This isn't a "Thanks Slashdot" thing; You make it sound like without slashdot this would never have seen the light of day. The thread had been going since last Thursday on vuln-dev. AP had already sniffed the story as of Friday. I know this because I was involved in the email thread, and because I was contacted by an AP reporter friday PM. The story was coming out; just because slashdot linked to a copy of a vuln-dev post (and not the actual archive with the thread intact) doesn't mean slashdot broke the story.
i've been using Joker as my sole registrar for the past 2 years. Super cheap, free dns, easy interface, good service. Only minus would be the sometimes awkward translated website / documents (they are a german registrar)....
Re:If you REALLY want gtk, check this.
on
GNU Emacs 21
·
· Score: 2
I've been using GTK/Xemacs exclusively for the past 6 months. It's pretty nice. Except some of my less frequently used elisp packages break randomly. And the scrollbars never seem to work (which doesn't really bother me, since i never use them anyway). But it's a small price to pay in order to get rid of the ugliness that is athena/motif I also recommend using the NeXT.XEmacs toolbar, as it removes the last bit of dated ugliness that xemacs has (i ditched netscape more than a year ago; why do i want anything else with an ugly toolkit running on my machine?).
I have not seen ACLU participate in DMCA cases or against proposed legislation such as SSSCA. As a result, I assume the ACLU has no argument over such laws.
just because you haven't seen something doesn't mean it doesn't exist. in actuality, the ACLU filed a friend-of-court-brief int the 2600 decss case.
i remember when i ran a WWIV system off of a 386. we were on chunkynet for email and boards, and we had games (tradewars and foodfight). and ansi art (i miss TheDraw). i bought a 14.4k modem through a vendor that gave discounts to sysops. after that, i downloaded pirated games that used DOS/4GW at (what seemed like) smoking rates. i even got my first internet account through a bbs (the transformer room).
<abe simpson>
you kids with your gigahertz and flash and dsl and tcp/ip don't know anything about zmodem or slurp or busy signals. back when i was your age, we used to get our email once a day. and we liked it.
</abe simpson>
Heh. Try renting "The Bad Lieutenant" from Blockbuster sometime. Then watch the real version. Then wonder why there's no warning as you walk into the store stating "We enforce our morals on you by editing our movies."
>Back in my day, the SID chip on a C-64 was only for snobs and rich sissy boys who needed fancy stuff like color and sound on a PC. We didn't need it then and we dont need it now and we LIKE it that way!.
have you seen the SIDstation (www.sidstation for the goatse.cx weary)? the SID chip is still fot rich people ($580 US for a 15+ year old chip), but the sounds on this synth are pretty sweet......
-BlueLines
Re:Who Is E-Mailing Our Kids Act
on
Congress@Work
·
· Score: 3
How ironic that the act is titled the Who Is E-Mailing Our Kids Act, when it has absolutely nothing to do with people emailing kids, and everything to don with the ability of kids to email other people.
But this is the United States we are talking about.
Whenever politicians want to do something that's unconstitutional, illegal, or against the wishes of their constituants (the war on drugs, christian fundamentalists, and the PMRC come to mind), they need only utter the magic phrase:
"Won't someone please think of the children!"
Now, if you fight them, you are obivously against children, you evil bastard.
i saw the article yesterday and laughed as i read it.
i mean, the bay area gold rush is over. you're not going to get those $150/hr html consulting gigs anymore. The job market is tight. but not too tight. a quick search on hotjobs.com shows a ton of job openings. and even though craigslist doesn't have hundreds of postings a day in the prgrammer / sysadmin area, they ususally have 4 or 5 new ones every day. i have more friends at companies that are doing well than i have friends who have been layed off, and everyone i know has at least one "backup" job in case their current employer folds. and the people in the article are web designers (of which there are too many period) and asp/vb programmers? give me a break. if you've got a few years of c/c++ experience, you'll land something really quick. the people that are having the worst time are the corporate/middle management folks, who have no tech skills whatsoever, and the "i studied cs in college but i've never done any practical coding before" types.
They don't mention Pong Kombat, which is (as it sounds) a combination of Mortal Komabt and pong. It's only available for windows (as far as i remember), but it's hilarious. Make sure you read the FAQ's on the site.
Don't forget about Burning Man, which is August 27 - September 3. A large chunk of techie types trek there every year as well, especially from the Bay Area. I bet it'll draw alot of people who otherwise might have gone to lwe of the linuxbierwanderung.....
Not true. There were two seperate vulnerabilites announced yesterday. The first just involves changing the static word16 to a static word32, but the second attack involved connecting many times to determine a session key. With the session key (and a sniffed session), one could decrypt the entire ssh session. Here's the patch for this on (for ssh-1.2.31 and below):
Also, it should be pointed out that openssh-2.3.0 isn't supported on openBSD =2.6, so if you run an older openBSD, you either have to upgrade or switch to ssh.com's ssh....
You're probably dropping more than $100 / month for service.
And you're using the analog outputs on your HDTV reviever?
You probably wouldn't be able to tell the difference between the different resolutions anyway. Digital connections (s-video, for instance) are the only way to go with HDTV.
This is just as bad as the people who drop $1k for a nice 5.1 reciever and plug it up with RCA cables.
I work in San Mateo (20 minutes south of SF), and we've been watching these all day. Our major systems are all ups'd, but it would still suck to be without power.....
This reminds me of a pinball machine I saw at Burningman this year called The Visible Woman. There was no score keeping, and you basically played until the woman in the game made orgasmic sounds.I got to talking about the machine with the technical guy behind it, and it runs on linux. There are 10 or 11 triggers on the pinball machine, and each of those corresponds to a pin on a serial cable. There's a tiny computer hidden underneath the pinball console, and that emits the sound. There's no mention of the technical aspect of this game on the web site, so this is all from memory.
Here's a picture of people playing the game. You can see the computer underneath covered up by a blanket.
traceroute to 209.211.253.74 (209.211.253.74), 30 hops max, 38 byte packets
1 main4-216-200-18.sjc.above.net (216.200.18.3) 0.694 ms 0.960 ms 2.204 ms
2 core5-main4-oc3-2.sjc.above.net (208.184.102.193) 0.829 ms 0.403 ms 0.416 ms
3 core3-core5-oc48.sjc2.above.net (208.184.102.206) 0.626 ms 0.973 ms 0.462 ms
4 core5-core3-oc48.sjc2.above.net (208.185.156.66) 0.516 ms 0.772 ms 0.454 ms
5 nyc-sjc-oc12.nyc.above.net (208.185.156.162) 89.743 ms 89.731 ms 89.742 ms
6 qwest-nyc-oc12.above.net (208.185.156.26) 90.390 ms 90.437 ms 90.125 ms
7 jfk-core-02.inet.qwest.net (205.171.30.17) 90.164 ms 89.947 ms 90.264 ms
8 jfk-edge-01.inet.qwest.net (205.171.30.94) 90.205 ms 90.032 ms 90.410 ms
9 205.171.38.14 (205.171.38.14) 97.493 ms 97.652 ms 97.937 ms
10 209.211.253.74 (209.211.253.74) 97.647 ms 97.949 ms 98.726 ms
Not true. My company has several racks worth of machines at above.net, and i can see these ip's fine:
traceroute to mediamasters.com (204.101.215.149), 30 hops max, 38 byte packets
1 main4-216-200-18.sjc.above.net (216.200.18.3) 0.460 ms 0.548 ms 22.097 ms 2 core5-main4-oc3.sjc.above.net (216.200.0.213) 0.438 ms 0.707 ms 0.329 ms
3 core1-core5-oc48.sjc2.above.net (216.200.0.178) 0.748 ms 0.435 ms 0.476 ms
4 ord-sjc-oc12.ord.above.net (207.126.96.117) 60.749 ms 60.551 ms 60.689 ms 5 POS12-0-0.GW2.CHI6.ALTER.NET (157.130.111.89) 62.042 ms 62.046 ms 62.066 ms
6 112.ATM3-0.XR2.CHI6.ALTER.NET (146.188.208.182) 61.435 ms 62.329 ms 61.414 ms
7 190.at-2-0-0.TR2.CHI2.ALTER.NET (152.63.65.102) 63.525 ms 63.280 ms 62.999 ms
8 126.ATM6-0.TR2.TOR2.ALTER.NET (152.63.7.102) 75.048 ms 74.651 ms 74.853 ms
9 198.ATM6-0.XR2.TOR3.ALTER.NET (152.63.129.201) 75.971 ms 75.700 ms 75.437 ms
10 191.ATM6-0.GW1.TOR3.ALTER.NET (152.63.129.237) 75.506 ms 75.527 ms 76.023 ms
11 205.150.221.230 (205.150.221.230) 89.191 ms 89.263 ms 88.758 ms
12 mediamasters.com (204.101.215.149) 88.596 ms 88.603 ms 89.945 ms
What are your favorite abandoned games that you'd like to try playing again
Old EA games like the Bard's Tale series and Wasteland. EA recently released a package containing all of these for $20, but it'd be great to see updated versions that could take advantage of higher resolutions than the 64k EGA card i used for most of these games. I also miss Duke Nukem 3D, and am very sure that there's enough of a market to support a open/group rewrite of the engine to do OpenGL. In fact, this would probably get done before Duke Nukem Forever is actually released. I mean, I remember when the DNF people announced the change from the Q1 engine to the Q2 engine. And i want to be playing pool and waving money at strippers now....
Slashdot Mirror
This isn't a "Thanks Slashdot" thing; You make it sound like without slashdot this would never have seen the light of day. The thread had been going since last Thursday on vuln-dev. AP had already sniffed the story as of Friday. I know this because I was involved in the email thread, and because I was contacted by an AP reporter friday PM. The story was coming out; just because slashdot linked to a copy of a vuln-dev post (and not the actual archive with the thread intact) doesn't mean slashdot broke the story.
-BlueLines
True reason MS won't release the source code for a security audit:
~$ df
/home 200M free
~$ cd windows/source
~/windows/source$ find . -name "*.c*" -exec grep -l gets {} \; > ~/
volume
umm, that would match fgets(3) as well, which is much safer.
-BlueLines
you mean that no one _really_ poured hot grits into natalie portmann's pants? i'm shocked....
-BlueLines
i've been using Joker as my sole registrar for the past 2 years. Super cheap, free dns, easy interface, good service. Only minus would be the sometimes awkward translated website / documents (they are a german registrar)....
I've been using GTK/Xemacs exclusively for the past 6 months. It's pretty nice. Except some of my less frequently used elisp packages break randomly. And the scrollbars never seem to work (which doesn't really bother me, since i never use them anyway). But it's a small price to pay in order to get rid of the ugliness that is athena/motif I also recommend using the NeXT.XEmacs toolbar, as it removes the last bit of dated ugliness that xemacs has (i ditched netscape more than a year ago; why do i want anything else with an ugly toolkit running on my machine?).
there is no fnord illuminati.
sincerely,
the illuminati
I have not seen ACLU participate in DMCA cases or against proposed legislation such as SSSCA. As a result, I assume the ACLU has no argument over such laws.
just because you haven't seen something doesn't mean it doesn't exist. in actuality, the ACLU filed a friend-of-court-brief int the 2600 decss case.
-BlueLines
i remember when i ran a WWIV system off of a 386. we were on chunkynet for email and boards, and we had games (tradewars and foodfight). and ansi art (i miss TheDraw). i bought a 14.4k modem through a vendor that gave discounts to sysops. after that, i downloaded pirated games that used DOS/4GW at (what seemed like) smoking rates. i even got my first internet account through a bbs (the transformer room).
<abe simpson>
you kids with your gigahertz and flash and dsl and tcp/ip don't know anything about zmodem or slurp or busy signals. back when i was your age, we used to get our email once a day. and we liked it.
</abe simpson>
i've got to go post to this site.....
As long as we can keep critters from building nests in the singularity, we should be okay."
i'm more worried about evil sadistic demonic things torturing me and then taking me with them back to another dimension that resembles hell [us.imdb.org].
-BlueLines
Heh. Try renting "The Bad Lieutenant" from Blockbuster sometime. Then watch the real version. Then wonder why there's no warning as you walk into the store stating "We enforce our morals on you by editing our movies."
>Back in my day, the SID chip on a C-64 was only for snobs and rich sissy boys who needed fancy stuff like color and sound on a PC. We didn't need it then and we dont need it now and we LIKE it that way!.
have you seen the SIDstation (www.sidstation for the goatse.cx weary)? the SID chip is still fot rich people ($580 US for a 15+ year old chip), but the sounds on this synth are pretty sweet......
-BlueLines
How ironic that the act is titled the Who Is E-Mailing Our Kids Act, when it has absolutely nothing to do with people emailing kids, and everything to don with the ability of kids to email other people.
But this is the United States we are talking about.
Whenever politicians want to do something that's unconstitutional, illegal, or against the wishes of their constituants (the war on drugs, christian fundamentalists, and the PMRC come to mind), they need only utter the magic phrase:
"Won't someone please think of the children!"
Now, if you fight them, you are obivously against children, you evil bastard.
-BlueLines
Don't Trust Code Signed by 'Microsoft Corporation'
heh. i haven't trusted Microsoft code in the last 4 years.
but thanks for the heads up.
--
i saw the article yesterday and laughed as i read it.
i mean, the bay area gold rush is over. you're not going to get those $150/hr html consulting gigs anymore. The job market is tight. but not too tight. a quick search on hotjobs.com shows a ton of job openings. and even though craigslist doesn't have hundreds of postings a day in the prgrammer / sysadmin area, they ususally have 4 or 5 new ones every day. i have more friends at companies that are doing well than i have friends who have been layed off, and everyone i know has at least one "backup" job in case their current employer folds. and the people in the article are web designers (of which there are too many period) and asp/vb programmers? give me a break. if you've got a few years of c/c++ experience, you'll land something really quick. the people that are having the worst time are the corporate/middle management folks, who have no tech skills whatsoever, and the "i studied cs in college but i've never done any practical coding before" types.
They don't mention Pong Kombat, which is (as it sounds) a combination of Mortal Komabt and pong. It's only available for windows (as far as i remember), but it's hilarious. Make sure you read the FAQ's on the site.
Don't forget about Burning Man, which is August 27 - September 3. A large chunk of techie types trek there every year as well, especially from the Bay Area. I bet it'll draw alot of people who otherwise might have gone to lwe of the linuxbierwanderung.....
It's the beginning of the diamond age.
I can see the headlines now:
Neal Stephenson Sues Fabber Industry For Prior Art
Then the flash cartons:
Neal Stephenson says Fabbers Bad!
Then the lawsuit:
Neal Stephenson sues Fabster for anonymous digital distribution of "A Young Lady's Primer"
-BlueLines
Not true. There were two seperate vulnerabilites announced yesterday. The first just involves changing the static word16 to a static word32, but the second attack involved connecting many times to determine a session key. With the session key (and a sniffed session), one could decrypt the entire ssh session. Here's the patch for this on (for ssh-1.2.31 and below):
--- rsaglue.c 1999/12/10 23:27:25 1.8
+++ rsaglue.c 2001/02/03 09:42:05
@@ -264,7 +268,15 @@
mpz_clear(&aux);
if (value[0] != 0 || value[1] != 2)
- fatal("Bad result from rsa_private_decrypt");
+ {
+ static time_t last_kill_time = 0;
+ if (time(NULL) - last_kill_time > 60 && getppid() != 1)
+ {
+ last_kill_time = time(NULL);
+ kill(SIGALRM, getppid());
+ }
+ fatal("Bad result from rsa_private_decrypt");
+ }
for (i = 2; i len && value[i]; i++)
;
and here's the previously discussed patch:
--- ssh-1.2.31/deattack.c-old Wed Feb 7 19:45:16 2001
+++ ssh-1.2.31/deattack.c Wed Feb 7 19:54:11 2001
@@ -79,7 +79,7 @@
detect_attack(unsigned char *buf, word32 len, unsigned char *IV)
{
static word16 *h = (word16 *) NULL;
- static word16 n = HASH_MINSIZE / HASH_ENTRYSIZE;
+ static word32 n = HASH_MINSIZE / HASH_ENTRYSIZE;
register word32 i, j;
word32 l;
register unsigned char *c;
Also, it should be pointed out that openssh-2.3.0 isn't supported on openBSD =2.6, so if you run an older openBSD, you either have to upgrade or switch to ssh.com's ssh....
Umm, the responsible people already read bugtraq this morning and patched their servers.
So you just dropped $2k on your brand new HDTV.
You then dropped $1k (or whatever)for a HDTV box.
You're probably dropping more than $100 / month for service.
And you're using the analog outputs on your HDTV reviever?
You probably wouldn't be able to tell the difference between the different resolutions anyway. Digital connections (s-video, for instance) are the only way to go with HDTV.
This is just as bad as the people who drop $1k for a nice 5.1 reciever and plug it up with RCA cables.
-BlueLines
I work in San Mateo (20 minutes south of SF), and we've been watching these all day. Our major systems are all ups'd, but it would still suck to be without power.....
This reminds me of a pinball machine I saw at Burningman this year called The Visible Woman. There was no score keeping, and you basically played until the woman in the game made orgasmic sounds.I got to talking about the machine with the technical guy behind it, and it runs on linux. There are 10 or 11 triggers on the pinball machine, and each of those corresponds to a pin on a serial cable. There's a tiny computer hidden underneath the pinball console, and that emits the sound. There's no mention of the technical aspect of this game on the web site, so this is all from memory.
Here's a picture of people playing the game. You can see the computer underneath covered up by a blanket.
No problem, that one works too:
traceroute to 209.211.253.74 (209.211.253.74), 30 hops max, 38 byte packets
1 main4-216-200-18.sjc.above.net (216.200.18.3) 0.694 ms 0.960 ms 2.204 ms
2 core5-main4-oc3-2.sjc.above.net (208.184.102.193) 0.829 ms 0.403 ms 0.416 ms
3 core3-core5-oc48.sjc2.above.net (208.184.102.206) 0.626 ms 0.973 ms 0.462 ms
4 core5-core3-oc48.sjc2.above.net (208.185.156.66) 0.516 ms 0.772 ms 0.454 ms
5 nyc-sjc-oc12.nyc.above.net (208.185.156.162) 89.743 ms 89.731 ms 89.742 ms
6 qwest-nyc-oc12.above.net (208.185.156.26) 90.390 ms 90.437 ms 90.125 ms
7 jfk-core-02.inet.qwest.net (205.171.30.17) 90.164 ms 89.947 ms 90.264 ms
8 jfk-edge-01.inet.qwest.net (205.171.30.94) 90.205 ms 90.032 ms 90.410 ms
9 205.171.38.14 (205.171.38.14) 97.493 ms 97.652 ms 97.937 ms
10 209.211.253.74 (209.211.253.74) 97.647 ms 97.949 ms 98.726 ms
Not true. My company has several racks worth of machines at above.net, and i can see these ip's fine:
traceroute to mediamasters.com (204.101.215.149), 30 hops max, 38 byte packets
1 main4-216-200-18.sjc.above.net (216.200.18.3) 0.460 ms 0.548 ms 22.097 ms 2 core5-main4-oc3.sjc.above.net (216.200.0.213) 0.438 ms 0.707 ms 0.329 ms
3 core1-core5-oc48.sjc2.above.net (216.200.0.178) 0.748 ms 0.435 ms 0.476 ms
4 ord-sjc-oc12.ord.above.net (207.126.96.117) 60.749 ms 60.551 ms 60.689 ms 5 POS12-0-0.GW2.CHI6.ALTER.NET (157.130.111.89) 62.042 ms 62.046 ms 62.066 ms
6 112.ATM3-0.XR2.CHI6.ALTER.NET (146.188.208.182) 61.435 ms 62.329 ms 61.414 ms
7 190.at-2-0-0.TR2.CHI2.ALTER.NET (152.63.65.102) 63.525 ms 63.280 ms 62.999 ms
8 126.ATM6-0.TR2.TOR2.ALTER.NET (152.63.7.102) 75.048 ms 74.651 ms 74.853 ms
9 198.ATM6-0.XR2.TOR3.ALTER.NET (152.63.129.201) 75.971 ms 75.700 ms 75.437 ms
10 191.ATM6-0.GW1.TOR3.ALTER.NET (152.63.129.237) 75.506 ms 75.527 ms 76.023 ms
11 205.150.221.230 (205.150.221.230) 89.191 ms 89.263 ms 88.758 ms
12 mediamasters.com (204.101.215.149) 88.596 ms 88.603 ms 89.945 ms
Old EA games like the Bard's Tale series and Wasteland. EA recently released a package containing all of these for $20, but it'd be great to see updated versions that could take advantage of higher resolutions than the 64k EGA card i used for most of these games. I also miss Duke Nukem 3D, and am very sure that there's enough of a market to support a open/group rewrite of the engine to do OpenGL. In fact, this would probably get done before Duke Nukem Forever is actually released. I mean, I remember when the DNF people announced the change from the Q1 engine to the Q2 engine. And i want to be playing pool and waving money at strippers now....