Slashdot Mirror
Geek Flavor
snowphoton told us to check out http://www.geekflavor.com. "It seems to be an 'open source' Web site, in that people are allowed to ftp anything they want to the site, or use ssh to modify the contents." I took a quick look at this, and it looks like a really cool net experiment. The word 'geek' is getting kind of over-used (CT:KIND of overused! Sheesh), but this seems like a lot of fun, and a nifty way to waste time when you should really be working.
Cell phones ring, pagers beep and people hold converstations at normal speaking tones on their cellphones.
Vermifax
Vermifax
Logout
Deep voice: "Good evening Mr. Gates, today... I will be your server."
:)
On another level, "The hedgehog's dilemma" is another condition that impairs human contact. 2 hedgehogs try to approach each other, and the closer they get, the more they hurt each other. So they stay far away from others for fear of getting hurt, sound familiar?
i was the first one to find that page(and change it), before it was /.'ed. I still have an exact replica if anyone wants it. and check out www.cyberia200o.org My hits were crazy for the time the site survived. -cyberia
The index.html was already replaced by Tux. Anyone knows the password so we can fight over the site?
Let take it back from script kiddies!!!
I didn't use the preview button, so get over it!!!!
Mike
Yet another example of how bad the moderation system works. Some idiot rated this "Overrated" when it wan't even rated... Taco, you should fix this. If a post hasn't been mod:ed it shouldn't be possible to mod it over/under-rated.
Thank you.
//Frisco
--
"No se rinde el gallo rojo, sólo cuando ya está muerto."
$HOME is where the
-- silver_p
Says quite a lot, unfortunately, about your average Slashdotter. :(
Open Source. Closed Minds. We are Slashdot.
Well at least document the experiment in its entirety. What went wrong? What went right? I'd say giving anyone ssh access to anything is bad news (local exploits vs. remote exploits). In fact, i can't really think of a way you could allow people to execute code without opening huge security risk. Maybe give everyone a virtual server?
[feel free to add anything below this line, such as links to uploaded pages, etc.]
Am I the first to modify this? -Sean
Hey, look at me, I'm famous (-:
I figured the index.html file was uneditable because nobody else had modded it yet, and it turns out that I'm not a lame first poster. And I didn't even think of it that way (-:
There is a color picture of Tux up on the site right now, but it is made up of colored text. Does anyone know of the program used to generate a picture like this?
This didnt occurr to me before but it makes sense
What a way to go, virtually ensuring the isps box gets rootkitted...
...in ASCII, yet. And it's still there. Not bad...
:)
Now, $5 to the first person who figures out what program's sourcecode was used for the text
-- Sig, 120 chars --
Your friendly neighborhood mIRC scripter.
if (ismoderator(reader)) hidecomment(this);
* Q
P.S. If you don't get this note, let me know and I'll write you another.
Stupid me... it's part of Linux sourcecode :)
-- Sig, 120 chars --
Your friendly neighborhood mIRC scripter.
if (ismoderator(reader)) hidecomment(this);
* Q
P.S. If you don't get this note, let me know and I'll write you another.
You don't. It comes from Rabelais. But he wasn't
using it the way that Crowley was.
Not that it matters much.
dude.. i just added 3 pages that will call itselves.. loop till u drop hehehe >:P. metababy is now uneditable hehe :).
I have something to say about all this:
If you're going to open a server to the world, at least use your own server.
A little bit of research revealed that this server probably belongs to an ISP and and snowphoton (who submitted the URL to /. in the first place and who is also the administrative, technical, and billing contact for geekflavor.com) is not likely to be in a position of authority at that ISP. Therefore, he/she/it should not have opened the server to us.
How do I know that the server is most likely owned by an ISP? Because it is hosting sites for multiple domains. www.messagerieradidex.com is at the same IP address as www.geekflavor.com.
How do I know that snowphoton is not somebody at the ISP that would be allowed to do whatever he/she/it wants? The ISP in question (WebHosting.com) is in Toronto, ON, CA. Snowphoton is in Mesa, AZ, US. That's a long commute.
Now, even is snowphoton happens to own WebHosting.com, he/she/it should never be so reckless with a server that hosts multiple customers' sites.
How about a system where you upload your page and it gets voted for/against like on kiro5hin ? I think that would be an interesting site.
I'm specifically worrying about Signal:Noise ratios and illegal content...
Small potatoes make the steak look bigger.
I click on the link to this Geekflavor. I'm greated with a 321k index page, which being all text I *can't* avoid loading -- and it's just an image as text (and that's ALL I get, no links or info or anything). Gee, I guess someone is used to having a T1 line to their desk and is more interested in how clever they look than in how useful the site is to us poor modem-bound types from the wrong side of the net. (Of necessity, I live miles from the nearest DSL or cable access.)
~REZ~ #43301. Who'd fake being me anyway?
Nice idea, but I don't think they'll survive for long. Even if the content system works, giving out what is essentially a free shell account will certainly kill em. (mind you, while it lasts it's a nice shell to have, ('SunOS vux2 5.7 Generic_106541-10 sun4u sparc SUNW,Ultra-250' in case anyone wondered :-) ). But at least the pw can't be changed with a simple 'passwd' :-). Still, there are 1001 methods to fsck up the account for others...
I don't know what a Hotline server is. From his description, he was running the server in his own home as part of his graphic-artist web business.
Simply place all html files in the /htdocs directory, and cgi scripts in the /cgi-bin directory.
What is somebody wants to put a 'format c:' script in there or something else very malicious. What's then?
http://dtum.livejournal.com
Actually, I want to know what program they used to *generate* it... :)
:), but my program tends to use two characters/image pixel, just to keep things looking square, and I make sure to use PRE blocks to keep it aligned.
;)
I wrote something similar in C (that interfaces with convert; I didn't write any *real* image code if you're wondering
A later version attempted to do sub-pixel anti-aliasing, and optimizing for size by ignoring close colors, but it wasn't incredibly successful. Also, I could probably rewrite the whole thing in Perl now, and it'd be tiny. (and then backport it to C again if I need the speed.
---
pb Reply or e-mail; don't vaguely moderate.
pb Reply or e-mail; don't vaguely moderate.
...and now i have a giant Tux Penguin.
The problem is not wether we can sit by each other in a theater... we have to look at each other then. The problem comes from the fact that on the internet ppl have little remorse for defacing websites because they ppl they live around have no clue what they did... no social punsihment.
I have only one noting (since i dont have SSH right now.. I cannot log in and have a look)
..
...
I love the idea of content management going free for all... but considering that we are in a society where freedom does not necessarily lead to productive activities.. how will someone like geekflav keep the sanity of the site
I mean you wouldnt want someone to change links to point to useless (read porno, other undesirable ) links
Does anyone have a clue ?
-/r
- ramas opines !!
This is a very cool idea but I wonder how long it will work. Although there are a lot of people that will play with it I am sure there will be some people that will wax the whole site over and over again. I guess I just dont have that much faith in people.
"If ignorance is bliss, why aren't there more happy people in the world?"
For a more open freeforall on the web, try playing around with a wiki:
http://www.joyful.com/zwiki/or the original:
http://c2.com/cgi/wiki
nosig
OK, How's about some content?, please look at http://www.shellscript.org, Anon FTP, BBS, Tech news, editorials, activism, columns, environmentalism and so-on.
I killed da wabbit -Elmer Fudd
Its a virtual hosted domain. Hosted by www.webhosting.com. They locked the account, why they are still allowing the domain i wouldnt know why. I hadn't seen anyone mention this yet. I dont believe script kiddies broke the account. Root locked them out. Amazing what you can learn by doing a reverse lookup. I don't belive in sigs.
Well, a start would be making index.html read only (and not owned by the public account). If you protected that, and provided links from there to pages that could be modified, or perhaps provided a way to register new content through a script that would add a link to it, it might be a *little* more stable. The bottom line, though, is that every community has lame losers who get their rocks off by fscking sh*t up for others, and there is nothing we can do put protect ourselves from them and hope they find someone else to bug.
Is the server still up and accepting connections? I'm getting denied on ssh and on the ftp. The ftp says something like "531 Can't set guest privledges" and denies access if I try user: geekflav, pass: dnzvmsii, which I got from another user's post in this forum. I get denied on ssh with that user/pass too.
-kidlinux.
However, I was going to do it on my own machine, the second one which I have and which is pretty open to potential destruction.
The idea, however, was not to 'open source' it. I'd read a long time ago (back in '92, probably in the book 'Hackers') that rms fundamentally opposed the idea of introducing passwords into the MIT AI lab. I knew that doing this under the current circumstances would result in major destruction (it's always easier to tear down than to construct), but I wanted to see what would happen anyways. I wanted to see what would _eventually_ come about. It _is_ a great experiment. The box will be trashed initially, but what would happen _eventually_? Would the constructors get in eventually and build-up the necessary walls against the destructors? Would the forces of light prevail? A communal space on the Net?
It'll be another 2 months before I'll be back in Toronto. I do hope that someone else wil give this a try in the mean time.
No. There exists a solution! The basic idea is to give the people who want to use it the means to observe what others are doing and to secure the system against abuse.
In fact, that is exactly what people did in the ``good old days'' in the AI lab before ``strict security'' was built into systems as a standard.
In a lecture about the history of GNU, RMS even complains about the use of passwords and "strict security". He writes about people damaging the system by accident and about outsiders using MITs computers:
On ITS [the old, anarchist Incompatible Timesharing System -- Yaakov] we evolved other means of discouraging people from doing those things by accident, but on Twenex [the new "secure" system -- Yaakov] you didn't have them because they assumed that there was going to be be strict security in effect and only the bosses were going to have the power to do them. So they didn't put in any other mechanism to make it hard to do by accident.
Maybe we can reconstruct some of the features that the AI lab used to secure ``tourism''? Maybe we can develop new mechanisms?
Of course, nowadays the job is harder than it was. Now, more people have just bad intentions and the ability to act anonymously and fast. Worse, the ``save tourism'' features haven't been developed for a long time.
Here are some suggestions how ``save tourism'' could be revived.
The following features would give a responsible person an advantage over intruders: First, allow spying what others do and save logs on another server where they can be read but not destroyed.
Second, create alerts and delays when important files are changed: Say, the changes take effect only after ten minutes during which observers have the right to veto the change. Once one person vetos another one, a trusted person can override the veto if it is not a matter of an attack.
This policy would not stop legitimate users from working with and improving the system. But an attacker would be noticed before he can take over control.
A third feature would be to back-up data on a safe account (which just serves the files) so that an original state can be rebuilt quickly after an attack.
One way to combine these features would be to request users to keep their sources and configurations on another (their own) WWW server. 10 Minutes after they notify the free system about changes, the changes are downloaded and installed. Checksums of the installation are stored safely so that the same files can be re-installed without delay when the user wants to roll back.
Finally, we would need some distributed system of trust such that a person can loose his reputation by attacking the system or recommending attackers to be trusted. Here, the PGP trust system springs to mind.
Any more ideas?
Yaakov
hotline server is a program similar to an ftp client and server.
you can get more information on hotline at http://www.hotlinesw.com or http://www.bigredh.com
used primarily for pirating. created by a teenage australian, but then he got in a shady deal with a canadian co. (that now owns the product) and there was a huge legal battle, rumors of his sister being kidnapped, and the original programmer on the run.
Appears to be cracked, or at least broken. Front webpage has the title "hello. i own u." and an impressive piece of ascii art (Tux, made from what appears to be Linux kernel code), but no way to progress beyond that first page.
Christopher A. Bohn
cb
Oooh! What does this button do!?
err, well if it's a standalone box at his ISP (which I what I'm assuming), all they have to do is unplug it from the network and reinstall an OS or something. I would assume that any ISP worth their beans has ways to defend against damage to the rest of their network caused by a rogue box.
It would be different if it were a shared server, which can't be the case because then he wouldn't have been able to give access to everyone.
but it seems more likely to me that it's HIS box at HIS home and he's simply got a high bandwidth connection or something.
This site has sat there for a while. And then it was slashdotted. Some moron has put a huge text file of a penguin up. Great, fly the mascot and show that the Linux community is a collection of script kiddies and lamers.
Earlier the author had replaced the index.html page that they had asked not to be removed. Which has once again vanished. All that this person's experiment has proved is that the people that frequent Slashdot aren't the wonderful people they claim to be.
Get a life guys, and read the advocacy HOWTO.
yes
K]ÏMWý©±Îï$ [½5>VÎG Û 1 ر/M îåMA$ÚT
uhm, not really. I saw a 0:thoor account in /etc/passwd seconds before they pulled the plug.
Just mod apache or whatever server it is to put the login/pass at the top of every page it spits out. Let people edit whatever they want, but this will always be there. And for the love of god, don't give out SHELL ACCESS!
Learn how a CPU works before you learn to program. Seriously.
$ cat < /dev/mouse
You can FTP stuff up to the Web site? And they host it? Unless they filter out *.MP3 files (which would be wrong because it would prevent legitimate MP3 files from being hosted), they're probably going to have a lot of k1dd135 uploading MP3s of Britney Spears.
And they actually are hosting the files unlike Napster.
Refrag
I have a website. It's about Macs.
Login: geekflav
Password: dnzvmsii
FTP site: ftp.geekflavor.com
Small potatoes make the steak look bigger.
Received disconnect: Command terminated on signal 9.
Well, some people edited the page, then root came on, the webpage was taken down and now it's refusing connections on port 22 :)
/james.
This experiment just demonstrates the fact that, without rules, the people who create something will always lose to the who know how to type 'rm -rf'.
Sad, isn't it...
Now its a 404 file / not found that greets you when you try load the page :)
I don't know? Are they? The legal system has been insane with links! Look at what is happening to 2600! The same thing could happen here... Fucking america... Why are the courts so dumb about technology/
Which OTO? There are at least three at last count.
There is no way this would have been fun or cool. People just can't be trusted with any sort of anonymous forum. I mean, moderation was invented here because of the ACs, and there are still ACs posting volumes of off-topic junk.
Anything like this would require some sort of moderation or regulation. And even then, a post on /. would probably lead to someone cracking into the system. People are jerks.
sig:
sig:
See the "..for smart people" banners Wired runs here? Look elsewhere guys.
Interesting to see if the intelligence that has closed the box will at some point become enlightened enough to free it up again.
Anyone know what the following ports go to?
... is this a way for alternate access???
3138/tcp unassigned
3306/tcp unassigned
6010/tcp unassigned
6011/tcp unassigned
These ports are open on geekflavor.com, as well as the SSH/FTP/HTTP ports.. one of them (3306) actually sends stuff to you, and reports "Bad Handshake" after you type anything in
[DISCLAIMER: This post is a work of satire and should not be misconstrued as a holy text upon which to base a religion.]
This server offers a bit more: tourists can put up CGI scripts that serve dynamic content. It would be nice to see something like this securely with a wiki web...
Just ran a few scans, the PUT method is still allowed into root. Might be a way to get an index back up possibly. It's a shame the whole thing went down but the ascii art is cool!
It's made me wonder whether hooking an old p60 of mine up to the university net connection with open acess would be like. Could be an interesting research project into the psychology of 31337 hax0r script kiddies. Just a shame I'm an electronic engineer althought that does mean I can monitor the box from a hardware level so if they trash it I can still find out how.
And I suppose urinating all over the place to mark it as mine doesn't count as vandalism, but spray-painting a concrete wall with "Kra-zee's turf, stay out!" does.
I would also venture to say humans have a bit more tendency to *create* things that are useful to everyone.
Let me know when the dogs finally settle on a routing protocol to get howls from Dallas to Tibet.
Slashdot's name is a killing word!
saaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaLASHDOT!
"Reactionaries must be deprived of the right to voice their opinions; only the people have that right." - Mao
Google has a cache of geekflavor.com/index.html. Albeit, there's nothing much to look at.
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
Even the stats page is whacked. It redirects you to some dumbass and the fag page...
"Don't create anything new and free. People will go out of their way to destroy it."
Give away a site like this for free, and it'll be rooted and destroyed. How many people do you think wanted to know the connection speed for warez hosting? or shell account trading? (or mp3s or porn, what have you..)
Redundant? Perhaps. But some days I feel Slashdot's readers are so clue-resistant as to need every little redundant post beaten into their skulls.
Do you want to create a site like this? Then don't let the Slashdot crowd see it. It'll be 'hot grits!-ed' within the hour. (I refuse to say 'hax0r', My IQ is a positive integer.)
Nice Try geekflavor. I'll give you points for trying. You just got the bad fortune to be on Slashdot, the aqua regia of free geek items.
Hardly. more of a 'root notices a lot of logins, logs in, looks around, kills the account' kind of thing.
How does the first index.html keep getting put back? IT (index.html) said that cron isn't working on this thing... so is this guy sitting there watching all these 31337 h4x0rs delete this file and retoring it? I hate script kiddies....
YouTube & Google Video -> podcast http://castcluster.blogspot.com/
Was it locked out or did someone just change the password? :)
===
> Good luck.
"Against stupidity the gods themselves contend in vain."
A discussion between some users logged in as geekflav:
...
/etc/passwd /etc/passwd... Wonder why ;)
/etc/passwd /usr/openwin/bin/xauth -q -
Broadcast Message from geekflav (pts/16) on vux2 Tue Jul 25 07:59:59...
At least you can't change the password easily
Broadcast Message from geekflav (pts/20) on vux2 Tue Jul 25 08:00:14...
Is kill -9 -1 stupid enough?
;-)
Broadcast Message from geekflav (pts/6) on vux2 Tue Jul 25 08:00:21...
well it took about 10 mins for someone to erase the index.html (spot the twit that can't read). [Mike]
Message from geekflav on vux2 (pts/21) [ Tue Jul 25 08:00:21 ]
Broadcast Message from geekflav (pts/13) on vux2 Tue Jul 25 08:00:53...
This takes me back 10 years!
Broadcast Message from geekflav (pts/4) on vux2 Tue Jul 25 08:01:03...
And I was watching top hoping to see some major slashdotting.. har when there's no page
Broadcast Message from geekflav (pts/26) on vux2 Tue Jul 25 08:01:08...
will you lot shut the fuck up!
Broadcast Message from geekflav (pts/13) on vux2 Tue Jul 25 08:01:22...
Nah!
Broadcast Message from ??? (pts/4) on vux2 Tue Jul 25 08:01:40...
root pts/18 7:57am vi
oops
Broadcast Message from ??? (pts/7) on vux2 Tue Jul 25 08:01:44...
Hmm, root is editing
Received disconnect: Command terminated on signal 9.
And here is some w(1) output:
8:01am up 19 day(s), 3:38, 28 users, load average: 1.27, 1.25, 0.90
User tty login@ idle JCPU PCPU what
amzmusic pts/1 10:21pm 9:26 -csh
geekflav pts/3 7:47am 1 2 -tcsh
geekflav pts/4 7:49am 16 w
geekflav pts/5 7:50am 10 -tcsh
geekflav pts/6 7:54am 1 -tcsh
geekflav pts/7 7:51am 1:06 -tcsh
geekflav pts/8 7:51am 1 2 -tcsh
geekflav pts/9 7:54am 3 more index.html
geekflav pts/10 7:53am 3 -tcsh
geekflav pts/11 7:53am 1 bash
geekflav pts/12 8:00am 1 -tcsh
geekflav pts/13 7:55am 1 wall
geekflav pts/14 7:56am -tcsh
geekflav pts/15 7:56am 2 1 -tcsh
geekflav pts/16 7:56am -tcsh
geekflav pts/17 8:00am vi index.html
root pts/18 7:57am vi
geekflav pts/19 7:57am 1 ftp ftp.bitchx.com
geekflav pts/21 7:58am 1 -tcsh
geekflav pts/20 7:58am -tcsh
geekflav pts/22 7:58am 2 -tcsh
geekflav pts/23 7:58am -tcsh
geekflav pts/24 7:59am -tcsh
geekflav pts/25 7:59am 1 -tcsh
geekflav pts/26 7:59am -tcsh
geekflav pts/27 7:59am vi index.html
geekflav pts/28 8:01am26days
geekflav pts/29 8:01am -tcsh
--
Niklas Nordebo | nino at sonox.com | +46-708-405095
My girlfriends calls the world that you and I want Utopia. I agree with you all the way, idiots can ruin great things without a moment's notice.
Humans CAN'T get along, people are impaired from helping each other, one would rather kill his friend to get the big bag of money than save his friend and get a lesser bag. I came across a site yesterday that talks about The Prisoner's Dilemma - very intresting reading about human nature. This Geekflavor incident is a clear demonstration of this, script kiddiots and e-tards working together to blast "A Good Thing"(tm) clear out of the water.
Well, on the other hand, it did come out on Slashdot...
All browsers' default homepage should read: Don't Panic...
That's solved easily: any file uploaded becomes read-only.
Now, as far as deleting/editing content you've sent... Can you make a script that allows deleting of files uploaded ONLY if the IP/IP range matches between the uploaded file and the delete request?
Or, of course, you can have registered users each with their own folder. Then again, that's Geocities (or Tripod, etc.).
Bottom line, this doesn't work, and we've been proved right. Anyone else have some suggestions so this DOES work? There has to be some point in-between full/root access and Slashdot moderation/separate accounts where this can work. I'm curious to see if this, eventually, can work.
Small potatoes make the steak look bigger.
if slashdot ever gets wind of your new site it's probably screwed too, but that notwithstanding... 1) Run Apache 2) Use SSI 3) Make sure that the main index page is owned by a separated account from the one you hand out 4) Make sure that the account you hand out can't chown the index page 5) Set up a separate file that can be modified/deleted by whomever, and that in the index page 6) Set up a process to replicate the entire directory structure (preferably to a new location) every x minutes, this way you have a history of a living document. Wait 6 months and document the results. The truth is it'll never be truely protected, but you could take some really basic steps to keep your head above the storm, so to speak... Cheers! -Gentry
From the offical policy of webhosting.com:
System and Network Security
Violations of system or network security are prohibited, and may result in criminal and civil liability. Examples include, but are not limited to the following: Unauthorized access, use, probe, or scan of a systems security or authentication measures, data or traffic. Interference with service to any user, host or network including, without limitation, mail bombing, flooding, deliberate attempts to overload a system and broadcast attacks. Forging of any TCP-IP packet header or any part of the header information in an email or a newsgroup posting.
It is a violation for anyone who, including but not limited to, employs posts or programs which consume excessive CPU time or storage space, permits the use of mail services, mail forwarding capabilities, POP accounts, or auto responders other than for their own account; or resale of access to CGI scripts installed on our servers.
The person who created this project even how noble it was simply didn't think everything through when setting the site up. Hopefully he will learn from this experience and create a better service
I will admit that I didn't exactly idiot-proof the project. I was hoping that by giving complete control to everyone, something truly interesting might develop, but I failed to take into account the power of a single ignorant admin.
People have always used technology for destructive purposes -- the thrill of anonymity is intoxicating, and people often lose sight of their everyday code of conduct. Once little Timmy Smith because |)Ar|I never expected this project to amount to much. I just had some webspace and a domain, and decided to give it a shot. I think, though, that perhaps this experiment deserves another chance, although with a better plan on my part.
If anyone out there has some suggestions on how this "Open Source" website experiment could work better, please contact me at ibn_qalb@arabia.com (not my usual address, if you were wondering). I'd love to have some help in creating a new, sturdier site that would actually be built to handle something like this.
Thanks everyone! It was fun while it lasted - Keep an eye out for the Alpha release!
I bet the sys admin are not happy. I would think this could be a great security risk for them. A better way to do something like this would be in a controlled enviroment like a Wiki. go to http://minnow.cc.gatech.edu/squeak/ to see what I mean. I think it is great but I don't know
-- Tyler >+++++++[-]++++.---------.+.++++.++.
So come on, link to http://www.microsoft.com already......
--- http://foo.ca
Here is info from known ports list on IANA.org
mysql 3306/tcp MySQL
mysql 3306/udp MySQL
x11 6000-6063/tcp X Window System
x11 6000-6063/udp X Window System
There was a posting by a guy over on Kuro5hin who had set up an open file area for his web users to put their files so that they could be accessed anywhere in the world. Unfortunately he set it up so that anyone could acess anyone else's files. People put copyrighted programs and fonts there, and apparently people were downloading them. The vendors complained and the FBI came and seized his computers and the U.S. attorney was considering prosecuting him. He may or may not have been in the right, but he faces some heavy legal bills nevertheless.
Does anyone know what tool was used to make this art?
That's about all I got outta the site.
Not Found
The requested URL / was not found on this server.
Wow. I tell you, these newfangled websites just keep getting better! I've never seen anything quite so technically advanced before! Concise, interesting information at your fingertips!
More power to the geeks at geekflavor! Hurray!
To the editors: your English is as bad as your Perl. Please go back to grade school.
I was about to install Ultimate Bulletin Board on there! Whoever took it down is the ultimate definition of loser.
1 M A KEWL HAXOR. I TOOK DOWN THIS SITE WITH MICRO$OFT TELNET! THE ULTIMATE IN HAXORING DOOD! PHEAR ME!
Don't know if you remember the Obscene Dilbert Cartoons - diblert cartoons with the text ballons replaced. There was a disclaimer on the page that said 'Please, don't post this to slashdot or anything'... and, of course, it gets posted to
When I read the article this morning, the first thing that popped into my mind was wiki as well. I didn't get a chance to see this "geekflavor" (really, what an idiotic name) site, but I'd wager it really wasn't anything to write home about. When it comes down to it, nothing even comes close to wiki.
I would not be surprised if his Sun box could not handle all the /. pressure. Oh, you guys! It was an opportunity to take it slowly, tenderly. It could be the new something... vandals! :)
http://dtum.livejournal.com
Well, After the site was "r0x0r" it did go back to the normal index site... then in the time it took me to download ssh and install it.. the username and password are now invalid.
Login: geekflav
Password: dnzvmsii
FTP site: ftp.geekflavor.com
This was posted on the Index before it got erased (again?) Well it is a good idea, but there are too many people who would rather destroy it then create anything decent.
There is no
... it's those damn script kiddiots...
Give an e-tard a shell account on a public system so he can build an empire and the first thing the e-tard will do is upload a rootkit - he probably doesn't even KNOW how to upload the kit, he'll probably run some script to set the system up and go around giving sh0uts that he's so 31337 or even better, he's 1337...
All browsers' default homepage should read: Don't Panic...
Ward Cunningham designed the first such web site of which I am aware (called a Wiki, or a Wiki-Wiki) several years ago. Co-webs have been in use for quite some time, though they tend to be somewhat more sophisticated than a mere place to dump ftp -- usually providing editors and "smart" pre-parsers to facilitate collaboration by newbies.'
See, e.g., this swiki page.
Despite the skepticism, these things work very well and are rarely the subject of abuse. A sandbox is provided for people who just want to play, and folks are generally quite courteous as a matter of practice. We use one for the Squeak Smalltalk open source community, which you can access from the main (traditional) web site page for Squeak.. The Swiki is one of the primary repositories of information for the Squeak community.
We have found cowebs an excellent vehicle for collaboratively creating documentation for open source projects that have run too long without doco support.. While it is not a great place to build final documents, it is a great place to gather information, and over time mold into the same.
This probably would have been fun and cool--if it hadn't been posted on Slashdot. Face it, Taco, your project now has a lot of intertia--you can't tiptoe delicately into something anymore. Once you mention it, it is toast.
How many times have we seen things like this on cool websites posted to Slashdot: "Well, we got mentioned on Slashdot. Sorry I have to take this down, but my bandwidth can't handle it." Pretty soon people are going to start thinking twice before even creating sites like this. Slashdot will be "stifling innovation".
--
Give us our karma back! Punish Karma Whores through meta-mod!
Linux MAPI Server!
http://www.openone.com/software/MailOne/
(Exchange Migration HOWTO coming soon)
Somebody just fscked it up:
"r0x0r" - that's the content of the index page.
Good luck.
http://dtum.livejournal.com
Sure, but that'll be after you let me know that they've developed enough neuroses and self-importance to think that they need to do so in the first place.
My
I dutifully clicked on the link, and what did I see? "Hot Grits Rule".
-josh
The admin of Geekflavor posted something as AC, so it's score 0. Please find it and mod it up. ZP
Got Rhinos?
great "hot grits rule" I'm impressed... If this is the new internet I want to get off :)
YouTube & Google Video -> podcast http://castcluster.blogspot.com/
Surely you don't mean to say that the thousands of wildebeests moving in a pack across africa all know each other like close buddies?
I did say "mostly"; very few things are absolute. Many herd and pack animals do "know" who is in their herd and who is not. I'll bet if you took a few wildebeest from a few different herds and put them together, they'd be very uncomfortable and restless, even if you showed them a good movie.
Nobody else knows the login/password to the website. I wonder if /. is going to put up some mirrors of this web site with full access as well? :)
http://dtum.livejournal.com
Strong data typing is for those with weak minds.
Strong data typing is for those with weak minds.
This idea has been implemented for awhile in a more elegant fashion via WikiWikiWebs. To see how they work, check out The Portland Pattern Repository
To set up one yourself, I recommend checking out phpwiki.
ask your neighbours across the atlantic
:wq
1 word. fork().
--------- CUT HERE --------
int main()
{
while(1);
{
{
fork()
}
}
-------- UNCUT HERE ------
...and I hope this ain't it. As evidenced by the number of posts as I write this (9) this article hasn't been up more than a few minutes and already someone's been clever enough to disable it. Props to your mad skillz, d00d...
Not that I in any way agree with web page defacements, but at least I can understand how taking down or modifying a secured web page that a lot of people will see has a certain publicity stunt appeal to it - defacing Seti@Home and putting your h4x0r nick on it is kind of like spraypainting your name atop the world's biggest water tower. But what does it say about human nature when the very first thing people want to do to a supposed community collaboration project is to anonymously make it unavailable to everyone else?
Here I am, always an advocate of privacy and anonymity, and yet when I see people do stuff like this it makes me want to rethink all of those positions. On the one hand I'm cynical enough to think a whole lot of people would want to nuke a site like this; on the other hand even after I've had my coffee and am no longer quite so misanthropic I realize that with total anonymity even a single idiot can ruin a lot of other people's day with total impunity.
Makes ya think...
THE STORY
A while ago, I had a great website called Geekflavor, which had daily-updated geek news. It ran on perl, and recreated itself every few minutes to get the latest headlines from other sites. I tried different hosting services, however, but none of them (this one included) were very perl-friendly. So I gave up, and never got around to finding another one. Maybe one day, when I have more time....
SO WHAT?
So -- I have decided to Open Source this website! I am giving away the password and making it a free-for-all. As long as it's nothing illegal or pornographic, you can upload whatever you like. The site has got good bandwidth, so that's not a problem. All I ask is that you leave this page (index.html) intact, with the exception of adding links to additional pages (which you can do with a text editor).
HOW DO I PLAY?
Login: geekflav
Password: dnzvmsii
FTP site: ftp.geekflavor.com
Simply place all html files in the /htdocs directory, and cgi scripts in the /cgi-bin directory. Perl seems to work well, it's just that my site relied on crontab, which was disabled by the admins.
Shell access is also available, but you have to use SSH software (i.e., you can't just telnet to Geekflavor.com). Try PenguiNet -- It's my client of choice. This is useful for editing existing files (such as adding links from this page to other pages), and tweaking scripts.
RULES
Since it's a free-for-all, nothing is really sacred. Anyone can modify anything that has been uploaded by anyone else. This is meant to be creative and productive, however, rather than destructive. I hope that this site will grow and evolve in an interesting way, rather than simply serving as a giant spamwad. Also, I ask that you leave this text intact for the benefit of others.
Have fun!
[feel free to add anything below this line, such as links to uploaded pages, etc.]
Am I the first to modify this? -Sean
Before it becomes too much of a free for all -Mike
Hot grits rule - Andy
www.cyberia200o.org : cyberia : sub-dir on www.geekflavor.com
...ummm
The user 'we' would log in as likely dosnt have permission to do such a thing. Nor would the 'user' executing the CGI. The ability for 'anyone logged' in to wreak such havoc is the reason certain other OSs are unstable and not secure. Look into it - you may find yourself liberated.
Seems like a total waste of time and resources to me...
Where the value of X-Mailer: is the true measure of a man...
No response or whatsoever anymore. The box is still there but no ssh/http anymore :(.
:) )
It is sad that if people get something for free,
they immediately start abusing it.
(what would happen if micro$oft started to give their os away? the world would explode and only *nix and *bsd would reside, talking about Utopia
- In Memoriam: Jeroen de Bruin (1972-2004), bye bro
MetaBaby has the same thing: pages which are modifiable or creatable by just about anyone.
It was nominated for a Webby Award last year for best personal site. Slashdot was nominated (and won People's Choice) for Community.
-- BlueCalx | http://nickd.org/
to tell ya the truth, I was thinking of doing something until I found that it seems to be unreachable now
luckman
luckman
I don't involve myself with flames, much less know how to bait one.
I think this is a very interesting experiment in how much freedom you can give people. Everybody would like to be part of a collective (like this site) where the structure is completely bottom-up and decentralized and everybody has a say, in fact a major say, in everything. Unfortunately, this doesn't seem to work too well. There will always be the people who for one reason or another would like to mess it up, and because of the lack of structure, can and will do so.
I guess the reason I'm bringing this up is because this whole concept, the struggle between structure and freedom seems to come up again and again in the computer world. Should software design be centralized or Open Source? Should the Internet have laws? Who decides the structure of the Internet/should there be a structure? It seems to me that any system that has no organization or constraints (like this site) will fail. It seems pretty much inevitable that there will always be the few (or sometimes the majority) who will mess up the spirit and the workings of the project because of spite, carelessness, or greed. That's why although institutions like ICANN need major changes, they are still damn important. Let's not forget that the Internet *does* have structure, and it is this structure (some centralization of naming, routing, etc) that has allowed it to grow to the amazing extent that it has.
How can I FTP a 'u' into Flavor ?
Maybe you live in interesting times
unless this guy actually owns the box.
http://windows.scares.us
Ok, OK the concept isn't great...and there will lots of abuse and fuckups...but it's fun right!! I just couldn't resist putting up a link to one of my favourite projects... the /. effect lasts a day ....let's see what happens afterwards... This guy has guts :)) Fuzzball
Stop the reboot, do the kangaroot http://www.kangaroot.net - Your one-stop European Linux Shop
...but this isn't some new community site or grand experiment. The guy's just sticking it to his ISP for not delivering the services he needs on his way out. Slashdot-scale havoc until his credit for this billing period runs out, or they terminate the account.
:)
That said, I'd love to see the looks on the faces of the admins right about now, assuming they don't read slashdot.
---
Where can the word be found, where can the word resound? Not here, there is not enough silence.
"Where shall the word be found, where will the word resound? Not here, there is not enough silence." -T.S. Eliot
Sounds like what www.pagein.com was trying to do.
Just because you're floating doesn't mean you haven't drowned. - They Might Be Giants, Dark and Metric
Considering that it appears someone crashed it, perhaps letting people ssh in wasn't such a great idea. :)
I also doubt this will work. I've tried something similar myself once, where I made a script allowing people to use my webspace as a sort of BBS system, leaving files and messages for others. I quickly found the need to moderate far greater than was my intention. People just start abusing this much too quickly.
:)
In this case giving away Your account info is just plain dumb. With several hundreds if people uploading whatever they want, giving away the addy for friends, or linking or whatever, and the next guy deleting the files, overwriting them or something else. Nah... This will never work....
Even geeks will goof it...
--- To err is human... Am I more human than most ?
If you liken this website to the CVS repository of a project...bad things will happen to your source if you allow random visitors to change or delete files.
Is this an attempt to dilute the meaning of Open Source? Is this "Open Source" in the Al Gore sense? I think many of us consider the only requirement of an Open Source website to be making the source available (View Source) and accepting and implementing suggestions from the public.
--Michael Spencer Jr.
spam@mspencer.net
There was a story on kuro5hin about someone who run a website with open file access, and his computers have just been seized by the FBI after some companies complained about illegal stuff that was uploaded. This sounds all too similar.
---
Jon E. Erikson
Jon Erikson, IT guru
hmmm.
I am guessing this webhost will be extremely angry at this for having their machine broken into (by some accounts people who sshed in got root, yes?) and possibly try to burn him for violating their terms if they included anything to cover this.
I am not sure if he did it intentionally, but if you were some guy who was mad at you host cause they didn't let you use cron, what better way to get back at them than just running a shell account guaranteed to attract crackers and script kiddies?
So, basically I don't feel sorry for this guy at all. He didn't have any important files he lost or anything, but the workers at his webhost are now going to have to clean up a box because some jackass gave shell access to the readership of slashdot. I would imagine that would be any security team's nightmare, no matter how well they had applied all the latest security patches.
sig:
sig:
See the "..for smart people" banners Wired runs here? Look elsewhere guys.
---------
I'm the guy who did this GeekFlavor thing, and I have to say that I'm very disappointed in how it turned out. It wasn't up for very long at all before some script kiddie had to bust some 1337 moves on it.
I will admit that I didn't exactly idiot-proof the project. I was hoping that by giving complete control to everyone, something truly interesting might develop, but I failed to take into account the power of a single ignorant admin.
People have always used technology for destructive purposes -- the thrill of anonymity is intoxicating, and people often lose sight of their everyday code of conduct. Once little Timmy Smith because |)Ar|I never expected this project to amount to much. I just had some webspace and a domain, and decided to give it a shot. I think, though, that perhaps this experiment deserves another chance, although with a better plan on my part.
If anyone out there has some suggestions on how this "Open Source" website experiment could work better, please contact me at ibn_qalb@arabia.com (not my usual address, if you were wondering). I'd love to have some help in creating a new, sturdier site that would actually be built to handle something like this.
Got Rhinos?
There's also a 403 Forbidden instead of the front page. Oops, oh well, guess the l33t hax0rz got to it before most others did ... or the ISP :)
wyvern.org
--------------------
About a year ago I remember somebody posted a script for the gimp which took an image and a text file and made these images.... does anyone have it or know the link for it?
http://www.talknerdy.org
Here are the top referrers to the site. You can get all these stats by going to geekflavor.com/stats. Oh, and although ssh is apparently down, ftp is still up.
Top 23 of 35 Total Referrers
# Hits Referrer
1 954 36.82% - (Direct Request)
2 28 1.08% http://slashdot.org/article.pl
3 8 0.31% http://cgi.zdnet.com/zdpoll/savevote.html
4 7 0.27% http://linuxtoday.com/news_story.php3
5 6 0.23% http://www.nerdperfect.com/
6 5 0.19% http://slashdot.org/yro/00/05/31/1534236.shtml
7 4 0.15% http://slashdot.org/articles/00/07/21/1422251.shtm l
8 2 0.08% http://arcanum.simplenet.com/links.html
9 2 0.08% http://slashdot.org/submit.pl
10 2 0.08% http://slashdot.org/comments.pl
11 2 0.08% http://slashdot.org/interviews/00/05/23/007214.sht ml
12 2 0.08% bookmarks
13 2 0.08% http://slashdot.org/askslashdot/00/07/15/2030252.s html
14 1 0.04% http://slashdot.org/apache/00/05/22/1858206.shtml
15 1 0.04% news://news.sprint.ca/397CFD3F.5FE204BA@metallicaf an.com
16 1 0.04% http://slashdot.org/articles/00/05/17/2136258.shtm l
17 1 0.04% http://slashdot.org/index.pl
18 1 0.04% http://slashdot.org/askslashdot/00/05/09/0131249.s html
19 1 0.04% http://www.greatdomains.com/domains/details.asp
20 1 0.04% http://slashdot.org/science/00/05/04/0816244.shtml
21 1 0.04% http://slashdot.org/articles/00/07/24/1617240.shtm l
22 1 0.04% http://www.zdnet.com/gamespot/filters/
23 1 0.04% http://slashdot.org/articles/00/05/22/1345215.shtm l
www.poak.net
In the middle there. Oh well.
Got Rhinos?
I understand the point of and the lamentation in your post. However, I heard an anthropologist point out an interesting fact, how well humans do get along, better than most other species. Humans are willing to sit quietly next to total strangers in a dark movie theater or in a crowded train. Other animals are mostly not capable of this sort of feat.
How do you know they didn't know it would be posted to Slashdot? If you look at the whois record of geekflavor.com, snowphoton@MINDSPRING.COM is listed as technical and administrative contact. 'snowphoton' was the handle of the person who submitted the story.
Yeah, but Everything2 doesn't allow you to ftp whole files.
btw, why is this offtopic?
Browser? I barely know her!
They should probably make, say, the index.html read-only, and have it include some other files that people can modify, that way the actual main page wouldn't be defaced every two seconds.
Just a thought.
Unless, of course, it is a really clever FBI-operated mousetrap for poor unsuspecting script kiddies. Hmm... makes one wonder.
--
Broadcast Message from ??? (pts/7) on vux2 Tue Jul 25 08:01:44... Hmm, root is editing /etc/passwd... Wonder why ;)
I rest my case. Just read. :)
Poor guy, poor computer. Good idea though.
The host should've been called 'Slashdot Challenge'
http://dtum.livejournal.com
Somebody rooted the box. Too sad. Why did they use SunOS ? OpenBSD would have been a much better choice. (I use primarily Linux, ok ?)