Computer SW Security - Berkeley CSUA MOTD
Berkeley CSUA MOTD:Computer:SW:Security:
Results 1051 - 1108 of 1108   < 1 2 3 4 5 6 7 8 >
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
ERROR, url_link recursive (eces.Colorado.EDU/secure/mindterm2) 2024/12/25 [General] UID:1000 Activity:popular
12/25   

2013/12/28 [Computer/SW/Security] UID:54760 Activity:nil
12/28   Happy holidays everyone.
        For some reason my work's ip address gets logged in /etc/hosts.deny and\
I cannot ssh in anymore from work
        (except from home where I can ssh in fine): anyone knows if this file is\
 auto-generated due to some event? Thanks
2013/6/6-7/31 [Politics/Foreign/Asia/China, Computer/SW/Security] UID:54690 Activity:nil
6/6     Wow, NSA rocks. Who would have thought they had access to major
        data exchangers? I have much more respect for government workers,
        crypto experts, mathematicans now than ever.
        \_ flea to Hong Kong --> best dim-sum in the world
           \_ "flee"
        \_ The dumb ones work for DMV, the smart ones for the NSA. If you
           had served in the military, you would have learned to have more
           respect for government employees.
           \_ Do DMV employees count at government employees?
              \_ Who else would they be working for?
                 \_ That's my point.  -- PP
                    \_ Are you implying that the DMV is full of anti-American
                       moles? That would be a really funny way to try and
                       destroy a country, fill it full of lifeless
                       beauracrats.
                       bureaucrats.
                       \_ I didn't imply that the DMV is full of moles.  The
                          poster who wrote "The dumb ones work for DMV" above
                          did. -- PP
2012/12/14-2013/1/24 [Computer/SW/Security] UID:54557 Activity:nil
12/14   In AES, if someone knows both the plaintext and the ciphertext of my
        data, is there a way other than brute force to figure out my key?  Thx.
        \_ No, AES is intended to be secure against this.  It should even be
           secure if the attacker gets to choose the plaintext and see what it
           encrypts to, or vice versa.
           \_ Thanks.  -- OP
2012/8/29-11/7 [Computer/SW/Security] UID:54467 Activity:nil
8/29    There was once a CSUA web page which runs an SSH client for logging
        on to soda.  Does that page still exist?  Can someone remind me of the
        URL please?  Thx.
        \_ what do you mean? instruction on how to ssh into soda?
           \_ No I think he means the ssh applet, which, iirc, was an applet
              that implemented an ssh v1 client.  I think this page went away
              along with a bunch of other stuff that was hosted on the old
              FreeBSD based soda.
              \_ it was the mindterm java ssh client. Its still availble
                 if someone wants to set it back up, and the new
                 version even supports ssh2. Very useful to allow you to
                 ssh into the web server from places where you cannot
                 directly install ssh client (i.e. a public kiosk) -ERic
                 \_ Yes, that's the one I meant.  -- OP
                 \_ Typing your UNIX password into a public kiosk isn't
                    secure and there's a number of places that already
                    offer this in an open access mode [use google]:
                    http://eces.colorado.edu/secure/mindterm2
                    Do we/CSUA/soda have any HTTPS keys?
                 \_ Another option, also requiring https keys:
                    http://code.google.com/p/shellinabox
                 \_ I am not going to use anything but a one-time
                    key or two factor auth system at a public
                    keyboard. You have to consider that a keylogger
                    could be installed. I guess if you don't care
                    about compromise it doesn't matter.
2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil
8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
        \_ I also use empty passphrased private keys, but place them
           on an encrypted partition and symlink to them.  Useful for
           scripted stuff, like automatic uploading of security camera
           footage.
           \_ Good idea, thanks.
        \_ It's worth noting that OS X 10.7+ (10.6+?) automatically uses
           ssh-agent
2012/8/7-10/17 [Computer/SW/Security] UID:54455 Activity:nil
8/6     Amazon and Apple have lame security policies:
        http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all
        "First you call Amazon and tell them you are the account holder, and
         want to add a credit card number to the account. All you need is the
         name on the account, an associated e-mail address, and the billing
         address. "

        "Next you call back, and tell Amazon that you’ve lost access to your
         account. Upon providing a name, billing address, and the new credit
         card number you gave the company on the prior call, Amazon will
         allow you to add a new e-mail address to the account."
2012/7/18-8/19 [Health/Men, Computer/SW/Security] UID:54438 Activity:nil
7/18    "Largest penis record holder arouses security suspicions at airport"
        http://www.csua.org/u/x2f (in.news.yahoo.com)
        \_ I often have that same problem.
        \_ I think the headline writer had some fun with that one.
           \_ One time when I glanced over a Yahoo News headline "U.S. busts
              largest-ever identity theft ring" all I saw was "U.S. busts
              largest-ever ......".
2024/12/25 [General] UID:1000 Activity:popular
12/25   

2012/7/13-8/19 [Computer/SW/Security, Computer/Companies/Yahoo] UID:54436 Activity:nil
7/13    Why would Yahoo store passwords unencrypted?  I recall that even 20+
        years ago the passwords stored in /etc/passwd on instructional
        machines here at Cal were one-way encrypted.  (I think those were
        Ultrix machines.)
        \_ Doesn't this say anything already?
           http://finance.yahoo.com/echarts?s=YHOO+Interactive#symbol=yhoo;range=5y
           I feel bad for all the losers who are still working at YHOO
           and getting weekly dosage of propaganda and waiting for their
           worthless stocks to go up one day.
           \_ Like Marissa Meyer. What a loser.
              \_ Don't know her, but from what I read she sounds like a
                 risky hire.
              \_ Marissa Mayer is much hotter than Carly Fiorina and Meg
                 Whitman.
                 http://www.csua.org/u/x1w (http://www.celebritynetworth.com
                 http://www.thesidewalker.com/forums/showthread.php?p=631345
                 The first pic reminds me of Hanna Hilton.
              \_ Carol Bartz's doppleganger is pretty hot:
                 http://www.needlesandsins.com/2010/08/yahoos-custom-tattoo.html
        \_ http://ycorpblog.com/2012/07/13/yahoo-0713201
           Short answer: it was left over from the Associated Content
           acquisition. Yes it is still pretty stupid. -Yahoo employee
           \_ Why are you still at Yahoo? Couldn't find any other
           \_ Why were you still at Yahoo? Couldn't find any other
              respectable place to work at? In the tech industry, having
              Y! on the resume is like having worked at Enron.
              \_ Are you kidding me? Half the rockstars at the Velocity
                 Conference last week were ex-Yahoos.
              \_ http://www.businessweek.com/articles/2012-07-26/the-yahoo-alumni-guide
2012/7/2-8/19 [Computer/SW/Security] UID:54428 Activity:nil
7/2     When I do "ssh name@machine command", that does not show up
        on the last log. Where is that action logged?
        \_ Depends on accounting level. Might not be logged at all.
        \_ Enable logging on sshd itself in the system sshd_config file.
2012/2/9-3/26 [Computer/SW/Security, Computer/SW/Unix] UID:54305 Activity:nil
2/9     Reminder: support for mail services has been deprecated for *several
        years*. Mail forwarding, specifically .forward mail forwarding, is
        officially supported and was never deprecated.
        \_ There is no .forward under ~root.  How do we mail root and how do
           we get responses?
           \_ root@csua.berkeley.edu is and always has been an alias.
              root@csua.org will reach rootstaff when csua.b.e is down, and
              is the preferred contact.
        \_ Why is there still a 1.4TB volume mounted on /var/mail?
           \_ Because it's currently slightly less work to leave it as-is than
              to figure out how to migrate cleanly and smoothly. Email isn't
              something you just switch off one day.
        \_ I don't think I ever saw an announcement on this.  Anyone have
           a copy for the rest of us to read?
           \_ http://preview.tinyurl.com/7bghw8h -ausman
2011/12/29-2012/2/6 [Computer/Networking, Computer/SW/Security] UID:54277 Activity:nil
12/29   New brute force attack against WPA1/2 base stations based on a flaw
        in WiFi Protected Setup (WPS):
        http://www.kb.cert.org/vuls/id/723755
        http://www.tacnetsol.com/products
        http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability
2011/12/27-2012/2/6 [Computer/SW/Security] UID:54273 Activity:nil
12/27   Weird issue with x11: I have ssh x11 forwarding, and for the first
        few minutes I can initiate (start) new x11 programs like xload,
        emacs, etc. Now, after a few minutes, I cannot initiate new ones
        anymore (though my existing ssh still works). What is going on?
2011/12/8-2012/1/10 [Computer/SW/Languages/Java, Computer/SW/Security] UID:54252 Activity:nil
12/8    Java code much worse IRL than pretty much everything else:
        http://preview.tinyurl.com/d5e46cq [ars technica]
2011/11/14-30 [Computer/SW/Security] UID:54228 Activity:nil
11/14   Social Engineering call centers:
        http://www.itbusiness.ca/it/client/en/home/News.asp?id=64887
2011/11/11-30 [Computer/SW/Security] UID:54224 Activity:nil
11/11   MacOSX's Sandbox security hole:
        http://preview.tinyurl.com/7ph2wtg [arstechnica]
2011/11/9-30 [Computer/SW/Security, Computer/SW/OS/OsX] UID:54219 Activity:nil
11/9    Unsigned code execution exploit in iOS 4.3 & 5:
        http://preview.tinyurl.com/bslubtu [arstechnica]
        \_ Fixed in iOS 5.0.1:
           http://preview.tinyurl.com/7l4vq52 [macobserver]
2011/11/8-30 [Computer/SW/Security, Computer/SW/OS/Windows] UID:54218 Activity:nil
11/8    ObM$Sucks
        http://technet.microsoft.com/en-us/security/bulletin/ms11-083
        \_ How is this different from the hundreds of other M$ security
           vulnerabilities that people have been finding?
           \_ "The vulnerability could allow remote code execution if an
               attacker sends a continuous flow of specially crafted UDP
               packets to a closed port on a target system."
               This means any machine on the network can be rooted, even if
               the target machine is running firewall and anti-virus software.
               No doubt there are 10s of millions of compromisable machines.
           \_ Always followed the rule: Never hook up a Windows
              machine directly to the internet.  No wonder.
2011/5/19-7/30 [Computer/SW/Security] UID:54110 Activity:nil
5/19    Uh, is anyone still using this? Please mark here if you post and
        haven't added this yet. I'll start:
        \_ person k
        \_ ausman, I check in about once a week.
        \_ erikred, twice a week or so.
        \_ mehlhaff, I login when I actually own my home directory instead of
              'nobody', which means not often.
        \_ toulouse, every few days, to make sure root knows when soda goes down
           so someone with access to windows can kick vSphere and reboot shit
        \_ toulouse, every few days, to make sure root knows when soda goes
           down so someone with access to windows can kick vSphere and reboot
           shit
        \_ I am an undergrad and use this machine.  Please don't take it away.
        \_ rory. I go away for long periods of time but then come back when
           i remember how much i love the motd and how much i've learned here
           over the years .... no seriously
2011/4/27-7/30 [Computer/SW/Security, Computer/SW/Unix] UID:54096 Activity:nil
4/28    Will wall be fixed?   - jsl
        \_ What's wall?
           \_ An anachronism from a bygone era, when computers were hard to
              comeby, the dorms didn't have net, there was no airbears, and
              when phones didn't come standard with twitter or sms.
           \_ A non useful implementation of twitter.
              \_ Much like twitter itself
                 \_ Sounds like your peer group doesn't use twitter.
                    \_ Twitter isn't as interactive as wall was; it's
                       micro-blogging, not chat.  And most of it sucks.
                       #likethetagsforexample  -tom
                       \_ Some groups get really chatty, and being able to
                          use it over mobile devices is really useful for
                          on the spot hive-mind decisions. (where are we
                          going to eat now? what bar are we meeting at,
                          what did we change our minds about eating etc).
                          My only complaint is that long links are almost
                          always shortened, so be careful what you click on
                          (but that's pretty much the web these days). Clearly
                          YMMV based on your circle, as with all "groupware".
        \_ AGAIN, we don't know *how* to fix it, because no current student and
           no or few alumni for several years have ever used it regularly. If
           you want it fixed, we're willing to do it, but nut up and offer your
           help. Sorry, I've had a bad day. --toulouse (I'm on root)
           \_ I'd rather you guys focus time on providing non-duplicable
              services to the UCB _undergrad_ community at large (eg, focus on
              usenet, actual student help, etc) than attempt to reimplement
              functionality that is done do death by a Free Web App like
              twitter (or any of the social nets out there).  And again thanks
              for keeping soda up and around.
           \_ can you post the root password on motd please? Thanks.
              \_ vahmifqy -- you're welcome
           \_ Is this all it takes?  I did  one of the last major rewrites of
              'wall', I think all that is broken right now is its logging and
              log rotation -ERic (mehlhaff)
2011/2/11-19 [Computer/SW/OS/Linux, Computer/SW/Security] UID:54036 Activity:nil
2/10    Debian 6.0 squeeze is the new stable.  Do we dare a dist-upgrade?
        \_ the key for http://security.debian.org has changed btw.
2011/2/11-19 [Science/Electric, Computer/SW/Security, Science/Physics] UID:54035 Activity:nil
2/11    http://www.tinyurl.com/6zxsqfr
        Tardis at UCB
        \_ yeah there are 'tards at ucb alright
2011/2/10-19 [Computer/SW/Security] UID:54034 Activity:nil
2/9     http://www.net-security.org/secworld.php?id=10570
        Summary: iPhone passwd storage is unsafe after all
2010/11/18-2011/1/13 [Computer/SW/Security, Computer/SW/Unix] UID:53990 Activity:nil
11/18   ncurses header files are missing..
        \_ Installed. FYI I find it rude that you wouldn't bother to mail root
           and instead complain here, perhaps hoping that someone with root
           might check. I might not have root forever, you know, and I don't
           think many root staff typically check here. --toulouse
           P.S. the specific library installed was libncurses5-dev. If you ask
           for something else please do it through root@csua.
2010/8/9-19 [Computer/SW/Security] UID:53917 Activity:nil
8/9     I got two files, one is size 522190848 and the other is size
        521648128.  Both sha256 to the same number.  (and sha1 too).
        I don't think this is supposed to happen, right? (least not with
        sha256).
        \_ how are you checking?
           \_ I burned one file to cd, so i mounted /cdrom and
              df --block-size=1 /cdrom (=521648128)
              then i re dl'ed the iso and checked the size: 522190848
              both sha256's of iso and /dev/hdc yield the same.
              I have done this type of check on other isos and they yield
              the same sha[1,256] and size on both.  Just this one is weird.
              \_ I don't think df is giving you the number you want.
                 Try "wc -c /dev/hdc".
        \_ hash collisions can (and rarely do) happen.  You're deriving a
           number consisting of some hundreds of bits from data with millions.
           The idea behind the hashing algorithm is that it is hard to get
           collisions on purpose, and rare with small changes i.e. bit error or
           tampering.
           \_ I don't think an SHA-256 collision has ever happened by accident.
              If you have two different files, the probability that they have
              the same SHA-256 hash by chance is 2^-256; that's less than the
              chance that in the one second after you hit Enter to calculate
              the hashes, your computer is obliterated by three separate
              meteorites independently.  It could happen, but it's not very
              likely.
2010/8/9-19 [Computer/SW/Security, Computer/SW/Unix] UID:53915 Activity:nil
8/9     Who is this guy 42949672?  Posted some root's processes for context.
        751  root      15  -5     0    0    0 S    1  0.0   0:24.50 rpciod/0
        5293 42949672  20   0 20412  908  576 S    0  0.0   0:18.82 nrpe
        1    root      20   0 10312  748  620 S    0  0.0   0:08.75 init
        \_ Sounds like -1 (a truncated 4294967295).
2010/4/30-5/10 [Computer/SW/Editors/Emacs, Computer/SW/Security] UID:53813 Activity:nil
4/30    When I ssh into soda and run emacs, how do I activate the File/Edit/...
        menus at the top?  Thanks.
        \_ Hit F10 or M-`.  If you ever forget this, it's on the startup
           screen that emacs displays every time you run it.
           \_ It works!  Thanks.  I thought there was going to be a drup-down
              menu like when I run it under X or in Windows.
              menu like when I run it under X or in Windows.  Many text-based
              editors in the DOS era did that.
2010/4/19-5/10 [Computer/SW/Security, Computer/SW/WWW/Server] UID:53791 Activity:nil
4/18    http://Apache.org hacked:
        http://www.theinquirer.net/inquirer/news/1601103/apache-hacked
2010/1/29-2/8 [Computer/SW/Security] UID:53675 Activity:nil
1/28    Need an online (you kids would say: "cloud") backup service, where
        I can store files and have some access control over who gets what.
        I could roll-my-own, but I'd prefer to let some service handle it.
        Any recommendations?
        \_ CSUA
2010/1/28-2/8 [Politics/Domestic/California, Computer/SW/Security] UID:53673 Activity:nil
1/28    Asians on Facebook:
        http://www.readwriteweb.com/archives/privacy_facebook_and_the_future_of_the_internet.php
2010/1/23-25 [Science/Disaster, Computer/SW/Security, Computer/HW] UID:53658 Activity:low
1/22    Tornado at Brentwood!  http://weather.yahoo.com/storm/USCA0128.html
        \_ oh noes a widdle weather.
        \_ yawn
2010/1/20-29 [Computer/SW/Languages/Misc, Computer/SW/Security] UID:53649 Activity:nil
1/20    Did Chinese come up with new way of quicksort?
        http://www.nytimes.com/2010/01/20/technology/20cyber.html
        Joe Stewart, a malware specialist with SecureWorks, a computer
        security company based in Atlanta, said he determined the main
        program used in the attack contained a module based on an unusu
        al algorithm from a Chinese technical paper that has been
        published exclusively on Chinese-language Web sites.
        \_ I think the Chinese were paying more attention in CS60C than I
           was
           http://www.secureworks.com/research/blog/index.php/2010/01/20/operation-aurora-clues-in-the-code
           \_ RACIST!!!
              \_ Kill a commie for mommy.
        \_ What does that have to do with quicksort?
2010/1/9-25 [Computer/SW/Security] UID:53620 Activity:nil
12/8    http://www.readwriteweb.com/archives/blockchalk_an_anonymous_message_board_for_your_nei.php
        Anonymous forum... good or bad?
        \_ http://www.4chan.org Anonymous forum... good or bad?
           \_ top article actually references 4chan.
        \_ why can't you access this through the web?
2009/12/29-2010/1/19 [Computer/SW/Security] UID:53607 Activity:nil
12/29   Sounds like the GSM encryption key has been recovered via a
        brute force attack:
        http://www.nytimes.com/2009/12/29/technology/29hack.html
2009/12/24-2010/1/19 [Computer/SW/WWW/Browsers, Computer/SW/Security] UID:53601 Activity:nil
12/18   http://ask.slashdot.org/story/09/12/10/2115238/Best-Way-To-Clear-Your-Name-Online
        Useful for some of you CSUAers
        \_ Yeah, the advice is pretty obvious, just generate a bunch of
           relavent positive information about yourself and bury the old
           bad stuff on the fifth page of Google results.
2009/11/4-17 [Computer/SW/P2P, Computer/Networking, Computer/SW/Security] UID:53495 Activity:nil
11/4    Holy cow, I got a warning from my ISP that they were notified
        by BSA/baytsp.com that I was copying music/video/software.
        Do they do port scan or something? That's a first for me.
        \_ They hang out on P2P networks and track IP addresses.  -tom
           \_ I believe they are paid by content providers to perform this
              monitoring service, so you should only run this risk with content
              from certain sources (such as Fox movies)
              \_ That's probably true.  -tom
2009/10/25-11/3 [Computer/SW/Security] UID:53467 Activity:nil
10/24   These guy are pretty amazing.  Sonos, A capella++ group
        http://www.youtube.com/watch?v=aDzirncym4w
        \_ Production quality lower, group quality higher:
http://vids.myspace.com/index.cfm?fuseaction=vids.individual&videoid=3340638
2009/9/18-29 [Computer/SW/Security, Computer/SW/Unix, Finance/Investment] UID:53379 Activity:nil
9/18    In Linux, is there a way for root to change the "nice" value of an
        existing process?  thx.
        \_ Yes. man renice.
2009/9/10-21 [Computer/SW/Security] UID:53355 Activity:nil
9/10    The Case for Postal-Style Healthcare (usnews.com):
        http://www.csua.org/u/p10
        Maybe USPS is not *that* bad.
2009/9/10-21 [Computer/SW/Security, Computer/SW/Unix] UID:53354 Activity:low
9/10    Is there a web site out there that I can put in a URL and it
        comes back with an estimated monthly traffic, for free? I tried
        going to Comscore but I can't find it.
        \_ <DEAD>www.google.com/adplanner/planning/site_details#siteDetails?identifier=cnn.com&geo=US&trait_type=1&lp=false<DEAD>
           \_ check the differences between:
              http://gop.com and http://democrats.org
        \_ Do you know about Alexa?
           \_ Alexa charges an arm and a leg for detailed data. Fuck that
              \_ It is the best free summary stats I have found. Let me know
                 if you find something better (that is free).
                 \_ Yes. Google Ad Planner is free and BETTER. Check
                    it out and let me know what you think.
                    \_ Alexa is free, too, for basic info. The Google stuff
                       looks interesting, but its UU info for where I work
                       (CNET) is way off. Look at the daily unique user count
                       and the monthy numbers. There is no way for this to
                       add up.
        \_ http://www.quantcast.com or http://www.compete.com
2009/8/10-19 [Computer/SW/Languages/Java, Computer/SW/Security, Consumer/Shipping] UID:53256 Activity:nil
8/10    On the USPS web site, is there any way to use the self service
        site for FIRST CLASS mail? It keeps wanting me to use Priority
        Mail which costs a lot more than going to the USPS for first class.
2009/8/8-14 [Computer/SW/WWW/Browsers, Computer/SW/Security] UID:53254 Activity:low
8/6     mrauser, what ddya think of this:
        http://www.nplusonemag.com/node/678/print
        \_ Sorta tl;dr.  It seems pretty dense, so I'll read it eventually...
           just haven't really had the time. -mrauser
           \_ yep, it's dense but pretty good. - !OP
2009/8/3-13 [Computer/Companies/Google, Computer/SW/Security] UID:53230 Activity:high
8/1     Yahoo to get 88% of the ad revenue in team up with m$.  Y!m$,
        discuss?
        \_ I thought Jerry Yang would never sell!
           \_ He's gone, replaced by some broad.
        \_ 88% of pittance is still pittance, I don't know how people
          think there is money in click through ads.  Who clicks on them?
          \_ do some math please and come back
          \_ so my question is, are you one of these "know everything about
             everything without researching it"  guys?  Because FYI, Google
             / AOL partnership made $678M in ad revenue last year.  GOOG
             reported $5.54B 2008 Q4 alone.  Most of that is click ads!
             Are you saying 88% x 678M = 596M is a "pittance" ?  And that is
             using the AOL numbers, not Yahoo/Microsoft numbers.
          \_ It doesn't matter who clicks on them it's like the stock
             market, people think other people click on them so they
             value the ad space.
             \_ So one good paper, story, journal can end all this?
          \_ Who watches television or radio ads? One of the things advertisers
             \_ My Parents.  Your Parents.  Your Grand Parents, your neighbors
                who didn't go to Cal.  Your waiter, the guy delivering your mail
                the guy you buy your groceries from, the guy your parents and
                grandparents buy your groceries from.  As for radio, do any
                of your parents drive?  I know it is gauche to admit to drive in
                Blue Belt Bay Area but in the next county over like vacaville
                there are alot of car radios.
                \_ You totally missed the point. The fact is that advertisers
                   only have a very limited way of telling who is listening
                   to their ads and what the effect is on buying behavior.
                   They can get much better real statistics online, which
                   they love.
                   \_ Is click fraud a problem?  Can infact advertising spots
                      inflate their 'standings' by bots?
                      \_ Are these all rhetorical questions?
                         \_ no; how is the problem being addressed?  It looks
                            to me that the same people paying out and taking in
                            revenue can work the system for fraud.  And since
                            they hold all the logs who would know?
                            \_ All the big advertisers use third party
                               verification services, they don't rely on what
                               the website says is their ads delivered. There
                               is an ongoing war about click fraud, this
                               doesn't mean online advertising is dead, there
                               is bank fraud and perhaps more to the point,
                               things like Nielsen rating gaming as well.
                                 /
  "According to critics, this complex relationship may create a conflict of
   interest. For instance, Google loses money to undetected click fraud when
   it pays out to the publisher, but it makes more money when it collects fees
   from the advertiser. Because of the spread between what Google collects and
   what Google pays out, click fraud directly and invisibly profits Google."
   \_ Right, so that's why all the newspapers are dying and Google is the
      fastest growing big company in the world and advertisings are starting
      to throw big bucks to online media. Because it all doesn't work. And
      all they really need to do is listen to you to wisen up.
      \_ "Property values only keep going up, they'll NEVER come DOWN."
         \_ Post your real name so I can taunt you in two years.
            Are you GOOG short @ $100/share guy?
            \_ I tihnk he's trying to say that if you buy into a bubble you're
               just as guilty of the Pass-The-Buck mentality as the countrywide
               guys and the mkt mgr funds who invented Toxic Asset Technology.
               \_ What bubble? The Internet Bubble? In 2009???
      really like about online ads is the fact that they get real metrics.
2009/7/28-9/24 [Computer/SW/Security, Computer/SW/Unix] UID:53215 Activity:nil
7/28    Restored basic website functionality.  I also killed user websites,
        because I think the new root staff had set up the website with a
        default config and were not aware they were enabled.  Sorry if this
        causes inconvenience, hopefully they will be restored soon once
        the website is taken in hand. -mrauser
2009/7/26-29 [Computer/SW/Security] UID:53200 Activity:nil
7/25    so is this a remote ssh exploit ?
        http://users.volja.net/database/matasano.PNG
        \_ No but this is:
           soda> ssh anywhere
2009/7/12-24 [Computer/SW/Security] UID:53132 Activity:nil
7/9     Ok I'm learning how to do this fancy ssh-keygen thing so that I
        don't have to keep typing passwords inbetween logging into machines.
        What's an ideal size for the number of bits in dsa? 1024 is default,
        but would 2048 enhance it even more? What do you guys use?
        \_ I'm paranoid.  I use 4096.  Go for at least 2048, I'd say...
        \_ If you want to be secure make sure your keys have passphrases, and make
           use of ssh-agent.
           \_ listen buddy, tab is EIGHT spaces not FOUR ok?
2009/7/4-9 [Academia/Berkeley/CSUA, Computer/SW/Security] UID:53109 Activity:nil
7/4     I'm accessing soda by typing ssh -X jhcooper@csua.berkeley.edu
        at a Linux prompt.  At the soda prompt, I can type "xmessage hello &",
        and I get a nice little greeting from myself popping up on my display.
        But if I type xterm &, the process runs ok, but nothing appears on
        my screen.  What am I doing wrong?
        \_ Works just fine for me...  try turning on SSH debug with -v ?
2009/7/2-16 [Computer/SW/Mail, Computer/SW/Security, Computer/SW/WWW/Server] UID:53106 Activity:nil
7/2     Is imaps working?  What are the hostnames of the "incoming and
        outgoing mail servers" for CSUA email, and what kind of options
        should one set?

        I also noticed that we seem
        \_ Setup yer .forward or .procmailrc for now. I'm at a loss, too.
        \_ <DEAD>mail.csua.berkeley.edu<DEAD>. Using SSH (on default port 993) like before.
        \_ <DEAD>mail.csua.berkeley.edu<DEAD>. Over SSL (on default port 993) like before.
          \_ alpine doesnt seem to work. i try
                Folders on <DEAD>mail.csua.berkeley.edu<DEAD>:993 in cur
                but get timeouts .. using cur for "inbox" folder
2009/7/2-13 [Computer/SW/Security] UID:53102 Activity:nil
7/2     ssh: connect to host 128.32.112.233 port 22: No route to host
2009/6/29-7/3 [Computer/SW/Security] UID:53089 Activity:nil 53%like:53083
6/29    Please allow public key authentication since it is more
        secure than plain password.  If you see this posting, it
        means anybody could have posted the annoucement.  Because
        the official csua web site is still down., this makes it a
        little suspicious to the truly paranoid.

        p.s.  this web entry format is counter intuitive.  And how come
        there is a commercial?
2009/6/29-7/3 [Computer/SW/Security] UID:53083 Activity:low 53%like:53089
6/28    Hello everyone,
Logins to soda are back open.  The new ssh key is
2048 4b:96:67:18:27:da:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
Please allow public key authentication since it is more secure
than plain password. Also if you see this posting, it means
anybody could have posted the annoucement.  Because  the
official csua web site is still down., this makes it a little
suspicious to the truly paranoid.

Not many packages are set up,
please email root@csua
with requests to (re)install anything that you would like installed.

Also, some services still aren't online -
feel free to email us with those as well so
we don't forget any.

Best,
Steven
2009/5/11-18 [Computer/SW/Security, Computer/HW/Drives] UID:52982 Activity:nil
5/10  I have large spare disks on several machines, all on same net.
      How can I combine them into one big visible network file system?
      \_ you want either a clustered file system (eww expensive) or look into
         smoething like a distributed file system (afs, global fs).
      \_ The startup I work for makes a distributed NAS product that's free
         for the first four terabytes if you'd like to try it.
         http://www.parascale.com                      --alawrenc
2009/4/22-28 [Computer/SW/Security] UID:52894 Activity:nil
4/22    ok, here's a little networking puzzler. I haven't been able to access
        youtube for a couple weeks. Couldn't figure out why. Happened on all
        browsers. traceroute did weird stuff and then timed out. Finally I
        got so frustrated I setup firefox to ssh tunnel through soda.csua,
        which worked great. Then, I kill the ssh proc, quit FF, and now,
        I can access youtube just fine from any browser. wtf? any
        explanation? thx
        \_ Sounds like not a networking problem, but a messed up OS problem.
           Which OS were you seeing this with?  Did you try to diagnose with
           any non-browser tools (ping/telnet/wget/etc ?).
           \_ yes ... dig seemed to resolve ok. ping seems to work. telnet/
              curl behave the same as my browser (wait for a while then
              timeout). I don't totally know how to read traceroute but
              but after about 8 hops it starts showing stars and then
              craps out. The problem came back today. I ssh tunneled to
              csua, and then a couple minutes later, it started working
              fine in my non-proxied/tunneling browsers as well.
              \_ Is this from work or home? 8 hops, wow that is a long way,
                 is it crapping out at a corporate firewall perhaps? It
                 doesn't sound like it though, at 8 hops...
                 \_ I couldn't tell where it was crapping out. It seemed
                    to me like it was bouncing around a bunch of different
                    hosts at some ISP or something. This is from home,
                    using Time Warner cable internet. I did some research
                    and read some anecdotal accounts that TW "doesnt like"
                    youtube ... not sure if that means throttling traficc?
                    or causing intentional routing headahces? Anyway,
                    youtube still working today so I can't give you a
                    sample traceroute. thx
           \_ ps, mac osx 10.5.
        \_ Where you SYN FLOODING youtube?
           \_ no
        \_ J00 R P0WN3D
2009/4/18-23 [Computer/SW/Security, Computer/SW/Unix] UID:52870 Activity:nil
4/17    To those who have a twitter account and also follow people: how do you use
        twitter to read others' tweets? do you just visit their individual
        pages or do you stay logged in and visit http://twitter.com/home ? Thanks.
        /home:
        indiv pages: .
        \_ aren't you supposed to receive updates on your cell phone?
2009/4/9-13 [Politics/Domestic/911, Computer/SW/Security] UID:52824 Activity:moderate
4/9     Thousands cut off from phone service in South Bay counties:
        http://www.csua.org/u/ny7 (http://www.sfgate.com
        No way to call 911 with either landline or cell.  Time to steal your
        neighbor's 60" plasma TV or rape that hot busty chick down the block!
        Anyway, why do rogue nations bother with cyber attacks on the US?
        This is a much more efficient way to paralyze the US.  They can't even
        replace one god damn cable seven hours after it was cut.
        \_ Unless you secretly murder the hot busty chick down the block after
           you rape her, you'll probably come under police scrutiny when phone
           lines are eventually restored.
2009/3/27-4/2 [Computer/SW/Security, Computer/SW/OS/FreeBSD] UID:52764 Activity:nil
3/27    i just want to set up a proxy.  squid is too annoying.  privoxy
        locks too much content down.  any tips ?
        \_ Use ssh's built-in SOCKS server.  On the client, run "ssh -D1080
           proxyhost", and then set your browser to use localhost:1080 as a
           SOCKS proxy.
           \_ best advice. Fuck squid. SSH has everything.
                http://osdir.com/ml/user-groups.ale/2003-03/msg01182.html
        \_ http://seankelly.tv/blog/blogentry.2007-03-02.4768602564
        \_ http://calomel.org/firefox_ssh_proxy.html <--- pretty helpful
2009/3/7-13 [Computer/SW/Security, Computer/SW/Unix] UID:52683 Activity:low
3/6     Is http://www.cygwin.org a real site or a hoax?  It looks different from
        http://www.cygwin.com and it doesn't mention the latter.  Thx.
        \_ It looks like a mistake -- http://cygwin.org (without the "www") works,
           but http://www.cygwin.org gives you http://sourceware.org instead.
        \_ I dunno why there are no links to Cygwin 1.7 on that site.
           try this: http://cygwin.com/setup-1.7.exe
2009/3/3-5 [Computer/SW/Security, Computer/SW/Unix] UID:52671 Activity:high
3/3/9   Happy Square Root Day
        \_ This morning some guy on KCBS AM 740 was playing with this and said
           something like "if you take the square root of every number, they
           don't look so big anymore.  For example, next week the square root
           of my age is just 8.  And the square root of the $838 billion
           stimulus package is just $29 billion."
           No wonder American kids rank last in math among industrialized
           countries.
           \_ i think the sqrt of his iq is also 8.
           \_ Dude needs to go back to school, and age 8 seems like a good
              time to learn about square roots.
              \_ Huh? I don't see anything wrong with his statement.
                 \_ sqrt(838e9) is about 915423.
                    \_ I guess. sqrt(838) =~ 29. (Billion dollars) is the
                       units. Depends on how you look at it.
                       \_ Right, but you need to square root the units too,
                          just like sqrt(10000 m^2) = 100 m.  The answer is
                          the same whether you consider the units to be m^2
                          or (10000 m^2) or whatever.
                          \_ I understand this, but what is the square
                             root of "2 dollars"? This is like asking what
                             is the square root of "2 cows". The original
                             statement said "square root of every number"
                             and not "square root of every quantity". You
                             could argue (correctly) that 838,000,000,000
                             is a number in itself and its root is not
                             29,000,000,000, but what about "838 cows"? What
                             is the square root of a cow? I think the key
                             number is 838 and not 838*(units). You have
                             to be pretty pedantical to not realize that.
                             \_ If your units are billions of dollars than
                                your square root units of ~ 31622 * $^(1/2).
                                  sqrt (838) * sqrt (1,000,000,000) ~=
                                  29 * 31622 ~=
                                  915422
                                  \_ 915422 *what*? Not dollars.
                                   \_ $^(1/2)  Which is 1/31622 of
                                      (Billion $)^(1/2)
                                      \_ Exactly, which is nonsense. So
                                         ignore the units.
                                         \_ If you ignore the units you can
                                            turn it anything you want.
                                            Sqrt($838e9) = $838e9 if my
                                            units are "$838e9" and I've
                                            decided units are meaningless.
                                            \_ You have to use some common
                                               sense here. The square root
                                               of his age (64) is 8, not
                                               8 (years)^1/2.
                                               \_ But by your logic we can
                                                  make the units billions of
                                                  years, and now the the
                                                  square root of 64 is
                                                  252982.
                                Better example: the square root of $1 is 1 if
                                you are ignoring units, but the square root
                                of 100 pennies is 10!  100 pennies = 1 dollar
                                so how can those two be different.
                                $1 = 100c
                                sqrt($1) = sqrt(100c)
                                1 * $^(1/2) = 10 * c^(1/2)
                                The difference is in the units.  1 c^(1/2)
                                is, by definition, 1/10th of 1 $^(1/2).
                                \_ But what is a sqrt($)? or a sqrt(cent)?
                             \_ I guess you're right.  Square rooting a number
                                independently of its unit like this makes no
                                sense, but it is what the original statement
                                said, and really it doesn't sound like he was
                                trying to make sense anyway.  (FWIW, I think
                                sqrt("2 cows") is meaningless too, unless you
                                can come up with a meaning for 1.4 cow^(1/2).)
                       \_ Depends on how good you are at math, actually.
2009/2/16-19 [Computer/Companies/Google, Computer/SW/Security] UID:52582 Activity:kinda low
2/16    Lea, what does Google security know by now? Should I talk to you
        under a different channel? I can either spill my beans on Valleywag
        or ask you to just vent for me. Either way, I really need to vent.
        If you don't want to help me vent, it's cool. I'll just cross
        reference Soda names with Moma.         -unhappy borg mon
        \_ No one's tracking anyone, no need to get paranoid. I just
           meant that there are ways of telling whether someone's a
           Googler. Anyway, if you are, then email me at chialea@gmail
           or give me a call on my cell. Of course I'll try to help.
           - Lea
        \_ make sure kchang isn't on the security team
           \_ why not? did http://csua.com have a big leak? or is it bc he's crazy?
           \_ agreed that kchang is crazy but nickkral is the one on the
              security team.
        \_ despite what you hear on the wags there are still a lot of
           Google loyalists out there. The Google has eyes and ears,
           and I'd keep it low unless you want to get fired.
        \_ Um, what? can someone fill me in? -t
2024/12/25 [General] UID:1000 Activity:popular
12/25   
Results 1051 - 1108 of 1108   < 1 2 3 4 5 6 7 8 >
Berkeley CSUA MOTD:Computer:SW:Security:
.