Slashdot Mirror


User: DrSkwid

DrSkwid's activity in the archive.

Stories
0
Comments
6,376
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,376

  1. SUEXEC sees you right even then on Introduction to PHP5 · · Score: 1

    okay so not impervious to attack, I never suggested that
    --
    Impact

    Anyone ... may exploit this vulnerability to gain access to any file readable by the user under which the webserver runs.
    --

    with SUEXEC that would be each website owner and it's group so www:$USER

    security minded people will already have locked down files outside the webspace to be unreadable by www that leaves the $USER's files.

    We use postgres and it's access is via current username rather than password so no passwords would be revealed.

    Arbitrary php execution would enable manipulating the DB data and open the door to other nasties [such as privilege escalation via forked shells & other vulnerabilities]

    In the end, though, you have to blame the existence of a Super-User model. It's the biggest hole there is.

  2. run PHP as a CGI on Introduction to PHP5 · · Score: 1

    run PHP as a CGI and not an Apache Module and all your security fears melt away in the night

  3. Model T is "open source" on Windows 2003 Going Gold · · Score: 1

    people are still patching it today :

    http://www.mikes-afordable.com/

  4. perhaps no concidence on Windows 2003 Going Gold · · Score: 1

    just another meme for the FUD factory

  5. They didn't react to this one very quickly /.'d on Self-Assembling Networks · · Score: 1, Funny

    okument nicht gefunden

    Die von Ihnen gewählte URL ist auf unserem
    Server nicht bzw. nicht mehr vorhanden.

    Gehen Sie bitte zur AIS-Homepage oder
    benutzen Sie das Navigationsmenu links.

  6. There is no fight on Slashback: Security, Telephony, Solicitude · · Score: 2, Informative

    The purpose of my desktop is to fight against Microsoft?
    I think not.
    I want to get work done in a timely and cost effective manner not be part of a Jihad.
    I'd be rather upset if the people contributing were all fucked up with "must beat Microsfot, must beat Microsoft" rather than "must write good code, must write good code"

  7. Re:cool! on First U.S. Desalination Plant Goes Online · · Score: 1

    We Brits already had a civil war concerning that one.

    Our revolutionary hero, Oliver Cromwell, became radicalised through the struggle to keep the Fens of East Anglia flooded. A grand scheme to clear, drain and develop on them was resisted by the communities that lived and worked there.

    Ironincally once in power Cromwell oversaw the clearing, draining and development of the very same Fens.

    There is talk today of reflooding much of then Fens and bringing the native flora and fauna back.

  8. Re:Bio-engineering on Enzyme Bio-Battery Runs on Ethanol · · Score: 1

    Made me think what life would be like if *everyone* who had a car instead had a horse. Pandemonium to be sure.

    Not to mention that the waste products of horses don't conveniently blow away in the wind.

  9. 5 keystrokes ! got time to spare? on Office Depot: Windows XP Apps Must Be Microsoft-Approved · · Score: 2, Interesting

    i type m for mozilla (in Unix)

    when I'm in plan9 I right click any text that looks like a url, select plumb and get's freebsd to open it in a new tab in mozilla on my second monitor

  10. I think you are on to something on Microsoft To Teach Undergrads About Secure Computing · · Score: 1

    I was thinking about this the other day

    no-one ever tries a peaceful invasion

    The coalition should have sent 5,000 unarmed civilians instead of well armed troops. No diplomat in the world could have defended a state that attacked non-aggressive civilians.

    Curiously it was the UK that was the first to gas the Iraqis back in the 20th century. try googling "recalcitrant arabs"

    Blair is just using the old Lloyd George maxim "Britain reserves the right to bomb niggers."

  11. I'd buy one - if it's hackable on Sun to Build Alternative Desktop ? · · Score: 1

    because, let's face it, thin clients are all you need most of the time. I use them all the time.

    I'd be happy to buy a graphical thin client that wasn't Intel or AMD for a change.

    It's an unnoccupied niche - the cheap reference platform computer. Backwards compatibility is great and all but sometimes a clean sheet can work wonders. It's a brave move but one that could reap rewards for many people. The Wintel platform is a mess. It would be wonderful to dump the lot and start with a unified architecture and someone with the muscle to say "You know those apps you've been using to save licensing fees and support costs, well we've got some computers we made especially for them that could reduce your over support costs".

    I say "good luck to them" (so long as they don't come up with a sucky name for it)

  12. great - I was bored of 1.0 ! on Mozilla 1.3 Port Available For FreeBSD · · Score: 1, Redundant

    hope it includes SVG

  13. rely on WEP? you must be wappy! on LA Cops get Wi-Fi Drive By Access · · Score: 1

    anyone with any experience in Wireless nows that WEP is an insecure method of communication that is brute force breakable.

    It is therefore easier to assume that all WEP protected comms are effectively plain text.

    It is from this position that one should build the network.

    Personally I would be using Inferno

    from http://www.vitanuova.com/inferno/papers/bltj.html

    Security in Inferno

    Inferno provides security of communication, resource control, and system integrity.

    Each external communication channel may be transmitted in the clear, accompanied by message digests to prevent corruption, or encrypted to prevent corruption and interception. Once communication is set up, the encryption is transparent to the application. Key exchange is provided through standard public-key mechanisms; after key exchange, message digesting and line encryption likewise use standard symmetric mechanisms.

    Inferno is secure against erroneous or malicious applications, and encourages safe collaboration between mutually suspicious service providers and clients. The resources available to applications appear exclusively in the name space of the application, and standard protection modes are available. This applies to data, to communication resources, and to the executable modules that constitute the applications. Security-sensitive resources of the system are accessible only by calling the modules that provide them; in particular, adding new files and servers to the name space is controlled and is an authenticated operation. For example, if the network resources are removed from an application's name space, then it is impossible for it to establish new network connections.

    Security mechanisms

    Authentication and digital signatures are performed using public key cryptography. Public keys are certified by Inferno-based or other certifying authorities that sign the public keys with their own private key.

    Inferno uses encryption for:

    *
    mutual authentication of communicating parties;
    *
    authentication of messages between these parties; and
    *
    encryption of messages between these parties.

    The encryption algorithms provided by Inferno include the SHA, MD4, and MD5 secure hashes; Elgamal public key signatures and signature verification [4]; RC4 encryption; DES encryption; and public key exchange based on the Diffie-Hellman scheme. The public key signatures use keys with moduli up to 4096 bits, 512 bits by default.

  14. Re:Huh? - huh on Which Shell Do You Prefer? · · Score: 1

    It's not really sensible to write shell scripts using one shell and use another, so steer clear of csh.



    poppycock

    I use csh all day long for my interactive sessions but use rc for my shell programming.

    So pray, what's wrong with doing that?

    I get the features I want from a CLI and I get the features I want from the shell programming language for scripts.

  15. Re:that's pretty shortsighted on Slashback: Privacy, Spectrum, Location · · Score: 1

    there are 10 types of people

    those that get trinary
    those that don't
    and some other lot

  16. time based ? on IBM Researcher Offers an E-Stamp Spam Solution · · Score: 1

    Despite it sounding an interesting thought experiment it's a bit grim if you go to all the trouble of killing someone but get the time wrong. My car bomb could fail to go off and then explode under investigation the next day rendering my prediction useless thus I will not be recompensed for my risk.

  17. In non-soviet Britain junk mailers subsidize us on IBM Researcher Offers an E-Stamp Spam Solution · · Score: 1

    when the Post Office recieves money for dropping "the occupier" [that's all - no address] letters through my letter box I believe this enables them to keep the price of postage at what the market will bear.

  18. kind of true on Screenshot History of Windows · · Score: 4, Informative

    AT&T licensed Unix to OEMs and Microsoft decided to be one of them.

    Bill was a Xenix evangelist, even putting it on the desks of the secretaries if the stories are true.

    See here

    and here

    A Snippet of his 1996 speech at Unix Expo

    One of the exciting things we're announcing today is that our commitment to the Internet and to building a state-of-the-art browser extends not only to Windows 95 and Windows NT, but also to 16-bit Windows and the Macintosh and to Unix. And so, working with some partners, we've created Internet Explorer 3.0, and that's our latest, with all the active control capabilities on several Unix platforms.

  19. Linux is not Unix on Screenshot History of Windows · · Score: 1

    Unix is Unix

    Linux is Unix-like

  20. ultimately our value is zero on Screenshot History of Windows · · Score: 1

    still worth thinking about exploding Iraqis though

  21. ^x is cut in Windows on Screenshot History of Windows · · Score: 3, Funny

    which could be very harmful

    cut - save - crash

    omg where's my work, it was there when I saved it

  22. Re:that's pretty shortsighted on Slashback: Privacy, Spectrum, Location · · Score: 1

    I was thinking in pseudo-physical terms where 1 and 0 are two bits

    i don't know why I was but i was

  23. I challenge you : on More PlayStation 3 Predictions · · Score: 1

    to go to a big city electronics store and find 5 people who have heard of CSS. bonus points if they know it has something to do with DVDs.

    I further challenge you to find 5 people there who know what proprietary means, bonus points if they mention computers.

  24. not Lessig : it was David Reed / David Weinberger on Slashback: Privacy, Spectrum, Location · · Score: 2, Informative

    it's :
    The myth of interference
    Internet architect David Reed explains how bad science created the broadcast industry.

    - - - - - - - - - - - -
    By David Weinberger

  25. that's pretty shortsighted on Slashback: Privacy, Spectrum, Location · · Score: 0

    2 bits are enough for anybody