| WIKI | FAQ | Tech FAQ | |
 http://csua.com/feed/ | |
| ||||||
| 5/16 |
| 2013/12/28 [Computer/SW/Security] UID:54760 Activity:nil |
12/28 Happy holidays everyone.
For some reason my work's ip address gets logged in /etc/hosts.deny and\
I cannot ssh in anymore from work
(except from home where I can ssh in fine): anyone knows if this file is\
auto-generated due to some event? Thanks |
| 2013/6/6-7/31 [Politics/Foreign/Asia/China, Computer/SW/Security] UID:54690 Activity:nil |
6/6 Wow, NSA rocks. Who would have thought they had access to major
data exchangers? I have much more respect for government workers,
crypto experts, mathematicans now than ever.
\_ flea to Hong Kong --> best dim-sum in the world
\_ "flee"
\_ The dumb ones work for DMV, the smart ones for the NSA. If you
had served in the military, you would have learned to have more
respect for government employees.
\_ Do DMV employees count at government employees?
\_ Who else would they be working for?
\_ That's my point. -- PP
\_ Are you implying that the DMV is full of anti-American
moles? That would be a really funny way to try and
destroy a country, fill it full of lifeless
beauracrats.
bureaucrats.
\_ I didn't imply that the DMV is full of moles. The
poster who wrote "The dumb ones work for DMV" above
did. -- PP |
| 5/16 |
| 2012/12/14-2013/1/24 [Computer/SW/Security] UID:54557 Activity:nil |
12/14 In AES, if someone knows both the plaintext and the ciphertext of my
data, is there a way other than brute force to figure out my key? Thx.
\_ No, AES is intended to be secure against this. It should even be
secure if the attacker gets to choose the plaintext and see what it
encrypts to, or vice versa.
\_ Thanks. -- OP |
| 2012/8/29-11/7 [Computer/SW/Security] UID:54467 Activity:nil |
8/29 There was once a CSUA web page which runs an SSH client for logging
on to soda. Does that page still exist? Can someone remind me of the
URL please? Thx.
\_ what do you mean? instruction on how to ssh into soda?
\_ No I think he means the ssh applet, which, iirc, was an applet
that implemented an ssh v1 client. I think this page went away
along with a bunch of other stuff that was hosted on the old
FreeBSD based soda.
\_ it was the mindterm java ssh client. Its still availble
if someone wants to set it back up, and the new
version even supports ssh2. Very useful to allow you to
ssh into the web server from places where you cannot
directly install ssh client (i.e. a public kiosk) -ERic
\_ Yes, that's the one I meant. -- OP
\_ Typing your UNIX password into a public kiosk isn't
secure and there's a number of places that already
offer this in an open access mode [use google]:
http://eces.colorado.edu/secure/mindterm2
Do we/CSUA/soda have any HTTPS keys?
\_ Another option, also requiring https keys:
http://code.google.com/p/shellinabox
\_ I am not going to use anything but a one-time
key or two factor auth system at a public
keyboard. You have to consider that a keylogger
could be installed. I guess if you don't care
about compromise it doesn't matter. |
| 2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil |
8/26 Poll: how many of you pub/priv key users: 1) use private keys that
are not password protected 2) password protect your private keys
but don't use ssh-agent 3) use ssh-agent:
1) .
2) ..
3) ...
\_ I also use empty passphrased private keys, but place them
on an encrypted partition and symlink to them. Useful for
scripted stuff, like automatic uploading of security camera
footage.
\_ Good idea, thanks.
\_ It's worth noting that OS X 10.7+ (10.6+?) automatically uses
ssh-agent |
| 2012/8/7-10/17 [Computer/SW/Security] UID:54455 Activity:nil |
8/6 Amazon and Apple have lame security policies:
http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all
"First you call Amazon and tell them you are the account holder, and
want to add a credit card number to the account. All you need is the
name on the account, an associated e-mail address, and the billing
address. "
"Next you call back, and tell Amazon that you’ve lost access to your
account. Upon providing a name, billing address, and the new credit
card number you gave the company on the prior call, Amazon will
allow you to add a new e-mail address to the account." |
| 2012/7/18-8/19 [Health/Men, Computer/SW/Security] UID:54438 Activity:nil |
7/18 "Largest penis record holder arouses security suspicions at airport"
http://www.csua.org/u/x2f (in.news.yahoo.com)
\_ I often have that same problem.
\_ I think the headline writer had some fun with that one.
\_ One time when I glanced over a Yahoo News headline "U.S. busts
largest-ever identity theft ring" all I saw was "U.S. busts
largest-ever ......". |
| 2012/7/13-8/19 [Computer/SW/Security, Computer/Companies/Yahoo] UID:54436 Activity:nil |
7/13 Why would Yahoo store passwords unencrypted? I recall that even 20+
years ago the passwords stored in /etc/passwd on instructional
machines here at Cal were one-way encrypted. (I think those were
Ultrix machines.)
\_ Doesn't this say anything already?
http://finance.yahoo.com/echarts?s=YHOO+Interactive#symbol=yhoo;range=5y
I feel bad for all the losers who are still working at YHOO
and getting weekly dosage of propaganda and waiting for their
worthless stocks to go up one day.
\_ Like Marissa Meyer. What a loser.
\_ Don't know her, but from what I read she sounds like a
risky hire.
\_ Marissa Mayer is much hotter than Carly Fiorina and Meg
Whitman.
http://www.csua.org/u/x1w (http://www.celebritynetworth.com
http://www.thesidewalker.com/forums/showthread.php?p=631345
The first pic reminds me of Hanna Hilton.
\_ Carol Bartz's doppleganger is pretty hot:
http://www.needlesandsins.com/2010/08/yahoos-custom-tattoo.html
\_ http://ycorpblog.com/2012/07/13/yahoo-0713201
Short answer: it was left over from the Associated Content
acquisition. Yes it is still pretty stupid. -Yahoo employee
\_ Why are you still at Yahoo? Couldn't find any other
\_ Why were you still at Yahoo? Couldn't find any other
respectable place to work at? In the tech industry, having
Y! on the resume is like having worked at Enron.
\_ Are you kidding me? Half the rockstars at the Velocity
Conference last week were ex-Yahoos.
\_ http://www.businessweek.com/articles/2012-07-26/the-yahoo-alumni-guide |
| 2012/7/2-8/19 [Computer/SW/Security] UID:54428 Activity:nil |
7/2 When I do "ssh name@machine command", that does not show up
on the last log. Where is that action logged?
\_ Depends on accounting level. Might not be logged at all.
\_ Enable logging on sshd itself in the system sshd_config file. |
| 2012/2/9-3/26 [Computer/SW/Security, Computer/SW/Unix] UID:54305 Activity:nil |
2/9 Reminder: support for mail services has been deprecated for *several
years*. Mail forwarding, specifically .forward mail forwarding, is
officially supported and was never deprecated.
\_ There is no .forward under ~root. How do we mail root and how do
we get responses?
\_ root@csua.berkeley.edu is and always has been an alias.
root@csua.org will reach rootstaff when csua.b.e is down, and
is the preferred contact.
\_ Why is there still a 1.4TB volume mounted on /var/mail?
\_ Because it's currently slightly less work to leave it as-is than
to figure out how to migrate cleanly and smoothly. Email isn't
something you just switch off one day.
\_ I don't think I ever saw an announcement on this. Anyone have
a copy for the rest of us to read?
\_ http://preview.tinyurl.com/7bghw8h -ausman |
| 2011/12/29-2012/2/6 [Computer/Networking, Computer/SW/Security] UID:54277 Activity:nil |
12/29 New brute force attack against WPA1/2 base stations based on a flaw
in WiFi Protected Setup (WPS):
http://www.kb.cert.org/vuls/id/723755
http://www.tacnetsol.com/products
http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability |
| 2011/12/27-2012/2/6 [Computer/SW/Security] UID:54273 Activity:nil |
12/27 Weird issue with x11: I have ssh x11 forwarding, and for the first
few minutes I can initiate (start) new x11 programs like xload,
emacs, etc. Now, after a few minutes, I cannot initiate new ones
anymore (though my existing ssh still works). What is going on? |
| 2011/12/8-2012/1/10 [Computer/SW/Languages/Java, Computer/SW/Security] UID:54252 Activity:nil |
12/8 Java code much worse IRL than pretty much everything else:
http://preview.tinyurl.com/d5e46cq [ars technica] |
| 2011/11/14-30 [Computer/SW/Security] UID:54228 Activity:nil |
11/14 Social Engineering call centers:
http://www.itbusiness.ca/it/client/en/home/News.asp?id=64887 |
| 2011/11/11-30 [Computer/SW/Security] UID:54224 Activity:nil |
11/11 MacOSX's Sandbox security hole:
http://preview.tinyurl.com/7ph2wtg [arstechnica] |
| 2011/11/9-30 [Computer/SW/Security, Computer/SW/OS/OsX] UID:54219 Activity:nil |
11/9 Unsigned code execution exploit in iOS 4.3 & 5:
http://preview.tinyurl.com/bslubtu [arstechnica]
\_ Fixed in iOS 5.0.1:
http://preview.tinyurl.com/7l4vq52 [macobserver] |
| 2011/11/8-30 [Computer/SW/Security, Computer/SW/OS/Windows] UID:54218 Activity:nil |
11/8 ObM$Sucks
http://technet.microsoft.com/en-us/security/bulletin/ms11-083
\_ How is this different from the hundreds of other M$ security
vulnerabilities that people have been finding?
\_ "The vulnerability could allow remote code execution if an
attacker sends a continuous flow of specially crafted UDP
packets to a closed port on a target system."
This means any machine on the network can be rooted, even if
the target machine is running firewall and anti-virus software.
No doubt there are 10s of millions of compromisable machines.
\_ Always followed the rule: Never hook up a Windows
machine directly to the internet. No wonder. |
| 2011/5/19-7/30 [Computer/SW/Security] UID:54110 Activity:nil |
5/19 Uh, is anyone still using this? Please mark here if you post and
haven't added this yet. I'll start:
\_ person k
\_ ausman, I check in about once a week.
\_ erikred, twice a week or so.
\_ mehlhaff, I login when I actually own my home directory instead of
'nobody', which means not often.
\_ toulouse, every few days, to make sure root knows when soda goes down
so someone with access to windows can kick vSphere and reboot shit
\_ toulouse, every few days, to make sure root knows when soda goes
down so someone with access to windows can kick vSphere and reboot
shit
\_ I am an undergrad and use this machine. Please don't take it away.
\_ rory. I go away for long periods of time but then come back when
i remember how much i love the motd and how much i've learned here
over the years .... no seriously |
| 2011/4/27-7/30 [Computer/SW/Security, Computer/SW/Unix] UID:54096 Activity:nil |
4/28 Will wall be fixed? - jsl
\_ What's wall?
\_ An anachronism from a bygone era, when computers were hard to
comeby, the dorms didn't have net, there was no airbears, and
when phones didn't come standard with twitter or sms.
\_ A non useful implementation of twitter.
\_ Much like twitter itself
\_ Sounds like your peer group doesn't use twitter.
\_ Twitter isn't as interactive as wall was; it's
micro-blogging, not chat. And most of it sucks.
#likethetagsforexample -tom
\_ Some groups get really chatty, and being able to
use it over mobile devices is really useful for
on the spot hive-mind decisions. (where are we
going to eat now? what bar are we meeting at,
what did we change our minds about eating etc).
My only complaint is that long links are almost
always shortened, so be careful what you click on
(but that's pretty much the web these days). Clearly
YMMV based on your circle, as with all "groupware".
\_ AGAIN, we don't know *how* to fix it, because no current student and
no or few alumni for several years have ever used it regularly. If
you want it fixed, we're willing to do it, but nut up and offer your
help. Sorry, I've had a bad day. --toulouse (I'm on root)
\_ I'd rather you guys focus time on providing non-duplicable
services to the UCB _undergrad_ community at large (eg, focus on
usenet, actual student help, etc) than attempt to reimplement
functionality that is done do death by a Free Web App like
twitter (or any of the social nets out there). And again thanks
for keeping soda up and around.
\_ can you post the root password on motd please? Thanks.
\_ vahmifqy -- you're welcome
\_ Is this all it takes? I did one of the last major rewrites of
'wall', I think all that is broken right now is its logging and
log rotation -ERic (mehlhaff) |
| 2011/2/11-19 [Computer/SW/OS/Linux, Computer/SW/Security] UID:54036 Activity:nil |
2/10 Debian 6.0 squeeze is the new stable. Do we dare a dist-upgrade?
\_ the key for http://security.debian.org has changed btw. |
| 2011/2/11-19 [Science/Electric, Computer/SW/Security, Science/Physics] UID:54035 Activity:nil |
2/11 http://www.tinyurl.com/6zxsqfr Tardis at UCB \_ yeah there are 'tards at ucb alright |
| 2011/2/10-19 [Computer/SW/Security] UID:54034 Activity:nil |
2/9 http://www.net-security.org/secworld.php?id=10570 Summary: iPhone passwd storage is unsafe after all |
| 2010/11/18-2011/1/13 [Computer/SW/Security, Computer/SW/Unix] UID:53990 Activity:nil |
11/18 ncurses header files are missing..
\_ Installed. FYI I find it rude that you wouldn't bother to mail root
and instead complain here, perhaps hoping that someone with root
might check. I might not have root forever, you know, and I don't
think many root staff typically check here. --toulouse
P.S. the specific library installed was libncurses5-dev. If you ask
for something else please do it through root@csua. |
| 2010/8/9-19 [Computer/SW/Security] UID:53917 Activity:nil |
8/9 I got two files, one is size 522190848 and the other is size
521648128. Both sha256 to the same number. (and sha1 too).
I don't think this is supposed to happen, right? (least not with
sha256).
\_ how are you checking?
\_ I burned one file to cd, so i mounted /cdrom and
df --block-size=1 /cdrom (=521648128)
then i re dl'ed the iso and checked the size: 522190848
both sha256's of iso and /dev/hdc yield the same.
I have done this type of check on other isos and they yield
the same sha[1,256] and size on both. Just this one is weird.
\_ I don't think df is giving you the number you want.
Try "wc -c /dev/hdc".
\_ hash collisions can (and rarely do) happen. You're deriving a
number consisting of some hundreds of bits from data with millions.
The idea behind the hashing algorithm is that it is hard to get
collisions on purpose, and rare with small changes i.e. bit error or
tampering.
\_ I don't think an SHA-256 collision has ever happened by accident.
If you have two different files, the probability that they have
the same SHA-256 hash by chance is 2^-256; that's less than the
chance that in the one second after you hit Enter to calculate
the hashes, your computer is obliterated by three separate
meteorites independently. It could happen, but it's not very
likely. |
| 2010/8/9-19 [Computer/SW/Security, Computer/SW/Unix] UID:53915 Activity:nil |
8/9 Who is this guy 42949672? Posted some root's processes for context.
751 root 15 -5 0 0 0 S 1 0.0 0:24.50 rpciod/0
5293 42949672 20 0 20412 908 576 S 0 0.0 0:18.82 nrpe
1 root 20 0 10312 748 620 S 0 0.0 0:08.75 init
\_ Sounds like -1 (a truncated 4294967295). |
| 2010/4/30-5/10 [Computer/SW/Editors/Emacs, Computer/SW/Security] UID:53813 Activity:nil |
4/30 When I ssh into soda and run emacs, how do I activate the File/Edit/...
menus at the top? Thanks.
\_ Hit F10 or M-`. If you ever forget this, it's on the startup
screen that emacs displays every time you run it.
\_ It works! Thanks. I thought there was going to be a drup-down
menu like when I run it under X or in Windows.
menu like when I run it under X or in Windows. Many text-based
editors in the DOS era did that. |
| 2010/4/19-5/10 [Computer/SW/Security, Computer/SW/WWW/Server] UID:53791 Activity:nil |
4/18 http://Apache.org hacked: http://www.theinquirer.net/inquirer/news/1601103/apache-hacked |
| 2010/1/29-2/8 [Computer/SW/Security] UID:53675 Activity:nil |
1/28 Need an online (you kids would say: "cloud") backup service, where
I can store files and have some access control over who gets what.
I could roll-my-own, but I'd prefer to let some service handle it.
Any recommendations?
\_ CSUA |
| 2010/1/28-2/8 [Politics/Domestic/California, Computer/SW/Security] UID:53673 Activity:nil |
1/28 Asians on Facebook:
http://www.readwriteweb.com/archives/privacy_facebook_and_the_future_of_the_internet.php |
| 2010/1/23-25 [Science/Disaster, Computer/SW/Security, Computer/HW] UID:53658 Activity:low |
1/22 Tornado at Brentwood! http://weather.yahoo.com/storm/USCA0128.html \_ oh noes a widdle weather. \_ yawn |
| 2010/1/20-29 [Computer/SW/Languages/Misc, Computer/SW/Security] UID:53649 Activity:nil |
1/20 Did Chinese come up with new way of quicksort?
http://www.nytimes.com/2010/01/20/technology/20cyber.html
Joe Stewart, a malware specialist with SecureWorks, a computer
security company based in Atlanta, said he determined the main
program used in the attack contained a module based on an unusu
al algorithm from a Chinese technical paper that has been
published exclusively on Chinese-language Web sites.
\_ I think the Chinese were paying more attention in CS60C than I
was
http://www.secureworks.com/research/blog/index.php/2010/01/20/operation-aurora-clues-in-the-code
\_ RACIST!!!
\_ Kill a commie for mommy.
\_ What does that have to do with quicksort? |
| 2010/1/9-25 [Computer/SW/Security] UID:53620 Activity:nil |
12/8 http://www.readwriteweb.com/archives/blockchalk_an_anonymous_message_board_for_your_nei.php Anonymous forum... good or bad? \_ http://www.4chan.org Anonymous forum... good or bad? \_ top article actually references 4chan. \_ why can't you access this through the web? |
| 2009/12/29-2010/1/19 [Computer/SW/Security] UID:53607 Activity:nil |
12/29 Sounds like the GSM encryption key has been recovered via a
brute force attack:
http://www.nytimes.com/2009/12/29/technology/29hack.html |
| 2009/12/24-2010/1/19 [Computer/SW/WWW/Browsers, Computer/SW/Security] UID:53601 Activity:nil |
12/18 http://ask.slashdot.org/story/09/12/10/2115238/Best-Way-To-Clear-Your-Name-Online Useful for some of you CSUAers \_ Yeah, the advice is pretty obvious, just generate a bunch of relavent positive information about yourself and bury the old bad stuff on the fifth page of Google results. |
| 2009/11/4-17 [Computer/SW/P2P, Computer/Networking, Computer/SW/Security] UID:53495 Activity:nil |
11/4 Holy cow, I got a warning from my ISP that they were notified
by BSA/baytsp.com that I was copying music/video/software.
Do they do port scan or something? That's a first for me.
\_ They hang out on P2P networks and track IP addresses. -tom
\_ I believe they are paid by content providers to perform this
monitoring service, so you should only run this risk with content
from certain sources (such as Fox movies)
\_ That's probably true. -tom |
| 2009/10/25-11/3 [Computer/SW/Security] UID:53467 Activity:nil |
10/24 These guy are pretty amazing. Sonos, A capella++ group
http://www.youtube.com/watch?v=aDzirncym4w
\_ Production quality lower, group quality higher:
http://vids.myspace.com/index.cfm?fuseaction=vids.individual&videoid=3340638 |
| 2009/9/18-29 [Computer/SW/Security, Computer/SW/Unix, Finance/Investment] UID:53379 Activity:nil |
9/18 In Linux, is there a way for root to change the "nice" value of an
existing process? thx.
\_ Yes. man renice. |
| 2009/9/10-21 [Computer/SW/Security] UID:53355 Activity:nil |
9/10 The Case for Postal-Style Healthcare (usnews.com):
http://www.csua.org/u/p10
Maybe USPS is not *that* bad. |
| 2009/9/10-21 [Computer/SW/Security, Computer/SW/Unix] UID:53354 Activity:low |
9/10 Is there a web site out there that I can put in a URL and it
comes back with an estimated monthly traffic, for free? I tried
going to Comscore but I can't find it.
\_ <DEAD>www.google.com/adplanner/planning/site_details#siteDetails?identifier=cnn.com&geo=US&trait_type=1&lp=false<DEAD>
\_ check the differences between:
http://gop.com and http://democrats.org
\_ Do you know about Alexa?
\_ Alexa charges an arm and a leg for detailed data. Fuck that
\_ It is the best free summary stats I have found. Let me know
if you find something better (that is free).
\_ Yes. Google Ad Planner is free and BETTER. Check
it out and let me know what you think.
\_ Alexa is free, too, for basic info. The Google stuff
looks interesting, but its UU info for where I work
(CNET) is way off. Look at the daily unique user count
and the monthy numbers. There is no way for this to
add up.
\_ http://www.quantcast.com or http://www.compete.com |
| 2009/8/10-19 [Computer/SW/Languages/Java, Computer/SW/Security, Consumer/Shipping] UID:53256 Activity:nil |
8/10 On the USPS web site, is there any way to use the self service
site for FIRST CLASS mail? It keeps wanting me to use Priority
Mail which costs a lot more than going to the USPS for first class. |
| 2009/8/8-14 [Computer/SW/WWW/Browsers, Computer/SW/Security] UID:53254 Activity:low |
8/6 mrauser, what ddya think of this:
http://www.nplusonemag.com/node/678/print
\_ Sorta tl;dr. It seems pretty dense, so I'll read it eventually...
just haven't really had the time. -mrauser
\_ yep, it's dense but pretty good. - !OP |
| 2009/8/3-13 [Computer/Companies/Google, Computer/SW/Security] UID:53230 Activity:high |
8/1 Yahoo to get 88% of the ad revenue in team up with m$. Y!m$,
discuss?
\_ I thought Jerry Yang would never sell!
\_ He's gone, replaced by some broad.
\_ 88% of pittance is still pittance, I don't know how people
think there is money in click through ads. Who clicks on them?
\_ do some math please and come back
\_ so my question is, are you one of these "know everything about
everything without researching it" guys? Because FYI, Google
/ AOL partnership made $678M in ad revenue last year. GOOG
reported $5.54B 2008 Q4 alone. Most of that is click ads!
Are you saying 88% x 678M = 596M is a "pittance" ? And that is
using the AOL numbers, not Yahoo/Microsoft numbers.
\_ It doesn't matter who clicks on them it's like the stock
market, people think other people click on them so they
value the ad space.
\_ So one good paper, story, journal can end all this?
\_ Who watches television or radio ads? One of the things advertisers
\_ My Parents. Your Parents. Your Grand Parents, your neighbors
who didn't go to Cal. Your waiter, the guy delivering your mail
the guy you buy your groceries from, the guy your parents and
grandparents buy your groceries from. As for radio, do any
of your parents drive? I know it is gauche to admit to drive in
Blue Belt Bay Area but in the next county over like vacaville
there are alot of car radios.
\_ You totally missed the point. The fact is that advertisers
only have a very limited way of telling who is listening
to their ads and what the effect is on buying behavior.
They can get much better real statistics online, which
they love.
\_ Is click fraud a problem? Can infact advertising spots
inflate their 'standings' by bots?
\_ Are these all rhetorical questions?
\_ no; how is the problem being addressed? It looks
to me that the same people paying out and taking in
revenue can work the system for fraud. And since
they hold all the logs who would know?
\_ All the big advertisers use third party
verification services, they don't rely on what
the website says is their ads delivered. There
is an ongoing war about click fraud, this
doesn't mean online advertising is dead, there
is bank fraud and perhaps more to the point,
things like Nielsen rating gaming as well.
/
"According to critics, this complex relationship may create a conflict of
interest. For instance, Google loses money to undetected click fraud when
it pays out to the publisher, but it makes more money when it collects fees
from the advertiser. Because of the spread between what Google collects and
what Google pays out, click fraud directly and invisibly profits Google."
\_ Right, so that's why all the newspapers are dying and Google is the
fastest growing big company in the world and advertisings are starting
to throw big bucks to online media. Because it all doesn't work. And
all they really need to do is listen to you to wisen up.
\_ "Property values only keep going up, they'll NEVER come DOWN."
\_ Post your real name so I can taunt you in two years.
Are you GOOG short @ $100/share guy?
\_ I tihnk he's trying to say that if you buy into a bubble you're
just as guilty of the Pass-The-Buck mentality as the countrywide
guys and the mkt mgr funds who invented Toxic Asset Technology.
\_ What bubble? The Internet Bubble? In 2009???
really like about online ads is the fact that they get real metrics. |
| 2009/7/28-9/24 [Computer/SW/Security, Computer/SW/Unix] UID:53215 Activity:nil |
7/28 Restored basic website functionality. I also killed user websites,
because I think the new root staff had set up the website with a
default config and were not aware they were enabled. Sorry if this
causes inconvenience, hopefully they will be restored soon once
the website is taken in hand. -mrauser |
| 2009/7/26-29 [Computer/SW/Security] UID:53200 Activity:nil |
7/25 so is this a remote ssh exploit ?
http://users.volja.net/database/matasano.PNG
\_ No but this is:
soda> ssh anywhere |
| 2009/7/12-24 [Computer/SW/Security] UID:53132 Activity:nil |
7/9 Ok I'm learning how to do this fancy ssh-keygen thing so that I
don't have to keep typing passwords inbetween logging into machines.
What's an ideal size for the number of bits in dsa? 1024 is default,
but would 2048 enhance it even more? What do you guys use?
\_ I'm paranoid. I use 4096. Go for at least 2048, I'd say...
\_ If you want to be secure make sure your keys have passphrases, and make
use of ssh-agent.
\_ listen buddy, tab is EIGHT spaces not FOUR ok? |
| 2009/7/4-9 [Academia/Berkeley/CSUA, Computer/SW/Security] UID:53109 Activity:nil |
7/4 I'm accessing soda by typing ssh -X jhcooper@csua.berkeley.edu
at a Linux prompt. At the soda prompt, I can type "xmessage hello &",
and I get a nice little greeting from myself popping up on my display.
But if I type xterm &, the process runs ok, but nothing appears on
my screen. What am I doing wrong?
\_ Works just fine for me... try turning on SSH debug with -v ? |
| 2009/7/2-16 [Computer/SW/Mail, Computer/SW/Security, Computer/SW/WWW/Server] UID:53106 Activity:nil |
7/2 Is imaps working? What are the hostnames of the "incoming and
outgoing mail servers" for CSUA email, and what kind of options
should one set?
I also noticed that we seem
\_ Setup yer .forward or .procmailrc for now. I'm at a loss, too.
\_ <DEAD>mail.csua.berkeley.edu<DEAD>. Using SSH (on default port 993) like before.
\_ <DEAD>mail.csua.berkeley.edu<DEAD>. Over SSL (on default port 993) like before.
\_ alpine doesnt seem to work. i try
Folders on <DEAD>mail.csua.berkeley.edu<DEAD>:993 in cur
but get timeouts .. using cur for "inbox" folder |
| 2009/7/2-13 [Computer/SW/Security] UID:53102 Activity:nil |
7/2 ssh: connect to host 128.32.112.233 port 22: No route to host |
| 2009/6/29-7/3 [Computer/SW/Security] UID:53089 Activity:nil 53%like:53083 |
6/29 Please allow public key authentication since it is more
secure than plain password. If you see this posting, it
means anybody could have posted the annoucement. Because
the official csua web site is still down., this makes it a
little suspicious to the truly paranoid.
p.s. this web entry format is counter intuitive. And how come
there is a commercial? |
| 2009/6/29-7/3 [Computer/SW/Security] UID:53083 Activity:low 53%like:53089 |
6/28 Hello everyone, Logins to soda are back open. The new ssh key is 2048 4b:96:67:18:27:da:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX Please allow public key authentication since it is more secure than plain password. Also if you see this posting, it means anybody could have posted the annoucement. Because the official csua web site is still down., this makes it a little suspicious to the truly paranoid. Not many packages are set up, please email root@csua with requests to (re)install anything that you would like installed. Also, some services still aren't online - feel free to email us with those as well so we don't forget any. Best, Steven |
| 2009/5/11-18 [Computer/SW/Security, Computer/HW/Drives] UID:52982 Activity:nil |
5/10 I have large spare disks on several machines, all on same net.
How can I combine them into one big visible network file system?
\_ you want either a clustered file system (eww expensive) or look into
smoething like a distributed file system (afs, global fs).
\_ The startup I work for makes a distributed NAS product that's free
for the first four terabytes if you'd like to try it.
http://www.parascale.com --alawrenc |
| 2009/4/22-28 [Computer/SW/Security] UID:52894 Activity:nil |
4/22 ok, here's a little networking puzzler. I haven't been able to access
youtube for a couple weeks. Couldn't figure out why. Happened on all
browsers. traceroute did weird stuff and then timed out. Finally I
got so frustrated I setup firefox to ssh tunnel through soda.csua,
which worked great. Then, I kill the ssh proc, quit FF, and now,
I can access youtube just fine from any browser. wtf? any
explanation? thx
\_ Sounds like not a networking problem, but a messed up OS problem.
Which OS were you seeing this with? Did you try to diagnose with
any non-browser tools (ping/telnet/wget/etc ?).
\_ yes ... dig seemed to resolve ok. ping seems to work. telnet/
curl behave the same as my browser (wait for a while then
timeout). I don't totally know how to read traceroute but
but after about 8 hops it starts showing stars and then
craps out. The problem came back today. I ssh tunneled to
csua, and then a couple minutes later, it started working
fine in my non-proxied/tunneling browsers as well.
\_ Is this from work or home? 8 hops, wow that is a long way,
is it crapping out at a corporate firewall perhaps? It
doesn't sound like it though, at 8 hops...
\_ I couldn't tell where it was crapping out. It seemed
to me like it was bouncing around a bunch of different
hosts at some ISP or something. This is from home,
using Time Warner cable internet. I did some research
and read some anecdotal accounts that TW "doesnt like"
youtube ... not sure if that means throttling traficc?
or causing intentional routing headahces? Anyway,
youtube still working today so I can't give you a
sample traceroute. thx
\_ ps, mac osx 10.5.
\_ Where you SYN FLOODING youtube?
\_ no
\_ J00 R P0WN3D |
| 2009/4/18-23 [Computer/SW/Security, Computer/SW/Unix] UID:52870 Activity:nil |
4/17 To those who have a twitter account and also follow people: how do you use
twitter to read others' tweets? do you just visit their individual
pages or do you stay logged in and visit http://twitter.com/home ? Thanks.
/home:
indiv pages: .
\_ aren't you supposed to receive updates on your cell phone? |
| 2009/4/9-13 [Politics/Domestic/911, Computer/SW/Security] UID:52824 Activity:moderate |
4/9 Thousands cut off from phone service in South Bay counties:
http://www.csua.org/u/ny7 (http://www.sfgate.com
No way to call 911 with either landline or cell. Time to steal your
neighbor's 60" plasma TV or rape that hot busty chick down the block!
Anyway, why do rogue nations bother with cyber attacks on the US?
This is a much more efficient way to paralyze the US. They can't even
replace one god damn cable seven hours after it was cut.
\_ Unless you secretly murder the hot busty chick down the block after
you rape her, you'll probably come under police scrutiny when phone
lines are eventually restored. |
| 2009/3/27-4/2 [Computer/SW/Security, Computer/SW/OS/FreeBSD] UID:52764 Activity:nil |
3/27 i just want to set up a proxy. squid is too annoying. privoxy
locks too much content down. any tips ?
\_ Use ssh's built-in SOCKS server. On the client, run "ssh -D1080
proxyhost", and then set your browser to use localhost:1080 as a
SOCKS proxy.
\_ best advice. Fuck squid. SSH has everything.
http://osdir.com/ml/user-groups.ale/2003-03/msg01182.html
\_ http://seankelly.tv/blog/blogentry.2007-03-02.4768602564
\_ http://calomel.org/firefox_ssh_proxy.html <--- pretty helpful |
| 2009/3/7-13 [Computer/SW/Security, Computer/SW/Unix] UID:52683 Activity:low |
3/6 Is http://www.cygwin.org a real site or a hoax? It looks different from http://www.cygwin.com and it doesn't mention the latter. Thx. \_ It looks like a mistake -- http://cygwin.org (without the "www") works, but http://www.cygwin.org gives you http://sourceware.org instead. \_ I dunno why there are no links to Cygwin 1.7 on that site. try this: http://cygwin.com/setup-1.7.exe |
| 2009/3/3-5 [Computer/SW/Security, Computer/SW/Unix] UID:52671 Activity:high |
3/3/9 Happy Square Root Day
\_ This morning some guy on KCBS AM 740 was playing with this and said
something like "if you take the square root of every number, they
don't look so big anymore. For example, next week the square root
of my age is just 8. And the square root of the $838 billion
stimulus package is just $29 billion."
No wonder American kids rank last in math among industrialized
countries.
\_ i think the sqrt of his iq is also 8.
\_ Dude needs to go back to school, and age 8 seems like a good
time to learn about square roots.
\_ Huh? I don't see anything wrong with his statement.
\_ sqrt(838e9) is about 915423.
\_ I guess. sqrt(838) =~ 29. (Billion dollars) is the
units. Depends on how you look at it.
\_ Right, but you need to square root the units too,
just like sqrt(10000 m^2) = 100 m. The answer is
the same whether you consider the units to be m^2
or (10000 m^2) or whatever.
\_ I understand this, but what is the square
root of "2 dollars"? This is like asking what
is the square root of "2 cows". The original
statement said "square root of every number"
and not "square root of every quantity". You
could argue (correctly) that 838,000,000,000
is a number in itself and its root is not
29,000,000,000, but what about "838 cows"? What
is the square root of a cow? I think the key
number is 838 and not 838*(units). You have
to be pretty pedantical to not realize that.
\_ If your units are billions of dollars than
your square root units of ~ 31622 * $^(1/2).
sqrt (838) * sqrt (1,000,000,000) ~=
29 * 31622 ~=
915422
\_ 915422 *what*? Not dollars.
\_ $^(1/2) Which is 1/31622 of
(Billion $)^(1/2)
\_ Exactly, which is nonsense. So
ignore the units.
\_ If you ignore the units you can
turn it anything you want.
Sqrt($838e9) = $838e9 if my
units are "$838e9" and I've
decided units are meaningless.
\_ You have to use some common
sense here. The square root
of his age (64) is 8, not
8 (years)^1/2.
\_ But by your logic we can
make the units billions of
years, and now the the
square root of 64 is
252982.
Better example: the square root of $1 is 1 if
you are ignoring units, but the square root
of 100 pennies is 10! 100 pennies = 1 dollar
so how can those two be different.
$1 = 100c
sqrt($1) = sqrt(100c)
1 * $^(1/2) = 10 * c^(1/2)
The difference is in the units. 1 c^(1/2)
is, by definition, 1/10th of 1 $^(1/2).
\_ But what is a sqrt($)? or a sqrt(cent)?
\_ I guess you're right. Square rooting a number
independently of its unit like this makes no
sense, but it is what the original statement
said, and really it doesn't sound like he was
trying to make sense anyway. (FWIW, I think
sqrt("2 cows") is meaningless too, unless you
can come up with a meaning for 1.4 cow^(1/2).)
\_ Depends on how good you are at math, actually. |
| 2009/2/16-19 [Computer/Companies/Google, Computer/SW/Security] UID:52582 Activity:kinda low |
2/16 Lea, what does Google security know by now? Should I talk to you
under a different channel? I can either spill my beans on Valleywag
or ask you to just vent for me. Either way, I really need to vent.
If you don't want to help me vent, it's cool. I'll just cross
reference Soda names with Moma. -unhappy borg mon
\_ No one's tracking anyone, no need to get paranoid. I just
meant that there are ways of telling whether someone's a
Googler. Anyway, if you are, then email me at chialea@gmail
or give me a call on my cell. Of course I'll try to help.
- Lea
\_ make sure kchang isn't on the security team
\_ why not? did http://csua.com have a big leak? or is it bc he's crazy?
\_ agreed that kchang is crazy but nickkral is the one on the
security team.
\_ despite what you hear on the wags there are still a lot of
Google loyalists out there. The Google has eyes and ears,
and I'd keep it low unless you want to get fired.
\_ Um, what? can someone fill me in? -t |
| 5/16 |