|
12/25 |
2006/4/11-24 [Academia/Berkeley/CSUA, Computer/SW/Security] UID:42732 Activity:nil |
4/12 Soda - very unstable. Is POP3/S disabled? \_ Alright, who keeps rebooting soda? \- soda is currently rebooting itself for an unknown reason. someone on root is working on it, or if not, will be very soon. -lin \_ V FOR VENDETTA! \_ From the csua home page: Soda was recently compromised and the root staff have rebuilt it from scratch. Soda was down all weekend for repairs. Due to the scope of the attack, all user accounts have been disabled. Please note, that if you logged into another machine from Soda in the last two weeks, that account is compromised or if you used keyboard authentication to access soda, your password has been logged. The root staff has not yet restored POP and IMAP, but plan to do so in the near future. In addition, certain parts of ~user public_html pages are presently disabled. . |
2006/4/11-18 [Computer/SW/Security] UID:42729 Activity:nil |
4/11 so any suggestions how I can try and verify that other machines to which I have access have not been compromised? in which case hopefully it shoudl be enough to change my passwords. I dont think I logged in anywhere from soda but woudl like to be sure. \_ If you have logged in with keyboard interactive to soda, or ssh'ed with keyboard interactive from soda your passwords are likely compromised. Sorry for the instability. \_ The machine I logged into soda from's password is compromised? How does that work? |
2006/4/11-17 [Computer/SW/Security] UID:42724 Activity:low |
4/11 So is there a trail of evidence as to where this compromise came from? \_ A theory is that someone caused the crash by trojanning ssh/sshd and then instaling a rootkit when he temporarily had root. \_ ZOMG remember remember, the 5th of november! \_ Well, yeah that letter was involved. \_ Let's go through some suspects. Who are some of the past disgruntled root members? \_ Historically the most digruntled root members are those who still HAVE root (not by choice). --dbushong \_ Yeah, but, erm, doesn't that kind of beg the question? \_ A certain person installed and put the old vulnerable sendmail back even on this current incarnation of soda. Seems like maybe you should question him/his motiVes. ssh/sshd and then instaling a rootkit when he temporarily had root. |
2006/4/6-7 [Computer/SW/Security, Reference/Law/Court] UID:42708 Activity:kinda low |
4/6 http://csua.org/u/fg6 (orlandosentinel.com) Lawyer for DHS ICE Operation Predator chief (who pleaded no contest to exposing sexual organs and disorderly conduct), says he could have won the case: "The victim's account is not credible, Phillips said, saying that if the teen could see 2 centimeters of flesh from 20 feet away when others sitting much closer to Figueroa didn't notice anything, 'she has the visual acuity of most birds of prey.'" \_ 2 centimeters? Now I feel sorry for the guy ... \_ It's not too hard to see 2cm at 20 feet distance. \_ He thinks the average juror Joe would know how long a centimeter is? \_ because clearly, 20 feet from someone is a safe distance to be masturbating. |
2006/4/6-7 [Computer/SW/Security, Computer/SW/Unix] UID:42706 Activity:low |
4/6 /var/mail is full. I'd mail root, but... \_ soda: [~] % du -h /var/mail/kislyuk 16G /var/mail/kislyuk \_ Last login Sun Dec 4 18:44 (PST) on ttyB5 from .... New mail received Thu Apr 6 09:12 2006 (PDT) Unread since Sat Dec 3 12:47 2005 (PST) \_ Isn't there a 25M quota on /var/mail? How did it get to 16G? |
2006/4/6-7 [Computer/SW/Security, Computer/SW/Unix] UID:42704 Activity:nil |
4/5 Problem: sshd acting weird. Platform: Linux 2.6.x. Symptoms: Ssh \_ I thought Soda ran FreeBSD connection got stuck all of a sudden. Cannot ssh into the machine. Ping ok, and apache2 apparently working. Console log-in takes +5 min & nothing weird in /var/log/*.log. Restarted sshd a few times, no luck. Restarted the machine, everything's normal. Two hours later, sshd is weird again. Same symptoms. What are some possible culprits? \_ NIS or NFS? \_ Hmm... any chance you have a bad disk? sshd's virtual memory is writing to bad blocks, which causes it to run very slow? Or the blocks where your auth.log or something else that gets written to on login? -dans \_ NFS mounted home dir on remote file server. DNS lookup failure on that NFS mount, or DNS reverse lookup failure on remote host but the console login delay implies NFS failure. Or it could be something entirely different. :-) But I'd check those two first. |
2006/4/6 [Computer/SW/Security] UID:42696 Activity:high |
4/5 Problem: sshd acting weird. Platform: Linux 2.6.x. Symptoms: Ssh connection got stuck all of a sudden. Cannot ssh into the machine. Ping ok, and apache2 apparently working. Console log-in takes +5 min & nothing weird in /var/log/*.log. Restarted sshd a few times, no luck. Restarted the machine, everything's normal. Two hours later, sshd is weird again. Same symptoms. What are some possible culprits? \_ NIS or NFS? \_ Hmm... any chance you have a bad disk? sshd's virtual memory is writing to bad blocks, which causes it to run very slow? Or the blocks where your auth.log or something else that gets written to on login? -dans |
2006/4/5-7 [Computer/SW/Security] UID:42685 Activity:nil |
4/5 A few days ago someone asked for technical details for BART's fuckup. Here it is: http://www.bart.gov/news/press/news20060405.asp \_ well, they seem well-intentioned. I don't think anyone's about to boycott Bart because of the downtime anyway. \_ In one of those links posted I found it interesting to read that one of BART's design goals is that a technical incident that causes the shutdown of all trains for more than 5 seconds is supposed to occur with a mean frequency of no more than once in 20,000 service hours. I think if you count the recent screwups as a single incident, they probably meet that goal. Individual trains obviously fail more often though. |
2006/4/4 [Computer/SW/Security, Computer/SW/Apps/Media, Industry/Startup] UID:42653 Activity:nil |
4/4 http://news.yahoo.com/s/ap/20060404/ap_on_bi_ge/computer_sciences Computer Sciences Cutting 5,000 Jobs. Don't worry it's not CS CS, but CS Corp. What a dumb ass company name, it's like Merck naming itself "Pharmaceuticle Company" \_ How do you feel about Microchip, LSI, or VLSI? \_ Or Analog Devices. But yea, CSC is bad. My company uses them and they are incompetent. \_ Usually they are called 'CSC'. As other have noted, how is that much different from, say, SAIC? |
2006/4/3-4 [Computer/SW/Security] UID:42641 Activity:nil |
4/3 Can someone explain why some people where getting "Connection Closed" when trying to SSH to soda? -clueless \_ something is wrong w/ password authentication. try ssh -v to get more info. \_ yea i did that. ssh -vvv What could be wrong with password authentication? \_ on putty/win32. I checked "x-forwarding." and it worked for some reason |
2006/4/3-4 [Computer/SW/Security] UID:42632 Activity:nil 75%like:42634 |
4/3 Any idea why soda's SSH has been flaky the past few days? \_ It has something to do with LDAP being a terrorist and sshd dying randomly. \_ I always knew El-Dap was fishy. |
2006/4/3-7 [Computer/SW/Security] UID:42630 Activity:nil |
4/3 SSH is being flaky. We are working on the issue. Please be patient. In the meantime, we suggest using screen. Soda's ssh key has been changed, sorry about that (ssh was restarted, as well). We will post more as we work on the problem. Thanks, students-not-in-class - edilaic |
2006/4/2-3 [Computer/SW/Security] UID:42607 Activity:nil |
4/2 Anyone been getting a "Connection closed by 128.32.112.233" when attempting to ssh into soda? I'm getting this when using OS X's OpenSSH but not when using Java SSH. [motd format god was here] \_ I've been getting this too from OS X and from a Linux machine. Clever idea to use the Java SSH client though -- i hadn't thought of that. \_ Works fine with putty. Something wonky happened recently. Local ssh also fails. The sshd must have been broken. \_ I am using putty and I am not able to get in. \_ Further investigation: I added my key to authorized_hosts2 and can login from my OS X box now. It seems that the keyboard-interactive method is broken. -pp \- Starting last thursday around 5-6pm or so, we saw some RSTs resetting ssh connections of certain network segments I cant go into details about. We haven't figured out where they came from and a fair number of people are quite converned about this. I'd may attention to chaning hostkeys and generally go to DEFCON4 for a while. This was not in the http://berkeley.edu domain. If you see this is other domains, can you list them here. Tnx. |
2006/3/31-4/3 [Computer/SW/Apps/Media, Computer/SW/Security] UID:42568 Activity:high |
3/31 Anyone want to engage in wild speculation on 30th anniversary Apple announcements? \ OMFG TEH 1337 LIMITED EDITION 30th ANNIVERSARY IPOD! -John \_ More very expensive consumer electronics toys that lock you in. \_ The iPod locks you in how? Well, ITMS does but frankly, ITMS is lame. (Not the implementation, the whole DRM + too damn much a song) \_ I have plans to write an application that adds some of your fair use rights back in to iTunes, but does not circumvent the terms of the DMCA. -dans \_ That's cute dan. \_ I'm not sure how to interpret this. -dans \_ Ignoring the fact that you will likely be in violation of the itms terms of use, how exactly do you propose to go about doing this in light of the 2d cir's ruling in Corely (273 F.3d 429 (2d Cir 2001)) that "fair use" doesn't mean that you have a right to use in your pre- fered format? And if you do decide to take up the challenge, you may wish to speak to Robin Gross who handled the Corley matter. \_ I don't know how you can make such wild claims. \_ Reckless posting like this will destabilize the motd for generations! \_ I bet BUD DAY never posts recklessly! \_ Probably just an accident, but I find it odd that this thread from the middle of 3/31 was nuked while threads with fewer comments or responses from 3/30 and 3/29 were not. In response to the person who mentioned terms of use as well as the Corley case: Actually, the app I plan to release is something that facilitates legal sharing, not format shifting. Also, isn't there more recent case law that does support format and time-shifting as fair use? Basically, it allows you to authorize a friend's computer for your iTunes purchases for a limited amount of time, and then automatically deauthorize. This in no way allows you to circumvent having more than the max (5?) machines authorized at any one time. I still need to look at the iTunes EULA to see if *using* this app violates the terms of service. Even if it does, it's a contract violation, not an illegal act. Regardless, it's definitely legal for me to write and distribute it since it is intended to facilitate legitimate, non-infringinging fair use of copyrighted works. Also, I'm not 100% certain that my app is feasible, I still need to look into some technical odds and ends to verify this. Fortunately, we have many very good electronic rights lawyers in and around this area, Robin Gross among them, as well as Berkeley's own Pamela Samuelson, Lawrence Lessig, and Fred von Lohmann to name a few. -dans \_ AFAIK, most of there haven't been any recent cases of any significance wrt time/space shifting. You are probably thinking of the 9th Cir. ruling in RIAA v. Diamond, 180 F. 3d 1072 (9th Cir 1999). Diamond dealt w/ what constitutes a digital audio recorder; not w/ DMCA violations. The DMCA wasn't at issue b/c (1) it hadn't been passed when the case was brought, (2) may not have taken effect until 2000 (Sec 1201(a)(1) 2d sentence) and (3) CDs don't have DRM/TPM so they are not covered under the DMCA. Corley was 2 yrs later (2001) and dealt w/ the DMCA directly. My understanding is that the Corley view that fair use doesn't mean you have the right to make a digital reproduction pretty much dominates. It is of some note that the USSC avoided the whole time/shape shifting Sony argument in Grokster. I'd personally be VERY hesitant to get involved in any US effort in this area (but then again I don't want to have to cool my heels in the clink). Re production of the app, I'm not sure that your interpretation of Sec. 1201 is correct. You might be making a "device" whose primary purpose is to circumvent Apple's access control mechan- ism under Sec 1201(a)(2) (if one were to adopt the view of the unholy hordes of darkness). You might also be making a device whoe primary prupose is to circument a copy control mechanism under Sec 1201(b)(2)(A) (perhaps the RIAA could use some 100W bulbs in their offices so that they would not be forced to take so dim a view of the law). BTW, I took a class from Robin last summer and could probably put you in touch w/ her if needed "more/better" info re the DMCA, &c. \_ Oh, cool. Thanks. I'm fairly confident that writing and releasing the app is not going to get me sued. Of course, before it comes to that, I'll almost certainly get a cease and desist letter. I'll cross that bridge when I come to it. I'm good friends with a former EFF staff technologist, and reasonably acquainted with (one of?) the current one(s) so I should have some inroads. As I understand it the law is ultimately about arguments. So if this actually came to a challenge, it would be up to a judge to determine whether or not this consitutes a device who's primary purpose is circumventing an access control or if this is a device who's primary purpose was to facilitate contributory copyright infringement. Is that a reasonable assessment? Thank you anonymous motd legal advisor, I appreciate the insights. -dans \_ I love it when someone is more pedantic and long winded on the motd. it makes me so hot. \_ wtf? I asked a question. I'm not a lawyer or a law student. Whoever posted the post I was responding to clearly knows his/her shit. If my understanding of theory or process is flawed, I'd like to know it. -dans \_ Wow, so you post an honest question addressing something your ignorant about, someone gives a something you're ignorant about, someone gives a snarky reply...and you get all pissy about it? I remember you having a similar conversation not so long ago, only with positions reversed.... long ago, only with positions reversed and you getting very righteous about being snarky.... \_ My MOTD with Dans: 1. Sweeping comment Made by Dans. 2. Disagreement expressed. 3. Dans goes nuts and says "where are the facts" (not that he has really presented any) May remind you that he is Jewish. 4. You or somebody else tries to give a short reply ... Dans broadens/changes the topic ... and spends a lot of time ignorantly but occasionally entertainingly (isn't that what make it all worth it?) foaming. 5. You or somebody else takes the time to post a long informed reply in an area of expertise or experience. 6. Dans now says "I'm glad we had a civilized discussion," not realizing he has been taken to skool. \_ sic --dans #1 Fan \- that is olde english, used by people too cool for school \_ Please support your statement with facts!! --dans #1 Fan \_ Yup. Get over it. Hey look, I got my answer below, which is all I care about! -dans \_ Typical Jew. \_ This is such an obvious troll, but say that to my face some time and see what happens. -dans \_ Well, at least you're honest about your hypocrisy.... \_ Your posts lack either insight or humor? Do you have a point? If your goal is to upset me, you failed. -dans \_ You are mostly in the ballpark. There is more to the law than simply arguments, and judges are usually limited in their application of a statute to a higher ct's interpretation of that statute. I am not 100% sure, but iirc the word "primarily" has pretty much been read out of the Sec 1201(a) (2)(A). Note also that Sec 1201(a)(1) doesn't even require "primarily." There are two theories of vicarious liability you probably need to know about: 1. Contributory Infringment - You knew that users were infringing and either caused or contributed to the infringment. 2. Inducement - You knew that users were infringing, you materially contributed to that infringement and you encouraged them to infringe for personal gain. If you gave the software away, you probably could avoid the whole Inducement issue (the Grokster theory of liability), but this is still an open issue. hic sunt dracones. After reading the itms music license, contributory infringement seems like it could be a problem for you. If you look at Section 9(b) Use of Products, one may not actually own the bits that constitute a song purchased from itms: http://www.apple.com/support/itunes/legal/terms.html [ This is one reason I won't buy from itms, even though I drink a considerable amt of iKoolAid ] \_ Cool, thanks! -dans |
2006/3/15-17 [Computer/SW/Security, Politics/Domestic/911] UID:42248 Activity:nil |
3/15 Homeland Security is everyone's business: http://www.twotigersonline.com/banners.html -John |
2006/3/15-16 [Computer/SW/Security] UID:42246 Activity:kinda low |
3/14 http://news.yahoo.com/s/nm/20060315/od_nm/media_discovery1_dc Look you can look smart in front of your kids by relearning things you forgot in school! (In other words, people become dumber and dumber as they get older). \_ No, people forget things they don't use as they learn new things. \_ Just finished reading a Time article where it talks about how your brain becomes more efficient until around age 60 or so, when it starts to deteriorate. Of course, if you DON'T USE IT, then yes you will become dumber and dumber as you get older. |
2006/3/15-16 [Computer/SW/Security] UID:42245 Activity:nil |
3/15 Zfone Beta is out (secure VoIP software from Phil "PGP" Zimmermann): http://www.philzimmermann.com/EN/zfone/index.html \_ What do you have to hide? Hmmmm? |
12/25 |
2006/3/13-14 [Computer/SW/Security] UID:42206 Activity:nil |
3/13 "Big Boost Begins March 19" http://www.actransit.org/news/articledetail.wu?articleid=c1e6ca52 New transbay bus lines crossing the Bay Bridge and San Mateo Bridge, service increase to many existing lines, and the new All Nighter service. |
2006/3/10-13 [Computer/SW/Security, Computer/SW/OS/FreeBSD] UID:42188 Activity:low 72%like:42184 |
3/10 Isn't posner supposed to be smart? http://csua.org/u/f7i (news.com.com) \- What is your point? also since he would have been hearing it at the appelate level, his comment may be on some narrow legal point. i imagine he approaches this in interms of his econ approach about what ruling produces "efficient outcomes". \_ this is so fcuked up. \_ The guy who wrote the http://news.com.com must have read a different opinion than the linked Posner one. Reading the linked Posner decision, what the http://news.com.com article claims are "two remarkable leaps" are actually just direct application of the US Code ("damage" includes "any impairment to the integrity or *availability* of data" [emphasis added]) or a previous decision \_ I disagree. That US Code is "unconstitutionaly vague". Simply deleting the files constitutes "impairent" to the "availability of data." If attempting to delete the files was a violation, then fine. But the fact that he happened (unlike most people) to know how to *actually* delete the files, is, im(ns)ho, irrelevant. ("violating the duty of loyalty, or failing to disclose adverse interests, voids the agency relationship" State v. DiBiulio). \_ The way I read the statute, IAC needs to show the following in order to state a claim under the statute: 1. Citrin knowingly transmitted a program 2. To a protected computer; AND 3. Citirn intentionally used that program 4. To cause damage to the data on the computer; AND 5. Citrin was not authorized to cause that damage. Posner is hearing the case on appeal from a dismissal for failure to state a claim. Basically, at this point his job is to assume that Citrin actually did all the things IAC says he did and figure out if that would be enough for IAC to get relief. Added to this is the suggestion that some of the data that was deleted may have been incriminating evidence re a breach of contract or breach of the duty of loyalty claim. Given that it is so early in the game and the potential destruction of evidence Posner seems to think that it is probably a good idea to have Citrin tell the trial judge his side of the story before the case is dismissed. Re "damage" == "delete": To me, it seems clear that it is within Congress' power to reach unauthorized deletions of data from a protected computer under the Commerce Clause. If you access my computer w/o my authorization, intentionally install srm(1) and then srm /bsd, I think Congress has the power to hold you liable. I don't see the 5th amend vaguness argument, please explain. |
2006/3/2 [Computer/SW/Security, Computer/SW/Unix] UID:42066 Activity:nil |
3/2 very bizarre pass login behavior on soda ... I am able to login using an old password, and variations of that password ... anyone ever heard of this behavior before? I emailed root ... is anyone checking that now???? |
2006/3/1-2 [Computer/SW/Security] UID:42050 Activity:nil |
3/1 Every once in a while my ssh and X11 via port forwarding would get stuck and wouldn't respond anymore and I'd have to reconnect. Does anyone know why this is happening and how to fix it? Thanks. \_ Does this only happen after you've been idle for a while? |
2006/2/16-17 [Computer/SW/Security] UID:41894 Activity:kinda low |
2/16 When are these people going to realize how to correctly black out text in a PDF file? It's fortunate it's only driver's license numbers that were "blacked out". link:csua.org/u/f05 (latimes.com) Sheriff's report on Cheney shooting \_ I don't see what is wrong, give me a clue? \_ Try to copy out the blacked out text. \_ Try to think of the most stupid way imaginable to try to black out text in an electronic document. Bingo. \_ Hey, it might not be the stupidest. Never (mis)underestimate stupidity. \_ Beautiful. This happens almost too often in court, and people are constantly calling to see if they can get what they thought was a redacted copy off the website. --erikred \_ "I was to report to the main house." "I was instructed to park my vehicle ..." "I ... was turned over to another agent ...". Gee, how submissive. County Sheriffs work for the county, not the Fed, right? This Chief Deputy has no balls. That is, unless his report on a typical highway pullover also reads like this: "I was to report to the speeding driver's window." "I was instructed that the driver's license has expired." "I was turned over to the passenger who judged my (lack of) genital size." "I humbly submitted the written citation to the driver. Then I excused myself back to the insignificant patrol car." \_ Well, if he just ignored the secret service he'd be liable to get his ass shot. Does he have authority over them? \_ I know a guy who used to drive in nuke convoys when he was in the army. The Colorado highway patrol used to try to pull them over. They had helicopter gunship and F-15 escorts, and U.S. gov't plates, generally were not speeding, and these fuckers would come up with their little cop pistols and try to start shit. It did not generally end well for the cops. No one was ever hurt beyond a bruised ego, but they were very very lucky. \_ How do F-15 jets escort trucks going 65mph? \_ Secret Service *is* law enforcement. They can make arrests, etc. They most likely have jurisdiction wherever they are. \_ If the County Sheriff don't have jurisdiction over this incident, why was the Chief Deputy taking statements? |
2006/2/15 [Computer/SW/Security, Computer/SW/Unix] UID:41851 Activity:low |
2/15 Can one of you root guys please explain how tom has been eearily and correctly identifying anonymous motd posters? Is he abusing root or abusing his connection to root? \_ I don't think tom's been abusing root. Unfortunately, it's not too hard to identify most motd posters even without root. If you have ideas for how to make it harder, please let us know. --root \_ why should it be hard to identify who is posting to the MOTD? Do we really think the MOTD is a better place for not having the basic auditing capability that every other forum on the net has? -tom \_ I bet tom doesn't need technical means to know identify most posters. \_ Several of us have various scripted ways of figuring out who other posters are but only a childish schmuck would descend to that level in a cheap attempt to 'score' points on the motd. And his predictive abilities are hardly "eery". He has a terrible track record of identifying people especially considering how often he names names. \_ ooh, big bad tom naming names... Grow up, reiffin. \_ nice try but wrong. |
2006/2/14-15 [Computer/SW/Security, Computer/SW/Languages/Misc, Recreation/Computer/Games] UID:41841 Activity:moderate |
2/14 Related to the gaming thread below. What made you/inspired you to take CS? Computer gaming as a kid? \_ Hott CS women. I was obviously misled. \_ Isn't karen hot? \_ Note that the comment is plural. \_ If you're CS, yes. \_ I liked computers and liked the idea of controlling them. I guess I got started with LOGO and a toy robot that could be given simple programs like "go forward, turn left, go forward, flash lights" etc. \_ When I was 7 years old I used a Heathkit computer that my uncle had bought. Just seeing some of the retarded games on it got me interested. \_ Anthro 193 survey form filled out by 200+ undergrads: all but a trivial number said "money" or "parents made me for money". \_ must have been during the boom years. I liked CS because it was interesting. \_ Early 90s. Definitely pre-boom. It was a recession. \_ Writing really simple games in basic/pascal. \_ Writing really simple but cool graphics code on an old Atari. Pixels and sprites 4 life! \_ Writing machine code on Apple II with no assembler to read some hardware switches, and interfacing it with BASIC, was fun. \_ Fuckin' a. \_ Reminds me of when I wrote machine code to access the sectors of a disk directly so I could read the Ultima IV map off the disks. Then I remapped the character set of my dot-matrix printer to match the game. The map was 256x256 squares. Ah, those were the days of hand-assembled 6502. \_ Just goes to show that practical application is a powerful motivator; I learned ResEdit just so's I screw around with hex code in Prince of Persia. \_ We made our own maps on Ultima IV & III once we learned what all the codes stood for. \_ My mom was a ai researcher. |
2006/2/3-7 [Computer/SW/Security] UID:41689 Activity:nil |
2/3 OpenSSH 4.3 is out. Mostly bug fixes. http://marc.theaimsgroup.com/?l=secure-shell&m=113881090315376&w=2 |
2006/2/1-3 [Consumer/CellPhone, Computer/SW/Security] UID:41652 Activity:low |
2/1 Dear old farts. What was the consumer end of telecomm like before the 1983 divestiture of AT&T into 7 baby Bells, in terms of price for consumers, sound quality, reliability, and service? \_ Most of you youngin' were too young to remember this but back then long distance calls were prohibitively expensive. On the other hand, you didn't have tons of long distance carriers to choose from each with confusing plans, and you didn't have to worry about MCI or 1010220 or 1010-RIPOFF that exist today, each ripping you off one way or another because you didn't read the fine prints. The quality and reliability of service was CONSISTENT, meaning it wasn't all that great by today's standards but at least you knew that your line sucked as much as everyone elses. Nowadays the quality varies so much (cell, landline, voip) that it's hard to make an informed decision on choosing a good plan-- e.g. in one year Cingular's great, but next year it'll be oversaturated again. To sum up, I miss the accountability and consistency of service in the old days. I miss not having to read 10 different plans before choosing one. I miss the easy to read telephone bills-- you ever read today's bills and see how confusing it is? I wish that today's companies would offer more accountability, more independent auditing of quality of service, and above all else making plans and fine prints much clearer for consumers to make informed decisions. -old man \_ i thought it's just AT&T :p the quality and reliability was pretty good in my experience. During Chinese New Year time, however, I would have to keep dialing for hours at the time to get the international phone call through. Long Distance phone call was expensive. The most important thing, IMHO, is that there isn't much innovation when AT&T dominated the phone landscape. Call-waiting, call-forwarding, caller-ID, i think all these things cames up *AFTER* the break up of AT&T. - cant wait to see wave of innovation comes out after we breaks up Microsoft \_ Let's see how many units M$ can break up to: OS, browser and web server, dev tools, games, office apps. Browser and web server might need to break up further into two. \_ I remember standing in line with my dad so he could get a phone. You would rent your phone from AT&T, you didn't own it. I read an article about little old ladies who have been paying the phone rental fees for 20+ years because the phone companies never bothered to tell them they can have their own phones for free now. It's a not-insignificant revenue stream. \_ I might be wrong, but from what I recall you could own a phone or rent one. However, it was expensive to buy one and most people rented. \_ You could own a cheap one, but it voided out your AT&T service agreement. If something happened, they would "check the line" since your non-standard equipment might have caused the problem. Since your agreement was now void, they could charge you whatever and take care of it whenever they felt like. Mmmm... Taste that monopoly goodness. Then AT&T figured they could get around complaints and make money by selling AT&T approved phones. Welcome Princess and Slimline phones! \_ Cost of long-distance calls (let alone international calls) was prohibitive. For a modern equivalent, cf. Japan's NTT five to ten years ago, complete with phone renting, no competition. \_ "So I feel like a real consumer fool about my money, and now I have to feel like a fool about my phone, too. I liked it better back when we all had to belong to the same Telephone Company, and phones were phones -- black, heavy objects that were routinely used in the movies as murder weapons (try that with today's phones!). Also, they were permanently attached to your house, and only highly trained Telephone Company personnel could "install" them. This involved attaching four wires, but the Telephone Company always made it sound like brain surgery. It was part of the mystique. When you called for your installation appointment, the Telephone Company would say: "We will have an installer in your area between the hours of 9 A.M. October 3 and the following spring. Will someone be at home?" And you would say yes, if you wanted a phone. You would stay at home, the anxious hours ticking by, and you would wait for your Phone Man. It was as close as most people came to experiencing what heroin addicts go through, the difference being that heroin addicts have the option of going to another supplier. Phone customer's didn't. They feared the power of the Telephone Company. I remember when I was in college, and my roommate Rob somehow obtained a phone. It was a Hot Phone. Rob hooked it up to our legal, wall-mounted phone with a long wire, which gave us the capability of calling the pizza-delivery man without getting up off the floor. This capability was essential, many nights. But we lived in fear. Because we knew we were breaking the rule -- not a local, state, or federal rule, but a Telephone Company rule -- and that any moment, agents of the Telephone Company, accompanied by heavy black dogs, might burst through the door and seize the Hot Phone and write our names down and we would never be allowed to have phone service again. And the dogs would seize our pizza." --Dave Barry |
2006/1/25-27 [Academia/Berkeley/CSUA, Computer/SW/Security, Computer/SW/Unix] UID:41509 Activity:nil |
1/25 to root: just curious... what might be the causes of recent Soda unstability? are you guys doing something that may crash soda? are you guys trying to fix something? \_ The root of the problem is that the root used to be run by experienced late 20/early 30 something folks, and when the root was handed down by the new gen-Y 20 year old kids, they don't know how to run the system. In fact they prefer soda running on Windown XP. \_ http://csua.org/u/erg Rest assured, when Soda recovers from its Jan. 24th funk, it will be much happier and stable. -mrauser \_ I prefer the more straight-forward approach of the VP bat. - jvarga |
2006/1/21-24 [Computer/SW/Security, Computer/SW/OS/OsX] UID:41471 Activity:low |
1/21 How does one usually write a log file from a multi-threaded server? Is there a way to avoid using locks around the file writes? Relying on some kind of low-level atmoic writes and fsync() or something? \_ I would create a class to act as the single point of access to the log file. Have the other threads go through the logger singleton to write the info into a ring buffer and signal a separate thread to actually write to the file. - ciyer \_ Well you will need a lock to write into the ring buffer, and once one thread has that lock then if the buffer is getting full you can have that thread write the buffer and flush the output stream right? -!op \_ That should work too. I work with audio and parts of my code run in realtime threads which should not block, so I've implemented a lockless ring buffer (using CompareAndSwap on OS X) so the thread writing into the log never takes a lock and can't access the disk |
2006/1/10-12 [Computer/SW/Security] UID:41329 Activity:nil |
1/10 I added X11 forwarding (said "yes") in /etc/ssh/ssh*_config and /etc/init.d/ssh restart. However, my win ssh client still says "server does not allow X11 forwarding." What's up? \_ Silly question (or maybe not).. Are you running an X server on your windows box? Another silly question. Is X installed on said server? sshd needs to be able to find xauth, etc to do X forwarding. Make sure they're in your path. \_ THANK YOU. After thinking about this, I simply did an apt-get install xbase-clients which then pulled in all the X dependencies. Afterwards, I can do X!!! Yay! Thank you so much. By the way how do I check which package depends on others? I have no idea what package I pulled in. \_ rpm -q --requires xbase-clients -tom |
2006/1/4-6 [Computer/Theory, Computer/SW/Security] UID:41226 Activity:nil |
1/4 "Mo. Researchers Find Largest Prime Number" http://news.yahoo.com/s/ap/20060104/ap_on_sc/largest_prime_number Why are people interested in finding large prime numbers? They already know that there are infinte number of primes, so what's the point of finding them? \_ because they are there. finding more may help with proving (or disproving) conjectures about dist. of primes, etc \_ You know that prime numbers have a lot to do with public key cryptography right? \_ Yeah, but with a prime as large as 30 million bits? \_ This is usually tangential to burning in a new supercomputer. They let it sit there and compute prime for a bit. As computers get ever faster, they find new primes and it generates a little PR for the guys running the new computer. At least this is how most of these ginormous primes are discovered. \_ Learning how to work with large primes has value. We used to compute pi to billions of digits. Now we test primes. \_ This particular project is more like SETI-at-home and is validating a s/w concept re: distributed computing. Lots of these primes are incidental discoveries. \_ This is usually tangential to burning in a new supercomputer. They let it sit there and compute prime for a bit. As computers get ever faster, they find new primes and it generates a little PR for the guys running the new computer. At least this is how most of these ginormous primes are discovered. |
2005/12/26-28 [Academia/Berkeley/CSUA, Computer/SW/Security] UID:41141 Activity:nil |
12/25 I can't log into soda from my home machine. (I can ssh to beer and ssh to soda from there, however) -jrleek |
2005/12/20-22 [Computer/SW/Security, Politics/Domestic/SocialSecurity] UID:41088 Activity:nil |
12/20 Update on the "DHS visits student for book ILL" story. At least one fact is wrong. The ILL doesn't require a social security number: http://acrlblog.org/2005/12/19/interlibrary-loan-causes-a-stir |
2005/12/12-14 [Computer/SW/Security] UID:40978 Activity:nil |
12/12 On the hardware page the SSH rsa and dsa keys are listed as: RSA - 96:0d:44:65:af:9b:c2:9a:b3:19:6f:28:bc:07:85:e4 DSA - 91:cc:22:95:03:1d:92:3f:a3:4b:1d:5c:0c:44:d6:69 I think these are the keys for coke. Anyway, when I run ssh-keygen -l on soda (or when I get the keys via keyscan) I get the following values: RSA - e1:9c:e5:c7:f9:9f:f3:af:04:ef:df:2d:63:b0:84:4a DSA - 2a:5f:0c:23:c2:80:dc:ef:d4:ee:bb:4e:a5:80:25:d5 Can someone fix the webpage? http://www.csua.berkeley.edu/computing/hardware tia. \_ Finally did it. - jvarga \_ Thanks. You rock. |
2005/12/10-12 [Academia/Berkeley/CSUA, Computer/SW/Security] UID:40952 Activity:nil |
12/10 Where can I find the new ssh keys? \_ http://csua.berkeley.edu/computing/hardware |
2005/12/9-11 [Recreation/Computer, Academia/Berkeley/CSUA, Computer/SW/Security] UID:40941 Activity:nil 77%like:40940 |
12/9 Looking for a job? Come work with us at Snapfish (now a service of HP). It's fun and neat and all that stuff. Take a look at /csua/pub/jobs/Snapfish for the latest postings, and feel free to drop me a line with questions or whatnot. - ajani |
2005/12/7-9 [Computer/SW/Database, Computer/SW/Security, Industry/Jobs] UID:40906 Activity:nil |
12/7 We're looking for interns for a 3-5 month project helping us populate our security policy database for various windows applications. The work involves installing the application, using it for a while, determining the appropriate security policy, and entering it in to a database. Work is 15+ hours a week (however much you want to work above min. 15 is fine), pays $12-$15 an hour, and can be done offsite from the comfort of your own home. email sking@zonelabs.com if you are interested. --sky \_ Don't you know students don't read motd? \_ Good point. i should email jobs@csua |
2005/12/4-6 [Computer/SW/Security, Computer/SW/Unix] UID:40845 Activity:nil |
12/3 Free rootcow! \_ Freed. --mconst \_ What does this mean? ______________________________ < Someone may be abusing root! > ------------------------------ \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || |
2005/12/4-6 [Computer/SW/Security] UID:40837 Activity:low |
12/3 Hey root, did someone p0wn soda? Why'd the host keys change?! Is this a man in the middle attack? Do we all have to change our passwords and keys now? [Someone had to do it. ;-)] Thanks jvarga, you're the best. \_ I stole all your passwords. hahahahaha. Or something like that. I figure I'll actually field this question: I actually intentionally did not keep old-soda's keys. I'll post the new keys on the website when I am a bit more conscious. For anyone that is interested: http://soda.berkeley.edu/computing/hardware/soda-mark-vii.html - jvarga |
2005/11/22-24 [Computer/SW/OS/Windows, Computer/SW/Security] UID:40691 Activity:kinda low |
11/21 In windows I can disconnect anyone who's using shares on my computer. How do I disconnect from shares I'm using on another computer--for instance because I'm using a common computer and I want to revoke my authentication? \_ right-click and hit 'disconnect'? -John \_ "net use /?" from cmd shell. --sky \_ No, not a mapped drive. I mean I browse to \\server\dir and want to close the explorer windows and when I browse again I get reauthenticated. \_ Uh, as sky said: net use. It has nothing to do with whether the drives are mapped. \_ "net use \\server\dir /del". On the other hand, please tell me how to disconnect anyone who's using shares on my computer. Thanks. \_ Right click on My Computer > Manage > System Tools > Shared Folders > Sessions |
2005/11/16-18 [Computer/SW/Security, Politics/Domestic/President/Bush] UID:40626 Activity:moderate |
11/16 So, it was Hadley who was Woodward's source. He was Deputy Natl Security Advisor at the time (NSA was Rice), and is NSA now. \_ url? \_ http://news.google.com/news?q=hadley+woodward \_ "In his book, Plan of Attack, Woodward says he was given access to classified minutes of National Security Council meetings. Both Rice and Hadley were major players in these meetings." Okay, so he was given access to classified minutes and info. If he was aware that the information was classified and he revealed it, then he's guilty of revealing classified info. If he did not reveal it, then Woodward's a dead-end in this investigation, except perhaps to point out that the Administration tried to leak the info from multiple sources. \_ Are you suggesting that Woodward had some sort of s00perd00per sekr!t clearance, and thus revealing classified info to him would not be a crime? \_ If not, then yes, it's a crime, and Hadley should be charged. If he _was_ given clearance, then no. Either way, Scooter's still in the fryer. \_ NYT has hinted the Senior administration official might be Cheney. \_ but the NYT is a proven fraud, many times over. \_ You don't know what the word "fraud" means. It has not been 100% correct, nothing is, but it has won many Pulitzers for fine reporting. It has certainly got more integrity than the Bush Administration. At least they fire the liars in house, instead of promoting them and giving them Freedom medals. |
2005/11/16-18 [Computer/SW/Security] UID:40622 Activity:nil |
11/16 Why doesn't Yahoo Mail use secure web pages? Does it take a lot more hardware resource to run a secure web site? Thanks. \_ Yes. You need to actually encrypt the pages, which is probably about 10x as expensive as serving them unencrypted. So, while not resource intensive by modern standards in an absolute sense, 10x means 10x as many servers to serve the same load. That's nothing to sniff at for a big provider. \_ there are SSL engine systems they could put in front of the actual web servers to handle the encryption load and separate it from the mail servers. They're not cheap however. What were you paying for Yahoo Mail's secure mail service, again? \_ Are you saying they aren't making any money off of me? |
2005/11/12-14 [Computer/SW/Security, Computer/SW/OS/Windows] UID:40559 Activity:low |
11/11 I'm phone shopping and looking for suggestions. I don't need anything but good phone service and the ability to swap files easily with a computer. I'm on Cingular. I just found out the only data swap package for the Samsung phone I bought (SGH-X497) uses a serial port. No USB options available which kind of blows. -- ulysses \_ what kind of file you need to swap? Best addressbook /desktop integration belongs to Microsoft :( If you want to swap photos, ringtone, wall papers, etc, both Nokia and SonyEricsson has good data suite for their phones. \_ The addressbooki is all I care about. The rest is fluff AFAIAC. |
2005/11/9-11 [Computer/SW/Security] UID:40516 Activity:nil |
11/9 Does anyone know of a web hosting service that provides unix shell access that can access IMAP files? I was looking at 1and1, which offers good space/bdw and ssh access, but their mail is maintained separately from the hosted files, which is kind of lame. I'd like to be able to easily import or backup IMAP files using something like scp. Thanks! -mds \_ price range? \_ Yes. \_ 1and1 with shell access an 10GB of space is $10/month. I'd like something similar (e.g. < $20/month if possible) that has a shared pool of mail and web data. It would have to be less than the cost of co-hosting my own box (which I don't have time for right now). Alternatively, I guess some means of doing bulk transfers of IMAP data might work in a pinch, but I haven't seen a client capable of doing that? -mds \_ Typically your IMAP data is owned by one of the mail server accounts and couldn't be read by your UNIX account. \_ so then you're completely at the mercy of the server backups? I'd think there would be some way to take a dump of those remote files as well? Haven't found a thunderbird plug-in or similar to do so, though. \_ belay that, found the link below. Thanks! -mds_ http://gemal.dk/blog/2004/02/19/backup_your_imap_mail \_ How about fetchmail? --dbushong |
2005/11/8-10 [Computer/SW/Security] UID:40487 Activity:nil |
11/8 Don't forget, there's talk on software election security by one of the leaders in the field, Dr. David Jefferson. It's tonight at 6pm in 306 Soda, \_ How long is the talk supposed to run? \_ Probably about 1 hour. \_ Why is it not held before the election day? \_ Basically logistical reasons. David Jefferson is a busy guy, and originally he was going to speak on something totally different. We didn't get it all figured out until last week, and the room is availible today. -jrleek |
2005/10/31-11/1 [Computer/SW/Security, Computer/Networking] UID:40347 Activity:moderate |
10/31 What's the best tool out there to crack WEP? \_ pissed that your neighbor finally enabled encryption? \_ Can't hack into the webcam in their daughter's bedroom? \_ mmm, daughter cam. \_ Auditor collection. http://www.remote-exploit.org and make a donation to Max. You owe me a coke. -John |
2005/10/30-31 [Computer/Networking, Computer/SW/Security] UID:40339 Activity:nil |
10/29 I'm using ssh X port forwarding and just got a DLINK game router. Which port should I prioritize? \_ its all over ssh -- port 22 |
2005/10/28-31 [Computer/SW/Security, Computer/SW/Mail] UID:40324 Activity:nil |
10/28 Abandon the Web! guerrilla platform warfare: http://csua.org/u/dus |
2005/10/27-29 [Computer/SW/Security, Computer/SW/Unix] UID:40291 Activity:low |
10/27 Okay, is ftp completely gone? I'd search the motd archives but, wait for it, there are none. \_ try sftp or scp. most sftp clients that I've used have scp support for transfering multiple files or directories. \_ Hm, does WS_FTP do sftp? \_ Use Filezilla. \_ putty has a free command line scp binary that I use all the time. I've never tried their sftp client, but it can be found here: http://www.putty.nl/download.html -sax \_ See section 3 of last week's minutes. -gm |
2005/10/22-24 [Computer/SW/Security, Computer/SW/WWW/Server] UID:40230 Activity:nil |
10/22 I want to set up a Wiki site for users of a software framework, but I'm concerned about security. Are there any Wiki engines that are particularly good about security? Any good sites discussing this? Thanks. - ciyer \_ Not twiki. \_ google for natswiki. It's a mod of twiki. |
2005/10/22-24 [Computer/SW/Security] UID:40227 Activity:nil |
10/22 How come .nofinger does not prevent people from getting my last login remotely? \_ Make sure fingerd has permission to access your home directory -- otherwise it can't see your .nofinger file. Try "chmod a+x ~". \_ Can't reproduce. Sanity check: soda has a hacked up fingerd. Are you trying to put a .nofinger somewhere else? |
2005/10/16-19 [Computer/SW/Security, Computer/SW/Unix] UID:40126 Activity:nil |
10/16 I accidently overwrote a file in my home dir. Is there a process where I can request the version of this file from, say, 1 month ago? Or are there even backups/archives like this at all? \_ mail root \_ Yes, backups do exist. Right now, they are not mounted, so you will need to email root. Be aware that backups do rotate out, and are currently being sporadically manually done, so email sooner than later -- njh (the guy who runs backups) \_ Thanks!! Now that I think about it, I might actually have my own backup from the time I want, though it would be on a PC that I don't have access to today. I'll check for my own backup before emailing root, but it's good to know that root can help me if necessary. Thanks! -op |
2005/10/15-16 [Computer/SW/Security, Computer/SW/Unix] UID:40104 Activity:nil |
10/15 Here is a proposal, a compromise for both parties. Split /etc/motd.public into two files-- one is /etc/motd.civil which is logged and viewable by root only, and is viewed in default .login. The other one is /etc/motd.wild, which is unlogged and is pretty much like our current motd. \_ The problem with this "solution" is that it does not fix the problem of threats, slander, etc, from the point of view of the politburo. They are still responsible for hosting it. -ausman \_ Your welcome to create ~user/cesspool.motd if you really want a place where you can be threatened at will by anyone. Root will not breach the anonimity of the logs unless there is a specific post which requires it. -mrauser \_ I have a better idea. We'll have one file called /etc/motd.public which is an open forum for discussing politics, fundamental computer science, the computer industry, general science, sex, and the meanining of life in a lively, free form, while also posting timely links about current events and giving recent grads a leg up on their careers. Then we'll have another file called /etc/motd.jamf, where a small group of people can have a carefully logged and moderated discussion of vi/EMACS, the latest linux kernel and monty python. Anyone who mentions politics, sex, violence, industry, uses a swear word, or says anything remotely useful or interesting on /etc/motd.jamf will recieve a demerit. Three demerits will banish them forever from /etc/motd.jamf. |
2005/10/14-2010/9/30 [Academia/Berkeley/CSUA, Computer/SW/Security, Computer/SW/Unix] UID:40095 Activity:nil |
**/** Do not mail individual members of root for assistance. You will be ignored! Your root staff are: steven, edilaic, mconst, jvarga, mikeh, mrauser, kimbrel, toulouse, vaheder Your Politburo are: kimbrel (P), steven (VP), toulouse (S), yns88 (T), vidya (L), steven (E), bordicon (A) Your new Politburo are: toulouse (P), steven (VP), eyung (T), stevenk (S), sakura (L), dw5ight (E), scotspin (A) The uncensored messages below this line may not reflect opinions of the CSUA. |
2005/10/13-14 [Computer/SW/Unix, Computer/SW/Security] UID:40061 Activity:very high |
10/12 [moved to top] I strongly suggest everyone read the minutes from the last meeting. Both changes to the motd and soda itself were discussed. -jrleek \_ (Put up front since it's relevant) One thing that was left out of the minutes is this: although we decided to enable logging of the MOTD, we would like the implementation to be put in place by the users OF the MOTD. The decision stands and is not debatable, but the flavor of it is up to you guys. The current proposition is to enable kernel auditing, such that only root can view the logs. If you have a more palatable idea, you're welcome to submit your opinions to root@csua. Of course, 'ideas' are not nearly as useful as 'implementations', if you propose something non-trivial. \_ I don't have any complaint on any of this. I just like to ask if you guys can consider making the list of people who have root public, and tighten access control to only those who should have root. Secondly, I'd like to ask if you guys can make all user complaints and requests to expose offenders public. I'd hate to see root exercising power under the hood without any form of auditing. Without public auditing there is no check and no balance. \_ Why perpetuate the scam and make us lend the logging an air of respectability? \_ I am amused by the fact that this was posted anonymously. -gm \_ Exact proposition: "To allow, when necessary, root-types to identify exactly who posted any message in the MOTD" \_ If I read these correctly, the change that will be implemented is a foolproof way for root-types to know who is posting to the motd, so that people who make direct threats can be found. Somehow I doubt this is gonna raise the quality of the discourse around here. \_ The problem is we've apparently seen root-type people abuse their root in the past to un-anon people on the motd they simply don't like. I'd like to know who the root-type people are and that there is some official (as official as the csua can get) process in place to a) make sure no one else has root and b) make sure the very limited set of people with root are known and c) revoke root privs of abusers. I was once in favor of a totally anon motd, but given some of the vicious and excessive personal attacks, threats, and named posts clearly intended to destroy other people, I've changed my mind on the topic. Free speech is a good thing but yelling fire in a theatre is not ok nor is abusing anonymity to harass or ruin others. \_ The root list has been getting cleaned up, and I have made sure that the only people with root on any of the new machines are active, trustworthy root types. Furthermore, abuse of root power by anyone to un-anonymify someone for any reason other than official business is an immediately squishable offense in my book. If I caught someone using root logs to spite someone on the motd, I would not hesitate to not only revoke the root cookie, but also sorry that person's account. I would even take such action on a current member of Politburo if they did such. I consider the privacy of the people on this server, and the professionalness of those who have access to priviledged information on this server very important. - jvarga \_ You are a thin-skinned idiot. \_ Haven't been around here that long, huh? \_ Only about 8 years. What'd I miss? \_ Pfft. n00b! -meyers \_ You missed the part where not abusing root is a good thing, and an obvious thing. Where have you been? \_ Vicious and excessive personal attacks? Perhaps, but the motd is not for the faint of heart. This is less "fire" in a theater and more theater of the absurd. More Sproul Plaza than debate club. Keep it anon. How else am I supposed to make my snide "yermom" comments without looking like a total sleeze? \_ yer mom doesn't mind looking like a total sleaze. \_ You're correct that too many people have root. We'll get an automatic reset when we switch to new soda, we should set up some new rules then. \_ So let's say some user provides a web- or e-mail based front-end to let anonymous types modify motd. The soda log will show that the creator of the interface is making changes, even though it could be Joe Loser off the Internet. I suppose at the first abuse then that interface should be shut off? \_ Before the first abuse; it's against policy to share your account. -tom \_ Has this specific example been tested yet? ("share your account" encompasses providing a web/e-mail interface for people outside soda to anonymously modify motd) \_ "share your account" means whatever they want it to mean. \_ This would also qualify under "don't be a hoser." -tom \_ Just curious, but how many of you outraged motders are actual csua voters? \_ I'm disappointed that the CSUA would run Linux, I'm not sure what the issue was with BSD. There was a big push to get it working at the end of last year, and as far as I know it was. What happened? --jwm \_ How competent is the vp? This is not intended to be a put down as such, but failing to get bsd to boot may be \_ How competent is the vp? Failing to get bsd to boot may be meaningful or meaningless, depending on vp cluefulness. \_ As freebsd developers have trouble getting 5.4 to run on certain amd boxes, I wouldn't use this as a guide to VP cluefulness \_ You do know that my question regarding vp cluefulness still applies until you show (boot_bsd(clueless admin) == 1) for all values of clueless admin. \_ What's wrong with Linux these days? (Aside from TRADITION!) \_ If you have to ask, you don't know. \_ Yes, that would be why I'm asking. \_ Install the 2.6 kernel and see how long it lasts under load. \- can you elaborate on this a little. i have some crunching farms and the people who run them for me appear to slowly be moving toward 2.6. tnx. |
2005/10/13 [Computer/SW/Unix, Computer/SW/Security, Politics/Domestic/President/Bush] UID:40060 Activity:nil |
10/12 root, please do not squish me for posting this treasonous url anonymously. also the picture is wrong, p bush was funding them until 1951. http://www.indybay.org/uploads/p1090147a.jpg - danh \_ It's been nice knowing you danh, I shall miss you after your mysterious disappearance. \_ Huh, I didn't realize we were into punishing the sons for the sins of the fathers. |
2005/10/8-9 [Computer/SW/Security] UID:40023 Activity:nil |
10/7 putty seems to lock up on Windows about 10 minutes after I don't type anything ... Even with the keepalive with a "Network error: Software caused connection abort" ... Adding the keepalives didn't make any difference. Had to switch since soda no longer supports ssh1 ... How do I stop this from happening? \_ are you implying that your previous ssh client didn't do this? \_ Yes teraterm + ttssh never had this problem. \_ Same problem here--I am behind a firewall with a timeout setting (haven't checked yet how long). This is the same for OpenSSH 3.8.1p1 on OSX, commercial SSH on XP and Mindterm. Use spinner, that usually works for me. -John \_ try both TCPKeepAlive and ServerAliveInterval on openssh... curious to know if one helps and not the other. |
2005/10/6-9 [Computer/SW/Security] UID:40007 Activity:nil |
10/6 What's the easiest way to get the ip from the env var SSH_CLIENT="10.10.10.10 1212 22" in bash? I want to use it to set the DISPLAY env var. \_ see man pages for any/all of: sed, awk, perl, cut, tr (and many others). \_ Why are you doing this? ssh will set DISPLAY itself if you run it with the right options, and it will do it securely. -tom \_ Ah, thx. \_ ssh -X -l mylogin hostname \_ ssh -Y -l mylogin hostname \_ Ok, now it's slow. ;) What's the fastest cipher and mac to use? The choices are: rc4/blowfish/aes-128/192/256/twofish/3des... \_ plaintext. \_ IMO, blowfish is the best blend of speed and security \_ RC4 is by far the fastest, and secure enough for joe averages using SSH2. \_ After you log in, how do you see what cipher/mac is in use? \_ depends on what ssh you use, obviously. i don't know of a way for openssh. use -v to see what's being negotiated. \_ Ok, now it's slow. ;) What's the fastest cipher and mac to use? |
2005/10/4-6 [Computer/SW/Security] UID:39972 Activity:nil |
10/4 New AC Transit Transbay Service Begins December 5th http://www.actransit.org/news/articledetail.wu?articleid=35e17163 |
2005/10/3-5 [Computer/SW/Security] UID:39961 Activity:nil |
10/3 I would like to download my work calendar to my personal laptop which is running XP outlook whilst the server is Exchange 2003. The computer is not a member of the domain; the standard " add exchange account" fails once it can not resolve the username via check name. I have no problems using imap or the web access to get access to the mail. I can also log into shares on the machine as well. is there a way to download the calendar via the cli ? \_ You don't need to use 'check name'. It'll be something like windowsloginname@exchangeserver.domain.com where domain is your AD domain (AD usually but not always corresponds to your DNS domain.) Check with a co-worker's outcrook that works. If you can't figure it out, let me know and I'll check in a few days. -John -- I found out what the problem was. There is a value in mapisvc.inf called PR_RESOURCE_FLAGS that needed to be changed in MSEX section. Thanks for responding |
2005/9/21-23 [Computer/SW/Languages/C_Cplusplus, Computer/SW/P2P, Computer/SW/Security] UID:39809 Activity:nil |
9/21 http://tinyurl.com/7swro It's the dawn of the age of uninhibited file sharing! LionShare is creates a neat, private sheltered place where people could shop music and movies to their heart's content without entertainment companies ever knowing. |
2005/9/20-21 [Computer/SW/Security] UID:39782 Activity:high |
9/20 what is 'fan service' in anime? \_ scantily clad female characters \_ It has more to do with very extraneous scenery that doesn't enhance plot, character, etc. Mostly yeah, it's little revealing clips (random upskirt shots, etc) but depending on the feature and subject "fan service" can refer to anything 'extra'. \_ I think wikipedia is pretty good here: http://en.wikipedia.org/wiki/Fan_service \_ Wikipedia failed on the word BBFS, bare back full service \_ Go in and fix it! |
2005/9/17-20 [Computer/SW/Security] UID:39722 Activity:nil |
9/17 While using eMule, after some hours, it loses the internet connection, sort of. eMule continues to work fine. If I have an open ssh connection to csua, that's working fine. But I can no longer go to any web pages, open any new ssh connections, and some of the IM programs lose their connection and won't reconnect. The only solution I've found is to reboot. Is there any other way? |
2005/9/11-13 [Politics/Foreign/Asia/China, Computer/SW/Security] UID:39626 Activity:nil |
9/10 One more data point that libertarianism leads to chaos: http://news.bbc.co.uk/2/hi/programmes/click_online/4227578.stm \_ "It can be used for many good things, like giving the oppressed a voice, but users can also preach race-hatred or share child pornography with complete impunity." Gee, what else does that sound like to you... I know! Speech! Hands! Computers! Brains! Ban them all! \_ Any politcal/economic system can be a problem if unchecked. That why we have limits on speech, captialism, etc. |
2005/9/9 [Computer/SW/Security, Computer/SW/WWW/Browsers] UID:39585 Activity:kinda low |
9/9 Dear Park B1 (Firefox 1.5) is out: \_ "Deer" Park you moron. http://www.mozilla.org/projects/firefox OpenSSH 4.2 is out as well: http://marc.theaimsgroup.com/?l=secure-shell&m=112558710925132&w=2 Portable: http://www.openssh.org/portable.html OpenBSD: http://www.openssh.org/openbsd.html \_ fyi, that B1 means Beta 1 (didn't know myself) |
2005/9/7-9 [Computer/SW/Security, Politics] UID:39549 Activity:nil |
9/7 Awesome, London's mayor thinks the bombers families should be allowed to attend the national memorial service for the victims. http://news.bbc.co.uk/1/hi/england/london/4220836.stm \_ I think it's a good gesture. Or shall the sins of the father be visited upon the son, and his son, and further unto 5 generations? \_ Ob affirmative action. \_ It would be a nice gesture if the victim's families invited them (highly unlikely), not the frinkin' mayor. Inviting the murder's family to the victim's funeral is asking for trouble. \_ True, but it's suicide 'victims' too. |
2005/9/6-8 [Computer/SW/Security, Computer/SW/Unix] UID:39525 Activity:nil |
9/7 Is there a way to change passwords on windows from the cmd line? I only have a telnet session... Thx. \_ Your google fu is weak. http://support.microsoft.com/?kbid=149427 -John |
2005/9/6-7 [Computer/SW/Editors, Computer/SW/Security] UID:39523 Activity:low |
9/6 Probably old news to some of you, but what do you all think of the "Street Performer Protocol"? http://www.firstmonday.org/issues/issue4_6/kelsey \_ I'd probably never go for it. \_ I think the ideas sounds interesting in parts, but I don't see how it could work as the primary mechanism for funding of copyrighted works. An author who wishes to publish his first novel will not be able to get donations, so he needs someone else (i.e., a publishing house) to decide he is worth it, market the book and put it in stores. That publishing house needs to have control of the copyright to at least some extent, because they publish and promote a lot of books by first-time authors and most of them don't make money, so to fund their operations they need to make their money from the few successful books. The idea might work for Stephen King. -tom \_ Stephen King tried it and it failed him if I recall. \_ King tried putting his books up for download by serial, with small payments, but without any escrow. So very few people actually paid for them because they were all available on the the file-swapping services for free. If he said "OK I want to make $100K off this book" and waited until there was $100K in escrow, the file-swapping problem would be mitigated. -tom \_ It's overly optomistic about a performer's skill. One of the greatest resource of a publishing house is it's editors. First novels are hardly ever insta-classics without the vicious advice of an editor. Plotholes, meandering writing, lack of character, inaccurate facts, etc. sinks books even before they are finished. A good editor will fix that. Plus, a partially written book does nobody any good. Authors should create a finished product or they will find themselves lost like a potter trying to glaze a wet piece of clay. |
2005/9/2-3 [Computer/Rants, Computer/SW/Security] UID:39448 Activity:low 52%like:39356 |
9/2 Evil Corporation Wal-Mart response to New Orleans looters: http://informationweek.com/story/showArticle.jhtml?articleID=170102839 \_ $15m in goods at retail prices or Wal-Mart prices? \_ When is Bill Gates going do donate some Office 97 to the victims? \_ I wish you'd post your names so I could hate you both properly. Fucktards. \_ What do you think the "sandbags" are filled with? |
2005/8/30-31 [Computer/SW/Security, Consumer/TV] UID:39354 Activity:nil |
8/30 http://cbs5.com/business/finance_story_228124420.html Interesting map idea, but I think would would be even cooler is a 3-D satellite map. Right now Google has a 2D satellite map, but if they can scan, interpret, and re-render the terrain in 3-D that'd be even cooler |
2005/8/29 [Computer/SW/Security, Academia/Berkeley/CSUA] UID:39326 Activity:nil |
8/28 The yellow triangle "Time Warner Full Service Network" poster has been taken down from the CSUA Office. If this has any lore-value to anyone, come grab it ASAP. First come, first serve. - amckee |
2005/8/23-24 [Computer/SW/Security, Computer/SW/Unix] UID:39241 Activity:nil |
8/23 Looking for a good backup software for Windows. Preferably free, or something cheap with encryption. I'm sick and tired of manually using MS's backup software to create a tar-like file and then using my pirated Nero to burn it on the DVD. ok thx. \_ Check out the backup reviews first. http://www.backup-software-reviews.com I downloaded a copy of Genie Backup Manager, trial version. It is very good. I got it from Bittorrent with serial keys but I liked it so much that I decided to buy it from them. \_ I use Acronis True Image to back up my Windoze disk to an external hard drive. It's fast: 1 gigabyte / minute over FireWire or an efficient Hi-Speed USB 2.0 interface. Image is password-protected (though not encrypted, but I think the password protection is good enough). Buy the download version off http://newegg.com. |
2005/8/23-24 [Computer/SW/Security] UID:39233 Activity:low |
8/23 Hi motd. I recently got a Dell Latitude D610 from work. There is a "Hard Drive Password" feature in BIOS. After setting it, now every time I boot it asks me for this before it loads the OS. Does anyone know if this password is stored on the drive or on the mobo? E.g., if the latter, I can just put the drive in an external enclosure and access all files. Thanks. I suspect the latter. Okay, I see here it looks like the former: http://www.pcreview.co.uk/forums/thread-1942031.php \_ Depends on the make & model. A lot of mfgrs deal with the password with a combination of bios and either an eeprom or a reserved area on the drive. Generally it's some variant of the bios being a sort of "handler" for the password info which is stored elsewhere. The good news is, there are ways of breaking this with some understanding of electronics diagrams and a degree of proficiency with a soldering iron. With some IBMs, for example, you need to nuke the password on the particular laptop it was set on before you can use it for something else (unless of course you break it, which is difficult-but-not-impossible.) I did some research on this a while ago for a project, but my info may be out of date. -John \_ fyi, I downloaded the spec doc for the Hitachi 5K80 Travelstar, and there's a whole section on this, which leads with: "With a device lock password, a user can prevent unauthorized access to a device even if it is removed from the computer." It sounds like \_ fyi, I downloaded the spec doc for the Hitachi 7K100 Travelstar, and there's oodles about password set/clear/change. Presumably this is all stored on the HD. Upon further reading, it looks like the drive supports a Master Password and User Password. Presumably the Master Password is known only to Dell and is different for different service tags, and is used to unlock the drive if the user forgets the User Password that he or she used to lock the drive. Unfortunately it looks like all you need is a keygen program to get the Master Password for Dell Latitudes: http://www.techspot.com/vb/topic18780-pg4.html&pp=20 Doh! -op I do agree that if you speak with Dell they'll probably tell you a special way of clearing the "Hard Drive Password" if you authenticate with them completely. And DriveSavers probably knows exactly how to do it without any trouble. After googling for a while, it looks like this is the only way to clear the hard drive password: http://dp.allhyper.com Much easier to clear the non-hard-drive passwords. -op \_ OK the mechanism I found consisted of soldering together a bit of electronic gymcrackery according to a set of wiring specs I found, which would slurp the password hash off the laptop via serial and let you dump it on a PC in order to crack it. I'd be very interested in what you find, so if you would like to look at the bit of poking around that I did, drop me a mail (non-bouncing email in my .plan) -John \_ Oh, it's just the link I posted -- run the keygen against the reported hard drive code, obtain the password which clears the other passwords. Apparently another mechanism involves a paperclip shorting some pins. -op \_ Good news. That keygen only works for old service tags (ending with extension -D35B). Then, I e-mailed the owner of the document that describes how to unlock passwords using a paperclip (shorting some pins). He says his method is only for the BIOS passwords, and there is nothing he knows of that can unlock the "hard drive password". Yay. -op \_ See above, offer still stands (dunno if it'll be of any use but might give you some pointers of where to look.) -John |
2005/8/8-11 [Computer/SW/Security] UID:39058 Activity:nil |
8/8 Any tips on getting a bank, cell phone company, or utility to properly acknowledge a change of address? With my recent move, both PG&E and Cingular fucked up the change. In PG&E's case, they moved the location of the account (i.e., where the gas and electricity was being delivered), but not where the bill was being sent. In Cingular's case, they just dropped the ball completely and failed to move the account at all. In both cases I called specifically ahead of time to move the account. Since the Post Office acknowledged my forwarding request, but never forwarded any of my mail, I never got any bills and got hit with all sorts of "surprise" disconnection notices recently. \_ You could try praying. \_ Cingular's customer service is so f*cked up. Best bet is to contact their customer service and get someone to give you their direct phone number for future inquiries. If you get a different person for each customer service inquiry, then just start praying. \_ I moved several times in the past. Every time PG&E always sent the bills of the old and new accounts to my new address properly. USPS forwarded most of my mail properly for a year or so. Once a while a piece of mail slipped USPS's forwarding mechanism and went to the old addresse. \_ I had a serious snafu with PG&E that took 6 months to resolve. The short version is they couldn't keep track of what money was supposed to go toward a deposit and what was towards my bill. Even after you call them, the rate they actually fix things is much slower than the rate the computers send out "we're shutting off your electricity" notices, so I had to call a lot to confirm with someone "Yes, I see the notes here, the paperwork just hasn't gone through yet. Don't worry, we won't shut you off." I'd say call once a month until things are resolved, and when you call, just give them your account number so they can bring up your case history and catch up on the story. Thank goodness I don't have to deal with PG&E anymore. -bz |
2005/8/8 [Science, Computer/SW/Security] UID:39036 Activity:nil |
8/7 I heard something about someone attempting to utilize NIS authentication on Sloda. What was the exact nature for this, was it to allow for a centralized system to manage users amongst the different computers within the CSUA? What is currently being utilized for this, and why was NIS chosen vs. a less obsolete technology like LDAP? \_ Why do you think somebody owes anonymous you an explanation? Check the wall, motd logs. |
2005/8/4-19 [Academia/Berkeley/CSUA, Computer/SW/Security] UID:38981 Activity:nil |
8/3 Soda home directory quotas increased. Don't spend it all in one place. --dlong \_ So quit your bitchin'. \_ Home dirs are now mounted off the new file server. Quota increases abound, faster home dir access (no more home dirs on TDA!), etc. *prepares for flames* Logins unified under NIS. Everything appears to be working. Please email root if not. I need a very long vacation. Hopefully new soda will be up soon. - jvarga \_ Looks like keg is having issues with updating quotas on the fly. Looking into it. - jvarga \_ Anyone with a UID over 20000 didn't get a home dir quota assigned to them. I've fixed that. Sorry! - jvarga |
2005/8/2-4 [Computer/SW/Security, Computer/SW/Unix] UID:38939 Activity:nil |
8/2 How do you create an NDMP user/pass on a netapp? The docs seem to tell me how to check a given user for a password but not set up a new user. thanks. \_ Just use the admin/root user. |
2005/7/26 [Computer/SW/Security] UID:38825 Activity:high |
7/26 Doing the jobs American's won't do... Mexican accused of leading document-fraud ring - Millions of phony IDs for illegal aliens http://www.freerepublic.com/focus/f-news/1450601/posts \_ Yay, freeper is back! --freeper #1 fan \_ And Freeper doesn't know how use an apostrophe! What a dolt. \_ Nice way to duck the issue raised with a weak personal attack. I don't read freeperlinks or like freeperguy but you're making yourself look more stupid than freeperguy. Either respond intelligently, putting him in his place, or ignore it if you have nothing worth saying. \_ What's the issue to duck? Freeperguy hates immigrants. This has been long established. There really isn't much to do except make fun of him. <<<<<<< /home/sgi/dcs/tms \_ I'm not ducking anything. I didn't even read the article, sounds boring. He didn't even make a point. ======= \_ You haven't made fun of him. You've made yourself look petty, stupid, and childish, assuming it was you getting personal above. Just ignore it. Why can't you see you're only encouraging it? \_ FWIW, I wasn't the one making fun of freeperguy's grammatical problems. --pp \_ And he's getting incredibly good at hiding his identity >>>>>>> /etc/motd.public |
2005/7/18 [Computer/SW/Security] UID:38675 Activity:nil |
7/18 I'm trying to infiltrate into the freeper site but apparently they already blocked off an entire class D network, both at school and at home. Does anyone have a similar problem? Can I get an anonymizer to work? Anyone recommend a good and FREE anonymizer? Sameer's <DEAD>anonymizer.com<DEAD> stops working after clicking a few times. \_ Don't you have anything better to do? \_ A real hacker would know how w/o using crap like anonymizer. |
2005/7/14-16 [Computer/SW/Security, Computer/HW/Drives] UID:38619 Activity:moderate |
7/14 Anybody upgrade to PGP desktop 9.0? I'm wondering how the "Whole Disk" encryption is working out. Comments would be appreciated. Thanks. \_ I would also appreciate if anyone could give any feedback on this. We are thinking about using it as an encryption system where multiple users need access to the files. -mrauser \_ Go to class, mrauser. - jvarga \_ Why? Are you hiding porn from Cisco's tough anti-porn initiatives? \_ I consider it the ultimate crime to hide porn on any server I administer. If you have pr0n on soda, you must make it publicly accessible or face my wrath. Pr0n is a glorious resource that should be shared freely with all who seek it. To summarize: no hiding porn! - jvarga \_ Addenum: if I have to su to get to it, you're making me do too much work. - jvarga \_ I vote jvarga as the most humorous admin EVER!!! \_ I may have a backup of the j-pr0n archive lying around (from around the same time as safari, I think.) Let me know if you want this magnificent piece of CSUA history. -John \_ upgrading to 9.0 broke a lot of stuff. we downgraded back to 8.x. |
2005/7/14-15 [Computer/SW/Unix, Computer/SW/Security] UID:38611 Activity:moderate |
7/13 Soda is back up, and the rest of the servers are slowly being brought back. We're fixing lots of errors on all machines. We'll keep you all posted. - jvarga \_ DikuMUD doesn't work anymore. Can you please restore it, or if you can't find it at least install a new version? I'd like to start as level 29, one level before immortal. Thanks jvarga! \_ Office accounts are going to be dead until I can figure out why the *(#)&^*)#$ debian doesn't like netgroups. Anyone with insight on this, please email me/root. Thanks. - jvarga \_ Looks like I've fixed office accounts on everything but martini. Problems to root. Moving on to the next stupid issues that came out of this move... - jvarga (needs a life, and a raise) \_ Great work. Thanks. \_ Thanks for the time and effort you've put into this. \_ Many thanks for seeing this through. \_ Come now, all this nicey nice is unbecoming. Where's the obligatory alumni bitchfest? \_ Err, I still remember what it was like being a ugrad in cs. I appreciate the work being put in for little reward. -mice \_ Perhaps most of us are used to the trials and tribs of this sort of thing. \_ Awesome, thanks. But when do we get new soda? \_ This is the first step to getting new soda online. But in the interim, new soda needs to stop doing things like playing the "OS not found" game on boot, and tell me why sshd is dead. - jvarga |
2005/7/14-8/4 [Computer/SW/Unix, Computer/SW/Security] UID:38609 Activity:nil |
7/13 Scotch will be coming down tonight. Expect disruption in CSUA service between 7pm and wheneverweactuallyfinish. We don't intend on bringing soda down for more than a few minutes to rotate it in the rack (so that it cooks evenly). Probability of list disruption will be high. Office accounts will be unavailable. Njh will be piss drunk. - jvarga \_ 7/14 Soda is back up, scotch is back up, lists are down, office accounts are down. We're working on things, but I have to be up at 6am for work. - jvarga \_ 7/15 Office accounts are working again after much mudwrestling with all systems involved. Debian mirror and other services on screwdriver are back up. Send booze to root. - jvarga \_ 7/24 Just realized that soda's FTP was being mounted off of scotch (wtf?) and that's the cause of people's complaining. Am looking at possible solutions. Please be patient. - jvarga \_ 7/24 Lounge machines should be working again for the most part. Still screwing with xterm logins. Send booze. Now. - jvarga / / July 12, 2005 Root is planning to swap out scotch.CSUA for a newer machine in the next few days as part of planned server upgrades. Scotch serves DNS, NIS for the office, mailing lists, and is soda's backup mail server. During the downtime, some or all of these services will be unavailable. The length of the outage depends on our luck, but we hope to have everything back available within a few hours with as little disruption as possible. Note that the soda motd will continue to be as troll-filled as usual. Additionally, the scotch replacement will bring in phase 1 of the new soda upgrade. We will be unifying soda logins and office logins (but not home directories), which means that I will be pulling the password database off of soda to serve as the master list for office logins. This means that if you have an office account, your office password will be the same as your soda password. If you did not have an office account before, this change will not grant you an office account. The exact date and time of this switchover will be announced soon. Please direct all questions/comments/concerns to root. jvarga |
2005/7/13-14 [Politics/Foreign, Computer/SW/Security, Politics/Domestic/Crime] UID:38600 Activity:nil |
7/13 http://csua.org/u/cp6 (findlaw.com) "Whoever, having or having had authorized access to classified information that identifies a covert agent, intentionally discloses any information identifying such covert agent to any individual not authorized to receive classified information, knowing that the information disclosed so identifies such covert agent and that the United States is taking affirmative measures to conceal such covert agent's intelligence relationship to the United States, shall be fined under title 18 or imprisoned not more than ten years, or both." ... so, what do you think? I don't see "name" in the above, just "identifies", so I guess it depends on what the meaning of "identifies" is. A lot of it is also intent and foreknowledge. \_ Rove's claim that "I didn't know her name" is totally irrelevant. Identifying someone as "his wife" uniquely establishes her identity, except possibly in Utah. |
2005/7/12-13 [Computer/SW/Unix, Computer/SW/Security] UID:38553 Activity:low |
7/13 Scotch will be coming down tonight. Expect disruption in CSUA service between 7pm and wheneverweactuallyfinish. We don't intend on bringing soda down for more than a few minutes to rotate it in the rack (so that it cooks evenly). Probability of list disruption will be high. Office accounts will be unavailable. Njh will be piss drunk. - jvarga / / July 12, 2005 Root is planning to swap out scotch.CSUA for a newer machine in the next few days as part of planned server upgrades. Scotch serves DNS, NIS for the office, mailing lists, and is soda's backup mail server. During the downtime, some or all of these services will be unavailable. The length of the outage depends on our luck, but we hope to have everything back available within a few hours with as little disruption as possible. Note that the soda motd will continue to be as troll-filled as usual. Additionally, the scotch replacement will bring in phase 1 of the new soda upgrade. We will be unifying soda logins and office logins (but not home directories), which means that I will be pulling the password database off of soda to serve as the master list for office logins. This means that if you have an office account, your office password will be the same as your soda password. If you did not have an office account before, this change will not grant you an office account. The exact date and time of this switchover will be announced soon. Please direct all questions/comments/concerns to root. jvarga |
2005/7/8 [Computer/SW/Security] UID:38481 Activity:nil |
7/8 Anybody use PGP mobile (from http://pgp.com) for PalmOS? How is it? It doesn't seem to support the "encrypted virtual disk" feature like on the PGP desktop versions. I'm wondering if that's even possible under PalmOS. I have files on my PC that I dump into the PGP disk. I want to take that PGP disk (just a file actually) and view it on a Palm PDA. Is that possible? http://pgp.com discontinued their pgp mobile product. Note that file-by-file encryption is not practical. I don't want to do this manually one by one. Thanks. [reposted; not sure why it was deleted -thanks] |
2005/7/7 [Computer/Networking, Computer/SW/Security] UID:38458 Activity:nil 80%like:38453 |
7/6 Steal someone else's wife, go to jail: http://news.yahoo.com/s/ap/techbits_wi_fi_theft |
2005/7/1 [Computer/SW/Unix, Computer/SW/Security] UID:38391 Activity:moderate |
7/1 Is there some way for a non-root person to figure out when someone's account was created? \_ How would a root person figure this out? \_ The adduser script used to keep a log file. -tom \_ You're an idiot. |
2005/6/30-7/1 [Politics/Domestic/California, Computer/SW/Security] UID:38384 Activity:high |
6/30 Whenever I watch celebrity news I hear so and so is guilty in the court and have to perform community service. They don't get fined or go to jail, but have to perform community service. What's so bad about serving your community? I mean, isn't it noble to serve food for the homeless, paint houses for the poor, and clean up highways trash? Imagine the United States drafting men between 18-25 to perform mandatory community service for just one year. We'd have a huge [free] labor force to clean up grafitti, recycle cans, and other wonderful things that make our community more beautiful. In our ever increasingly busy digital lives, we rarely have time to even help ourselves, let alone help others out. We are increasingly isolated from one another, and have very little understanding on this "sense of community" that our grandparents talked about. Perhaps incentives and rewards should be given to those that help our community, to make everyone's lives better. Community service is an honor performed by those who honor community and brotherhood. It is sad and ironic that criminals have the honor to serve our community. Just my two cents for today. -2 cents guy \_ For reasons I won't elaborate on, I had to spend some time cleaning up trash with the other "community service" people in People's Park at one point. There is actually a pretty huge pool of people who have "community service" hours to do at any given time. Several of the people there had 1000 hours of service they had to do. I was, as far as I could tell, the only person there who was actually working. Mostly people would just show up and loaf around all day, then get double that number of hours signed off for by the dude who runs the park. If the dude who runs any given park doesn't want to be corrupt, people just migrate somewhere where it *is* corrupt. Of all those community service hours that get handed out by judges, very little real service gets done (although I busted ass cleaning up the park). \_ This is a fairly old idea. This was called a 'subbotnik' in USSR (only this was done on Saturdays, hence the name 'subbota = saturday'.) You should ask someone who participated in a subbotnik what they think of it. -- ilyas \_ why didn't you participate in a subbotnik? \_ I was too young. -- ilyas \_ Switzerland requires you to serve the military or perform substitute service (community service). Maybe John can tell you all about it. \_ Yes, and it's pointless, a waste of money, bad for the economy (by forcing people to take a large, unproductive gap between school and work, and by forcing employers, including SMEs, to subsidize long absences), and exposes young men to drugs and cigarettes. In the abasence of enemies or funding for all these recruits, there are many make-work projects to occupy the ~60% or so who don't manage to get out of it. It's state slavery; totally pointless and philosophically repulsive. -John \_ One might obtain a somewhat less grim view of such matters by looking at the Works Projects Administration established in the US during the great depression. I believe modern Germany has a similar program where one may choose between military or `alternative' civilian service, but don't know much about it. Also, why constrain this sort of thing to men only? That seems backwards and silly. That said, if you're going to encourage community service, I don't think picking up trash and cleaning up graffiti are particularly inspiring tasks or the most useful application of that sort of workforce. What made the WPA cool was that it took on really ambitious projects. Even if you take all this into account, I don't know how much it's going to do for instilling a sense of community in people. I know there's a geographic component to this: Many of my grandparents' present-day friends are people they grew up with on the same *block* in Brooklyn. They joined the service together. After the war they settled on Long Island together. In their later years, part of the group moved to the same communities in Florida. Of your friends today, how many lived on the same street you did when you were young? Do you still keep in touch with your friends from high school? Personally, I think my sense of community is as strong as my grandparents, just oriented along different axes (e.g. cultural vs. geographic). -dans \_ I think the CCC also did something similar in the same time frame. \_ Why community service? Because we supposively live in a classless society. Billioniares pay the same amount for a moving violation as the average Joe. Community service forces the culprit to give up time, which means the rich don't get off easy and the poor aren't forced to pay fines. Both beat jail which puts the burden on society. All of this is separate from enforcing a draft (military or community works) or volunteerism. Much of the reasons behind why not lay with the relationship of citizens and government and society in general. And those discussions get ugly. \_ Where is the claim made that we live in a classless society? There have never been, and perhaps never will be a classless society. -- ilyas \_ I never claimed it was a classless society in reality. It's just one of those things that American democracy aims for. Probably a silly thing to put in the motd... \_ I think the best you can say along these lines is American society was in part a rejection of solidified class lines of European society. I don't think the founding fathers were specifically aiming to create a classless society, merely to reject aristocracy in the European conception of the word. Classless society is probably impossible, and almost certain undesirable, as a goal. Even an ant colony has 'classes.' -- ilyas \_ Yes, and we should never seek to surpass the utopian efficiency and elegance of ant society. \_ If you seriously want to make men into an ant colony, you should read Hellstrom's Hive. Also, a certain quote from John involving a baseball bat comes to mind. Do you actually maintain American society has a classless society as an explicit goal? Do you have a source for this claim, or are you just making stuff up to suit your agenda? -- ilyas \_ I think you were trolled. -John \_ I think you're being needlessly pedantic. "classless" in the context of government applies to equal treatment under the law, one-person-one- vote, etc. I think this type of classlessness is an explicit goal of American society; that people have equal opportunity etc. --!op \_ When someone talks about a 'classless society,' especially if they talk about ant colonies being utopian in the same breath, I understand them to be using the common definition the Marxists use. I don't think I am being pedantic at all, I think you misunderstood the previous poster. -- ilyas \_ I didn't write the "ant" comment, but I did write the original "classless society" one. The original thought was towards the equal treatment of Man under law as opposed to a more communistic "equality of Man" ideal. The followup use of "American democracy" was an attempt to point in that direction. Apologies to those who may have been misled. \_ What kind of "classes" do chimpanzees have? \_ Chimpanzees have a society? (Actually, to the extent that great apes are social animals and live in hierarchies you may well say they have 'classes.' So do wolves. An interesting question I thought about recently is why do all functional wolf packs have at least one Omega). -- ilyas all functional wolf packs have at least one Omega).-- ilyas \- I have discovered a remarkable proof for this but: (0. Hola) 1. it requires the Axiom of Choice 2. the motd is too small to contain it. 3. ok tnx. |
2005/6/30 [Computer/SW/Security] UID:38367 Activity:moderate |
6/30 Whenever I watch celebrity news I hear so and so is guilty in the court and have to perform community service. They don't get fined or go to jail, but have to perform community service. What's so bad about serving your community? I mean, isn't it noble to serve food for the homeless, paint houses for the poor, and clean up highways trash? Imagine the United States drafting men between 18-25 to perform mandatory community service for just one year. We'd have a huge [free] labor force to clean up grafitti, recycle cans, and other wonderful things that make our community more beautiful. In our ever increasingly busy digital lives, we rarely have time to even help ourselves, let alone help others out. We are increasingly isolated from one another, and have very little understanding on this "sense of community" that our grandparents talked about. Perhaps incentives and rewards should be given to those that help our community, to make everyone's lives better. Community service is an honor performed by those who honor community and brotherhood. It is sad and ironic that criminals have the honor to serve our community. Just my two cents for today. -2 cents guy \_ For reasons I won't elaborate on, I had to spend some time cleaning up trash with the other "community service" people in People's Park at one point. There is actually a pretty huge pool of people who have "community service" hours to do at any given time. Several of the people there had 1000 hours of service they had to do. I was, as far as I could tell, the only person there who was actually working. Mostly people would just show up and loaf around all day, then get double that number of hours signed off for by the dude who runs the park. If the dude who runs any given park doesn't want to be corrupt, people just migrate somewhere where it *is* corrupt. Of all those community service hours that get handed out by judges, very little real service gets done (although I busted ass cleaning up the park). \_ This is a fairly old idea. This was called a 'subbotnik' in USSR (only this was done on Saturdays, hence the name 'subbota = saturday'.) You should ask someone who participated in a subbotnik what they think of it. -- ilyas \_ why didn't you participate in a subbotnik? \_ I was too young. -- ilyas \_ Switzerland requires you to serve the military or perform substitute service (community service). Maybe John can tell you all about it. \_ One might obtain a somewhat less grim view of such matters by looking at the Works Projects Administration established in the US during the great depression. I believe modern Germany has a similar program where one may choose between military or `alternative' civilian service, but don't know much about it. Also, why constrain this sort of thing to men only? That seems backwards and silly. That said, if you're going to encourage community service, I don't think picking up trash and cleaning up graffiti are particularly inspiring tasks or the most useful application of that sort of workforce. What made the WPA cool was that it took on really ambitious projects. Even if you take all this into account, I don't know how much it's going to do for instilling a sense of community in people. I know there's a geographic component to this: Many of my grandparents' present-day friends are people they grew up with on the same *block* in Brooklyn. They joined the service together. After the war they settled on Long Island together. In their later years, part of the group moved to the same communities in Florida. Of your friends today, how many lived on the same street you did when you were young? Do you still keep in touch with your friends from high school? Personally, I think my sense of community is as strong as my grandparents, just oriented along different axes (e.g. cultural vs. geographic). -dans \_ I think the CCC also did something similar in the same time frame. \_ Why community service? Because we supposively live in a classless society. Billioniares pay the same amount for a moving violation as the average Joe. Community service forces the culprit to give up time, which means the rich don't get off easy and the poor aren't forced to pay fines. Both beat jail which puts the burden on society. All of this is separate from enforcing a draft (military or community works) or volunteerism. Much of the reasons behind why not lay with the relationship of citizens and government and society in general. And those discussions get ugly. \_ Where is the claim made that we live in a classless society? There have never been, and perhaps never will be a classless society. -- ilyas |
2005/6/29-30 [Computer/SW/Security] UID:38364 Activity:moderate |
6/29 Does anyone have a well-reasoned essay on why it's a bad idea to force your users to change their passwords regularly? I have a strong password and changing it frequently means I have to keep it on a piece of paper or use dictionary words. \_ I'm sure there's something obvious I'm missing here, but why can't\ computers just have either a rfid reader, a barcode scanner or a \_ I'm sure there's something obvious I'm missing here, but why can't computers just have either a rfid reader, a barcode scanner or a magnetic strip reader, and just let users swipe a card? If carrying an artifact on your keychain is good enough security for your car and home, it's good enough for your computer. I think passwords are fundamentally flawed for normal people (and I have *worse* than normal ability to remember passwords.) \_ Because optimally you want two-factor auth (remember, a combo of what you have, are and know.) If you can only do one-factor auth, you'd rather limit yourself to the last than the first which can be more easily, well, swiped. -John \_ I'm not sure I see the problem. I use a key I carry in my pocket as the only form of security for my car (sure, people may have some electronic thing, but they always have it on their keychain also). So why does some office email system have to have better than that? If the physical security of the building is based on a key it seems that should be fine for the computers in most offices. I'm a totaly neophyte about computer security, but I've always found passwords to be impossible to remember and I think I'm not alone. Isn't a physical key better than a password that's written on a post-it note right over the terminal? not alone. Isn't a physical key better than a password that's written on a post-it note right over the terminal? \_ Why do you need well-reasoned? Everyone I know who has to change passwords regularly switches between two passwords. \_ That's nice, because lots of software remembers the old passwords and this won't work. Personally, I have a good memory and changing my password often isn't a problem. For people who have trouble, simply store your passwords in a PDA in encrypted format. \_ At Intel, it remembered the last 8 passwords. Most people I knew cycled through pass1, pass2, ... pass8, and then set whatever they wanted. -emarkp \_ http://www.securityfocus.com/infocus/1554 is a start. If you drop me a mail (other address in my .plan) I will gladly find you some very strongly worded essays on the topic--there were a few good ones written on this area in the last year. Constant password change policies and restrictive password histories are a solution for weak-minded security managers. -John \_ If you have an ACM account, I suggest looking up "Users are not the enemy" by Adams and Sasse. Excerpt (from Firewalls and Internet Security) in /csua/tmp/uante. -gm \_ http://www.useit.com/alertbox/20001126.html --jameslin |
2005/6/29-30 [Computer/SW/Security] UID:38362 Activity:moderate |
6/29 Anyone have experience with monarch computer? They arn't shipping my stuff when they said they would, and I'm starting to get concerned. \_ used them once, no problems. but now i just use newegg. \_ ordered an athlon x2 did you? anyway, http://newegg.com only lists when they have stock, or they'll put an auto-notify link. \_ No, I ordered an Athlon64 3700. Nothing special, and they say it is in stock. At the moment I consider it poor customer service, but if they keep this up I will consider it fraud. It's a shame too they seemed to have a good reputation, but they are just lying to me. \_ No, I ordered an Athlon64 3700. They have now promised to get it out tomorrow with expedited shipping which would be great if it happens. |
2005/6/29-30 [Computer/Networking, Computer/SW/Security] UID:38359 Activity:low |
6/30 I don't want to crack WEP, but I'd like to learn more about it. For example, is it a link layer encryption or is it tied to the physical layer? If it is link layer encryption (something built on top of link layer), then is it possible to "sniff" sequences of packets on a regular computer then brute force crack it? Does it take a super computer to do it or can anyone with a regular laptop do it? \_ go read http://www.tomsnetworking.com/Sections-article118.php - danh \_ Looking at how some of the crackers work is a great way of learning how WEP works. Have a look at Auditor at http://www.remote-exploit.org for good tools and docs. -John \- This may be more relevant to people with a greater interest in wireless security than the OP but i looked at draft of a book on wireless sec by william arbaugh of university of maryland [i forgot the other authors, see AMAZONG] which is going to be more indepth and theoretical than random "how to" web pages, but is more practical than a berkeley-type textbook. oh it looks like the book is out now: http://csua.org/u/ck2 anyway, if that is what you are lookig for, the book is decent (looks like it is 2yrs old an unrevised, so may be lean on some recent things and cover some things that died on the vine). ok tnx. |
2005/6/29-30 [Computer/SW/Security] UID:38356 Activity:nil |
6/29 Am in PST, still Wednesday over here ... quick follow-up to post re: anonymizer. Looked into TOR, it seems to only protect the transport. Privoxy or JAP would be alternatives to <DEAD>anonymizer.com<DEAD>. Actually bought anonymizer at Fry's, and it seems to work pretty well. Now if I can only disavow ever writing this message ... How do you people figure out who wrote a post anyways?? |
2005/6/28-29 [Computer/SW/Security] UID:38337 Activity:nil |
6/28 Sorry for going back in time here, but where I am, it's still Tuesday the 28th of June ... anyways, I had a couple of posts about how much people trust http://www.anonymizer.com if people had experience with how much anonymizer can protect your information, especially if they are subpoenaed to turn over evidence. Please leave this post up a couple of days, cuz I don't get to check the MOTD that many times a day. If nobody wants to comment, leave a note to that extent. \_ I used to work for a company in the same space. We kept access logs for 7 days, mainly to get statistics and bill advertisers. If we recieved a subpoena for access logs within 7 days of an event, we would turn over those logs (as required). If the request came more than 7 days after the event, we had no data to provide. The Anonymizer privacy policy states that they will disclose privacy information when required by law; however, they also say that "Anonymizer does not hold any personal information on our customers that could result in compromising their privacy and security", so I don't know what they might give up. I seem to recall their policies being about the same as ours, but it was a long time ago. -gm \_ Screw anonymizer. Use TOR. \_ Is TOR anything like Freenet? I tried out Freenet a while ago, but it was unreliable and slow as hell. Looks like it's still being actively developed, but haven't installed it on my new computer. Does either TOR or Freenet rely on a lot of participants? -- op. \_ TOR is a serious mix-network crypto system. Pretty industrial strength. Latency is gonna blow, but thats the price. \_ Nothing you do online is anonymous, the trick is to make as cumbersome as possible for someone to track you. If you go to a random library in another city, avoid cameras, use a public terminal and use an anonymizer, your "less likely" to be tracked than say logging into your home PC or local Computer Lab while using your private e-mail account. It depends on what risks you're wiling to take (cost/ benefit). |
2005/6/23-25 [Computer/SW/Security, Computer/SW/Unix] UID:38277 Activity:low |
6/23 I was not too smart to believe what I read on SBC Yahoo!'s web site (that after merging my Yahoo! ID with a SBC sub-account ID, I can reverse the merge by simply deleting the sub-account) and went ahead with the merge. The merge did NOTHING as claimed-- I did not get any extra storage nor any extra service. So I wanted to reverse the process only to find out that I can only 'suspend' an sub-account, but not delete. I called customer service and was told it is impossible to delete an sub-account and hence impossible to undo the merge. I have spoken to 5 people including one manager and one level 2 support person. None was able to offer any help. I tried suspending the sub-account, only to find out that I could no longer access my regular Yahoo! account. Has anyone had to deal with this issue? How was it resolved? Are the 5 people I talked to not too bright or their web site is just lying? \_ I have evidence that Yahoo is controlled by Scientologists. \_ When this was first offered (2+ years ago), I distinctly remember reading that it was not reversible. It's possible that the 5 people you spoke with are still operating under that assumption. Print out the page with the relevant promise and direct support personnel to the url. \_ I did. I pointed the support people to the URL that states the process is reversible. All I get was a defensive comment, "I am telling you the truth! It cannot be done!". |
2005/6/19-20 [Computer/SW/Security, Academia/Berkeley/CSUA/Troll] UID:38195 Activity:nil |
6/19 Stupid question. how do we implement POP and IMAP access on Soda? \_ imap and pop over SSL works fine - danh \_ Stupid answer. Slave monkeys and Google page-rank pigeons. - jvarga |
2005/6/15-17 [Computer/Networking, Computer/SW/Security] UID:38143 Activity:low |
6/15 Wanna have WiFi access on transbay buses, free for you and free for AC Transit? Voice your support by taking the survey: http://www.actransit.org/news/articledetail.wu?articleid=d5f2ff4a \_ If they combine it with GPS so I know where the buses are... \_ I put GPS and a coffee service in the suggestions box. \_ It sure will get your responses ignored. \_ Said the suicide bomber... \_ I hope this is facetious, and if not, I hope you never ever get your hands on a top secret DHS triple grade red classified bus schedule. \_ I already get this using my PDA GPRS/EDGE/UTMS cell with laptop You are wasting money. \_ Didn't I mention it'd be free? |
2005/6/15-17 [Computer/SW/Security, Academia/Berkeley/CSUA/Motd] UID:38139 Activity:nil |
6/15 Attempting to sftp to http://csua.berkeley.edu. Got password from key. Entered password and got back: Received message too long 1701996907 Wtf? \_ password from key. since sftp uses ssh, shouldn't you just use your normal password? \_ Trying to do anonymous motd? \_ No, trying to send files from my PC to my CSUA account. \_ Just use scp. \_ I just tried ssh from SunOS 5 and it worked. \_ I'm trying sftp http://csua.berkeley.edu from CSUA. I'm running tcsh as my shell. \_ tunneling ftp through ssh for sftp is a total lost cause. just use scp. google for winscp \_ he's not tunnelling ftp through ssh, he's using sftp. \_ he's doomed, it's not going to work. USE WINSCP \_ I use putty's psftp all the time. As well as FileZilla for xfering files to and from soda. Why is he doomed? \_ Update: so scp seems to do the trick (on soda and from my Mac). Purely for curiosity's sake, any idea why sftp isn't working? \_ It works for me on windows. \_ sftp seems to be working fine too from freebsd machine \_ A ssh1/ssh2 mismatch? Just a guess, I have never used sftp. scp works fine for all my needs. |
2005/6/13-15 [Computer/SW/Mail, Computer/SW/Security] UID:38098 Activity:nil |
6/13 Any recommendations for a free webmail service that doesn't charge for POP3 download, SMTP? I want to be able to access it using VersaMail on Treo 650. Using GMail right now, but I'm not a big fan of their privacy practices. So the requirements are: free, respects privacy, a viable company. \_ I think you're just going to have to suck it up and use Gmail. \_ Agreed. No company is gonna offer free popS service for free besides google. At least not right now. |
2005/6/6-7 [Computer/SW/Security, Computer/SW/Unix] UID:37988 Activity:nil |
6/6 s/key confusion and confirmation: I must have reading deficiency. I read the s/key howto over and over but I couldn't grasp the idea. So maybe someone can confirm my understanding of it. The s/key stuff only dictates which machine I can access the csua server from. That is, if I have entered the one time password from my home desktop, then I can log in from my home desktop with my unix login/pass. I can not log in to cusa from my work machine if I haven't entered the one-time pass on that machine. Basically, since ssh2 is in effect now, I downloaded PuTTY. After I enter the login as value, it shows "s/key 92 hi97345", then "password". However, I used the s/key calculator, and put in 92 hi97345, and got a one-time pass, with that pass I can not log in. But I tried with my unix password, I'm no logged in. So I am confused why it has "s/key" stuff and didn't expect a s/key one-time pass phrase? I basically just use my unix login/pass just like before ssh was enabled. \_ Same here--that is, I've been seeing the s/key stuff when logging in since the ssh change, but I'm loggin in via putty, and just use my normal login. \_ Thanks for overwriting my changes fucktard. \_ vi should have locked the file if you opened it for write. others can only open it read-only. So you must not have the lock on the file when you tried to edit it. \_ 1, you're wrong. 2, you overwrote someone else when adding this post. \_ 3, I thought we went over this, using VI will ensure a lock on the file you are editing. Or should we run a command before editing a file? |
2005/6/3-6 [Computer/SW/Security] UID:37962 Activity:nil |
6/2 yaBlueToothHack: http://www.newscientist.com/article.ns?id=dn7461 \_ So Bluetooth uses symmetric key exchange in an unencrypted wireless channel? Is that correct? If that's true then whoever developed the Bluetooth encryption protocol wasn't thinking too hard. \_ Math is hard. |
2005/6/3 [Computer/SW/Security] UID:37953 Activity:nil |
6/2 yaBlueToothHack: http://www.newscientist.com/article.ns?id=dn7461&feedId=online-news_rss20 |
2005/6/2-5 [Computer/SW/Security] UID:37940 Activity:low |
6/2 My TeraTerm SSH no longer works on soda. What other software should I try now? \_ putty \_ Cygwin + OpenSSH. Related request - can root (or someone) add a webpage w/ the ssh public key fingerprints for soda and the other login systems? Soda's fingerprints are: RSA - df:69:f5:98:d5:68:d2:4b:9a:77:4b:53:75:b0:21:51 DSA - b2:2b:32:26:6e:19:d3:f0:f2:51:70:25:30:c1:54:22 \_ Done, see CSUA main page. - jvarga \_ Dude, whatever they're paying you, ask for a raise. -mice \_ Dude, whatever they're paying you, ask for a raise. Get a life, man, you're making me feel guilty. :) -mice \_ While you are on a roll, how about the wall log archiver and the tmp and var cleaners. \_ Get the SSH2 extension to TeraTerm http://sleep.mat-yan.jp/~yutaka/windows \_ Great! Thanks. \_ will http://csua.berkeley.edu/ssh be updated as well? |
2005/6/2-7/12 [Computer/SW/Security] UID:37939 Activity:nil |
6/1 SSH got restarted with the new changes (no more SSH1). As a result, it may look like soda's key has changed. This is just because you may be used to using SSH1 and therefore the SSH1 key. The SSH2 key has not recently changed, but your SSH client may not recognize it unless you usually use SSH2 to connect to soda. |
2005/6/2-3 [Computer/SW/Security] UID:37935 Activity:low |
6/2 In the 'official' part of the motd it says ssh1 would be shut off, weeks ago no less, and yet it still seems to be on. What up with that? \_ Whoever did the change neglected to restart sshd. Fixed. -jvarga \_ I just tried ssh from a Solaris machine to soda and I got "ssh: connect to host http://soda.csua.berkeley.edu port 22: Connection refused". I tried both with and without the "-2" option. Now if I log out from this session I won't be able to log in again! \_ Using putty forcing to ssh2 doesn't connect either. \_ That's the last time I trust someone's changes to "just work"... fucking dammit where'd all these sshd_config errors come from??? - jvarga \_ What say we strip some people (person?) of their root cookie? \_ I say we strip karen. \_ I say you're a chauvinist and an ass. \_ Dang, you've been in CS how long and you only just figured THAT one out? :P -jrleek \_ I'm glad it was caught before soda rebooted... it would suck to have to go and be physically present to fix this. - jvarga \_ wait, if you're not a current student, what the \_ Who said he wasn't? School's not in session, dumbass. hell are current students doing? It used to be the case that current students run, manage, fix, install everything. What the hell do they do now? Playing with Windows NT servers because UNIX is too hard? \_ Do you object to me fixing crap? Because if so I can just leave all the broken shit for "current politburo" to eventually get to or notice. Do you object to njh, dlong, mconst, etc also fixing soda problems? - jvarga \_ Man, lazy/apathetic kids today (current politburo). As a mentor, how about teaching them how to fish instead of giving them fish? \_ Hey yeah, and while we're at it let's un-root all the non students; they have no business working on soda. Thanks for all the cool shee-it, jvarga, you are de man. -John \_ Maybe that's the reason whoever did the change didn't restart sshd in the first place. He didn't think his own change would work either. \_ Then he should have reverted sshd_config to a known- working state so that an accidental (or intentional) soda reboot wouldn't fuck over sshd. - jvarga \_ seems ok now. \_ will the csua website recommend an ssh2 client we can use? will http://csua.berkeley.edu/ssh be upgraded as well? |
2005/5/27-31 [Computer/SW/Security, Computer/SW/Unix] UID:37869 Activity:nil |
5/27 I'm the guy who was asking for software for organizing web links. I tried the sdidesk software somebody recommended but it's too complicated (I don't have time to learn wiki). So my focus has now shifted to generic note-taking software. Anybody use one? There are tons of those programs on the web. If you use one, please let us know what you use. Thanks. \_ Check out SafeSex from Nullsoft if you want something somewhat protected and small. It can get a bit annoying what with having to give it a password all the time. -John |
2005/5/24-26 [Computer/SW/Security, Computer/SW/OS/Windows] UID:37826 Activity:low |
5/23 On XP, can I use encryption on the swap file? \_ Doesn't answer the question, but provides workaround http://csua.org/u/c6c (microsoft.com) http://csua.org/u/c6c http://tinyurl.com/b9oxc \_ Thanks. Too bad it doesn't help when it crashes. I'll have to remember to boot it up again and then do a clean shutdown. |
2005/5/24-26 [Computer/SW/Security, Industry/Jobs] UID:37825 Activity:moderate |
5/24 How common are contract-based bonuses for service-oriented software companies as a form of profit-sharing? E.g., the company wins a 1 million dollar contract. The sales guy for the contract gets x% of $1 million; The lead engineer on the project gets y%; Other engineers who will be working on the project get z%. Yes, the sales guy has a base salary and makes much more from commissions, which is how this normally works. Currently our bonus system is the standard annual bonus (the boss decides at the end of the year how much bonus you get, which ends up being ~ 5%). \_ Why is this a question? You can structure payment for services any way you want as long as it is not unconscionable. \_ "how common are ... for ...", not "is it possible" \_ "how common are ... for ..." \_ Very good, you apparently understand basic semantics. I still don't understand why this is a question. If you want your firm to move towards a direct percentage based system based on profits vs. a fixed annual bonus then bring it up with your super. Why should it matter if it is followed by a majority of other consulting firms? \_ I've never seen a commission system for anyone other than sales. For IT/Engineering, if there is a bonus system is usually "up to x% of salary per quarter". One place I worked at did profit sharing at .1% of profits for most, while some with seniority got more. \_ <yeah, like your retarded nonsensical comment, dipshit> \_ OP: you should deal with retarded but critical sounding comments by deleting them. --!OP \_ I am going to guess "not common" \_ Haha. Are you the poster whose comment I deleted? Did you experience a flush of anger when you saw I deleted your pathetic comment? \_ <stop deleting someone else's shit and we'll stop deleting your shit> \_ Deleting a "followup" which consists of "that's a dumb question" is a service not an abuse. \_ <right, which is why this is a service> \_ Little losers: you guys really couldn't tell the difference between your lame answers and the one above? \_ I've had that kind of deal offered to me to finish a project at a company that 1. had no prospect of a liquidity event, and 2. had a co-development deal with another company that would bring in cash with each milestone met. A more common version of this happens when a company gets acquired for $(n+m+o+...), with $(m+o+...) tied to project milestones. |
2005/5/17-18 [Computer/SW/Security, Computer/SW/OS/Windows] UID:37725 Activity:low |
5/17 http://blogs.washingtonpost.com/securityfix "A system administrator, angered by his diminished role in a thriving defense manufacturing firm whose computer network he alone had developed and managed, centralized the software that supported the company's manufacturing processes on a single server, and then intimidated a coworker into giving him the only backup tapes for that software. Following the system administrator's termination for inappropriate and abusive treatment of his coworkers, a logic bomb previously planted by the insider detonated, deleting the only remaining copy of the critical software from the company's server. The company estimated the cost of damage in excess of $10 million, which led to the layoff of some 80 employees." \_ Whose fault was this? Now consider: whose responsibility is it (not for failing to look over his shoulder, but for allowing this much "power" to concentrate in one set of hands)? -John \- fault is not zero sum. poor decision making on part of the company doesn't remove his culpability. legally it may be up in the air to what extent can say a shareholder hold the negligent management responsible vs the malicious employee but ethically, the failure is on the "evil employee". \_ Well, the company holds the evil employee liable in its turn, but it's kind of a case of where the buck stops. That said, dingdingding. -John |
2005/5/11-13 [Computer/SW/Security] UID:37640 Activity:nil |
5/11 Maybe this is old news, but there is a mit project to prevent addr harvesting from known_hosts files: http://nms.csail.mit.edu/projects/ssh Their paper on ssh worms propogating via info discovered from the known_hosts files is interesting: http://nms.csail.mit.edu/projects/ssh/sshworm.pdf |
2005/5/11 [Computer/SW/Security, Academia/Berkeley/CSUA/Motd] UID:37630 Activity:high |
5/11 I know kchang's de-anonymizer is putting a crimp in your style, but can you people who scp to /etc/motd.public please stop overwriting? \_ A little thought should help you realize that's impossible. \_ A little quality thought should help you realize that: "Overwriting" is being used in the context of "screwing up other people's changes". If you turn off brain and assume the literal definition of overwrite, you might realize you're "overwriting" [literally] /etc/motd.public every time you save it in an editor. Finally, scp users can reduce frequency of overwriting [contextual meaning] by reducing the lag time between the scp "get" and "put". \_ Well, they should be diffing and merging as the final step \_ No, they should be diffing and merging as the final step before putting. This leaves a pretty tiny window for potential overwrites. But can someone tell me how kchang is logging file access? What OS features help with this? I'm curious to know for other possible applications. \_ I signed a pact with Satan \_ Hm, how about this feature. If you put in "-anon" at the end of your post, then my Ashcroft script will not reveal your id? -kchang \_ Note that "tiny window for potential overwrite" is a longwinded way of saying "that's impossible". \_ it shouldn't be hard to modify motdedit to do this. \_ Play nice, or we'll take away your cookies. Or, perhaps, make it so that you can't scp the motd. - almighty root \_ hmm, maybe make it so that the motd is only editable through motdedit and make that a suid file w/ sudo'er perms for everyone. everyone should then be anon, and no more scp. yes, I'm replying to myself. =) \_ I concur. Let's enforce some type of lock/unlock mechanism. \_ Make the trains run on time while you're at it. \_ locking and semaphores - the first step towards fascism. \_ You missed the "enforce" part didn't you? \_ So tell me, if you've done any work with databases or file systems, how useful is a lock that is not enforced? \_ Hey, I didn't realize the motd was that important to you. \_ fuck motdedit. In the ear. It's not a technical problem. \_ Technically, yes it is a technical problem. Access is provided throuh a mechanism that causes corruption. Any time such a mechanism exists and is exploitable, it puts the infrastructure at risk. Asking users nicely not to do it is not a solution Either you live with the corruption or you fix it. As a CS grad, you should know this. \_ Uhm, we're talking about motd...wtf are you talking about? This isn't a general "all locks and synchronization are bad" thread, this is a "motdedit is a shitty technical solution which doesn't even really address all the problems" thread. As a high school grad this should be obvious to you. \_ First of all, tell us why motdedit is broken, and maybe we can come up with something better. \_ Because of patronizing motdedit users. Anything without patronizing evangelists that works would be better. \_ As important as MOTD is for a bunch of users here, most of whom are CS grads, I'd wager any technical problem could be ironed out quickly. Anyways, whatever, this is your guys' problem. I don't use MOTD and everytime I read it, I feel less inclined to put as much time into maintaining this system as I do. I was offering solutions to a real problem of corruption. But hey, if you people like broken, then broken you get. \_ Broken >> supercilious motdedit nazi assholes Go or stay, use it or don't use it, it's a free country, and nobody is particularly pining for you either way. Go, and be happy, my son. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \_ No offsense, but go fuck yourself. As root, VP, \_ No offsense, but go eat a carrot. As root, VP, and now president of the CSUA my policies on sorrying non-student accounts is much more draconian than that of my predecessors. You may have been a student once, but our ultimate mission is to provide service to current students - and when people make this a hostile environment, I won't blink to kick them off our server. Although I value the insight and participation of alumni in the CSUA, I'd advise you not to fuck it up for everyone. If you disagree with an idea, then voice your reasons - not some immature tirade and rant. This is not your personal soap box, this is a server for use by university students. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \_ I suggest we first solve the problem of people posting lines longer than 80 columns or people with their tabstop not set at 8. \_ I suggest pliers or a heavy bludgeon. There's nothing like broken bones to keep columns down to a reasonable size. \_ Hm, how about this feature. If you put in "-anon" or some type of identity at the end of your thread, then my Almighty Ashcroft script will not reveal your id? -kchang \_ How about we just squish your ass right now? -anon \_ I wouldn't do that. John Ashcroft is watching you. \_ But...but...I put "-anon" at the end! Pretty please let me be anonymous? -anon \_ Well I haven't implemented it, I'm just soliciting opinions and should there be enough demand, I'll do it. \_ Anyone who has worked with group-writable files has come to the conclusion that locking and logging is important; I'd like to see motdedit (or something functionally similar like RCS) required. -tom \_ Because the motd is mission critical! Seriously, if this were source code, I'd agree. An anonymous posting board where anyone can add or delete? Feh. \_ It blows me away how worked up people get about a lame ass world writeable file. \_ kchang, I like to troll. the motd is too boring. can you include an 'exclude' list of names? ;) we need to revive the motd of better topics!!! \_ Perhaps the de-anonimizer is a good thing. Its like that old Donald Duck count to 10 before you explode cartoon. You have to think about whether or not your really want to write that comment before you do. It makes the discussion more civilized. |
2005/5/10-12 [Computer/SW/Security] UID:37604 Activity:nil |
5/10 will putty w/ ssh work tomorrow? \_ "putty w/ ssh"? \_ Putty should work, but make sure you have a recent version. It's what I use, at least. - amckee \_ putty supports ssh2, so yes. \_ If you have a session defined for soda, you may want to change your "preferred SSH protocol version" to 2, or "2 only" in the Connection->SSH options. \_ Logging in with putty to write this on 5/11 -erikred. |
2005/5/6-8 [Computer/SW/Security, Computer/SW/Unix] UID:37555 Activity:nil |
5/6 A lot of web sites now have a login snippet on their main page, which forefox does not display a SSL icon (http://www.bankofamerica.com Are those logins safe? You can usually find a specific login page within the website that have the SSL icon. I assume bank sites are usually safe in their design, but what about sites like http://www.officedepot.com Some sites's login page (http://www.bookpool.com/ac does not have a SSL icon, but their login button specifically says "secure login", how does it work? As an end user, how can one be sure the login/pw information is encrypted while in transit? \_ It's usually good practice to put the login page under SSL to preempt concerns like yours. Many places don't have a login box on their front page, and make you click through to an https link to get a login box. Others put the login box on their front page to save you that step, but the load of putting their front page under SSL is prohibitive. If they say it's a secure login, the HTTP Post that sends your information will be under ssl. If you want to test this, put in a bogus login/password and watch it jump to SSL when you click "login". \_ For verification: http://www.bankofamerica.com/signin/security_details_popup.cfm \_ So you have to 'observe' the flashing by of the SSL icon to distinguish these sites from sites that indeed uses no security. I guess a better question is, how do you tell if the HTTP post used to send your login information is under SSL? \_ Best course of action: don't worry about it. if someone's really intent on stealing your info, there are easier ways to do it. There are non-technical ways to protect yourself better. keep an eye on your account activity. get your annual credit check (or more frequently if you're worried). SSL is no guarantee no matter how Verisign wants to package it. \_ I find security policy varies significantly between sites. Your password can be as strong as you like, but often times the "I lost my password" feature is typically implemented with very little security in mind. Better sites will allow you to reset your password after you verified who you are (via secret questions, etc), never revealing what your actual password was. But some no so security conscious sites will simply email your password in plain text, and sometimes all you have to do is to provide your email address. Some sites will also reset your password with only the email address. You can only guess how careful those sites will treat your data (such as credit card info).. I am trying to sort out the sites that have my login information so that the lesser secure sites do not share the same password as the more secure/important sites... \_ The guy I spoke to said it used to be configurable but was taken out. If I turn any of my URLs into https, it stays https, including turning all the links into ssl, but I know of several people where it redirects to http. No clue why it varies. -John \_ The only way to be sure is to look at the source and see how it's posting the login. But even then, you won't know for sure that the authentication server is using weak encryption. \_ What's pretty funny is that gmail defaults back to http when you've logged in, and they seem to have removed the setting the security guy I mentioned which lets you set ssl for all mail access. -John \_ My gmail still stays https and always has. I know yahoo switches back to http after login. \_ The guy I spoke to said it used to be configurable but was taken out. If I turn any of my URLs into https, it stays https, including turning all the links into ssl, but I know of several people where it redirects to http. No clue why it varies. -John \_ You're right. I just never noticed it, because my bookmark specified https. Thanks for the tip. |
2005/5/4-5 [Computer/SW/Security] UID:37521 Activity:kinda low |
5/4 Has anyone checked in a cardboard box for a flight recently? Will the security screener tape the box back to shipping condition if they open it for inspection? \_ Haven't recently, but expect it to be opened and no way to seal it. Of course you can bring your own or hit one of the "inside" stores for some tape (don't expect shipping tape). \_ I took my bike in a cardboard box and they didn't bother opening it. But then again, it's probably easily identified using the x-ray machines. Your best bet is to either not put anything suspicious, or\ use one of those huge tupaware looking storage boxes as they atleast machines. Your best bet is to either not put anything suspicious, or use one of those huge tupaware looking storage boxes as they atleast close up resonably afterwards. -scottyg \_ I was asking for checked-in luggage. I don't mind bring tapes but since security screening of checked in luggage is done without my presence, how can I make sure the screener seal it back? |
2005/4/29-7/12 [Computer/SW/Mail, Computer/SW/Security] UID:37426 Activity:nil |
4/29 From the official motd above: As of May 11 Soda will discontinue SSH 1 and secure telnet support. We will also be discontinuing support for unauthenticated/unencrypted mail services in compliance with university security requirements. Please see your email for more information (assuming you're on csua@csua). Questions, comments, complaints, and cheap floozies to root. \_ Does this mean that I will not be able to access csua using ssh, or simply that there will be no one to help with problems, or that I need to use a new secure version of ssh? Also, can I still use pine on csua? \_ SSHv1 is the old insecure version of the protocol. Most ssh clients now support SSHv2. If you are using OpenSSH you should have no problems. \_ Does this mean we will be able to use soda as an smtp gateway when off of campus net? \_ From the email sent out a few hours ago: To comply with UC Berkeley departmental standards, we must terminate support for unauthenticated/unencrypted external access to all mail services. If you access Soda via POP, IMAP, or send mail through our SMTP server you MUST switch to use both authentication and SSL/encryption. These options should be easily found within most mailers, IMAP / http://soda.csua.berkeley.edu port 993 (w/ssl) SMTP / http://soda.csua.berkeley.edu port 465 (w/ SSL + login is user@soda.csua.berkeley.edu and password) POP / http://soda.csua.berkeley.edu port 995 (w/ auth + SSL) \_ Per request, a copy of the email has been saved to the following location: /csua/pub/SodaChanges0505 - jvarga \_ As an aside, I've found that for some bizarre reason, Mozilla mail doesn't like some SMTP AUTH/TLS authentication setups, while SMTP AUTH/SSL is just fine. This is with Postfix/SASL2 & Dovecot/imaps under FreeBSD 5.3-R. I just went through some trouble setting this up, and if anyone wants my configs I'm happy to share. -John \_ I'm off campus-net and I can send mail fine using SSL on port 25. \_ Does that mean the ssh client at http://www.csua.berkeley.edu/ssh will no longer work? |
2005/4/29-5/1 [Computer/SW/Security, Computer/SW/OS/Solaris] UID:37425 Activity:moderate |
4/29 Why did Sun decide to implement SMF in Solaris 10? Was it just to piss off customers or is there some technical advantage? \_ Are you talking about the new way to start/stop programs, &c.? If so, I must agree that the only purpose was to piss off customers and prove that Sun can do something stupid and different than Linux (chkconfig may not be great, but it mostly works and everyone knows how to write init scripts) BTW, SMF pissed off a lot of ppl inside sun who have to ship products on other *nix than Solaris. \_ I guess Sun should be on http://fuckedcompany.com if it isn't already. \_ Can someone give me a list of reasons why SMF is bad? \_ Complicated new way to do something that has already been done. Like I said, if there's some technical advantage then I'd like to know what it is. Maybe there is one. If not, it is just change for change's sake. \_ 1. SMF uses non-standard commands - you can't simply start/stop a process by calling its init script, you have to know what its SMF "name" is. Even if you don't have to deal w/ other *nix, SMF makes switching btwn S9 and S10 a pain. 2. SMF enable/disable semantics are bizarre - you can't just say enable/disable X like in chkconfig and assume that the daemon is enabled 3. SMF fails to provide adequate feedback re failures of configuration. Often, you can't tell if a fault needs to be cleared in order for it be enabled. service can be enabled. 4. SMF's files are non-standard and their contents are not explained well - the purpose of SMF is to make fault recover/mgmt easier, however if most of your admins don't/can't figure out how to fix config problems, faults will take longer to remedy. Developers and Admins should not have to read some guys blog on http://blogs.sun.com in order to get details on how the system works. \_ http://docs.sun.com/app/docs/doc/817-1985/6mhm8o5n0?q=smf&a=view \_ Yes there are docs, but the docs don't really have anything useful in the. Ex. tell me where in that page it specifies how to use svcadm to disable a process from being started or how to tell if the reason a particular process is not starting automatically is b/c SMF thinks that the process is in 'fault' state and must be cleared. 5. The fault mgmt functionality provided by SMF could easily have been provided through additions to existing functionality (specific args to init scripts, allowing apps to dump monitoring scripts into a given directory, &c.) \_ Sounds like one of those numerous cases where Sun was trying to solve the problem which has been already solved by others and comes up with some terribly complicated and non-standard way of doing things. *sigh* |
2005/4/29-5/1 [Computer/SW/Security] UID:37424 Activity:moderate |
4/29 How does data cracking work? I guess someone intercepts some encoded data, and then try to apply many different conversions on the data to find the right conversion that yields the original data. But then how does he know which conversion is the right one when he doesn't even know what the original data is? -- newbie \_ Related question: What were the problem(s) with SSH1? -- not-so-newbie \_ iirc, SSHv1 used the same dh key for both encryption and hmac w/o deriving separate keys for each. \_ Depends on application--some apps use poor randomness, insufficient keylength, static keys, re-used keys, etc. Cracking can be done a couple of ways, including pattern analysis and just plain brute forcing--you're pretty unlikely to get, say, two different clear text tcp streams that both look "right". Very often you're also not "cracking" anything, but rather relying on a buffer overflow or similar (as with the SSH CRC32 exploit.) -John \_ What John said. Also, the TLA agencies do things like pattern and traffic analysis to try and look for information in the bitstream. A surprising amount of information can be figured just by looking at things like the frequency of certain sequences. \- hola, i do not know what "data cracking" means however, based on the followup comments, you may want to look at I GOLDBERG's [UCB] PhD thesis on the design of the "anonymized IP wormhole" which 1. presents a useful framework to think about "the problem space" 2. has an interesting discussion on confounding "generic traffic analysis". it may be more than you are looking for but isnt that long ... i image there is a shorter version of the "freedom" project [IG gaves some talks], but i dont know if there is something downloadable. --psb \- I note in passing IG uses the example of "you would never expect the us govt and the libyan govt to collude!" which is sort of funny given that MQ is now our good buddy. is sort of funny given that MQ is now our good friend. better add the north korean and syrian govts. the probabilty of north korea becoming our friend = how many bits of crypto strength? --psb |
2005/4/29-5/1 [Computer/SW/Security] UID:37422 Activity:nil |
4/29 When I run winver.exe, it displays a string "Version 5.1 (Build 2600.xpsp2.050301-1526 : Service Pack 1)". Since it says Service Pack 1, what does the "sp2" after "xp" stand for? Thanks. \_ I have (Build 2600.xpsp_sp2_gdr.050301-1519 : Service Pack 2) \_ http://blogs.msdn.com/oldnewthing/archive/2005/03/18/398550.aspx |
2005/4/21-22 [Computer/SW/Security, Computer/SW/OS/Windows] UID:37302 Activity:nil |
4/21 Prank Paper accepted for publication: http://www.cnn.com/2005/EDUCATION/04/21/academic.hoax.ap/index.html \_ Wow, that only took CNN about 2 weeks to report. \_ Dude that's already been reported on motd: http://csua.com/?entry=37223 \_ it's already been reported twice on the motd. \_ Conferences are just social gatherings. |
2005/4/20-22 [Computer/SW/Security] UID:37288 Activity:low |
4/20 SSH X forwarding question: I hook up my laptop to corpoprate net and am able, via cygwin and ssh -X to run X stuff w/o a problem from my corporate PC. But, when I am at home; I get authentication errors when my laptop is on hooked up to my dsl. The only difference is that, in order to get through my work's firewall; I need to ssh through another host (i.e. ssh -X shost.corp and then ssh -X mypc. I can run apps from the shost machine w/o a problem. Ideas ? Suggestions? shost is freebsd 4.10 while my machine is freebsd 5.3. thanks \_ On which machine are you getting the errors? Are you going directly from the home laptop to mypc? -John \_ ssh -g -L 4567:mypc:22 shost.corp ssh -X localhost -p 4567 \_ The formatting and punctuation is just painful to look at. \_ [ Edited for readability -formatd ] |
2005/4/18-19 [Computer/SW/Security] UID:37241 Activity:nil |
4/18 How do I do all that dsa_id public thingie so that I can ssh/scp into my cluster of machines (that happen to have the same NFS mount) without having to type password? -dsa ssh idiot \_ http://www.arches.uga.edu/~pkeck/ssh \_ http://www.csua.berkeley.edu/~ranga/notes/ssh_nopass.html \_ Assuming that all of the systems in your cluster mount your home directory the following will probably work for you: 1. Generate a dsa key pair (can be on any system): $ cd && ssh-keygen -t dsa -f .id_dsa -P '' This creates .id_dsa (private key) and .id_dsa.pub (public key) in your home directory 2. Copy .id_dsa.pub into your nfs accessible home directory: $ scp .id_dsa.pub user@host:.ssh/authorized_keys $ scp .id_dsa.pub user@host:.ssh/authorized_keys2 (This assumes that you don't have authorized keys already) 3. Test it out: $ ssh -i .id_dsa user@host You should not be promted for a password. If you are try ssh -v and/or make sure that the authorized keys files are 0600 and the .ssh dir is 0700. 4. If you always want to present the same id to all hosts add the following to your ~/.ssh/config: Host * IdentityFile ~/.id_dsa If you want to restrict (on your cluster systems) the hosts from which you will accept a particular id, try adding 'from="ip range" ' before ssh-dsa. |
2005/4/17-18 [Computer/Networking, Computer/SW/Security] UID:37232 Activity:nil |
4/17 Anyone know if Yahoo Messenger is encrypted? I use it in internet cafes a lot with my 802.11 and I'm wondering if my password is protected or not. I don't care about the communication, just my password. -ok thx \_ Probably not. If you want to know definitively, run tcpdump. Alternatively, set up a VPN and pipe all your connections through that. \_ Your clear text password is not saved in your machine nor is it sent in the clear text through the internet. |
2005/4/15-17 [Computer/SW/Security, Computer/SW/Apps, Computer/HW/CPU] UID:37199 Activity:nil |
4/15 http://www.cnn.com/2005/TECH/science/04/14/mit.prank.reut/index.html The lead author is a (recent) cal alum. |
2005/4/14-15 [Computer/SW/Unix, Computer/SW/Security] UID:37186 Activity:high |
4/13 Hey, if you're going to update nethack, update angband, too. You could also install a variant, like NPPAngband: http://home.comcast.net/~nppangband \_ Interesting. Thanks for the pointer. \_ there's even a competition: http://mysite.wanadoo-members.co.uk/angband_comp/compo.html \_ Installed angband (there was a ports version) - amckee \_ NPPAngband is trivial to install. Why not install that too? \_ Because I was up until 2:30 upgrading Perl and did this between compiles? MAYBE I'll install it, though. =) amckee \_ If by 'trivial' you mean 'completely manual', yes it was trivial. I've installed it as NPPAngband, I did not overwrite angband \_Oh no! There goes my weekend/life! -scottyg \_ NetHack, Copyright 1985-2003 By Stichting Mathematisch Centrum and M. Stephenson. See license for details. No write permission to lock perm! Hit space to continue: \_ Unable to replicate with my two user-land accounts, do you have any stale files around? Anyone else seeing this? Send email to amckee/root, iff you see this and want it looked at. \_ i don't think you quite understand what userland means. \_ You do realize that, in addition to OS, process, and object level privileges, root accounts can run in increased kernel priority levels? Granted, in this case the problem is most likely to do with file permissions, it is not an atypical usage of the word 'userland' to refer to non-root/non-privileged users. Thanks for the snideness, though. \_ i still don't think you quite understand what userland means. try looking it up in, say, the jargon file. root accounts are not any different from normal ones in terms of where they run (i.e., they do not run in the kernel). the kernel will allow you to do privileges things by being root, yes, but they are still done by the kernel, not because you as root are in the kernel mucking around. |
2005/4/13-15 [Computer/SW/Security] UID:37183 Activity:kinda low |
4/13 Comcast internet service SUCKS!!! If you want to be a national ISP you've got to know how to run a DNS server. \_ Agreed. It could be worse, though -- at least broken DNS is easy to work around. \_ Whiny bitches. If people wanted reliable service, the free market would reward a company for providing it. Clearly, people are happy to pay for spotty service. \_ One of the great things about "the free market" is that it provide for many a niche. Some, like me, pay a small premium to a company like speakeasy for reliable and reasonable service (no shutting off access to ports without notice) and others who want a cheap services, without notice) and others who want a cheap service, get it. \_ You know, I think I agree with this. I'm getting what \_ You know, I think you're right. I'm getting what I pay for. --second poster |
2005/4/12-14 [Transportation/Car, Computer/SW/Security] UID:37151 Activity:nil |
4/12 Free transbay bus service for one month: http://www.actransit.org/news/articledetail.wu?articleid=ae28f29b Pretty attractive when gas price is high. \_ It's only free westbound. Return trip still costs $3. But I think it's a good publicity for the new park & ride lot. |
2005/4/11-13 [Computer/SW/Security] UID:37143 Activity:nil |
4/11 I called Berkeley's fraud alert hotline and the only info the thieves had are: My full name, SSN, and the money I made. That's weird, I don't remember putting down how much money I made when I applied to Berkeley. Anyways, they told me to call Experian 888-397-3742 Option 2, 2, 3, 2, 1, 2 to put myself on fraud alert. \_ Is this pre-emptive or has somebody already started using the stolen ID info? -- ulysses \_ I don't think there's been any evidence that the stolen ID info has been used. -tom \_ who is deleting useful replies? There is as of yet no evidence that the stolen data have been used. -tom |
2005/4/11 [Computer/SW/Security, Computer/SW/OS/OsX] UID:37142 Activity:very high |
4/11 What's the best way to transfer files between Macs and PCs? I don't want to install NFS (too heavy weight), there must be another way. Like, I don't want to use SCP because it doesn't do recursive copy... \_ my problem with WinSCP is that it doesn't like to copy file names with foreign letters (accented e, Ooo, etc). What other alternatives are there besides WinSCP which I like a lot? \_ You were given the correct answer and deleted it. go away. \_ scp doesn't do recursive copy? have you tried scp -r? \_ scp -r. windows scp clients do this too. fool \_ samba on the Mac. -tom \_ Why not just connect to the PC from the Mac? OS X has a built-in SMB client or you can just enable Windows Sharing on OS X for the opposite direction. \_ my problem with WinSCP is that it doesn't like to copy file names with foreign letters (accented e, Ooo, etc). What other alternatives are there besides WinSCP which I like a lot? \_ You were given the correct answer and deleted it. go away. \_ scp doesn't do recursive copy? have you tried scp -r? \_ USB2.0/IEEE1394 hard drive enclosure \_ Why was this deleted? \_ rsync over ssh. \_ car full of cdrs! \_ Only if copied and driven by a hot naked chick, who you have sex with during the copying. \_ Only if the data is lisp code. \_ 4" floppy disk \_ smb share + net. \_ seconded. If you have OpenSSH installed on your Win* box, then you can even use ssh tunneling. |
2005/4/6-8 [Computer/SW/Security, Computer/SW/Unix] UID:37085 Activity:nil |
4/6 In Linux, when I type "limit" I get to see the max # of file descriptors I can have. How do I check the number of descriptors I'm holding and how do I change it? "limit descriptors 8096" doesn't work (think I might need root or something) \_ limit/ulimit work at the shell level. You can see the number of descriptors held in /proc/self/fd. To change the max fd's, you may need to change the hardcoded limits in /etc/security/limits.conf your syntax is right, but you are probably trying to go past the hard limit (limit -h to view) Yes, you will need root access to change the hard limit. |
2005/4/6-7 [Computer/SW/Languages, Computer/SW/Security] UID:37084 Activity:high |
4/6 My banks, brokers and credit card companies are promoting paperless statements. If I tell them to stop mailing me paper statements, and later there's a gitch on their computers, will I be in a disadvantage proving my case with prinouts from their web pages compare to if I have their paper statements? I'm trying to see if it's a good idea to stop the paper statements in my mailbox in order to avoid ID theft. Thx. \_ Can you ask them whether they can somehow sign their statements that they send to you (x.509 cert, pgp, etc.?) What's the situation on digital signing/non-repudiation in the US right now anyway? Even if there's no precedent or legal basis for it, it might still be better than just an occasional email or web page printout. If you're worried about ID theft from paper statements, there are easier ways of doing it (credit card slips, for example.) You could just get a PO box too. If your bank is putting info that could be used to compromise your authentication details on paper statements, find a new bank. -John \_ All my bank and credit card paper statements have account numbers on them. I think stealing mail from my mailbox at the front of my house in broad daylight is very easy. \_ my friends in comp security all say digital signature and non-repudiation is a non-issue. the courts don't care and will accept all kinds of strange records if presented w/ an avidavit/oath of truth. hell, fax'd signatures are enough, and anyone can forge one of those. records are the starting point for deliberation, not the endpoint. \_ It's an issue in countries with a proper legal framework, and with banks that give a rat's ass (American banks are notorious in that regard, and for not paying a lot of attention to proper authentication.) Will a paper statement serve as proof in court in case of a dispute? I'm asking because you're essentially trusting their record keeping (such as transaction serial #s, etc.) to verify the authenticity of the documentation. -John \_ I think you should do a risk assessment of using the bank's record keeping vs. your own and see which is more likely to fail. \_ Yes my record is more likely to fail, but that's not the issue. If my record has a mistake, the bank is not going to go by my record to determine how much I have left in my account. But if the bank record has a mistake, the bank will most likely go by its record unless I can prove otherwise. Now my question is: does a printout from a web page as good a proof as the fancy paper statement from the bank? \_ I think you'll find neither of them can prove a balance. the record of transactions is useful so you can ask for details on any transactions that occured which are not in your records, e.g. reconciliation of accounts. \_ I filed a small claims lawsuit and needed to print out a statement. 8 months passed between when I filed for the claim and when the trial's gonna happen. That month I tried to print out bank statements but it said "Sorry we only go back to 6 months." I had no choice but to delay the trial date. What a drag. \_ I think if you care about these sort of things, then you should keep the paper copy. I do the same thing for the very same reason. |
2005/4/2-5 [Computer/SW/Security] UID:37045 Activity:nil |
4/2 Where do I enter computer equipment expense for my consulting service? Is it Office Expense? Misc expense? Home Office expense? Thanks. \_ I put it under misc. on the Schedule C (not the 8859) |
2005/3/30-31 [Computer/SW/Unix, Computer/SW/Security] UID:36971 Activity:kinda low |
3/30 ssh port forwarding/X11 issue: Any ideas on how to solve this problem: I ssh over to a remote host that shares my same home directory. My forward X11 works okay until I sudo to root. I get a message about wrong authentication. Any ideas ? Being root on the base machine works just fine for X11. \_ xhost \_ NFS mount root squash making your $HOME/.Xauthority not readable perhaps. \_ Another possibility is sudo not retaining $HOME. But anyway, look into the xauth command. |
2005/3/30-31 [Computer/SW/Security, Computer/SW/OS/Windows, Computer/SW/Unix] UID:36959 Activity:nil |
3/30 In Windows XP, when I share [export] a folder with read/write/execute permissions for ALL, it still asks for username/password. How do I configure it so that it never asks for user/password? \_ You need to enable the Guest account. |
2005/3/25-31 [Computer/SW/Security, Computer/SW/Unix] UID:36883 Activity:moderate |
3/25 My team (Yahoo! login/registration/access) has several software engineer positions open at all experience levels. -atom \_ I need a part time job, please give me a flexible part time job because school sucks. -kchang \_ How about fucking change the default login to be secure login?? Every other fucking website in the world uses secure login. Why does Yahoo insist on using non-secure login as default????!!! \_ Because it is secure, dufus. Assuming you have javascript enabled anyway. They issue a random challenge string that you answer by hashing together your password and the challenge. \_ Oh wow, we don't really need SSL don't we? \_ Oh wow, we don't really need SSL I guess. \_ Wow, no, it's needed for some things. \_ Why doesn't yahoo use SSL login by default? \_ Well, the obvious reason is they don't want to buy hardware that can handle craploads of SSL connections, which is a lot more expensive than the hashing scheme. \_ Aren't you in LA? |
2005/3/25-28 [Computer/SW/Security] UID:36868 Activity:nil |
3/24 Where can I dispose of a dead CRT for free? Office Depot had a free service, but it looks like it's over. Thanks. -slow \_ http://csua.com/?entry=25428 \_ In a dumpster. Seriously. Otherwise, wait for one of those days where you can dispose of toxics for free. I favor a random dumpster, though. Yes, I have done that. \_ Free on Fridays at http://www.accrc.org |
2005/3/23-24 [Computer/SW/Languages/Misc, Computer/SW/Security, Transportation/Car/Hybrid] UID:36839 Activity:nil 50%like:36690 |
3/23 Now you can RIDE ELECTRIC BIKE! http://tinyurl.com/59b77 (gizmodo) \_ Electric bikes are not new. -tom |
2005/3/23-24 [Recreation/Dating, Computer/SW/Security] UID:36827 Activity:high |
3/26 One more reason to use PGP, and maybe the Anonymizer. And by the way, only 1700 porn pictures? I have at least 100X that: http://news.bbc.co.uk/2/hi/entertainment/4376959.stm \_ You have over 170,000 porn pictures? \_ I do. \_ Assuming no repeats an a minimal 10 seconds per picture, \_ Assuming no repeats and a minimal 10 seconds per picture, it would take you 472.2 hours to looks at all that pr0n. Where are you getting the time? \_ 10 seconds? Try 1. \_ 472 hrs? Spread that over five years and you are talking about an hour a week. \_ Just another slow work week. \_ How about yet another reason to get your mind out of the gutter and use your higher cognitive functions for something more useful than viewing pictures of women in various states of undress? \_ How about two or more women? \_ I agree. He should spend more time getting out of the house to find women willing to undress live and in person. There's no cognitive function more useful than that. |
2005/3/22-24 [Computer/SW/Security, Politics/Domestic/SocialSecurity] UID:36815 Activity:nil |
3/22 CNN front page: "But when 443 of the 909 polled were asked whether they supported private retirement accounts in exchange for a reduction of guaranteed retirement benefits, support fell to 33 percent, while opposition rose to 59 percent [+/- 4.5 points]. ... Fifty percent said they understood the debate over Social Security "somewhat well," and 31 percent said they understood it "very well." Only 18 percent said they did not have a good grasp of the matter. |
2005/3/22-5/9 [Computer/SW/Security] UID:36803 Activity:nil |
3/22 imap, pine, pop3s, ssh/sshd, and (most importantly) nethack updated. Okay, a bunch of other random stuff that no one ever probably uses has also been updated. Send bugs (other than high score resetting) to root. |
2005/3/18-19 [Computer/SW/Security] UID:36748 Activity:kinda low |
3/15 Someone asked about popular backup options? http://www.engadget.com/entry/1234000710036562 \_ I appreciate the helpfulness, but as usual, they all suck. The closet thing to easy I've heard of are the one-touch backup drives closest thing to easy I know of are the one-touch backup drives from Western Digital, but I just wish they did encryption too. \_ It's kludgey, but have you considered backing up encrypted content rather than encrypting backed up content? -John \_ Yes. But it would be nice if, on the backup, the whole drive is encrypted. \_ How non-interactive must it be? Can you back up to a pgpdisk or EFS, or cfs/encfs on FreeBSD/Linux? -John \_ Well, when I said "closest thing to easy" I really meant for yermom, I mean, my mom or my boss to use it, and ideally easy for me to setup as well. |
2005/3/18-4/4 [Computer/SW/Unix, Computer/SW/Security] UID:36744 Activity:nil |
3/18 Office account holders - please clean up your directories, or we'll have to unleash the wrath of root (and karen) on you! =) |
2005/3/11-14 [Computer/SW/P2P, Computer/SW/Security] UID:36651 Activity:high |
3/11 What do I need to do to make sure I don't get sued when I use bittorrent? I am still a newbie. Thx. \_ Azureus bittorrent client w/ safepeer plug-in supposedly blacklists evil MPAA spy machines... \_ Don't download copyrighted materials, or run it on someone else's machine. \_ How about a real answer? I don't care much for music/movie, only apps/games. \_ It is a real answer. Bittorrent was not conceived to provide any sort of anonymity; Bram Cohen states as much somewhere on http://bittorrent.com. The fact that you have a tracker file hosted somewhere makes your IP show up. -John \_ That's illegal and you can never fully "make sure" you don't get sued. \_ Under bittorrent, how would they trace me? Just give me the technical info, if they were to do so? does the .torrent file contains my info? ip? \_ If you don't know enough to figure this out yourself, you really shouldn't attempt it. \_ In other words "I don't know". \_ In other words, "You're a dumbass, and I'll laugh my ass the fuck off if you get prosecuted" \_ Sniff. Please sir, don't call me names. \_ AFAIK, the underlying d/l stream in BT is not encrypted. Someone w/ a pkt sniffer can tell tell that you are using BT and what you are d/l'ing. If they record the pkts, (which may not be protected under 4 amd) the recorded stream may be used as evid of your copyright violation. The best way to avoid this is to not become an attractive target by d/l'ing high value items frequently. The ONLY 100% safe way is to not d/l copyrighted material. \_ Isn't it easier than that to track someone? I mean, if you're downloading Revenge of the Sith, that means you're also serving it. If I'm the Feds, and I turn on my bittorrent client and start grabbing the movie, I should get a list of IP addresses of everyone I'm getting packets from. I just tell the movie companies to ask the ISPs to match IP addresses to people's names for those people sending the most packets. It doesn't matter if the data are encrypted, since the IP addresses in the IP headers are in cleartext. (although I feel stupid putting it this way) \_ ISPs do not have to disclose the names of people for a particular IP addr unless the cops get a warrant by showing prob. cause. To show prob. cause, the cops need to prove that the IP addr actually served or d/l'ed copyrighted content thus violating the copyright. (simply having copyrighted content on your computer that you own may be covered under fair use and does not show that you have likely violated the law). If the content is encrypted, then the cops can't really prove to the judge issuing the warrant that you served or d/l'ed copyrighted content and may not be able to meet the prob cause requirement. (Some judges might say that having the files there was enough to est. prob cause so you have to be careful) If you use authentication, and the feds lie to you to get a valid passwd, then you may have all sorts of other legal protections. \_ Maybe that's why there are so few torrent users being sued. Anyways, since I don't think the torrent data are encrypted anyway, maybe it's not worth arguing about. From a "I might get sued!" standpoint, I personally would take the assumption that encryption won't help for the Revenge of the Sith example, but, YMMV. \_ Uhm, it is a real answer. You want to use it for illegal purposes, so you risk getting sued. \_ From what I've heard they've only sued 7 bittorrent users (non-ISPs). It's not as bad as MP3 sharing ... yet. Basically, you are a target if you have fat upstream, you leave your computer on all the time so you have the double whammy of always serving files and your IP address never changing, and you serve a lot of new movies. You're probably not a juicy target, but for the average user, I would just avoid grabbing new mainstream movies, lots of recent movies, or serving lots of ISOs like WinXP or Office 2003. \_ Thanks! And to the guy above, f*** off! \_ Uhm, so you basically posted to get someone to pat you on the back and say "Oh no, baby, it's okay. No one's going to sue you!" That's pretty retarded. I mean, honestly, if you're going to trade in copyrighted materials, you become vulnerable to a variety of legal actions. Period. If you can't accept that, the just buy the fucking thing and quite wringing your that, then just buy the fucking thing and quite wringing your hands. \_ Every piece of software on your computer is legally obtained? \_ No clue...but I know the risks and am willing to accept them. *shrug* \_ I see, so all that no stealing lecture does not apply to yourself. I am speachless. \_ You do realize that more than two people can post right? I haven't campaigned for or against the morality of the issue, only the OP's retardation about playing games with legality and essentially entering a state of denial. You're an idiot, by the way, just in case that wasn't clear in your post. \_ He didn't ask for a lecture, just how to avoid the law. \_ So if op had asked you how to shoplift, you would have told him w/o informing him that (1) it was wrong to steal and (2) he may be subject to criminal liability? What I find more disturbing is the fact that op feels entitled to download games (and whatever else he wants) w/o paying for it. Regardless of the civil/criminal liability associated w/ this sort of activity, op OUGHT to realize that actual people worked on the games that he is stealing and if everyone acted like him and stole these games there would be no incentive for people to work on future games. If the hard work of others brings you benefit, PAY FOR IT or we all lose in the long run. \_ I'm not going to disagree with you about games, but I don't agree that stealing software always costs companies money in lost business. I've used stolen copies of very expensive software to get the feel for them and figure out how to use them and then spent huge amounts of Other People's Money to buy the real thing based on having tried it for free. In some cases I would probably not have made that purchasing decision had I not been able to try it out. So in the end, the company made *more* money than they would had I not stolen a copy while I was a poor student who couldn't afford it anyway. \_ I can see your rationale. If you end up buying a copy of the software or deleting it b/c you don't want to buy it, there is no violation of the principle that one ought pay for things from one which one derives a benfit. Unfortunately the law does not (and probably cannot ever) allow for this. The general principle could be applied to games/music/books/movies/&c. if there were no public library or private rental systems, however, it is so easy and affordable to rent things it doesn't really make sense to steal. \_ Well, the way for this to be legal is for the company to have the foresight to give away a version that's good enough to learn the commands and get a feel for it so poeple like me don't *have* to break the law to try their damn product. Wasn't there a free version of Doom in the begining to get people hooked? After that, I was more than happy to shell out the money for the real thing which I probably wouldn't have done otherwise. \_ right...I'm sure companies which provide demo versions never get their software stolen. -tom \_ Join a private forum. No, really. \_ Would decentralization, using SSL encryption, and only using centralized servers to randomly connect people, and always use another node as a middle-man when xferring data make it really hard to track? Sort of a cross between filetopia and bittorrent... \_ onion routing, so nobody's sure what data is going through them, taht would be more like it. See 'freenet' |
2005/3/11-14 [Computer/SW/Security] UID:36644 Activity:nil |
3/11 I'd like a way to have Terminal.app change the window's background color when I ssh to another machine-- really cool would be to have some sort of mapping of hostname to RGB value so that the window for machine1 looks different than machine2. Is there a way to do this? TIA. \_ If I wanted to do this for one machine only, I would replace ssh with a wrapper that outputs some ANSI sequences before calling the real ssh. (You might want to put in some logic to only do this for interactive sessions.) To set it up on a number of systems, I would put the ANSI sequences in my .profile. That way, if you ssh from A to B, then from B to C, your colors will match machine C instead of machine B. -gm \_ You might be able to do this w/ saved .term files. Just set the background to the color you want and then do File->Save and specify the cmd to execute as /usr/bin/ssh user@host. Then when you click on a particular term file, it will have the color set and will ssh into that host. |
2005/3/10 [Computer/SW/Security] UID:36614 Activity:kinda low |
3/10 If I run to run X11 through NAT, is it better to set up raw forwarding of port 6000, or ssh-tunnel the connection? I'm not using WPA or WPA2. \_ SSH tunnel--use -c for compression, it helps a bit. Unless you have serious computer (not net) performance issues, port forwarding through SSH is very often a good idea out of principle. Also, does X11 now let you use just 6000? Used to use 6001..2..n as well, or has someone fixed that? -John \_ my understanding is you can use just 6000, defaulting to 0.0, 6001, ..., n for 0.1 ... n, if desired, but not necessary. |
2005/3/9-10 [Computer/SW/Security, Computer/SW/OS/FreeBSD] UID:36594 Activity:nil |
3/9 OpenSSH 4.0 is out: Announcement: http://tinyurl.com/5aea4 Portable: http://www.openssh.com/portable.html OpenBSD: http://www.openssh.com/openbsd.html Nifty new feature is the connection multi-plexing. \_ What is that? \_ Once you start one connection to a remote system, other connections will use the same key pair so you don't have to pay the cost of a new DH exchange (at least this is the impression I got from reading the mailing list) |
2005/3/8-9 [Transportation/Car, Computer/SW/Security] UID:36586 Activity:low |
3/8 "It was certainly an accident ... The car was traveling at a velocity that couldn't have been more than 40 kilometers (25 miles) per hour ... The government has a duty to point out that the reconstruction of the tragic event ... from the direct account of our secret service official who was with Dr. Calipari does not coincide, totally, with what has been said so far by the U.S. authorities." [Fini] said Calipari, an experienced officer who had negotiated the release of other hostages in Iraq in the past, "made all the necessary contacts with the U.S. authorities," both with those in charge of airport security and with the forces patrolling areas next to the airport. -G. Fini, Italian foreign minister (http://csua.org/u/bb0 CNN) Another article: [The security agent in the car] said that a light was flashed at the car after a curve and that gunfire -- lasting 10 or 15 seconds -- started immediately afterward, disputing U.S. military claims that several attempts were made to get the car to stop before shooting. |
2005/3/7-8 [Computer/SW/Security, Computer/SW/Unix] UID:36560 Activity:nil |
3/7 Are there any ISPs that still offer generic dial-up PPP accounts that works with the Windoze generic dialer and don't require custom dial-up clients? I have an AT&T Global Dialer account, but it needs the Global Dialer client. I remember the old days where all I needed was to enter the phone number, login and password into the Windoze dialer, and it'd work. Thanks. \_ SBC Global works for me when I'm on the road. - jvarga \_ http://ispwest.com works well for that. even works with linux. \_ http://sonic.net \_ They've always had the at&t dialer, but you've been able to authenticate with PAP and with login in the past with the 8764287346@worldnet.att.net and the gibberish password. Look for an account.txt file -dwc |
2005/3/3-5 [Consumer/CellPhone, Consumer/PDA, Computer/SW/Security] UID:36517 Activity:nil |
3/3 Anyone know of a good stopwatch/timer that works on a Treo? I've tried a few and they all seem to crash when I try to access any of the menus. tia. |
2005/3/3-5 [Computer/SW/Security] UID:36515 Activity:moderate |
3/3 Is there a way I can set up my cell phone so it only rings if the person calling knows a secret code, and otherwise just goes to voicemail? Or, can it be set up to first go to a message where the person calling can choose to leave me a voicemail or to ring the phone? In the latter scenario, this would enable people to call and leave a voicemail in the middle of the night without waking me, but they would still have the option to ring the phone if they really want to talk to me at that minute. \_ If you come up with a decent way to do this, could you please let me know? (For now, I have a profile on my phone called "Asleep", which is mostly silent; if I expect someone to call at night, then I set a non-silent ring tone for that person. It works okay, but what you suggested would be much nicer.) --mconst \_ I think you would need an answering service to handle the decision-making and a distinctive ring to only wake you when the answering service dials through. Once your phone has forwarded the call to voicemail, it would be up to the voicemail provider (usually your cell provider) to handle things. \_ In the latter scenario the caller already has an option: if they don't want to wake you, don't call in the middle of the night! Send email or call in the morning. As for the first scenario, you can get a silent ringtone, set that as the default, and assign non-default ones to people you know. \_ Yes, but I could have a seperate outgoing message for when I'm sleeping and for when I'm awake. Sometimes I'm up at 11pm, sometimes I'm in bed. The caller doesn't know. -op \_ on my cell phone feature wish list: a way to just leave someone a voicemail w/out ringing their phone. Sometimes I want to just leave someone some info but dont want to talk. Also I HATE checking voicemail... but txt msgs are often too cumbersome. It'd be great if each persons phone had a voice-to-text thing that they could use to create txt msgs. \_ If both people are on AT&T, at least, you can send voicemail directly: call your own voicemail, and select 2 from the main menu. |
2005/3/2-3 [Computer/SW/Security] UID:36498 Activity:kinda low |
3/2 I can read mail through CalMail or BearMail but can't POP. Anyone else having this problem? \_ You probably shouldn't've ignored the 3 (or was it 4?) warnings that the CalMail people sent out in the past month that vanilla POP3, being blatantly insecure by way of transmitting passwords in cleartext, will be (and now has been) permanently disabled as of 03/01/2005. Set up your mailer to use secure POP (or SIMAP), on the default port, 995 (or, respectively, 993). -alexf |
2005/2/23-24 [Computer/SW/Security] UID:36377 Activity:very high |
2/23 Hi, my girlfriend's mom is in Taiwan. Her computer stopped booting; it shows BIOS, but it won't show the WinXP screen. So, it sounds like a virus (less likely, partial drive failure / OS corruption, but let's assume it's a virus). She is concerned about recovering her files. Normally if I were on-site I'd just pull out the drive, put it in an enclosure, and bam. Is there any convenient way for her to recover her files without my being on-site? I am thinking something along the lines of a bootable CD-ROM I can mail her that could mount an NTFS partition and also a USB memory key. It would show an easy Explorer-like tree with which she can explore the C: drive and copy files over. \_ The only convenient way I can think of is for her to buy a new computer, then open up the old computer, take the disk out and put it in the new computer as a secondary drive. Even this is not "easy", but it is relatively straightforward for a non- technical user. Can you trust her to be able to operate a screwdriver? If not, she needs to bring it in to a data recovery service, which will be much more expensive. \_ have somebody in Taiwan make a KNOPPIX CD. You make the same knoppix CD here and talk her through it. She copies the files from HDD to the USB key. In these situations avoid the screwdriver if you can. \_ Thanks, I'm downloading KNOPPIX 3.7 English now and will try it out. I'll let motd know how it goes. \_ Also, if you could get remote access to her computer, that would probably make things easy for you. You might try setting up a remote access tunnel. Have her run (as root) \_ Also, if you get remote access to her computer, that would probably make things go faster. You might try setting up a ssh tunnel like this: Have her type: (at the boot: prompt) knoppix 2 vga=normal # passwd (to set the root password) # /etc/init.d/ssh start # ssh -R 2222:localhost:22 account@yourserver then you ssh to you@yourserver and run $ ssh -p 2222 root@yourserver This should give you root on her server. I haven't tried this specificaly but I'll test it out later tonight. Then you ssh to yourserver like normal and run $ ssh -p 2222 root@localhost at the password prompt, type her new root password. This should give you knoppix root on her computer. I just tested it and it works. -brett \_ Sounds cool. She gets net via PPPoE, though. So I guess I will need to fish for the PPPoE settings in KNOPPIX and tell her how to do that? \_ D'oh. She doesn't she have a firewall/router device? That could explain how her computer got comprimised. \_ That's what I told my gf. But my gf does Windows Remote Assistance all the time with her family and didn't want to mess with unblocking ports. ... "It ain't broke, so why fix it?" "Because you might get p0wn3d one day" "But I have everyone on Windows Automatic Update" "Okay" "Dang, I got p0wn3d!" The real answer is that we need to test the port unblocking in the U.S., and move them to the D-Link gateway next time we visit Taiwan. \_ Your girlfriend should either: 1) fix it herself now (or) 2) follow your advice ahead of time. 3) Get Macs for her parents. Your gf doesn't understand inbound/outbound rules: "If you are using Network Address Translation (NAT) in a home environment, you can use Remote Assistance without any special configurations." \_ You have never had a girlfriend, have you? \_ Doesn't she have any computer savvy acquaintances in Taiwan? Isn't Taiwan a high tech island? \_ Friends we used to ask are in gr4d sk00l in the U.S. |
12/25 |