> Hmm. In one place you say "take advantage of the morons" and in another you say > "be polite and don't use a resource that someone asks nicely that you not use."
Where you came up with that is beyond me. You also took what i said totally wrong.
Example. At work (non IT job) there is a hub/switch on a desk with some machines attached to it.
There is a HUGE difference between asking "Am i allowed to plug in there to get internet access?" then being told yes or no, and never once asking and intending to break into their shit by plugging in their network.
They are two totally different intents.
WEP will NOT protect you from someone whos intent is to break in and see your wireless traffic.
WEP in the above example is like saying "No, you are not allowed to use that"
Does that mean anything further is stopping you from actually using it for good or bad? NO.
If WEP is on, moral people (myself included) will not use your connection. WEP is like saying "no", it is not an actual secure way to garentee noone will use it. It really is like just asking. If someone is intending to break into your shit and use it or sniff your traffic, WEP will not protect you.
In the above example, if my workers asked if they can use that switch/hub for internet access, and i said no to them, I may choose not to take any further action to prevent them from doing so.
That is the long version of what I said in those two lines.
Please stop putting words in my mouth, and twisting the ones that actually come from there into something totally different.
> Just because I leave the keys in my car by accident doesn't give you the right > to borrow my car.
Right. But this guy didnt go over to the persons house and plug into his hub/switch.
If you drive your car into my front door and left it there with the keys in it however, and I had no idea why it was there, accident or not you can hardly bitch if I start your car and drive it elsewhere.
Well i guess you can bitch, since you posted that stupid comment, but just because someone bitches about something doesnt make it wrong to have done.
Hell, it doesnt even take more than common sense to realize "Wow i connected all my neet new magical toys and i can get on my internet connection from my living room with no cables!!! Wait, if i can, cant everyone else?"
Once you realize that fact, it can be argued you ARE willingly allowing anyone to use it. Otherwise you wouldnt leave it in that condition.
If you dont realize that fact, you are a moron with no common sense, and should not be allowed to continue your existance.
If you are at or above normal intelligence, you would realize you have two options by the fact anyone can access it the same as you: 1) STOP and 2) Look into methods so only you can and noone else can.
If you choose #1 there is no problem anymore. If you choose #2, it will lead you to WEP
If a wireless network has WEP enabled, you are clearly not welcome.
The very smart of us know WEP is not a good replacement for real security, and one should not do secure things with WEP as your only form of protection. However for answering the question of "Gee, can i use this network or not?" WEP being used is the only form of YES/NO there is.
The other way (Not for the average or lesser ingelligence user however) is to not use WEP but make your SSID read "keep_out" or something similar. This too could be viewed as your not welcome.
The whole argument of "If i accidentally leave my front door unlocked, you have no right to come in" is totally off base. Having no WEP and using DHCP to serve out IPs is similar to your house having no walls or doors of any sort what so ever, nor being on a lot.
If you lived on a throw rug in the middle of a field, you would have about as much privacy as a non-WEP enabled access point, and at that point the comparison is more accurate.
Is it right to steal an item laying on this throw rug in the middle of a field somewhere? No. Would anyone at all even think for a second you were in the wrong for doing so if your argument is "But the stuff was just laying there, how was i suppost to know it wasnt free junk!"? Not at all.
If you "accidentally" left an open access point handing out IPs connected to your internet connection, dont bitch. Its like if you "accidentally" left cash sitting on your bar stool while you went to take a piss. Its wrong to take it, but how could you expect anything else to happen?
Its people like you who complain "Its never my fault for being incompotent, its always everyone elses fault for taking advantage of me!" that are turning this countrys laws into the fucked up system we have to live with daily.
There is a fine line between being taken advantage of and being stupid as fuck.
If you take your car to a service shop and they lie about whats wrong to get more money, you are taken advantage of. If you buy a book and try to do it yourself and fuck your car up, you are stupid.
If you have someone install your network and tell you 'its secure, only you can use it' and this happens, you have been taken advantage of. If you try to set it up yourself and do it wrong without even trying to read a 'quick setup guide', you are stupid.
Personally I would no doubt break my car if i attempted to fix it myself. For me to even try it would be stupid. This is why i trust my mechanic to know what hes doing, as well as not lie to me about it.
If a machine's disk is distroyed, i restore from the backup server. If the backup server failed, the machines it backsup are still there with their data.
All of the systems are RAID, so it would take an abnormal amount of disks to fail all at once (Over 60% of the disks accrost atleast two machines) to actually lose data.
I dont think anything will be happening to cause that, which also wouldnt distroy your tapes or whatever other medium you use for backups...
It has a 4x5 matrix (20 keys) that you wire to this board. Then you program it to push a value for each key out either the serial or PS/2 lines, you can plug this in directly to the keyboard input if thats what you need, or go the serial route if you want to make your own listener appliaction for it.
PDF datasheets are on their site.
Ive purchased many of these and they are the most handy things ever. You can also buy keypads and ribbon cables from parallax as well if you dont mind a 4x3 or 4x4 telephone like pad. Both have 0-9 * and #, and the 4x4 has the letters A-D. If you make your own, the board can support up to 4x5 grids.
With a few other parts you can easily break out the matrix and wire each of the 20 keys up to pushbuttons to do almost anything.
If you use a serial protocol, and some latch ICs, you can string together 8 or so of these chips into one serial port on the PC.
My application was a MAME joystick that sent PS/2 keycodes that MAME would understand.
(BTW, for real arcade joysticks buttons and whatnot, check out www.happcontrols.com)
> If you come to my house and try all the doors to see what's open to the general > public, you'll probably get shot or at least get to see how well your head is > capable of decelerating a baseball bat.
Except your home isnt a public place. Your home is a private place, for you.
So to extend that to computers.
Your PC behind a firewall is a private place. Did anyone claim it was OK to attempt to break in through a firewall? No. So please stop arguing that point.
A webserver is indeed a public place. Its more compared to the general use lodge at the park down the street.
And let me tell you, if you attacked me while i was attempting to see if the doors were open on that public general use lodge, you would clearly be in the wrong for doing so.
When you run a webserver, you are allowing the general public. If you dont want the general public there, take measures, ANY MEASURES AT ALL, to stop them!
Leaving a webserver on a public network with no filters, firewall rules, IP access lists, or authentication, can not in any way be argued as taking measures to prevent access to it. You wouldnt have a leg to stand on.
Its akin to putting a tarp down on the ground, setting out your , no walls or screens or covers or anything, then complaining when people look at that is laying out in the open.
If you dont want that stuff being looked at, dont put it there in public. Same difference with a webserver.
As for your comment of not polite. Inviting people into your home, then shooting them for tresspassing is what _I_ call impolite. That is basically what you are trying to justify being OK.
> what happens when Yahoo decides that mydomain.com is a spam domain and sends a > bounce message for each of your spliners?
Those bounces will be forwarded back to them, so whatever floats the spammers boat, they can have fun with it.
> The only solution is what yahoo is supposed to stand for, > "You Always Have Other Options".
Well, as i said i was just using Yahoo as an example. try a s/yahoo.com/fly-by-night-computer-parts.com/
Hell, even slashdot has a customized address. I dont exclude anyone, but i have very few 'fucked-via-bounces' forwards setup.
> So, if Yahoo is obnoxing you it's time to learn not to do > anything with yahoo and tell your friends.
Well, thats great and all.. But by the time you know not to do business with whoever (by getting spammed on the address you gave the company) chances are your business transaction is done and overwith.
Its sorta like saying "I posted to usenet and started getting spammed cuz of it. Well, im not ever going to post to usenet again, that'll show em!" I mean thats your choice and all, but it wont help one bit about the spam your getting now and will continue to get in the future.
For a real world example, yahoo actually listens to spam complaints, and atleast claims to take action, so i would never do this to yahoo.
However for a trip i took, i made email accounts for Orbitz.com and delta.com, both of which got heavily spammed while i was on vacation. I've sent emails to both complaining, and only delta responded, and even then only to remove me from their list.
I told them i fully expected to be removed from all of their partners lists, and i will put no more effort into it than i did to get subscribed. They actually had the nerve to reply to me and say i should be thankful im getting offers from them. Orbitz never replied.
Both are now having their spam sent back to them.
zones.com is an online store i made one purchase from (I believe it was a pricewatch reference), and the address i made for them got heavily spammed. They tried to claim they dont sell email addresses, so i simply explained how my setup works, and that anything sent to that address must have come from them, as noone else would ever have that email address to send to. They finally admitted to sharing my email address but said there was nothing they could do, and told me to use some webform that wasnt functioning to remove me from their own internal list. using the webform did not work, further emails simply resulted in them telling me to use the webform (even after i stated that wasnt working, i would have thought it was a template reply if they wernt worded so different) Anyways, they clearly have no desire to remove me from any spam lists and think its fine. They are also liars. They can eat their own spam now.
zones.com was the first place that actually started spamming me on an address i made up (i was doing it for maybe a year before that) and this started over a year ago. Their outright lying and lack of care for a customer pushed me to do this. They dont care about my inbox, why should i care about theirs?
The nice part is the only spam they ever get from my server is what they send to the address noone but they have for me. zones.com only gets zones.com spam... orbitz only gets orbitz spam.
If they dont want to get spammed, they should take me off their spam lists, and all will once again be well.
I do the same thing with my domains, however I take it once step further.
Once I get spam sent to one of the addresses, I change the forward so it no longer goes to me, but forwards to a number of addresses at their domain. For example, if i signed up at yahoo.com and they spammed me, I would change my yahoo@mydomain.com forward to send to: abuse@yahoo.com,staff@yahoo.com,support@yahoo .com, help@yahoo.com,postmaster@yahoo.com,webmaster@yaho o.com etc
As they are all at the same domain, my mail server only sends one copy to the yahoo.com mailserver. Their server breaks it up then so I only really send one email out.
Using procmail to do this, i usually turn on logging until it hits a certain size. If no real/ligit emails come to me before the log of spam reaches a couple megs, i turn off logging and leave it.
This generates surprisingly little traffic on my mail server, and one would hope they get the point
This way yahoo (only using as example of course) may remove me from their mailing lists, but they have to deal with the spam from all of their 'business partners' they signed me up for, and at that point i dont care if the address is removed or not:)
Re:Gosh the negativity...
on
Linux Server Hacks
·
· Score: 3, Informative
> Crontabs do not have the ability to run commands say, every other week, > or every other month
Sure it does. Atleast the one that comes with linux (GNU?)
The time fields are: min hour day month day-of-week * means any/all of course.
You can do
* * * 1/2 */path/to/every-other-month.sh
Runs on the ODD months, make it 2/2 to run on the even months.
0/10 * * * */path/to/every-10-minutes.sh
Runs every 10 mins where the last digit is 0 (00 10 20... 50)
Or in the case of backups or something, run it every two hours between 9pm and 5am (9pm, 11pm, 1am, 3am, 5am - non business hours) and also run it once durring lunch (noon) 0 21-5/2,12 * * */path/to/backup.sh
Ok so thats not how you would want to run backups I'd imagine, but you get the idea of the timing commands atleast:)
In the last field you can put a day (IE mon) and say/2 for every other day, or tue/2 for every other day in the other set. I'm not really sure if mon/2 would do every other monday, or every other day starting the count on monday (which is what i think) If that is the case, I would hope mon/14 would work (On monday, every 14 days/2 weeks) but I have never tried that. If your backup script does any logging, perhaps you can create a simple script that logs when it runs to a file, and add it in crontab as (assuming midnight) 0 0 * * mon/14/path/to/testscript.sh
no doubt just a #!/bin/sh and date >>/root/testscript.output
To do every other week using the day of week may not be possible, so your code example is still valid. But that is only because the number of days in a month very and dont fall on any obvious boundrys.
The only two examples ive ever used were twice a month (1st and 15th) [0 0 1/15 * *] and every other day-of-week that depends if the day is even or odd. This is close to what you want, but unfortunatly as each month changes, if there are an odd number of days in the month, the order changes. Only when there are an even number of days in the month does next month continue on the same pattern. [ 0 0 2/2 * mon] for example.
> Do you Yahoo!? Google isn't alone in recognizing phrases using their trademark > in association with use of their website.
I never said they were.
However unlike the parent poster i replied to, I feel if someone started saying "To yahoo means search on any engine not just yahoo's" that Yahoo would get ticked and want them to use it correctly, just like google did.
> The problem is tar always archives the entire space which makes it difficult to > backup, say gigabytes of data, daily. > > A decent backup tool (as opposed to an archival tool) must absolutely have > incremental backup support.
Er?
tar --help [snip] Operation modifiers:
-G, --incremental handle old GNU-format incremental backup
-g, --listed-incremental handle new GNU-format incremental backup [snip] Local file selection:
-N, --newer=DATE only store files newer than DATE
--newer-mtime compare date and time when data changed only [snip]
This is in tar (GNU tar) 1.12 (Which is really really old actually.. slackware 3.2 dist)
There are also tons of options to exclude directorys and files, to force it to span disks, and pretty much match in any way you need. I've been making incremental backups (and even restored a few) for awhile now.
Automated backups to an online disk server, open source, and a really nice web interface as well as command line interface.
It uses samba and ssh to backup and restore to windows and unix machines. You can have it restore any files/folders in a backup you select, using the same methods (samba or ssh) as well as it can send the restore files to your browser in a tar or zip file.
I recently replaced a machine using amanda and a DLT drive with a fileserver using a raid 5 array and backuppc. Best switch ever.
> Funny that the article didn't mention the fact that Google's lawyers recently > asked [linguistlist.org] Paul McFedries to remove the word 'google' from his > excellent wordspy [wordspy.com] lexicon. A company that 'gets it' indeed.
Erm, thats odd, because that never happened. Did you just make that up on the spot or did it take you a while to prepare?
Google asked them to change their definition of 'google' from "To search for something" to "To search for something using the google search engine"
But they never once _DEMANDED_ that they remove the word google.
The wordspy.com listing was clearly incorrect. Google simply corrected them.
So no its not too funny that the article didnt mention lies and FUD. Its a refreshing change actually.
What I _do_ find funny is you even link right to the article that proves me right and your own statements wrong! Did you even read it?
Direct quote from the article you linked: > we want to make sure that when people use "Google," they are referring > to the services our company provides and not to Internet searching > in general.
The email then ends with: > We ask that you help us to protect our brand by deleting the definition of > "google" found at wordspy.com or revising it to take into account the > trademark status of Google.
Hell, even keeping the clearly wrong and incorrect definition would be OK with google if they simply added a (TM) mark after the word Google from how their email reads!
I just wanted to let you know I've been looking for a device like this for a couple weeks or so, and most of what I have found was as expencive (or more so) as the device in the main article. I only need maybe 10 of these things for around the house, so bulk pricing is out of the question.
The siteplayer module looks to be perfect for what i want.. and $30 isnt bad at all concidering what you get.
TCL is used in all sorts of strange and unexpected places that most dont even know about.
If you happen to have enable access to a cisco router with a newer 11.x or any 12.x version of IOS, you will note that tclsh is embedded into the router itself.
You have access to data structures in the router, can manipulate this data in any way tcl allows, and use it to envoke IOS commands as well.
A friend of mine wrote an inhouse TCL script for his router that monitored the BGP tables, and when they hit a certan size it would remove some of the smaller routes advertized so the tables did not fill up the limited memory (it was a low end router)
> What big gap in functionality do you see in Tcl?
First I'd like to say I love TCL, and its my script language of choice. Alot of times its also my programming language of choice as well.
However, one thing it is Very lacking in todays day and age is built-in (and thus cross platform) networking support. It can basically handle TCP over IP and thats it right now.
For linux and BSD (and one or two other unixes, thou not all of them by far) you have the scotty plugin, but as i said, that is not cross platform at all.
There needs to be built in raw IP, and thus UDP/ICMP support as well.
The plugins that do exist I also concider a disadvantage. I generally want my apps to be cross platform, but practically no plugins are, they are nearly all made for one OS and thats it. So you have to either not use plugins at all (which I do, and is quite limiting) or code support for an external program you write in another language such as C, which is annoying.
If they added raw IP support in the core TCL libs, so others could write UDP and whatnot libs around that in pure tcl, life would be perfect in the TCL world.
Im sure I'm going to get modded down and flamed for this... but I have one question.
If you own the modem, why was your modem accepting software updates?
I mean, the cable company sends out software updates for their own hardware only. If you bought your modem, yours does not fall under that catagory.
Why did you allow it to accept this update?
I'm willing to bet that the cable company has in your contract somewhere a clause that states they will not support your hardware at all. If it works, great. If not, its not their problem. And rightfully so.
So from the sounds of it, your modem that you bought had a major flaw in it, in that it should not have been listening to the cable companys update commands. Why is this the cable companys fault?
Sounds to me like someone taking a 110vac lamp and plugging it in a 220vac outlet, having it blow up, then wanting to sue the power company for not making things magically work.
If this was the cable companys hardware and they broke it themselfs, it would be a totally different story. But your connecting an unsupported forien device that the cable company even tells you out right isnt supported nor garenteed to even work at all, into their network.
This isnt a telephone device.. you buy an analog modem and the FCC garentees it will work with the phone network. you buy an electrical device and its UL listed to garentee it will work with the power grid.
You rent a cable modem because they garentee it works with their service. you failed to do this part, and are trying to blame someone else.
Either you didnt research enough into if that modem would work correctly in the first place, or did not configure it correctly (Which is what it sounds like).
How anyone can believe this is anything other than user-error is beyond me.
I dont think its so much due to the fact its IE vs Netscape, the reason they pointed this out was because its a totally different browser with different cache/history/cookies/etc so the server had no way to know it wasnt the same person.
> I'd say the lack of knowledge of this hole kept people pretty secure in this > case, wouldn't you?
Thats what I said in my post. Glad someone finally aggrees!
Im so sick of people bitching that there is some how a difference between them releasing the anouncement now vs 3 months ago, when 3 little months is nothing compared to the 10+ years its been there.
Granted im glad it is being fixed and not staying hidden to all but blackhats, but still...
> Are they saying that this worked perfectly? If so, what about the next exploit? > What if Joe Nobody finds a hole, and makes it public before the DHS gets with > the makers of the software? What about the businesses in the private sector that > fail to patch their systems? Wasn't the fix for SQL Slammer out for months? I'm > sure this is a step in the right direction, but really, what happens next time?
I think no matter who is in control of oversite, be it CERN or the government or anyone, the same problem of "If we dont find out first, we cant do much about it" is true.
You also have to keep in mind, this bug was discovered in December and released in March. This only pertains to one person at ISS. Not to belittle his work finding this bug, but its still technically possible someone else has already found it before, and is good at keeping secrets.
If you assume that is true in all cases (Which from a security standpoint you need to assume) it really doesnt matter. That they are telling you about this hole now at all doesnt have anything to do with the fact that ALL systems using sendmail since version 5 have been exploitable for the past 10+ years.
The hole being disclosed isnt what causes the security problem. Its the other way around.
> Sometimes I doubt your commitment to Sparkle Motion.
Well, low ports do need protected. Perhaps needing root is the wrong security measure to take.
There is a patch for the linux kernel ( grlinux ?) which allows you to define a group ID in the kernel and any process in that group can bind to a low port. This is a much better ACL for that type of function.
As a matter of fact, they are trying to redo the security policys in linux that defines a number of restrictions into specific groups, and you can give a process only the access bits it needs.
root will be a normal account that has all the flags turned on.
However, access control over TCP ports is still a must, no matter how it is done.
> Uhm. Remind me. What exactly are its good points?
Hey can i have a shell on your box and bind apps to ports 21 23 110 and 80? Im just going to log passwords.. nothing i really need to ask permission for by your statements:)
Sad part is the thing you describe is possible under the law. As long as encryption is used somewhere in the process (Or something slightly close to being able to sound like encryption to a judge)
If you tried to reset it yourself, it would be in voilation of the federal dmca.
Please keep that idea secret.. i think some information being free would just suck for all of us but car companys:/
Slashdot Mirror
> Qmail [qmail.org] is small, fast, easy and secure.
Yes but qmail and postfix dont do near as much as sendmail.
Most of the people using sendmail (Myself included) use it because its the only option for our needs.
Until qmail and/or postfix reach the feature set of sendmail (or come anywhere near it) it will remain useless to me.
Thank you for preaching, please drive through.
> Hmm. In one place you say "take advantage of the morons" and in another you say
> "be polite and don't use a resource that someone asks nicely that you not use."
Where you came up with that is beyond me. You also took what i said totally wrong.
Example. At work (non IT job) there is a hub/switch on a desk with some machines attached to it.
There is a HUGE difference between asking "Am i allowed to plug in there to get internet access?" then being told yes or no, and never once asking and intending to break into their shit by plugging in their network.
They are two totally different intents.
WEP will NOT protect you from someone whos intent is to break in and see your wireless traffic.
WEP in the above example is like saying "No, you are not allowed to use that"
Does that mean anything further is stopping you from actually using it for good or bad? NO.
If WEP is on, moral people (myself included) will not use your connection. WEP is like saying "no", it is not an actual secure way to garentee noone will use it. It really is like just asking.
If someone is intending to break into your shit and use it or sniff your traffic, WEP will not protect you.
In the above example, if my workers asked if they can use that switch/hub for internet access, and i said no to them, I may choose not to take any further action to prevent them from doing so.
That is the long version of what I said in those two lines.
Please stop putting words in my mouth, and twisting the ones that actually come from there into something totally different.
> Just because I leave the keys in my car by accident doesn't give you the right
> to borrow my car.
Right. But this guy didnt go over to the persons house and plug into his hub/switch.
If you drive your car into my front door and left it there with the keys in it however, and I had no idea why it was there, accident or not you can hardly bitch if I start your car and drive it elsewhere.
Well i guess you can bitch, since you posted that stupid comment, but just because someone bitches about something doesnt make it wrong to have done.
Hell, it doesnt even take more than common sense to realize "Wow i connected all my neet new magical toys and i can get on my internet connection from my living room with no cables!!! Wait, if i can, cant everyone else?"
Once you realize that fact, it can be argued you ARE willingly allowing anyone to use it. Otherwise you wouldnt leave it in that condition.
If you dont realize that fact, you are a moron with no common sense, and should not be allowed to continue your existance.
If you are at or above normal intelligence, you would realize you have two options by the fact anyone can access it the same as you:
1) STOP
and
2) Look into methods so only you can and noone else can.
If you choose #1 there is no problem anymore.
If you choose #2, it will lead you to WEP
If a wireless network has WEP enabled, you are clearly not welcome.
The very smart of us know WEP is not a good replacement for real security, and one should not do secure things with WEP as your only form of protection.
However for answering the question of "Gee, can i use this network or not?" WEP being used is the only form of YES/NO there is.
The other way (Not for the average or lesser ingelligence user however) is to not use WEP but make your SSID read "keep_out" or something similar.
This too could be viewed as your not welcome.
The whole argument of "If i accidentally leave my front door unlocked, you have no right to come in" is totally off base.
Having no WEP and using DHCP to serve out IPs is similar to your house having no walls or doors of any sort what so ever, nor being on a lot.
If you lived on a throw rug in the middle of a field, you would have about as much privacy as a non-WEP enabled access point, and at that point the comparison is more accurate.
Is it right to steal an item laying on this throw rug in the middle of a field somewhere? No. Would anyone at all even think for a second you were in the wrong for doing so if your argument is "But the stuff was just laying there, how was i suppost to know it wasnt free junk!"? Not at all.
If you "accidentally" left an open access point handing out IPs connected to your internet connection, dont bitch.
Its like if you "accidentally" left cash sitting on your bar stool while you went to take a piss. Its wrong to take it, but how could you expect anything else to happen?
Its people like you who complain "Its never my fault for being incompotent, its always everyone elses fault for taking advantage of me!" that are turning this countrys laws into the fucked up system we have to live with daily.
There is a fine line between being taken advantage of and being stupid as fuck.
If you take your car to a service shop and they lie about whats wrong to get more money, you are taken advantage of.
If you buy a book and try to do it yourself and fuck your car up, you are stupid.
If you have someone install your network and tell you 'its secure, only you can use it' and this happens, you have been taken advantage of.
If you try to set it up yourself and do it wrong without even trying to read a 'quick setup guide', you are stupid.
Personally I would no doubt break my car if i attempted to fix it myself. For me to even try it would be stupid. This is why i trust my mechanic to know what hes doing, as well as not lie to me about it.
If i didnt know what i was donig with
I dont think i understand your question.
If a machine's disk is distroyed, i restore from the backup server.
If the backup server failed, the machines it backsup are still there with their data.
All of the systems are RAID, so it would take an abnormal amount of disks to fail all at once (Over 60% of the disks accrost atleast two machines) to actually lose data.
I dont think anything will be happening to cause that, which also wouldnt distroy your tapes or whatever other medium you use for backups...
Well you did want to know if anyone rolled their own.
6 3
If you are looking for PS/2 keyboard or RS232 serial output, check out the MEMkey board.
http://www.parallax.com/detail.asp?product_id=279
At quantities of 1 they are $40, but as they are programmable this can most likely do anything you need.
It has a 4x5 matrix (20 keys) that you wire to this board. Then you program it to push a value for each key out either the serial or PS/2 lines, you can plug this in directly to the keyboard input if thats what you need, or go the serial route if you want to make your own listener appliaction for it.
PDF datasheets are on their site.
Ive purchased many of these and they are the most handy things ever.
You can also buy keypads and ribbon cables from parallax as well if you dont mind a 4x3 or 4x4 telephone like pad.
Both have 0-9 * and #, and the 4x4 has the letters A-D.
If you make your own, the board can support up to 4x5 grids.
With a few other parts you can easily break out the matrix and wire each of the 20 keys up to pushbuttons to do almost anything.
If you use a serial protocol, and some latch ICs, you can string together 8 or so of these chips into one serial port on the PC.
My application was a MAME joystick that sent PS/2 keycodes that MAME would understand.
(BTW, for real arcade joysticks buttons and whatnot, check out www.happcontrols.com)
Hope this helps
> If you come to my house and try all the doors to see what's open to the general
> public, you'll probably get shot or at least get to see how well your head is
> capable of decelerating a baseball bat.
Except your home isnt a public place.
Your home is a private place, for you.
So to extend that to computers.
Your PC behind a firewall is a private place.
Did anyone claim it was OK to attempt to break in through a firewall?
No. So please stop arguing that point.
A webserver is indeed a public place.
Its more compared to the general use lodge at the park down the street.
And let me tell you, if you attacked me while i was attempting to see if the doors were open on that public general use lodge, you would clearly be in the wrong for doing so.
When you run a webserver, you are allowing the general public. If you dont want the general public there, take measures, ANY MEASURES AT ALL, to stop them!
Leaving a webserver on a public network with no filters, firewall rules, IP access lists, or authentication, can not in any way be argued as taking measures to prevent access to it. You wouldnt have a leg to stand on.
Its akin to putting a tarp down on the ground, setting out your , no walls or screens or covers or anything, then complaining when people look at that is laying out in the open.
If you dont want that stuff being looked at, dont put it there in public.
Same difference with a webserver.
As for your comment of not polite. Inviting people into your home, then shooting them for tresspassing is what _I_ call impolite. That is basically what you are trying to justify being OK.
> what happens when Yahoo decides that mydomain.com is a spam domain and sends a
> bounce message for each of your spliners?
Those bounces will be forwarded back to them, so whatever floats the spammers boat, they can have fun with it.
> The only solution is what yahoo is supposed to stand for,
> "You Always Have Other Options".
Well, as i said i was just using Yahoo as an example.
try a s/yahoo.com/fly-by-night-computer-parts.com/
Hell, even slashdot has a customized address.
I dont exclude anyone, but i have very few 'fucked-via-bounces' forwards setup.
> So, if Yahoo is obnoxing you it's time to learn not to do
> anything with yahoo and tell your friends.
Well, thats great and all.. But by the time you know not to do business with whoever (by getting spammed on the address you gave the company) chances are your business transaction is done and overwith.
Its sorta like saying "I posted to usenet and started getting spammed cuz of it. Well, im not ever going to post to usenet again, that'll show em!"
I mean thats your choice and all, but it wont help one bit about the spam your getting now and will continue to get in the future.
For a real world example, yahoo actually listens to spam complaints, and atleast claims to take action, so i would never do this to yahoo.
However for a trip i took, i made email accounts for Orbitz.com and delta.com, both of which got heavily spammed while i was on vacation.
I've sent emails to both complaining, and only delta responded, and even then only to remove me from their list.
I told them i fully expected to be removed from all of their partners lists, and i will put no more effort into it than i did to get subscribed.
They actually had the nerve to reply to me and say i should be thankful im getting offers from them.
Orbitz never replied.
Both are now having their spam sent back to them.
zones.com is an online store i made one purchase from (I believe it was a pricewatch reference), and the address i made for them got heavily spammed.
They tried to claim they dont sell email addresses, so i simply explained how my setup works, and that anything sent to that address must have come from them, as noone else would ever have that email address to send to.
They finally admitted to sharing my email address but said there was nothing they could do, and told me to use some webform that wasnt functioning to remove me from their own internal list.
using the webform did not work, further emails simply resulted in them telling me to use the webform (even after i stated that wasnt working, i would have thought it was a template reply if they wernt worded so different)
Anyways, they clearly have no desire to remove me from any spam lists and think its fine. They are also liars. They can eat their own spam now.
zones.com was the first place that actually started spamming me on an address i made up (i was doing it for maybe a year before that) and this started over a year ago. Their outright lying and lack of care for a customer pushed me to do this.
They dont care about my inbox, why should i care about theirs?
The nice part is the only spam they ever get from my server is what they send to the address noone but they have for me.
zones.com only gets zones.com spam... orbitz only gets orbitz spam.
If they dont want to get spammed, they should take me off their spam lists, and all will once again be well.
I do the same thing with my domains, however I take it once step further.
o .com, help@yahoo.com,postmaster@yahoo.com,webmaster@yaho o.com
:)
Once I get spam sent to one of the addresses, I change the forward so it no longer goes to me, but forwards to a number of addresses at their domain.
For example, if i signed up at yahoo.com and they spammed me, I would change my yahoo@mydomain.com forward to send to:
abuse@yahoo.com,staff@yahoo.com,support@yaho
etc
As they are all at the same domain, my mail server only sends one copy to the yahoo.com mailserver. Their server breaks it up then so I only really send one email out.
Using procmail to do this, i usually turn on logging until it hits a certain size.
If no real/ligit emails come to me before the log of spam reaches a couple megs, i turn off logging and leave it.
This generates surprisingly little traffic on my mail server, and one would hope they get the point
This way yahoo (only using as example of course) may remove me from their mailing lists, but they have to deal with the spam from all of their 'business partners' they signed me up for, and at that point i dont care if the address is removed or not
> Crontabs do not have the ability to run commands say, every other week,
/path/to/every-other-month.sh
/path/to/every-10-minutes.sh
/path/to/backup.sh
:)
/2 for every other day, or tue/2 for every other day in the other set. /path/to/testscript.sh
/root/testscript.output
> or every other month
Sure it does. Atleast the one that comes with linux (GNU?)
The time fields are: min hour day month day-of-week
* means any/all of course.
You can do
* * * 1/2 *
Runs on the ODD months, make it 2/2 to run on the even months.
0/10 * * * *
Runs every 10 mins where the last digit is 0 (00 10 20... 50)
Or in the case of backups or something, run it every two hours between 9pm and 5am (9pm, 11pm, 1am, 3am, 5am - non business hours) and also run it once durring lunch (noon)
0 21-5/2,12 * * *
Ok so thats not how you would want to run backups I'd imagine, but you get the idea of the timing commands atleast
In the last field you can put a day (IE mon) and say
I'm not really sure if mon/2 would do every other monday, or every other day starting the count on monday (which is what i think)
If that is the case, I would hope mon/14 would work (On monday, every 14 days/2 weeks) but I have never tried that.
If your backup script does any logging, perhaps you can create a simple script that logs when it runs to a file, and add it in crontab as
(assuming midnight) 0 0 * * mon/14
no doubt just a #!/bin/sh and date >>
To do every other week using the day of week may not be possible, so your code example is still valid. But that is only because the number of days in a month very and dont fall on any obvious boundrys.
The only two examples ive ever used were twice a month (1st and 15th) [0 0 1/15 * *] and every other day-of-week that depends if the day is even or odd. This is close to what you want, but unfortunatly as each month changes, if there are an odd number of days in the month, the order changes. Only when there are an even number of days in the month does next month continue on the same pattern.
[ 0 0 2/2 * mon] for example.
Hope that helps abit
> Do you Yahoo!? Google isn't alone in recognizing phrases using their trademark
> in association with use of their website.
I never said they were.
However unlike the parent poster i replied to, I feel if someone started saying "To yahoo means search on any engine not just yahoo's" that Yahoo would get ticked and want them to use it correctly, just like google did.
It just means you need to be able to run code on the machine somehow.
Remote exploits allow you to run code on a machine with no access.
Local exploits dont, so you have to already have that ability.
If you are a regular old user on a machine, you can get root this way.
If you can exploit a jailed app (IE bind or apache in a chroot jail) this bug will raise you from user nobody to root.
> The problem is tar always archives the entire space which makes it difficult to
> backup, say gigabytes of data, daily.
>
> A decent backup tool (as opposed to an archival tool) must absolutely have
> incremental backup support.
Er?
tar --help
[snip]
Operation modifiers:
-G, --incremental handle old GNU-format incremental backup
-g, --listed-incremental handle new GNU-format incremental backup
[snip]
Local file selection:
-N, --newer=DATE only store files newer than DATE
--newer-mtime compare date and time when data changed only
[snip]
This is in tar (GNU tar) 1.12
(Which is really really old actually.. slackware 3.2 dist)
There are also tons of options to exclude directorys and files, to force it to span disks, and pretty much match in any way you need.
I've been making incremental backups (and even restored a few) for awhile now.
http://backuppc.sourceforge.net/
Automated backups to an online disk server, open source, and a really nice web interface as well as command line interface.
It uses samba and ssh to backup and restore to windows and unix machines.
You can have it restore any files/folders in a backup you select, using the same methods (samba or ssh) as well as it can send the restore files to your browser in a tar or zip file.
I recently replaced a machine using amanda and a DLT drive with a fileserver using a raid 5 array and backuppc. Best switch ever.
> Funny that the article didn't mention the fact that Google's lawyers recently
> asked [linguistlist.org] Paul McFedries to remove the word 'google' from his
> excellent wordspy [wordspy.com] lexicon. A company that 'gets it' indeed.
Erm, thats odd, because that never happened. Did you just make that up on the spot or did it take you a while to prepare?
Google asked them to change their definition of 'google' from "To search for something" to "To search for something using the google search engine"
But they never once _DEMANDED_ that they remove the word google.
The wordspy.com listing was clearly incorrect.
Google simply corrected them.
So no its not too funny that the article didnt mention lies and FUD. Its a refreshing change actually.
What I _do_ find funny is you even link right to the article that proves me right and your own statements wrong! Did you even read it?
Direct quote from the article you linked:
> we want to make sure that when people use "Google," they are referring
> to the services our company provides and not to Internet searching
> in general.
The email then ends with:
> We ask that you help us to protect our brand by deleting the definition of
> "google" found at wordspy.com or revising it to take into account the
> trademark status of Google.
Hell, even keeping the clearly wrong and incorrect definition would be OK with google if they simply added a (TM) mark after the word Google from how their email reads!
> One of the big advantages of linux is the cost
But one of the big advantages of Windows is support.
Now in the linux camp you can get free and supportless, or pricy and supported.
In the windows camp you only have pricy and supported.
Two vs One is still a win for linux over windows at that game.
I just wanted to let you know I've been looking for a device like this for a couple weeks or so, and most of what I have found was as expencive (or more so) as the device in the main article.
I only need maybe 10 of these things for around the house, so bulk pricing is out of the question.
The siteplayer module looks to be perfect for what i want.. and $30 isnt bad at all concidering what you get.
Thank you for the URL!
--Jon
TCL is used in all sorts of strange and unexpected places that most dont even know about.
If you happen to have enable access to a cisco router with a newer 11.x or any 12.x version of IOS, you will note that tclsh is embedded into the router itself.
You have access to data structures in the router, can manipulate this data in any way tcl allows, and use it to envoke IOS commands as well.
A friend of mine wrote an inhouse TCL script for his router that monitored the BGP tables, and when they hit a certan size it would remove some of the smaller routes advertized so the tables did not fill up the limited memory (it was a low end router)
> What big gap in functionality do you see in Tcl?
:)
First I'd like to say I love TCL, and its my script language of choice.
Alot of times its also my programming language of choice as well.
However, one thing it is Very lacking in todays day and age is built-in (and thus cross platform) networking support.
It can basically handle TCP over IP and thats it right now.
For linux and BSD (and one or two other unixes, thou not all of them by far) you have the scotty plugin, but as i said, that is not cross platform at all.
There needs to be built in raw IP, and thus UDP/ICMP support as well.
The plugins that do exist I also concider a disadvantage.
I generally want my apps to be cross platform, but practically no plugins are, they are nearly all made for one OS and thats it.
So you have to either not use plugins at all (which I do, and is quite limiting) or code support for an external program you write in another language such as C, which is annoying.
If they added raw IP support in the core TCL libs, so others could write UDP and whatnot libs around that in pure tcl, life would be perfect in the TCL world.
Just my $0.02
Im sure I'm going to get modded down and flamed for this... but I have one question.
If you own the modem, why was your modem accepting software updates?
I mean, the cable company sends out software updates for their own hardware only.
If you bought your modem, yours does not fall under that catagory.
Why did you allow it to accept this update?
I'm willing to bet that the cable company has in your contract somewhere a clause that states they will not support your hardware at all.
If it works, great. If not, its not their problem. And rightfully so.
So from the sounds of it, your modem that you bought had a major flaw in it, in that it should not have been listening to the cable companys update commands.
Why is this the cable companys fault?
Sounds to me like someone taking a 110vac lamp and plugging it in a 220vac outlet, having it blow up, then wanting to sue the power company for not making things magically work.
If this was the cable companys hardware and they broke it themselfs, it would be a totally different story.
But your connecting an unsupported forien device that the cable company even tells you out right isnt supported nor garenteed to even work at all, into their network.
This isnt a telephone device.. you buy an analog modem and the FCC garentees it will work with the phone network. you buy an electrical device and its UL listed to garentee it will work with the power grid.
You rent a cable modem because they garentee it works with their service. you failed to do this part, and are trying to blame someone else.
Either you didnt research enough into if that modem would work correctly in the first place, or did not configure it correctly (Which is what it sounds like).
How anyone can believe this is anything other than user-error is beyond me.
I dont think its so much due to the fact its IE vs Netscape, the reason they pointed this out was because its a totally different browser with different cache/history/cookies/etc so the server had no way to know it wasnt the same person.
> I'd say the lack of knowledge of this hole kept people pretty secure in this
> case, wouldn't you?
Thats what I said in my post. Glad someone finally aggrees!
Im so sick of people bitching that there is some how a difference between them releasing the anouncement now vs 3 months ago, when 3 little months is nothing compared to the 10+ years its been there.
Granted im glad it is being fixed and not staying hidden to all but blackhats, but still...
> Are they saying that this worked perfectly? If so, what about the next exploit?
:P
> What if Joe Nobody finds a hole, and makes it public before the DHS gets with
> the makers of the software? What about the businesses in the private sector that
> fail to patch their systems? Wasn't the fix for SQL Slammer out for months? I'm
> sure this is a step in the right direction, but really, what happens next time?
I think no matter who is in control of oversite, be it CERN or the government or anyone, the same problem of "If we dont find out first, we cant do much about it" is true.
You also have to keep in mind, this bug was discovered in December and released in March. This only pertains to one person at ISS.
Not to belittle his work finding this bug, but its still technically possible someone else has already found it before, and is good at keeping secrets.
If you assume that is true in all cases (Which from a security standpoint you need to assume) it really doesnt matter. That they are telling you about this hole now at all doesnt have anything to do with the fact that ALL systems using sendmail since version 5 have been exploitable for the past 10+ years.
The hole being disclosed isnt what causes the security problem. Its the other way around.
> Sometimes I doubt your commitment to Sparkle Motion.
That sig sounds like a product of fear
Well, low ports do need protected.
Perhaps needing root is the wrong security measure to take.
There is a patch for the linux kernel ( grlinux ?) which allows you to define a group ID in the kernel and any process in that group can bind to a low port.
This is a much better ACL for that type of function.
As a matter of fact, they are trying to redo the security policys in linux that defines a number of restrictions into specific groups, and you can give a process only the access bits it needs.
root will be a normal account that has all the flags turned on.
However, access control over TCP ports is still a must, no matter how it is done.
> Uhm. Remind me. What exactly are its good points?
:)
Hey can i have a shell on your box and bind apps to ports 21 23 110 and 80?
Im just going to log passwords.. nothing i really need to ask permission for by your statements
Erk
:/
Sad part is the thing you describe is possible under the law. As long as encryption is used somewhere in the process (Or something slightly close to being able to sound like encryption to a judge)
If you tried to reset it yourself, it would be in voilation of the federal dmca.
Please keep that idea secret.. i think some information being free would just suck for all of us but car companys