27 posts • joined Monday 6th July 2009 12:33 GMT
Well, Im sort of torn on this one, firstly unlike a lot of the preaching types here, I've *tried* to report a flaw to a website I wasn't involved with commercially and been accused of "hacking" by a clueless sysadmin a few years back, even though I'd noticed the flaw going about my legit business, and had notified them rather than trying to exploit it further. And it was done for the guy to save face, and he was friends with their legal dept. Not a pleasant experience but not one that ended up as bad as it could have.
That taught me a harsh lesson, unless your under specific engagement contractually to test something, never ever ever try to be open and helpful and do full disclosure anything but anonymously as your exposing yourself to risk needlessly. I had a spate of reporting things anonymously via throw away email addresses set up after multi hopping through proxies and vpn's but Ive given it up as a completely bad job now. Why risk it at all? just wait for them to get p0wn3d by some kiddies and job done at no risk for me. Its not good internet citizenship but you cant be a good citizen with the policicization of internet security going on of late.
Secondly the actual sentence for what is in effect exposing a shitty api with no security is completely inappropriate. He didn't even have to circumvent any digital controls, which is the legal definition of hacking, just use the standard interface in the way anyone could on the public internet. If you loose that distinction I could put a webpage up with robots.txt set to deny listings by goog etc, and charge you with illegally accessing it as I dont want it public. AT&T should be in the dock for letting it go live and handle subscriber data in that state, not getting the feds to bash the finder over the head until he's out of sight.
So given the above, why am I torn? Because weev has been a pain in the ass to the internet for years and its certainly his karma catching him up. The GNAA, last measure, 4chan, ED and other things done solely to piss in everyone elses pool. I can't think of any good thing he's been involved with. He is part of the cancer that is destroying the internet.
Having said that, its the sick porn distributers and incomprehensible idiots we should be defending the strongest, justice shouldnt just be for the nice people on the net, so I hope the EFF etc step up to the plate regardless of his history which shouldnt come into this.
Torn torn torn, and not posting anon for a change.
Re: Adversity breeds ingenuity
To be honest, its always better to have a genny to hand if your off the beaten track a little.
We're about to enter the "extremely very cold" bit of winter here, and I have my little 1kw genny ready to run the central heating pumps for the wood burning heating system should it falter. A single bulb and the ability to stay warm while the leccy company takes a week to restring all the overline powerlines that fall down with the weight of snow is worth far more than you can measure in a simple cost of power vs fuel/generator calculation.
Future plans here include a 100kw 3 phase diesel backup genny on a skid off fleabay uk, because its really not cheaper to pay the higher tarrif long term for those few occasions we need more than 25kw 3phase...
Oh if you can get 3phase into your house but current limited, you'll have the fun "getting everything phase balanced" game, so the microwave isnt on the same phase as the washing machine etc. And if you dabble in home automation you too can find out how crap x10 3 phase filter units are (2 blown per year on average...)
Re: well thats a surprise
Give her the benefit of the doubt. We have a myth backend here with quad dvb-s feeds into it (this story reminds me of past battles with the radio times scrapers until I started picking up epg data from the dvb-s stream), and five front ends running on cheap fanless mini pc's from lidl's dotted around. My mrs and kids have their own frontends, and I regulary find my 4 year old has set some re-occuring record on justins house, or set the cbeebies christmas panto to not expire so they can torture us with it all year. In fact, I'd go so far as to say they know their way round the frontends + shortcuts etc far better than I do. They have to, we have no off the air capability apart from the myth backend.
The only time it ever needs any attention is when the tbs card locks all its tuners up and won't recover until its power cycled every two months or so. Mind you, I'm still on the last but one major version, don't want to live on the edge with something requiring WAF as much as tv...
And there you have the failing of nano. If you are a proficient vi/vim user, and someone installs nano in its place because they find it easier for noobs, its like trying to work with a azerty keyboard in place of a qwerty. You can mostly drive it, but you have to keep looking at the keystrokes which slows you down considerably.
Nano with vi keystroke compatibility mode, I'd go for that, but in the meantime its back to resetting the default editor to vim on everything tainted thus...
Re: "RAR extraction, an archiving option popular in the Windows world"
You say that zip is a supported format but I unboxed a new pc (lenovo q180) with windows7 professional preinstalled yesterday (it was cheaper than buying the no os option due to a deal... :/ ), and playing with it and opening a zip file I was shocked to discover that win7 *DOESNT* come with something that can handle .zip natively, and went on to suggest I give $39 to winzip for their program. Er.... No, Ive got a better solution to not much in the way of functionality out the box, and at the moment gnome is compiling on its fresh shiny new gentoo install...
Re: @Chris Miller
Upvoted because the four times I've encountered f**ktards going the wrong way around a roundabout while on my motorbike, its been near a airport, and when I flagged the driver down, they were all americans in hire cars.
How the hell you manage to go the wrong way when the approach ducts you into the correct direction I do not know...
I get that sense of pucker now approaching roundabouts near airports...
Re: If a HAM radio enthusiast
The interference doesn't radiate out the walls and get attenuated by the stone walls, it goes along the powerline which runs outside the building and into free space.
Ive got a stone house, I also flood wired it with cat5 when I was having it wired. I can also sniff my neighbors wifi through three 60cm thick stone walls and 20m of free space...
Ive also used X10 in the past using powerline, and it was bad enough without half the world bladdering the local spectrum with PLA devices, and we had whole house filters on the mains input and individual filters on devices.
For years, if radio equipment caused interference or distress, a man with a suitcase came from the DTI and shut it down. Now, they get a bye because some people think they need the functionality?
Surely the PLA devices need a kick up the arse to improve their filtration, so they dont cause this issue. That way all the people who absolutely can't touch their stone walls still get working pla, and the manufacturers get to keep manufacturing without killing the rest of the radio spectrum. But that will require a strong regulator, to say "no this equipment does not confirm, please go away and re-engineer it" and the manufacturers to invest the extra technical resource to do so.
Stop trolling, I can't remember the last time a distro that didnt pop up a dialogue box asking me what I wanted to do with the media on the cd/usb stick/phone etc on insertion of the appropriate plug.
Since fedora was fedora core? wtf, Autoplay on media insertion has been in there since it was Redhat linux, long before they span off the fedora wing. It even works on my gentoo boxes...
Maybe you might look that the new millenium has started, and perhaps the slackware floppies you use as install candidates might be a bit out of date?
Yeah whats the threat behind adding a printer to print off a few documents?
Actually its a real one, your looking at it from the printer attacking the device (lets not stray off into idlescan territory here but yes Im aware of that too). Your document is in the buffer of that printer, which in the case of a networked one could quite happily be storing/sending off to a 3rd party your confidential document you just printed on it. Of course you wouldn't expect your salesforce bods to know/be aware of this leakage vector, but then thats why you lock it down to require a password and control access to it in a business environment. Quite a few companies Ive worked for mandate no 3rd party printers for this reason and its a disciplinary offence to print to a unauthorized device.
I stayed in a posh hotel in prague once (honeymoon!) and there was a tech conference in town. We nipped on the shared business pc's to browse a few news sites, and on the print server was a stuck job, which was a spreadsheet containing names/addresses/telephone numbers and other personal details of all the leaders and shakers in the tech conference (which came out after we removed the paper jam...) Salespeople are good at selling and mostly fail at security. Its a good job we're good at security even if we're mostly fail at selling and marketing. We each bring something unique to the table, and both are essential to the other, and mostly when security looks like we're being annoying to the layperson, we've got good reason..
Re: Re: Re: Re: Oh yes, that's the car for me!
Its a surge tank to prevent fuel surge on hard cornering stopping the fuel pump sucking air mid g forces, not a emergency measure. It has 5l of fuel in it to de-aeriate it also.
When the fuel in the tank has run out, you have effectively ran it dry, regardless of what residual fuel is left in the system. And shock horror, running it dry means you have to bleed the air out of it, just like lots of things both petrol and diesel since gas (as in gaseous, not fuel) doesnt pump very well.
Stick to IT. Or maybe your mcse...
What your missing, is there was a linux port to ipaq called familiar linux, and while that may have been niche and long dead, a lot of good ideas and projects kicking round the embedded world grew out of that or were uplifted by its needs. Gpe and opie wm for one.. Im sure that expertise and lessons learned went onto webos in the early days.
Most of the work on famiiar was by a few guys at HP's Labs, who were gifted time to the project by HP themselves, and there was a build cluster also supplied gratis by HP. I remember the huge amount of work contributed by Jamie of HP Labs who drove the pace of progress like mad.
Oh and a guy from europe caused loads of hassle on the mailing lists and eventually everyone fell out just when it was bearing fruit, and someone threw their toys out and sat on the domain etc, it was almost like certain individuals were against the whole thing because someone could see potential in what was being done right back there. What was his name now... Florian something or other. Might have been Florian Mueller...
I hope webOs goes on, giving us all more choice in the tablet market. Android is a secret walled monitored garden, IOS is a public monitored walled garden, and real linux on tablets is still very niche and in its infancy (kudos to Archos for their gpl compliance though!)
old news is bad news in this case
Idlescan. The average printer IP stack is completely sequential, therefore if you can route to one and connect to it, then spoof a packet from it to a host abusing the trusted relationship network admins establish with printers, then re-connect the print server, you can see if the host responded to its trusted friendly printer by looking at the pid of the packet. Theres no emphasis on bringing it into current random packet pid's because, well, its just a printer right? wrong...
You can map out entire network topologies with ease using this technique. nmap even has it as a scan mode , nmap -sI on the latest versions.
Fyodor as usual has a great write up of it :-
hmmm i wonder
Does this mean Ill finally have to stop starting a default install window manager, opening up a terminal or ctl-alt-f1'ing to one and running screen with vi sessions etc for everything?
Joking aside (although most days I end up with screens full of terminals dotted round my desktop with gdb or top, tcpdump etc running in them) enlightenment e17 is pretty cool day to day for me as the UI just ends up as a entity to cater for my underlying terminal access and shortcut keys with a media player in somewhere to justify running a wm, but Ill try gnome3 on gentoo as the ebuild for it has been put in a special gentoo gnome3 overlay, and if I don't like it Ill go back to gnome2 or e17 or whatever else tickles my fancy.
I could be the sort of terminal fiend its aimed at, I for one lament the features removed out of wm's to make them more friendly for "normal users" (yeah I know I can hack the ctl alt backspace back into xorg every install, which I do) so the signs everyone is whinging about lack of buttons and dropdowns suggests I might just be their target market ;)
I like the gentoo way, try it if you like it keep using it. With Fedora I always got the feeling I was there as rh's pet guinea pig beta testers too.
My applause to the gnome guys for at least trying something new. Try it, dont like it move on, like it keep using it. Its a freedom of choice thing you know?
Vic, you need to direct your venom at autocad, not a linux distro. Theyre the people who are ignoring the entire *nix target market base.
Raise a glass
Ill raise a glass to a old friend tomorrow, we'll fire up my zx81 and 16k rampack and play mazogs on the big projector for a laugh. Ive already introduced my 6yo to basic on it in the past, although we mostly use a emulator running on a xbox out of respect for fragile aging hardware.
j shifted p shifted p day it is ;)
What was really the spirit of the age was opening the thing up to add stuff. I remember a book called the explorers guide to the zx81 touting adding ram over the udg roms so you could have definable ascii, currah keyboards (although we rolled our own from a ancient industrial keyboard that we had to make the matrix to suit ourselves, being poor) and lots of other general vandal soldering activities. In fact my current zx81 was picked up a few years ago pristine because my original had long since died spewing kynar hookup from multiple places in the quest for comprehension and tinkery. Its spirit of mad hardware hackery lived on, they can't teach that with a degree ;)
meanwhile back in the real world
meanwhile back in the real world, none of the above happens.
My 3 yo has made a few flights to the uk when we have been abroad with his nanna, who had a letter detailing the above. Never on any occasion has she ever been asked for it.
Meanwhile we've drove the chunnel and ferries maybe 20-30 times since they arrived, rarely with more than one parent onboard and the same story.
Nice theory, but that's all it is.
I was really elated, eCrime actually catch botnet master. Until right at the end the old adage sprang up. Only the stupid get caught.
What a complete amateur, using a server registered to himself, with the same traceable emails and a gmail email addy, ONSHORE in the uk.
He didnt put one in the eCrime unit in the article, he had one at a hospital that the sysadmin's traced back to the fasthosts, or thats at least how I read it.
If he had of compromised the eCrime network, id have had to tip my hat in slight distasteful respect at the balls but he didnt.
For the leniency, its about intent. He KNEW 100000% he was being lowlife scum, he went about it every day planning and scheming. Over a long period. Most assaults with short sentances are heat of the moment incidents, otherwise it becomes 10+ years for premeditated manslaughter or the like... Jail him with nothing more sophisticated than a red led commodore calculator and leave him to rot there...
The title box is a load of cōleī
Strip clubs are for end of contract pishups, first somewhere pc for everyone then the boys onward to the lapdancing outfit when pished, where you can all be naughty within limits, but not wake up with some or something unfortunate/blackmail photos etc.
Been there got the tee, and my mrs asked them to take me there to "get me ready and prepped to fly home, but in a controlled way"!
Goodbye and fairwell
Goodbye old friend youve "served" us well and saved us from IIS and the oracle web server (am I the only one who remembers that and its amazing perl cartridge stability (sarcasm...).)
Ill raise a glass of beer for you tonight.
I can hear the sound of some embedded os people spluttering in the distance mind :)
Pearoast for the photocomp of the week? (B3ta...)
You was sounding quite plausable there, until you mentioned his 180mph stunt was on a harley...
Was that 180mph between crank rebuilds or had they thrown it off the side of a cliff at the time?
failing memories :)
Bouncing? sca was a simple fade up of a single colour font, mostly so they could fit it all into the bootblock without crunching. Refresh the old cells here :-
Another one still with one
Started off with a A500 v1.2, one of the first batch in the uk of the german ones, and took to it like a duck to water while struggling with my c64 and assembler, straight in, write data straight to the chipset, trap the vb blanking interrupt ($0005c I think from memory) and sit in a loop doing something while watching for a btst #6,$bfe001 to register a 1 indicating someone pressed the left mouse button and all those lovely longword and word capable instructions, what a revelation! Lovely chipset to program for, copper and blitter just topped it off (and you could use the blitter to reprogram the copper and other funkyness they never really expected people to do). Had my fingers in some then bleedy edge games stuff and met a lot of demo sceners...
The memory allocation protection, well, there weren't such a thing as viruses until the SCA released their little wonder, they were more innocent times for sure...
Still got a scsi'd up A2000 with scsi cdrw/hd/tape drive/8086 bridgeboard card, flicker fixer with vga output and 11M of chip/fast ram. Its just for nostalgia, my days of software development on it are long since over, but I too raise a glass to the old girl and all that she's made possible.
For the cloanto prosecuting people, they say that to stop commercial exploitation of the roms and other people selling "emulator packages", rather than a bod in their bedroom finding adf's of it on the net etc. Its my experience you will have no problem finding the boot roms on the net for eg on the ever useful bootdisk.org etc.
Im with everyone else on commodore wrecking it through pure greed, what the hell were they on. I definately dont miss the days of getting my wallet emptied for months for a interface card, or any peripheral I wanted. They just saw us as a captive market once we'd bought the base box, and decided to milk us for every penny. And if you check the amiga specialist retailers still going, theyre still bleeding everyone for catweasels and buddah ide cards etc...
- Geek's Guide to Britain INSIDE GCHQ: Welcome to Cheltenham's cottage industry
- 'Catastrophic failure' of 3D-printed gun in Oz Police test
- Game Theory Is the next-gen console war already One?
- Apple cored: Samsung sells 10 million Galaxy S4 in a month
- BBC suspends CTO after it wastes £100m on doomed IT system