41 posts • joined 6 Jul 2009
Maybe he's been downvoted because some people understand all the child process called by the "good" script have to be not running bash as the variables persist onto the child processes even if its ignored and not interpreted by the parent shell so you need to audit not only the parent but all its children, then its children's children ad nauseum, and people haven't had time to audit their entire distribution before nipping the shops for a sarnie at lunchtime instead of applying a yum/apt-get/emerge bash like is being recommended in multiple places.
Just patch it, its a one liner on linux, solaris its a bit of a shit because of the patch cluster issue if the box is behind on clusters due to "commercial pressures" and "development cycles" and whatever other guff has been trotted out as a cost saving excuse, but we'll get through it while all the hardcore solaris guys shout about what linuxifcation has done and this would never have happened back in 2.6 days and for embedded devices pester the snot out your vendors.
Re: I use OpenVPN and auth-user-pass-verify....
ls -l /bin/sh :-)
The good bit is you've patched bash unlike a few of the osteriches around here. Hopefully two or three times now :-)
Re: auth-user-pass-verify Option
Thousands of people who have bought a "privacy vpn" use passwords, because thats the only manageable way of tracking the userbase for some offshore vpn provider. And as you don't control the vpn server, you can't enforce authentication by certs. Which is why I had to patch my openvpn to put the option back in because I didn't want to have a shell script to handle credentials (well actually I put my shared secrets in a included file and made it 400 and owned by root but thats not directly related)
As above, meanwhile in the real world, yes quite likely.
Re: It is no surprise.
Not the OP, but do you not have google while your trolling the (non) troll?
What a fantastic example of search engine comparison results also. Or at least for me, its like googling for tianamen square on google.cn :) :-
I have a xbox 360, wondered why it wouldnt save the game last night. As I've never paid them a bean, my reaction is limited to a MEH.
Re: Shocker !
The fake works properly on linux based browsers!
Do you work in finance perchance?
How many of you b*stards out there in el regoland have sent Alistar a linked in request after seeing this article :D
There's no doubt the French undertake some kind of surveilance. I ran a unix server on a fixed IP in France at one of my houses there, and I was continually seeing ssh brute force attempts even about 8 years ago. Then, after moving it to a high port, I got a single entity repeatedly portscanning it during working hours and probing the high numbered ssh port, which didnt respond as was running a knock daemon. At one point the ip testing got some of the port sequence to get it to open but it was running keys only login etc so wouldnt have done them that much good but someone was obviously looking at packet dumps to see the knock sequence etc and slowly figuring it out.
Curious at a rather technically skilled attempt, I traced it back to a group I knew about by name. So I dug until I got hold of a email address connected that I could cross reference to the source IP, and lets say it was a more official address than I was expecting.
I fired off a cheeky mail saying thanks for the scan but please can you stop scanning me now as I'm happy everything is secure and got back some cheesy reply how they were just auditing fixed ip's in France to help people from external attacks due to insecure services and there's nothing to worry about. And the next day the scans stopped dead.
Its nothing that I haven't seen in the UK, but I've never traced a uk scan back to a official entity yet...
Re: I signed up for it once
I actually opened a google+ account very early on and was experimenting with hangouts and things then the automated real name scanning algo crap came out and they suspended my account. I started the hoop jumping then gave up as its about as big brother forced as it gets. So if you want to borrow my rusty screwdriver your welcome.
They probably still count me in the stats though. Lies, damn lies and stats eh?
I really like the PI and we have a few of them. We were watching streamed hdmi feeds from my mythbackend running xbmc with the mythpvr connector, something even my low end atom's cant managed the other night (atlantis in hd). Granted its the one with a usb key as the disk instead of a sd card, the sd only ones can only manage sd content and I should probably add some more heatsinking for that level of abuse. We have one doing 24/7 duty as our home automation computer also.
It only has one major downfall as far as I'm concerned, the ability to corrupt some sd cards when power cycled, but this can be mitigated with certain types of card. I just dd a new image on when they get corrupted and away it goes. Some of the cards seem immune to corruption though, I have found older smaller capacity cards are better in this respect.
I bought the first solely with the intention of putting it on my lad's bedroom tv as a mythfrontend this coming xmas, and give him general computer use in there with a usb wireless kb etc. He has a android laptop, but all that leads to is being stuck in xyzville and playing facebook games in a closed ecosystem...
We've already had a tinker with basic (running on a genuine zx81 out of my weird old computer collection no less) and he's eager to tinker. Ideal for the job I'd say! And when he messes it up, five minutes and two dd's later, it'll be back to working.
Will he grow up a programmer? god I hope not. I hope he does something that can't be done remotely in india therefore stands a chance of having a career and a future...
The esprit is just a fibreglass cover over a X form frame, pretty adaptable for projects like this.
Making the body watertight and strengthening it to cope with the pressures is do-able for a man of his resources, and sealing up the drivetrain also.
The layout of the esprit lends itself to this too, its rear/mid engine means adapting a different transaxle that can be sealed is easier, and plenty of battery root around the engine bay to replace the exploding super leaky petrol tanks. As for damaging a icon, pass me the hacksaw, I'll make the first cuts for you :)
I owned a fire damaged esprit for 3 days after a cheeky £25 ebay bid won it, I bought it for the adaptable running gear (which I still have, underneath my nova kitcar bodyshell with a rover v8 and renault un1 transaxle), and we were amazed at how easy it was to detach the shell complete, which I'd sold on to a lotus dealer covering all of my costs to purchase the car with.
All power to mr musk, I wish I had the resources to play with interesting stuff like he does.
/dev/null please :)
Twitter is useful, long may it continue, my house tweets me when it starts raining. If you think thats useless, wait till you are in good books for saving the mrs washing from getting wet due to your technology, or dont have to endure a evening of your house smelling of wet dog...
I could add some config to let incoming tweets change the tv channel, but then my entire stack is opensource so flexible...
If the brainded masses stopped supporting twitter, I'd have to start checking emails, or getting im's from the house instead!
I'm looking at my Pi right now running the freedomotic framework, with backend duties being taken care of by a pair of Denkovi ethernet relay and aquisition switches sat on the end of a pair of ethernet cables with power by POE.
Once the local electrical inspectors pass my house so it can have a electricity meter (hopefully tomorrow), I'll be swapping these into the lighting circuits and replacing my switches with momentary ones plugged into the digital inputs on them. Interestingly when we rewired, we ran ethernet to empty boxes adjacent to the 3 lighting junction boxes covering the whole house...
Sheild? we dont need no steenkin shield, pi just does framework stuff, leaving the switching down to the relay controllers, that way its local to the boards and lightning fast (painful memories of x10 in this regard...) but the home automation computer (the pi) will still be aware of whats going on and able to switch it too . Remote control of the framework at the moment is a webserver based frontend, some java applet local to the pi or an android client.
Very cool. My first exposure to the inside of computers and using them as more than a black box was at a local computer club, where a older member called Jerry had a kit built Nascom2. I was fascinated that one week he'd slide in a new card and do a graphic of a pixel bloke running, another something else. It was housed in this old tv case. It led me to build a keyboard from scratch for my then brand new zx81, add ram to shunt the char rom into ram so it could be edited, and all sorts of other nasty hacks which were incredibly educational.
Much later on I found he'd swapped it for a telephone answering machine for his business, I'd have loved to have owned it, it'd be set up next to my amiga and things in the second office :(
I still warm a soldering iron up and tinker with embedded stuff now and again for fun.
Well, Im sort of torn on this one, firstly unlike a lot of the preaching types here, I've *tried* to report a flaw to a website I wasn't involved with commercially and been accused of "hacking" by a clueless sysadmin a few years back, even though I'd noticed the flaw going about my legit business, and had notified them rather than trying to exploit it further. And it was done for the guy to save face, and he was friends with their legal dept. Not a pleasant experience but not one that ended up as bad as it could have.
That taught me a harsh lesson, unless your under specific engagement contractually to test something, never ever ever try to be open and helpful and do full disclosure anything but anonymously as your exposing yourself to risk needlessly. I had a spate of reporting things anonymously via throw away email addresses set up after multi hopping through proxies and vpn's but Ive given it up as a completely bad job now. Why risk it at all? just wait for them to get p0wn3d by some kiddies and job done at no risk for me. Its not good internet citizenship but you cant be a good citizen with the policicization of internet security going on of late.
Secondly the actual sentence for what is in effect exposing a shitty api with no security is completely inappropriate. He didn't even have to circumvent any digital controls, which is the legal definition of hacking, just use the standard interface in the way anyone could on the public internet. If you loose that distinction I could put a webpage up with robots.txt set to deny listings by goog etc, and charge you with illegally accessing it as I dont want it public. AT&T should be in the dock for letting it go live and handle subscriber data in that state, not getting the feds to bash the finder over the head until he's out of sight.
So given the above, why am I torn? Because weev has been a pain in the ass to the internet for years and its certainly his karma catching him up. The GNAA, last measure, 4chan, ED and other things done solely to piss in everyone elses pool. I can't think of any good thing he's been involved with. He is part of the cancer that is destroying the internet.
Having said that, its the sick porn distributers and incomprehensible idiots we should be defending the strongest, justice shouldnt just be for the nice people on the net, so I hope the EFF etc step up to the plate regardless of his history which shouldnt come into this.
Torn torn torn, and not posting anon for a change.
Re: Adversity breeds ingenuity
To be honest, its always better to have a genny to hand if your off the beaten track a little.
We're about to enter the "extremely very cold" bit of winter here, and I have my little 1kw genny ready to run the central heating pumps for the wood burning heating system should it falter. A single bulb and the ability to stay warm while the leccy company takes a week to restring all the overline powerlines that fall down with the weight of snow is worth far more than you can measure in a simple cost of power vs fuel/generator calculation.
Future plans here include a 100kw 3 phase diesel backup genny on a skid off fleabay uk, because its really not cheaper to pay the higher tarrif long term for those few occasions we need more than 25kw 3phase...
Oh if you can get 3phase into your house but current limited, you'll have the fun "getting everything phase balanced" game, so the microwave isnt on the same phase as the washing machine etc. And if you dabble in home automation you too can find out how crap x10 3 phase filter units are (2 blown per year on average...)
The disconnect is that is the OEM selling price, not their sticker price which would be considerably lower. Hence their disputation of the amounts in the court documents.
Re: well thats a surprise
Give her the benefit of the doubt. We have a myth backend here with quad dvb-s feeds into it (this story reminds me of past battles with the radio times scrapers until I started picking up epg data from the dvb-s stream), and five front ends running on cheap fanless mini pc's from lidl's dotted around. My mrs and kids have their own frontends, and I regulary find my 4 year old has set some re-occuring record on justins house, or set the cbeebies christmas panto to not expire so they can torture us with it all year. In fact, I'd go so far as to say they know their way round the frontends + shortcuts etc far better than I do. They have to, we have no off the air capability apart from the myth backend.
The only time it ever needs any attention is when the tbs card locks all its tuners up and won't recover until its power cycled every two months or so. Mind you, I'm still on the last but one major version, don't want to live on the edge with something requiring WAF as much as tv...
And there you have the failing of nano. If you are a proficient vi/vim user, and someone installs nano in its place because they find it easier for noobs, its like trying to work with a azerty keyboard in place of a qwerty. You can mostly drive it, but you have to keep looking at the keystrokes which slows you down considerably.
Nano with vi keystroke compatibility mode, I'd go for that, but in the meantime its back to resetting the default editor to vim on everything tainted thus...
Re: "RAR extraction, an archiving option popular in the Windows world"
You say that zip is a supported format but I unboxed a new pc (lenovo q180) with windows7 professional preinstalled yesterday (it was cheaper than buying the no os option due to a deal... :/ ), and playing with it and opening a zip file I was shocked to discover that win7 *DOESNT* come with something that can handle .zip natively, and went on to suggest I give $39 to winzip for their program. Er.... No, Ive got a better solution to not much in the way of functionality out the box, and at the moment gnome is compiling on its fresh shiny new gentoo install...
Re: Only screenshot program?
Gnome appears to honour print screen out the box too. And thats under my very stripped down gentoo build...
Re: @Chris Miller
Upvoted because the four times I've encountered f**ktards going the wrong way around a roundabout while on my motorbike, its been near a airport, and when I flagged the driver down, they were all americans in hire cars.
How the hell you manage to go the wrong way when the approach ducts you into the correct direction I do not know...
I get that sense of pucker now approaching roundabouts near airports...
Re: If a HAM radio enthusiast
The interference doesn't radiate out the walls and get attenuated by the stone walls, it goes along the powerline which runs outside the building and into free space.
Ive got a stone house, I also flood wired it with cat5 when I was having it wired. I can also sniff my neighbors wifi through three 60cm thick stone walls and 20m of free space...
Ive also used X10 in the past using powerline, and it was bad enough without half the world bladdering the local spectrum with PLA devices, and we had whole house filters on the mains input and individual filters on devices.
For years, if radio equipment caused interference or distress, a man with a suitcase came from the DTI and shut it down. Now, they get a bye because some people think they need the functionality?
Surely the PLA devices need a kick up the arse to improve their filtration, so they dont cause this issue. That way all the people who absolutely can't touch their stone walls still get working pla, and the manufacturers get to keep manufacturing without killing the rest of the radio spectrum. But that will require a strong regulator, to say "no this equipment does not confirm, please go away and re-engineer it" and the manufacturers to invest the extra technical resource to do so.
Stop trolling, I can't remember the last time a distro that didnt pop up a dialogue box asking me what I wanted to do with the media on the cd/usb stick/phone etc on insertion of the appropriate plug.
Since fedora was fedora core? wtf, Autoplay on media insertion has been in there since it was Redhat linux, long before they span off the fedora wing. It even works on my gentoo boxes...
Maybe you might look that the new millenium has started, and perhaps the slackware floppies you use as install candidates might be a bit out of date?
Yeah whats the threat behind adding a printer to print off a few documents?
Actually its a real one, your looking at it from the printer attacking the device (lets not stray off into idlescan territory here but yes Im aware of that too). Your document is in the buffer of that printer, which in the case of a networked one could quite happily be storing/sending off to a 3rd party your confidential document you just printed on it. Of course you wouldn't expect your salesforce bods to know/be aware of this leakage vector, but then thats why you lock it down to require a password and control access to it in a business environment. Quite a few companies Ive worked for mandate no 3rd party printers for this reason and its a disciplinary offence to print to a unauthorized device.
I stayed in a posh hotel in prague once (honeymoon!) and there was a tech conference in town. We nipped on the shared business pc's to browse a few news sites, and on the print server was a stuck job, which was a spreadsheet containing names/addresses/telephone numbers and other personal details of all the leaders and shakers in the tech conference (which came out after we removed the paper jam...) Salespeople are good at selling and mostly fail at security. Its a good job we're good at security even if we're mostly fail at selling and marketing. We each bring something unique to the table, and both are essential to the other, and mostly when security looks like we're being annoying to the layperson, we've got good reason..
Re: Re: Re: Re: Oh yes, that's the car for me!
Its a surge tank to prevent fuel surge on hard cornering stopping the fuel pump sucking air mid g forces, not a emergency measure. It has 5l of fuel in it to de-aeriate it also.
When the fuel in the tank has run out, you have effectively ran it dry, regardless of what residual fuel is left in the system. And shock horror, running it dry means you have to bleed the air out of it, just like lots of things both petrol and diesel since gas (as in gaseous, not fuel) doesnt pump very well.
Stick to IT. Or maybe your mcse...
What your missing, is there was a linux port to ipaq called familiar linux, and while that may have been niche and long dead, a lot of good ideas and projects kicking round the embedded world grew out of that or were uplifted by its needs. Gpe and opie wm for one.. Im sure that expertise and lessons learned went onto webos in the early days.
Most of the work on famiiar was by a few guys at HP's Labs, who were gifted time to the project by HP themselves, and there was a build cluster also supplied gratis by HP. I remember the huge amount of work contributed by Jamie of HP Labs who drove the pace of progress like mad.
Oh and a guy from europe caused loads of hassle on the mailing lists and eventually everyone fell out just when it was bearing fruit, and someone threw their toys out and sat on the domain etc, it was almost like certain individuals were against the whole thing because someone could see potential in what was being done right back there. What was his name now... Florian something or other. Might have been Florian Mueller...
I hope webOs goes on, giving us all more choice in the tablet market. Android is a secret walled monitored garden, IOS is a public monitored walled garden, and real linux on tablets is still very niche and in its infancy (kudos to Archos for their gpl compliance though!)
old news is bad news in this case
Idlescan. The average printer IP stack is completely sequential, therefore if you can route to one and connect to it, then spoof a packet from it to a host abusing the trusted relationship network admins establish with printers, then re-connect the print server, you can see if the host responded to its trusted friendly printer by looking at the pid of the packet. Theres no emphasis on bringing it into current random packet pid's because, well, its just a printer right? wrong...
You can map out entire network topologies with ease using this technique. nmap even has it as a scan mode , nmap -sI on the latest versions.
Fyodor as usual has a great write up of it :-
hmmm i wonder
Does this mean Ill finally have to stop starting a default install window manager, opening up a terminal or ctl-alt-f1'ing to one and running screen with vi sessions etc for everything?
Joking aside (although most days I end up with screens full of terminals dotted round my desktop with gdb or top, tcpdump etc running in them) enlightenment e17 is pretty cool day to day for me as the UI just ends up as a entity to cater for my underlying terminal access and shortcut keys with a media player in somewhere to justify running a wm, but Ill try gnome3 on gentoo as the ebuild for it has been put in a special gentoo gnome3 overlay, and if I don't like it Ill go back to gnome2 or e17 or whatever else tickles my fancy.
I could be the sort of terminal fiend its aimed at, I for one lament the features removed out of wm's to make them more friendly for "normal users" (yeah I know I can hack the ctl alt backspace back into xorg every install, which I do) so the signs everyone is whinging about lack of buttons and dropdowns suggests I might just be their target market ;)
I like the gentoo way, try it if you like it keep using it. With Fedora I always got the feeling I was there as rh's pet guinea pig beta testers too.
My applause to the gnome guys for at least trying something new. Try it, dont like it move on, like it keep using it. Its a freedom of choice thing you know?
Vic, you need to direct your venom at autocad, not a linux distro. Theyre the people who are ignoring the entire *nix target market base.
Raise a glass
Ill raise a glass to a old friend tomorrow, we'll fire up my zx81 and 16k rampack and play mazogs on the big projector for a laugh. Ive already introduced my 6yo to basic on it in the past, although we mostly use a emulator running on a xbox out of respect for fragile aging hardware.
j shifted p shifted p day it is ;)
What was really the spirit of the age was opening the thing up to add stuff. I remember a book called the explorers guide to the zx81 touting adding ram over the udg roms so you could have definable ascii, currah keyboards (although we rolled our own from a ancient industrial keyboard that we had to make the matrix to suit ourselves, being poor) and lots of other general vandal soldering activities. In fact my current zx81 was picked up a few years ago pristine because my original had long since died spewing kynar hookup from multiple places in the quest for comprehension and tinkery. Its spirit of mad hardware hackery lived on, they can't teach that with a degree ;)
meanwhile back in the real world
meanwhile back in the real world, none of the above happens.
My 3 yo has made a few flights to the uk when we have been abroad with his nanna, who had a letter detailing the above. Never on any occasion has she ever been asked for it.
Meanwhile we've drove the chunnel and ferries maybe 20-30 times since they arrived, rarely with more than one parent onboard and the same story.
Nice theory, but that's all it is.
I was really elated, eCrime actually catch botnet master. Until right at the end the old adage sprang up. Only the stupid get caught.
What a complete amateur, using a server registered to himself, with the same traceable emails and a gmail email addy, ONSHORE in the uk.
He didnt put one in the eCrime unit in the article, he had one at a hospital that the sysadmin's traced back to the fasthosts, or thats at least how I read it.
If he had of compromised the eCrime network, id have had to tip my hat in slight distasteful respect at the balls but he didnt.
For the leniency, its about intent. He KNEW 100000% he was being lowlife scum, he went about it every day planning and scheming. Over a long period. Most assaults with short sentances are heat of the moment incidents, otherwise it becomes 10+ years for premeditated manslaughter or the like... Jail him with nothing more sophisticated than a red led commodore calculator and leave him to rot there...
The title box is a load of cōleī
Strip clubs are for end of contract pishups, first somewhere pc for everyone then the boys onward to the lapdancing outfit when pished, where you can all be naughty within limits, but not wake up with some or something unfortunate/blackmail photos etc.
Been there got the tee, and my mrs asked them to take me there to "get me ready and prepped to fly home, but in a controlled way"!
Goodbye and fairwell
Goodbye old friend youve "served" us well and saved us from IIS and the oracle web server (am I the only one who remembers that and its amazing perl cartridge stability (sarcasm...).)
Ill raise a glass of beer for you tonight.
I can hear the sound of some embedded os people spluttering in the distance mind :)
Pearoast for the photocomp of the week? (B3ta...)
Small and compiled with only what you need? Gentoo (he says recompiling the kernel on his gentoo xbox...
You was sounding quite plausable there, until you mentioned his 180mph stunt was on a harley...
Was that 180mph between crank rebuilds or had they thrown it off the side of a cliff at the time?
The meaning of life (and death)
It should simply say "42" on the business side.
There might be a few less hhgttg fans around but its a small price to pay for coolness..
failing memories :)
Bouncing? sca was a simple fade up of a single colour font, mostly so they could fit it all into the bootblock without crunching. Refresh the old cells here :-
Another one still with one
Started off with a A500 v1.2, one of the first batch in the uk of the german ones, and took to it like a duck to water while struggling with my c64 and assembler, straight in, write data straight to the chipset, trap the vb blanking interrupt ($0005c I think from memory) and sit in a loop doing something while watching for a btst #6,$bfe001 to register a 1 indicating someone pressed the left mouse button and all those lovely longword and word capable instructions, what a revelation! Lovely chipset to program for, copper and blitter just topped it off (and you could use the blitter to reprogram the copper and other funkyness they never really expected people to do). Had my fingers in some then bleedy edge games stuff and met a lot of demo sceners...
The memory allocation protection, well, there weren't such a thing as viruses until the SCA released their little wonder, they were more innocent times for sure...
Still got a scsi'd up A2000 with scsi cdrw/hd/tape drive/8086 bridgeboard card, flicker fixer with vga output and 11M of chip/fast ram. Its just for nostalgia, my days of software development on it are long since over, but I too raise a glass to the old girl and all that she's made possible.
For the cloanto prosecuting people, they say that to stop commercial exploitation of the roms and other people selling "emulator packages", rather than a bod in their bedroom finding adf's of it on the net etc. Its my experience you will have no problem finding the boot roms on the net for eg on the ever useful bootdisk.org etc.
Im with everyone else on commodore wrecking it through pure greed, what the hell were they on. I definately dont miss the days of getting my wallet emptied for months for a interface card, or any peripheral I wanted. They just saw us as a captive market once we'd bought the base box, and decided to milk us for every penny. And if you check the amiga specialist retailers still going, theyre still bleeding everyone for catweasels and buddah ide cards etc...
- YARR! Pirates walk the plank: DMCA magnets sink in Google results
- Pics Whisper tracks its users. So we tracked down its LA office. This is what happened next
- Review Xperia Z3: Crikey, Sony – ANOTHER flagship phondleslab?
- Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
- Human spacecraft dodge COMET CHUNKS pelting off Mars