Domain: astalavista.com
Stories and comments across the archive that link to astalavista.com.
Comments · 19
-
Re:Use Adblock with my subscription...Look, consider this constructive criticism, blunt though it is: Your site sucks. If you've invested money in it, perhaps you ought to fix it?
This has nothing to do with the sites of the people who criticized you and everything to do with your site. Responding to criticism of one site with criticism of another site or poster is either a completely nonsensical response, or an ad-hominem attack.
This is my user experience on an average "blog" website(that of the GP):calum.org
The first thing I notice is that the colour scheme. It's well-designed aesthetically(though very bright), but it is low-contrast; it's not very easy to read the blue/grey text on a bluish background. Furthermore, the design makes presumptions about font size and so breaks for me with my default font size(I'm myopic and I like to read the screen from a distance).
Still, I allow my eyes a few moments to adjust to the colours, lower the font size(moving closer to the screen) and move on.
I'm easily able to subconsciously identify the main elements of the screen: a menu on the top, a bit of info on the left, a login pane on the right, and the familiar list of blog posts in the middle.
After a few seconds, I've identified what this site is(a personal blog) and how I can use it("Read more" links and "Add comment" links). I'm comfortable enough with the layout to use it.Now, this is my brain on your site:
First thought: as the other mentions, the colour scheme is frankly reminiscent of a "shady" site. (By this I mean an "underground" site - such as those used in the field of software piracy before it became cool. Irrational though it may be, my second thought is that I'm in agreement with the guy who said he wouldn't install anything from that sort of site. (Frankly, I didn't even want to enable Javascript.)
Of course, the second visual impression is the huge box which tries to force me("This message will not disapear [sic] until...") to enable scripting. I don't, because this site has already demonstrated that it's willing to annoy me, and I know there are plenty of opportunities for further annoyance if I enable JavaScript. (By the way, I'm used to NoScript: if your menu links don't work without JavaScript, I don't get mad as hell and won't take it anymore and bother you about it, I enable JavaScript temporarily to make it work, as long as the site looks reasonably trustworthy. A non-intrusive, informative message helps(it especially would if I wasn't already familiar with the situation); an attempt at forcing me is counter-productive.)
Now, I get to admire the site from afar. There's a garish purple "smoke" background graphic which makes the header text hard to read. The text is high-contrast, but the colour choices are, as mentioned, positively offensive.
There's mention of music: boy are you glad I had NoScript enabled, or this would be a lot more negative. I do not want music to play in my web browser without my explicit consent, and I suspect no-one else has appreciated this trick in the last seven years.)
First impressions are over: this is the point where I'd leave the site in disgust(and did, before I decided to go back and post a more thorough review to explain the point of view of the other commenters). I've failed to understand what the website is for(my best guess at this point is "something drug-related" due to the psychedelic experience), and I have absolutely no desire to interact further with it.
Instead, I come back and turn my attention to the menu on the right. Scratch that, that's not actually a menu; it's a collection of random web-related things. (The most useless, apart from the ever-hopeful webmaster's suggestion that I donate money (up to 5,000 USD) to the creator of this monstrosity, is the ability to validate the pag -
The spanish (or chinese, or american) inquisition
-
Re:Makes sense to meI can think of about 3 ways of doing it so that breaking it would be the equivalent of breaking EAS or RSA.
Not that I disagree - but if it's so trivial why are cracks commonly available?. I've often wondered.
-
Cracking Password With Only Physical Access
astalavista carries Cracking Password With Only Physical Access (pdf) for both windows and linux, of course, with these physical access is required.
-
Cracking Password With Only Physical Access
astalavista carries Cracking Password With Only Physical Access (pdf) for both windows and linux, of course, with these physical access is required.
-
Re:compact discs
-
Re:In the mean time, decode their obfuscated code
The correct link: http://www.astalavista.com/?section=dir&cmd=file&
i d=1097 -
Re:Serious question
But then again, there are a lot of time limited software demos, and I don't suppose that anyone tries to hack those...
You say that, but look at sites like astalavista it's chock-full of cracks for time-limited, reduced, or otherwise restricted pieces of software.
Put quite simply, as we all know, DRM does not, can not and will not ever work. People will always find ways round this, and for every 1 industry programmer writing this stuff, there are 10 black-hats out there trying to defeat it.
The above point about iTunes is definitely on the ball, If you don't put in the protection measures, people see no need to crack it.
I'm sure there are plenty of shareware authors out there who make enough out of their totally unprotected products, simply guilt-tripping people to pay, rather than enforcing un-usability. -
how do you know it's the right kid?
The exploit was publicly available even before the first one came out. Check out astalavista for a 'tutorial' on how to do it. That was there before blaster, so this kid may be one of millions who wrote a 'similar' bug, so what's wrong with that? How many people write exploit for known bugs everyday? I don't think you can prosecute somebody beyond the shadow of a doubt when it comes to 'writing a similar' virus. Now if he was caught with the original worm source or something like that, they may have more of a case.
-
Re:MSN hates shopping
yeah but when will they buy the most useful search engine EVER?
http://www.astalavista.com
cheers. -
Re:This is all false information (no, it's not)Howdy,
I did a little research to see if I could validate or invalidate A Proud American's claims. While he is marginally correct on the facts, his interpretation is very far off.
First and foremost, I learned that the FBI and other similar anti-crime organizations of the U.S. government will not (I repeat, will not) prosecute or even attempt to investigate computer-related security crimes that involve less than $5,000 in liabilities.
Semi-true. There is a technical $5,000 threshold in order for the FBI to have federal jurisdiction over cybercrimes. State law still applies. Additionally, the FBI can probably gain jurisdiction to charge with other laws (they've mentioned RICO) if the crimes cross state lines (and there is judicial precedent that sets the bar merely at passing through an out-of-state router, in the case of a threat delivered over AIM with both perpetrator and victim in the same state).
Also, the $5,000 threshold is not particularly strict under new guidelines in the USA PATRIOT Act, so that they encompass summed damages from different attacks, damages in downtime and time responding, etc. In other words, the bar is very low and easily met with semi-probably damages; $5,000 is more of a requirement to prevent people from being charged for, say, portscanning. See here: http://www.astalavista.com/technologies/library/c
r ime/usa.shtml.And civil suits are always an available alternative.
Prison is actually fairly easily awarded; often we complain just as much about the strict jail time for such minor crimes as the lack of jail time.
Other measures of prosecution are becoming much harsher and stricter now, too, especially with all our terror enforcement (er, I mean anti-terror, Mr. Ashcroft, sir) measures. I mentioned RICO above (see here: http://lists.insecure.org/lists/isn/2000/Feb/0029
. html.So prison is a real possibility; federal prosecution is pretty easy to get; but you should all still make sure you keep up to date with security. Just don't rely on A Proud American for your information.
Oh, yah. And befriend me. Please? Pretty please? I'll be your friend!
-
Re:Radio Spectrum UnderutilizedCurrently there are three ways to partition the available spectrum.
CDMA's and CDMA hybrids are being used in favor of the others. Everyone's doing CDMA now.
Checkout http://www.astalavista.com/mobile/wct.shtml for a longer list.
-
Re:How?
First of all, disabling telnet access from the outside is always good. If you're really paranoid, lock your server room, cabinet, and make sure you can only access your router from a serial console.
Many lazy admins never change the passwords on these things. All you need is a list of default passwords and you can start port scanning. Telnet in, on some devices you can tell what model they are by the login prompt, and if they haven't changed the default password, you can do whatever you want.
Here's a list of things you can do:
ISDN modems: Change the #'s the unit dials to some random long distance number, (such as a country that charges $1/minute to call), the modem will try to reconnect a hundred times before anyone figures out whats up. Or, you can change to to a local pizza place, residence, or simply '911'
'Regular' routers: Change the routing tables, disable local users, if you're really bored, you can set up a tftp server, and upload new firmware to the router, but just use a file of all 0's. Reset the router, it'll never come back up...
Another thing to remember is you can usually telnet FROM that router to other hosts on the network.
Now, my boss has Verizon DSL in his Vacation home, and every subscriber got a letter in the mail showing them how to change the password, they were having security breaches on ALL their DSL modems.
Change your default passwords, or some kiddies will do whatever they can. -
Lots of devices have the same problem!
Well check out This website for many common passwords..
From the site:
"NOTE: This listing is only provided as a resource to network administrators and security professionals. It is also meant to remind people that a serious problem exists when people configure a network or a computer system and do not change these passwords. The manufacturers of the listed devices, software or systems are not to blame for this problem, and we are not trying to discredit them or their products. A default login is a means for an end user of a product to complete the initial setup of the device or system. Most manufacturers strongly recommend their end users change these logins and passwords for security reasons."
-
You need four changes
How does XP's hardware signature stuff work with this kind of a machine
At least on a desktop machine, you have to change four internal devices from their state at installation time to trip Windows XP's reactivation.
The devices include the following:
- volume serial number of system partition (based on date and time of formatting)
- network adapter MAC address
- CD-ROM make and model
- CPU serial number
- primary hard disk make and model
- processor make and model
- RAM size
The following are checked only on non-dockable machines:
- SCSI card make and model
- ATA controller make and model
- video card make and model
Source: Study by Fully Licensed GmbH
-
l0pht for MS networks
When I was sysadmin (for a Windows network), I would just run l0pht. If A) the dictionary could hack it, or B) if they didn't have a number or special character, then I forced them to change their password on the next round. (Here is a detailed explanation of the Microsoft vulnerability.)If they didn't change it to something better, I'd give them a quick phone call and politely explain the security policty I was implementing. (Most people are very cooperative if you tell them politely and don't shave your security policy down their throat.)
There are other free programs out there (I forget the names) that generate nice reports based on l0pht findings. You can, for example, say that 80% of the users have passwords the same as their user names, 50% have passwords with one special character in it, etc.
Perhaps CxOs should visit sites like Astalavista.com. They'd then see how easy it is for a cracker to compromise your network! -
Re:Hey
If they ban your subnet, why don't you use an anonymous proxy or something? Try http://www.astalavista.com/privacy/proxy/ for a list of proxies you could use. The only way they'll stop you then is by banned your account, but you could always register another.
Good luck. :) -
sounds cool but...
Those on modems... Personally I would be reluctant to install anything which is going to stream data onto my hard drives especially with all these articles surrounding privacy, cookies, etc. Last time I played a game over PC was about 2 years back which was Q2, but FYI, many gaming companies place demos on cd's in magazines, and many gaming companies have demos on their sites.
IMHO this service is probably going to allow rampant piracy to occur since the full game is downloadable. It's only a certain amount of time before cracks start appearing all over AstaLaVista, and then the companies will wonder why.
If I did play games, personally I would rather go out and buy it in a store, this way I can get out of my house for one, secondly I can get the whole box complete with graphics, instructions, etc. -
So I gotta ask...Would etoys.com have been considered a typosquatter on etoy.com?
Seriously, where do you draw the line? who gets to decided which cases to hear, and what rules do they follow? If it's these guys at ICANN, then perhaps, but WIPO? Yeesh. Say goodbye to your sovereignty, little country.
So what's up next for altavista's legal team? How about evicting astalavista.com?
There can be no democracy without participation