Domain: undernet.org
Stories and comments across the archive that link to undernet.org.
Comments · 14
-
Oracle and SAP are competing h4><0r teamsThis is way too similar to be coincidence. Reread the summary and then quote: Several other hosted web sites...were located with a script designed to "spider" some IP address ranges for hosted servers that are commonly...used for this purpose. Since it is almost always hosted on the main page, only that page was searched.
...there are two other variants of the client-side executable.
This file listing shows several directories and archive files. One of these files contains the server-side code used to collect the data. The other file contains server-side code for an administrator interface and a "customer" interface for data mining.
They are CGI applications written entirely in perl...There are perl modules, written as plug-ins for the server-side framework, for parsing out and storing the information collected by each of these and code for sending options data. There is code for loading the flat files produced by the collection code into MySQL...The front-end code provides a nice login page, generates views into indexed data, and provides account management.
This interface is designed so that an administrator adds customer accounts to the database. Customers can also log in and get results from queries based on certain fields (URL, form parameters, and so on). Each of these customer-generated queries has an associated price.
There are also other files that set default parameters, a default MySQL username and password for example. None of these default values worked on this server.
The stolen data is held in directories whose names can be guessed. Using the base directory from the perl code (translated according to the web server's DocumentRoot), combine these with version_id and user_id (generated ID for each infection) for subdirectories, and one can brute force directory names....one can script the wget utility and fetch of all the data residing on the server. There is no need to query the MySQL database.
the results added up to more than $2 million. And that, your honor, is exactly how SAP went about stealing Oracle's trojan, errr, proprietary customer management code.
From the summary: in many cases by use of pretextual customer log-in credentials, to Oracle's proprietary, password-protected customer support website.'" Did the customer support website look like this, or this? -
The point isn't "Free Ryzom"...
...The point is to create (or buy and free, in this case), a complete MMORPG gaming system. It's the MMORPG version of the Unreal Engine, for comparison's sake.
So the game wasn't that great. It's open source now, get a group of people together (a la Legend of the Green Dragon), and make a new world system based in the engine.
So it might take several servers and people to run the system. Set it up distributed, get someone to contribute the services of their 3DNS server somewhere, and now not only are you distributed, but you have geographical load balancing.
Commenters are talking about this as if the idea that a group of people on the IntarWebs can't democratically organize a large distributed server environment and keep it running the latest code and staffed with admins. I wouldn't mention that to the people at all of the various irc networks, who have been doing exactly that for years, you might discourage them and make them shut down networks that have been running for longer than a decade.
And even if the whole Massive part of the game doesn't take off, who's to say specialty environments won't crop up, with admin tools and pre-formed game world content, a la AD&D or GURPS Modules and Expansions, letting players run actual 3D immersive campaigns on a single server somewhere for relatively small groups of people. For that matter, the idea of online 3D Battletech with the whole army of people that I used to play with years ago, instead of going through all the work to build huge tables, seems like a pretty fun concept.
The fact that such a beast could be released to the public is a good thing, even if you didn't like what the front end (Ryzom) was; the backend is what's important here. It's like the Unreal engine - there's a lot of games using it. Some of them suck, some of them are pretty good, but the content, and the engine to support the content, are two separate things. Yes, the bad (in the opinion of some people) content comes with it, but so does the engine that will let people drive whatever content they want.
-
Link to Magica Trevor flash
If you are going to post offtopic-funny, the least you could do is post a link. Use earphones if you are in the office.
Mod parent -1 Offtopic +2 funny. -
Re:Micropayments
You're right that the idea is pretty much the same as adopting some sort of micropayment or tax system on e-mail in order to combat spam. And yes, as with e-mail, there are obvious technical problems to be solved in order to implement micropayments.
However, I think you've really missed the point, which is that IRC server operators ought to consider micropayments as a means of reducing or eliminating the use of bots, while at the same time not detering actual people from chatting.
People often run bots, or whole swarms of bots, 24/7. Bots are not inherently bad and can often be used to advantage by the forces of Light and Goodness. But they can also generate an awful lot of traffic and make for dull chatting, particularly when one person runs many bots.
If you charge someone something on the order of 0.1 cents per message that they send via IRC, they likely won't mind the couple or three bucks that they spend in a month on IRC. People running multiple bots constantly, however, would presumably pay much more. The operator might be willing to waive fees less than a certain amount since those accounts are more likely real people. The operator probably won't implement micropayments to generate income; the idea is to charge a fee in order to discourage an unwanted behavior, and so the operator will have acheived his goal if in fact the micropayment system doesn't generate a lot of fees.
Like you, I too was active in the BBS scene in my youth, and I recall that many BBS operators started charging for access to downloads in one way or another. Some charged an actual fee, while others implemented download limits or required a certain upload:download ratio. Most operators that I know did this not to make money or even to get more files, but to discourage people from tying up the phone lines downloading all night and to encourage people to join their chat boards and become part of their little piece of the BBS community. -
it's not about the protocol
I don't think that hosting companies necessarily care about the IRC protocol itself, but more with the problems that come along with hosting a service known for attracting the worst kind of attention while sucking up tremendous amounts of bandwidth.
The
technical requirements for running an Undernet.org server explain it pretty clearly. 5 Mbps of legit traffic, plus becoming a target for massive DDOS attacks? Why would a hosting company want that kind of service in their netblock?
Yea, sure, other IRC networks aren't nearly as high-profile, but this is the reputation that IRC has gotten, along with being a haven for copyright violation.
If you want to run an IRC server, then get your own dedicated net connection from a backbone provider and you can host whatever (legal) service you want. -
Re:putty
If you ever used IRC, you should have noticed too that you get a nice portscan, for the same reason: too much abuse from public proxies. You ring my bell, we ring yours...
Also, SPAM-relay checkers do public port scans.
Not even talking about the open-proxy scanners that just scan at random for breakable hosts. Or did you never get any port 135-137 connects?
Also in a public library, even if it is public you did signed a paper, stating who you are and that you will return the books and will be honest and then you can take the books, on the internet that isn't the case, so many places protect themselves from evildoers that way. -
Finland, for pony trekking and teaIt's not true that we'd get less sunlight here in Finland; our sunlight is simply unevenly distributed. Our winter nights are long and dark, our summer nights short and sweet. Up North, we get the midnight sun and literally no nights for months on end.
However, our population is sparse and I believe distance plays heavily into this pattern. Finland has roughly equivalent land mass compared to England, and carries only a tenth of the population. That's a lot of forest.
In a high-tech country, separated far from your friends, using a computer for company and communication becomes a lot more attractive. We are to blame for IRC, Linux and Nokia, how's that for a pattern?
The links are all appropriately chat-related...
Jouni
-
AOL & IRC
Incidently, AOL actually runs a few irc servers. 2 of them are on Undernet. Maybe AOL shouldn't be the example. They used to have servers linked to all of the larger networks (except IRCnet afaik), but the old admin neglected them and only the Undernet servers remain.
-
Re:Steve Gibson - help!People do maintain ircd. See the various recent vintages from:
As far as I know, IRCnet is the only major network that uses an ancient ircd, and I assume even that one gets updates occasionally. I don't know Hybrid's homepage offhand (that's EFnet's ircd), but I assume it also has some active development. -
Heh.. you call that a load average..
I used to write code for Undernet. We deployed a new services bot earlier this year. The initial trials of it were none too sucessful. We had a database server, and a physically separtate web front end running PHP.
Because the people who wrote the initial code did not make it scale very well.. when it went live with 80,000 people trying to use it, the poor boxes croaked.
The webserver hit a LA of 117 and the DB server got to 145. There are no decimal places in those numbers people ;) -
Er, what?
What is going on here?
What do they need to meet for? that's what IRC is for.
If everything is so open source, the developers should put all their discussion online, in newsgroups, and in mailing lists, rather than having undocumented and unaccountable conferences in places over half of the free software developers can't afford to visit.
I would think that companies and developers would rather let the sunshine in on all their deliberations, than be accused of congregating in a smoke-filled room.
-perdida
-
Re:Undernet's had it coming.
But only undernet had audacity of putting in an O flag to track if someone
/whois'd and Oper... for the purpose of G-lining them.A quick glance of the Undernet ircd source (avaiable at the Undernet coder committee site) doesn't show any special flags or other state being set on the client record when the client does a
/whois on an oper. Could you provide a citation if I'm mistaken?So let's kill the little twerp involved, and not give any sympathy where it's NOT due.
Some Undernet officials have serious issues. The #zt help channel bans you if you have the audacity to help people, for example. But even if these attacks are directed at those assholes, other groups (#978) are suffering collateral damage.
-
Undernet remembers Espy
Espy was a friend of many on the Undernet network, including myself. We have added an in memorium notice to one of our more frequently visited homepages for him.
Rest in peace Espy. -
Me? Quiet? HA!Ok, normally I'll sit back and watch the interviews, maybe ask a question if I have an interest in what is being discussed. Also, let me take the time to say that I am a longtime reader of Slashdot, and it is easily my favorite website on the internet.
But John Vranesevich?
He is arguably the most despised figure in the h(cr)acker community, with Carolyn Meinel neck and neck. Both of them follow the same ideals and public image. What's that? Being a FAKE. Vranesevich has shown many many times that he has absolutely no clue about real computer security, and has been proven beyond a reasonable doubt in my mind that he goes to disgusting lengths to get a story, i.e.: "Hey, here's some cash. Hack that site, and let me cover it." (Attrition's site has remarkable backing for this theory.)
What's more, Vranesevich absolutely cannot stand being criticized. Any site which puts up content that criticizes, parodies, or shows Vranesevich to be a fraud, he throws a fit, cries, and threatens legal action. Attrition, Innerpulse, PacketStorm all have received threats. (At one point, Slashdot ran a less-than-flattering story about him, and I E-Mailed CmdrTaco letting him know that he quite possibly might get possible legal action from JP. (Nothing happened, but everyone knew it could have.)
You may be wondering how I know all of this. Well, a long long time ago, JP was an operator in a very large IRC channel on undernet. I happened to be an op too. The difference is, I still am. He knows I know him, as does everyone in the channel. We knew him when he was a small time loser. He's still a loser, but now just big-time.
Which is why I'm puzzled, amazed, and quite frankly disappointed that Slashdot chose him for an interview. He's not at all insightful, and can't offer any kind of intelligence to this forum.
-- Give him Head? Be a Beacon?