Multiple ISAKMP implementations behave in anomalous way when they receive and handle
ISAKMP Phase 1 packets with invalid and/or abnormal contents. By applying the OUSPG
PROTOS ISAKMP Test Suite to a variety of products, several vulnerabilities can be
revealed that can have varying effects.
Danny Lungstrom, a student in my Fall 2004 UNIX Security Holes course,
has discovered that uml_net, when installed setuid root (as is normal),
allows any local user to type
./uml_net 4 slip down eth0
to take down the computer's Ethernet connection. The connection stays
down until the system administrator manually brings it back up. I'm
publishing this notice, but all the discovery credits should be assigned
to Lungstrom.
I got harassed for taking photographs of several French police officers (in uniforms) in a subway station. They were not the subject of the photographs. Read.
A byte is anything, including sometimes 5 bits, sometimes 9. An octet is technically 8-bits, or can hold values from 0-255.
3 octets of input encode to 4 characters* of output in Base-64: 01010111 01010100 01000110
becomes 010101 110101 010001 000110
(Where each resulting number is an index to the set [A-Za-z0-9+/].) 4/3 = 1 1/3, therefore you get a 33% size increase. Correct?
* The term "characters" is used since Base64-encoded data may be transmitted on mediums that use 7-bit bytes, or otherwise systems which don't deal with octets.
It's not necessary to start on an empty line [n/t]
on
Bash 3.0 Released
·
· Score: 1
Anyone notice the URL in that screenshot, "feed://slashdot.org/index.rss"? This is bad because:
It necessarily ties the RSS reader to HTTP only, leaving out support for feeds on HTTPS or FTP[1] servers,
It bases its decision on content presentation based on an invented URI scheme, rather than the HTTP Content-Type header (for feeds from HTTP/HTTPS),
It could lead to confusion/incompatible links if other browsers use more sensible behavior. For instance, hypothetically, if I link to "http://.../foo.rss", and Mozilla handles that correctly as an RSS feed, what will Safari do? Properly display it as a feed? Display the raw XML? Redirect to its "feed://" URL? What about when Safari users use this special URI scheme in their links/e-mails/etc?
I was under the impression that new world macs are more open. Jobs saw to that to make more peripherals available to the macs when he returned. This is why Linux runs on them and not older world macs.
Linux runs on OldWorld Macs just fine. More difficult than running on NewWorld, but it works nonetheless. Boot into it with BootX or quik. Personally I run it on a Power Mac 9500 and have run it on a Power Mac 7200.
Tangenting, I believe you can run them on pre-PCI/pre-OF/pre-7200 PPC machines. And you can (often) even run them on 68k Macs. My Centris 610 is running Debian and XFree86 for excellent "couch computing".
I know there are other tools out there that can do all this, (ntop, ethereal, tcpdump, rrd's) but thats exactly my point. They are different tools, they don't work together, and imho, none of them are true network diagnostic tools.
I don't know about the others, but Ethereal will "work together" with tcpdump by reading tcpdump-generated capture files, and it can save captures in the same format. In fact, many network analysis tools will.
You mentioned remapping the salute, but it was vague on which OS you meant, so I thought I'd just clarify.
You can change the program that is run when you press CTL-ALT-DEL on Linux by editing/etc/inittab
To actually change the key sequences, change what gets mapped to 'Boot' in your kernel keymaps file. On Debian, this is/etc/console/boottime.kmap.gz; I'm not sure about others.
If you want to curb double-bounces, install SPF. Then bitch about sites that aren't using it. Or would you rather have legitimate mail that triggers poorly-written anti-virus software vanish into the ether?
My oldest monitor in use is an Apple Macintosh "12" RGB Display"--it's fixed-frequency, 512x384 in resolution, and was manufactured in 1990. It's older than, but not nearly as interesting, as my IBM 6091-19, a 19" Trinitron display with 5 BNC inputs, which is connected to my main Linux workstation with a special ($5 from eBay) VGA cable. The monitor, sadly, is fixed-frequency, so XFree86 (with special Modelines) must be running to see a usable image on the monitor.
Back to the Mac monitor: The top and bottom sides of the screen have hints of color shifting, so it may need to be degaussed, but otherwise it is bright and colorful.
It's connected to my Macintosh Centris 610. I've upgraded the CPU (which is clocked at 20MHz) from a 68LC040 to a 68040, which adds an FPU. It's running Debian 68k--it was unstable with the 68LC040, but after the upgrade it is stable and capable, with weeks of uptime.
The Linux framebuffer terminal emulator emulates a 64x48 terminal at the tiny 512x384 resolution. It can be quite painful to use. However, the tiny size of the monitor, the Centris it is connected to, and the miniature Apple Keyboard II make them a perfect combination for my living room coffee table, for comfy couch IRCing. =)
Mixmaster still works great for me. And by the way, I haven't noticed any spam coming from public anonymous remailers, surprisingly. But then, I'd be VERY paranoid about spam abuse if I ran an outgoing anonymous remailer of any sort.
Really. The FAQ says that messages sent to recipients only contain a URL to your full message. Unless they actually include the name of the deceased in the Subject or something else which clearly differentiates it from spam, many people will probably disregard the message.
Next, please. That technology involving random numbers+statistics looked far more promising....
Do you mean Hashcash? Keep in mind it does not provide any monetary or reusable value to those that accept Hashcash, it only proves that a "purchaser" has spent an amount of time doing CPU work. The purpose is to artificially increase scarcity of a service, not to compensate service providers. Useful, but a completely different purpose than BitPass.
Imagine all ISPs blocking egress port 25 traffic for their DHCP clients... It is irresponsible for ISPs to operate otherwise
Then they cease to be Internet Service Providers and become Interweb Service Providers. Why should "consumers" be subject to inferior Internet service? Why wouldn't/couldn't an ISP monitor egress port 25 traffic for suspicious spikes? I won't be doing business with ISPs that try pulling stunts like that.
Uh, you must have a very special version of ls, that presumably expresses mode in xrw?xrwwrx notation (where ? is a mystery value), as opposed to standard drwxrwxrwx notation. I also notice the lack of link count, user and group ownership, and last modification date.
Real ls:
-rw-r--r-- 1 piranha piranha 11173 Jun 14 06:56 xlog
Fantasy-ls(tm):
xrw-xrw-rx 17493892 companyreport.ppt
Call me crazy, but I think someone needs to stop making up program output.
It's a shame the $1 account doesn't get you Perl access. I'd considered purchasing ARPA access, but I'm getting along just fine through free accounts on friends' reliable systems.
I for one can't stand sites that implement a mail form, and leave no other way to contact the site administrator. It's intrusive:
I have yet to see any web browser with a usable TEXTAREA text editor for non-trivial messages (limited viewing area, no spell checking, no word wrapping, cumbersome copying/pasting). w3m's shelling out to $EDITOR is great, though.
I like keeping copies of mail I take the time to write; being forced to use a web interface means that the message I write won't be saved into my mail client's sent mail folder. (Manually copying the message along with bogus/made-up To:, From:, Date:, and Subject: headers to the sent mail folder is a cumbersome possibility).
Unless I've been out of the loop, form-mail scripts require the destination e-mail address to be put in a type=hidden <input> element. Why won't a spammer harvest that address?
Finally, why won't a spammer detect mail forms as they already detect e-mail addresses, and simply spam the recipient at the other end? Just because they don't have your address doesn't mean they can't spam you.
Between challenge-response programs, misguided filters that swallow (rather than bounce) messages that might be spam, address-to-image scripts that reduce usability for the blind or Lynx-bound, form mail scripts and (a comparitively minor annoyance:) e-mail address munging programs ("piranha at ely dot ath dot cx")... Why must people go out of their way to make others go out of their way to contact them? Ultimately, it's their choice, but we need a better solution.
As was already suggested, a RAM disk that periodically backs itself up to CF would work too.
That's a bad idea. What happens if the system goes down after a message is received, but before the RAM disk has been backed up? The mail will get lost.
Mail servers are required to guarantee the reliability of a message it has accepted responsibility for, even in the event of power failure. In order for that to be possible, the message must be synchronously written to non-volatile storage before the server acknowledges responsibility. So unless the server operator (and any mail domains they are a backup for) doesn't mind losing mail, a RAM disk is not an option.
Has anyone noticed that they are tracking the clickthroughs of the search results. (Note: google does not do this)
Wrong. I have noticed at least one occasion where a Google search result link would go through a Google redirection script. They take limited samples of search result click-throughs. See the paragraph "Links to Other Sites" in the Google Privacy Policy.
Slashdot Mirror
FTFA:
That doesn't strike me as a protocol problem.
Here's an excerpt from the first one I viewed, with my emphesis:
Who's gonna call this guy's other bullshit?
Surely this countermeasure will foil those dim-witted spammers!
I got harassed for taking photographs of several French police officers (in uniforms) in a subway station. They were not the subject of the photographs. Read.
01010111 01010100 01000110
becomes
010101 110101 010001 000110
(Where each resulting number is an index to the set [A-Za-z0-9+/].) 4/3 = 1 1/3, therefore you get a 33% size increase. Correct?
* The term "characters" is used since Base64-encoded data may be transmitted on mediums that use 7-bit bytes, or otherwise systems which don't deal with octets.
It's not necessary to start on an empty line.
1. Ok, perhaps that is slightly far-fetched.
Linux runs on OldWorld Macs just fine. More difficult than running on NewWorld, but it works nonetheless. Boot into it with BootX or quik. Personally I run it on a Power Mac 9500 and have run it on a Power Mac 7200.
Tangenting, I believe you can run them on pre-PCI/pre-OF/pre-7200 PPC machines. And you can (often) even run them on 68k Macs. My Centris 610 is running Debian and XFree86 for excellent "couch computing".
I don't know about the others, but Ethereal will "work together" with tcpdump by reading tcpdump-generated capture files, and it can save captures in the same format. In fact, many network analysis tools will.
To actually change the key sequences, change what gets mapped to 'Boot' in your kernel keymaps file. On Debian, this is /etc/console/boottime.kmap.gz; I'm not sure about others.
My favorite mnemonic for that key combination is Control-Flower-Power.
Bounces are good.
Back to the Mac monitor: The top and bottom sides of the screen have hints of color shifting, so it may need to be degaussed, but otherwise it is bright and colorful.
It's connected to my Macintosh Centris 610. I've upgraded the CPU (which is clocked at 20MHz) from a 68LC040 to a 68040, which adds an FPU. It's running Debian 68k--it was unstable with the 68LC040, but after the upgrade it is stable and capable, with weeks of uptime.
The Linux framebuffer terminal emulator emulates a 64x48 terminal at the tiny 512x384 resolution. It can be quite painful to use. However, the tiny size of the monitor, the Centris it is connected to, and the miniature Apple Keyboard II make them a perfect combination for my living room coffee table, for comfy couch IRCing. =)
Mixmaster still works great for me. And by the way, I haven't noticed any spam coming from public anonymous remailers, surprisingly. But then, I'd be VERY paranoid about spam abuse if I ran an outgoing anonymous remailer of any sort.
Really. The FAQ says that messages sent to recipients only contain a URL to your full message. Unless they actually include the name of the deceased in the Subject or something else which clearly differentiates it from spam, many people will probably disregard the message.
Do you mean Hashcash? Keep in mind it does not provide any monetary or reusable value to those that accept Hashcash, it only proves that a "purchaser" has spent an amount of time doing CPU work. The purpose is to artificially increase scarcity of a service, not to compensate service providers. Useful, but a completely different purpose than BitPass.
Then they cease to be Internet Service Providers and become Interweb Service Providers. Why should "consumers" be subject to inferior Internet service? Why wouldn't/couldn't an ISP monitor egress port 25 traffic for suspicious spikes? I won't be doing business with ISPs that try pulling stunts like that.
Uh, you must have a very special version of ls, that presumably expresses mode in xrw?xrwwrx notation (where ? is a mystery value), as opposed to standard drwxrwxrwx notation. I also notice the lack of link count, user and group ownership, and last modification date.
Real ls:
Fantasy-ls(tm):
Call me crazy, but I think someone needs to stop making up program output.
Pebrot 0.8.1 works fine for me. It's a Python Curses-based MSN client.
NetBSD, not OpenBSD.
It's a shame the $1 account doesn't get you Perl access. I'd considered purchasing ARPA access, but I'm getting along just fine through free accounts on friends' reliable systems.
SDF:
Heh, I've been posting my e-mail address in the clear for a few months now. But thanks anyway.
I for one can't stand sites that implement a mail form, and leave no other way to contact the site administrator. It's intrusive:
Between challenge-response programs, misguided filters that swallow (rather than bounce) messages that might be spam, address-to-image scripts that reduce usability for the blind or Lynx-bound, form mail scripts and (a comparitively minor annoyance:) e-mail address munging programs ("piranha at ely dot ath dot cx")... Why must people go out of their way to make others go out of their way to contact them? Ultimately, it's their choice, but we need a better solution.
That's a bad idea. What happens if the system goes down after a message is received, but before the RAM disk has been backed up? The mail will get lost.
Mail servers are required to guarantee the reliability of a message it has accepted responsibility for, even in the event of power failure. In order for that to be possible, the message must be synchronously written to non-volatile storage before the server acknowledges responsibility. So unless the server operator (and any mail domains they are a backup for) doesn't mind losing mail, a RAM disk is not an option.
Any reason this is in the Apache section?