At one desk, users can move a wireless mouse's pointer from the screen of one computer to the screen of a laptop.
Imagine going mad at somebody and throwing your mouse at him. It will take weeks before you have found your cursor back!
Euh... I have a mouse-cursor on the screen but I don't know who it belongs to..."
Please, stop playing around. Get away from that start-menu!
Don't! DON'T. Don't run winipcfg! I will hate you for the rest of your life! *** irc-user has quit (Ping timeout)
He took a board 12 cubits long and half a cubit wide
Even without knowing how much a cubit is I know how it looks like. But then...
(about 20 feet by 10 inches)
WTF?? 20 feet, that's about 20 / 3.3 is about 6 meters. And 10 inches, that's euh 25 centimers. Yeah, it still looks the same size but oh boy, 20 feet by 10 inches... *shudder*
The last four seasons of DS9 were of the same quality as B5. They both did have one episode stories, but they both had a very thick red line going through it so which took you back to previous episodes and made it possible to see three, four episodes in a row (it happens, okay:-) without getting bored because there is progress in the story instead of restarting it all over each time.
To me, the last four seasons of DS9 were the best series of the whole ST collection.
On the dutch radio between 1980 and 1985 there was the computer/science/space program Hobbyscoop and they always had a newsletter in Basic. This was at the time that every computer was different (Z80-based, 6800-based, 8080-based etc etc), with all different kinds of Basics with all different kind of ways to do things (for example, clear the screen, on the MSX it was CLS, on the Philips P2000T is was print chr$(12)). To overcome this problem they has a set of basic-subroutines. For example if you did "gosub 100", you cleared the screen. If you did "gosub 110", you would go to position (x%,y%) on the screen etc. This way the one basic program could be ran on all home-computers at that time.
Every wednesday evening between 19:25 and 19:30 the newsletter was send and it was just like playing an data-tape on your cassettedeck. I taped it and later on with a simple three resistor circuit played it on the printerport of the P2000 and I could read my weekly news about space and the MIR, interesting things regarding computers or if programs were send I could calculate when the next lunar eclipse was or when the next full moon would be etc etc etc.
Oh euh.. Rocketscience? Not really. But it was the beginning of the 80s, when home-computers started to become popular and the reign of the IBM PC hadn't started yet... Way cool stuff:-)
You're right, it wouldn't be newsworthy if it was the/NetBSD/ project who had setup such a list. But then, if you would have read the article, you would have known it is the/FreeBSD/ project who has setup the list.
The NetBSD project != the FreeBSD project, and the attitude you showed doesn't do good to any of them.
If you would have read the release process document you would have seen the link to the Testing Guide for 4.7 (pre-)release which explains what should be checked carefully in this (pre)-release.
Reading the article doesn't take so long, you probably spend more time in replying to it.
It's time for a pragmatic approach: The people at Google should get in touch with the people from the Chinese Government Networking Services and get a deal done for hosting a mirror (mirror? link? whatever) inside the Chinese part of the Internet.
It's ideal in a couple of ways:
- The 1+ billion people (yes I know that they don't have all access to the internet) have access to a good working search-engine. Even if it's without the "view cache" feature, at least they have the search-engine.
- The traffic of the 1+ billion people searching through the Google database doesn't have to go over the ocean toward the US anymore (yes I know that US ISPs don't pay for the intercontinental links)
- (think of some other advantages yourself)
Of course, the first thing what is going to be said now is "Who is going to pay for this?"...
yeah. this would be useful, considering how hard it is to reach 3 feet and flush it manually.
"Done! Euh... where did I leave the remote?" (searches through other rooms, finally finding it in the kitchen where somebody needed it for using the blender) "Thank you, now flush!... Flush!... FLUSH!" (slaps remote control in hands, maybe a loosy contact somewhere) "flush!" (slaps remote control harder until you hear the sound of a remote falling into the water of the toilet) "Euh... How did this so called 'manual' setting of the toilet work again?" (toilet flushes)
Extensive testing by worried geeks has shown that slashdot.org is still accessible from the Chinese part of the Internet. Further tests are scheduled for the next couple of days to make sure it stays.
'NASA does not have the capability to read minds, nor are we suggesting that would be done'
Now all keep repeating:
NASA does not have the capability to read minds, nor is suggesting that it would be done. NASA does not have the capability to read minds, nor is suggesting that it would be done. NASA does not have the capability to read minds, nor is suggesting that it would be done. NASA does not have the capability to read minds, nor is suggesting that it would be done. NASA does not have the capability to read minds, nor is suggesting that it would be done. [ad infinitum]
It's a release to fix security problems, it isn't a major release with new nifty features. Unless you've been consequent with your patches (openssh, openssl, kqueue, ufs etc etc etc) there is no reason to upgrade. But if you want to have a checkpoint for your machines (i.e. a stable release without having to do all the patches each time you install something in the 4.6-series), this is a good start.
During the first and second RCs of 4.6.1 a couple of more problems regarding security came up and it would be a bad idea to release something with known problems (actually the reason why 4.6.1 was going to be released). That's why it was delayed with a month (I believe).
I should have seen this coming... Here is a copy of the weblog. It will be back after 24 hours.
01 August 2002 - 19:10:23 - OpenSSH 3.4p1 package trojaned
And all I was thinking was "Oh! I should upgrade ssh on these two machines before there are problems...". The beauty of FreeBSD is that it goes like this:
Easy euh? It went well, except for the second step:
===> Extracting for openssh-portable-3.4p1_7 >> Checksum mismatch for openssh-3.4p1.tar.gz. Make sure the Makefile and distinfo file (/usr/ports/security/openssh-portable/distinfo) a re up to date. If you are absolutely sure you want to override this check, type "make NO_CHECKSUM=yes [other args]". *** Error code 1
Euh... I didn't remember seeing a change in the FreeBSD ports regarding this. And I didn't see an announcement for it from the people from OpenSSH... Oh well, it happens. I downloaded the new openssh-tarball:
That's weird, they've rerolled the tarball without updating the signature file. I asked a couple of people on irc (#sage-au) if they have had troubles with compiling openssh the last days. Yups, ^Sarge^@bofh.snsonline.net also had it, he had a checksum mismatch.
Curious as I was, I extracted the old and new tarball and this were the differences:
$(COMPAT):../config.h
$(OPENBSD):../config.h Only in openssh-3.4p1/openbsd-compat: bf-test.c
At this moment I asked a couple of people on irc (#sage-au) if they have had troubles with compiling openssh the last days. Yups, ^Sarge^@bofh.snsonline.net also had it, also a checksum mismatch. Time to go deeper into it...
bf-test.c is a weird file. It talks about HP-UX PL.2 systems, it talks about _CRAY notes, it talkes about none-T3E machines, it talks about _ILP64__ and it does an epcdic2ascii() call. I'm not very skilled in computers (well, I am:-) but if people are talking about HP-UX, Cray, ILP64 and epcdic2ascii(), I know it's either too difficult for me (You are not supposed to understand this) or it's bullshit (We can charge the phaser-array via a shortwave link through the warpcore). Time to startup vmware and run the experiment: gcc -o bf-test bf-test.c.
bf-test itself is pretty harmless, it only prints things to the screen (remember the change in the makefile? execute, redirect the output and execute the output). The shell script it prints creates a C program and tries to compile it. If it doesn't succeed at first, it tries to link other libraries (everybody who has ever ported a Solaris knows that you have to explicitely link to libresolv et al). So it's cross-platform:-)
The C code is not that smart. It tries once per hour to connect to port 6667 on the machine 203.62.158.32 which is web.snsonline.net and waits for commands from the person or persons who 0wn3d the machine. Does it get an M, it sleeps for another hour. Does it get an A, it will abort. Does it get an M, it will spawn a shell. Some people will build it "normal" privileges and install it as root: they will get a shell with "normal" privileges. Other people will build it with "root" privileges and the shell will have "root" privileges.
While analyzing the code on #sage-au and mentioning the hostname, ^Sarge^ looked strangely at me (well, it's IRC so you never know but that's what I would do): "That is my machine.". The good news is that I didn't have to worry about finding out who manages the machine!
The next step is to inform somebody who manages the openssh-packages: The OpenBSD team. Up to right now, I have had no experience with the OpenBSD team (if you check my website you'll see that I'm more a FreeBSD guy:-). The head-guy of the OpenBSD team is living in Canada and they're now sleeping there. I've spend a couple of days on #freebsd on irc.openprojects.net, so I just tried #openbsd.
*** MavEtJu has joined #openbsd
Euh... anybody from the openssh-team here?
I have some news for you...
What's up?
I have contact! Marius asked me the standard questions (how did you find out, how can I see it, when did you find out) and after some investigation he said "I think I'd better call (and now I have forgotten the name)". Coolies! I think I found a right person to talk to! It looks like things are going to roll now, I can take my hands of it.
The last things I did were writing some emails to a couple of mailinglists and guide ^Sarge^ to #openbsd. For the rest I wasn't of very much use anymore, so I just kept monitoring #openbsd. And the logfile of my website, which went ballistic. Aftermatch
* The portable version wasn't the only which was trojaned, the normal version was also.
* It seems it took only six hours before somebody was alert enough to see that there was something wrong, all thanks to the checking of the MD5-checksum [insert a sweet 'aaaaaahhh' here]
* OpenSSH itself wasn't trojaned, the tarball was. There is nothing wrong with OpenSSH itself (this time:-) * The building of a port (under FreeBSD at least) is done as root with all its privileges. This is a wrong approach. For a time I tried, as an experiment, to build ports as user "port". This worked fine except for the "make clean" part, in which I couldn't remove the files created during the "make install" phase and the files which were made during the building of the RUN_DEPENDS ports.
Slashdot Mirror
A freaking 130 Amp Chip?
Watts, not amperes. But it's close, 130 / 3.3 is about 39-40 amperes.
At one desk, users can move a wireless mouse's pointer from the screen of one computer to the screen of a laptop.
Imagine going mad at somebody and throwing your mouse at him. It will take weeks before you have found your cursor back!
Euh... I have a mouse-cursor on the screen but I don't know who it belongs to..."
Please, stop playing around. Get away from that start-menu!
Don't! DON'T. Don't run winipcfg! I will hate you for the rest of your life!
*** irc-user has quit (Ping timeout)
ObMetricVsImperial
He took a board 12 cubits long and half a cubit wide
Even without knowing how much a cubit is I know how it looks like. But then...
(about 20 feet by 10 inches)
WTF?? 20 feet, that's about 20 / 3.3 is about 6 meters. And 10 inches, that's euh 25 centimers. Yeah, it still looks the same size but oh boy, 20 feet by 10 inches... *shudder*
Don't forget Buddy Weiserman! It's a great story.
They're talking about *PROTOCOLS*, not about *APPLICATIONS*. If I can happily access your MSN with my ICQ, we are both happy.
The last four seasons of DS9 were of the same quality as B5. They both did have one episode stories, but they both had a very thick red line going through it so which took you back to previous episodes and made it possible to see three, four episodes in a row (it happens, okay :-) without getting bored because there is progress in the story instead of restarting it all over each time.
To me, the last four seasons of DS9 were the best series of the whole ST collection.
Heh, that reminds me of Basicode.
:-)
On the dutch radio between 1980 and 1985 there was the computer/science/space program Hobbyscoop and they always had a newsletter in Basic. This was at the time that every computer was different (Z80-based, 6800-based, 8080-based etc etc), with all different kinds of Basics with all different kind of ways to do things (for example, clear the screen, on the MSX it was CLS, on the Philips P2000T is was print chr$(12)). To overcome this problem they has a set of basic-subroutines. For example if you did "gosub 100", you cleared the screen. If you did "gosub 110", you would go to position (x%,y%) on the screen etc. This way the one basic program could be ran on all home-computers at that time.
Every wednesday evening between 19:25 and 19:30 the newsletter was send and it was just like playing an data-tape on your cassettedeck. I taped it and later on with a simple three resistor circuit played it on the printerport of the P2000 and I could read my weekly news about space and the MIR, interesting things regarding computers or if programs were send I could calculate when the next lunar eclipse was or when the next full moon would be etc etc etc.
Oh euh.. Rocketscience? Not really. But it was the beginning of the 80s, when home-computers started to become popular and the reign of the IBM PC hadn't started yet... Way cool stuff
There is even an MSX radio channel.
Never heard of it, but the stream looks like a normal Shoutcast/Icecast stream and xmms likes it.
:-)
Now if they only started to play Arkanoid...
You're right, it wouldn't be newsworthy if it was the /NetBSD/ project who had setup such a list. But then, if you would have read the article, you would have known it is the /FreeBSD/ project who has setup the list.
The NetBSD project != the FreeBSD project, and the attitude you showed doesn't do good to any of them.
I would be shocked too if I would find out that I can't display all 65536 colours on a screen with 25600 pixels!
If you would have read the release process document you would have seen the link to the Testing Guide for 4.7 (pre-)release which explains what should be checked carefully in this (pre)-release.
Reading the article doesn't take so long, you probably spend more time in replying to it.
Slashdot is simply not the place to hear the latest about the BSD's.
I find the slashboxes quite handy: Daily Deamon News, BSDToday and FreeBSD Diary.
It's time for a pragmatic approach: The people at Google should get in touch with the people from the Chinese Government Networking Services and get a deal done for hosting a mirror (mirror? link? whatever) inside the Chinese part of the Internet.
It's ideal in a couple of ways:
- The 1+ billion people (yes I know that they don't have all access to the internet) have access to a good working search-engine. Even if it's without the "view cache" feature, at least they have the search-engine.
- The traffic of the 1+ billion people searching through the Google database doesn't have to go over the ocean toward the US anymore (yes I know that US ISPs don't pay for the intercontinental links)
- (think of some other advantages yourself)
Of course, the first thing what is going to be said now is "Who is going to pay for this?"...
It's available from Googles cache.
Err... Never mind.
yeah. this would be useful, considering how hard it is to reach 3 feet and flush it manually.
... Flush! ... FLUSH!"
"Done! Euh... where did I leave the remote?"
(searches through other rooms, finally finding it in the kitchen where somebody needed it for using the blender)
"Thank you, now flush!
(slaps remote control in hands, maybe a loosy contact somewhere)
"flush!"
(slaps remote control harder until you hear the sound of a remote falling into the water of the toilet)
"Euh... How did this so called 'manual' setting of the toilet work again?"
(toilet flushes)
Extensive testing by worried geeks has shown that slashdot.org is still accessible from the Chinese part of the Internet. Further tests are scheduled for the next couple of days to make sure it stays.
'NASA does not have the capability to read minds, nor are we suggesting that would be done'
Now all keep repeating:
NASA does not have the capability to read minds, nor is suggesting that it would be done.
NASA does not have the capability to read minds, nor is suggesting that it would be done.
NASA does not have the capability to read minds, nor is suggesting that it would be done.
NASA does not have the capability to read minds, nor is suggesting that it would be done.
NASA does not have the capability to read minds, nor is suggesting that it would be done.
[ad infinitum]
Go to to see the panels and then to see what's actually being sold.
And your point is? Just like this posting, yours is nothing but an unnecessary flamebait.
Instead of working together we smash each others head in. Fun isn't it?
It's a release to fix security problems, it isn't a major release with new nifty features. Unless you've been consequent with your patches (openssh, openssl, kqueue, ufs etc etc etc) there is no reason to upgrade. But if you want to have a checkpoint for your machines (i.e. a stable release without having to do all the patches each time you install something in the 4.6-series), this is a good start.
During the first and second RCs of 4.6.1 a couple of more problems regarding security came up and it would be a bad idea to release something with known problems (actually the reason why 4.6.1 was going to be released). That's why it was delayed with a month (I believe).
I should have seen this coming... Here is a copy of the weblog. It will be back after 24 hours.
/usr/ports/security/openssh-portable/ security/openssh-portable] edwin@k7>makeb le] edwin@k7>make install
a re up to date. If you are absolutely sure you want to override this
./bf-test.out &
../config.h ../config.h
:-) but if people are talking about HP-UX, Cray, ILP64 and epcdic2ascii(), I know it's either too difficult for me (You are not supposed to understand this) or it's bullshit (We can charge the phaser-array via a shortwave link through the warpcore). Time to startup vmware and run the experiment: gcc -o bf-test bf-test.c.
:-)
:-). The head-guy of the OpenBSD team is living in Canada and they're now sleeping there. I've spend a couple of days on #freebsd on irc.openprojects.net, so I just tried #openbsd.
:-)
01 August 2002 - 19:10:23 - OpenSSH 3.4p1 package trojaned
And all I was thinking was "Oh! I should upgrade ssh on these two machines before there are problems...". The beauty of FreeBSD is that it goes like this:
[~] edwin@k7>cd
[/usr/ports
[/usr/ports/security/openssh-porta
Easy euh? It went well, except for the second step:
===> Extracting for openssh-portable-3.4p1_7
>> Checksum mismatch for openssh-3.4p1.tar.gz.
Make sure the Makefile and distinfo file (/usr/ports/security/openssh-portable/distinfo)
check, type "make NO_CHECKSUM=yes [other args]".
*** Error code 1
Euh... I didn't remember seeing a change in the FreeBSD ports regarding this. And I didn't see an announcement for it from the people from OpenSSH... Oh well, it happens. I downloaded the new openssh-tarball:
-r--r--r-- 1 12187 mirror 840574 Jul 31 16:47 openssh-3.4p1.tar.gz
-r--r--r-- 1 12187 mirror 232 Jun 26 08:20 openssh-3.4p1.tar.gz.sig
That's weird, they've rerolled the tarball without updating the signature file. I asked a couple of people on irc (#sage-au) if they have had troubles with compiling openssh the last days. Yups, ^Sarge^@bofh.snsonline.net also had it, he had a checksum mismatch.
Curious as I was, I extracted the old and new tarball and this were the differences:
[~/test] edwin@k7>diff -r -u openssh-3.4p1-old openssh-3.4p1
diff -r -u openssh-3.4p1-old/openbsd-compat/Makefile.in openssh-3.4p1/openbsd-compat/Makefile.in
--- openssh-3.4p1-old/openbsd-compat/Makefile.in Wed Feb 20 07:27:57 2002
+++ openssh-3.4p1/openbsd-compat/Makefile.in Thu Feb 1 08:52:03 2001
@@ -26,6 +26,7 @@
$(CC) $(CFLAGS) $(CPPFLAGS) -c $bf-test.out; sh
$(COMPAT):
$(OPENBSD):
Only in openssh-3.4p1/openbsd-compat: bf-test.c
At this moment I asked a couple of people on irc (#sage-au) if they have had troubles with compiling openssh the last days. Yups, ^Sarge^@bofh.snsonline.net also had it, also a checksum mismatch. Time to go deeper into it...
bf-test.c is a weird file. It talks about HP-UX PL.2 systems, it talks about _CRAY notes, it talkes about none-T3E machines, it talks about _ILP64__ and it does an epcdic2ascii() call. I'm not very skilled in computers (well, I am
bf-test itself is pretty harmless, it only prints things to the screen (remember the change in the makefile? execute, redirect the output and execute the output). The shell script it prints creates a C program and tries to compile it. If it doesn't succeed at first, it tries to link other libraries (everybody who has ever ported a Solaris knows that you have to explicitely link to libresolv et al). So it's cross-platform
The C code is not that smart. It tries once per hour to connect to port 6667 on the machine 203.62.158.32 which is web.snsonline.net and waits for commands from the person or persons who 0wn3d the machine. Does it get an M, it sleeps for another hour. Does it get an A, it will abort. Does it get an M, it will spawn a shell. Some people will build it "normal" privileges and install it as root: they will get a shell with "normal" privileges. Other people will build it with "root" privileges and the shell will have "root" privileges.
While analyzing the code on #sage-au and mentioning the hostname, ^Sarge^ looked strangely at me (well, it's IRC so you never know but that's what I would do): "That is my machine.". The good news is that I didn't have to worry about finding out who manages the machine!
The next step is to inform somebody who manages the openssh-packages: The OpenBSD team. Up to right now, I have had no experience with the OpenBSD team (if you check my website you'll see that I'm more a FreeBSD guy
*** MavEtJu has joined #openbsd
Euh... anybody from the openssh-team here?
I have some news for you...
What's up?
I have contact! Marius asked me the standard questions (how did you find out, how can I see it, when did you find out) and after some investigation he said "I think I'd better call (and now I have forgotten the name)". Coolies! I think I found a right person to talk to! It looks like things are going to roll now, I can take my hands of it.
The last things I did were writing some emails to a couple of mailinglists and guide ^Sarge^ to #openbsd. For the rest I wasn't of very much use anymore, so I just kept monitoring #openbsd. And the logfile of my website, which went ballistic.
Aftermatch
* The portable version wasn't the only which was trojaned, the normal version was also.
* It seems it took only six hours before somebody was alert enough to see that there was something wrong, all thanks to the checking of the MD5-checksum [insert a sweet 'aaaaaahhh' here]
* OpenSSH itself wasn't trojaned, the tarball was. There is nothing wrong with OpenSSH itself (this time
* The building of a port (under FreeBSD at least) is done as root with all its privileges. This is a wrong approach. For a time I tried, as an experiment, to build ports as user "port". This worked fine except for the "make clean" part, in which I couldn't remove the files created during the "make install" phase and the files which were made during the building of the RUN_DEPENDS ports.
becuase *BSD was being sued by AT&T
See The Lawsuit at the O'Reilly publication of Open Sources: Voices from the Open Source Revolution.
At least the Morris worm was gone within a month...
*sob*