyas
\_ I never claimed it was a classless society in reality.
It's just one of those things that American democracy
aims for. Probably a silly thing to put in the motd...
\_ I think the best you can say along these lines is
American society was in part a rejection of solidified
class lines of European society. I don't think the
founding fathers were specifically aiming to create a
classless society, merely to reject aristocracy in the
European conception of the word. Classless society is
probably impossible, and almost certain undesirable,
as a goal. Even an ant colony has 'classes.' -- ilyas
\_ Yes, and we should never seek to surpass the utopian
efficiency and elegance of ant society.
\_ If you seriously want to make men into an
ant colony, you should read Hellstrom's Hive.
Also, a certain quote from John involving a baseball
bat comes to mind. Do you actually maintain American
society has a classless society as an explicit goal?
Do you have a source for this claim, or are you just
making stuff up to suit your agenda? -- ilyas
\_ I think you were trolled. -John
\_ I think you're being needlessly pedantic.
"classless" in the context of government applies
to equal treatment under the law, one-person-one-
vote, etc. I think this type of classlessness is
an explicit goal of American society; that people
have equal opportunity etc. --!op
\_ When someone talks about a 'classless society,'
especially if they talk about ant colonies
being utopian in the same breath,
I understand them to be using the common
definition the Marxists use. I don't think
I am being pedantic at all, I think you
misunderstood the previous poster. -- ilyas
\_ I didn't write the "ant" comment, but I did
write the original "classless society" one.
The original thought was towards the equal
treatment of Man under law as opposed to
a more communistic "equality of Man" ideal.
The followup use of "American democracy"
was an attempt to point in that direction.
Apologies to those who may have been misled.
\_ What kind of "classes" do chimpanzees have?
\_ Chimpanzees have a society? (Actually, to the extent that
great apes are social animals and live in hierarchies you
may well say they have 'classes.' So do wolves. An
interesting question I thought about recently is why do
all functional wolf packs have at least one Omega).
-- ilyas
all functional wolf packs have at least one Omega).-- ilyas
\- I have discovered a remarkable proof for this but:
(0. Hola)
1. it requires the Axiom of Choice
2. the motd is too small to contain it.
3. ok tnx. |
| 2005/6/30 [Computer/SW/Security] UID:38367 Activity:moderate |
6/30 Whenever I watch celebrity news I hear so and so is guilty in the
court and have to perform community service. They don't get fined or
go to jail, but have to perform community service. What's so bad
about serving your community? I mean, isn't it noble to serve food
for the homeless, paint houses for the poor, and clean up highways
trash? Imagine the United States drafting men between 18-25 to
perform mandatory community service for just one year. We'd
have a huge [free] labor force to clean up grafitti, recycle
cans, and other wonderful things that make our community more
beautiful. In our ever increasingly busy digital lives, we rarely
have time to even help ourselves, let alone help others out. We
are increasingly isolated from one another, and have very little
understanding on this "sense of community" that our grandparents
talked about. Perhaps incentives and rewards should be given to
those that help our community, to make everyone's lives better.
Community service is an honor performed by those who honor community
and brotherhood. It is sad and ironic that criminals have the honor
to serve our community. Just my two cents for today. -2 cents guy
\_ For reasons I won't elaborate on, I had to spend some time cleaning
up trash with the other "community service" people in People's
Park at one point. There is actually a pretty huge pool of
people who have "community service" hours to do at any given time.
Several of the people there had 1000 hours of service they had to
do. I was, as far as I could tell, the only person there who was
actually working. Mostly people would just show up and loaf around
all day, then get double that number of hours signed off for by
the dude who runs the park. If the dude who runs any given park
doesn't want to be corrupt, people just migrate somewhere where
it *is* corrupt. Of all those community service hours that get
handed out by judges, very little real service gets done (although
I busted ass cleaning up the park).
\_ This is a fairly old idea. This was called a 'subbotnik' in
USSR (only this was done on Saturdays, hence the name 'subbota =
saturday'.) You should ask someone who participated in a subbotnik
what they think of it. -- ilyas
\_ why didn't you participate in a subbotnik?
\_ I was too young. -- ilyas
\_ Switzerland requires you to serve the military or perform
substitute service (community service). Maybe John can tell
you all about it.
\_ One might obtain a somewhat less grim view of such matters by
looking at the Works Projects Administration established in the
US during the great depression. I believe modern Germany has a
similar program where one may choose between military or
`alternative' civilian service, but don't know much about it.
Also, why constrain this sort of thing to men only? That seems
backwards and silly. That said, if you're going to encourage
community service, I don't think picking up trash and cleaning
up graffiti are particularly inspiring tasks or the most useful
application of that sort of workforce. What made the WPA cool
was that it took on really ambitious projects. Even if you take
all this into account, I don't know how much it's going to do
for instilling a sense of community in people. I know there's a
geographic component to this: Many of my grandparents'
present-day friends are people they grew up with on the same
*block* in Brooklyn. They joined the service together. After
the war they settled on Long Island together. In their later
years, part of the group moved to the same communities in
Florida. Of your friends today, how many lived on the same
street you did when you were young? Do you still keep in touch
with your friends from high school? Personally, I think my
sense of community is as strong as my grandparents, just
oriented along different axes (e.g. cultural vs. geographic).
-dans
\_ I think the CCC also did something similar in the same time
frame.
\_ Why community service? Because we supposively live in a classless
society. Billioniares pay the same amount for a moving violation
as the average Joe. Community service forces the culprit to give
up time, which means the rich don't get off easy and the poor
aren't forced to pay fines. Both beat jail which puts the burden
on society. All of this is separate from enforcing a draft
(military or community works) or volunteerism. Much of the
reasons behind why not lay with the relationship of citizens and
government and society in general. And those discussions get ugly.
\_ Where is the claim made that we live in a classless society?
There have never been, and perhaps never will be a classless
society. -- ilyas |
| 2005/6/29-30 [Computer/SW/Security] UID:38364 Activity:moderate |
6/29 Does anyone have a well-reasoned essay on why it's a bad idea to force
your users to change their passwords regularly? I have a strong
password and changing it frequently means I have to keep it on a
piece of paper or use dictionary words.
\_ I'm sure there's something obvious I'm missing here, but why can't\
computers just have either a rfid reader, a barcode scanner or a
\_ I'm sure there's something obvious I'm missing here, but why can't
computers just have either a rfid reader, a barcode scanner or a
magnetic strip reader, and just let users swipe a card? If carrying
an artifact on your keychain is good enough security for your car
and home, it's good enough for your computer. I think passwords
are fundamentally flawed for normal people (and I have *worse* than
normal ability to remember passwords.)
\_ Because optimally you want two-factor auth (remember, a combo
of what you have, are and know.) If you can only do one-factor
auth, you'd rather limit yourself to the last than the first
which can be more easily, well, swiped. -John
\_ I'm not sure I see the problem. I use a key I carry in my
pocket as the only form of security for my car (sure, people
may have some electronic thing, but they always have it
on their keychain also). So why does some office email
system have to have better than that? If the physical
security of the building is based on a key it seems that
should be fine for the computers in most offices. I'm
a totaly neophyte about computer security, but I've always
found passwords to be impossible to remember and I think I'm
not alone. Isn't a physical key better than a password that's
written on a post-it note right over the terminal?
not alone. Isn't a physical key better than a password
that's written on a post-it note right over the terminal?
\_ Why do you need well-reasoned? Everyone I know who has to change
passwords regularly switches between two passwords.
\_ That's nice, because lots of software remembers the old
passwords and this won't work. Personally, I have a good
memory and changing my password often isn't a problem. For
people who have trouble, simply store your passwords in a PDA
in encrypted format.
\_ At Intel, it remembered the last 8 passwords. Most people I
knew cycled through pass1, pass2, ... pass8, and then set
whatever they wanted. -emarkp
\_ http://www.securityfocus.com/infocus/1554 is a start. If you
drop me a mail (other address in my .plan) I will gladly find you
some very strongly worded essays on the topic--there were a few
good ones written on this area in the last year. Constant
password change policies and restrictive password histories are
a solution for weak-minded security managers. -John
\_ If you have an ACM account, I suggest looking up "Users are not
the enemy" by Adams and Sasse. Excerpt (from Firewalls and Internet
Security) in /csua/tmp/uante. -gm
\_ http://www.useit.com/alertbox/20001126.html --jameslin |
| 2005/6/29-30 [Computer/SW/Security] UID:38362 Activity:moderate |
6/29 Anyone have experience with monarch computer? They arn't shipping my
stuff when they said they would, and I'm starting to get concerned.
\_ used them once, no problems. but now i just use newegg.
\_ ordered an athlon x2 did you? anyway, http://newegg.com only lists when
they have stock, or they'll put an auto-notify link.
\_ No, I ordered an Athlon64 3700. Nothing special, and they say
it is in stock. At the moment I consider it poor customer
service, but if they keep this up I will consider it fraud.
It's a shame too they seemed to have a good reputation, but
they are just lying to me.
\_ No, I ordered an Athlon64 3700. They have now promised to get
it out tomorrow with expedited shipping which would be great if
it happens. |
| 2005/6/29-30 [Computer/Networking, Computer/SW/Security] UID:38359 Activity:low |
6/30 I don't want to crack WEP, but I'd like to learn more about it.
For example, is it a link layer encryption or is it tied to the
physical layer? If it is link layer encryption (something built
on top of link layer), then is it possible to "sniff" sequences
of packets on a regular computer then brute force crack it? Does it
take a super computer to do it or can anyone with a regular
laptop do it?
\_ go read http://www.tomsnetworking.com/Sections-article118.php - danh
\_ Looking at how some of the crackers work is a great way of
learning how WEP works. Have a look at Auditor at
http://www.remote-exploit.org for good tools and docs. -John
\- This may be more relevant to people with a greater interest
in wireless security than the OP but i looked at draft of
a book on wireless sec by william arbaugh of university of
maryland [i forgot the other authors, see AMAZONG] which
is going to be more indepth and theoretical than random
"how to" web pages, but is more practical than a berkeley-type
textbook. oh it looks like the book is out now:
http://csua.org/u/ck2 anyway, if that is what you are
lookig for, the book is decent (looks like it is 2yrs old
an unrevised, so may be lean on some recent things and
cover some things that died on the vine). ok tnx. |
| 2005/6/29-30 [Computer/SW/Security] UID:38356 Activity:nil |
6/29 Am in PST, still Wednesday over here ... quick follow-up to post re:
anonymizer. Looked into TOR, it seems to only protect the transport.
Privoxy or JAP would be alternatives to <DEAD>anonymizer.com<DEAD>. Actually
bought anonymizer at Fry's, and it seems to work pretty well. Now if
I can only disavow ever writing this message ... How do you people
figure out who wrote a post anyways?? |
| 2005/6/28-29 [Computer/SW/Security] UID:38337 Activity:nil |
6/28 Sorry for going back in time here, but where I am, it's still Tuesday
the 28th of June ... anyways, I had a couple of posts about how much
people trust http://www.anonymizer.com if people had experience with how
much anonymizer can protect your information, especially if they are
subpoenaed to turn over evidence. Please leave this post up a couple
of days, cuz I don't get to check the MOTD that many times a day.
If nobody wants to comment, leave a note to that extent.
\_ I used to work for a company in the same space. We kept access logs
for 7 days, mainly to get statistics and bill advertisers. If we
recieved a subpoena for access logs within 7 days of an event, we
would turn over those logs (as required). If the request came more
than 7 days after the event, we had no data to provide. The
Anonymizer privacy policy states that they will disclose privacy
information when required by law; however, they also say that
"Anonymizer does not hold any personal information on our customers
that could result in compromising their privacy and security", so I
don't know what they might give up. I seem to recall their policies
being about the same as ours, but it was a long time ago. -gm
\_ Screw anonymizer. Use TOR.
\_ Is TOR anything like Freenet? I tried out Freenet a while ago,
but it was unreliable and slow as hell. Looks like it's still
being actively developed, but haven't installed it on my new
computer. Does either TOR or Freenet rely on a lot of
participants? -- op.
\_ TOR is a serious mix-network crypto system. Pretty
industrial strength. Latency is gonna blow, but thats
the price.
\_ Nothing you do online is anonymous, the trick is to make as
cumbersome as possible for someone to track you. If you go to
a random library in another city, avoid cameras, use a public
terminal and use an anonymizer, your "less likely" to be
tracked than say logging into your home PC or local Computer Lab
while using your private e-mail account. It depends on what
risks you're wiling to take (cost/ benefit). |
| 2005/6/23-25 [Computer/SW/Security, Computer/SW/Unix] UID:38277 Activity:low |
6/23 I was not too smart to believe what I read on SBC Yahoo!'s web
site (that after merging my Yahoo! ID with a SBC sub-account ID,
I can reverse the merge by simply deleting the sub-account) and
went ahead with the merge. The merge did NOTHING as claimed--
I did not get any extra storage nor any extra service. So I
wanted to reverse the process only to find out that I can only
'suspend' an sub-account, but not delete. I called customer
service and was told it is impossible to delete an sub-account
and hence impossible to undo the merge. I have spoken to 5
people including one manager and one level 2 support person.
None was able to offer any help. I tried suspending the
sub-account, only to find out that I could no longer access my regular
Yahoo! account. Has anyone had to deal with this issue? How
was it resolved? Are the 5 people I talked to not too bright
or their web site is just lying?
\_ I have evidence that Yahoo is controlled by Scientologists.
\_ When this was first offered (2+ years ago), I distinctly remember
reading that it was not reversible. It's possible that the 5 people
you spoke with are still operating under that assumption. Print
out the page with the relevant promise and direct support
personnel to the url.
\_ I did. I pointed the support people to the URL that states
the process is reversible. All I get was a defensive
comment, "I am telling you the truth! It cannot be done!". |
| 2005/6/19-20 [Computer/SW/Security, Academia/Berkeley/CSUA/Troll] UID:38195 Activity:nil |
6/19 Stupid question. how do we implement POP and IMAP access on Soda?
\_ imap and pop over SSL works fine - danh
\_ Stupid answer. Slave monkeys and Google page-rank pigeons. - jvarga |
| 2005/6/15-17 [Computer/Networking, Computer/SW/Security] UID:38143 Activity:low |
6/15 Wanna have WiFi access on transbay buses, free for you and free for AC
Transit? Voice your support by taking the survey:
http://www.actransit.org/news/articledetail.wu?articleid=d5f2ff4a
\_ If they combine it with GPS so I know where the buses are...
\_ I put GPS and a coffee service in the suggestions box.
\_ It sure will get your responses ignored.
\_ Said the suicide bomber...
\_ I hope this is facetious, and if not, I hope you never ever
get your hands on a top secret DHS triple grade red
classified bus schedule.
\_ I already get this using my PDA GPRS/EDGE/UTMS cell with laptop
You are wasting money.
\_ Didn't I mention it'd be free? |
| 2005/6/15-17 [Computer/SW/Security, Academia/Berkeley/CSUA/Motd] UID:38139 Activity:nil |
6/15 Attempting to sftp to http://csua.berkeley.edu. Got password from key. Entered password and got back: Received message too long 1701996907 Wtf? \_ password from key. since sftp uses ssh, shouldn't you just use your normal password? \_ Trying to do anonymous motd? \_ No, trying to send files from my PC to my CSUA account. \_ Just use scp. \_ I just tried ssh from SunOS 5 and it worked. \_ I'm trying sftp http://csua.berkeley.edu from CSUA. I'm running tcsh as my shell. \_ tunneling ftp through ssh for sftp is a total lost cause. just use scp. google for winscp \_ he's not tunnelling ftp through ssh, he's using sftp. \_ he's doomed, it's not going to work. USE WINSCP \_ I use putty's psftp all the time. As well as FileZilla for xfering files to and from soda. Why is he doomed? \_ Update: so scp seems to do the trick (on soda and from my Mac). Purely for curiosity's sake, any idea why sftp isn't working? \_ It works for me on windows. \_ sftp seems to be working fine too from freebsd machine \_ A ssh1/ssh2 mismatch? Just a guess, I have never used sftp. scp works fine for all my needs. |
| 2005/6/13-15 [Computer/SW/Mail, Computer/SW/Security] UID:38098 Activity:nil |
6/13 Any recommendations for a free webmail service that doesn't charge for
POP3 download, SMTP? I want to be able to access it using VersaMail
on Treo 650. Using GMail right now, but I'm not a big fan of their
privacy practices. So the requirements are: free, respects privacy, a
viable company.
\_ I think you're just going to have to suck it up and use Gmail.
\_ Agreed. No company is gonna offer free popS service for free
besides google. At least not right now. |
| 2005/6/6-7 [Computer/SW/Security, Computer/SW/Unix] UID:37988 Activity:nil |
6/6 s/key confusion and confirmation: I must have reading deficiency. I
read the s/key howto over and over but I couldn't grasp the idea. So
maybe someone can confirm my understanding of it. The s/key stuff
only dictates which machine I can access the csua server from. That
is, if I have entered the one time password from my home desktop, then
I can log in from my home desktop with my unix login/pass. I can not
log in to cusa from my work machine if I haven't entered the one-time
pass on that machine.
Basically, since ssh2 is in effect now, I downloaded PuTTY. After I
enter the login as value, it shows "s/key 92 hi97345", then "password".
However, I used the s/key calculator, and put in 92 hi97345, and got
a one-time pass, with that pass I can not log in. But I tried with my
unix password, I'm no logged in. So I am confused why it has "s/key"
stuff and didn't expect a s/key one-time pass phrase? I basically
just use my unix login/pass just like before ssh was enabled.
\_ Same here--that is, I've been seeing the s/key stuff when logging in
since the ssh change, but I'm loggin in via putty, and just use my
normal login.
\_ Thanks for overwriting my changes fucktard.
\_ vi should have locked the file if you opened it for write. others
can only open it read-only. So you must not have the lock on
the file when you tried to edit it.
\_ 1, you're wrong. 2, you overwrote someone else when adding
this post.
\_ 3, I thought we went over this, using VI will ensure a
lock on the file you are editing. Or should we run a
command before editing a file? |
| 2005/6/3-6 [Computer/SW/Security] UID:37962 Activity:nil |
6/2 yaBlueToothHack:
http://www.newscientist.com/article.ns?id=dn7461
\_ So Bluetooth uses symmetric key exchange in an unencrypted
wireless channel? Is that correct? If that's true then
whoever developed the Bluetooth encryption protocol wasn't
thinking too hard.
\_ Math is hard. |
| 2005/6/3 [Computer/SW/Security] UID:37953 Activity:nil |
6/2 yaBlueToothHack:
http://www.newscientist.com/article.ns?id=dn7461&feedId=online-news_rss20 |
| 2005/6/2-5 [Computer/SW/Security] UID:37940 Activity:low |
6/2 My TeraTerm SSH no longer works on soda. What other software should
I try now?
\_ putty
\_ Cygwin + OpenSSH. Related request - can root (or someone) add a
webpage w/ the ssh public key fingerprints for soda and the other
login systems? Soda's fingerprints are:
RSA - df:69:f5:98:d5:68:d2:4b:9a:77:4b:53:75:b0:21:51
DSA - b2:2b:32:26:6e:19:d3:f0:f2:51:70:25:30:c1:54:22
\_ Done, see CSUA main page. - jvarga
\_ Dude, whatever they're paying you, ask for a raise. -mice
\_ Dude, whatever they're paying you, ask for a raise. Get a
life, man, you're making me feel guilty. :) -mice
\_ While you are on a roll, how about the wall log archiver
and the tmp and var cleaners.
\_ Get the SSH2 extension to TeraTerm
http://sleep.mat-yan.jp/~yutaka/windows
\_ Great! Thanks.
\_ will http://csua.berkeley.edu/ssh be updated as well? |
| 2005/6/2-7/12 [Computer/SW/Security] UID:37939 Activity:nil |
6/1 SSH got restarted with the new changes (no more SSH1). As a result,
it may look like soda's key has changed. This is just because you may
be used to using SSH1 and therefore the SSH1 key. The SSH2 key has not
recently changed, but your SSH client may not recognize it unless you
usually use SSH2 to connect to soda. |
| 2005/6/2-3 [Computer/SW/Security] UID:37935 Activity:low |
6/2 In the 'official' part of the motd it says ssh1 would be shut off,
weeks ago no less, and yet it still seems to be on. What up with that?
\_ Whoever did the change neglected to restart sshd. Fixed. -jvarga
\_ I just tried ssh from a Solaris machine to soda and I got "ssh:
connect to host http://soda.csua.berkeley.edu port 22: Connection
refused". I tried both with and without the "-2" option. Now if
I log out from this session I won't be able to log in again!
\_ Using putty forcing to ssh2 doesn't connect either.
\_ That's the last time I trust someone's changes to "just
work"... fucking dammit where'd all these sshd_config
errors come from??? - jvarga
\_ What say we strip some people (person?) of their root
cookie?
\_ I say we strip karen.
\_ I say you're a chauvinist and an ass.
\_ Dang, you've been in CS how long and you only just
figured THAT one out? :P -jrleek
\_ I'm glad it was caught before soda rebooted... it
would suck to have to go and be physically present to
fix this. - jvarga
\_ wait, if you're not a current student, what the
\_ Who said he wasn't? School's not in session,
dumbass.
hell are current students doing? It used to be
the case that current students run, manage, fix,
install everything. What the hell do they do now?
Playing with Windows NT servers because UNIX is
too hard?
\_ Do you object to me fixing crap? Because if so
I can just leave all the broken shit for
"current politburo" to eventually get to or
notice. Do you object to njh, dlong, mconst,
etc also fixing soda problems? - jvarga
\_ Man, lazy/apathetic kids today (current
politburo). As a mentor, how about teaching
them how to fish instead of giving them
fish?
\_ Hey yeah, and while we're at it let's
un-root all the non students; they have
no business working on soda. Thanks for
all the cool shee-it, jvarga, you are de
man. -John
\_ Maybe that's the reason whoever did the change didn't
restart sshd in the first place. He didn't think his
own change would work either.
\_ Then he should have reverted sshd_config to a known-
working state so that an accidental (or intentional)
soda reboot wouldn't fuck over sshd. - jvarga
\_ seems ok now.
\_ will the csua website recommend an ssh2 client we can use?
will http://csua.berkeley.edu/ssh be upgraded as well? |
| 2005/5/27-31 [Computer/SW/Security, Computer/SW/Unix] UID:37869 Activity:nil |
5/27 I'm the guy who was asking for software for organizing web links.
I tried the sdidesk software somebody recommended but it's too
complicated (I don't have time to learn wiki). So my focus has now
shifted to generic note-taking software. Anybody use one?
There are tons of those programs on the web. If you use one, please
let us know what you use. Thanks.
\_ Check out SafeSex from Nullsoft if you want something somewhat
protected and small. It can get a bit annoying what with having
to give it a password all the time. -John |
| 2005/5/24-26 [Computer/SW/Security, Computer/SW/OS/Windows] UID:37826 Activity:low |
5/23 On XP, can I use encryption on the swap file?
\_ Doesn't answer the question, but provides workaround
http://csua.org/u/c6c (microsoft.com)
http://csua.org/u/c6c
http://tinyurl.com/b9oxc
\_ Thanks. Too bad it doesn't help when it crashes. I'll have to
remember to boot it up again and then do a clean shutdown. |
| 2005/5/24-26 [Computer/SW/Security, Industry/Jobs] UID:37825 Activity:moderate |
5/24 How common are contract-based bonuses for service-oriented software
companies as a form of profit-sharing?
E.g., the company wins a 1 million dollar contract.
The sales guy for the contract gets x% of $1 million;
The lead engineer on the project gets y%;
Other engineers who will be working on the project get z%.
Yes, the sales guy has a base salary and makes much more from
commissions, which is how this normally works.
Currently our bonus system is the standard annual bonus (the boss
decides at the end of the year how much bonus you get, which ends
up being ~ 5%).
\_ Why is this a question? You can structure payment for services
any way you want as long as it is not unconscionable.
\_ "how common are ... for ...", not "is it possible"
\_ "how common are ... for ..."
\_ Very good, you apparently understand basic semantics.
I still don't understand why this is a question. If you
want your firm to move towards a direct percentage based
system based on profits vs. a fixed annual bonus then
bring it up with your super. Why should it matter if it
is followed by a majority of other consulting firms?
\_ I've never seen a commission system for anyone other than sales.
For IT/Engineering, if there is a bonus system is usually "up to
x% of salary per quarter". One place I worked at did profit
sharing at .1% of profits for most, while some with seniority
got more.
\_ <yeah, like your retarded nonsensical comment, dipshit>
\_ OP: you should deal with retarded but critical sounding comments
by deleting them. --!OP
\_ I am going to guess "not common"
\_ Haha. Are you the poster whose comment I deleted?
Did you experience a flush of anger when you saw I
deleted your pathetic comment?
\_ <stop deleting someone else's shit and we'll stop deleting
your shit>
\_ Deleting a "followup" which consists of "that's a dumb
question" is a service not an abuse.
\_ <right, which is why this is a service>
\_ Little losers: you guys really couldn't tell the difference
between your lame answers and the one above?
\_ I've had that kind of deal offered to me to finish a project at
a company that 1. had no prospect of a liquidity event, and 2. had
a co-development deal with another company that would bring in cash
with each milestone met. A more common version of this happens
when a company gets acquired for $(n+m+o+...), with $(m+o+...)
tied to project milestones. |
| 2005/5/17-18 [Computer/SW/Security, Computer/SW/OS/Windows] UID:37725 Activity:low |
5/17 http://blogs.washingtonpost.com/securityfix "A system administrator, angered by his diminished role in a thriving defense manufacturing firm whose computer network he alone had developed and managed, centralized the software that supported the company's manufacturing processes on a single server, and then intimidated a coworker into giving him the only backup tapes for that software. Following the system administrator's termination for inappropriate and abusive treatment of his coworkers, a logic bomb previously planted by the insider detonated, deleting the only remaining copy of the critical software from the company's server. The company estimated the cost of damage in excess of $10 million, which led to the layoff of some 80 employees." \_ Whose fault was this? Now consider: whose responsibility is it (not for failing to look over his shoulder, but for allowing this much "power" to concentrate in one set of hands)? -John \- fault is not zero sum. poor decision making on part of the company doesn't remove his culpability. legally it may be up in the air to what extent can say a shareholder hold the negligent management responsible vs the malicious employee but ethically, the failure is on the "evil employee". \_ Well, the company holds the evil employee liable in its turn, but it's kind of a case of where the buck stops. That said, dingdingding. -John |
| 2005/5/11-13 [Computer/SW/Security] UID:37640 Activity:nil |
5/11 Maybe this is old news, but there is a mit project to prevent addr
harvesting from known_hosts files:
http://nms.csail.mit.edu/projects/ssh
Their paper on ssh worms propogating via info discovered from the
known_hosts files is interesting:
http://nms.csail.mit.edu/projects/ssh/sshworm.pdf |
| 2005/5/11 [Computer/SW/Security, Academia/Berkeley/CSUA/Motd] UID:37630 Activity:high |
5/11 I know kchang's de-anonymizer is putting a crimp in your style, but
can you people who scp to /etc/motd.public please stop overwriting?
\_ A little thought should help you realize that's impossible.
\_ A little quality thought should help you realize that:
"Overwriting" is being used in the context of "screwing up
other people's changes".
If you turn off brain and assume the literal definition of
overwrite, you might realize you're "overwriting" [literally]
/etc/motd.public every time you save it in an editor.
Finally, scp users can reduce frequency of overwriting
[contextual meaning] by reducing the lag time between the scp
"get" and "put".
\_ Well, they should be diffing and merging as the final step
\_ No, they should be diffing and merging as the final step
before putting. This leaves a pretty tiny window for potential
overwrites. But can someone tell me how kchang is logging
file access? What OS features help with this? I'm curious to
know for other possible applications.
\_ I signed a pact with Satan
\_ Hm, how about this feature. If you put in "-anon" at the end of
your post, then my Ashcroft script will not reveal your id? -kchang
\_ Note that "tiny window for potential overwrite" is a
longwinded way of saying "that's impossible".
\_ it shouldn't be hard to modify motdedit to do this.
\_ Play nice, or we'll take away your cookies. Or, perhaps, make it
so that you can't scp the motd. - almighty root
\_ hmm, maybe make it so that the motd is only editable through
motdedit and make that a suid file w/ sudo'er perms for everyone.
everyone should then be anon, and no more scp. yes, I'm replying
to myself. =)
\_ I concur. Let's enforce some type of lock/unlock mechanism.
\_ Make the trains run on time while you're at it.
\_ locking and semaphores - the first step towards fascism.
\_ You missed the "enforce" part didn't you?
\_ So tell me, if you've done any work with databases
or file systems, how useful is a lock that is not
enforced?
\_ Hey, I didn't realize the motd was that
important to you.
\_ fuck motdedit. In the ear. It's not a technical problem.
\_ Technically, yes it is a technical problem. Access is
provided throuh a mechanism that causes corruption. Any
time such a mechanism exists and is exploitable, it puts
the infrastructure at risk. Asking users nicely not to do
it is not a solution Either you live with the corruption
or you fix it. As a CS grad, you should know this.
\_ Uhm, we're talking about motd...wtf are you talking
about? This isn't a general "all locks and
synchronization are bad" thread, this is a "motdedit
is a shitty technical solution which doesn't even
really address all the problems" thread. As a high
school grad this should be obvious to you.
\_ First of all, tell us why motdedit is broken, and
maybe we can come up with something better.
\_ Because of patronizing motdedit users. Anything
without patronizing evangelists that works would
be better.
\_ As important as MOTD is for a bunch of users here,
most of whom are CS grads, I'd wager any technical
problem could be ironed out quickly. Anyways,
whatever, this is your guys' problem. I don't use
MOTD and everytime I read it, I feel less inclined to
put as much time into maintaining this system as I
do. I was offering solutions to a real problem of
corruption. But hey, if you people like broken, then
broken you get.
\_ Broken >> supercilious motdedit nazi assholes
Go or stay, use it or don't use it, it's a free
country, and nobody is particularly pining for
you either way. Go, and be happy, my son.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
\_ No offsense, but go fuck yourself. As root, VP,
\_ No offsense, but go eat a carrot. As root, VP,
and now president of the CSUA my policies on
sorrying non-student accounts is much more
draconian than that of my predecessors. You
may have been a student once, but our ultimate
mission is to provide service to current
students - and when people make this a hostile
environment, I won't blink to kick them off our
server. Although I value the insight and
participation of alumni in the CSUA, I'd advise
you not to fuck it up for everyone. If you
disagree with an idea, then voice your reasons
- not some immature tirade and rant. This is
not your personal soap box, this is a server
for use by university students.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
\_ I suggest we first solve the problem of people
posting lines longer than 80 columns or people
with their tabstop not set at 8.
\_ I suggest pliers or a heavy bludgeon. There's
nothing like broken bones to keep columns
down to a reasonable size.
\_ Hm, how about this feature. If you put in "-anon" or some type of
identity at the end of your thread, then my Almighty Ashcroft
script will not reveal your id? -kchang
\_ How about we just squish your ass right now? -anon
\_ I wouldn't do that. John Ashcroft is watching you.
\_ But...but...I put "-anon" at the end! Pretty please let me
be anonymous? -anon
\_ Well I haven't implemented it, I'm just soliciting
opinions and should there be enough demand, I'll do it.
\_ Anyone who has worked with group-writable files
has come to the conclusion that locking and
logging is important; I'd like to see motdedit
(or something functionally similar like RCS)
required. -tom
\_ Because the motd is mission critical! Seriously,
if this were source code, I'd agree. An anonymous
posting board where anyone can add or delete? Feh.
\_ It blows me away how worked up people get
about a lame ass world writeable file.
\_ kchang, I like to troll. the motd is too boring. can you include
an 'exclude' list of names? ;) we need to revive the motd of
better topics!!!
\_ Perhaps the de-anonimizer is a good thing. Its like that old
Donald Duck count to 10 before you explode cartoon. You have
to think about whether or not your really want to write that
comment before you do. It makes the discussion more civilized. |
| 2005/5/10-12 [Computer/SW/Security] UID:37604 Activity:nil |
5/10 will putty w/ ssh work tomorrow?
\_ "putty w/ ssh"?
\_ Putty should work, but make sure you have a recent version.
It's what I use, at least. - amckee
\_ putty supports ssh2, so yes.
\_ If you have a session defined for soda, you may want to change your
"preferred SSH protocol version" to 2, or "2 only" in the
Connection->SSH options.
\_ Logging in with putty to write this on 5/11 -erikred. |
| 2005/5/6-8 [Computer/SW/Security, Computer/SW/Unix] UID:37555 Activity:nil |
5/6 A lot of web sites now have a login snippet on their main page,
which forefox does not display a SSL icon
(http://www.bankofamerica.com Are those logins safe? You can
usually find a specific login page within the website that
have the SSL icon. I assume bank sites are usually safe in
their design, but what about sites like
http://www.officedepot.com Some sites's login page
(http://www.bookpool.com/ac does not have a SSL icon, but
their login button specifically says "secure login", how does
it work? As an end user, how can one be sure the login/pw
information is encrypted while in transit?
\_ It's usually good practice to put the login page under SSL to
preempt concerns like yours. Many places don't have a login box
on their front page, and make you click through to an https link
to get a login box. Others put the login box on their front
page to save you that step, but the load of putting their front
page under SSL is prohibitive. If they say it's a secure login,
the HTTP Post that sends your information will be under ssl. If
you want to test this, put in a bogus login/password and watch it
jump to SSL when you click "login".
\_ For verification:
http://www.bankofamerica.com/signin/security_details_popup.cfm
\_ So you have to 'observe' the flashing by of the SSL icon
to distinguish these sites from sites that indeed uses
no security. I guess a better question is, how do you
tell if the HTTP post used to send your login
information is under SSL?
\_ Best course of action: don't worry about it. if someone's
really intent on stealing your info, there are easier ways
to do it. There are non-technical ways to protect yourself
better. keep an eye on your account activity. get your
annual credit check (or more frequently if you're worried).
SSL is no guarantee no matter how Verisign wants to package
it.
\_ I find security policy varies significantly
between sites. Your password can be as strong as
you like, but often times the "I lost my password"
feature is typically implemented with very little
security in mind. Better sites will allow you to
reset your password after you verified who you are
(via secret questions, etc), never revealing what
your actual password was. But some no so security
conscious sites will simply email your password in
plain text, and sometimes all you have to do is to
provide your email address. Some sites will also
reset your password with only the email address.
You can only guess how careful those sites will
treat your data (such as credit card info).. I am
trying to sort out the sites that have my login
information so that the lesser secure sites do not
share the same password as the more
secure/important sites...
\_ The guy I spoke to said it used to be configurable but was
taken out. If I turn any of my URLs into https, it stays
https, including turning all the links into ssl, but I know
of several people where it redirects to http. No clue why
it varies. -John
\_ The only way to be sure is to look at the source and see
how it's posting the login. But even then, you won't know
for sure that the authentication server is using weak
encryption.
\_ What's pretty funny is that gmail defaults back to http when you've
logged in, and they seem to have removed the setting the security
guy I mentioned which lets you set ssl for all mail access. -John
\_ My gmail still stays https and always has. I know yahoo
switches back to http after login.
\_ The guy I spoke to said it used to be configurable but was
taken out. If I turn any of my URLs into https, it stays
https, including turning all the links into ssl, but I know
of several people where it redirects to http. No clue why
it varies. -John
\_ You're right. I just never noticed it, because my
bookmark specified https. Thanks for the tip. |
| 2005/5/4-5 [Computer/SW/Security] UID:37521 Activity:kinda low |
5/4 Has anyone checked in a cardboard box for a flight recently? Will
the security screener tape the box back to shipping condition if
they open it for inspection?
\_ Haven't recently, but expect it to be opened and no way to seal
it. Of course you can bring your own or hit one of the "inside"
stores for some tape (don't expect shipping tape).
\_ I took my bike in a cardboard box and they didn't bother opening
it. But then again, it's probably easily identified using the x-ray
machines. Your best bet is to either not put anything suspicious, or\
use one of those huge tupaware looking storage boxes as they atleast
machines. Your best bet is to either not put anything suspicious, or
use one of those huge tupaware looking storage boxes as they atleast
close up resonably afterwards. -scottyg
\_ I was asking for checked-in luggage. I don't mind bring
tapes but since security screening of checked in luggage
is done without my presence, how can I make sure the screener
seal it back? |
| 2005/4/29-7/12 [Computer/SW/Mail, Computer/SW/Security] UID:37426 Activity:nil |
4/29 From the official motd above:
As of May 11 Soda will discontinue SSH 1 and secure telnet support. We
will also be discontinuing support for unauthenticated/unencrypted
mail services in compliance with university security requirements.
Please see your email for more information (assuming you're on
csua@csua). Questions, comments, complaints, and cheap floozies to
root.
\_ Does this mean that I will not be able to access csua using
ssh, or simply that there will be no one to help with problems,
or that I need to use a new secure version of ssh? Also, can
I still use pine on csua?
\_ SSHv1 is the old insecure version of the protocol. Most
ssh clients now support SSHv2. If you are using OpenSSH
you should have no problems.
\_ Does this mean we will be able to use soda as an smtp gateway
when off of campus net?
\_ From the email sent out a few hours ago:
To comply with UC Berkeley departmental standards, we must
terminate support for unauthenticated/unencrypted external
access to all mail services. If you access Soda via POP, IMAP,
or send mail through our SMTP server you MUST switch to use
both authentication and SSL/encryption. These options should
be easily found within most mailers,
IMAP / http://soda.csua.berkeley.edu port 993 (w/ssl)
SMTP / http://soda.csua.berkeley.edu port 465 (w/ SSL + login is
user@soda.csua.berkeley.edu and password)
POP / http://soda.csua.berkeley.edu port 995 (w/ auth + SSL)
\_ Per request, a copy of the email has been saved to the following
location: /csua/pub/SodaChanges0505
- jvarga
\_ As an aside, I've found that for some bizarre reason,
Mozilla mail doesn't like some SMTP AUTH/TLS authentication
setups, while SMTP AUTH/SSL is just fine. This is with
Postfix/SASL2 & Dovecot/imaps under FreeBSD 5.3-R. I just
went through some trouble setting this up, and if anyone
wants my configs I'm happy to share. -John
\_ I'm off campus-net and I can send mail fine using SSL on port
25.
\_ Does that mean the ssh client at
http://www.csua.berkeley.edu/ssh will no longer work? |
| 2005/4/29-5/1 [Computer/SW/Security, Computer/SW/OS/Solaris] UID:37425 Activity:moderate |
4/29 Why did Sun decide to implement SMF in Solaris 10? Was it just to
piss off customers or is there some technical advantage?
\_ Are you talking about the new way to start/stop programs,
&c.? If so, I must agree that the only purpose was to piss
off customers and prove that Sun can do something stupid and
different than Linux (chkconfig may not be great, but it
mostly works and everyone knows how to write init scripts)
BTW, SMF pissed off a lot of ppl inside sun who have to ship
products on other *nix than Solaris.
\_ I guess Sun should be on http://fuckedcompany.com if it isn't
already.
\_ Can someone give me a list of reasons why SMF is bad?
\_ Complicated new way to do something that has already been
done. Like I said, if there's some technical advantage then
I'd like to know what it is. Maybe there is one. If not, it
is just change for change's sake.
\_ 1. SMF uses non-standard commands - you can't simply
start/stop a process by calling its init script,
you have to know what its SMF "name" is. Even if
you don't have to deal w/ other *nix, SMF makes
switching btwn S9 and S10 a pain.
2. SMF enable/disable semantics are bizarre - you
can't just say enable/disable X like in chkconfig
and assume that the daemon is enabled
3. SMF fails to provide adequate feedback re failures
of configuration. Often, you can't tell if a fault
needs to be cleared in order for it be enabled.
service can be enabled.
4. SMF's files are non-standard and their contents
are not explained well - the purpose of SMF is
to make fault recover/mgmt easier, however if
most of your admins don't/can't figure out how
to fix config problems, faults will take longer
to remedy. Developers and Admins should not have
to read some guys blog on http://blogs.sun.com in order
to get details on how the system works.
\_ http://docs.sun.com/app/docs/doc/817-1985/6mhm8o5n0?q=smf&a=view
\_ Yes there are docs, but the docs don't
really have anything useful in the. Ex.
tell me where in that page it specifies
how to use svcadm to disable a process
from being started or how to tell if
the reason a particular process is not
starting automatically is b/c SMF thinks
that the process is in 'fault' state and
must be cleared.
5. The fault mgmt functionality provided by SMF could
easily have been provided through additions to
existing functionality (specific args to init
scripts, allowing apps to dump monitoring scripts
into a given directory, &c.)
\_ Sounds like one of those numerous cases where Sun was trying
to solve the problem which has been already solved
by others and comes up with some terribly complicated and
non-standard way of doing things. *sigh* |
| 2005/4/29-5/1 [Computer/SW/Security] UID:37424 Activity:moderate |
4/29 How does data cracking work? I guess someone intercepts some encoded
data, and then try to apply many different conversions on the data to
find the right conversion that yields the original data. But then how
does he know which conversion is the right one when he doesn't even
know what the original data is? -- newbie
\_ Related question: What were the problem(s) with SSH1?
-- not-so-newbie
\_ iirc, SSHv1 used the same dh key for both encryption and
hmac w/o deriving separate keys for each.
\_ Depends on application--some apps use poor randomness, insufficient
keylength, static keys, re-used keys, etc. Cracking can be done
a couple of ways, including pattern analysis and just plain brute
forcing--you're pretty unlikely to get, say, two different clear
text tcp streams that both look "right". Very often you're also
not "cracking" anything, but rather relying on a buffer overflow or
similar (as with the SSH CRC32 exploit.) -John
\_ What John said. Also, the TLA agencies do things like pattern
and traffic analysis to try and look for information in the
bitstream. A surprising amount of information can be figured
just by looking at things like the frequency of certain
sequences.
\- hola, i do not know what "data cracking" means however, based
on the followup comments, you may want to look at I GOLDBERG's
[UCB] PhD thesis on the design of the "anonymized IP wormhole"
which 1. presents a useful framework to think about "the problem
space" 2. has an interesting discussion on confounding "generic
traffic analysis". it may be more than you are looking for but
isnt that long ... i image there is a shorter version of the
"freedom" project [IG gaves some talks], but i dont know if
there is something downloadable. --psb
\- I note in passing IG uses the example of "you would never
expect the us govt and the libyan govt to collude!" which
is sort of funny given that MQ is now our good buddy.
is sort of funny given that MQ is now our good friend.
better add the north korean and syrian govts. the probabilty
of north korea becoming our friend = how many bits of crypto
strength? --psb |
| 2005/4/29-5/1 [Computer/SW/Security] UID:37422 Activity:nil |
4/29 When I run winver.exe, it displays a string "Version 5.1 (Build
2600.xpsp2.050301-1526 : Service Pack 1)". Since it says Service Pack
1, what does the "sp2" after "xp" stand for? Thanks.
\_ I have (Build 2600.xpsp_sp2_gdr.050301-1519 : Service Pack 2)
\_ http://blogs.msdn.com/oldnewthing/archive/2005/03/18/398550.aspx |
| 2005/4/21-22 [Computer/SW/Security, Computer/SW/OS/Windows] UID:37302 Activity:nil |
4/21 Prank Paper accepted for publication:
http://www.cnn.com/2005/EDUCATION/04/21/academic.hoax.ap/index.html
\_ Wow, that only took CNN about 2 weeks to report.
\_ Dude that's already been reported on motd:
http://csua.com/?entry=37223
\_ it's already been reported twice on the motd.
\_ Conferences are just social gatherings. |
| 2005/4/20-22 [Computer/SW/Security] UID:37288 Activity:low |
4/20 SSH X forwarding question: I hook up my laptop to corpoprate net
and am able, via cygwin and ssh -X to run X stuff w/o a problem from
my corporate PC. But, when I am at home; I get authentication
errors when my laptop is on hooked up to my dsl. The only
difference is that, in order to get through my work's firewall;
I need to ssh through another host (i.e. ssh -X shost.corp and
then ssh -X mypc. I can run apps from the shost machine w/o a
problem. Ideas ? Suggestions? shost is freebsd 4.10 while my
machine is freebsd 5.3. thanks
\_ On which machine are you getting the errors? Are you going
directly from the home laptop to mypc? -John
\_ ssh -g -L 4567:mypc:22 shost.corp
ssh -X localhost -p 4567
\_ The formatting and punctuation is just painful to look at.
\_ [ Edited for readability -formatd ] |
| 2005/4/18-19 [Computer/SW/Security] UID:37241 Activity:nil |
4/18 How do I do all that dsa_id public thingie so that I can ssh/scp into
my cluster of machines (that happen to have the same NFS mount)
without having to type password? -dsa ssh idiot
\_ http://www.arches.uga.edu/~pkeck/ssh
\_ http://www.csua.berkeley.edu/~ranga/notes/ssh_nopass.html
\_ Assuming that all of the systems in your cluster mount your
home directory the following will probably work for you:
1. Generate a dsa key pair (can be on any system):
$ cd && ssh-keygen -t dsa -f .id_dsa -P ''
This creates .id_dsa (private key) and .id_dsa.pub (public
key) in your home directory
2. Copy .id_dsa.pub into your nfs accessible home directory:
$ scp .id_dsa.pub user@host:.ssh/authorized_keys
$ scp .id_dsa.pub user@host:.ssh/authorized_keys2
(This assumes that you don't have authorized keys
already)
3. Test it out:
$ ssh -i .id_dsa user@host
You should not be promted for a password. If you
are try ssh -v and/or make sure that the authorized
keys files are 0600 and the .ssh dir is 0700.
4. If you always want to present the same id to all hosts
add the following to your ~/.ssh/config:
Host *
IdentityFile ~/.id_dsa
If you want to restrict (on your cluster systems) the
hosts from which you will accept a particular id, try
adding 'from="ip range" ' before ssh-dsa. |
| 2005/4/17-18 [Computer/Networking, Computer/SW/Security] UID:37232 Activity:nil |
4/17 Anyone know if Yahoo Messenger is encrypted? I use it in internet
cafes a lot with my 802.11 and I'm wondering if my password is
protected or not. I don't care about the communication, just my
password. -ok thx
\_ Probably not. If you want to know definitively, run tcpdump.
Alternatively, set up a VPN and pipe all your connections through
that.
\_ Your clear text password is not saved in your machine nor is it sent
in the clear text through the internet. |
| 2005/4/15-17 [Computer/SW/Security, Computer/SW/Apps, Computer/HW/CPU] UID:37199 Activity:nil |
4/15 http://www.cnn.com/2005/TECH/science/04/14/mit.prank.reut/index.html The lead author is a (recent) cal alum. |
| 2005/4/14-15 [Computer/SW/Unix, Computer/SW/Security] UID:37186 Activity:high |
4/13 Hey, if you're going to update nethack, update angband, too. You
could also install a variant, like NPPAngband:
http://home.comcast.net/~nppangband
\_ Interesting. Thanks for the pointer.
\_ there's even a competition:
http://mysite.wanadoo-members.co.uk/angband_comp/compo.html
\_ Installed angband (there was a ports version) - amckee
\_ NPPAngband is trivial to install. Why not install that too?
\_ Because I was up until 2:30 upgrading Perl and did this
between compiles? MAYBE I'll install it, though. =) amckee
\_ If by 'trivial' you mean 'completely manual', yes it was trivial.
I've installed it as NPPAngband, I did not overwrite angband
\_Oh no! There goes my weekend/life! -scottyg
\_ NetHack, Copyright 1985-2003
By Stichting Mathematisch Centrum and M. Stephenson.
See license for details.
No write permission to lock perm!
Hit space to continue:
\_ Unable to replicate with my two user-land accounts,
do you have any stale files around? Anyone else seeing this?
Send email to amckee/root, iff you see this and want it
looked at.
\_ i don't think you quite understand what userland means.
\_ You do realize that, in addition to OS, process, and
object level privileges, root accounts can run in
increased kernel priority levels? Granted, in this case
the problem is most likely to do with file permissions,
it is not an atypical usage of the word 'userland' to
refer to non-root/non-privileged users. Thanks for the
snideness, though.
\_ i still don't think you quite understand what
userland means. try looking it up in, say, the jargon
file. root accounts are not any different from
normal ones in terms of where they run (i.e., they do
not run in the kernel). the kernel will allow you to
do privileges things by being root, yes, but they are
still done by the kernel, not because you as root are
in the kernel mucking around. |
| 2005/4/13-15 [Computer/SW/Security] UID:37183 Activity:kinda low |
4/13 Comcast internet service SUCKS!!!
If you want to be a national ISP you've got to know how to run a DNS
server.
\_ Agreed. It could be worse, though -- at least broken DNS is easy
to work around.
\_ Whiny bitches. If people wanted reliable service, the free
market would reward a company for providing it. Clearly,
people are happy to pay for spotty service.
\_ One of the great things about "the free market" is that
it provide for many a niche. Some, like me, pay a
small premium to a company like speakeasy for reliable
and reasonable service (no shutting off access to ports
without notice) and others who want a cheap services,
without notice) and others who want a cheap service,
get it.
\_ You know, I think I agree with this. I'm getting what
\_ You know, I think you're right. I'm getting what
I pay for. --second poster |
| 2005/4/12-14 [Transportation/Car, Computer/SW/Security] UID:37151 Activity:nil |
4/12 Free transbay bus service for one month:
http://www.actransit.org/news/articledetail.wu?articleid=ae28f29b
Pretty attractive when gas price is high.
\_ It's only free westbound. Return trip still costs $3. But I
think it's a good publicity for the new park & ride lot. |
| 2005/4/11-13 [Computer/SW/Security] UID:37143 Activity:nil |
4/11 I called Berkeley's fraud alert hotline and the only info the thieves
had are: My full name, SSN, and the money I made. That's weird, I
don't remember putting down how much money I made when I applied to
Berkeley. Anyways, they told me to call Experian 888-397-3742
Option 2, 2, 3, 2, 1, 2 to put myself on fraud alert.
\_ Is this pre-emptive or has somebody already started using the
stolen ID info? -- ulysses
\_ I don't think there's been any evidence that the stolen ID info
has been used. -tom
\_ who is deleting useful replies?
There is as of yet no evidence that the stolen data have been
used. -tom |
| 2005/4/11 [Computer/SW/Security, Computer/SW/OS/OsX] UID:37142 Activity:very high |
4/11 What's the best way to transfer files between Macs and PCs? I don't
want to install NFS (too heavy weight), there must be another way.
Like, I don't want to use SCP because it doesn't do recursive copy...
\_ my problem with WinSCP is that it doesn't like to copy file
names with foreign letters (accented e, Ooo, etc). What other
alternatives are there besides WinSCP which I like a lot?
\_ You were given the correct answer and deleted it. go away.
\_ scp doesn't do recursive copy? have you tried scp -r?
\_ scp -r. windows scp clients do this too. fool
\_ samba on the Mac. -tom
\_ Why not just connect to the PC from the Mac? OS X has a built-in
SMB client or you can just enable Windows Sharing on OS X for
the opposite direction.
\_ my problem with WinSCP is that it doesn't like to copy file
names with foreign letters (accented e, Ooo, etc). What other
alternatives are there besides WinSCP which I like a lot?
\_ You were given the correct answer and deleted it. go away.
\_ scp doesn't do recursive copy? have you tried scp -r?
\_ USB2.0/IEEE1394 hard drive enclosure
\_ Why was this deleted?
\_ rsync over ssh.
\_ car full of cdrs!
\_ Only if copied and driven by a hot naked chick, who you have sex
with during the copying.
\_ Only if the data is lisp code.
\_ 4" floppy disk
\_ smb share + net.
\_ seconded. If you have OpenSSH installed on your Win* box,
then you can even use ssh tunneling. |
| 2005/4/6-8 [Computer/SW/Security, Computer/SW/Unix] UID:37085 Activity:nil |
4/6 In Linux, when I type "limit" I get to see the max # of file
descriptors I can have. How do I check the number of descriptors
I'm holding and how do I change it? "limit descriptors 8096"
doesn't work (think I might need root or something)
\_ limit/ulimit work at the shell level. You can see the number of
descriptors held in /proc/self/fd. To change the max fd's, you
may need to change the hardcoded limits in /etc/security/limits.conf
your syntax is right, but you are probably trying to go past the
hard limit (limit -h to view) Yes, you will need root access to
change the hard limit. |
| 2005/4/6-7 [Computer/SW/Languages, Computer/SW/Security] UID:37084 Activity:high |
4/6 My banks, brokers and credit card companies are promoting paperless
statements. If I tell them to stop mailing me paper statements, and
later there's a gitch on their computers, will I be in a disadvantage
proving my case with prinouts from their web pages compare to if I
have their paper statements? I'm trying to see if it's a good idea to
stop the paper statements in my mailbox in order to avoid ID theft.
Thx.
\_ Can you ask them whether they can somehow sign their statements
that they send to you (x.509 cert, pgp, etc.?) What's the
situation on digital signing/non-repudiation in the US right now
anyway? Even if there's no precedent or legal basis for it, it
might still be better than just an occasional email or web page
printout. If you're worried about ID theft from paper statements,
there are easier ways of doing it (credit card slips, for example.)
You could just get a PO box too. If your bank is putting info that
could be used to compromise your authentication details on paper
statements, find a new bank. -John
\_ All my bank and credit card paper statements have account numbers
on them. I think stealing mail from my mailbox at the front of
my house in broad daylight is very easy.
\_ my friends in comp security all say digital signature and
non-repudiation is a non-issue. the courts don't care and will
accept all kinds of strange records if presented w/ an
avidavit/oath of truth. hell, fax'd signatures are enough,
and anyone can forge one of those. records are the starting
point for deliberation, not the endpoint.
\_ It's an issue in countries with a proper legal framework, and
with banks that give a rat's ass (American banks are
notorious in that regard, and for not paying a lot of
attention to proper authentication.) Will a paper statement
serve as proof in court in case of a dispute? I'm asking
because you're essentially trusting their record keeping
(such as transaction serial #s, etc.) to verify the
authenticity of the documentation. -John
\_ I think you should do a risk assessment of using the bank's
record keeping vs. your own and see which is more likely to fail.
\_ Yes my record is more likely to fail, but that's not the issue.
If my record has a mistake, the bank is not going to go by my
record to determine how much I have left in my account. But if
the bank record has a mistake, the bank will most likely go by
its record unless I can prove otherwise. Now my question is:
does a printout from a web page as good a proof as the fancy
paper statement from the bank?
\_ I think you'll find neither of them can prove a balance.
the record of transactions is useful so you can ask for
details on any transactions that occured which are not
in your records, e.g. reconciliation of accounts.
\_ I filed a small claims lawsuit and needed to print out a statement.
8 months passed between when I filed for the claim and when the
trial's gonna happen. That month I tried to print out bank
statements but it said "Sorry we only go back to 6 months." I
had no choice but to delay the trial date. What a drag.
\_ I think if you care about these sort of things, then you should
keep the paper copy. I do the same thing for the very same reason. |
| 2005/4/2-5 [Computer/SW/Security] UID:37045 Activity:nil |
4/2 Where do I enter computer equipment expense for my
consulting service? Is it Office Expense? Misc expense?
Home Office expense? Thanks.
\_ I put it under misc. on the Schedule C (not the 8859) |
| 2005/3/30-31 [Computer/SW/Unix, Computer/SW/Security] UID:36971 Activity:kinda low |
3/30 ssh port forwarding/X11 issue: Any ideas on how to solve this
problem: I ssh over to a remote host that shares my same home
directory. My forward X11 works okay until I sudo to root.
I get a message about wrong authentication. Any ideas ?
Being root on the base machine works just fine for X11.
\_ xhost
\_ NFS mount root squash making your $HOME/.Xauthority not readable
perhaps.
\_ Another possibility is sudo not retaining $HOME. But anyway,
look into the xauth command. |
| 2005/3/30-31 [Computer/SW/Security, Computer/SW/OS/Windows, Computer/SW/Unix] UID:36959 Activity:nil |
3/30 In Windows XP, when I share [export] a folder with read/write/execute
permissions for ALL, it still asks for username/password. How do I
configure it so that it never asks for user/password?
\_ You need to enable the Guest account. |
| 2005/3/25-31 [Computer/SW/Security, Computer/SW/Unix] UID:36883 Activity:moderate |
3/25 My team (Yahoo! login/registration/access) has several
software engineer positions open at all experience levels. -atom
\_ I need a part time job, please give me a flexible part time
job because school sucks. -kchang
\_ How about fucking change the default login to be secure login??
Every other fucking website in the world uses secure login. Why
does Yahoo insist on using non-secure login as default????!!!
\_ Because it is secure, dufus. Assuming you have javascript
enabled anyway. They issue a random challenge string that
you answer by hashing together your password and the challenge.
\_ Oh wow, we don't really need SSL don't we?
\_ Oh wow, we don't really need SSL I guess.
\_ Wow, no, it's needed for some things.
\_ Why doesn't yahoo use SSL login by default?
\_ Well, the obvious reason is they don't want to buy
hardware that can handle craploads of SSL connections,
which is a lot more expensive than the hashing scheme.
\_ Aren't you in LA? |
| 2005/3/25-28 [Computer/SW/Security] UID:36868 Activity:nil |
3/24 Where can I dispose of a dead CRT for free? Office Depot had a free
service, but it looks like it's over. Thanks. -slow
\_ http://csua.com/?entry=25428
\_ In a dumpster. Seriously. Otherwise, wait for one of those
days where you can dispose of toxics for free. I favor a random
dumpster, though. Yes, I have done that.
\_ Free on Fridays at http://www.accrc.org |
| 2005/3/23-24 [Computer/SW/Languages/Misc, Computer/SW/Security, Transportation/Car/Hybrid] UID:36839 Activity:nil 50%like:36690 |
3/23 Now you can RIDE ELECTRIC BIKE!
http://tinyurl.com/59b77 (gizmodo)
\_ Electric bikes are not new. -tom |
| 2005/3/23-24 [Recreation/Dating, Computer/SW/Security] UID:36827 Activity:high |
3/26 One more reason to use PGP, and maybe the Anonymizer. And by the way,
only 1700 porn pictures? I have at least 100X that:
http://news.bbc.co.uk/2/hi/entertainment/4376959.stm
\_ You have over 170,000 porn pictures?
\_ I do.
\_ Assuming no repeats an a minimal 10 seconds per picture,
\_ Assuming no repeats and a minimal 10 seconds per picture,
it would take you 472.2 hours to looks at all that pr0n.
Where are you getting the time?
\_ 10 seconds? Try 1.
\_ 472 hrs? Spread that over five years and you are talking
about an hour a week.
\_ Just another slow work week.
\_ How about yet another reason to get your mind out of the
gutter and use your higher cognitive functions for something
more useful than viewing pictures of women in various states
of undress?
\_ How about two or more women?
\_ I agree. He should spend more time getting out of the house
to find women willing to undress live and in person. There's
no cognitive function more useful than that. |
| 2005/3/22-24 [Computer/SW/Security, Politics/Domestic/SocialSecurity] UID:36815 Activity:nil |
3/22 CNN front page: "But when 443 of the 909 polled were asked whether
they supported private retirement accounts in exchange for a reduction
of guaranteed retirement benefits, support fell to 33 percent, while
opposition rose to 59 percent [+/- 4.5 points]. ...
Fifty percent said they understood the debate over Social Security
"somewhat well," and 31 percent said they understood it "very well."
Only 18 percent said they did not have a good grasp of the matter. |
| 2005/3/22-5/9 [Computer/SW/Security] UID:36803 Activity:nil |
3/22 imap, pine, pop3s, ssh/sshd, and (most importantly) nethack
updated. Okay, a bunch of other random stuff that no one
ever probably uses has also been updated. Send bugs
(other than high score resetting) to root. |
| 2005/3/18-19 [Computer/SW/Security] UID:36748 Activity:kinda low |
3/15 Someone asked about popular backup options?
http://www.engadget.com/entry/1234000710036562
\_ I appreciate the helpfulness, but as usual, they all suck. The
closet thing to easy I've heard of are the one-touch backup drives
closest thing to easy I know of are the one-touch backup drives
from Western Digital, but I just wish they did encryption too.
\_ It's kludgey, but have you considered backing up encrypted
content rather than encrypting backed up content? -John
\_ Yes. But it would be nice if, on the backup, the whole
drive is encrypted.
\_ How non-interactive must it be? Can you back up to a
pgpdisk or EFS, or cfs/encfs on FreeBSD/Linux? -John
\_ Well, when I said "closest thing to easy" I really
meant for yermom, I mean, my mom or my boss to use it,
and ideally easy for me to setup as well. |
| 2005/3/18-4/4 [Computer/SW/Unix, Computer/SW/Security] UID:36744 Activity:nil |
3/18 Office account holders - please clean up your directories, or
we'll have to unleash the wrath of root (and karen) on you! =) |
| 2005/3/11-14 [Computer/SW/P2P, Computer/SW/Security] UID:36651 Activity:high |
3/11 What do I need to do to make sure I don't get sued when I use
bittorrent? I am still a newbie. Thx.
\_ Azureus bittorrent client w/ safepeer plug-in supposedly
blacklists evil MPAA spy machines...
\_ Don't download copyrighted materials, or run it on someone else's
machine.
\_ How about a real answer? I don't care much for music/movie,
only apps/games.
\_ It is a real answer. Bittorrent was not conceived to
provide any sort of anonymity; Bram Cohen states as much
somewhere on http://bittorrent.com. The fact that you have a
tracker file hosted somewhere makes your IP show up. -John
\_ That's illegal and you can never fully "make sure" you don't
get sued.
\_ Under bittorrent, how would they trace me? Just give me
the technical info, if they were to do so? does the .torrent
file contains my info? ip?
\_ If you don't know enough to figure this out yourself,
you really shouldn't attempt it.
\_ In other words "I don't know".
\_ In other words, "You're a dumbass, and I'll laugh
my ass the fuck off if you get prosecuted"
\_ Sniff. Please sir, don't call me names.
\_ AFAIK, the underlying d/l stream in BT is not
encrypted. Someone w/ a pkt sniffer can tell
tell that you are using BT and what you are
d/l'ing. If they record the pkts, (which may
not be protected under 4 amd) the recorded
stream may be used as evid of your copyright
violation.
The best way to avoid this is to not become
an attractive target by d/l'ing high value
items frequently. The ONLY 100% safe way is
to not d/l copyrighted material.
\_ Isn't it easier than that to track someone?
I mean, if you're downloading Revenge of the Sith,
that means you're also serving it.
If I'm the Feds, and I turn on my bittorrent
client and start grabbing the movie, I should get
a list of IP addresses of everyone I'm getting
packets from. I just tell the movie companies to
ask the ISPs to match IP addresses to people's
names for those people sending the most packets.
It doesn't matter if the data are encrypted, since
the IP addresses in the IP headers are in cleartext.
(although I feel stupid putting it this way)
\_ ISPs do not have to disclose the names of
people for a particular IP addr unless the
cops get a warrant by showing prob. cause.
To show prob. cause, the cops need to prove
that the IP addr actually served or d/l'ed
copyrighted content thus violating the
copyright. (simply having copyrighted
content on your computer that you own may
be covered under fair use and does not
show that you have likely violated the law).
If the content is encrypted, then the cops
can't really prove to the judge issuing
the warrant that you served or d/l'ed
copyrighted content and may not be able
to meet the prob cause requirement.
(Some judges might say that having the
files there was enough to est. prob
cause so you have to be careful)
If you use authentication, and the feds
lie to you to get a valid passwd, then
you may have all sorts of other legal
protections.
\_ Maybe that's why there are so few torrent
users being sued. Anyways, since I don't
think the torrent data are encrypted anyway,
maybe it's not worth arguing about.
From a "I might get sued!" standpoint, I
personally would take the assumption that
encryption won't help for the Revenge of
the Sith example, but, YMMV.
\_ Uhm, it is a real answer. You want to use it for illegal
purposes, so you risk getting sued.
\_ From what I've heard they've only sued 7 bittorrent users
(non-ISPs). It's not as bad as MP3 sharing ... yet.
Basically, you are a target if you have fat upstream, you leave your
computer on all the time so you have the double whammy of always
serving files and your IP address never changing, and you serve a
lot of new movies.
You're probably not a juicy target, but for the average user, I
would just avoid grabbing new mainstream movies, lots of recent
movies, or serving lots of ISOs like WinXP or Office 2003.
\_ Thanks! And to the guy above, f*** off!
\_ Uhm, so you basically posted to get someone to pat you on the
back and say "Oh no, baby, it's okay. No one's going to sue
you!" That's pretty retarded. I mean, honestly, if you're
going to trade in copyrighted materials, you become vulnerable
to a variety of legal actions. Period. If you can't accept
that, the just buy the fucking thing and quite wringing your
that, then just buy the fucking thing and quite wringing your
hands.
\_ Every piece of software on your computer is legally
obtained?
\_ No clue...but I know the risks and am willing to
accept them. *shrug*
\_ I see, so all that no stealing lecture does not
apply to yourself. I am speachless.
\_ You do realize that more than two people can post
right? I haven't campaigned for or against the
morality of the issue, only the OP's retardation
about playing games with legality and essentially
entering a state of denial. You're an idiot,
by the way, just in case that wasn't clear in your
post.
\_ He didn't ask for a lecture, just how to avoid the law.
\_ So if op had asked you how to shoplift, you would
have told him w/o informing him that (1) it was
wrong to steal and (2) he may be subject to criminal
liability?
What I find more disturbing is the fact that op
feels entitled to download games (and whatever
else he wants) w/o paying for it. Regardless of
the civil/criminal liability associated w/ this
sort of activity, op OUGHT to realize that actual
people worked on the games that he is stealing
and if everyone acted like him and stole these
games there would be no incentive for people to
work on future games. If the hard work of others
brings you benefit, PAY FOR IT or we all lose in
the long run.
\_ I'm not going to disagree with you about games, but
I don't agree that stealing software always costs
companies money in lost business. I've used stolen
copies of very expensive software to get the feel
for them and figure out how to use them and then
spent huge amounts of Other People's Money to buy
the real thing based on having tried it for free.
In some cases I would probably not have made that
purchasing decision had I not been able to try it out.
So in the end, the company made *more* money than
they would had I not stolen a copy while I was a poor
student who couldn't afford it anyway.
\_ I can see your rationale. If you end up
buying a copy of the software or deleting
it b/c you don't want to buy it, there is
no violation of the principle that one ought
pay for things from one which one derives a
benfit. Unfortunately the law does not (and
probably cannot ever) allow for this.
The general principle could be applied to
games/music/books/movies/&c. if there were
no public library or private rental systems,
however, it is so easy and affordable to
rent things it doesn't really make sense to
steal.
\_ Well, the way for this to be legal is for the
company to have the foresight to give away
a version that's good enough to learn the
commands and get a feel for it so poeple like
me don't *have* to break the law to try their
damn product. Wasn't there a free version of
Doom in the begining to get people hooked?
After that, I was more than happy to shell
out the money for the real thing which I
probably wouldn't have done otherwise.
\_ right...I'm sure companies which provide
demo versions never get their software
stolen. -tom
\_ Join a private forum. No, really.
\_ Would decentralization, using SSL encryption, and only using
centralized servers to randomly connect people, and always
use another node as a middle-man when xferring data make it
really hard to track? Sort of a cross between filetopia and
bittorrent...
\_ onion routing, so nobody's sure what data is going through them,
taht would be more like it. See 'freenet' |
| 2005/3/11-14 [Computer/SW/Security] UID:36644 Activity:nil |
3/11 I'd like a way to have Terminal.app change the window's background
color when I ssh to another machine-- really cool would be to have
some sort of mapping of hostname to RGB value so that the window
for machine1 looks different than machine2. Is there a way to do
this? TIA.
\_ If I wanted to do this for one machine only, I would replace ssh
with a wrapper that outputs some ANSI sequences before calling
the real ssh. (You might want to put in some logic to only do this
for interactive sessions.) To set it up on a number of systems, I
would put the ANSI sequences in my .profile. That way, if you ssh
from A to B, then from B to C, your colors will match machine C
instead of machine B. -gm
\_ You might be able to do this w/ saved .term files. Just set
the background to the color you want and then do File->Save
and specify the cmd to execute as /usr/bin/ssh user@host.
Then when you click on a particular term file, it will have
the color set and will ssh into that host. |
| 2005/3/10 [Computer/SW/Security] UID:36614 Activity:kinda low |
3/10 If I run to run X11 through NAT, is it better to set up raw forwarding
of port 6000, or ssh-tunnel the connection? I'm not using WPA or WPA2.
\_ SSH tunnel--use -c for compression, it helps a bit. Unless you
have serious computer (not net) performance issues, port forwarding
through SSH is very often a good idea out of principle. Also, does
X11 now let you use just 6000? Used to use 6001..2..n as well, or
has someone fixed that? -John
\_ my understanding is you can use just 6000, defaulting to 0.0,
6001, ..., n for 0.1 ... n, if desired, but not necessary. |
| 2005/3/9-10 [Computer/SW/Security, Computer/SW/OS/FreeBSD] UID:36594 Activity:nil |
3/9 OpenSSH 4.0 is out:
Announcement: http://tinyurl.com/5aea4
Portable: http://www.openssh.com/portable.html
OpenBSD: http://www.openssh.com/openbsd.html
Nifty new feature is the connection multi-plexing.
\_ What is that?
\_ Once you start one connection to a remote system, other
connections will use the same key pair so you don't have
to pay the cost of a new DH exchange (at least this is
the impression I got from reading the mailing list) |
| 2005/3/8-9 [Transportation/Car, Computer/SW/Security] UID:36586 Activity:low |
3/8 "It was certainly an accident ... The car was traveling at a velocity
that couldn't have been more than 40 kilometers (25 miles) per hour
... The government has a duty to point out that the reconstruction of
the tragic event ... from the direct account of our secret service
official who was with Dr. Calipari does not coincide, totally, with
what has been said so far by the U.S. authorities."
[Fini] said Calipari, an experienced officer who had negotiated the
release of other hostages in Iraq in the past, "made all the
necessary contacts with the U.S. authorities," both with those in
charge of airport security and with the forces patrolling areas next
to the airport.
-G. Fini, Italian foreign minister (http://csua.org/u/bb0 CNN)
Another article: [The security agent in the car] said that a light
was flashed at the car after a curve and that gunfire -- lasting 10 or
15 seconds -- started immediately afterward, disputing U.S. military
claims that several attempts were made to get the car to stop before
shooting. |
| 2005/3/7-8 [Computer/SW/Security, Computer/SW/Unix] UID:36560 Activity:nil |
3/7 Are there any ISPs that still offer generic dial-up PPP accounts that
works with the Windoze generic dialer and don't require custom dial-up
clients? I have an AT&T Global Dialer account, but it needs the Global
Dialer client. I remember the old days where all I needed was to enter
the phone number, login and password into the Windoze dialer, and it'd
work. Thanks.
\_ SBC Global works for me when I'm on the road. - jvarga
\_ http://ispwest.com works well for that. even works with linux.
\_ http://sonic.net
\_ They've always had the at&t dialer, but you've been able to
authenticate with PAP and with login in the past with the
8764287346@worldnet.att.net and the gibberish password. Look for
an account.txt file -dwc |
| 2005/3/3-5 [Consumer/CellPhone, Consumer/PDA, Computer/SW/Security] UID:36517 Activity:nil |
3/3 Anyone know of a good stopwatch/timer that works on a Treo? I've
tried a few and they all seem to crash when I try to access any
of the menus. tia. |
| 2005/3/3-5 [Computer/SW/Security] UID:36515 Activity:moderate |
3/3 Is there a way I can set up my cell phone so it only rings if
the person calling knows a secret code, and otherwise just goes to
voicemail? Or, can it be set up to first go to a message where
the person calling can choose to leave me a voicemail or to ring the
phone? In the latter scenario, this would enable people to call and
leave a voicemail in the middle of the night without waking me, but
they would still have the option to ring the phone if they really
want to talk to me at that minute.
\_ If you come up with a decent way to do this, could you please let
me know? (For now, I have a profile on my phone called "Asleep",
which is mostly silent; if I expect someone to call at night, then
I set a non-silent ring tone for that person. It works okay, but
what you suggested would be much nicer.) --mconst
\_ I think you would need an answering service to handle the
decision-making and a distinctive ring to only wake you when
the answering service dials through. Once your phone has
forwarded the call to voicemail, it would be up to the voicemail
provider (usually your cell provider) to handle things.
\_ In the latter scenario the caller already has an option: if they
don't want to wake you, don't call in the middle of the night!
Send email or call in the morning. As for the first scenario,
you can get a silent ringtone, set that as the default, and
assign non-default ones to people you know.
\_ Yes, but I could have a seperate outgoing message for
when I'm sleeping and for when I'm awake. Sometimes I'm up
at 11pm, sometimes I'm in bed. The caller doesn't know. -op
\_ on my cell phone feature wish list: a way to just leave someone
a voicemail w/out ringing their phone. Sometimes I want to just
leave someone some info but dont want to talk. Also I HATE
checking voicemail... but txt msgs are often too cumbersome.
It'd be great if each persons phone had a voice-to-text thing
that they could use to create txt msgs.
\_ If both people are on AT&T, at least, you can send voicemail
directly: call your own voicemail, and select 2 from the main
menu. |
| 2005/3/2-3 [Computer/SW/Security] UID:36498 Activity:kinda low |
3/2 I can read mail through CalMail or BearMail but can't POP. Anyone else
having this problem?
\_ You probably shouldn't've ignored the 3 (or was it 4?) warnings
that the CalMail people sent out in the past month that vanilla
POP3, being blatantly insecure by way of transmitting passwords
in cleartext, will be (and now has been) permanently disabled
as of 03/01/2005. Set up your mailer to use secure POP (or SIMAP),
on the default port, 995 (or, respectively, 993). -alexf |
| 2005/2/23-24 [Computer/SW/Security] UID:36377 Activity:very high |
2/23 Hi, my girlfriend's mom is in Taiwan. Her computer stopped booting;
it shows BIOS, but it won't show the WinXP screen. So, it sounds like
a virus (less likely, partial drive failure / OS corruption, but let's
assume it's a virus).
She is concerned about recovering her files.
Normally if I were on-site I'd just pull out the drive, put it in an
enclosure, and bam.
Is there any convenient way for her to recover her files without my
being on-site? I am thinking something along the lines of a bootable
CD-ROM I can mail her that could mount an NTFS partition and also a
USB memory key. It would show an easy Explorer-like tree with which
she can explore the C: drive and copy files over.
\_ The only convenient way I can think of is for her to buy a new
computer, then open up the old computer, take the disk out and
put it in the new computer as a secondary drive. Even this is
not "easy", but it is relatively straightforward for a non-
technical user. Can you trust her to be able to operate a
screwdriver? If not, she needs to bring it in to a data
recovery service, which will be much more expensive.
\_ have somebody in Taiwan make a KNOPPIX CD.
You make the same knoppix CD here and talk her through it.
She copies the files from HDD to the USB key.
In these situations avoid the screwdriver if you can.
\_ Thanks, I'm downloading KNOPPIX 3.7 English now and will try it
out. I'll let motd know how it goes.
\_ Also, if you could get remote access to her computer,
that would probably make things easy for you. You might try
setting up a remote access tunnel. Have her run (as root)
\_ Also, if you get remote access to her computer,
that would probably make things go faster.
You might try setting up a ssh tunnel like this:
Have her type:
(at the boot: prompt) knoppix 2 vga=normal
# passwd (to set the root password)
# /etc/init.d/ssh start
# ssh -R 2222:localhost:22 account@yourserver
then you ssh to you@yourserver and run
$ ssh -p 2222 root@yourserver
This should give you root on her server. I haven't tried
this specificaly but I'll test it out later tonight.
Then you ssh to yourserver like normal and run
$ ssh -p 2222 root@localhost
at the password prompt, type her new root password.
This should give you knoppix root on her computer.
I just tested it and it works. -brett
\_ Sounds cool. She gets net via PPPoE, though. So I guess
I will need to fish for the PPPoE settings in KNOPPIX and
tell her how to do that?
\_ D'oh. She doesn't she have a firewall/router device?
That could explain how her computer got comprimised.
\_ That's what I told my gf. But my gf does Windows
Remote Assistance all the time with her family and
didn't want to mess with unblocking ports.
...
"It ain't broke, so why fix it?"
"Because you might get p0wn3d one day"
"But I have everyone on Windows Automatic Update"
"Okay"
"Dang, I got p0wn3d!"
The real answer is that we need to test the port
unblocking in the U.S., and move them to the
D-Link gateway next time we visit Taiwan.
\_ Your girlfriend should either:
1) fix it herself now (or)
2) follow your advice ahead of time.
3) Get Macs for her parents.
Your gf doesn't understand inbound/outbound rules:
"If you are using Network Address Translation (NAT) in a
home environment, you can use Remote Assistance without
any special configurations."
\_ You have never had a girlfriend, have you?
\_ Doesn't she have any computer savvy acquaintances in Taiwan?
Isn't Taiwan a high tech island?
\_ Friends we used to ask are in gr4d sk00l in the U.S. |
| 5/16 |