|
12/25 |
2013/12/28 [Computer/SW/Security] UID:54760 Activity:nil |
12/28 Happy holidays everyone. For some reason my work's ip address gets logged in /etc/hosts.deny and\ I cannot ssh in anymore from work (except from home where I can ssh in fine): anyone knows if this file is\ auto-generated due to some event? Thanks |
2013/6/6-7/31 [Politics/Foreign/Asia/China, Computer/SW/Security] UID:54690 Activity:nil |
6/6 Wow, NSA rocks. Who would have thought they had access to major data exchangers? I have much more respect for government workers, crypto experts, mathematicans now than ever. \_ flea to Hong Kong --> best dim-sum in the world \_ "flee" \_ The dumb ones work for DMV, the smart ones for the NSA. If you had served in the military, you would have learned to have more respect for government employees. \_ Do DMV employees count at government employees? \_ Who else would they be working for? \_ That's my point. -- PP \_ Are you implying that the DMV is full of anti-American moles? That would be a really funny way to try and destroy a country, fill it full of lifeless beauracrats. bureaucrats. \_ I didn't imply that the DMV is full of moles. The poster who wrote "The dumb ones work for DMV" above did. -- PP |
2012/12/14-2013/1/24 [Computer/SW/Security] UID:54557 Activity:nil |
12/14 In AES, if someone knows both the plaintext and the ciphertext of my data, is there a way other than brute force to figure out my key? Thx. \_ No, AES is intended to be secure against this. It should even be secure if the attacker gets to choose the plaintext and see what it encrypts to, or vice versa. \_ Thanks. -- OP |
2012/8/29-11/7 [Computer/SW/Security] UID:54467 Activity:nil |
8/29 There was once a CSUA web page which runs an SSH client for logging on to soda. Does that page still exist? Can someone remind me of the URL please? Thx. \_ what do you mean? instruction on how to ssh into soda? \_ No I think he means the ssh applet, which, iirc, was an applet that implemented an ssh v1 client. I think this page went away along with a bunch of other stuff that was hosted on the old FreeBSD based soda. \_ it was the mindterm java ssh client. Its still availble if someone wants to set it back up, and the new version even supports ssh2. Very useful to allow you to ssh into the web server from places where you cannot directly install ssh client (i.e. a public kiosk) -ERic \_ Yes, that's the one I meant. -- OP \_ Typing your UNIX password into a public kiosk isn't secure and there's a number of places that already offer this in an open access mode [use google]: http://eces.colorado.edu/secure/mindterm2 Do we/CSUA/soda have any HTTPS keys? \_ Another option, also requiring https keys: http://code.google.com/p/shellinabox \_ I am not going to use anything but a one-time key or two factor auth system at a public keyboard. You have to consider that a keylogger could be installed. I guess if you don't care about compromise it doesn't matter. |
2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil |
8/26 Poll: how many of you pub/priv key users: 1) use private keys that are not password protected 2) password protect your private keys but don't use ssh-agent 3) use ssh-agent: 1) . 2) .. 3) ... \_ I also use empty passphrased private keys, but place them on an encrypted partition and symlink to them. Useful for scripted stuff, like automatic uploading of security camera footage. \_ Good idea, thanks. \_ It's worth noting that OS X 10.7+ (10.6+?) automatically uses ssh-agent |
2012/8/7-10/17 [Computer/SW/Security] UID:54455 Activity:nil |
8/6 Amazon and Apple have lame security policies: http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all "First you call Amazon and tell them you are the account holder, and want to add a credit card number to the account. All you need is the name on the account, an associated e-mail address, and the billing address. " "Next you call back, and tell Amazon that you’ve lost access to your account. Upon providing a name, billing address, and the new credit card number you gave the company on the prior call, Amazon will allow you to add a new e-mail address to the account." |
2012/7/18-8/19 [Health/Men, Computer/SW/Security] UID:54438 Activity:nil |
7/18 "Largest penis record holder arouses security suspicions at airport" http://www.csua.org/u/x2f (in.news.yahoo.com) \_ I often have that same problem. \_ I think the headline writer had some fun with that one. \_ One time when I glanced over a Yahoo News headline "U.S. busts largest-ever identity theft ring" all I saw was "U.S. busts largest-ever ......". |
12/25 |
2012/7/13-8/19 [Computer/SW/Security, Computer/Companies/Yahoo] UID:54436 Activity:nil |
7/13 Why would Yahoo store passwords unencrypted? I recall that even 20+ years ago the passwords stored in /etc/passwd on instructional machines here at Cal were one-way encrypted. (I think those were Ultrix machines.) \_ Doesn't this say anything already? http://finance.yahoo.com/echarts?s=YHOO+Interactive#symbol=yhoo;range=5y I feel bad for all the losers who are still working at YHOO and getting weekly dosage of propaganda and waiting for their worthless stocks to go up one day. \_ Like Marissa Meyer. What a loser. \_ Don't know her, but from what I read she sounds like a risky hire. \_ Marissa Mayer is much hotter than Carly Fiorina and Meg Whitman. http://www.csua.org/u/x1w (http://www.celebritynetworth.com http://www.thesidewalker.com/forums/showthread.php?p=631345 The first pic reminds me of Hanna Hilton. \_ Carol Bartz's doppleganger is pretty hot: http://www.needlesandsins.com/2010/08/yahoos-custom-tattoo.html \_ http://ycorpblog.com/2012/07/13/yahoo-0713201 Short answer: it was left over from the Associated Content acquisition. Yes it is still pretty stupid. -Yahoo employee \_ Why are you still at Yahoo? Couldn't find any other \_ Why were you still at Yahoo? Couldn't find any other respectable place to work at? In the tech industry, having Y! on the resume is like having worked at Enron. \_ Are you kidding me? Half the rockstars at the Velocity Conference last week were ex-Yahoos. \_ http://www.businessweek.com/articles/2012-07-26/the-yahoo-alumni-guide |
2012/7/2-8/19 [Computer/SW/Security] UID:54428 Activity:nil |
7/2 When I do "ssh name@machine command", that does not show up on the last log. Where is that action logged? \_ Depends on accounting level. Might not be logged at all. \_ Enable logging on sshd itself in the system sshd_config file. |
2012/2/9-3/26 [Computer/SW/Security, Computer/SW/Unix] UID:54305 Activity:nil |
2/9 Reminder: support for mail services has been deprecated for *several years*. Mail forwarding, specifically .forward mail forwarding, is officially supported and was never deprecated. \_ There is no .forward under ~root. How do we mail root and how do we get responses? \_ root@csua.berkeley.edu is and always has been an alias. root@csua.org will reach rootstaff when csua.b.e is down, and is the preferred contact. \_ Why is there still a 1.4TB volume mounted on /var/mail? \_ Because it's currently slightly less work to leave it as-is than to figure out how to migrate cleanly and smoothly. Email isn't something you just switch off one day. \_ I don't think I ever saw an announcement on this. Anyone have a copy for the rest of us to read? \_ http://preview.tinyurl.com/7bghw8h -ausman |
2011/12/29-2012/2/6 [Computer/Networking, Computer/SW/Security] UID:54277 Activity:nil |
12/29 New brute force attack against WPA1/2 base stations based on a flaw in WiFi Protected Setup (WPS): http://www.kb.cert.org/vuls/id/723755 http://www.tacnetsol.com/products http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability |
2011/12/27-2012/2/6 [Computer/SW/Security] UID:54273 Activity:nil |
12/27 Weird issue with x11: I have ssh x11 forwarding, and for the first few minutes I can initiate (start) new x11 programs like xload, emacs, etc. Now, after a few minutes, I cannot initiate new ones anymore (though my existing ssh still works). What is going on? |
2011/12/8-2012/1/10 [Computer/SW/Languages/Java, Computer/SW/Security] UID:54252 Activity:nil |
12/8 Java code much worse IRL than pretty much everything else: http://preview.tinyurl.com/d5e46cq [ars technica] |
2011/11/14-30 [Computer/SW/Security] UID:54228 Activity:nil |
11/14 Social Engineering call centers: http://www.itbusiness.ca/it/client/en/home/News.asp?id=64887 |
2011/11/11-30 [Computer/SW/Security] UID:54224 Activity:nil |
11/11 MacOSX's Sandbox security hole: http://preview.tinyurl.com/7ph2wtg [arstechnica] |
2011/11/9-30 [Computer/SW/Security, Computer/SW/OS/OsX] UID:54219 Activity:nil |
11/9 Unsigned code execution exploit in iOS 4.3 & 5: http://preview.tinyurl.com/bslubtu [arstechnica] \_ Fixed in iOS 5.0.1: http://preview.tinyurl.com/7l4vq52 [macobserver] |
2011/11/8-30 [Computer/SW/Security, Computer/SW/OS/Windows] UID:54218 Activity:nil |
11/8 ObM$Sucks http://technet.microsoft.com/en-us/security/bulletin/ms11-083 \_ How is this different from the hundreds of other M$ security vulnerabilities that people have been finding? \_ "The vulnerability could allow remote code execution if an attacker sends a continuous flow of specially crafted UDP packets to a closed port on a target system." This means any machine on the network can be rooted, even if the target machine is running firewall and anti-virus software. No doubt there are 10s of millions of compromisable machines. \_ Always followed the rule: Never hook up a Windows machine directly to the internet. No wonder. |
2011/5/19-7/30 [Computer/SW/Security] UID:54110 Activity:nil |
5/19 Uh, is anyone still using this? Please mark here if you post and haven't added this yet. I'll start: \_ person k \_ ausman, I check in about once a week. \_ erikred, twice a week or so. \_ mehlhaff, I login when I actually own my home directory instead of 'nobody', which means not often. \_ toulouse, every few days, to make sure root knows when soda goes down so someone with access to windows can kick vSphere and reboot shit \_ toulouse, every few days, to make sure root knows when soda goes down so someone with access to windows can kick vSphere and reboot shit \_ I am an undergrad and use this machine. Please don't take it away. \_ rory. I go away for long periods of time but then come back when i remember how much i love the motd and how much i've learned here over the years .... no seriously |
2011/4/27-7/30 [Computer/SW/Security, Computer/SW/Unix] UID:54096 Activity:nil |
4/28 Will wall be fixed? - jsl \_ What's wall? \_ An anachronism from a bygone era, when computers were hard to comeby, the dorms didn't have net, there was no airbears, and when phones didn't come standard with twitter or sms. \_ A non useful implementation of twitter. \_ Much like twitter itself \_ Sounds like your peer group doesn't use twitter. \_ Twitter isn't as interactive as wall was; it's micro-blogging, not chat. And most of it sucks. #likethetagsforexample -tom \_ Some groups get really chatty, and being able to use it over mobile devices is really useful for on the spot hive-mind decisions. (where are we going to eat now? what bar are we meeting at, what did we change our minds about eating etc). My only complaint is that long links are almost always shortened, so be careful what you click on (but that's pretty much the web these days). Clearly YMMV based on your circle, as with all "groupware". \_ AGAIN, we don't know *how* to fix it, because no current student and no or few alumni for several years have ever used it regularly. If you want it fixed, we're willing to do it, but nut up and offer your help. Sorry, I've had a bad day. --toulouse (I'm on root) \_ I'd rather you guys focus time on providing non-duplicable services to the UCB _undergrad_ community at large (eg, focus on usenet, actual student help, etc) than attempt to reimplement functionality that is done do death by a Free Web App like twitter (or any of the social nets out there). And again thanks for keeping soda up and around. \_ can you post the root password on motd please? Thanks. \_ vahmifqy -- you're welcome \_ Is this all it takes? I did one of the last major rewrites of 'wall', I think all that is broken right now is its logging and log rotation -ERic (mehlhaff) |
2011/2/11-19 [Computer/SW/OS/Linux, Computer/SW/Security] UID:54036 Activity:nil |
2/10 Debian 6.0 squeeze is the new stable. Do we dare a dist-upgrade? \_ the key for http://security.debian.org has changed btw. |
2011/2/11-19 [Science/Electric, Computer/SW/Security, Science/Physics] UID:54035 Activity:nil |
2/11 http://www.tinyurl.com/6zxsqfr Tardis at UCB \_ yeah there are 'tards at ucb alright |
2011/2/10-19 [Computer/SW/Security] UID:54034 Activity:nil |
2/9 http://www.net-security.org/secworld.php?id=10570 Summary: iPhone passwd storage is unsafe after all |
2010/11/18-2011/1/13 [Computer/SW/Security, Computer/SW/Unix] UID:53990 Activity:nil |
11/18 ncurses header files are missing.. \_ Installed. FYI I find it rude that you wouldn't bother to mail root and instead complain here, perhaps hoping that someone with root might check. I might not have root forever, you know, and I don't think many root staff typically check here. --toulouse P.S. the specific library installed was libncurses5-dev. If you ask for something else please do it through root@csua. |
2010/8/9-19 [Computer/SW/Security] UID:53917 Activity:nil |
8/9 I got two files, one is size 522190848 and the other is size 521648128. Both sha256 to the same number. (and sha1 too). I don't think this is supposed to happen, right? (least not with sha256). \_ how are you checking? \_ I burned one file to cd, so i mounted /cdrom and df --block-size=1 /cdrom (=521648128) then i re dl'ed the iso and checked the size: 522190848 both sha256's of iso and /dev/hdc yield the same. I have done this type of check on other isos and they yield the same sha[1,256] and size on both. Just this one is weird. \_ I don't think df is giving you the number you want. Try "wc -c /dev/hdc". \_ hash collisions can (and rarely do) happen. You're deriving a number consisting of some hundreds of bits from data with millions. The idea behind the hashing algorithm is that it is hard to get collisions on purpose, and rare with small changes i.e. bit error or tampering. \_ I don't think an SHA-256 collision has ever happened by accident. If you have two different files, the probability that they have the same SHA-256 hash by chance is 2^-256; that's less than the chance that in the one second after you hit Enter to calculate the hashes, your computer is obliterated by three separate meteorites independently. It could happen, but it's not very likely. |
2010/8/9-19 [Computer/SW/Security, Computer/SW/Unix] UID:53915 Activity:nil |
8/9 Who is this guy 42949672? Posted some root's processes for context. 751 root 15 -5 0 0 0 S 1 0.0 0:24.50 rpciod/0 5293 42949672 20 0 20412 908 576 S 0 0.0 0:18.82 nrpe 1 root 20 0 10312 748 620 S 0 0.0 0:08.75 init \_ Sounds like -1 (a truncated 4294967295). |
2010/4/30-5/10 [Computer/SW/Editors/Emacs, Computer/SW/Security] UID:53813 Activity:nil |
4/30 When I ssh into soda and run emacs, how do I activate the File/Edit/... menus at the top? Thanks. \_ Hit F10 or M-`. If you ever forget this, it's on the startup screen that emacs displays every time you run it. \_ It works! Thanks. I thought there was going to be a drup-down menu like when I run it under X or in Windows. menu like when I run it under X or in Windows. Many text-based editors in the DOS era did that. |
2010/4/19-5/10 [Computer/SW/Security, Computer/SW/WWW/Server] UID:53791 Activity:nil |
4/18 http://Apache.org hacked: http://www.theinquirer.net/inquirer/news/1601103/apache-hacked |
2010/1/29-2/8 [Computer/SW/Security] UID:53675 Activity:nil |
1/28 Need an online (you kids would say: "cloud") backup service, where I can store files and have some access control over who gets what. I could roll-my-own, but I'd prefer to let some service handle it. Any recommendations? \_ CSUA |
2010/1/28-2/8 [Politics/Domestic/California, Computer/SW/Security] UID:53673 Activity:nil |
1/28 Asians on Facebook: http://www.readwriteweb.com/archives/privacy_facebook_and_the_future_of_the_internet.php |
2010/1/23-25 [Science/Disaster, Computer/SW/Security, Computer/HW] UID:53658 Activity:low |
1/22 Tornado at Brentwood! http://weather.yahoo.com/storm/USCA0128.html \_ oh noes a widdle weather. \_ yawn |
2010/1/20-29 [Computer/SW/Languages/Misc, Computer/SW/Security] UID:53649 Activity:nil |
1/20 Did Chinese come up with new way of quicksort? http://www.nytimes.com/2010/01/20/technology/20cyber.html Joe Stewart, a malware specialist with SecureWorks, a computer security company based in Atlanta, said he determined the main program used in the attack contained a module based on an unusu al algorithm from a Chinese technical paper that has been published exclusively on Chinese-language Web sites. \_ I think the Chinese were paying more attention in CS60C than I was http://www.secureworks.com/research/blog/index.php/2010/01/20/operation-aurora-clues-in-the-code \_ RACIST!!! \_ Kill a commie for mommy. \_ What does that have to do with quicksort? |
2010/1/9-25 [Computer/SW/Security] UID:53620 Activity:nil |
12/8 http://www.readwriteweb.com/archives/blockchalk_an_anonymous_message_board_for_your_nei.php Anonymous forum... good or bad? \_ http://www.4chan.org Anonymous forum... good or bad? \_ top article actually references 4chan. \_ why can't you access this through the web? |
2009/12/29-2010/1/19 [Computer/SW/Security] UID:53607 Activity:nil |
12/29 Sounds like the GSM encryption key has been recovered via a brute force attack: http://www.nytimes.com/2009/12/29/technology/29hack.html |
2009/12/24-2010/1/19 [Computer/SW/WWW/Browsers, Computer/SW/Security] UID:53601 Activity:nil |
12/18 http://ask.slashdot.org/story/09/12/10/2115238/Best-Way-To-Clear-Your-Name-Online Useful for some of you CSUAers \_ Yeah, the advice is pretty obvious, just generate a bunch of relavent positive information about yourself and bury the old bad stuff on the fifth page of Google results. |
2009/11/4-17 [Computer/SW/P2P, Computer/Networking, Computer/SW/Security] UID:53495 Activity:nil |
11/4 Holy cow, I got a warning from my ISP that they were notified by BSA/baytsp.com that I was copying music/video/software. Do they do port scan or something? That's a first for me. \_ They hang out on P2P networks and track IP addresses. -tom \_ I believe they are paid by content providers to perform this monitoring service, so you should only run this risk with content from certain sources (such as Fox movies) \_ That's probably true. -tom |
2009/10/25-11/3 [Computer/SW/Security] UID:53467 Activity:nil |
10/24 These guy are pretty amazing. Sonos, A capella++ group http://www.youtube.com/watch?v=aDzirncym4w \_ Production quality lower, group quality higher: http://vids.myspace.com/index.cfm?fuseaction=vids.individual&videoid=3340638 |
2009/9/18-29 [Computer/SW/Security, Computer/SW/Unix, Finance/Investment] UID:53379 Activity:nil |
9/18 In Linux, is there a way for root to change the "nice" value of an existing process? thx. \_ Yes. man renice. |
2009/9/10-21 [Computer/SW/Security] UID:53355 Activity:nil |
9/10 The Case for Postal-Style Healthcare (usnews.com): http://www.csua.org/u/p10 Maybe USPS is not *that* bad. |
2009/9/10-21 [Computer/SW/Security, Computer/SW/Unix] UID:53354 Activity:low |
9/10 Is there a web site out there that I can put in a URL and it comes back with an estimated monthly traffic, for free? I tried going to Comscore but I can't find it. \_ <DEAD>www.google.com/adplanner/planning/site_details#siteDetails?identifier=cnn.com&geo=US&trait_type=1&lp=false<DEAD> \_ check the differences between: http://gop.com and http://democrats.org \_ Do you know about Alexa? \_ Alexa charges an arm and a leg for detailed data. Fuck that \_ It is the best free summary stats I have found. Let me know if you find something better (that is free). \_ Yes. Google Ad Planner is free and BETTER. Check it out and let me know what you think. \_ Alexa is free, too, for basic info. The Google stuff looks interesting, but its UU info for where I work (CNET) is way off. Look at the daily unique user count and the monthy numbers. There is no way for this to add up. \_ http://www.quantcast.com or http://www.compete.com |
2009/8/10-19 [Computer/SW/Languages/Java, Computer/SW/Security, Consumer/Shipping] UID:53256 Activity:nil |
8/10 On the USPS web site, is there any way to use the self service site for FIRST CLASS mail? It keeps wanting me to use Priority Mail which costs a lot more than going to the USPS for first class. |
2009/8/8-14 [Computer/SW/WWW/Browsers, Computer/SW/Security] UID:53254 Activity:low |
8/6 mrauser, what ddya think of this: http://www.nplusonemag.com/node/678/print \_ Sorta tl;dr. It seems pretty dense, so I'll read it eventually... just haven't really had the time. -mrauser \_ yep, it's dense but pretty good. - !OP |
2009/8/3-13 [Computer/Companies/Google, Computer/SW/Security] UID:53230 Activity:high |
8/1 Yahoo to get 88% of the ad revenue in team up with m$. Y!m$, discuss? \_ I thought Jerry Yang would never sell! \_ He's gone, replaced by some broad. \_ 88% of pittance is still pittance, I don't know how people think there is money in click through ads. Who clicks on them? \_ do some math please and come back \_ so my question is, are you one of these "know everything about everything without researching it" guys? Because FYI, Google / AOL partnership made $678M in ad revenue last year. GOOG reported $5.54B 2008 Q4 alone. Most of that is click ads! Are you saying 88% x 678M = 596M is a "pittance" ? And that is using the AOL numbers, not Yahoo/Microsoft numbers. \_ It doesn't matter who clicks on them it's like the stock market, people think other people click on them so they value the ad space. \_ So one good paper, story, journal can end all this? \_ Who watches television or radio ads? One of the things advertisers \_ My Parents. Your Parents. Your Grand Parents, your neighbors who didn't go to Cal. Your waiter, the guy delivering your mail the guy you buy your groceries from, the guy your parents and grandparents buy your groceries from. As for radio, do any of your parents drive? I know it is gauche to admit to drive in Blue Belt Bay Area but in the next county over like vacaville there are alot of car radios. \_ You totally missed the point. The fact is that advertisers only have a very limited way of telling who is listening to their ads and what the effect is on buying behavior. They can get much better real statistics online, which they love. \_ Is click fraud a problem? Can infact advertising spots inflate their 'standings' by bots? \_ Are these all rhetorical questions? \_ no; how is the problem being addressed? It looks to me that the same people paying out and taking in revenue can work the system for fraud. And since they hold all the logs who would know? \_ All the big advertisers use third party verification services, they don't rely on what the website says is their ads delivered. There is an ongoing war about click fraud, this doesn't mean online advertising is dead, there is bank fraud and perhaps more to the point, things like Nielsen rating gaming as well. / "According to critics, this complex relationship may create a conflict of interest. For instance, Google loses money to undetected click fraud when it pays out to the publisher, but it makes more money when it collects fees from the advertiser. Because of the spread between what Google collects and what Google pays out, click fraud directly and invisibly profits Google." \_ Right, so that's why all the newspapers are dying and Google is the fastest growing big company in the world and advertisings are starting to throw big bucks to online media. Because it all doesn't work. And all they really need to do is listen to you to wisen up. \_ "Property values only keep going up, they'll NEVER come DOWN." \_ Post your real name so I can taunt you in two years. Are you GOOG short @ $100/share guy? \_ I tihnk he's trying to say that if you buy into a bubble you're just as guilty of the Pass-The-Buck mentality as the countrywide guys and the mkt mgr funds who invented Toxic Asset Technology. \_ What bubble? The Internet Bubble? In 2009??? really like about online ads is the fact that they get real metrics. |
2009/7/28-9/24 [Computer/SW/Security, Computer/SW/Unix] UID:53215 Activity:nil |
7/28 Restored basic website functionality. I also killed user websites, because I think the new root staff had set up the website with a default config and were not aware they were enabled. Sorry if this causes inconvenience, hopefully they will be restored soon once the website is taken in hand. -mrauser |
2009/7/26-29 [Computer/SW/Security] UID:53200 Activity:nil |
7/25 so is this a remote ssh exploit ? http://users.volja.net/database/matasano.PNG \_ No but this is: soda> ssh anywhere |
2009/7/12-24 [Computer/SW/Security] UID:53132 Activity:nil |
7/9 Ok I'm learning how to do this fancy ssh-keygen thing so that I don't have to keep typing passwords inbetween logging into machines. What's an ideal size for the number of bits in dsa? 1024 is default, but would 2048 enhance it even more? What do you guys use? \_ I'm paranoid. I use 4096. Go for at least 2048, I'd say... \_ If you want to be secure make sure your keys have passphrases, and make use of ssh-agent. \_ listen buddy, tab is EIGHT spaces not FOUR ok? |
2009/7/4-9 [Academia/Berkeley/CSUA, Computer/SW/Security] UID:53109 Activity:nil |
7/4 I'm accessing soda by typing ssh -X jhcooper@csua.berkeley.edu at a Linux prompt. At the soda prompt, I can type "xmessage hello &", and I get a nice little greeting from myself popping up on my display. But if I type xterm &, the process runs ok, but nothing appears on my screen. What am I doing wrong? \_ Works just fine for me... try turning on SSH debug with -v ? |
2009/7/2-16 [Computer/SW/Mail, Computer/SW/Security, Computer/SW/WWW/Server] UID:53106 Activity:nil |
7/2 Is imaps working? What are the hostnames of the "incoming and outgoing mail servers" for CSUA email, and what kind of options should one set? I also noticed that we seem \_ Setup yer .forward or .procmailrc for now. I'm at a loss, too. \_ <DEAD>mail.csua.berkeley.edu<DEAD>. Using SSH (on default port 993) like before. \_ <DEAD>mail.csua.berkeley.edu<DEAD>. Over SSL (on default port 993) like before. \_ alpine doesnt seem to work. i try Folders on <DEAD>mail.csua.berkeley.edu<DEAD>:993 in cur but get timeouts .. using cur for "inbox" folder |
2009/7/2-13 [Computer/SW/Security] UID:53102 Activity:nil |
7/2 ssh: connect to host 128.32.112.233 port 22: No route to host |
2009/6/29-7/3 [Computer/SW/Security] UID:53089 Activity:nil 53%like:53083 |
6/29 Please allow public key authentication since it is more secure than plain password. If you see this posting, it means anybody could have posted the annoucement. Because the official csua web site is still down., this makes it a little suspicious to the truly paranoid. p.s. this web entry format is counter intuitive. And how come there is a commercial? |
2009/6/29-7/3 [Computer/SW/Security] UID:53083 Activity:low 53%like:53089 |
6/28 Hello everyone, Logins to soda are back open. The new ssh key is 2048 4b:96:67:18:27:da:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX Please allow public key authentication since it is more secure than plain password. Also if you see this posting, it means anybody could have posted the annoucement. Because the official csua web site is still down., this makes it a little suspicious to the truly paranoid. Not many packages are set up, please email root@csua with requests to (re)install anything that you would like installed. Also, some services still aren't online - feel free to email us with those as well so we don't forget any. Best, Steven |
2009/5/11-18 [Computer/SW/Security, Computer/HW/Drives] UID:52982 Activity:nil |
5/10 I have large spare disks on several machines, all on same net. How can I combine them into one big visible network file system? \_ you want either a clustered file system (eww expensive) or look into smoething like a distributed file system (afs, global fs). \_ The startup I work for makes a distributed NAS product that's free for the first four terabytes if you'd like to try it. http://www.parascale.com --alawrenc |
2009/4/22-28 [Computer/SW/Security] UID:52894 Activity:nil |
4/22 ok, here's a little networking puzzler. I haven't been able to access youtube for a couple weeks. Couldn't figure out why. Happened on all browsers. traceroute did weird stuff and then timed out. Finally I got so frustrated I setup firefox to ssh tunnel through soda.csua, which worked great. Then, I kill the ssh proc, quit FF, and now, I can access youtube just fine from any browser. wtf? any explanation? thx \_ Sounds like not a networking problem, but a messed up OS problem. Which OS were you seeing this with? Did you try to diagnose with any non-browser tools (ping/telnet/wget/etc ?). \_ yes ... dig seemed to resolve ok. ping seems to work. telnet/ curl behave the same as my browser (wait for a while then timeout). I don't totally know how to read traceroute but but after about 8 hops it starts showing stars and then craps out. The problem came back today. I ssh tunneled to csua, and then a couple minutes later, it started working fine in my non-proxied/tunneling browsers as well. \_ Is this from work or home? 8 hops, wow that is a long way, is it crapping out at a corporate firewall perhaps? It doesn't sound like it though, at 8 hops... \_ I couldn't tell where it was crapping out. It seemed to me like it was bouncing around a bunch of different hosts at some ISP or something. This is from home, using Time Warner cable internet. I did some research and read some anecdotal accounts that TW "doesnt like" youtube ... not sure if that means throttling traficc? or causing intentional routing headahces? Anyway, youtube still working today so I can't give you a sample traceroute. thx \_ ps, mac osx 10.5. \_ Where you SYN FLOODING youtube? \_ no \_ J00 R P0WN3D |
2009/4/18-23 [Computer/SW/Security, Computer/SW/Unix] UID:52870 Activity:nil |
4/17 To those who have a twitter account and also follow people: how do you use twitter to read others' tweets? do you just visit their individual pages or do you stay logged in and visit http://twitter.com/home ? Thanks. /home: indiv pages: . \_ aren't you supposed to receive updates on your cell phone? |
2009/4/9-13 [Politics/Domestic/911, Computer/SW/Security] UID:52824 Activity:moderate |
4/9 Thousands cut off from phone service in South Bay counties: http://www.csua.org/u/ny7 (http://www.sfgate.com No way to call 911 with either landline or cell. Time to steal your neighbor's 60" plasma TV or rape that hot busty chick down the block! Anyway, why do rogue nations bother with cyber attacks on the US? This is a much more efficient way to paralyze the US. They can't even replace one god damn cable seven hours after it was cut. \_ Unless you secretly murder the hot busty chick down the block after you rape her, you'll probably come under police scrutiny when phone lines are eventually restored. |
2009/3/27-4/2 [Computer/SW/Security, Computer/SW/OS/FreeBSD] UID:52764 Activity:nil |
3/27 i just want to set up a proxy. squid is too annoying. privoxy locks too much content down. any tips ? \_ Use ssh's built-in SOCKS server. On the client, run "ssh -D1080 proxyhost", and then set your browser to use localhost:1080 as a SOCKS proxy. \_ best advice. Fuck squid. SSH has everything. http://osdir.com/ml/user-groups.ale/2003-03/msg01182.html \_ http://seankelly.tv/blog/blogentry.2007-03-02.4768602564 \_ http://calomel.org/firefox_ssh_proxy.html <--- pretty helpful |
2009/3/7-13 [Computer/SW/Security, Computer/SW/Unix] UID:52683 Activity:low |
3/6 Is http://www.cygwin.org a real site or a hoax? It looks different from http://www.cygwin.com and it doesn't mention the latter. Thx. \_ It looks like a mistake -- http://cygwin.org (without the "www") works, but http://www.cygwin.org gives you http://sourceware.org instead. \_ I dunno why there are no links to Cygwin 1.7 on that site. try this: http://cygwin.com/setup-1.7.exe |
2009/3/3-5 [Computer/SW/Security, Computer/SW/Unix] UID:52671 Activity:high |
3/3/9 Happy Square Root Day \_ This morning some guy on KCBS AM 740 was playing with this and said something like "if you take the square root of every number, they don't look so big anymore. For example, next week the square root of my age is just 8. And the square root of the $838 billion stimulus package is just $29 billion." No wonder American kids rank last in math among industrialized countries. \_ i think the sqrt of his iq is also 8. \_ Dude needs to go back to school, and age 8 seems like a good time to learn about square roots. \_ Huh? I don't see anything wrong with his statement. \_ sqrt(838e9) is about 915423. \_ I guess. sqrt(838) =~ 29. (Billion dollars) is the units. Depends on how you look at it. \_ Right, but you need to square root the units too, just like sqrt(10000 m^2) = 100 m. The answer is the same whether you consider the units to be m^2 or (10000 m^2) or whatever. \_ I understand this, but what is the square root of "2 dollars"? This is like asking what is the square root of "2 cows". The original statement said "square root of every number" and not "square root of every quantity". You could argue (correctly) that 838,000,000,000 is a number in itself and its root is not 29,000,000,000, but what about "838 cows"? What is the square root of a cow? I think the key number is 838 and not 838*(units). You have to be pretty pedantical to not realize that. \_ If your units are billions of dollars than your square root units of ~ 31622 * $^(1/2). sqrt (838) * sqrt (1,000,000,000) ~= 29 * 31622 ~= 915422 \_ 915422 *what*? Not dollars. \_ $^(1/2) Which is 1/31622 of (Billion $)^(1/2) \_ Exactly, which is nonsense. So ignore the units. \_ If you ignore the units you can turn it anything you want. Sqrt($838e9) = $838e9 if my units are "$838e9" and I've decided units are meaningless. \_ You have to use some common sense here. The square root of his age (64) is 8, not 8 (years)^1/2. \_ But by your logic we can make the units billions of years, and now the the square root of 64 is 252982. Better example: the square root of $1 is 1 if you are ignoring units, but the square root of 100 pennies is 10! 100 pennies = 1 dollar so how can those two be different. $1 = 100c sqrt($1) = sqrt(100c) 1 * $^(1/2) = 10 * c^(1/2) The difference is in the units. 1 c^(1/2) is, by definition, 1/10th of 1 $^(1/2). \_ But what is a sqrt($)? or a sqrt(cent)? \_ I guess you're right. Square rooting a number independently of its unit like this makes no sense, but it is what the original statement said, and really it doesn't sound like he was trying to make sense anyway. (FWIW, I think sqrt("2 cows") is meaningless too, unless you can come up with a meaning for 1.4 cow^(1/2).) \_ Depends on how good you are at math, actually. |
2009/2/16-19 [Computer/Companies/Google, Computer/SW/Security] UID:52582 Activity:kinda low |
2/16 Lea, what does Google security know by now? Should I talk to you under a different channel? I can either spill my beans on Valleywag or ask you to just vent for me. Either way, I really need to vent. If you don't want to help me vent, it's cool. I'll just cross reference Soda names with Moma. -unhappy borg mon \_ No one's tracking anyone, no need to get paranoid. I just meant that there are ways of telling whether someone's a Googler. Anyway, if you are, then email me at chialea@gmail or give me a call on my cell. Of course I'll try to help. - Lea \_ make sure kchang isn't on the security team \_ why not? did http://csua.com have a big leak? or is it bc he's crazy? \_ agreed that kchang is crazy but nickkral is the one on the security team. \_ despite what you hear on the wags there are still a lot of Google loyalists out there. The Google has eyes and ears, and I'd keep it low unless you want to get fired. \_ Um, what? can someone fill me in? -t |
12/25 |