Well, everything I've ever heard or read about trying electrolysis can't produce enough hydrogen to fuel a car. Breaking down water into hydrogen and oxygen and feeding just won't cut it. If it could, a more robust system should be able to power the car by itself.
The theory does sound interesting though. I'm curious myself if it would work.
After reading his text, I have to wonder about the author though. He says he has a background in chemestry (at least teaching it in hgih school), but then failed to do any sort of consistant tests. He used his fuel gauge to measure the fuel usage? Gauges are rarely accurate. You're using a linear measure in a irregularly shaped tank. I've had the luxury of testing this on many road trips. I'd watch milages roll by and the gas guage would drop slowly at the beginning, implying a very good fuel economy. But when we get to the bottom of the tank the needle drops fast.
Anyone who owns a late model F-Body car (Firebird or Camaro) knows this. One friend lives by the rule of, if his car reads 1/4 tank, find a gas station. If I remember right, 1/4 means you have about 3 gallons in the tank, on a 16 gallon tank.
He honestly should have been at least stopping at gas stations, filling the tank, and measuring his milage. Not 100% accurate, but much better than reading the gauge.
The links he has on the bottom of the page scare me. I knew someone who absolutely lived by the concepts of doing all the witchcraft mechanics for power. He also calculated his car had 500hp based on add-on parts and their advertised increase percentages. hehe.
With all that said, some time I have lots of spare time on my hands, and an urge to put several hundred miles on my car, I'll try out his concept. I'd love to say that I've increased my horsepower by x%, and fuel economy by x mpg.. More than likely I'll say "that was interesting.", and pull all the crap off.
365hp from a Mustang? Congratulations.. Not too often I see a good strong Mustang. Ford really messed up making their GT's so weak. I hear the new Cobra's are going to be closer to 400hp. I've seen a few great Mustangs up in your class. My favorite was a late 80's, with a 351 and NOS. *THAT* was a quick car. As far as I know, the owner never dyno'd it, so I don't know the horsepower.
I've driven a '95 and '2000 Mustang GT, and was upset how slow they were. We don't even need to get into how bad the V6 convertables are.:)
I drive a 2000 TransAm WS/6. I just drove it from Florida to California and with the cruise set to 80mph in 6th gear the engine was under 2k RPM and I got 26mpg..:) Not bad for a mostly stock 330hp car.. I manage around 20 with a mix of city and highway driving. Los Angeles traffic doesn't help though. "Hey, we're on the 110 leaving downtown at rush hour. Set the parking brake, and light a cigerette, we'll be here for a while."
I used to drive a heavily modified 1982 TransAm that was about 400hp (carburated Chevy smallblock 350). It only got about 20mpg. It only had a 4 speed stick, which really hurt. I wanted to go with a 5 speed, but was warned that the stock 5 speed wouldn't handle the power, and I didn't have money to go aftermarket at the time.
Needless to say if I was seriously running either TransAm, the milage went down. Stop and go oval racing the '82, I got 6 gallons per mile. I just had the 2000 out at a street type track recently. I didn't do a proper fuel estimation, but I went maybe 75 miles on 1/2 tank (8gal).
After market parts can really do wonders for fuel economy. Of course they're all marketed for speed.:) But applying so much more power, it's easier to push the weight around. Idling along on the highway in 6th gear the throttle is barely pressed to hold my speed. I drove a 4 cyl Acura sedan from Los Angeles to San Diego, and confused myself a few times because pushing the gas a little didn't do anything.. Full throttle on an up-hill on ramp simply isn't the same. I'm a firm believer that people should put more efficent parts on their car (better design cam, higher compression heads, better flowing parts). Do it well, and you'll have a better driving car..
I guess I should add some Tim "The Tool Man" Taylor grunts here.. {grunt}{grunt}{grunt}
But staying on a tight budget is what I'm best at.:) Hell, I have our network running on $1500 servers, and can pull 150Mb/s from most of them.. You can almost always get away with something cheaper to do the same job just as good or better.
If we use a K5 Blazer, parts are cheap and very available. People who know how to work on it are a dime a dozen. If you go to most mechanics, they'll probably be able to listen to your problem description and figure it out. And more importantly for this, getting parts is easy. If you want something a little different, any junk yard has compatable parts. I can't say the same for a Hummer.
Your points 1 and 2 may have some reality though. I *WANT* to do this.. But, if I do, it's going to mean some serious work. That'll mean I'll have to drop just about everything I do in my free time to get it done. If it was a team of say 10 to 20 people, it'd be easier, but more than likely we'd spend every night programming for it, and every weekend testing it out in the desert. And more than likely that would mean at least one day per week would be repairing something from the damages caused during that weekend's test runs.
It sounds like a really fun project, but without serious backing (like, someone to payroll 10 to 20 people and equiment), it's not going to happen. That kind of payroll would easily exceed the prospective prize.. Well, except for the fact that you know someone is going to hire your team at mad money pay if they do a good job of it..:)
That becomes a slight budget issue.. I was going on the assumption that we didn't have one.. Unless a sponsor wants to give us a Hummer, a used blazer is going to be a lot easier to get a hold of.. A quick search on autotrader.com for 1983 through 1989 Chevy Blazers within 25 miles of Los Angeles found 4 with an average price of $2500. One ad in particular sounds perfect. A recently rebuilt K5 blazer 4x4 with a 6.2L turbo diesel and a rebuilt transmission, for like $4,000.. If I was going to send something out for rough terrain, that would be what I'd want to be in.. Looking at the picture, I'd say the only thing it needs is offset rims (for a wider stance), and wider tires. Not necessarly taller (taller can become a rollover hazard), but wider to handle soft or unpredictable surfaces.
I still think the blazer would be the best choice.. An older one wouldn't set us back too bad. It would definately have to be something that could fall off a cliff and no one would miss..:)
Slop in steering is easily fixed. I've worked on cars for years. There's nothing broken that can't be fixed.. Usually in most sedans and trucks like this, older wear cases with huge slop in the steering is the steering gear box, which is relatively cheap to replace. If this was a race car type vehicle, I'd say to replace it with a gear box from an F-Body, but for this application, it would probably be very worth while to take the extra revolutions on turns, to help make turns easier. I don't believe these trucks were rack&pinion, so they have a linkage system for steering. The joints of the links wear. I've changed quite a few components involved over the years. Usually they aren't expensive, unless you go to the dealership for the parts.:)
I'm fairly sure I read in the instructions that ATV's were pretty much disallowed. Since it's a 250 mile trek (mininum), I wouldn't really want to send an ATV out for the task. Making a tank would be a fun project in itself, but I'd be looking at it as "would I want to be in this, in the middle of the desert". Something completely home-grown isn't wouldn't exactly be the most comfortable place 100 miles from anywhere.. I used to dirt bike ride out in the middle of nowhere, and now I really consider myself a fool for some of the rides I made. Luckly most of the time there was a second bike, so I could always get a ride home, and then come back out with a truck to collect the bike..
The ground effect vehicle is out by the rules too.. Pretty much they're saying wheels, tracks, or feet.
The rules elude to complete lack of visibility at points, and the very good chance of loss of GPS services. I'm not sure what that means. I suppose in a cavern or something of the sort, where you don't have a good view of the sky, all the satellites could be lost. That would be a good reason to keep an idea in the programming of "if the GPS and triangulation look impossible", default back to distance traveled and magnetic bearing..
The rules say that any commercially available 4x4 vehicle could make the quest, so I'd think the tank may not be necessary.. Of course, it does have to make 250 miles in 10 hours, so just to complete you're looking at an average speed of 25mph. I'm sure someone is going to manage it. A regular truck could achieve 90mph fairly easily, conditions permitting.
I do wonder if self-righting hydraulic rams would be a consideration. Like, if you spill down a hill, if it could push itself upright again to keep going..:)
This sounds like fun.. Personally, I don't have *ALL* the skills required to pull this one off, but if anyone's forming a team in the Los Angeles area, I'm in.. I have skills everywhere from the technical aspects of making a vehicle work to engineering of the hardware involved.
I'm thinking something like a slightly modified S-10 Blazer, or K5 Blazer. Positraction (not available on the older S-10's) is a must. Probably the K5 would be the better choice, for extra room in the engine compartment for controls.
I did a quick read through their forums. There's some interesting (and optimistic) talk of stereo vision through, laser vision/guidance, and ground evaluation through radar.. A few of the people sound like they have a clue, and some others didn't even read the rules..
Some of them are talking about exotic hardware solutions, that they'll probably spend all the available time building, and then wonder why they don't have a working vehicle to go with it. Some others were talking about cool Xeon based systems, and forget that they get hot, and this is going to be running in a vehicle in the desert for 10 hours. One mentioned the hardships of hard drives, and doesn't even realize that you can use Compact Flash as your hard drive, and do stuff from there. No one yet mentioned using Linux..:)
My thoughs on a practical vehicle is a late 80's Chevy K5 blazer. Radar (like the backup radar in late model Lincoln's) to evaluate for local blockages. Vision system, like a stereo camera hooked up to a Linux box (this is where I'm at a loss. I don't think I could do this software).
Steering control would be an electric motor with chain drive just before the steering box. That way, no major changes to the steering need to be done.
Acceleration is a simple motor pulling on the throttle assembly, just like the vacuume accuator on cruise control.
Braking would need to be something more substantial. probably a pneumatic ram on the brake pedal lever itself.
I'd suspect it'll take a few computers to run it, but in something the size of a K5 blazer, we'd have no only room to mount it, but more than enough room to mount it preventing shocks... The computers would need to be hard-drive free though.. Compact flash cards of say 512Mb would be just about all we'd have to work with. That should be sufficent though.
The site says they're providing several checkpoints which are mandatory to pass through/stop at. There will also be mandatory waypoints, which define the path. Fairly easily, go from waypoint to waypoint. If there's an obstical, decide for left or right turn to go around.. More than likely the easiest thing would be to use GPS to establish a location (when available), and use other public navigation beacons the rest of the time.
Anyone who's flown knows how many radio navigation beacons are available.:) Radio stations make for decent markers too. Since you have something the size of a truck, it would be a piece of cake to triangulate distance and direction to any one becon, and use any two to fix location.
When you detect an obstical, mark it on an onboard map, and figure out a way around. That would be for big obsticals like canyons or mountains. Small obsticals, you steer around.
I can design and build anything required to make the vehicle itself work. Navigation will be up to someone else. This is/will be a team project, so as many hands as we can get involved would be cool.
Can we get Cmdr Taco's permission to put "Slashdot" down the side of the truck?:)
Who's in? Reply here first, then we'll get in contact in real life.
Damn, that's a cool project.. The kid looks just like one of my friend's sons.. And he'd definately be the type to drive it around the neighborhood, and terrorize anything he could with a pneumatic cannon..:)
My only real suggestion would have been to make at least the drivetrain and suspension out of metal.. Ya, it'd take a bit of extra work, and may need to invest in some new tools (but possibly not), but it would have definately been worth it..
Personally, if I had the space and time, I would have gone for something a bit bigger. Maybe 1:2 scale, and probably used metal instead of wood.
I've seen quite a few 50cc motorcycles and mopeds with automatic clutches and one speed, that can get someone my size on a small frame going about 30mph. A pair of 50cc motorcycle engine/transmission combo's would make a pretty cool tank that wouldn't be too loud, and still get like 40mpg.:) From the sounds of it, these would be about as expensive as the motor and batteries that he used.. Of course, I have no idea what he'd need to use to make the drive reverse.. Using either track in forward is easy. putting one in reverse to spin the tank would take an extra transmission piece..
Oh, I got it.. Put the drive in a slot. If it's in one position, it moves forward. If it's in the other, it hits the other side of the inside of the tracks, and pushes back.. That would only require a solinoid, like the electric locks in a car use.
Tee-hee..
I need to move into a house with space, so I can build one for myself.. Hehe..
I guess it's a good thing this guy isn't my neighbor.. We'd probably have a full fledged tank built by now (minus armour to save weight), with a working pneumatic gun..:) Imagine chasing each other around a yard with potato's in the cannon.. Muhahahaaaaaa..
Yeah, an interview with a company that didn't mind being slashdotted might not be a bad idea. So many sites die from CPU load even if they've got plenty of bandwidth.
Since they'll never interview us, I'll just post what I know when people ask.:)
It'd be interesting hearing partially about what servers and what configurations you use, but also what design issues you found, especially as it looks like there's a fair bit of dynamic content.
We use cheap, fast servers, and lots of them.:) A long time ago we considered buying single big expensive machines, or lots of little cheap ones.. The decision was really made for us by a company that used to host Voyeurweb.. At the time (years ago), it was run on 4 200Mhz Pentium machines, and only had a couple hundred thousand users. Three of those machines are the reason for our legacy names that you still see on the site (www.voyeurweb.com, ww3.voyeurweb.com, and voy.voyeurweb.com), even though they no longer reference individual servers.
Those machines were being overwhelmed, so the hosting company bought a huge multi-processor Sun machine to do the job.. I believe the price tag was like $40k. They moved all the sites over to the new server, and it just barely took the load.
It was shortly after that, that we met up with Igor, and Igor decided that we should be what Voyeurweb is now.. We decided at the time to buy 10 relatively cheap decent servers to handle the sites, plus have room to grow. 9 of these machines were AMD K6 450Mhz with 256Mb RAM and IDE hard drives. They cost roughly $1000/each. With Apache configurations identical to the old servers, we managed to pull about 8Mb/s per machine, which was more than enough then... Over the next few months, we played with tweaking the Linux kernel (it needed lots of tweaking back then), and tweaked Apache up a bit.. We got up to 32Mb/s before Apache couldn't keep up on these machines (too many processes, not enough memory). We then went exploring other web server softwares, and found thttpd.. These same machines could now serve 80Mb/s...
We retired all those old machines a couple months ago. I have some of the parts in a cabinet in my office now, that we're putting back up as little servers as needed, from the parts that still work right. The motherboards and CPU's are all fine. Some of the memory isn't perfect, so it gets tossed. Hard drives and power supplies were most of our failures. We got years of service out of them, so I honestly have no complaints.
Most of the new Voyeurweb servers are Asus 1400r servers. Dual 1.4Ghz PIII, 2Gb RAM, IDE hard drives.. Honestly, they're beautiful machines that you can get real cheap. They can each serve 150Mb/s without flinching. It took adding TEQL to the kernel, and having two network cables plugged in. thttpd works better with mutliple instances each bound to it's own IP, at this kind of load, but it's a small sacrifice... With the current kernel (2.4.20), we're down to just a few boot-time kernel changes using/proc/, the most important being/proc/sys/fs/file-max
We do free hosting for sites that use our "ProAdult" authentication. Those go on identical machines, usually in pairs for redundancy.. There are other machines on the network, that we've built out experementing with them over the years.. I made some really nice machines with CalPC cases, and Asus motherboards.. Unfortunately, they're hard to cool. A couple companies make good CPU fans for 1u cases. We had to put an additional blower fan in to keep the CPU at a reasonable temperature.. Actually, they're from Radio Shack.:) It fits perfectly between the motherboard and the side of the case, and you can plug it straight into the chassis fan connection on the motherboard..
We're using the Asus machines more now though, because they have a great cooling method, and almost no machine failures
Oh I had misread your earlier message as saying that 10% of all passwords were 1234.
No problem. I wasn't very clear about it. I'm in the habit of doing lists with 'wc -l', and forget that only people that work with me all the time are used to it.
And yeah, I can imagine you get a lot of scans. If I was to do this I'd either use proxies from major ISPs (where you likely have subscribers you wouldn't want to ban) or bounce at random intervals through many proxies, preferably private ones on friends' computers.
Both of those are very popular.. People have been writing applications to scan for passwords for years, so they've become very practiced at better and better methods.. The best ones I've seen use lists of thousands of proxies, sending only a few requests through each.. Sometimes fresh proxies show up, but most of the script kiddies get their proxy lists from each other, so even a good proxy will get caught by the system pretty quick. They ruin their own proxy base pretty quickly all on their own..
My biggest concern isn't even of Joe-user trying to get a password.. You're just one extra user in a base of hundreds of thousands. Who cares, right? But when you give that to 5 friends who then give it to 5 friends, then we have a whole bunch of users in (that's caught too). But the bigger problem is the people who scan for passwords just to post them to passwords sites. Now instead of 5 or 6 people coming in with that account, we can have 10,000 try within an hour. Some of those sites are big. They have their own set of rules in our security program.:) Password sites are very predictable though, so a few regular expressions can spot them coming a mile away.
Once in a while, I'll check out the password sites we've caught, and look at the other sites listed. If they're running, very frequently the extra traffic will kill the servers (just like the/. effect, except their all stealing). A lot of porn sites are very very small, and either are just virtual hostings, or just on one small server. That's where I'm lucky. We know we get lots of traffic, so we already have lots of servers up to handle the load. If I gave out a password today for all the/. users to look at free porn all day, we wouldn't take a hit in performance. A couple hundred Mb/s extra all day probably, but nothing we couldn't handle.
Cmdr Taco should do a Slashdot Interview on us one day..:) But then there are some things I'd like to ask him..
I like the script that changes passwords. But why not just scan the database now, mail out secure passwords to everyone who fails the check, and in the future, mark all guesses from an IP tagged as a scanner as failure, regardless of what they guess?
When I started, we already had 200k users in the database. I couldn't just reissue 90% of the passwords. People would be freaking out all over the place. The ones that we do change get rather pissy over it, but we have a legitimate reason for it, rather than just saying "because we want to." I'd *LOVE* to have a script go through the database, take every dictionary word and change it to a better password, and Email the user.. But, people would be ready to kill me when 200k users start complaining.:)
But, I can get more porn than I can, um... use, from The Hun's, other free services, Gnaughty (check this out) and p2p programs. It was for the intellectual exercise.
The funny part of my whole exercise in password security is that our biggest site, voyeurweb.com, has a whole lot of good free porn on it. The pay sites are just more specific. Like, redclouds.com has hardcore pictures in it, and homeclips.com has video clips. But a million or so people use voyeurweb.com every day just because it's free.. Well, and there's no popups or ads, so it's not obnoxious.. And it's fast.. That's one of the mandates from the bosses is that all the sites *HAVE* to be fast.
And yeah, I've got a domain I use for mail (and private pages, and hidden links that are meant for friends but aren't supposed to be secure, like pictures from parties, etc) and it doesn't have a front page (or easily guessable page) and people tell us it's down even though we don't actually send anyone there.
That's exactly the way voynetworks.com and vvd.com were for years, but then people would start sending complaints to my bosses who would then bitch at me.. It was easier to put up pages with a single image, than to explain to them once every month or so that we don't actually have any content on those names.:)
I'd give you a hint, but it wouldn't help much. I'll give you the sites in order of age.
voyeurweb.com redclouds.com watchcams.com hom eclips.com funbags.com proadult.com quantum.pro adult.com
There are two to four auth databases, depending on a varity of things that have happened since the site was created. So there, you have a whole bunch of sites to try...
It wasn't 10% were "pass", that was the count of a database of 260k users, so the highest one (password: 1234) is used in 505 of 260,000 accounts, or 1:500. Since the password scanners picked up on those a long time ago (like, before I was doing security), those easy passwords go with harder usernames if they still exist.:)
I'll give the short advisory first though. People password scan us all day every day..
Too many wrong passwords from an IP, and you're blocked for 24 hours.
Too many scans from a proxy, and the proxy is blocked indefinately. I have a beautiful list of anonymous proxies should anyone want to buy it from me.:) I did notice that Slashdot is already blocking some for abuse (specifically Chinese). I'm thinking of sending the whole list over to Cmdr Taco so he can update his lists.:)
If you do scan for passwords, and manage to get one right, the system will change the password for the user automatically, and Email the user with their new password, so before your script notifies you that you've won, we've already changed it.:) It's automated, so there's no lag time from us.
Thanks about the logo. I actually just jacked the picture from voyeurweb.com (our biggest site), and mangled it a little with photoshop til it looked suitable for this page.. No one goes there, unless they're bored. Until recently the only place that the name showed up is as our DNS servers and on my Email..:) Sometimes it shows up inside the site on stuff I'm developing if I haven't changed the name to the site it belongs with yet. Mostly, I got annoyed when people would tell me, "Your site is down", meaning the one associated with my Email address. Duh, like, no one goes there. Check vvd.com, that's another of my Email domains.:) It goes with vipervideo.com, which are more porn sites from a long time ago, with a company that only exists to pay webmasters and keep existing membership. Two people on staff check the mail daily, mostly to delete spam from their boxes.. Occasionally there is a customer query, but no real traffic. Some porn does really well (like voyeurweb.com), some didn't (like vipervideo.com).
Hehe.. About 15 different ones, depending on the applications and security required. All are combinations of letters (mixed upper and lower case) and numbers, usually with no meaning.. Sometimes it's a special meaning. The root password I used on an ex-girlfriend's server was a reminder I loved her. One number, two upper case letters, and 4 lower case letters, not in that order. If I use words, I usually misspell them badly, so I can say them verbally to someone who knows the password, without compromising it..
PFY: What's the root password? BOFV: fucked. PFY: [typing] F@uch3d...[enter]
(BOFV = Bastard Operator From Voyeurweb. hehe)
Don't get any ideas. You can't SSH into any of our networks from outside. Your best bet would be to break into my apartment. Then you could SSH into an authorized workstation, who would then have access to particular servers to get to other servers.. A pain sometimes, but very useful to keep the script kiddies out.. You'd be amazed what people try.. I still have people scanning one machine I left FTP open on for the user "admin" and "root". Different IP's, different methods, but at least a few times a day. It's entertaining.:) Ok, sometimes I get bored. I'm thinking of writing a pseudo-shell that people can try to fuck around in, where I can fuck with their heads.:)
Make it look like a Cray or some such, but every time you try to do something malicious, it'll laugh at you.:)
> uname -a unicosmk md 2.0.2.29 unicosmk CRAY T3E > uptime 03:45:29 up 168 days, 5:42, 168 users, load average: 105.02, 110.29, 108.96 > rm -rf/ You want to what? hahahaha! > cd/ Can't go there > ls ~ You can't look up there! PERVERT!:)
I'll stop bashing religions, when they stop harassing me.
Why did I have to pray to their god at school ("One nation, under God"), and was punished for not repeating the phrase?
Why do religious freaks stand on street corners and chant their christian garbage trying to save my soul?
Religion is thrown in our faces every day, and the Christians are the worst of them. Honestly, I have more respect for Muslims simply for the fact that I've never had one try to drag me to their church or convert me to their faith. Over the years, I've been to just about every kind of religious event.. Catholic, Jewish, Morman, Jehovia's Witnesses, Baptist, Presperterian, Lutherian, (x-ian ad nausium).
I've been told the wonders of Scientology and had my kharma examined. They have interesting insights into self examination and reflection through therapy (errr, talking of self to a more enlightened person). I like their bio-feedback/self control tool.. Talk to a scientologist, they'll tell you more.
The "pagan" religions have to be the best groups I've met.. Lots of openness without being pushed into anything. Ever been dragged into anything by a Wiccian? Probably not. But if you talk to them, they're more than happy to tell you everything they know. Well, unless they're "pagan", because they think pagan is cool. I'm rather upset that I have never found anyplace that can give me a good structured insight into their histories like the Christians have managed to put together.
If you read your message again, you'll immediately see how you point to people in Utah being of one religion. If I wore a T-Shirt with a pentagram on it, I'd probably be shot.
I don't.
I don't bring up religion in daily conversation. I won't knock you because you pray to God, Allah, o r any particular set of gods, or even self as god, but honestly I don't want anyone's religions pushed on me.. I have exactly one tattoo. it's a religious marking. It's a Celtic knot, symbolizing Earth, Air, Fire, Water, and Life...
And yes, I'm fun around the winter holidays. Celebrate the Winter Solstice, it's a great time of the year.. But leave your Christmas or Haunnaka in your pocket. Understand what you're celebrating before you tell your kids that St. Nick is coming down to drop presents under your tree. That's anything but a Christian celebration of faith.
You don't know how much it's been pissing me off that lately Bush has been making his whole war thing a christian vs Muslim thing.. Great. Piss off a bunch of Muslims.. I didn't know the USA is a Christian-only country, especially how we're suppose to be of religious freedom.. Utah is well known for it's religious freedom, as long as it's one religion..
Now ask what I am. I can't answer you.. Pagan maybe? They have a great viewpoint of understanding the universe.. Much better than "God created me, and I don't need to know anything else". Next week I'll be burnt on a stake as a witch. I can't say specifically what religion though.. I don't pray to gods or any particular set of gods. But, when I die, something will happen, and then I'll know. You never know, there may be a god that says "You should have moved to Salt Lake City, kiddo." Or I'll become part of a greater being that is the universe and all of us..
P.S., no offense to the thousands of other religions I didn't mention. You all have your good points too. More than likely I didn't say anything because you've never grabbed me on the street and said "READ MY BIBLE OR GO TO HELL!", and sure don't stand in front of every retail establishment for weeks on end begging for money just because you've declared it your holiday for giving.
People submit pictures to one of our sites. You must have a valid userid to post to one of them. We've had law enforcement contact us with subpoena's before saying the pictures were acquired in the commission of a crime, so we handed over all the information we had.. If that was your account, the police would be knocking on your door.
The most condeming case I can recall (and care to repeat) was a few years ago. I got the initial call at like 7pm Eastern. Los Angeles County Sheriff's District Attorney calling. I got the basic info, and got our lawyer on with him the next day so they could mull through everything (we cooperated fully).. Turns out this nice lady had nudie pictures in her house that her husband shot.. Someone broke in, roughed up her husband, and stole a whole bunch of stuff, including the pictures that were in her jewerly box. The robber scanned the pics, and submitted them to us as his own.. Aparently the IP and Email address we gave them was very helpful information.
Do you want someone using your Email, or saying something in a public forum as you that you wouldn't want to say? hell, even Google spiders/. , so a simple search on slashdot can bring up what this almost safe account provides..
If my name is attached to something, I don't want anyone else using it. Well, I also don't use my real name online, but that's another story.:) I already know the FBI has both names in the same file (Thanks Werner, you dick. And you *STILL* owe me USD $2,000.)
Nope, my rant was about stupid users, not Microsoft... Stupid users pick the password "password"
Just like stupid people leave their cars running while they run in to buy cigarettes and get their cars stolen.
Just like stupid people flash a wad of hundred dollar bills at the Quicky-Mart, and get mugged right outside..
I can secure a Windows server with the best of 'em. Except for security exploits (which that rant had nothing about mentioned), it'll be just as secure.. But this worm is all about stupid users picking stupid passwords for their shares. I'd be willing to bet the first password it tries is "", because every office I've ever gone into to fix a problem of any sort, that's what they've set the password to, usually with the reasoning of "oh, it's so we won't forget what it is".
This one is all about stupid people doing stupid things, no matter what platform they're on. If there was a script that tried to telnet to every *nix machine out there with blank passwords and succeeded would be making news too, but at least most people don't set blank passwords.. Or thankfully ssh won't let you in with a blank password by default (we tried it for humor).
Porn, actually. Funny how only a few were adult words, eh? Reading through the top 1000 or so, they're mostly variations on the 12345 theme, or dictionary words..
There are 260k usernames those came from.. Good luck though, too many tries and your IP is locked out indefinately.. But I forgot to mention which site, and which database. The site I got it from uses several password databases for various (archaic) reasons.. Don't worry, even if you do guess it, the system will figure you out (300 failures and one login in 5 minutes? Duh.), and issue a new password to the user.
If we didn't have precautions in place, I would have been a bit more nervous about posting anything..
Well, what do you think? If you can keep a piece of paper in your wallet, and only people with access to that paper know your password, it's more secure than a password that any kid on the Internet can get on a list.
Since you've asked the question, I'm tempted to try a dictionary scan of your account on here. I'll laugh if it's "password".:)
One of the guys in our Tampa office used to be a hard-core Be user.. We used to joke that their user base was 2, so there must be one other user out there.:) It was a joke, honest. We both liked Be.. It didn't support my video card, so I went back to Linux..
On your Windows question though, how many Windows users do you know that can configure Windows themselves? Pick a random home Windows user, and port scan him. Then ask them why they have all kinds of services open. Even "advanced" users get all kinds of confused.. I had one Email me last week absolutely screaming about how we had routed his IP to the wrong network.. Turns out he had turned off the ethernet interface because he didn't think he needed it.. And on his Email tagline, he's an MSCE+I, or some such nonsense..
Windows users don't configure their machines. They come from the factory set one way, and that's how they stay forever (pretty much). We could be selling machines with Linux to be exactly the same way..
I've told Windows users to open a DOS window and type "ipconfig" (or winipcfg as correct), and they get lost just after clicking "Start-->Run". Users are all stupid, it doesn't matter what they run.. I think Apple has done a beautiful job of proving it.. They've successfully converted their users over to Unix (OS/X). As long as you don't put the scary "Unix" name on it, they aren't scared.:)
Mostly because users are lazy and complain a lot if they don't get their way...
Unfortunately with one of our sites, I didn't get involved with it until it had been around for years, so all the users had already picked easy passwords for themselves.. But it applies to everything... I'd bet if Cmdr Taco looked at his list, he'd have similiar password stats to mine.. Except he'd probably have a higher incidence of "slashdot" and "linux" as passwords..
Aw, it's not always Microsoft's fault.. If it isn't, we can blame the stupid users for using easy passwords. I work with Point Of Sale systems occasionally (when people ask for help), and find stupid stupid stupid passwords there. Store ID's (like as printed on your receipt), the owner's name, or just "password".. Like, they want to make it easy for the stereotypical TV hacker to get in or something.. The best one that usually gets me stuck is just hitting [enter]. I usually start off with the assumption that they used *SOMETHING* as a password. Sometimes they don't.. "It's too hard for the staff to remember."
Hey buddy, it's your security. If I come in when your cashier is on a smoke break and no one is looking, I'll just hit enter, cash out, and leave.. No problems here.
I usually go into a 15 minute speech on how secure passwords are important, and how they must mix upper and lower case letters with numbers and characters, so as to *NOT* make dictionary words. "Password" doesn't count, duh. I've gone back to the same stores months later, and tried the old password, and it worked.. I don't even have to ask for access to their system, I just get in and start fixing for them..
Good thing I'm a good guy.. I could just log in as their admin user, ring up a no-sale on all the registers, and leave.. I could even mark their logs that *THEY* cashed out all the drawers like they closed the day.. {sigh}
We can't blame Microsoft for making their customers stupid. Its just like blaming AOL for making their customers stupid. They didn't. They marketed to stupid people who would buy anything.
I don't even want to hear one word back from an AOL person on WinXP using MSIE.. You're their sucker.. You fell for getting the stupid AOL 9.999 CD and 100000 free hours, you bought Windows, and happily agreed to their licenses, and you probably bought a whole stack of beautifully hologramed Microsoft products right along with your new Microsoft taxed computer, but you'll still bitch that it crashes, and wonder why I just look at you funny because my Linux machines never crash..
I wish we had the time to educate people just a little bit.. But some of them are so dense it isn't even funny.. How do you tell them "Stop using AOL. You're paying $29.95 for a $19.95 service..". it's like saying they're paying $30 at K-Mart for a cheap toy, when they could spend $20 for the a toy that looks the same, but goes faster and is more fun to play with..
Stupid consumers will still spend $30 because the TV Ad told them it's the best..
You're the same people that will pay a couple hundred dollars for the next version of Windows that will still crash, and you'll still cry that it doesn't work.. You won't even consider that you've already bought Win3.1, Win95, Win98, Win2k, WinME, WinXP, and none of those have worked right. Maybe the next one will work properly? I have a beautiful bridge in Brooklyn to sell you too.
Oddly enough, root came in very low.. The highest one is "rootbeer" with 7.. That'd make it ranking around 3540.. I feel unloved.. If one person had "iloveroot", that would have made my day.:)
I tell them I use the same one for everything. My suitcase, my ATM pin, and my private vault at home. It's easy. 1234 . Just don't give it out to anyone.:)
Now, if they were smart, they'd know I have a cheap suitcase, 'cause they don't pay me enough to have good luggage to go anywhere with. I've been using the same olive drab duffle bag for the past 12 years, and it doesn't have a lock. As for the vault at home, all I have to hide in it is my clean socks, and right now I only have one pair of those.:)
Hehehee... It didn't have internet access, or I would have.. But the Internet Kiosks at CompUSA have a mysterious habit of getting their home pages changed.:)
I wish I could do something with those refrigerators with the touch screen WinCE/XP thing to do anything.. Every time I touch one it crashes, so I don't even know if they have connectivity.
Ahhhh, the perfect diet.. Every time you go to the fridge, you see... well, I'll not be descriptive.. I don't think I'd ever be able to eat again.:)
Hey Bob, watch what happens when I put a match to this balloon!
hehe
Well, everything I've ever heard or read about trying electrolysis can't produce enough hydrogen to fuel a car. Breaking down water into hydrogen and oxygen and feeding just won't cut it. If it could, a more robust system should be able to power the car by itself.
The theory does sound interesting though. I'm curious myself if it would work.
After reading his text, I have to wonder about the author though. He says he has a background in chemestry (at least teaching it in hgih school), but then failed to do any sort of consistant tests. He used his fuel gauge to measure the fuel usage? Gauges are rarely accurate. You're using a linear measure in a irregularly shaped tank. I've had the luxury of testing this on many road trips. I'd watch milages roll by and the gas guage would drop slowly at the beginning, implying a very good fuel economy. But when we get to the bottom of the tank the needle drops fast.
Anyone who owns a late model F-Body car (Firebird or Camaro) knows this. One friend lives by the rule of, if his car reads 1/4 tank, find a gas station. If I remember right, 1/4 means you have about 3 gallons in the tank, on a 16 gallon tank.
He honestly should have been at least stopping at gas stations, filling the tank, and measuring his milage. Not 100% accurate, but much better than reading the gauge.
The links he has on the bottom of the page scare me. I knew someone who absolutely lived by the concepts of doing all the witchcraft mechanics for power. He also calculated his car had 500hp based on add-on parts and their advertised increase percentages. hehe.
With all that said, some time I have lots of spare time on my hands, and an urge to put several hundred miles on my car, I'll try out his concept. I'd love to say that I've increased my horsepower by x%, and fuel economy by x mpg.. More than likely I'll say "that was interesting.", and pull all the crap off.
365hp from a Mustang? Congratulations.. Not too often I see a good strong Mustang. Ford really messed up making their GT's so weak. I hear the new Cobra's are going to be closer to 400hp. I've seen a few great Mustangs up in your class. My favorite was a late 80's, with a 351 and NOS. *THAT* was a quick car. As far as I know, the owner never dyno'd it, so I don't know the horsepower.
:)
:) Not bad for a mostly stock 330hp car.. I manage around 20 with a mix of city and highway driving. Los Angeles traffic doesn't help though. "Hey, we're on the 110 leaving downtown at rush hour. Set the parking brake, and light a cigerette, we'll be here for a while."
:) But applying so much more power, it's easier to push the weight around. Idling along on the highway in 6th gear the throttle is barely pressed to hold my speed. I drove a 4 cyl Acura sedan from Los Angeles to San Diego, and confused myself a few times because pushing the gas a little didn't do anything.. Full throttle on an up-hill on ramp simply isn't the same. I'm a firm believer that people should put more efficent parts on their car (better design cam, higher compression heads, better flowing parts). Do it well, and you'll have a better driving car..
I've driven a '95 and '2000 Mustang GT, and was upset how slow they were. We don't even need to get into how bad the V6 convertables are.
I drive a 2000 TransAm WS/6. I just drove it from Florida to California and with the cruise set to 80mph in 6th gear the engine was under 2k RPM and I got 26mpg..
I used to drive a heavily modified 1982 TransAm that was about 400hp (carburated Chevy smallblock 350). It only got about 20mpg. It only had a 4 speed stick, which really hurt. I wanted to go with a 5 speed, but was warned that the stock 5 speed wouldn't handle the power, and I didn't have money to go aftermarket at the time.
Needless to say if I was seriously running either TransAm, the milage went down. Stop and go oval racing the '82, I got 6 gallons per mile. I just had the 2000 out at a street type track recently. I didn't do a proper fuel estimation, but I went maybe 75 miles on 1/2 tank (8gal).
After market parts can really do wonders for fuel economy. Of course they're all marketed for speed.
I guess I should add some Tim "The Tool Man" Taylor grunts here.. {grunt}{grunt}{grunt}
But staying on a tight budget is what I'm best at.
If we use a K5 Blazer, parts are cheap and very available. People who know how to work on it are a dime a dozen. If you go to most mechanics, they'll probably be able to listen to your problem description and figure it out. And more importantly for this, getting parts is easy. If you want something a little different, any junk yard has compatable parts. I can't say the same for a Hummer.
Hmmm.. That'd make you a troll, wouldn't it?
Your points 1 and 2 may have some reality though. I *WANT* to do this.. But, if I do, it's going to mean some serious work. That'll mean I'll have to drop just about everything I do in my free time to get it done. If it was a team of say 10 to 20 people, it'd be easier, but more than likely we'd spend every night programming for it, and every weekend testing it out in the desert. And more than likely that would mean at least one day per week would be repairing something from the damages caused during that weekend's test runs.
It sounds like a really fun project, but without serious backing (like, someone to payroll 10 to 20 people and equiment), it's not going to happen. That kind of payroll would easily exceed the prospective prize.. Well, except for the fact that you know someone is going to hire your team at mad money pay if they do a good job of it..
That becomes a slight budget issue.. I was going on the assumption that we didn't have one.. Unless a sponsor wants to give us a Hummer, a used blazer is going to be a lot easier to get a hold of.. A quick search on autotrader.com for 1983 through 1989 Chevy Blazers within 25 miles of Los Angeles found 4 with an average price of $2500. One ad in particular sounds perfect. A recently rebuilt K5 blazer 4x4 with a 6.2L turbo diesel and a rebuilt transmission, for like $4,000.. If I was going to send something out for rough terrain, that would be what I'd want to be in.. Looking at the picture, I'd say the only thing it needs is offset rims (for a wider stance), and wider tires. Not necessarly taller (taller can become a rollover hazard), but wider to handle soft or unpredictable surfaces.
I still think the blazer would be the best choice.. An older one wouldn't set us back too bad. It would definately have to be something that could fall off a cliff and no one would miss.. :)
:)
:)
Slop in steering is easily fixed. I've worked on cars for years. There's nothing broken that can't be fixed.. Usually in most sedans and trucks like this, older wear cases with huge slop in the steering is the steering gear box, which is relatively cheap to replace. If this was a race car type vehicle, I'd say to replace it with a gear box from an F-Body, but for this application, it would probably be very worth while to take the extra revolutions on turns, to help make turns easier. I don't believe these trucks were rack&pinion, so they have a linkage system for steering. The joints of the links wear. I've changed quite a few components involved over the years. Usually they aren't expensive, unless you go to the dealership for the parts.
I'm fairly sure I read in the instructions that ATV's were pretty much disallowed. Since it's a 250 mile trek (mininum), I wouldn't really want to send an ATV out for the task. Making a tank would be a fun project in itself, but I'd be looking at it as "would I want to be in this, in the middle of the desert". Something completely home-grown isn't wouldn't exactly be the most comfortable place 100 miles from anywhere.. I used to dirt bike ride out in the middle of nowhere, and now I really consider myself a fool for some of the rides I made. Luckly most of the time there was a second bike, so I could always get a ride home, and then come back out with a truck to collect the bike..
The ground effect vehicle is out by the rules too.. Pretty much they're saying wheels, tracks, or feet.
The rules elude to complete lack of visibility at points, and the very good chance of loss of GPS services. I'm not sure what that means. I suppose in a cavern or something of the sort, where you don't have a good view of the sky, all the satellites could be lost. That would be a good reason to keep an idea in the programming of "if the GPS and triangulation look impossible", default back to distance traveled and magnetic bearing..
The rules say that any commercially available 4x4 vehicle could make the quest, so I'd think the tank may not be necessary.. Of course, it does have to make 250 miles in 10 hours, so just to complete you're looking at an average speed of 25mph. I'm sure someone is going to manage it. A regular truck could achieve 90mph fairly easily, conditions permitting.
I do wonder if self-righting hydraulic rams would be a consideration. Like, if you spill down a hill, if it could push itself upright again to keep going..
G'morning all.
:)
:) Radio stations make for decent markers too. Since you have something the size of a truck, it would be a piece of cake to triangulate distance and direction to any one becon, and use any two to fix location.
:)
This sounds like fun.. Personally, I don't have *ALL* the skills required to pull this one off, but if anyone's forming a team in the Los Angeles area, I'm in.. I have skills everywhere from the technical aspects of making a vehicle work to engineering of the hardware involved.
I'm thinking something like a slightly modified S-10 Blazer, or K5 Blazer. Positraction (not available on the older S-10's) is a must. Probably the K5 would be the better choice, for extra room in the engine compartment for controls.
I did a quick read through their forums. There's some interesting (and optimistic) talk of stereo vision through, laser vision/guidance, and ground evaluation through radar.. A few of the people sound like they have a clue, and some others didn't even read the rules..
Some of them are talking about exotic hardware solutions, that they'll probably spend all the available time building, and then wonder why they don't have a working vehicle to go with it. Some others were talking about cool Xeon based systems, and forget that they get hot, and this is going to be running in a vehicle in the desert for 10 hours. One mentioned the hardships of hard drives, and doesn't even realize that you can use Compact Flash as your hard drive, and do stuff from there. No one yet mentioned using Linux..
My thoughs on a practical vehicle is a late 80's Chevy K5 blazer. Radar (like the backup radar in late model Lincoln's) to evaluate for local blockages. Vision system, like a stereo camera hooked up to a Linux box (this is where I'm at a loss. I don't think I could do this software).
Steering control would be an electric motor with chain drive just before the steering box. That way, no major changes to the steering need to be done.
Acceleration is a simple motor pulling on the throttle assembly, just like the vacuume accuator on cruise control.
Braking would need to be something more substantial. probably a pneumatic ram on the brake pedal lever itself.
I'd suspect it'll take a few computers to run it, but in something the size of a K5 blazer, we'd have no only room to mount it, but more than enough room to mount it preventing shocks... The computers would need to be hard-drive free though.. Compact flash cards of say 512Mb would be just about all we'd have to work with. That should be sufficent though.
The site says they're providing several checkpoints which are mandatory to pass through/stop at. There will also be mandatory waypoints, which define the path. Fairly easily, go from waypoint to waypoint. If there's an obstical, decide for left or right turn to go around.. More than likely the easiest thing would be to use GPS to establish a location (when available), and use other public navigation beacons the rest of the time.
Anyone who's flown knows how many radio navigation beacons are available.
When you detect an obstical, mark it on an onboard map, and figure out a way around. That would be for big obsticals like canyons or mountains. Small obsticals, you steer around.
I can design and build anything required to make the vehicle itself work. Navigation will be up to someone else. This is/will be a team project, so as many hands as we can get involved would be cool.
Can we get Cmdr Taco's permission to put "Slashdot" down the side of the truck?
Who's in? Reply here first, then we'll get in contact in real life.
Damn, that's a cool project.. The kid looks just like one of my friend's sons.. And he'd definately be the type to drive it around the neighborhood, and terrorize anything he could with a pneumatic cannon.. :)
:) From the sounds of it, these would be about as expensive as the motor and batteries that he used.. Of course, I have no idea what he'd need to use to make the drive reverse.. Using either track in forward is easy. putting one in reverse to spin the tank would take an extra transmission piece..
:) Imagine chasing each other around a yard with potato's in the cannon.. Muhahahaaaaaa..
My only real suggestion would have been to make at least the drivetrain and suspension out of metal.. Ya, it'd take a bit of extra work, and may need to invest in some new tools (but possibly not), but it would have definately been worth it..
Personally, if I had the space and time, I would have gone for something a bit bigger. Maybe 1:2 scale, and probably used metal instead of wood.
I've seen quite a few 50cc motorcycles and mopeds with automatic clutches and one speed, that can get someone my size on a small frame going about 30mph. A pair of 50cc motorcycle engine/transmission combo's would make a pretty cool tank that wouldn't be too loud, and still get like 40mpg.
Oh, I got it.. Put the drive in a slot. If it's in one position, it moves forward. If it's in the other, it hits the other side of the inside of the tracks, and pushes back.. That would only require a solinoid, like the electric locks in a car use.
Tee-hee..
I need to move into a house with space, so I can build one for myself.. Hehe..
I guess it's a good thing this guy isn't my neighbor.. We'd probably have a full fledged tank built by now (minus armour to save weight), with a working pneumatic gun..
I really should have applied for junkyard wars.
Yeah, an interview with a company that didn't mind being slashdotted might not be a bad idea. So many sites die from CPU load even if they've got plenty of bandwidth.
Since they'll never interview us, I'll just post what I know when people ask.
It'd be interesting hearing partially about what servers and what configurations you use, but also what design issues you found, especially as it looks like there's a fair bit of dynamic content.
We use cheap, fast servers, and lots of them.
Those machines were being overwhelmed, so the hosting company bought a huge multi-processor Sun machine to do the job.. I believe the price tag was like $40k. They moved all the sites over to the new server, and it just barely took the load.
It was shortly after that, that we met up with Igor, and Igor decided that we should be what Voyeurweb is now.. We decided at the time to buy 10 relatively cheap decent servers to handle the sites, plus have room to grow. 9 of these machines were AMD K6 450Mhz with 256Mb RAM and IDE hard drives. They cost roughly $1000/each. With Apache configurations identical to the old servers, we managed to pull about 8Mb/s per machine, which was more than enough then... Over the next few months, we played with tweaking the Linux kernel (it needed lots of tweaking back then), and tweaked Apache up a bit.. We got up to 32Mb/s before Apache couldn't keep up on these machines (too many processes, not enough memory). We then went exploring other web server softwares, and found thttpd.. These same machines could now serve 80Mb/s...
We retired all those old machines a couple months ago. I have some of the parts in a cabinet in my office now, that we're putting back up as little servers as needed, from the parts that still work right. The motherboards and CPU's are all fine. Some of the memory isn't perfect, so it gets tossed. Hard drives and power supplies were most of our failures. We got years of service out of them, so I honestly have no complaints.
Most of the new Voyeurweb servers are Asus 1400r servers. Dual 1.4Ghz PIII, 2Gb RAM, IDE hard drives.. Honestly, they're beautiful machines that you can get real cheap. They can each serve 150Mb/s without flinching. It took adding TEQL to the kernel, and having two network cables plugged in. thttpd works better with mutliple instances each bound to it's own IP, at this kind of load, but it's a small sacrifice... With the current kernel (2.4.20), we're down to just a few boot-time kernel changes using
We do free hosting for sites that use our "ProAdult" authentication. Those go on identical machines, usually in pairs for redundancy.. There are other machines on the network, that we've built out experementing with them over the years.. I made some really nice machines with CalPC cases, and Asus motherboards.. Unfortunately, they're hard to cool. A couple companies make good CPU fans for 1u cases. We had to put an additional blower fan in to keep the CPU at a reasonable temperature.. Actually, they're from Radio Shack.
We're using the Asus machines more now though, because they have a great cooling method, and almost no machine failures
Oh I had misread your earlier message as saying that 10% of all passwords were 1234.
:) Password sites are very predictable though, so a few regular expressions can spot them coming a mile away.
/. effect, except their all stealing). A lot of porn sites are very very small, and either are just virtual hostings, or just on one small server. That's where I'm lucky. We know we get lots of traffic, so we already have lots of servers up to handle the load. If I gave out a password today for all the /. users to look at free porn all day, we wouldn't take a hit in performance. A couple hundred Mb/s extra all day probably, but nothing we couldn't handle.
:) But then there are some things I'd like to ask him..
:)
:)
No problem. I wasn't very clear about it. I'm in the habit of doing lists with 'wc -l', and forget that only people that work with me all the time are used to it.
And yeah, I can imagine you get a lot of scans. If I was to do this I'd either use proxies from major ISPs (where you likely have subscribers you wouldn't want to ban) or bounce at random intervals through many proxies, preferably private ones on friends' computers.
Both of those are very popular.. People have been writing applications to scan for passwords for years, so they've become very practiced at better and better methods.. The best ones I've seen use lists of thousands of proxies, sending only a few requests through each.. Sometimes fresh proxies show up, but most of the script kiddies get their proxy lists from each other, so even a good proxy will get caught by the system pretty quick. They ruin their own proxy base pretty quickly all on their own..
My biggest concern isn't even of Joe-user trying to get a password.. You're just one extra user in a base of hundreds of thousands. Who cares, right? But when you give that to 5 friends who then give it to 5 friends, then we have a whole bunch of users in (that's caught too). But the bigger problem is the people who scan for passwords just to post them to passwords sites. Now instead of 5 or 6 people coming in with that account, we can have 10,000 try within an hour. Some of those sites are big. They have their own set of rules in our security program.
Once in a while, I'll check out the password sites we've caught, and look at the other sites listed. If they're running, very frequently the extra traffic will kill the servers (just like the
Cmdr Taco should do a Slashdot Interview on us one day..
I like the script that changes passwords. But why not just scan the database now, mail out secure passwords to everyone who fails the check, and in the future, mark all guesses from an IP tagged as a scanner as failure, regardless of what they guess?
When I started, we already had 200k users in the database. I couldn't just reissue 90% of the passwords. People would be freaking out all over the place. The ones that we do change get rather pissy over it, but we have a legitimate reason for it, rather than just saying "because we want to." I'd *LOVE* to have a script go through the database, take every dictionary word and change it to a better password, and Email the user.. But, people would be ready to kill me when 200k users start complaining.
But, I can get more porn than I can, um... use, from The Hun's, other free services, Gnaughty (check this out) and p2p programs. It was for the intellectual exercise.
The funny part of my whole exercise in password security is that our biggest site, voyeurweb.com, has a whole lot of good free porn on it. The pay sites are just more specific. Like, redclouds.com has hardcore pictures in it, and homeclips.com has video clips. But a million or so people use voyeurweb.com every day just because it's free.. Well, and there's no popups or ads, so it's not obnoxious.. And it's fast.. That's one of the mandates from the bosses is that all the sites *HAVE* to be fast.
And yeah, I've got a domain I use for mail (and private pages, and hidden links that are meant for friends but aren't supposed to be secure, like pictures from parties, etc) and it doesn't have a front page (or easily guessable page) and people tell us it's down even though we don't actually send anyone there.
That's exactly the way voynetworks.com and vvd.com were for years, but then people would start sending complaints to my bosses who would then bitch at me.. It was easier to put up pages with a single image, than to explain to them once every month or so that we don't actually have any content on those names.
I'd give you a hint, but it wouldn't help much. I'll give you the sites in order of age.
m eclips.como adult.com
:)
:) I did notice that Slashdot is already blocking some for abuse (specifically Chinese). I'm thinking of sending the whole list over to Cmdr Taco so he can update his lists. :)
:) It's automated, so there's no lag time from us.
:) Sometimes it shows up inside the site on stuff I'm developing if I haven't changed the name to the site it belongs with yet. Mostly, I got annoyed when people would tell me, "Your site is down", meaning the one associated with my Email address. Duh, like, no one goes there. Check vvd.com, that's another of my Email domains. :) It goes with vipervideo.com, which are more porn sites from a long time ago, with a company that only exists to pay webmasters and keep existing membership. Two people on staff check the mail daily, mostly to delete spam from their boxes.. Occasionally there is a customer query, but no real traffic. Some porn does really well (like voyeurweb.com), some didn't (like vipervideo.com).
voyeurweb.com
redclouds.com
watchcams.com
ho
funbags.com
proadult.com
quantum.pr
There are two to four auth databases, depending on a varity of things that have happened since the site was created. So there, you have a whole bunch of sites to try...
It wasn't 10% were "pass", that was the count of a database of 260k users, so the highest one (password: 1234) is used in 505 of 260,000 accounts, or 1:500. Since the password scanners picked up on those a long time ago (like, before I was doing security), those easy passwords go with harder usernames if they still exist.
I'll give the short advisory first though. People password scan us all day every day..
Too many wrong passwords from an IP, and you're blocked for 24 hours.
Too many scans from a proxy, and the proxy is blocked indefinately. I have a beautiful list of anonymous proxies should anyone want to buy it from me.
If you do scan for passwords, and manage to get one right, the system will change the password for the user automatically, and Email the user with their new password, so before your script notifies you that you've won, we've already changed it.
Thanks about the logo. I actually just jacked the picture from voyeurweb.com (our biggest site), and mangled it a little with photoshop til it looked suitable for this page.. No one goes there, unless they're bored. Until recently the only place that the name showed up is as our DNS servers and on my Email..
Hehe.. About 15 different ones, depending on the applications and security required. All are combinations of letters (mixed upper and lower case) and numbers, usually with no meaning.. Sometimes it's a special meaning. The root password I used on an ex-girlfriend's server was a reminder I loved her. One number, two upper case letters, and 4 lower case letters, not in that order. If I use words, I usually misspell them badly, so I can say them verbally to someone who knows the password, without compromising it..
:) Ok, sometimes I get bored. I'm thinking of writing a pseudo-shell that people can try to fuck around in, where I can fuck with their heads. :) :)
/ / :)
PFY: What's the root password?
BOFV: fucked.
PFY: [typing] F@uch3d...[enter]
(BOFV = Bastard Operator From Voyeurweb. hehe)
Don't get any ideas. You can't SSH into any of our networks from outside. Your best bet would be to break into my apartment. Then you could SSH into an authorized workstation, who would then have access to particular servers to get to other servers.. A pain sometimes, but very useful to keep the script kiddies out.. You'd be amazed what people try.. I still have people scanning one machine I left FTP open on for the user "admin" and "root". Different IP's, different methods, but at least a few times a day. It's entertaining.
Make it look like a Cray or some such, but every time you try to do something malicious, it'll laugh at you.
> uname -a
unicosmk md 2.0.2.29 unicosmk CRAY T3E
> uptime
03:45:29 up 168 days, 5:42, 168 users, load average: 105.02, 110.29, 108.96
> rm -rf
You want to what? hahahaha!
> cd
Can't go there
> ls ~
You can't look up there! PERVERT!
I'll stop bashing religions, when they stop harassing me.
Why did I have to pray to their god at school ("One nation, under God"), and was punished for not repeating the phrase?
Why do religious freaks stand on street corners and chant their christian garbage trying to save my soul?
Religion is thrown in our faces every day, and the Christians are the worst of them. Honestly, I have more respect for Muslims simply for the fact that I've never had one try to drag me to their church or convert me to their faith. Over the years, I've been to just about every kind of religious event.. Catholic, Jewish, Morman, Jehovia's Witnesses, Baptist, Presperterian, Lutherian, (x-ian ad nausium).
I've been told the wonders of Scientology and had my kharma examined. They have interesting insights into self examination and reflection through therapy (errr, talking of self to a more enlightened person). I like their bio-feedback/self control tool.. Talk to a scientologist, they'll tell you more.
The "pagan" religions have to be the best groups I've met.. Lots of openness without being pushed into anything. Ever been dragged into anything by a Wiccian? Probably not. But if you talk to them, they're more than happy to tell you everything they know. Well, unless they're "pagan", because they think pagan is cool. I'm rather upset that I have never found anyplace that can give me a good structured insight into their histories like the Christians have managed to put together.
If you read your message again, you'll immediately see how you point to people in Utah being of one religion. If I wore a T-Shirt with a pentagram on it, I'd probably be shot.
I don't.
I don't bring up religion in daily conversation. I won't knock you because you pray to God, Allah, o r any particular set of gods, or even self as god, but honestly I don't want anyone's religions pushed on me.. I have exactly one tattoo. it's a religious marking. It's a Celtic knot, symbolizing Earth, Air, Fire, Water, and Life...
And yes, I'm fun around the winter holidays. Celebrate the Winter Solstice, it's a great time of the year.. But leave your Christmas or Haunnaka in your pocket. Understand what you're celebrating before you tell your kids that St. Nick is coming down to drop presents under your tree. That's anything but a Christian celebration of faith.
You don't know how much it's been pissing me off that lately Bush has been making his whole war thing a christian vs Muslim thing.. Great. Piss off a bunch of Muslims.. I didn't know the USA is a Christian-only country, especially how we're suppose to be of religious freedom.. Utah is well known for it's religious freedom, as long as it's one religion..
Now ask what I am. I can't answer you.. Pagan maybe? They have a great viewpoint of understanding the universe.. Much better than "God created me, and I don't need to know anything else". Next week I'll be burnt on a stake as a witch. I can't say specifically what religion though.. I don't pray to gods or any particular set of gods. But, when I die, something will happen, and then I'll know. You never know, there may be a god that says "You should have moved to Salt Lake City, kiddo." Or I'll become part of a greater being that is the universe and all of us..
P.S., no offense to the thousands of other religions I didn't mention. You all have your good points too. More than likely I didn't say anything because you've never grabbed me on the street and said "READ MY BIBLE OR GO TO HELL!", and sure don't stand in front of every retail establishment for weeks on end begging for money just because you've declared it your holiday for giving.
Well, it's your reputation. Or your liability.
/. , so a simple search on slashdot can bring up what this almost safe account provides..
:) I already know the FBI has both names in the same file (Thanks Werner, you dick. And you *STILL* owe me USD $2,000.)
People submit pictures to one of our sites. You must have a valid userid to post to one of them. We've had law enforcement contact us with subpoena's before saying the pictures were acquired in the commission of a crime, so we handed over all the information we had.. If that was your account, the police would be knocking on your door.
The most condeming case I can recall (and care to repeat) was a few years ago. I got the initial call at like 7pm Eastern. Los Angeles County Sheriff's District Attorney calling. I got the basic info, and got our lawyer on with him the next day so they could mull through everything (we cooperated fully).. Turns out this nice lady had nudie pictures in her house that her husband shot.. Someone broke in, roughed up her husband, and stole a whole bunch of stuff, including the pictures that were in her jewerly box. The robber scanned the pics, and submitted them to us as his own.. Aparently the IP and Email address we gave them was very helpful information.
Do you want someone using your Email, or saying something in a public forum as you that you wouldn't want to say? hell, even Google spiders
Google Seach for Default Luser on Slashdot.
If my name is attached to something, I don't want anyone else using it. Well, I also don't use my real name online, but that's another story.
Nope, my rant was about stupid users, not Microsoft... Stupid users pick the password "password"
Just like stupid people leave their cars running while they run in to buy cigarettes and get their cars stolen.
Just like stupid people flash a wad of hundred dollar bills at the Quicky-Mart, and get mugged right outside..
I can secure a Windows server with the best of 'em. Except for security exploits (which that rant had nothing about mentioned), it'll be just as secure.. But this worm is all about stupid users picking stupid passwords for their shares. I'd be willing to bet the first password it tries is "", because every office I've ever gone into to fix a problem of any sort, that's what they've set the password to, usually with the reasoning of "oh, it's so we won't forget what it is".
This one is all about stupid people doing stupid things, no matter what platform they're on. If there was a script that tried to telnet to every *nix machine out there with blank passwords and succeeded would be making news too, but at least most people don't set blank passwords.. Or thankfully ssh won't let you in with a blank password by default (we tried it for humor).
Porn, actually. Funny how only a few were adult words, eh? Reading through the top 1000 or so, they're mostly variations on the 12345 theme, or dictionary words..
There are 260k usernames those came from.. Good luck though, too many tries and your IP is locked out indefinately.. But I forgot to mention which site, and which database. The site I got it from uses several password databases for various (archaic) reasons.. Don't worry, even if you do guess it, the system will figure you out (300 failures and one login in 5 minutes? Duh.), and issue a new password to the user.
If we didn't have precautions in place, I would have been a bit more nervous about posting anything..
Well, what do you think? If you can keep a piece of paper in your wallet, and only people with access to that paper know your password, it's more secure than a password that any kid on the Internet can get on a list.
Since you've asked the question, I'm tempted to try a dictionary scan of your account on here. I'll laugh if it's "password".
So, you're the other BeOS User. :)
:) It was a joke, honest. We both liked Be.. It didn't support my video card, so I went back to Linux..
:)
One of the guys in our Tampa office used to be a hard-core Be user.. We used to joke that their user base was 2, so there must be one other user out there.
On your Windows question though, how many Windows users do you know that can configure Windows themselves? Pick a random home Windows user, and port scan him. Then ask them why they have all kinds of services open. Even "advanced" users get all kinds of confused.. I had one Email me last week absolutely screaming about how we had routed his IP to the wrong network.. Turns out he had turned off the ethernet interface because he didn't think he needed it.. And on his Email tagline, he's an MSCE+I, or some such nonsense..
Windows users don't configure their machines. They come from the factory set one way, and that's how they stay forever (pretty much). We could be selling machines with Linux to be exactly the same way..
I've told Windows users to open a DOS window and type "ipconfig" (or winipcfg as correct), and they get lost just after clicking "Start-->Run". Users are all stupid, it doesn't matter what they run.. I think Apple has done a beautiful job of proving it.. They've successfully converted their users over to Unix (OS/X). As long as you don't put the scary "Unix" name on it, they aren't scared.
Mostly because users are lazy and complain a lot if they don't get their way...
Unfortunately with one of our sites, I didn't get involved with it until it had been around for years, so all the users had already picked easy passwords for themselves.. But it applies to everything... I'd bet if Cmdr Taco looked at his list, he'd have similiar password stats to mine.. Except he'd probably have a higher incidence of "slashdot" and "linux" as passwords..
Aw, it's not always Microsoft's fault.. If it isn't, we can blame the stupid users for using easy passwords. I work with Point Of Sale systems occasionally (when people ask for help), and find stupid stupid stupid passwords there. Store ID's (like as printed on your receipt), the owner's name, or just "password".. Like, they want to make it easy for the stereotypical TV hacker to get in or something.. The best one that usually gets me stuck is just hitting [enter]. I usually start off with the assumption that they used *SOMETHING* as a password. Sometimes they don't.. "It's too hard for the staff to remember."
Hey buddy, it's your security. If I come in when your cashier is on a smoke break and no one is looking, I'll just hit enter, cash out, and leave.. No problems here.
I usually go into a 15 minute speech on how secure passwords are important, and how they must mix upper and lower case letters with numbers and characters, so as to *NOT* make dictionary words. "Password" doesn't count, duh. I've gone back to the same stores months later, and tried the old password, and it worked.. I don't even have to ask for access to their system, I just get in and start fixing for them..
Good thing I'm a good guy.. I could just log in as their admin user, ring up a no-sale on all the registers, and leave.. I could even mark their logs that *THEY* cashed out all the drawers like they closed the day.. {sigh}
We can't blame Microsoft for making their customers stupid. Its just like blaming AOL for making their customers stupid. They didn't. They marketed to stupid people who would buy anything.
I don't even want to hear one word back from an AOL person on WinXP using MSIE.. You're their sucker.. You fell for getting the stupid AOL 9.999 CD and 100000 free hours, you bought Windows, and happily agreed to their licenses, and you probably bought a whole stack of beautifully hologramed Microsoft products right along with your new Microsoft taxed computer, but you'll still bitch that it crashes, and wonder why I just look at you funny because my Linux machines never crash..
I wish we had the time to educate people just a little bit.. But some of them are so dense it isn't even funny.. How do you tell them "Stop using AOL. You're paying $29.95 for a $19.95 service..". it's like saying they're paying $30 at K-Mart for a cheap toy, when they could spend $20 for the a toy that looks the same, but goes faster and is more fun to play with..
Stupid consumers will still spend $30 because the TV Ad told them it's the best..
You're the same people that will pay a couple hundred dollars for the next version of Windows that will still crash, and you'll still cry that it doesn't work.. You won't even consider that you've already bought Win3.1, Win95, Win98, Win2k, WinME, WinXP, and none of those have worked right. Maybe the next one will work properly? I have a beautiful bridge in Brooklyn to sell you too.
Shall I rant?
Funny this, but "God" specifically doesn't show up in this set of 260k users.. But there are 143 words containing "god".. Here are the top ones. :)
:)
22 godzilla
5 godfathe
4 goddess
3 godsmack
3 gods
3 godiva
2 sungod
2 netgod
2 iamgod
2 goodgod
There were 294 words with "sex" in them, the top ones are:
84 sexy
25 sexx
17 sexsex
8 sexual
7 sexo
6 sexe
5 sussex
5 sextoy
5 sex4me
5 ilovesex
And 278 with "love" in it..
86 love
33 lover
21 lovers
14 loveme
13 iloveyou
10 loveit
Oddly enough, root came in very low.. The highest one is "rootbeer" with 7.. That'd make it ranking around 3540.. I feel unloved.. If one person had "iloveroot", that would have made my day.
I tell them I use the same one for everything. My suitcase, my ATM pin, and my private vault at home. It's easy. 1234 . Just don't give it out to anyone. :)
:)
Now, if they were smart, they'd know I have a cheap suitcase, 'cause they don't pay me enough to have good luggage to go anywhere with. I've been using the same olive drab duffle bag for the past 12 years, and it doesn't have a lock. As for the vault at home, all I have to hide in it is my clean socks, and right now I only have one pair of those.
Hehehee... It didn't have internet access, or I would have.. But the Internet Kiosks at CompUSA have a mysterious habit of getting their home pages changed. :)
... well, I'll not be descriptive.. I don't think I'd ever be able to eat again. :)
I wish I could do something with those refrigerators with the touch screen WinCE/XP thing to do anything.. Every time I touch one it crashes, so I don't even know if they have connectivity.
Ahhhh, the perfect diet.. Every time you go to the fridge, you see