it's zipped so you download the movie instead of streaming it. the 'not quite power users' of the world sometimes have trouble getting their machine to do the right thing.
i stared into the fiber coming from our t3 drop, and my vision was miraculously cured. well, except for the one dark spot that has a burned in backwards "NORTEL" logo on it.
the IMP (Interface Message Processor) is a big green refrigerator sized box, and can be found on in the engineering library in ucla's boelter hall. it was the first node of the packet switching network (the second being at stanford university, connected via a leased 56k line) now known as The Internet. and kleinrock set it up (and the packet switching theory behind it). more than anyone else (well, maybe vint cerf), he can be called the father of the internet.
having said that, this has absolutely no relevance to this case.
now, let me preface by saying that i'm not usually prone to nutty conspiracy theories and such.
having said that: how come the pentagon (y'know, the *other* 9/11 target) has not been so much as mentioned in any mainstream news media since, oh, about a year ago? i can't even remember how many people had been killed there. don't you find that a bit strange?
someone tell me i'm insane (and then tell me why).
i second this. the elegant universe is an excellent book to catch up on what the current state of string theory is (and how it got there). definitely recommended.
Richard Feynman's Six Not So Easy Pieces is a great explanation of some fundamental concepts of physics, especially the whole time/speed of light relationship (do you really really understand why the speed of light is the speed limit? if not, read this book). it has alot of forumulas, but they do not need to be understood for the book to make sense.
Brian Greene has a very thorough explanation of the leading edge of quantum mechanics and string theory (or m-theory) in The Elegant Universe. this book is free of formulas, but very good at explaining how theories evolved, up to current research status.
i live every day as if it were my last when i party, i go balls to the wall </balls to the wall>
Re:Lies, damned lies, and statistics.
on
How to Test Your T1?
·
· Score: 3, Informative
This even applies to phone lines.. That's why It's sometimes hard to get a call through on Mothers' day. The phone companies provision to handle 99%+ of the volume spikes, and mothers' day can consistently make it into that last percentile. Even so... handling 99% of the traffic spikes still comes to far less than one circuit for every two subscribers.
having worked at the phone company, the numbers are approximately 9 phones per carrier line capacity in residential installs and 4 to 1 in businesses. incidentally, on some systems, when capacity is full, you get a busy signal after dialing (so a busy signal is not necessarily a sign that the receiver is busy).
HELO? what? is this ~l33t_hax0r? i'm sorry, there's no such user. no, no, this is 129.168.0.1, you must have meant to connect to 192.168.0.1. j00're welcome.
We had two bags of grass, seventy-five pellets of mescaline, five sheets of high-powered blotter acid, a saltshaker half-full of cocaine, and a whole galaxy of uppers, downers, laughers, screamers... Also, a quart of tequila, a quart of rum, a case of beer, a pint of raw ether, and two dozen amyls. Not that we needed all that for the trip, but once you get into a serious drug collection, the tendency is to push it as far as you can. The only thing that really worried me was the ether. There is nothing in the world more helpless and irresponsible and depraved than a man in the depths of an ether binge, and I knew we'd get into that rotten stuff pretty soon.
chet lives! i miss omm. i would have loved to see your take on warcraft 3.
while i'm at it, thanks for being one of the good webmasters out there and caring about the users' privacy, popup ads and limiting tracking and invasions of privacy.
i saw this (and the pioneer one) at CES. 10 gigs (unupgradeable) of music that rips from your cd player. unuseable (atrac3) format that you can't take out of the car. the only way to get music on it is by inserting a cd and waiting for it to rip or by magicgate (drm'd) memory sticks (which means my music collection is useless with it). and how do you manage, navigate, control all that music through the stupid headunit interface?
these guys had it right. create playlists on your desktop (mp3's), transfer them to a removeable hard drive via usb, plug that drive into a device that emulates a cd changer in your car. don't even have to change out your headunit. sounds like it does just the opposite of what the sony unit does, and is much more practical. they also make a model specifically for kenwood, so it does look like they're gaining headway in the market.
can't use your mp3's with it. can't take the music you rip anywhere. nearly impossible to manage.
why not try the phatnoise car audio system (they're selling them again). pretty similar to an empeg, except that it emulates a CD changer, so it connects to your existing headunit. plays mp3, wma, and flac (lossless encoding). removeable hard drive connects to your pc via usb, and lets you use all the music that you already own.
even with the price of a new headunit it's cheaper than this sony pos.
replying to yourself is always a bad thing, but here goes...
if you cut through the bullshit (theo certainly has an interesting way of putting things), what he's saying is this:
there's a hole in sshd. we are working on a patch. if we release it now, you are all f'd, because all your systems will be compromised before you have time to patch them. we are giving you the next week to update your sshd, so that you are no longer vulnerable when we publish the bug+patch. yes, the new sshd has the bug, but is not vulnerable to it. if we fixed it now, the black hats will diff the results and be able to develop a compromise, and you still won't have a patch. oh yeah, we need your vendors' help so that you're all safe by next week.
From: Theo de Raadt [deraadt@cvs.openbsd.org] Subject: Upcoming OpenSSH vulnerability
There is an upcoming OpenSSH vulnerability that we're working on with ISS. Details will be published early next week.
However, I can say that when OpenSSH's sshd(8) is running with priv seperation, the bug cannot be exploited.
OpenSSH 3.3p was released a few days ago, with various improvements but in particular, it significantly improves the Linux and Solaris support for priv sep. However, it is not yet perfect. Compression is disabled on some systems, and the many varieties of PAM are causing major headaches.
However, everyone should update to OpenSSH 3.3 immediately, and enable priv seperation in their ssh daemons, by setting this in your/etc/ssh/sshd_config file:
UsePrivilegeSeparation yes
Depending on what your system is, privsep may break some ssh functionality. However, with privsep turned on, you are immune from at least one remote hole. Understand?
3.3 does not contain a fix for this upcoming bug.
If priv seperation does not work on your operating system, you need to work with your vendor so that we get patches to make it work on your system. Our developers are swamped enough without trying to support the myriad of PAM and other issues which exist in various systems. You must call on your vendors to help us.
Basically, OpenSSH sshd(8) is something like 27000 lines of code. A lot of that runs as root. But when UsePrivilegeSeparation is enabled, the daemon splits into two parts. A part containing about 2500 lines of code remains as root, and the rest of the code is shoved into a chroot-jail without any privs. This makes the daemon less vulnerable to attack.
We've been trying to warn vendors about 3.3 and the need for privsep, but they really have not heeded our call for assistance. They have basically ignored us. Some, like Alan Cox, even went further stating that privsep was not being worked on because "Nobody provided any info which proves the problem, and many people dont trust you theo" and suggested I "might be feeding everyone a trojan" (I think I'll publish that letter -- it is just so funny). HP's representative was downright rude, but that is OK because Compaq is retiring him. Except for Solar Designer, I think none of them has helped the OpenSSH portable developers make privsep work better on their systems. Apparently Solar Designer is the only person who understands the need for this stuff.
So, if vendors would JUMP and get it working better, and send us patches IMMEDIATELY, we can perhaps make a 3.3.1p release on Friday which supports these systems better. So send patches by Thursday night please. Then on Tuesday or Wednesday the complete bug report with patches (and exploits soon after I am sure) will hit BUGTRAQ.
Let me repeat: even if the bug exists in a privsep'd sshd, it is not exploitable. Clearly we cannot yet publish what the bug is, or provide anyone with the real patch, but we can try to get maximum deployement of privsep, and therefore make it hurt less when the problem is published.
So please push your vendor to get us maximally working privsep patches as soon as possible!
We've given most vendors since Friday last week until Thursday to get privsep working well for you so that when the announcement comes out next week their customers are immunized. That is nearly a full week (but they have already wasted a weekend and a Monday). Really I think this is the best we can hope to do (this thing will eventually leak, at which point the details will be published).
Customers can judge their vendors by how they respond to this issue.
OpenBSD and NetBSD users should also update to OpenSSH 3.3 right away. On OpenBSD privsep works flawlessly, and I have reports that is also true on NetBSD. All other systems appear to have minor or major weaknesses when this code is running.
(securityfocus postmaster; please post this through immediately, since i have bcc'd over 30 other places..)
they havn't gotten around to polishing vorbis yet, where do they get the time to work on a video codec? will this be the same maneuver as the ogg format?
"look, it's free and open. well, unless you want the specs, which don't exist, so you have to use our source. want an integerized implementation (for your rio)? well, since you don't have the specs, we'll be glad to sell you one."
this is why ogg is not in hardware yet. this is why there arn't alternate implementations (LAME ogg, anyone?).
i'd love to see a free, open video codec. mpeg royalties suck ass. but my patience with xiph is running short.
Slashdot Mirror
nevermind, your answer is far better than mine.
but does it look as cool?
your wish is granted. say you got the first half of pr0n.tar.bz2:
$ ssh remotehost -c "tail --bytes=\`ls -l | awk '/pr0n.tar.bz2/ { print $5; }' - `ls -l | awk '/pr0n.tar.bz2/ { print $5; }'` | bc\`" > pr0n.tar.bz2
now, you're smart enough to turn this into a shell script, right? there's a reason openbsd doesn't ship with a "watch" script.
note that there is probably an error in that commandline since i never tested it. go ahead, post it.
top floor: shoes, ladies ligerie, space. please mind the gap.
it's zipped so you download the movie instead of streaming it. the 'not quite power users' of the world sometimes have trouble getting their machine to do the right thing.
i stared into the fiber coming from our t3 drop, and my vision was miraculously cured. well, except for the one dark spot that has a burned in backwards "NORTEL" logo on it.
the IMP (Interface Message Processor) is a big green refrigerator sized box, and can be found on in the engineering library in ucla's boelter hall. it was the first node of the packet switching network (the second being at stanford university, connected via a leased 56k line) now known as The Internet. and kleinrock set it up (and the packet switching theory behind it). more than anyone else (well, maybe vint cerf), he can be called the father of the internet.
having said that, this has absolutely no relevance to this case.
now, let me preface by saying that i'm not usually prone to nutty conspiracy theories and such.
having said that: how come the pentagon (y'know, the *other* 9/11 target) has not been so much as mentioned in any mainstream news media since, oh, about a year ago? i can't even remember how many people had been killed there.
don't you find that a bit strange?
someone tell me i'm insane (and then tell me why).
i second this. the elegant universe is an excellent book to catch up on what the current state of string theory is (and how it got there). definitely recommended.
Richard Feynman's Six Not So Easy Pieces is a great explanation of some fundamental concepts of physics, especially the whole time/speed of light relationship (do you really really understand why the speed of light is the speed limit? if not, read this book). it has alot of forumulas, but they do not need to be understood for the book to make sense.
Brian Greene has a very thorough explanation of the leading edge of quantum mechanics and string theory (or m-theory) in The Elegant Universe. this book is free of formulas, but very good at explaining how theories evolved, up to current research status.
i live every day as if it were my last
when i party, i go balls to the wall
</balls to the wall>
having worked at the phone company, the numbers are approximately 9 phones per carrier line capacity in residential installs and 4 to 1 in businesses. incidentally, on some systems, when capacity is full, you get a busy signal after dialing (so a busy signal is not necessarily a sign that the receiver is busy).
HELO?
what? is this ~l33t_hax0r? i'm sorry, there's no such user.
no, no, this is 129.168.0.1, you must have meant to connect to 192.168.0.1.
j00're welcome.
*click*
goddamnit, i gotta install a firewall.
hollywood, original as always...
the plot of cg characters pretending to be real actors existed in:
macross IV (see Sharon Apple) 1994
megazone 23, parts 1 and 2, at least (Eve) 1985
bwahahaha.
sorry. it's immature and all, but c'mon, dick hardt... it's funny.
We had two bags of grass, seventy-five pellets of mescaline, five sheets of high-powered blotter acid, a saltshaker half-full of cocaine, and a whole galaxy of uppers, downers, laughers, screamers... Also, a quart of tequila, a quart of rum, a case of beer, a pint of raw ether, and two dozen amyls. Not that we needed all that for the trip, but once you get into a serious drug collection, the tendency is to push it as far as you can. The only thing that really worried me was the ether. There is nothing in the world more helpless and irresponsible and depraved than a man in the depths of an ether binge, and I knew we'd get into that rotten stuff pretty soon.
where can i get me a supersweet UUCP address like that? this ARPA MILnet interweb thing is getting old.
how about we make those indian isp's pay for the privilage of having their traffic carried on any backbone outside of india?
how else would i install openbsd? it takes too long for the cd's i bought to get here.
i'd rather see a replacement to the floppy (that's bootable!). how about compact flash slots?
chet lives!
i miss omm. i would have loved to see your take on warcraft 3.
while i'm at it, thanks for being one of the good webmasters out there and caring about the users' privacy, popup ads and limiting tracking and invasions of privacy.
keep on rocking.
where will i get my slow chips from now?
i saw this (and the pioneer one) at CES. 10 gigs (unupgradeable) of music that rips from your cd player. unuseable (atrac3) format that you can't take out of the car. the only way to get music on it is by inserting a cd and waiting for it to rip or by magicgate (drm'd) memory sticks (which means my music collection is useless with it). and how do you manage, navigate, control all that music through the stupid headunit interface?
these guys had it right. create playlists on your desktop (mp3's), transfer them to a removeable hard drive via usb, plug that drive into a device that emulates a cd changer in your car. don't even have to change out your headunit. sounds like it does just the opposite of what the sony unit does, and is much more practical. they also make a model specifically for kenwood, so it does look like they're gaining headway in the market.
you hit the nail right on the head.
can't use your mp3's with it. can't take the music you rip anywhere. nearly impossible to manage.
why not try the phatnoise car audio system (they're selling them again). pretty similar to an empeg, except that it emulates a CD changer, so it connects to your existing headunit. plays mp3, wma, and flac (lossless encoding). removeable hard drive connects to your pc via usb, and lets you use all the music that you already own.
even with the price of a new headunit it's cheaper than this sony pos.
replying to yourself is always a bad thing, but here goes...
if you cut through the bullshit (theo certainly has an interesting way of putting things), what he's saying is this:
there's a hole in sshd. we are working on a patch. if we release it now, you are all f'd, because all your systems will be compromised before you have time to patch them. we are giving you the next week to update your sshd, so that you are no longer vulnerable when we publish the bug+patch. yes, the new sshd has the bug, but is not vulnerable to it. if we fixed it now, the black hats will diff the results and be able to develop a compromise, and you still won't have a patch. oh yeah, we need your vendors' help so that you're all safe by next week.
make sense?
From: Theo de Raadt [deraadt@cvs.openbsd.org]
/etc/ssh/sshd_config file:
Subject: Upcoming OpenSSH vulnerability
There is an upcoming OpenSSH vulnerability that we're working on with ISS. Details will be published early next week.
However, I can say that when OpenSSH's sshd(8) is running with priv seperation, the bug cannot be exploited.
OpenSSH 3.3p was released a few days ago, with various improvements but in particular, it significantly improves the Linux and Solaris support for priv sep. However, it is not yet perfect. Compression is disabled on some systems, and the many varieties of PAM are causing major headaches.
However, everyone should update to OpenSSH 3.3 immediately, and enable priv seperation in their ssh daemons, by setting this in your
UsePrivilegeSeparation yes
Depending on what your system is, privsep may break some ssh functionality. However, with privsep turned on, you are immune from at least one remote hole. Understand?
3.3 does not contain a fix for this upcoming bug.
If priv seperation does not work on your operating system, you need to work with your vendor so that we get patches to make it work on your system. Our developers are swamped enough without trying to support the myriad of PAM and other issues which exist in various systems. You must call on your vendors to help us.
Basically, OpenSSH sshd(8) is something like 27000 lines of code. A lot of that runs as root. But when UsePrivilegeSeparation is enabled, the daemon splits into two parts. A part containing about 2500 lines of code remains as root, and the rest of the code is shoved into a chroot-jail without any privs. This makes the daemon less vulnerable to attack.
We've been trying to warn vendors about 3.3 and the need for privsep, but they really have not heeded our call for assistance. They have basically ignored us. Some, like Alan Cox, even went further stating that privsep was not being worked on because "Nobody provided any info which proves the problem, and many people dont trust you theo" and suggested I "might be feeding everyone a trojan" (I think I'll publish that letter -- it is just so funny). HP's representative was downright rude, but that is OK because Compaq is retiring him. Except for Solar Designer, I think none of them has helped the OpenSSH portable developers make privsep work better on their systems. Apparently Solar Designer is the only person who understands the need for this stuff.
So, if vendors would JUMP and get it working better, and send us patches IMMEDIATELY, we can perhaps make a 3.3.1p release on Friday which supports these systems better. So send patches by Thursday night please. Then on Tuesday or Wednesday the complete bug report with patches (and exploits soon after I am sure) will hit BUGTRAQ.
Let me repeat: even if the bug exists in a privsep'd sshd, it is not exploitable. Clearly we cannot yet publish what the bug is, or provide anyone with the real patch, but we can try to get maximum deployement of privsep, and therefore make it hurt less when the problem is published.
So please push your vendor to get us maximally working privsep patches as soon as possible!
We've given most vendors since Friday last week until Thursday to get privsep working well for you so that when the announcement comes out next week their customers are immunized. That is nearly a full week (but they have already wasted a weekend and a Monday). Really I think this is the best we can hope to do (this thing will eventually leak, at which point the details will be published).
Customers can judge their vendors by how they respond to this issue.
OpenBSD and NetBSD users should also update to OpenSSH 3.3 right away. On OpenBSD privsep works flawlessly, and I have reports that is also true on NetBSD. All other systems appear to have minor or major weaknesses when this code is running.
(securityfocus postmaster; please post this through immediately, since i have bcc'd over 30 other places..)
they havn't gotten around to polishing vorbis yet, where do they get the time to work on a video codec? will this be the same maneuver as the ogg format?
"look, it's free and open. well, unless you want the specs, which don't exist, so you have to use our source. want an integerized implementation (for your rio)? well, since you don't have the specs, we'll be glad to sell you one."
this is why ogg is not in hardware yet. this is why there arn't alternate implementations (LAME ogg, anyone?).
i'd love to see a free, open video codec. mpeg royalties suck ass. but my patience with xiph is running short.
eat more chicken!