Slashdot Mirror
EFnet Paralyzed By Vulnerability
An anonymous reader writes "EFnet member Fionn 'Fudge' Kelleher reported several vulnerabilities in the IRC daemons charybdis, ircd-ratbox, and other derivative IRCds. The vulnerability was subsequently used to bring down large portions of the EFnet IRC network."
By crafting a particular message, you can cause the IRC daemon to call strlen(NULL) and game over, core dumped.
1998 called and want their attack vector back.
The world's burning. Moped Jesus spotted on I50. Details at 11.
How did this happen?
This is the problem you get when your strings don't know their allocated size like in that ghastly language Pascal.
Who needs security vulnerability when you have a complete lack of services and modern IRC features?
which projects are now going to close their doors to full disclosure? this was posted on the ircd's own bug reporting systems and was publicly visible. if it were not, and only the developers and higher level users (such as the nodes of efnet or freenode) should be able to see reports of this nature, this sort of attack may not have happened and the ircd's could have been silently patched without anyone knowing.
on the other hand, if you close your doors, you obviously have something that requires hiding, drawing more attention.
what will projects do next?
portfolio
Now I can finally get that nickname I have been wanting since 1999 !!
This is a good case of bitrot here, code that had made assumptions about what the other parts of the code were doing..and fail. Brown paper bag day for me on EFnet :P
Validate your fucking inputs, you moron.
People still use IRC?
Fuck that place got stupid when the aol generation showed up. I can't imagine how bad it is now this many years later.
Er... Well... From this story. yes. yes i can. Full on 'this is why we can't have nice things' mode.
Glad i don't go there anymore.
Using error handlers, & two pointers (this goes for ANY array, & strings are just arrays of characters/array of char):
---
1.) You send two pointers into/@ the array/string buffer allocated, as follows:
2.) 2nd "double-sized" one (positionally) is ALWAYS double the size (position) of the 1st.
3.) When the 2nd "double size of the first" FAILS (& the err handler catches it, ala try-catch/try-except type constructs)?
4.) The error handler passes back the size of the 1st "half-size pointer" location, & doubling it gives you the size of the array/string!
---
* THIS COULD BE USED TO TEST THE SIZE OF THE ALLOCATED SPACE FOR THE STRING BEFORE WRITING TO IT, first!
** ONLY PROBLEM IS, original C & Pascal implementations DON'T HAVE ERROR HANDLERS like Try-Catch/Try-Except/On Error GoTo etc./et al that C++ &/or Object Pascal do!
BUT YOU CAN "RIG IT" for error handling ala -> http://blog.staila.com/?p=114
(@ least afaik - I haven't worked with THOSE languages in almost 20 yrs. & certainly not ALL implementations, more modern ones MAY... I don't even remember if there is a way of "rigging" that into them vs. structured error handling built into their compilers).
---
However - Delphi Object Pascal has this (but not sure on original pascal implementations though, been DECADES since I did Turbo Pascal for DOS even).
Then - Even C has strlen... & that could be used to check this "hole" they are having a problem with, don't ya think?
* Any takers on that? Should work, in theory @ least, on C strings & their size... because it does on arrays you don't know the length of!
Lastly?
STRAIGHT Pascal, for lack of a better expression here (not Delphi, that's Object Pascal) could be done the same since it has pointers & can do the same type of testing the string array buffer, & it too, by the by - since it has a LENGTH function that can determine the size of a string as well...
You can "bust my balls" on this one IF I am off, I didn't read the article, but... it's an idea here, that *MAY* work!
APK
P.S.=> And, there you are... & not that THIS really matters, but, ONCE YOU HAVE THAT - you can "Trim" function the string chopping off the rest of it leading or trailing: There's examples of that in C & PASCAL all over online!
(I know for a fact Delphi Object Pascal has trim/rtrim/ltrim type functions built in, and C++ has functions you can find even online for it, since I don't recall it being part of the "std. string library of functions" but it may be in diff. dialects of it though, like C++ Builder) if its blanks etc./et al...
... apk
Stop writing massive projects in languages that don't protect against this shit. It's been how many decades and people still haven't learned this.
There are dozens, if not hundreds, of languages with array bounds checking (and also garbage collection, for you shitwits who are prone to memory leaks). Lisp, Java, C# are three you can look at.
"B-b-but, MUH PERFORMANCE!". No, shut the fuck up, if you're a programmer worth your weight in salt then you'll structure your program not to make unnecessary heap allocations.
I don't even *KNOW* if this method will work on straight (original) implementations of classical C or PASCAL to be honest!
* It's been AGES since I worked with either (favoring C++ &/or Object Pascal over C & Pascal)...
Fact is - I may be COMPLETELY off, & what I am putting out, for C & PASCAL (original implementations that is, ala Bell Labs/AT&T + Kernighan & Ritchie OR Niklaus Wirth, respectively) will even work here...
(Being honest here - it's New Year's Eve, & LOL, I have been 'tipping a few' already with my neighbors, & stopped back home for more beer to bring over to their get together, & am NOT "@ my best" right now, if you know what i mean!)
LOL, gotta jet...
APK
P.S.=> Just 'putting out' / "bouncing ideas off others" here is all... I liked IRC in my day is why (Dalnet where I was an admin on their "official Windows help channel" endorsed by K. Marden Bey, creator of MIRC in fact, circa 1994-2000)...
... apk
They should change the name from EFnet to EFFYOUnet.
#DeleteChrome
blammo - you should have checked if s was null first
Unless you're using Objective-C, where the "nil" is a special object that implements all messages (that is, methods) as a no-op that returns a nil.
When the link to twitter has them posting via their twitter handle that they "anonymously" submitted the story/link on Slashdot...
It's only a link I referenced regarding error handling & how it can potentially be done in C or PASCAL (since the original Bell Labs/AT&T/Kernighan Ritchie C, &/or the original Niklaus Wirth PASCAL don't have try-catch/try-except built into them like JAVA, or Borland Object Pascal do, for example) & the IRC folks' hassle is their stuff's written in C (& I am not sure if the implementation/compiler they're using has err-handers/exception handlers, but classical C doesn't)...
* It's NEW YEAR'S 2013 THOUGH (12/31/2012), the world didn't end either per the Mayan Calendar b.s. on 12/21/2012, so I decided to take a drink with neighbors when I wrote up my original idea above (it can be done because of error handlers/exception handlers in C++ or Delphi though - they have them, above compiler structured error handling classes (C & PASCAL, again, don't)).
No, not *QUITE* drunk here, yet... lol, but close (3 hrs. to midnight, good chow @ neighbors is helping on that account... back to card game & brews now).
APK
P.S.=> Time to continue my drinking with my neighbors, we are having a good time/party there, & I have to bring the last case of beer I have over (it's pretty much "BYOB", but tons of good food too)... have a happy new year!
... apk
As per http://www.openwall.com/lists/oss-security/2013/01/01/3 this issue was assigned CVE-2012-6084. Remember folks, you can get your CVEs in advance which makes life easier for everyone. Please see http://people.redhat.com/kseifrie/CVE-OpenSource-Request-HOWTO.html for details.
The problem is server side. If you or the network can't trust to some degree your fellow admins, you have more serious problems.
FTFA:
"Topic: Charybdis: Improper assumptions in the server handshake code may lead to
a remote crash. (CAPAB module)"
For those of you too young to know anything about EFNet or IRC, while you may disapprove or condemn the lack of services that is why EFNet was and is popular. This idea that anyone owns a channel or god forbid a nick, is stupid.
To assign someone a uuid and force them to authenticate is too ripe for abuse. I would rather not appear online and everyone know I'm not online, then have those messages sitting in some queue somewhere. Doesn't take much to ssh from your phone, does take half a brain though.
Although several clients do have support (gaim for example), IRC was not meant to compete with ICQ or any other IM. It replaced talk.
I was a 6 pack "into it" when I wrote the potential solution http://tech.slashdot.org/comments.pl?sid=3350243&cid=42437411 - &, it SHOULD work for the folks @ Efnet to solve their hassles...
What they're going through is a BIG part of the "why" of WHY I avoided C & PASCAL (vs. C++ &/or Object Pascal/Delphi) after I learned them, then discovered WHY the latter in parenthesis was created in part, as an "upgrade" to them (not just for OOP).
I also posted it, even though I was more of a fan of Dalnet since I was an admin there for YEARS on their "Official Help Channel for Windows Users" endorsed by K. Marden Bey no less, the creator of MIRC, because I liked IRC immensely in that timeframe (1994-2000)...
* On what you wrote? Hey - I'm also always on topic (unless attacked by trolls)!
APK
P.S.=>
"Where are my mod points now that your posts are on topic...." - by JonySuede (1908576) on Tuesday January 01, @12:48AM (#42439215)
Speaking of being on topic: Are you on topic now? Plus my initial post's already modded up to +2 interesting (it'll work is why in 1 or 2 of its parts vs. the hassle the C using IRC folks are seeing).
(It's ALSO the 2nd time you've done this kind of post directed my way too, this was one only a short while ago on VLC vs. Media Player Classic -> http://slashdot.org/comments.pl?sid=3336253&cid=42378957 so, "WTF?"
... apk
Specifically Borland/Embarcadero Delphi (Object Pascal) -> http://start64.com/index.php?option=com_content&view=article&id=5851:apk-hosts-file-engine-64bit-version&catid=26:64bit-security-software&Itemid=74 which THAT PROGRAM was created in!
E.G.-> If you look @ the list of what it can DO for an end user of it, listed there in the link, & from only a 600++k (32-bit version) or 800++k (64-bit version) of it, vs. its competitors like it that are 2-4 times its size no less & iirc, use things like SQLite, whereas I wrote all my functions by hand to do the same & MORE in a tinier single file multithreaded non-runtime interpreted 'stand-alone' executable?
You'll appreciate it more... perhaps even MORESO, for what's in my 'p.s.' below that I discovered 15++ yrs. ago & it became my FAVORITE tool to use for development (when I was a HUGE Microsoft Visual Studio guy (MSVC++ & MSVB before it)).
(Competitors were also created AFTER I wrote mine no less, years later that still don't do as much mind you)? You "get the picture"... it's a testimonial/testament of the POWER of Object-Pascal!)
* Especially since Borland Delphi 3/5/7 in the 32-bit world initially helped me create that program that has MYRIAD BENEFITS to end users of it, on many levels (builds I kept to myself in 32-bit, circa late 2003/2005/2008 iirc), & also NUMEROUS other apps I & others wrote too, did well using Pascal!
I have done others that have done well over time in commercially sold software, freeware/shareware, & things that helped me do well in trade shows in the art & science of computing (like MS Tech Ed) too - written in Pascal in Windows via Delphi - I only continued on using it in 64-bit above as well via RAD studio by Embarcadero (Delphi XE2 & C++ Builder) in the 64-bit world lately as well, since it's "all that" & THAT good (see below, again - you WILL find it useful perhaps in posts on Pascal & interesting as well, if not ENLIGHTENING - it was to me, & took me from other languages, as favorite at least)...
APK
P.S.=> I.E.-> It's the BEST of C++ & VB really, in 1 box... & early on, it was KNOWN as the "VB KILLER"... how/why?
This test resultset from (of all places) "VBPJ" (Visual Basic Programmer's Journal) issue Sept./Oct. 1997 "Inside the VB5 Compiler"...
Back circa 1997, I was a BIG fan of coding with Visual Studio... especially MSVC++ &/or VB.
I run into a review in VBPJ, of all places (Visual Basic Programmer's Journal) Sept./Oct. 1997 issue "Inside the VB Compiler", a competing trade rag no less & one that was QUITE respected!
Then?
There, I saw Borland Delphi LITERALLY "knock-the-chocolate" outta MS' offerings, overall, in performance...
How much so?
Ok (& this IS what I took to mgt.):
In the 6 tests given, Delphi won the majority (overwhelmingly in fact, in what ALL PROGRAMS DO, math & strings work)...
Specifics below (the most important, overall? Again - imo @ least - What they ALL do - math & strings!):
---
STRING SUITE:
Delphi = .275ms .500ms
MSVC++ =
MSVB = 4.091ms
---
MATH SUITE:
Delphi = 1.523ms
MSVC++ = 2.890ms
MSVB = 7.071ms
* AGAIN - note what I said above? Even while I was a HUGE fan of MS' Visual Studio?? I couldn't "argue with the numbers" here, & gravitated towards a BETTER coding environs in Delphi, by far, for performance alone!
---
API GRAPHICS METHODS SUITE:
Delphi = .269ms .293ms
MSVC++ =
MSVB = 292
---
TEXTBOX FORM LOADING SUITE:
MSVC++ = .012ms
Delphi
During doing the parsing noted, you could check for NULLS, easily!
Or really, anything else at the location in the array of char the pointers are positionally at, including NULLS, in my description (which yes, is a check for string length too).
I did so, no less, while I was DRUNK no less & no, I said I didn't read the article either...
(Seems to have modded up well also - but of course, you're posting as AC and YOU will probably mod it down via your registered 'luser' account, & I honestly could care less if you do).
You asked a few questions, ok, here goes (so we can examine this further):
"What does "send" mean? you mean pass as parameters to string apis?" - by Anonymous Coward on Tuesday January 01, @12:53PM (#42442593)
No - By 'send' I mean 'vector thru' (using the term loosely) the array itself (which is a vector iirc vs things like linked lists which don't have to be contiguous memory), as in a loop & thru each position as I noted (which YOU don't seem to understand)!
---
"Are you suggesting you have one buffer that is double the length required, and the second pointer points to the end of the string?" - by Anonymous Coward on Tuesday January 01, @12:53PM (#42442593)
No, are you illiterate?
Again 0 I said how it is done, step by step in my FIRST post (modded up to +2 interesting no less vs. your b.s. here)
AND
I elucidated FURTHER above even!
(I had to - Since you're obviously quite 'thick' or illiterate - there, NOW - how do YOU like it, since you said my english is terrible you troll).
---
"What does "FAILS" mean?" - by Anonymous Coward on Tuesday January 01, @12:53PM (#42442593)
Errors out/abends - the meaning is explicit. You are illiterate obviously (or just trolling & nitpicking). The larger positioned pointer WILL 'fail out'... you could even use array indices since C strings are 'arrays of char' but no point (pun intended, best to use pointers).
---
"This does not map onto any behaviour defined in C" - by Anonymous Coward on Tuesday January 01, @12:53PM (#42442593)
Like Try-Catch or Try-Except don't? I pointed to ways to do that also... hairy ways, but ways above & beyond structured exception handlers in the compilers.
Needed, because both PASCAL & C (as implemented originally by Wirth + Kernighan & Ritchie respectively) DON'T HAVE THEM & to do this you'd need to do error handling.
---
I think what you were probably trying to describe is a well known trick where you align strings on page boundaries and then mprotect the second page to PROT_NONE, but this is nothing to do with C." - by Anonymous Coward on Tuesday January 01, @12:53PM (#42442593)
No, just what I stated above. I also don't just *think* you're a troll who isn't SURE of himself on your b.s., but also that you're going to downmod my post via your "registered 'luser'" account as well - it's why you're posting as AC now!
(In fac - I'd almost bank on it in fact - I know how you puny little trolls work, and think.)
APK
P.S.=> Lastly - I didn't read the article & said so since I was partying, & also QUITE drunk on the New Years Eve holiday - for that set of conditions, I did VERY WELL here, & lent some ideas that even others "hit on" similarly!
(Ugh... Man, I am still hungover in fact, but not badly)
I moved several times going from my home to a neighbor's a couple times that evening in a hurry, as well bringing "supplies" (beer) - but overall, the +2 INTERESTING upmod I got wasn't bad...
... apk
"It's extremely difficult to parse, because you clearly don't understand how memory is organized." - by Anonymous Coward on Tuesday January 01, @12:53PM (#42442593)
WRONG - It's EASY for array of char = C strings so...Far from it as to difficult, & it is NOT hard (pointers work):
FIRST: You asked for code for this? I essentially implement strlen algorithmically, ala:
int strlen(const char s[])
{
int i = 0;
while (s[i] != '\0')
i++;
return i;
}
(Now - NOTE THE NULL CHECK ABOVE? It's using array indexed access but makes sense - it's ARRAY OF CHAR = STRING!)
---
SECOND - Arrays are like VECTORS constructed from CONTIGUOUS MEMORY on the heap vs. stack - you can push & pop elements outta them just like you can with array elements (sizing is the diff. partially).
On that note - There is a common mistake I've seen in research on this often stating arrays can't 'change size'!
Well... they can in JAVA or Delphi, or VB, but it's really changing pointers to a larger one from a smaller one, or vice-a-versa, copying elements to & fro as needed between them - (effectively RESIZING them dynamically!).
Hence, for example, VB redim preserve, or Delphi lists (really an array of sorts) & dynamic arrays it has.
---
THIRD - Arrays need contiguous memory, unlike linked lists, which makes linked lists superior in 1 respect:
They don't require contiguous memory locations, & thus, far better vs. memory fragmentation also!
(Which I've seen HALT exchange servers + I created a working program vs. it, that worked great, unfreezing them in fact - & that sold excellently for me in the mid 90's to early 21st century for in fact sold thru SERVER EXTRAS in Atlanta Ga., & firefox too, in the past also - should you required documentation for it? "Ask, & ye shall receive"), fool...
So don't even *TRY* to tell me I don't know how memory is organized, you trolling DOLT!
---
THIRD - I.E.-> They are EASY TO PARSE/vector thru in a loop, as my first post noted -> http://tech.slashdot.org/comments.pl?sid=3350243&cid=42437411 & the code shows above for strlen itself!
(Which was modded up +2 interesting no less in my init. post...).
* GRANTED - I omitted the NULL check, granted, but that's pretty obvious to check on also during said looping - & I would've 'hit on it' were I not intoxicated due to holiday celebrating & it IS in strlen (hence WHY I noted it).
(Which it also gives you strlen, & why I noted strlen (C) & length (PASCAL) functions as well)
Again - I was "loaded" or getting near it though, so I have an 'out' on that account, omitting it but I covered it to you here today in my 1st reply to you -> http://tech.slashdot.org/comments.pl?sid=3350243&cid=42443249
---
FOURTH:
Since C strings are just "arrays of char"?
Well - again: You could use array indices as I noted in my other reply to you as well, since it IS an 'array of char' in a string, but pointers ARE FASTER, fact! I would've done it, over array indexes personally & CERTAINLY OVER VECTORS USAGE!
As to the NULL checks part? Again:
The technique should work for checking on those as well, per my other reply to you here -> http://tech.slashdot.org/comments.pl?sid=3350243&cid=42443249 just an IF statement basically, & then your handler for it in THEN/else etc.-et al (generic coding speaking here) just checking the contents of the string used that
Since you won't show back up? Here's your funeral (regarding C array access via POINTERS & indirection):
---
PERTINENT QUOTE/EXCERPT:
"In C array access is always made through pointers and indirection operators. Whenever an expression such as X[k] appears in a program, the compiler interprets it to mean *(X + k). In other words, objects of an array are always accessed indirectly."
FROM -> http://www-ee.eng.hawaii.edu/~tep/EE160/Book/chap7/section2.1.3.html
---
* No small wonder you posted as AC since I know you 'trolls' that stalk me here & how you TRY to "think" & yes, act, using the term 'think' VERY loosely & sarcastically vs. "your kind" online, pure trash, in regards to YOU now!
(You're probably webmistressrachel, trolling STALKING online scumbag, extraordinaire, again -> http://slashdot.org/comments.pl?sid=3350243&cid=42444775 up to her USUAL scumbag troll tricks ):
Guess what?
YOU FAIL as always, vs. myself...
(Every single time you *try* to troll me by AC posts!)
I could definitely do pointers & loops thru the pointer to the string variable to do what I noted above, and yes, checks for nulls too (just like strlen does, & FASTER, because pointers work faster... less work to do, per the above, & FAR MORE "DIRECT").
APK
P.S.=> Yes, as I suspected here & you ADMITTED to webmistressrachel you trolling stalking scumbag -> http://slashdot.org/comments.pl?sid=3350243&cid=42438977
That's NO FIRST outta you... so, I must ask:
Are you mentally DERANGED, or what? There are LAWS against stalking online you know... & I certainly do NOT need a 'secret admirer' like YOU, trashbag
... apk
"Screw you, apk, and the horse you rode in on. If I ever see you post here again, I'll bomb you as AC from Tor, meaning I'll NEVER run out of posts because I can change endpoint."
You know damn well I posted this in anger because you were accusing me of doing it anyway, and of being "Barbie". You, and anyone else who can read this, will notice that I posted with my UID and when I do post I don't post AC. I have posted embarassing stuff about myself IRL to prove this incorrect but instead you used this against me, making assumptions about my gender makeup and whether I am who I say I am.
I extended an olive branch, and you abused it by ranting at Barbie telling him/her she was me or vice versa. So who's the troll, apk??
Here, another olive branch to prove I'm not Barbie, go do a whois on www.rachelwilson.net.
This tagline was transcoded to result in at least one smirk. If you experience failure to smirk, please consult your Gen
I extended an olive branch 3x and can show it... can you?
Face it - WE KNOW You ARE Barbara, not Barbie/Tomhudson, AND, because of your admitting it here now too, that you CERTAINLY TROLL& STALK ME TOO, admitting it (via nefarious tricks like using TOR).
Bottom-line: THERE ARE LAWS AGAINST STALKING ONLINE YOU KNOW! You're "outside your MIND" keeping it up, and admitting it as well, but there you are... it's you!
APK
P.S.=> I don't give a hoot on your domain... you are also trolltalk.com as far as I am concerned (gee, wonder who owns THAT domain) because of your admitting your bullshit here!
You are nuts... and for some odd reason, YOU ARE ALSO OBSESSED with STALKING & TROLLING ME why's that?
Cuz I wouldn't "bow" to you trolltalk.com scum and kicked your ASSES so many times on things technical, "barbie" took off (the cyclops diseased troll) which it is obvious you ARE He/She (tomhudson/barbara not barbie).??
Everyone KNOWS how you 'trolls' work (even deluded 'whitehat trolls' as you call it)!
HBGary and The Chinese Water Army are just BIGGER BADDER versions of YOUR KIND, lady (assuming you are even a lady that is).
Read Mr. Bruce Perens, he even KNOWS 'your kind' to a tee:
"It just takes one Ubuntu sympathizer or PR flack to minus-moderate any comment. Unfortunately, once PR agencies and so on started paying people to moderate online communities, and to have hundreds of accounts each, things changed." -
FROM -> http://linux.slashdot.org/comments.pl?sid=1738364&cid=33089192
and, so do I... to a tee, I've got your # down pat, especially after you ADMIT trolling me here... & YOU KNOW I've got Barbara, not Barbie/Tomhudson trapped in his/her words on stalking me as well... should I post that too? After all - you ARE her/him!
So please: DO YOURSELF A FAVOR - DON'T EVEN *TRY* MATCH WITS WITH ME WOMAN... you don't possess the skills in computing, OR the wits, or the information to back you -> http://tech.slashdot.org/comments.pl?sid=3350243&cid=42445065 as was seen there and in my 3 other posts supporting it.
I eat trolls like you, ALIVE in the computer sciences, just as I did to tomhudson/barbie MANY times... should I post those too? They number in the 100's... as it would go QUITE WELL with the time I caught her telling you & others to STALK & TROLL ME BY AC POSTS!
Lastly - See first line above, go for it...
... apk
Bullshit, most of that. You're so wordy, and you've got it so wrong. Fortunately, I have an IRL to go back to that encourages me to contribute positive change around me (unlike this place and people like you).
Thanks for ruining my evening after I simply told someone it was bad form to drag you down to that level after you posted something positive.
This tagline was transcoded to result in at least one smirk. If you experience failure to smirk, please consult your Gen
This all started because I completely disagreed about the use of HOSTs as compared to Adblock or similar, and you started personally insulting someone I know. Now, you're doing the same to me.
Defend myself, I'm a stalker. Ignore you, people might think you were correct. What a dilemma. You're one evil, uncaring guy, apk. Security tools = positive change? Try www.timberrecycling.org for positive change. Or www.manchester.gov.uk/elections. Or call Greater Manchester Police and ask them about Rachel Wilson. If they say they've never heard about me, mention Operation Protector, or Operation Foot. They've heard of those, and will be able to look up my details quick enough.
I find you ego-centric list of challenges disturbing. How, as you quite rightly point out, could I have the experience you have when you were born first, went to what seems like decent schools and colleges, and actually had friends and good teachers as a child? You have taken no time or care at all to ensure what you are saying is relevent to me at all. Why should I care? I know I'm a good person, and admitting to teasing you about HOSTS (Which everyone here does, because it's a PLAIN STUPID solution to a common problem!) does not make me a stalker at all.
In fact, I'd welcome any investigation into such because it would simply prove that I'm not Tomhudson, and that you are assuming you're talking to me when I'm not even there. I checked the link and parent, and no, that's not me.
This tagline was transcoded to result in at least one smirk. If you experience failure to smirk, please consult your Gen
ME, in this very exchange... & I am not stupid lady! Nobody's THAT damn dumb!
"This all started because I completely disagreed about the use of HOSTs as compared to Adblock or similar, and you started personally insulting someone I know." - by webmistressrachel (903577) on Tuesday January 01, @10:54PM (#42447549)
Yea? She LIBELLED me in MANY ways (shall I post that too), trying to ruin my rep saying "I live with my mommy, and I never worked professinally in computing" hell... I've worked for MORE Fortune 100-500 than she has, I dusted her on TONS of computing tech debates, and I did not START IT... she, did!
She worked for SIEMENS? You tell her I think SHE is the reason they have been exploited so badly in SCADA then if you speak to her agian (lol). How's that? You like apples?? How do you like THEM apples???
Quoting a film hero of mine, an auto-didact in "Good Will Hunting" because he comes outta the same working class background, bogus violent neighborhoods I do, & more...we're MUCH alike.
Ah, anyhow/anyways:
(And unlike MOST of you fucking cowards, I don't "hide" behind some nickname/alias/handle, I put myself RIGHT OUT THERE, because hiding as you do? You will NEVER be able to prove you did anything worthwhile or attach it to your REAL NAME... but, first, you have to have DONE what I have... therein "lies the difference" and you certainly can't show you have either... fail, Fail, FAIL vs. me, everytime on every level).
Just like Barbara Hudson did... massively, 100's of times, despite her 'alleged technical guru' status here... lol, to that!
She's RAN & is gone with the dawn!
NOW, another challenge on that note to YOU again (you'll fail it, & I know it, hundreds here have... heck, even TenebrousEdge who is pretty well techincally versed, recently -> http://tech.slashdot.org/comments.pl?sid=3350243&cid=42445065 where I SHOT SO MANY "HOLES" into his rigged 'test'? He won't even answer & face it... he tried in email, but that backfired on him too, yet again).
GET THIS THRU YOUR HEAD: I've knocked KNOWN bigtime PhD's in the art & science of computing on their asses... think /. trolls can give me a run for my money? NOT SO FAR, for 8 yrs. now! Not a one... I am not to be "F'd with", or you will fail... everytime, to YOUR own dismay.
A man's MIGHT is judged by the strength of his enemies... I had better find BETTER enemies then.
Anyhow, disprove the points about hosts that my little program illustrates enumerated there -> http://start64.com/index.php?option=com_content&view=article&id=5851:apk-hosts-file-engine-64bit-version&catid=26:64bit-security-software&Itemid=74
They're there, short & sweet, in summation... good luck - you'll NEED IT...
---
"You're one evil, uncaring guy, apk." -
Illogical off topic ad hominem attacks... oh, yes - the "last resort" of the stalking ac troll & all trolls, vs. facts & challenges they CANNOT meet or defeat.
Keep proving my points for me... you make ME, look GOOD (thanks!).
---
"Security tools = positive change?" - by webmistressrachel (903577) on Tuesday January 01, @10:54PM (#42447549)
In an art & science CHANGING THE WORLD? Absolutely... it's where I operate the BEST, since I have a good set of fundamentals, & DECADES around it... I can think of NO BETTER BATTLEGROUND for me, to fight on, for "positive change" that is of SERVICE TO OTHERS, & great aid vs. a very large threat (to your money & personal information).
That's all... have you done more on that VERY front? Have you done more on the other fronts
His FAIL he shut the hell up on, on hosts -> http://slashdot.org/comments.pl?sid=3325045&cid=42336131
(AND I've told that kid, he is SHARP... made me THINK but I did outthink him & shot his 'rigged test' up SO BADLY? He won't argue it!)
* And, there you go... on /.. the "Show me State" of the internet? Let it NEVER be said APK doesn't back up his words...
APK
P.S.=> "Nuff Said" but you haven't met ANY of my challenges, & I certainly do NOT think you will do better disproving my points on hosts myriad values to users on a PLETHORA of multiple levels, to good effect... apk
We know it's you, apk. No one "IRL" would be so upset over slashdot posts or be trolled so easily.
You replied to webmistressrachel idiot.
APK = Dalek, you & all /. trolls = Cybermen - Quoting Dr. Who episode "Doomsday" with video (lol):
"Open Visual Link" -> http://www.youtube.com/watch?v=ysvNOmDMVvk [youtube.com]
Especially see position 2.50 on the YouTube player control... & the quotes below in my p.s.!
---
That says it all about you webmistressrachel + other trolls like you via a "video analogy"... Especially vs. myself and it's from the BBC in Great Britain no less (just for YOU, 'white hat troll')... enjoy!
(ROTFLMAO!)
* Especially since you're "the inferior species known as cybermen" (trolls actually).
APK
P.S.=> Quoting the Daleks from said video, as to what applies in the links below, regarding YOU & all trolls, vs. myself? Ok:
"You are superior in only 1 respect - YOU ARE BETTER AT DYING", ala:
http://slashdot.org/comments.pl?sid=3350243&cid=42444775
http://slashdot.org/comments.pl?sid=3350243&cid=42446777
http://slashdot.org/comments.pl?sid=3350243&cid=42447057
http://slashdot.org/comments.pl?sid=3350243&cid=42447777 (with its addendum edit beneath it)
And of course, from the same video:
"WE WOULD DESTROY THE CYBERMEN (trolls & Pro-*NIX people) WITH ONLY 1 DALEK" (lol, me)
As my replies in the links above, to the troll webmistressrachel, clearly illustrates, point-by-point, in her COMPLETELY 'failing' challenges put to her vs. her words/claims!
AND
For webnistressrachel literally ADMITTING she trolls me here on this site (for YEARS now) -> http://slashdot.org/comments.pl?sid=3350243&cid=42438977
... apk
webmistressrachel, downmods don't hide you troll by TOR you scumbag.