Re:Screen scraping cold war
on
Perl & LWP
·
· Score: 1
I've been waiting for this for some time with eBay (I develop bidwatcher). They claim they don't want you to be able to use an 'automated tool' to access their site. So far, nothing has happened, except for the occaisional code change which will end up breaking my stuff. The biggest problem with parsing/understanding eBay html is that they really didn't care how it looked when it was generated since it's going to be rendered by a browser. It's quite a mess.
Seriously, I think Jell-o has a stronger backbone.
P.S. I have a girlfriend AND she and I agree about the poor diamond situation and that it's a bad idea. In fact she was the first to bring it to my attention, well before reading this article.
It's called, "Being a business in a capitalist world." If you want businesses to look out for Jon Q. Consumer's interests, to take care of his well-being, and to make sure he gets enough food each week, form a Socialist community. Until then, don't be surprised when you find out that every GM of the world is only concerned with how much money they can get from you.
they are stored in html, usually. the concept of 'webpage' is kind of grotty.
what happens if my girlfriend uses my computer and clicks-through?
'post' is sort of subjective too. there are plenty of webservers that run sites that were not meant for public consumption: they just happen to be accessible that way. if I put it on my personal umuc.edu account with no index file and someone access it without asking me I'm supposed to be liable. lame indeed.
Naturally, just with proper readjustments. It was short-lived though since I moved off campus the next semester. The funniest thing about the conversation with the Nethics guy was when he asked me if I knew what "this" was (as he pointed to a few lines of the email) and I read it "Zero-day wah-rez ftp site? Is that like webpages?"
A few years ago I was in the UMD dorms and after numerous violations of the network AUP I finally got a call one morning before going to class. It was Mr. So-and-so with the Nethics department. He told me there were some violations and asked if I knew what he was talking about. (Of course I did, what? was I just gonna confess? Idiot.) He then suggested that I come over to the computer and space sciences building for a 'chat.' Meanwhile at the CSC building I entered the Nethics office and was greeted by Mr. So-and-so, and he began his Gestapo interview of me. It came down to the fact that I had egregiously broke their rules, and I knew it, and he knew it, but he had no real proof (I firewalled almost everything, including all of the UMD space) with the exception of an email written by a barely literate teenager Narc'ing on me. Needless to say, I walked out unscathed. They are just a bunch of James Bond wanna-be jokers.
Ruh roh, looks like you offended an enlisted man in the Lucas army.
Re:Silly Bibles
on
Zope Bible
·
· Score: 0, Flamebait
Never found a bible worth reading anyway. Besides, "bible" normally implies wildly inaccurate stories crafted to percolate poor morals and bad information. Or at least, that seems to be the effect.
Careful on your nomenclature. I didn't know what RFP meant until I read your post. Actually I knew it meant Rain Forest Puppy, but he's just a security expert, not a Reqeust for Proposals. But RFC collides with the internet's RFC or Request for Comments. The biggest reference for that would be here.
Re:Mac OS has never been exploited over a network
on
Linux Kernel Bugs
·
· Score: 1
I fail to see how this is relevant, especially since we aren't speaking of a remote exploit for the Linux kernel. In fact, remote exploits for the kernel itself don't come by that often. It's more for the userland programs that people write and leave open for the world. I don't have any evidence/research on it but I wonder what the track record of userland programs that run under MacOS that listen on ports is.
More info on the matter.
on
Linux Kernel Bugs
·
· Score: 3, Informative
In case many of you don't subscribe to bugtraq, there was a follow-up posted to the original advisory. I have replicated it here for your convenience. It raises an important issue, suggesting that kernels up to 2.4.12 may be affected as well. I don't claim to know, just forwarding the facts. Note that, he is using a patched kernel which could introduce any number of flaws, but I'm willing to give him the benefit of the doubt.
Original Message:
From: Demitrious Kelly
To: bugtraq@securityfocus.com
Subject: RE: Flaws in recent Linux kernels
The description of the second problem is accurate, but I don't think the
assessment of the kernels which can or cannot be affected by this exploit
is... I'm using a newly compiled kernel Linux 2.4.12-grsec-1.8.3.
( Linux 2.4.12 with the Grsecurity Patch
http://www.grsecurity.net/features.htm )
#/* begin shell session */
[12:52:11][apokalyptik@home:~]:./epcs_ptrace_attach_exploit
bug exploited successfully.
enjoy!
sh-2.05$
#/* end shell session */
Flame if you will, but all these worms are going to only get worse since Microsoft will never fix the problem without making sure people have to pay a monthly subscription for their OS, and users are unaware that they have to patch their boxes.
Now, I hate Microsoft shtuff just as much as the next person and have found the answer is to use Linux, but Microsoft fixed these holes MONTHS ago. I am an avid reader of bugtraq and saw it come around way back. Then that patches were released. But NOBODY patched. And this is what they get. Some blame goes to Microsoft for outfitting their users with shit software, but they fixed it, so the majority of the blame goes to the stupid users IMO. Which makes it ok for the DSL provider to shut them down, yes. But lets make sure we know what we're talking about here before blasting others.
I have read about Conscientious Objectors and I do play by the rules of this country. I don't think I meant to imply that I'd be trying to escape entering a war through devious means. I am saying that if the positions are filled by all of the people who believe this war is a good idea, then I won't have to be bothered with it.
However, the fact that I am a law abiding citizen does not mean that I should give up my beliefs, simply because a government asks me to. My response to this: "Taking the harvest others planted obligates you to work the plow on occasion." is that I'd prefer to make this country better, and build upon what we have, not tear it down through strife.
who don't want ANY sort of war, much less a NEW kind of war. This issue has been bothering me for quite some time. My stance on war is diametric compared to that of our nation. I wholeheartedly believe that it is not the answer, but alas, I didn't vote for Bush. However, as I listen to NPR and speak to other people around the nation, I can feel that a majority of others are indeed for war.
Which brings me to my request. Before we start sending off thousands of our own ground troops into a death trap, will you, pro-war person, enlist before the powers feel it necessary to draft I, 21 anti-war year old?
Just a thought.
I do believe that if you can't say that you would go to the front lines and fight yourself, you should not be for a war. And by the way, don't take this as a shot at people who are not hypocrites who happen to want a war. In that respect, they are ok in my mind.
That's a valid concern I suppose, but nevertheless, the Electoral College is not the answer. What about electronic voting? With the proper setup, it could be secure and accurate. I'm sure there are other good options.
I believe RMS is referring to the fact that Bush did not win the popular vote. He only won because of the Electoral College, an aging system that was setup a long time ago, for reasons that don't seem too pertinent today. I don't think he means to refute the idea that Bush won the election. Instead he is trying to say that the majority of Americans did not in fact vote for Bush. Unfortunately, that is quite anti-democratic, but then, we don't live in a Democracy, but a Representative Democracy.
stop using stupid "secure software." Really now, do we need a Microsoft database full of your credit card and personal information? Passport is just another tool to help you be a good little consumer. How about you all say F that, and not be controlled by the big companies, whom you all blast whenever you can. My point being, don't use it, it goes away. It's unnecessary and dangerous. How many of you assemble a wallet and then hand it to some guy on the street who happens to be dressed in a pinstripe suit with a tie?
I feel the need to add my $0.02 while we're on the topic of distributions of Linux. I am a bit frustrated lately by the way people have been referring to Linux. A great deal of people seem to think that 'Red Hat Linux 7.1' is an operating system. (Not to pick on Red Hat, it applies to them all, but I hear Red Hat most often) They seem to refer to Linux as version 7.1. I would like to contend that the most recent stable version of Linux happens to be v2.4.3.
My colleagues and I agree that this misconception is very important. One reason I can cite is that you are giving credit to an organization that does not necessarily deserve credit for the Linux operating system. They certainly deserve credit for the packaging of Linux, and some apps and utilities that run under Linux, but not the kernel. I'd actually prefer that most of you who read this take it more as an informational rant, rather than any attack. There has been a surge of new Linux users who are very much newbies, which is great, but we need to make sure they understand the whole concept. A lot of these newbies are not the type of person who reads all the HOWTOs. I know this first hand as I have helped out tons of people install and secure a Linux box. That is most unfortunate but it doesn't mean they are excused from being ignorant.
Slashdot Mirror
...Brought to you by the letter 'K'.
I've been waiting for this for some time with eBay (I develop bidwatcher). They claim they don't want you to be able to use an 'automated tool' to access their site. So far, nothing has happened, except for the occaisional code change which will end up breaking my stuff. The biggest problem with parsing/understanding eBay html is that they really didn't care how it looked when it was generated since it's going to be rendered by a browser. It's quite a mess.
Way to stand up for your beliefs.
Seriously, I think Jell-o has a stronger backbone.
P.S. I have a girlfriend AND she and I agree about the poor diamond situation and that it's a bad idea. In fact she was the first to bring it to my attention, well before reading this article.
So was anyone kind enough to offer GOBBLES enough money to fly out and back?
Are they really from Baltimore? (/me is from just north of DC)
It's called, "Being a business in a capitalist world." If you want businesses to look out for Jon Q. Consumer's interests, to take care of his well-being, and to make sure he gets enough food each week, form a Socialist community. Until then, don't be surprised when you find out that every GM of the world is only concerned with how much money they can get from you.
they are stored in html, usually. the concept of 'webpage' is kind of grotty.
what happens if my girlfriend uses my computer and clicks-through?
'post' is sort of subjective too. there are plenty of webservers that run sites that were not meant for public consumption: they just happen to be accessible that way. if I put it on my personal umuc.edu account with no index file and someone access it without asking me I'm supposed to be liable. lame indeed.
So, are my bookmarks now illegal?
Naturally, just with proper readjustments. It was short-lived though since I moved off campus the next semester. The funniest thing about the conversation with the Nethics guy was when he asked me if I knew what "this" was (as he pointed to a few lines of the email) and I read it "Zero-day wah-rez ftp site? Is that like webpages?"
A few years ago I was in the UMD dorms and after numerous violations of the network AUP I finally got a call one morning before going to class. It was Mr. So-and-so with the Nethics department. He told me there were some violations and asked if I knew what he was talking about. (Of course I did, what? was I just gonna confess? Idiot.) He then suggested that I come over to the computer and space sciences building for a 'chat.' Meanwhile at the CSC building I entered the Nethics office and was greeted by Mr. So-and-so, and he began his Gestapo interview of me. It came down to the fact that I had egregiously broke their rules, and I knew it, and he knew it, but he had no real proof (I firewalled almost everything, including all of the UMD space) with the exception of an email written by a barely literate teenager Narc'ing on me. Needless to say, I walked out unscathed. They are just a bunch of James Bond wanna-be jokers.
Ruh roh, looks like you offended an enlisted man in the Lucas army.
Never found a bible worth reading anyway. Besides, "bible" normally implies wildly inaccurate stories crafted to percolate poor morals and bad information. Or at least, that seems to be the effect.
I guess it's a good thing we got those nasty CAFE standards out of the way too. I really hate drinking clean water and breathing clean air.
Careful on your nomenclature. I didn't know what RFP meant until I read your post. Actually I knew it meant Rain Forest Puppy, but he's just a security expert, not a Reqeust for Proposals. But RFC collides with the internet's RFC or Request for Comments. The biggest reference for that would be here.
I fail to see how this is relevant, especially since we aren't speaking of a remote exploit for the Linux kernel. In fact, remote exploits for the kernel itself don't come by that often. It's more for the userland programs that people write and leave open for the world. I don't have any evidence/research on it but I wonder what the track record of userland programs that run under MacOS that listen on ports is.
In case many of you don't subscribe to bugtraq, there was a follow-up posted to the original advisory. I have replicated it here for your convenience. It raises an important issue, suggesting that kernels up to 2.4.12 may be affected as well. I don't claim to know, just forwarding the facts. Note that, he is using a patched kernel which could introduce any number of flaws, but I'm willing to give him the benefit of the doubt.
/* begin shell session */
./epcs_ptrace_attach_exploit
/* end shell session */
Original Message:
From: Demitrious Kelly
To: bugtraq@securityfocus.com
Subject: RE: Flaws in recent Linux kernels
The description of the second problem is accurate, but I don't think the
assessment of the kernels which can or cannot be affected by this exploit
is... I'm using a newly compiled kernel Linux 2.4.12-grsec-1.8.3.
( Linux 2.4.12 with the Grsecurity Patch
http://www.grsecurity.net/features.htm )
#
[12:52:11][apokalyptik@home:~]:
bug exploited successfully.
enjoy!
sh-2.05$
#
Flame if you will, but all these worms are going to only get worse since Microsoft will never fix the problem without making sure people have to pay a monthly subscription for their OS, and users are unaware that they have to patch their boxes.
Now, I hate Microsoft shtuff just as much as the next person and have found the answer is to use Linux, but Microsoft fixed these holes MONTHS ago. I am an avid reader of bugtraq and saw it come around way back. Then that patches were released. But NOBODY patched. And this is what they get. Some blame goes to Microsoft for outfitting their users with shit software, but they fixed it, so the majority of the blame goes to the stupid users IMO. Which makes it ok for the DSL provider to shut them down, yes. But lets make sure we know what we're talking about here before blasting others.
I have read about Conscientious Objectors and I do play by the rules of this country. I don't think I meant to imply that I'd be trying to escape entering a war through devious means. I am saying that if the positions are filled by all of the people who believe this war is a good idea, then I won't have to be bothered with it.
However, the fact that I am a law abiding citizen does not mean that I should give up my beliefs, simply because a government asks me to. My response to this: "Taking the harvest others planted obligates you to work the plow on occasion." is that I'd prefer to make this country better, and build upon what we have, not tear it down through strife.
who don't want ANY sort of war, much less a NEW kind of war. This issue has been bothering me for quite some time. My stance on war is diametric compared to that of our nation. I wholeheartedly believe that it is not the answer, but alas, I didn't vote for Bush. However, as I listen to NPR and speak to other people around the nation, I can feel that a majority of others are indeed for war.
Which brings me to my request. Before we start sending off thousands of our own ground troops into a death trap, will you, pro-war person, enlist before the powers feel it necessary to draft I, 21 anti-war year old?
Just a thought.
I do believe that if you can't say that you would go to the front lines and fight yourself, you should not be for a war. And by the way, don't take this as a shot at people who are not hypocrites who happen to want a war. In that respect, they are ok in my mind.
That's a valid concern I suppose, but nevertheless, the Electoral College is not the answer. What about electronic voting? With the proper setup, it could be secure and accurate. I'm sure there are other good options.
I believe RMS is referring to the fact that Bush did not win the popular vote. He only won because of the Electoral College, an aging system that was setup a long time ago, for reasons that don't seem too pertinent today. I don't think he means to refute the idea that Bush won the election. Instead he is trying to say that the majority of Americans did not in fact vote for Bush. Unfortunately, that is quite anti-democratic, but then, we don't live in a Democracy, but a Representative Democracy.
stop using stupid "secure software." Really now, do we need a Microsoft database full of your credit card and personal information? Passport is just another tool to help you be a good little consumer. How about you all say F that, and not be controlled by the big companies, whom you all blast whenever you can.
My point being, don't use it, it goes away. It's unnecessary and dangerous. How many of you assemble a wallet and then hand it to some guy on the street who happens to be dressed in a pinstripe suit with a tie?
I feel the need to add my $0.02 while we're on the topic of distributions of Linux. I am a bit frustrated lately by the way people have been referring to Linux. A great deal of people seem to think that 'Red Hat Linux 7.1' is an operating system. (Not to pick on Red Hat, it applies to them all, but I hear Red Hat most often) They seem to refer to Linux as version 7.1. I would like to contend that the most recent stable version of Linux happens to be v2.4.3. My colleagues and I agree that this misconception is very important. One reason I can cite is that you are giving credit to an organization that does not necessarily deserve credit for the Linux operating system. They certainly deserve credit for the packaging of Linux, and some apps and utilities that run under Linux, but not the kernel. I'd actually prefer that most of you who read this take it more as an informational rant, rather than any attack. There has been a surge of new Linux users who are very much newbies, which is great, but we need to make sure they understand the whole concept. A lot of these newbies are not the type of person who reads all the HOWTOs. I know this first hand as I have helped out tons of people install and secure a Linux box. That is most unfortunate but it doesn't mean they are excused from being ignorant.