I think the OpenBiblio project sounds like just what you're looking for. It basically functions as a library tracking system, but you could easily make some slight changes to the database to provide ownership/auction funtionality.
I did an installation of 0.4 not long ago and the install was very slick. I haven't had a lot of time to play with it yet but I was impressed enough with it to write up a little squib on my business site.
I thought that quantum computing was probably going to be viable within ten years, and will probably be far more advanced than any of the fabrication methods they listed in the article.
Their web site talks a little bit about DARPA's quantum computing projects, but the page seems to be a little outdated. Anyone know if they're pursuing this as well?
Someone must be benefitting if they can afford to make me this kind of offer.
Greetings,
We need a vendor who can offer immediate supply.
I'm offering $5,000 US dollars just for referring a vender which is (Actually RELIABLE in providing the below equipment) Contact details of vendor required, including name and phone #. If they turn out to be reliable in supplying the below equipment I'll immediately pay you $5,000. We prefer to work with vendor in the Boston/New York area.
1. The mind warper generation 4 Dimensional Warp Generator # 52 4350a series wrist watch with z80 or better memory adapter. If in stock the AMD Dimensional Warp Generator module containing the GRC79 induction motor, two I80200 warp stabilizers, 256GB of SRAM, and two Analog Devices isolinear modules, This unit also has a menu driven GUI accessible on the front panel XID display. All in 1 units would be great if reliable models are available
2. The special 23200 or Acme 5X24 series time transducing capacitor with built in temporal displacement. Needed with complete jumper/auxiliary system
3. A reliable crystal Ionizor with unlimited memory backup.
4. I will also pay for Schematics, layouts, and designs directly from the manufature which can be used to build this equipment from readily available parts.
If your vendor turns out to be reliable, I owe you $5,000.
Email his details to me at: info@federalfundingprogram.com
Please do not reply directly back to this email as it will only be bounced back to you.
I admittedly hadn't been paying much attention to the changes, but this one crept up and bit me on the ass last week while I was setting some new web servers for our ISP.
It seems the chrooted Apache configuration in 3.2 is turned on by default, and it prevents cgi mappings from working properly under VirtualHosts directives. I was kind of aggravated; it took a while to figure out what was wrong.
It's documented in the OpenBSD FAQ, but I couldn't pinpoint the problem to OpenBSD specifically (and the error log was mysteriously unhelpful at diagnosing the problem), so I spent quite a while reading up on Apache directives before I figured it out.
It was frustrating, but I know Apache considerably better now, so I guess it was worth it. I agree that security is very admirable, which is why I use OpenBSD in the first place, but I think certain options should be turned off by default, especially if they break common services like VirtualHosts cgi ScriptAliases.
Realistically, are most web servers going to be set up just to host one web site? Or am I the only one who uses VirtualHosts on most of my servers?
I noticed an open source project that has the potential to be just what you need, called StorePhront. I am not sure how stable or versatile it is as I have not yet tried it, but their demo is impressive. Check it out here.
If it seems to be the type of thing that will work for you, I'm sure the authors would accept and appreciate contributions for further development.
She had the most interesting things to say about why she wrote her album, Vespertine. It's an amazing work, I've never heard anything like it before.
"...Its also like a love affair with a laptop. I wanted to make modern chamber music. And it's a love affair with two things: the home and laptops, basically saying that a hundred years ago the most ideal music situation was in the home, where people would play harps for each other, or tell each other stories. And in the middle of the century it became the opposite, the most ideal music situation was something like Woodstock, with many hundreds of thousands of people hearing the same song in the same mud pit, having the same euphoric experience, and the target, sonically, was to make a stack of amplifiers that could reach China. I think we've come full circle and the most ideal music situation now, through Napster and thr ough the Internet and downloading and DVD, is back to the home...."
In another interview I read, she said she composed the album with the idea in her mind of her fans sharing the album through the web, and wrote much of the lyrics as a kind of "whispered secret" for listeners to enjoy. I think she's one of the few artists who realizes that without her fans, she wouldn't be where she is today.
Chuck D. has also seemed to be fairly clueful about the web, although I'm not sure how he feels about P2P apps.
Ha! Like SSH isn't vulnerable to man-in-the-middle attacks. (as is SSL).
Sure, it's better than nothing, but Dug Song's work on Dsniff (and the resulting controversy) clearly revealed that SSH is not a panacea to sniffing and/or session hijacking. In fact, with a compromised network host doing ARP spoofing it's probably nowhere near as secure as you think, especially if the clients and servers aren't set up with appropriate configurations. (i.e. only allow SSH2, don't allow log in as root, perhaps even use skey if necessary, etc.
Also, if you use Windows, don't let WinSCP save your password in the registry. (as it tends to want to do so by default). WinSCP (and perhaps PuTTY?) also saves copies (unencrypted!) of any files you transfer in plain sight, right in your Windows temp folder! argh!)
I'm not saying it's futile - SSH is a good step in the right direction, obviously miles ahead of Telnet or FTP, but it's not the cure-all some people seem to think it is. So, you might want to think twice about how "secure" your little SSH session is before bragging about it on/.
Otherwise, you're just drawing attention to yourself. (shh! the feds might hear us.;-)
There are a variety of techniques that make it possible to detect NAT usage, and it looks like certain ISPs (namely Comcast) even have entire departments dedicated to doing just that.
Yes, but because of the way packet headers are written while using NAT, it's certainly possible to detect the presence of rfc-1918 compliant private ip addresses (i.e. 10.0.0.x or 192.168.x.x, etc) behind a NAT gateway, even if the MAC address was consistent between all the packets.
In fact, it would probably be pretty easy to slap together a few Perl scripts that did that sort of thing automatically, so don't go feeling too safe just yet.;-)
Well, as a matter of fact, I'm playing Progress Quest right now, and I'm at work. What's cool is I can keep playing if the boss walks by, but by switching to another task on my screen I can make it appear that I am actually working! Alas, it is Windows only, right now.
The other cool part is if I forget to switch back to the game, my character just keeps pluggin' away, on some sort of strange magickal "autopilot", which liberates me from having to pay attention that often.
Also, it's all online, and you can compete against up to 65,536 other players simultaneously. Can't beat that! Can you? Can you?!?
I agree that sometimes Flash is pretty annoying, but for certain types of applications I can understand why someone might want to use it. Don't flame this guy for investigating what might be appropriate options for his purposes, especially since there are tools such as Ming for PHP, which allow you to generate some pretty goddamned cool-looking Flash files without owning the Macromedia authoring program. Did I mention it's open source?
Re:You'll probably need it
on
Chase the Rabbits
·
· Score: 1, Flamebait
Jesus christ, was this so-called "article" posted because someone thought it was actually good? Or was it just because it's so goddamned long? Personally, I've read better journals kept by retarded middle schoolers, and frankly, this has no real reason to be on Slashdot. God, you guys must be just fucking desperate for new content, hunh?
Uh... until they compromise an internal host, or internal router, that is. If you think that you can lock down a network simply by using private IP's, think again.
Here is one scenario; compromise a Windows machine on 10.0.0.0/8 by sending it an email with an auto-executing file type. Have that executable run a trojan with an IRC daemon. Have that IRC daemon connect back to a channel where you have channelops.
Once you can issue commands to the shell running on that Windows box inside that network, use the compromised machine to scan every other host on the internal network for vulnerabilities. You can even use port forwarding on the compromised machine to directly attack other hosts, in a fashion similar to having a VPN. Or, you can bootstrap Gnu-style utilities such as CygWin or NT rootkits to turn that Windows machine into a fairly powerful Unix emulator. Take your pick.
The attack vectors available for compromising a host on a private subnet are many; once a host is compromised, the attacker can do whatever they'd like inside your network, "private", or not.
... but if they are sniffing your packets either A) your doing something illegal B) your not doing something illegal, so they won't find anything, other then your obbession with porn sites.
If you're not sniffing my packets, then how come you know about my obsession with porn sites?!?
Unless you're encrypting your connection to the web proxies, your ISP can probably figure out how to hire a $25/hour Perl programmer to sniff the URLs you're visiting, en masse.
Much as I agree with your mission, and like the web site, I can't help but wonder why you expect to break even from donations without making some kind of plea to your audience.
I hate to admit it, but if I were you I'd rethink your aversion to banner ads, or else figure out what you can sell on the site in conjunction with the free services you provide, if you're getting so frustrated you are considering quitting.
I know it's not everyone's favorite pasttime, but perhaps you and your partner need to sit down and hammer out a business plan. That, or file as a non-profit and try to get a grant.
Very impressive site, nice work. I hope you flourish and prosper.
Slashdot Mirror
I did an installation of 0.4 not long ago and the install was very slick. I haven't had a lot of time to play with it yet but I was impressed enough with it to write up a little squib on my business site.
They were even supposed to be funding the crackheads over at OpenBSD for a while.
(Just kidding, Theo.)
Their web site talks a little bit about DARPA's quantum computing projects, but the page seems to be a little outdated. Anyone know if they're pursuing this as well?
That's pretty bizarre.
Greetings,
We need a vendor who can offer immediate supply.
I'm offering $5,000 US dollars just for referring a vender which is (Actually RELIABLE in providing the below equipment) Contact details of vendor required, including name and phone #. If they turn out to be reliable in supplying the below equipment I'll immediately pay you $5,000. We prefer to work with vendor in the Boston/New York area.
1. The mind warper generation 4 Dimensional Warp Generator # 52 4350a series wrist watch with z80 or better memory adapter. If in stock the AMD Dimensional Warp Generator module containing the GRC79 induction motor, two I80200 warp stabilizers, 256GB of SRAM, and two Analog Devices isolinear modules, This unit also has a menu driven GUI accessible on the front panel XID display. All in 1 units would be great if reliable models are available
2. The special 23200 or Acme 5X24 series time transducing capacitor with built in temporal displacement. Needed with complete jumper/auxiliary system
3. A reliable crystal Ionizor with unlimited memory backup.
4. I will also pay for Schematics, layouts, and designs directly from the manufature which can be used to build this equipment from readily available parts.
If your vendor turns out to be reliable, I owe you $5,000.
Email his details to me at: info@federalfundingprogram.com
Please do not reply directly back to this email as it will only be bounced back to you.
Anyone else get this one? =P
Especially since it makes the software sound like a feverish, phlegmy child.
Any freshly graduated advertising hire could tell you why this might be a bad idea.
I resent that remark. :-)
It seems the chrooted Apache configuration in 3.2 is turned on by default, and it prevents cgi mappings from working properly under VirtualHosts directives. I was kind of aggravated; it took a while to figure out what was wrong.
It's documented in the OpenBSD FAQ, but I couldn't pinpoint the problem to OpenBSD specifically (and the error log was mysteriously unhelpful at diagnosing the problem), so I spent quite a while reading up on Apache directives before I figured it out.
It was frustrating, but I know Apache considerably better now, so I guess it was worth it. I agree that security is very admirable, which is why I use OpenBSD in the first place, but I think certain options should be turned off by default, especially if they break common services like VirtualHosts cgi ScriptAliases.
Realistically, are most web servers going to be set up just to host one web site? Or am I the only one who uses VirtualHosts on most of my servers?
I see you jocking me; trying to play like, u no me.
Everybody to the limit, the Cheat is to the limit.
I said, come on, fhwqwhgads!
If it seems to be the type of thing that will work for you, I'm sure the authors would accept and appreciate contributions for further development.
In another interview I read, she said she composed the album with the idea in her mind of her fans sharing the album through the web, and wrote much of the lyrics as a kind of "whispered secret" for listeners to enjoy. I think she's one of the few artists who realizes that without her fans, she wouldn't be where she is today.
Chuck D. has also seemed to be fairly clueful about the web, although I'm not sure how he feels about P2P apps.
Sure, it's better than nothing, but Dug Song's work on Dsniff (and the resulting controversy) clearly revealed that SSH is not a panacea to sniffing and/or session hijacking. In fact, with a compromised network host doing ARP spoofing it's probably nowhere near as secure as you think, especially if the clients and servers aren't set up with appropriate configurations. (i.e. only allow SSH2, don't allow log in as root, perhaps even use skey if necessary, etc.
Also, if you use Windows, don't let WinSCP save your password in the registry. (as it tends to want to do so by default). WinSCP (and perhaps PuTTY?) also saves copies (unencrypted!) of any files you transfer in plain sight, right in your Windows temp folder! argh!)
I'm not saying it's futile - SSH is a good step in the right direction, obviously miles ahead of Telnet or FTP, but it's not the cure-all some people seem to think it is. So, you might want to think twice about how "secure" your little SSH session is before bragging about it on /.
Otherwise, you're just drawing attention to yourself. (shh! the feds might hear us. ;-)
There are a variety of techniques that make it possible to detect NAT usage, and it looks like certain ISPs (namely Comcast) even have entire departments dedicated to doing just that.
In fact, it would probably be pretty easy to slap together a few Perl scripts that did that sort of thing automatically, so don't go feeling too safe just yet. ;-)
The other cool part is if I forget to switch back to the game, my character just keeps pluggin' away, on some sort of strange magickal "autopilot", which liberates me from having to pay attention that often.
Also, it's all online, and you can compete against up to 65,536 other players simultaneously. Can't beat that! Can you? Can you?!?
I agree that sometimes Flash is pretty annoying, but for certain types of applications I can understand why someone might want to use it. Don't flame this guy for investigating what might be appropriate options for his purposes, especially since there are tools such as Ming for PHP, which allow you to generate some pretty goddamned cool-looking Flash files without owning the Macromedia authoring program. Did I mention it's open source?
Jesus christ, was this so-called "article" posted because someone thought it was actually good? Or was it just because it's so goddamned long? Personally, I've read better journals kept by retarded middle schoolers, and frankly, this has no real reason to be on Slashdot. God, you guys must be just fucking desperate for new content, hunh?
When people notice the OS, it's probably not a good thing.
Wow. For whatever reason, that actually seems pretty profound to me.
Er, thanks, you just gave me something to think about for a while.
Uh... until they compromise an internal host, or internal router, that is. If you think that you can lock down a network simply by using private IP's, think again.
Here is one scenario; compromise a Windows machine on 10.0.0.0/8 by sending it an email with an auto-executing file type. Have that executable run a trojan with an IRC daemon. Have that IRC daemon connect back to a channel where you have channelops.
Once you can issue commands to the shell running on that Windows box inside that network, use the compromised machine to scan every other host on the internal network for vulnerabilities. You can even use port forwarding on the compromised machine to directly attack other hosts, in a fashion similar to having a VPN. Or, you can bootstrap Gnu-style utilities such as CygWin or NT rootkits to turn that Windows machine into a fairly powerful Unix emulator. Take your pick.
The attack vectors available for compromising a host on a private subnet are many; once a host is compromised, the attacker can do whatever they'd like inside your network, "private", or not.
... but if they are sniffing your packets either A) your doing something illegal B) your not doing something illegal, so they won't find anything, other then your obbession with porn sites.
If you're not sniffing my packets, then how come you know about my obsession with porn sites?!?
It's a conspiracy, I tell you!
Unless you're encrypting your connection to the web proxies, your ISP can probably figure out how to hire a $25/hour Perl programmer to sniff the URLs you're visiting, en masse.
Now they can be just like that other secure operating system.
"Windows XP - Four minutes without a remote hole in the default install."
The future of IDS obviously lies in improving overall Webcurity.
Exchange 2000, maybe, but you sure can't get 5.5 to do that. Welcome to the Eternal Upgrade Cycle.
I hate to admit it, but if I were you I'd rethink your aversion to banner ads, or else figure out what you can sell on the site in conjunction with the free services you provide, if you're getting so frustrated you are considering quitting.
I know it's not everyone's favorite pasttime, but perhaps you and your partner need to sit down and hammer out a business plan. That, or file as a non-profit and try to get a grant.
Very impressive site, nice work. I hope you flourish and prosper.