Slashdot Mirror

Here you go. My transcription so it may not be perfect but it'll save you some initial effort.
Using Pastebin since /.'s filter doesn't like enciphered notes.

Ricky McCormick murder notes

Jacob Appelbaum tweeted this earlier. Comodohacker may be for real.

It appears that the #comodogate hacker has posted the secret key for Mozilla's cert: http://pastebin.com/X8znzPWH

What the fuck? "To see the contents of this list you should enable Javascript." Well fuck no! I don't trust you evil Google, and so I don't enable JS for you!

A simple table, or list, and it requires JavaScript? That's fucked up. Progressive enhancement, or graceful degradation (whichever one of these you prefer) is essential to providing an accessible, usable, and useful web. Two different design philosophies, that amount, in this case, to the same thing. If the browser is not JavaScript aware, capable, or has it turned off, the browser should still be able to access the information!

Anyway, from the first link, I can see that AbiWord, a great, fast, and cross-platform word processor, is on the list. I use it all the time, 'cause it opens up so much faster than OOo.

(On the list, some kind soul pasted it too: http://pastebin.com/raw.php?i=tmw4JCFU. Though it's in CSV format.)

I can see from the list, that DokuWiki, DragonFly BSD, Freenet, LibreOffice, MoinMoin (another wiki system...) and QEMU also got listed. There are a lot of other good projects there too. I don't use most of the projects, but knowing they are there, is good.

*sigh* Fine, APK. Here's a version that outputs '0' style hosts files if the you run it with '0' as an arg:
http://pastebin.com/nNZ7sc9h

So now I have completely replicated your app, but in 64 lines of shell. These 64 lines of shell were produced in 1/40th the time you took to get to where you are, and run 5 times faster.

By the way, did you write the Delphi compiler? Or the Delphi/Win32 standard libraries that your program uses? No. You did not. So lets not hear any more of the bullshit about me not having written sed. By choosing more suitable tools, I have created a better solution. A better solution to a problem that should never have been solved in the first place.

I hereby declare victory over APK. I can see the headlines - "Unix Sysadmin destroys experienced Delphi developer in hosts file idiocy."

Hah! That script's been kicking about for months:
http://pastebin.com/hucPYdFn
Didn't know it was from a /. thread, though.

You do not really seem to be in the know. Also here is a lot moreinformation. To sum it all up for you. Mr Barr was planning on selling false information to the FBI in the name of "Research" which had wrong names connected to innocent people, and also wanted journalists of free press silenced.

Everything they do is for entertainment value. Because they're not terrorists; they're trolls.

You're missing the point of "who anonymous is" just like all the media organization who call them an elite group of "hackers on steroids" or a domestic terrorist organization or any kind of organization. Anonymous is anyone who shows up on 4chan, or their IRC channels, or who DOESN'T show up there but participates in things that started there like trolling all their favorite tagets, posting flicker animations to epilepsy boards, Project Chanology, DDOSing the flame of the day, or whatever. Or anyone who doesn't show up there, doesn't participate, and calls themselves part of "Anonymous."

Anonymous is full of "moralfags" who hate the trolling. And it's easy to prove that a lot of the people who have recently been the most attention-grabbing members of Anonymous regarding HB Gary Federal are some of the most anti-troll people you can find. How? The female CEO of HB Gary [NOT Federal] actually popped by the AnonOps IRC channel to ask (or really an odd combination between beg and demand) them to remove her company's emails from the torrent.

So a bunch of people you're classifying as trolls have the female CEO of a large security company popping into AnonOps IRC to beg them for mercy... so they troll the fuck out of her, right? Wrong. In fact, the one total troll who pops up quickly has a bunch of the rest of the channel asking for +m to shut the trolls up. Nearly everyone is polite and courteous to her. Read it yourself, she comes in at 522, but it's interesting that before that there's a lot of discussion about setting +m to shut up the trolls. Everyone seems to admonish everyone over and over to slow down and be nice to her.

So again... don't classify Anonymous. Is it riddled with fierce trolls? Absolutely, a lot of people who hang out on 4chan are "the internet's hate machine" and love trolling the fuck out of anybody. But that doesn't mean you can classify Anonymous as trolls, because Anonymous is whoever shows up, or whoever doesn't show up but participates, or whoever doesn't show up or participate and calls themselves Anonymous. So Anonymous is scared deranged 12-year olds who hide in their parents basements and taunt strangers with horrible obscenities for lulz because they get beat up at school, but it's also people who will lay their personal well-being on the line to try damage a dangerous cult, and it's people who will risk potential life imprisonment to defend their views on freedom of speech, and people who want to help the people of Egypt communicate when their dictator shut down the internet, and it's apparently some people with actual cracking skills, and it's a surprisingly large number of people who want to maintain a civil dialog with a CEO who comes into an Anonymous forum to talk to them.

Only classify anonymous by the actions readily attributable to whoever's calling themselves Anonymous these days. If they were overwhelmingly a pack of trolls at one point, they could include the My Little Pony fan club next week. They include trolls. Maybe they do include terrorists. Maybe they include heroes. Certainly some of the members want to be V for Vendetta style terrorist-heros, and V was chivalrous in his heroism, an anti-troll.

Actually I'm pretty sure Barr said he would sell the names to the FBI.

Yes and no. He claimed that he wasn't going to release names, and Ars Technica seems to confirm that from publicly released information related to this incident.

However, this tidbit would probably explain why Anonymous retaliated:

But Barr got his Financial Times story, and with it the publicity he sought. He also made clear that he had the real names, and Anonymous knew he would soon meet with the FBI. Though Barr apparently planned to keep his names and addresses private even at this meeting, it was easy to see why Anonymous would have doubts.

Considering that Barr mentioned elsewhere (in the leaked e-mails Ars reported) that he was doing this for publicity and to bring in money--and probably also to bolster his company's name since that wing of HBGary was going to be sold for ~$2 million--I'm not sure you could trust him as far as he could be kicked. Even his programmer expressed concerns with what Barr was doing (both to Barr as well as company executives). So no, Barr never publicly stated he would release names--maybe he did in the leaked e-mails--but the guy was an arrogant tool. I don't condone what Anonymous did, mainly because it hurt many other people in the process, but I can't imagine a more deserving target of public embarrassment than Mr. Barr.

Barr's typing was also atrocious. In a way, I think they should have gone after him for that alone, but I think that's just my inner grammar Nazi talking.

Funny, just today in the morning I was reading the article you linked. I went to read the irc log from the chat between HBgary owner and Anonymous (around line 522). From my understanding, HBGary owns 15% of HBGary Federal... The lady was imploring Anonymous not to go against the company.

ham radio already setting up: http://pastebin.com/fHHBqZ7Q

The time required to find a random key is, on average, the time required to test half the key space. The average time to break an encryption scheme by brute force given by:

T(n,k) = (1/2)*(n*H)*(c^k)

where:

H is the time to compute the has function once.
n is the number of recursions of the hash function.
c is the character set used for the password.
k is the length of the password.

Because legitimate users only have to test one or two passwords, n can be very large without adversely impacting legitimate users. Obviously, the better solution is to start with a Diffie-Hellman key exchange and verify the identities of the client and access point with certificates distributed out of band (USB, printed dotcodes, etc.).

For the record, hashing is used in WPA-PSK to de-correlate the password and the key and to mitigate the problem of frequently used passwords. The password is salted with the SSID then passed through SHA1-256 4096 times. This means that if your SSID isn't one of the the top 1000 for which a pre-computed rainbow table exists, the attacker has to do it themselves. The hashing, therefore, slows down dictionary attack by a factor of 4096. Of course, if you actually use randomly generated passwords (few do), this is only the equivalent of about 2 extra characters.

I suspect that the the GPGPU speed improvement mainly occurs in calculating the hash. If the hash were fast, the bottleneck would be reading the word list from disk. People cracking WPA on GPUs

erk: C0 CE FE 84 C2 27 F7 5B D0 7A 7E B8 46 50 9F 93 B2 38 E7 70 DA CB 9F F4 A3 88 F8 12 48 2B E2 1B riv: 47 EE 74 54 E4 77 4C C9 B8 96 0C 7B 59 F4 C1 4D pub: C2 D4 AA F3 19 35 50 19 AF 99 D4 4E 2B 58 CA 29 25 2C 89 12 3D 11 D6 21 8F 40 B1 38 CA B2 9B 71 01 F3 AE B7 2A 97 50 19 R: 80 6E 07 8F A1 52 97 90 CE 1A AE 02 BA DD 6F AA A6 AF 74 17 n: E1 3A 7E BC 3A CC EB 1C B5 6C C8 60 FC AB DB 6A 04 8C 55 E1 K: BA 90 55 91 68 61 B9 77 ED CB ED 92 00 50 92 F6 6C 7A 3D 8D Da: C5 B2 BF A1 A4 13 DD 16 F2 6D 31 C0 F2 ED 47 20 DC FB 06 70 Sorry Sony, don't know how that happened. My cat jumped on the keyboard. http://pastebin.com/R3vqSbEC -- The real list of keys....

wat? I don't understand this. I guess I should blog about it so that someone can enlighten me.

Lining up the LHS is one thing. How about lining up the RHS? Or components of a statement? Like the below pseudocode? How would you do something like that in python?

http://pastebin.com/GjvLbhxZ Almost exactly like you did it with your pseudocode. :-)

Enjoy:
http://pastebin.com/Vq5eUnig

None of the data sources required anything more than a bog standard sed/grep line to extract the relevant data.

20 minutes runtime to do that? Hang your head in shame, Sir.

Screw all this talk, lets look at the page source code and go from there. I booted Knoppix, and pulled up Iceweasel and copy and pasted the page source from wikileaks.info. My html and Javascript skills are not the sharpest. My skills are best in other areas. However, I noticed there is too much talk and not enough transparency here so I posted the page source so hopefully someone would analyze it and talk about the contents rather than jumping on sides of the arguments like some deranged trolls. Lets have a discussion that not owned by a bunch of drama queens, True geeks work with logic, not Drama. End of anti-troll rant.. Heres the pastebin link. http://pastebin.com/dyMkdZEG

Now this link shows account suspended. The tweet was: "Mr Assange should be aggressively interrogated until he reveals the location of the stolen cables, so they can be retrieved." from the account BronwynBishopMP.

Google Cache: http://webcache.googleusercontent.com/search?q=cache:http%3A%2F%2Ftwitter.com%2FBronwynBishopMP%2Fstatus%2F14139358206492672

Pastebin of the Google Cache source: http://pastebin.com/5G3JgBMH

Better luck trying to put the cat back in the bag next time

From http://pastebin.com/9rRmf6W5:
"Gawker uses a really outdated hashing algorithm known as DES (Data Encryption Standard).
Because DES has a maximum of 8chars using a password like "abcdefgh1234" only the
first 8 characters "abcdefgh" are encrypted and stored in the database. If your
password is longer than 8 characters you only need to enter the first 8 characters
to log in! "
The LM hash generated two hashes using DES from two 7 byte parts of a 14 byte password.
Basically they use each individual 7 byte part as a DES key to encrypt a fixed string.
Repeat this twice for each 7 byte part, and concatenate the results, and you get the LM hash.

Who said they were clear text? They look pretty hashed to me.

http://pastebin.com/raw.php?i=M2MUEdv4

http://pastebin.com/raw.php?i=M2MUEdv4

Fire up your rainbow tables :-)

Excuse me - vim CANNOT handle Unicode fine. Just open any files with Unicode Complex Script. You will know how fine vim handles unicode ? Do you see the following text same in your browser and vim. Just check it--- http://pastebin.com/LdCFTpq1

How many times did you submit that before you got it right?

About 2500 times... No, I didn't submit those manually, but instead used this

Obviously google only censors certain words from their list of banned short url expressions. How long before we see 0xDEADBEEF and 0xCAFEBABE?

hehe... but it'll take a while until the 4 letter character space is full, never mind reaching 8 letters...

Can we get spam? sp4m? Any other variant?

... is not in yet... But I'll keep you posted once it (or variants...) show up...

goo.gl shortens goo.gl url's as well! No, I will not write an evil script. Someone has to do the 'No Evil', right?

... and you'd hit browser redirect limits real fast. However, goo.gl shortens URL with different # suffixes (ignored by the web server) to different short urls. And pastebin has a script

Run it. Wait a while. Run it again. Wait a while. Run it again. Change IP. Run it again...

While I'm no C programmer, the Ksplice program appears to have copied code verbatim from the publicly available exploit code.

I don't think Ksplice would publish a binary (and source) that would do anything bad. They depend on the Linux community for revenue. (and also on Slashdot, it seems, for helping them boost revenue with scare tactics)

Here's a smaller t-shirt: http://pastebin.com/riCLvS0g

because slashdot does not like me, here is my reply:

http://pastebin.com/GPtSNUS8

What if I don't agree to the license when I'm installing the software? Until you agree to it, you ARE an owner of the software - seeing as how you already paid for it. That means you can do anything you want with it, including click an "Agree" button, without the authors permission. As long as you follow copyright law, you aren't bound by the author's will. Since you don't need permission to click the "Agree" button, that means you can do it without being forced into an agreement. Besides, how the hell could clicking a button on a screen have the same legal weight as signing a real document? What if the cat walks across the keyboard?

Anyway, to get around this, I usually hack the installer. If the installer no longer contains their license agreement, then, of course, when you click "Agree", then you could only be agreeing to (if anything) the new license text that you replaced it with.

I don't have a webhost right now, but here is the source code for a program that hacks EULA's for you. Run your installer, get to the point where the EULA is on the screen, then run this program. Bring focus back to the window containing the EULA quickly (you have 4 seconds). When 4 seconds is up, it will hack whatever EULA it finds in the foreground window.

This program seems to work for anything that besides blizzard games, which put their EULA's inside the game, rendered by DirectX.

Verizon Business. Actually the root certificate signing them is "GTE CyberTrust"
/CN=GTE CyberTrust Global Root, OU = "GTE CyberTrust Solutions, Inc.", O = GTE Corporation, C=US/

For the benefit of anyone who would like to see full details, I have pastebin'd the entire certificate chain of a HTTPS session Etisalat cert chain

Based on the certificate presented by https://www.eim.ae/:

*.eim.ae

Issued to: CN=*.eim.ae, O=Etisalat, OU=SOM // Serial=0E:12
Issued by: CN=Comtrust Server Certification Authority, O=Etisalat, OU=Etisalat eBusiness Services, Not valid before 5/6/09, not valid after 5/6/11
SHA1

Comtrust Server Certification Authority

Issued by: CN=Comtrust Root Certification Authority, OU=Etisalat eBusiness Services, O=Etisalat, C=AE
Issued to: CN=Comtrust Server Certification Authority, O=Etisalat, OU=Etisalat eBusiness Services, C = AE
Not valid before 10/5/06 6:24:51 GMT
Not valid after 12/19/15 23:59:00 GMT
CRL not-critical URI: http://comtrust.etisalat.ae/rootca.crl

Comtrust Root Certification Authority

Issued by: CN=GTE CyberTrust Global Root, OU = "GTE CyberTrust Solutions, Inc.", O = GTE Corporation, C=US
Issued to: CN=Comtrust Root Certification Authority, OU=Etisalat eBusiness Services, O=Etisalat, C=AE
Not valid before 12/19/05 18:13:00 GMT
Not valid after 12/19/15 23:59:00 GMT
CRL not-critical URI: http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl

Feel free to make suggestions: pdfocr.

I didn't know coreboot supported loading linux directly. For those of us stuck without it, a bootloader with linux support that fits in the MBR would be a good fit in the boot stack that I described previously. Coincidentally, I wrote such a bootloader (which is when I read up on EFI), and this seems as good a place as any to give it away. Here it is.

http://pastebin.com/vuRxVfbx

http://pastebin.com/vuRxVfbx

Here it is after running it through a javascript beautifier. ... From what I see, yeah, he implemented it.

Pure text paper without the images
The images

Text of the article

Actually, I believe the point is to print "hello, world".

Actually, her point was to just return an exit status of 42.

However, if you really want to see hello world, add 37 bytes, and use this.

The program output was '42'.

No, that was not the output, that was the exit status.

However, for just 37 bytes more, you can have a real hello world program: http://pastebin.com/bnR8P2Hs

True, and she misses the perfect size by three bytes.

But for just 37 bytes more, you can have hello world: http://pastebin.com/bnR8P2Hs

Something like pastebin would have been useful.

http://pastebin.com/

As crazy as it sounds, this seems like more of an angry rant than an extortion request:

http://pastebin.com/DiBd9kAL

bah.. ofcource. The damn tags screwed me over. http://pastebin.com/m622979a6

Does anyone else thing its sad that a technical site has bugs preventing people from pasting code in comments?

I use XMonad and was thinking the same thing as soon as I started reading the summary. Unfortunately the poster specifically claims to want a "traditional" DE setup, rather than a lightweight tiling WM. I've heard of using XMonad as the WM for Gnome, but I'm not sure how easy it is to set up or how well it works.

It's easy to set up and works extremely well, but you have to be willing to hack Haskell to configure the thing once it's up and running, and you have to be happy with a tiling WM.

That said, at the most basic, you just have to install xmonad somehow (apt-get, hackage, etc), create a Gnome desktop file for it (here's an example... just edit the path to xmonad and copy it to ~/.local/share/applications/xmonad.desktop), and then use gconf-editor to change this key:

/desktop/gnome/session/required_components/windowmanager

to xmonad. Logout, log back in, and enjoy!

Appearantly slashdot has a check on lenght of lines.

Here's a first throw at a list: Slashdot reference guide

A small exert, feel free to add:

20. Imagine a
21. Beowulf cluster of those
22. [NO CARRIER]
23. Warning! Do not {0} into {2} with remaining {3}!
24. insensitive clod
25. defective by design
26. real girl
27. girlfriend
28. general reference to not having a girlfriend
29. disputing claim of having a real girlfriend
30. elaboration on the personal meaning of mentioned "girlfriend"
31. residence reference to basement
32. residence reference to attic
33. reference to lack of sex
34. reference to abundance of sex
35. drowning argument of lack of sex with porn reference
36. pointing out girls become women
37. elaboration on divorce
38. elaboration on advantages of divorce
39. elaboration on advantages of marriage
40. romantic declaration
41. mocking of romance
42. a real girl
43. reference to masturbating old men
44. link to porn

I decided to look at the php one properly. Their php code, which I had to type out manually because their pdf (2.3MB! for a single page) is used to contain a picture, doesn't work. There seem to be several bugs I fixed two then gave up since it was easier just to rewrite the damn thing. Secondly the php, even if it wasn't buggy, would produce different output to their revtalk code since the revtalk function returns a string of space separated words (I think, I can't run their code) whereas the php returns an associative array which they the concatenate into a comma separated string outside of the function.

After a rewrite the php code was 16 lines after formatting with the same white space as their rev code (one empty line).

http://pastebin.com/m152a1a0a

I will admit that it is not very pretty code and I couldn't be bothered to comment it but I haven't used any tricks like sticking lots of functions onto one big line.

http://pastebin.com/m67281bd6 :D I have nothing better to do. Optimized to save known values and not recalculate them.

A python version that returns the cycle length is available here. Of course it can be optimised by storing known concluding cycles and terminating immediately if you hit one. But the code works for stupidly large numbers without any issues (can't paste example as the filter complains)

"Very little code"? Bah! Kids these days...

This will run on any system where `dc` is installed.

Oh, I should mention that I mash very large random numbers into this ruby script and it doesn't overflow. Instead it gets a stack error...

So small update, nonrecursive edition:

http://pastebin.com/m29c38ed3

It worked fine for a 40+ digit whole number pasted about 20 times...

This is something Ruby is DESIGNED for.

http://pastebin.com/m25fc9de4

I popped this out in a few minutes, but if it can be modified to save every valid Collatz number it finds and not recalculate anything at all it can go pretty fast for very little code and eat all your RAM in the process :)

Ever heard of the "Streisand Effect"?

You can't cause people to "unlearn" something. An example for ya...

Enjoy your broken system. Or maybe you'd better change it, word is REALLY out now.

1: Ability - I can accept all of that, but when their response is 'we see this all the time, we're right, your wrong' after I've shown they clearly were not right. They say 'your server isn't accepting connections' I say 'but my other client can connect and works just fine' they say 'your server isn't listening for connections we know what we're talking about' I don't have to know anything about Myth to know they are just wastes of planetary resources at that point.

2: Affiliation - If you're going to suggest on your project website to go to a specific IRC channel, then you have to realize that the feeling people get in that channel is going to be directly associated with your project.

3: Incentive - It wasn't a matter of not getting a response, I got responses before I finished stating my problem.

4: Price - Flately wrong, I spent more time trying to get them to shutup long enough to hear me out than any savings they provided. Its not free, it cost me my time, and like it or not, reflects on the project itself.

Pay support may hide it but that doesn't excuse abusive behavior in 'free' support.

In your second list:

1 - ability - Considering the 'help' I got from one guy resulted in basically 'weird, it looks like everything is working from the log', then you'll get that pretty much in first layer support from anyone so I wouldn't have wasted any time.

2 - Affiliation - When the website says 'go here for help' and you go there, and get a bad experience, you associate it with the project, they did after all, suggest I go there. This is no different in paid support or with commercial products. A commercial vender suggests support from a company I have a bad experience with I certainly do expect the parent company to address the issue, I do hold it against them.

3 - Incentive - Citation needed. Paid services most certainly do care, maybe not the drones on the phone, but you are a paying customer, they want you to stay so they can keep getting paid with your money. They piss off to many customers, they don't get paid. The drones may not realize this, but too many complaints and they'll get fired. My company has support personal too, we most CERTAINLY care about what our customers think of their service.

At the end of the day, my problem was solved, by myself, at the cost of several hours of my time. I'm not sure if it would have been quicker if I had not joined or not. Its hard to say since I'm sure the interaction did sway my path to some extent, I don't know if I would have found it sooner or later since there was no specific part in the conversation that guided me to the problem. The one helpful soul came to the same conclusion I was at when I joined. 'the debug log says its working'. I finally gave up and started checking every configuration option one at a time, as I had a working client on another machine.

Were they rude? Depends on your exact definition. Yes, I think they were. After pointing out that the reasons they were giving me were not the case, and I get a response of 'we do this all the time we know more than you' even though they clearly did not know the problem in this case nor did they bother to even look at the fact that I had proof that it they were wrong. They made the choice to not acknowledge that I may not be a complete idiot or listen. You can see for yourself: http://pastebin.com/m2cfd19dd

I'm BitS in that log, read the first 40-50 lines if you'd like. I admit that I got frustrated, but I certainly tried initially to accept the fact that they deal with newbies all day long. I admit I was frustrated when I joined and tried to take that into consideration, there was no such consideration on the other side.

I did make a mistake in my original post, looking at that log, wagnerrp was there from the start and did make every attempt at being useful, even if he didn't solve the problem, I appreciate the effort either way.