csuchico.edu · Domains · Slashdot Mirror

The reason for Blowfish in OpenBSD passwords by Anonymous Coward · 2000-06-15 00:59 · Score: 3 · on On Choosing Encryption ...

A very interesting paper was presented at USENIX in 1999 that explains why blowfish was chosen as the encryption scheme for OpenBSD passwords.

Someone in the audience with me actually pointed out that twofish would be faster, and the authors of the paper replied that that was precisely why they didn't use it.

It's an interesting paper, nonetheless.

-Jeff Evarts, who has forgotten his Slashdot password

Re:Is it that hard to block doubleclick's cookies? by ZenArcher · 2000-05-21 21:26 · Score: 1 · on FTC Asks To Regulate Privacy; Doubleclick Hires PR Team

The following resource page contains instructions for blocking most ads: Web Ad Blocking Under Linux/Unix, BeOS, MacOS and Windows . It's relatively simple to install and customizable. (So powerful that when I posted a similar comment to a ZDNet forum, the URL was censored^H^H^H^H^H^H^H^H removed!)

root and other security prevention by UnknownSoldier · 2000-03-26 22:39 · Score: 2 · on The Short Life And Hard Times Of A Linux Virus

Q1. How can I rename root? (I want to install a 'fake' root on my system. I do this with NT :) It won't stop the determined hacker, but its enough of a smoke screen.

Q2. Does root always have user id zero? What part of the source can I change to remove this hard-coded number? (Yes I'm aware that many things would break.)

For a great site on securing your Linux system check out the TrinityOS FAQ

http://www.ecst.csuchic o.edu/~dranch/LINUX/index-linux.html

Cheers

Re:A simple lightweight solution to dblClick by jennis · 2000-03-22 02:13 · Score: 2 · on DoubleClick Workaround: IDcide

There's a good website that details this very method for several different operating systems. The nice part is that it already has a nice long list of various advertisement domains that you can cut and paste and not have to deal with again.

Web Ad Blocking Under Linux/Unix, BeOS, MacOS, and Windows

Re:Firewall changes by UnknownSoldier · 2000-03-11 22:20 · Score: 3 · on Glimmers From The 2.4 Horizon

> and I've been kind of hoping/petitioning certain sites like Linux.com to to run an article on transitioning from 2.2 ->2.4::ipchains -> netfilter+iptables

If you want a good starting walk through, you could start here. It doesn't answer all your netfilter setup questions, but it at least its a great start on Linux security:
http://www.ecst.csuchico.e du/~dranch/LINUX/TrinityOS.wri

You can find David Ranch's homepag here:
http://www.ecst.csuchic o.edu/~dranch/LINUX/index-linux.html

Cheers

Re:Firewall changes by UnknownSoldier · 2000-03-11 22:20 · Score: 3 · on Glimmers From The 2.4 Horizon

> and I've been kind of hoping/petitioning certain sites like Linux.com to to run an article on transitioning from 2.2 ->2.4::ipchains -> netfilter+iptables

If you want a good starting walk through, you could start here. It doesn't answer all your netfilter setup questions, but it at least its a great start on Linux security:
http://www.ecst.csuchico.e du/~dranch/LINUX/TrinityOS.wri

You can find David Ranch's homepag here:
http://www.ecst.csuchic o.edu/~dranch/LINUX/index-linux.html

Cheers

Re:Teach Me How To Be Secure by kkelly · 2000-02-16 03:29 · Score: 2 · on Security Expert Dave Dittrich on DDoS Attacks

A good starting point where I learned a great deal is the Trinity OS document. Also try Unix Guru Universe for all things *nix. The information is out there but don't expect to become an expert overnight. As a *nix user of 15 years I still feel like a newbie in a lot of situations. IMHO thats what makes it fun;-)

How To Block DoubleClick's Tracking In Two Steps by @Man · 2000-01-25 12:28 · Score: 1 · on DoubleClick DoubleCross

1. Put all DoubleClick's servers in your /etc/hosts file as 127.0.0.1

2. Put all of DoubleClick's servers in your "bypass proxy for" setting in your browser.

This will kill both their ads and their cookies.

I maintain a web page with a list of their servers and more detailed instructions for unix, windows, and BeOS (with experimental Mac instructions available tonight) using either Netscape or IE at http://www.ecst.csuchico.edu/ ~atman/spam/adblock.html. It is easy and it works great.

Submit to Securing Linux doc ? by UnknownSoldier · 2000-01-24 05:22 · Score: 1 · on Linux Virii On Their Way?

Thats a great idea. Mind if I send it to David Ranch? (so he can incorporate it into his Securing Linux Doc aka "Trinity OS")

Securing Linux - Trinity OS

Cheers

Re:WTF? by kkelly · 2000-01-13 02:40 · Score: 1 · on @Home Responds to the UDP Notice

heh...@Home certainly will not be brushing this off changes will be made in order to prevent the UDP. Newsgroup access is by todays standard part of a basic package offered by any decent ISP. @Home will comply and do it quickly (don't forget about the AOL and Time Warner merger). There has never been more competition in the broadband market.

The whole idea of "scanning the users - finding insecure servers" seems like a lame excuse to me.

How can this be classified as an excuse? The spam is coming from their network. If customers are running insecure servers (linux or whatever) then they are allowing the possibility of unauthorized access to the @Home network. This is not an excuse, it's what should have been done once complaints initially started coming in.

The users should not be allowing outside connections in the first place - so why cannot they filter it at their OWN end

There is minimal risk in allowing outside connections to your box if the necessary steps
are taken to secure your box PROPERLY. I almost always have a ssh connection going between work and my SuSe box @home (no pun intended) this aids productivity since most of the Sys V and Dynix boxen at work have terribly outdated tools on them. Allowing connections or running servers is a big responsibility that most take too lightly. I learned early as my old redhat box was rooted the same day I put up my first box. This was no ones fault but my own.

A good first step for securing your linux boxen is reading the Trinity OS document which can be found here.

David Ranch by Afterimage · 2000-01-03 01:00 · Score: 1 · on Category: Unsung Hero

Caretaker of the Trinity OS document, David Ranch has put together a solid series of well-maintained recommendations for not only securing Linux, but configuring it from the ground-up. Best of all, I like the fact that he seems to follow the Perl motto. No one distro is necessarily any better, at least once the Trinity OS helps you lock down or tweak what wasn't before.

Thanks for the hard work.

Ad and cookie blocking by @Man · 1999-12-05 00:29 · Score: 1 · on Cookies are Security Hole in HTML Email

If you use Netscape to browse and read mail under some variety of Unix, including Linux, you can greatly reduce this problem by following the two-step configuration instructions at

@Man's Ad Blocking Page.

It will also block banner ads. The server list is updated almost daily.

@Man

Attention Fat Corporate Bastards! by ch-chuck · 1999-12-02 21:52 · Score: 4 · on No EToy for Christmas

recently spotted this in LinuxJournal and was rofl.

Chuck

stuff that is good by pberry · 1999-10-21 12:48 · Score: 1 · on Geeks In Space: Live from the New Studio

The thing that I really like about GiS is the "inside view" of slashdot. I'm being totally serious. It's nice to hear a little bit more on a topic that was posted than "from-the-stuff-that-you-should-read-dept."

I like the fx with the new equipment. The last episode was painful (fx wise that is)

As many others have said, humor is always good. Nothing like a little inside joke with the small group of slashdot readers... ;-)

It makes me want to get into radio again...of course I doubt chico state would let me back in now...

Pick a good CS school; Learn languages on your own by ikluft · 1999-10-09 14:51 · Score: 1 · on High Intensity Computer Colleges?

I think that regardless of the stature (and price) of the college or university you attend, you can make a big difference in your knowledge the subject by your own personal projects while at school. Be a geek - do technical stuff just to learn from it, and you don't have to wait for college to start on that. So pick as good a Computer Science school as you can afford and plan to continue to pursue programming as a hobby anyway while at school. That way you'll make yourself stand out from the crowd when you interview for entry-level software engineering jobs.

As a rule of thumb to start with, universities which have their Computer Science program under the same school or department as Engineering are preferable over ones which associate it with their Math department.

Make sure the Computer Science program you attend has a curriculum with sufficiently difficult classes in

several programming languages
algorithms and data structures
operating systems
advanced classes in your choice of several areas of empahsis:
- systems design
- databases
- mathematics
- business

Why look for difficult classes? Because employers generally find out how tough the curriculum of a given school is from performance of previous grads. They go back again to recruit at schools they got good people from. Though you can't predict how the hiring scenario will be the year you'll graduate, this stacks the deck in your favor. (So long as the Internet continues to fuel the economy, I think you'll find smooth sailing in the job market.)

I got my BSCS (1988) and MSCS (1991) at California State University, Chico. As a northern California native who does not come from a wealthy background, I had to focus on state schools in my search for a college to go to.

Fortunately, you can get a good education from a state university. But you have to check how well-funded the Computer Science program is and the quality of its curriculum. At least for the 23-campus CSU system, one university can be world class in a few majors and mediocre in everything else at the campus. California's UC system is better funded (and therefore better at more subjects per campus) but more expensive. What you want to know is whether they're good in Computer Science. Depending on where you live, some of these comparisons will hopefully be helpful in what to look for.

I was lucky that the nearest CSU campus (CSU Chico) to where I went to high school had a good curriculum and reputation in Computer Science, not to mention that their MSCS program is available via satellite across North America. And I run into CSU Chico grads all over the industry now.

Pick a good CS school; Learn languages on your own by ikluft · 1999-10-09 14:51 · Score: 1 · on High Intensity Computer Colleges?

I think that regardless of the stature (and price) of the college or university you attend, you can make a big difference in your knowledge the subject by your own personal projects while at school. Be a geek - do technical stuff just to learn from it, and you don't have to wait for college to start on that. So pick as good a Computer Science school as you can afford and plan to continue to pursue programming as a hobby anyway while at school. That way you'll make yourself stand out from the crowd when you interview for entry-level software engineering jobs.

As a rule of thumb to start with, universities which have their Computer Science program under the same school or department as Engineering are preferable over ones which associate it with their Math department.

Make sure the Computer Science program you attend has a curriculum with sufficiently difficult classes in

several programming languages
algorithms and data structures
operating systems
advanced classes in your choice of several areas of empahsis:
- systems design
- databases
- mathematics
- business

Why look for difficult classes? Because employers generally find out how tough the curriculum of a given school is from performance of previous grads. They go back again to recruit at schools they got good people from. Though you can't predict how the hiring scenario will be the year you'll graduate, this stacks the deck in your favor. (So long as the Internet continues to fuel the economy, I think you'll find smooth sailing in the job market.)

I got my BSCS (1988) and MSCS (1991) at California State University, Chico. As a northern California native who does not come from a wealthy background, I had to focus on state schools in my search for a college to go to.

Fortunately, you can get a good education from a state university. But you have to check how well-funded the Computer Science program is and the quality of its curriculum. At least for the 23-campus CSU system, one university can be world class in a few majors and mediocre in everything else at the campus. California's UC system is better funded (and therefore better at more subjects per campus) but more expensive. What you want to know is whether they're good in Computer Science. Depending on where you live, some of these comparisons will hopefully be helpful in what to look for.

I was lucky that the nearest CSU campus (CSU Chico) to where I went to high school had a good curriculum and reputation in Computer Science, not to mention that their MSCS program is available via satellite across North America. And I run into CSU Chico grads all over the industry now.

Re:Overload by justo · 1999-08-30 06:19 · Score: 1 · on Load Test the New Slashdot Setup

Slashdot:News for Nerds. Stuff that Matters. faq
code
awards
privacy
slashNET
older stuff
rob's page
preferences
andover.net
submit story
advertising
supporters
past polls
topics
about
jobs
hof

Sections books
ask slashdot
features
radio

This page was generated by a Swarm of Psycho Chickens for justo (2858).

Slashdot Load Testing (Continues) Posted by CmdrTaco on Mon August 30, 02:13 PM EDT
from the ain't-this-fun? dept.
Fixed so far:

Dropped http MaxClients down to 75
increased mysql max_connections to to 250

(they were 150 & 100, so we had 450 http forks fighting for 100 mysql connections. Oops! Thank god for load testing! I guess its problably good that I post another story just so that we can simulate normal Slashdot a little better: Slashdot doesn't usually have just 1 story with people posting on (well, unless we mention evolution or the GPL being violated or something) (Oh, and don't post comments with bug reports, there is no way I'll be able to keep up, email 'em. I won't reply, but I'll read it)

( Read More... | 190 of 190 comments )

Help Test Our New Server! Posted by CmdrTaco on Mon August 30, 12:51 PM EDT
from the load-testing-is-cool dept.
So here it is: A mirror of Slashdot (as of a week or so ago). It exists now for testing: So feel free to post comments and help test the new load balancer. For the curious, the new system has 3 http machines (P2s) and one mysql box (a dual P2) with a load balancer trying to keep everyone all equally busy. And its about time: the old setup has been really stressed out trying to keep up with everyone. Anyway, don't get to attached to any of your comments here, when we're satisfied that the new setup is stable, I'm gonna mirror over Slashdot and make the final switcheroo.

( Read More... | 335 of 335 comments )

Interview: Mandrake Answers Posted by Roblimo on Fri August 20, 12:00 PM EDT
from the x-leads-to-enlightenment dept.
Monday a whole bunch of people had questions for Mandrake, one of the heavies behind Enlightenment. Slashdot Moderators picked the best ones. We forwarded them, unedited, to Mandrake on Tuesday. His (excellent) answers appear below.

( Read More... | 11562 bytes in body | 9 of 9 comments )

Geeks in the Space: The Attack of 5 Posted by Hemos on Thu August 19, 04:10 AM EDT
from the more-stuff-to-listen-to dept.
Well, we've done it again. Yes, Geeks in Space, Episode 5 has been released. In it, we lament the lack of good news, talk about anti-matter, and the hiring of hacks by companies. You can also become...educated in my long-term plan for the hostile takeover of a certain Redmond-based company.

( Read More... | 14 of 17 comments )

Apple announces Darwin 0.3 Posted by Hemos on Thu August 19, 12:24 AM EDT
from the more-to-download dept.
J. FoxGlov writes "Macintouch reports that v0.3 of Darwin, the open-source foundation for Mac OS X Server is available on Apple's Public Source site. Apple Developer Connection members can get it on CD for $29. Check Public Source for more about the Darwin SDK and the new Darwin. "

( Read More... | 67 of 68 comments )

Microsoft's New Audio Format Cracked Posted by Hemos on Wed August 18, 05:23 PM EDT
from the secure-this-buddy dept.
Barcode (JPB) was one of the first to send us the word from Wired that the new audio format Microsoft introduced (Two days ago), supposed to be a secure format (resricting playback) has already been cracked. Dimension Music first carried the news-and what a name the crack has *grin*.

( Read More... | 238 of 240 comments )

Find your Star Wars Twin Posted by Hemos on Wed August 18, 05:16 PM EDT
from the what-freud-really-wanted-to-do dept.
The_Monk writes "Ever wanted to know your Star Wars twin? Now this incredibly important information can be verified. It placed me the likes of Astro Mech Droids, 'Tarkin, and R2-D2. " Ahem-as the lost twin of Lando (extraversion), I have a Cloud City I'd like to sell someone. But I'm about as agreeable as Boba, always a bonus.

( Read More... | 94 of 94 comments )

Now Police Can 'See' Through Walls Posted by Roblimo on Wed August 18, 12:40 PM EDT
from the move-along-there's-nothing-to-see-here dept.
Bram writes "Just found an article about another way to invade privacy." He's talking about hand-held radar systems police can use to detect breathing, beating hearts or other motion through walls and other obstacles. Sounds like a declassified version of the Ground Support Radar [GSR] units we used years ago in the Army. I can see why police would want them, and I can also see why Bram considers them a privacy threat. Depends on how they're used, I suppose.

( Read More... | 205 of 205 comments )

FreeType posts patent warning Posted by Hemos on Wed August 18, 11:53 AM EDT
from the i-want-my-verdonna dept.
Anonymous Coward writes "According to the the FreeType web page, there have been some new concerns raised about Apple's patents on TrueType. I hope this doesn't affect the planned TrueType support in XF86 4. " It appears that they are still checking into the issue, but I'd really like TrueType support. A lot. Let's hope Apple responds nicely.

( Read More... | 202 of 206 comments )

Microsoft to "publish code" to Instant Messenger Posted by Hemos on Wed August 18, 09:49 AM EDT
from the want-more-market-share dept.
VFVTHUNTER writes "According to this article at cnet, MS, in an attempt to gain a share of AOL's Instant Messenger Service Market, announced today it is going to publish the protocol to its own messenger service. " It's important to note it's NOT the source code, just the protocol.

( Read More... | 192 of 192 comments )

natelinx

Be News

Unisys gif-lzw-license Model Changed

YMF724 Driver Patch

Guidelines for Sane Advocacy

BeNews Is Moving - Outages Planned

Audio Buzz "Fixes" Announced

Austin BUG Meeting This Wednesday

Wacom Driver Goes Open Source

3dsound Secrets Revealed

ACE Bot, Devastation for Quake2

Be.com Frontpage Layout Updated Get more Be...

Alta Vista Search Alta Vista

any language Chinese Czech Danish Dutch English Estonian Finnish French German Greek Hebrew Hungarian Icelandic Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Spanish Swedish

Q3Arena.com

Game Name Builder v1.32

John Carmack Updated His .plan

Voice Actors Needed

KOTS Mod Needs Servers

More Ass Kicking Quake Action...