What is the point of the first link to shr1k.blogspot.com? It seems completely irrelevant to this article. I searched the blog back to September 2008 and only found three references to Facebook, none have to do with Facebook being ordered to do anything.
Is it just me, or are 80% of the faces in the "people you may know" feature on Facebook, people that I do know, but I deliberately choose not to be friends with?
Whenever I'm Facebook stalking someone and I find out that their profile is public I feel like a kid on Christmas morning who just got the Red Ryder BB gun that I always wanted. 546 pictures? Don't mind if I do!
Snippets of work. Email, Facebook, Twitter. Sporadic bursts of exercise. Passing off pretty much anything edible as food (glorious food!)
How long until Facebook simply removes any item with a @@ in it? Or builds in a regex to strip any non-alpha numeric characters from info boxes or posts? Or strips any erroneous or "spam" looking stuff from their site?
I agree with everyone else. If you don't want Facebook knowing all your dirty little secrets don't post your dirty laundry online.
Once its online it will NEVER go away... Google Cache, The Wayback Machine and other caching services will leave a digital trail of your stink for ever. Long after that nasty rash goes away.
I know some people will be pissed by me saying this, but seriously. If you are a Windows user there is a good chance that 9 out of 10 programs you have installed are communicating back anyway "reporting" your IP address and other pieces of information.
-Windows Update -MSN Messenger(Or whatever they changed the name too this week) -Any other messenger -Your virus scanner -Any adobe product -Any product with an automatic update feature
People need to lay off Microsoft for this "Spying" crap. As long as they aren't copying personal files, logging key strokes or taking screen captures who cares. All your other software is doing the exact same thing.
If you don't want third party companies knowing the potential where abouts of your computer, don't go online with it.
1) Leave all my music on my server(I have a bigger music collection then my phone holds) 2) Create an MP3 stream using an open source streaming server 3) Install a streaming app on my iPhone 4) Control my music selection using the web browser on the phone. 4) Enjoy the tunes!
Of course, my phone is jail broken so I can quite easily bounce between my streaming app and Safari without the music app closing.
Most likely because they never anticipating anyone being bored enough to reverse engineer something as simple as a keyboard to hack it. Its like reverse engineering your old school ball mouse.
I agree...
My first language was Q-BASIC, then javascript, PERL, then *shudder*Java*shudder* and finally PHP
Having a grasp of OO concepts makes it easier to learn other OO languages. Depending on what your trying to program your options are different(Desktop app, vs web app)
My recommendation as a first language would be PHP. The nice thing about scripted languages is no compile time! So you can write your code and test it instantly. PHP also provides nice error handling to help you debug.
That does make sense and I agree. Apache doesn't run as root, it runs as nobody. But the person uploaded a php executable which broke out of the nobody and went gallivanting around the server. From there, it messed with my cPanel, renaming all index and php files And then it did indeed root the server, certain programs started acting strange, random processes would start, my w and who commands were coming back blank, etc...
I learned early on from my windows days that once a server is compromised the best thing you can do is move on, wipe the system and start over.
I run a linux server that has FTP services on it.I did have an issue a while back where someone's ftp account got cracked, someone uploaded a malicious root kit, then executed it through the web and... BLAMO! I was compromised. Every.html and.php file on the server was over written. I didn't feel like cleaning it up, so I just loaded the back ups on the a clean server and took the compromised one out of production.
But I did make one change on the new server... I upped the security substantially. One of the changes involved enforcing SFTP and discontinuing my FTP services.
For me, all it took was one serious compromise to wake me up. I'm sure for a lot of other people it will be the same.
The Telco I work for does it the smart way. Your default pin # is the last 6 digits of your account number. So assuming you have an account with us, and a bill you know your pin. The system WILL NOT under any circumstances allow you to use your default pin for anything other then initial login. The first login forces you to change your pin to something else before you are allowed to listen to your messages.
The other problem becomes the user setting the pin to the # on the front of their house, birthdays or part of their phone number. *grumbles*dumbusersneedtodie*grumble*
Last time I checked the air france black box recorder hasn't been located let alone pulled out of the ocean. Without having the black box how can the NTSB be making speculations as to the cause of the downed flight? Others are speculating things like the Rudder had problems, Turbulence, this computer bug.
Until they know what the actual cause is they should avoid speculation because it does absolutely nothing other then fill media headlines with non-sense.
Step 1: Install Virtual PC, or other VM Software Step 2: Install the Mandatory Software INSIDE the VM Step 3: Leave the VM running in the background and never touch it
Was my answer to 90% of the questions I got from my ID10T users.
The typical response was no... So I would tell them rebooting fixes most things, especially if you run windows and haven't turned off your computer in 2 months.
Eventually I put a sign on my the outside of my cubical that simply said "DID YOU REBOOT YET?" Solved alot of problems.
I am one of those unlucky northern winter guys, a typical winter we get about 4ft of snow.
Its kind of nice, our roof supports are usually 2x6's or larger
I wonder if he calculated the amount of green house gas and other pollution would be created by manufacturing all this new paint.
If they were you make roofing tiles and shingles white, what would the pollution cost from people throwing out their old roofs to bring in new white ones? Same with roads.
My favorite roof solution, and something I plan on working on this summer or next summer is to turn my garage roof in to a natural garden by placing a protective tar paper over the shingles, a couple of inches of dirt and then grass or moss seeds. I'll let nature reclaim my man-made structure. Inch for inch, it would be just like grass growing on the ground, except not.
I've gotten used to the ribbon by force, but Im still not the biggest fan. I find the location of alot of commands to be counter intuitive. For example, no Page Setup in the print option from the Office Orb item. Office 2007 introduced alot of good features such as saving as a PDF but I wish they would give users the option of collapsing the ribbon back in to proper menu's for consistency with every other app not made by Microsoft.
Its great they are trying something different but seem to have little buy in from software vendors, otherwise all apps would be ribbons instead of menus
As evil as it sounds for a big evil organization to partner with another, Google's spam filtering technology on gmail is pretty damn impressive,. I get about 2000 spam messages in 30 days on one of my multiple gmail accounts. I rarely have a false positive or false negative.
I'm sure Google's mail filter is just an over glorified Bayesian filter, but with over 100 Million users contributing to the "This message is spam" list to help build the filter you couldn't go wrong. Hell, if Google gave me the option of running all my personal mail servers messages through their spam filter before it hits my mailbox I'd pay for it.
So why not coding? If I build a house and do a bad job and someone gets hurt I am liable If I run electrical wire and don't shield the bare wire properly and someone gets zapped, I am liable If you bring your car to rotate the tires and I dont tighten them and they fall off, I am liable If I am your doctor and perscribe you the wrong meds and you get sick/hurt/die I am liable
So why would programmers be any different? If your code causes harm to others by neglect on your part you should be held liable
If a bottle of whiskey is supposedly worth $20,000, assuming its a 26oz bottle and they take even 1oz out for burning that drops the value almost a grand. Seems like an expensive waste to me.
Thats because the majority of Internet Providers restrict their users from sending email from relaying off network to their network. These same providers refuse to enable authenticated SMTP to fix the problem of open relays.
Luckily my cell phone provider, Rogers, in Canada has a mobile SMTP server accessable from the cellular network only specifically for the purpose of relaying SMTP from mail accounts configured on smart phones.
And if you take in to account the lame typing abilities of today's Internet generation you could probably squeeze that under 100 Characters as all you need...
I mean, "Hi wat u up 2?" or "Did u wanna come ovr 4 a movie 2night?"
160 Characters is overkill in my opinion:-)
Mind you, my iPhone has no 160 character limit, I'm sure other smart phones just piece together the rapid recieving of messages in to one while the "dumb" phones display them in 160 character chunks.
I can see some actual value from this. For low powered netbooks this wont be much of a concern since most net books are used for... wait for it... the internet!. Which would be your Internet Explorer(God Forbid), your Mail and your messenger. This will help users to utilize their system resources properly without biatching to tech support that their computer is slow because they have 1Gb ram, and a 5Gb page file because they never close anything.
Where I can see the problem, and Microsoft will screw their own products royally because most applications aren't just one application. For example, Your Outlook while setup to use Word as its mail client launches two apps, Word and Outlook. If you pull up your address book this is a third app, now your stuck... Another example is Internet Explorer while browsing one tab that has a PDF and another that has Flash, or a WMV/Quicktime plug-in. These could easily be considered seperate apps if the app counter doesn't take in to account processes launched from other processes.
This will do two things that I can see, break apps that don't use proper threading and parent/child processes where by each app launched from another app is considered to be part of the first app, or force programmers to change the way they program.
I was having similar brute force attacks. I've made some alterations to protect my server from brute force SSH attempts.
1) Moved SSH to another random port 2) Bound the SSHD to an IP address that is not used for Web/Mail/FTP, etc.. So the IP should generally see less traffic 3) Disable Password Authentication, Users who are given SSH access must use a password protected key file 4) Disabled Root SSH Login 5) Setup the system that 3 failed logins add the entire IP Subnet(X.X.X.0-X.X.X.255) for 15 minutes, 5 failed attempts 1 week, anything else is a never ending ban. (iptables and hosts.deny, just in case)
Slashdot Mirror
Looks like someone did the opposite of what you said
How long until Facebook simply removes any item with a @@ in it? Or builds in a regex to strip any non-alpha numeric characters from info boxes or posts? Or strips any erroneous or "spam" looking stuff from their site?
I agree with everyone else. If you don't want Facebook knowing all your dirty little secrets don't post your dirty laundry online. Once its online it will NEVER go away... Google Cache, The Wayback Machine and other caching services will leave a digital trail of your stink for ever. Long after that nasty rash goes away.
I know some people will be pissed by me saying this, but seriously. If you are a Windows user there is a good chance that 9 out of 10 programs you have installed are communicating back anyway "reporting" your IP address and other pieces of information.
-Windows Update
-MSN Messenger(Or whatever they changed the name too this week)
-Any other messenger
-Your virus scanner
-Any adobe product
-Any product with an automatic update feature
People need to lay off Microsoft for this "Spying" crap. As long as they aren't copying personal files, logging key strokes or taking screen captures who cares. All your other software is doing the exact same thing.
If you don't want third party companies knowing the potential where abouts of your computer, don't go online with it.
I'm an iPhone user. My Music solution was simple
1) Leave all my music on my server(I have a bigger music collection then my phone holds)
2) Create an MP3 stream using an open source streaming server
3) Install a streaming app on my iPhone
4) Control my music selection using the web browser on the phone.
4) Enjoy the tunes!
Of course, my phone is jail broken so I can quite easily bounce between my streaming app and Safari without the music app closing.
I think this code would be more entertaining if there was a "OMG WTF just happened" with a little ASCII Skull and Cross bones in the comments..
Just saying :-)
Most likely because they never anticipating anyone being bored enough to reverse engineer something as simple as a keyboard to hack it. Its like reverse engineering your old school ball mouse.
Some people just have alot of time on their hands
I agree...
My first language was Q-BASIC, then javascript, PERL, then *shudder*Java*shudder* and finally PHP
Having a grasp of OO concepts makes it easier to learn other OO languages. Depending on what your trying to program your options are different(Desktop app, vs web app)
My recommendation as a first language would be PHP. The nice thing about scripted languages is no compile time! So you can write your code and test it instantly. PHP also provides nice error handling to help you debug.
That does make sense and I agree. Apache doesn't run as root, it runs as nobody. But the person uploaded a php executable which broke out of the nobody and went gallivanting around the server. From there, it messed with my cPanel, renaming all index and php files
And then it did indeed root the server, certain programs started acting strange, random processes would start, my w and who commands were coming back blank, etc...
I learned early on from my windows days that once a server is compromised the best thing you can do is move on, wipe the system and start over.
I run a linux server that has FTP services on it.I did have an issue a while back where someone's ftp account got cracked, someone uploaded a malicious root kit, then executed it through the web and... BLAMO! I was compromised. Every .html and .php file on the server was over written. I didn't feel like cleaning it up, so I just loaded the back ups on the a clean server and took the compromised one out of production.
But I did make one change on the new server... I upped the security substantially. One of the changes involved enforcing SFTP and discontinuing my FTP services.
For me, all it took was one serious compromise to wake me up. I'm sure for a lot of other people it will be the same.
The Telco I work for does it the smart way. Your default pin # is the last 6 digits of your account number. So assuming you have an account with us, and a bill you know your pin. The system WILL NOT under any circumstances allow you to use your default pin for anything other then initial login.
The first login forces you to change your pin to something else before you are allowed to listen to your messages.
The other problem becomes the user setting the pin to the # on the front of their house, birthdays or part of their phone number.
*grumbles*dumbusersneedtodie*grumble*
Last time I checked the air france black box recorder hasn't been located let alone pulled out of the ocean. Without having the black box how can the NTSB be making speculations as to the cause of the downed flight? Others are speculating things like the Rudder had problems, Turbulence, this computer bug.
Until they know what the actual cause is they should avoid speculation because it does absolutely nothing other then fill media headlines with non-sense.
Step 1: Install Virtual PC, or other VM Software
Step 2: Install the Mandatory Software INSIDE the VM
Step 3: Leave the VM running in the background and never touch it
Was my answer to 90% of the questions I got from my ID10T users.
The typical response was no... So I would tell them rebooting fixes most things, especially if you run windows and haven't turned off your computer in 2 months.
Eventually I put a sign on my the outside of my cubical that simply said "DID YOU REBOOT YET?" Solved alot of problems.
I am one of those unlucky northern winter guys, a typical winter we get about 4ft of snow. Its kind of nice, our roof supports are usually 2x6's or larger
I wonder if he calculated the amount of green house gas and other pollution would be created by manufacturing all this new paint. If they were you make roofing tiles and shingles white, what would the pollution cost from people throwing out their old roofs to bring in new white ones? Same with roads. My favorite roof solution, and something I plan on working on this summer or next summer is to turn my garage roof in to a natural garden by placing a protective tar paper over the shingles, a couple of inches of dirt and then grass or moss seeds. I'll let nature reclaim my man-made structure. Inch for inch, it would be just like grass growing on the ground, except not.
I've gotten used to the ribbon by force, but Im still not the biggest fan. I find the location of alot of commands to be counter intuitive. For example, no Page Setup in the print option from the Office Orb item. Office 2007 introduced alot of good features such as saving as a PDF but I wish they would give users the option of collapsing the ribbon back in to proper menu's for consistency with every other app not made by Microsoft. Its great they are trying something different but seem to have little buy in from software vendors, otherwise all apps would be ribbons instead of menus
As evil as it sounds for a big evil organization to partner with another, Google's spam filtering technology on gmail is pretty damn impressive,. I get about 2000 spam messages in 30 days on one of my multiple gmail accounts. I rarely have a false positive or false negative. I'm sure Google's mail filter is just an over glorified Bayesian filter, but with over 100 Million users contributing to the "This message is spam" list to help build the filter you couldn't go wrong. Hell, if Google gave me the option of running all my personal mail servers messages through their spam filter before it hits my mailbox I'd pay for it.
Google is just giving us an easier way to find pr0n on the tubes.
Is setting my "safe search" to off and will see you in the morning.
So why not coding?
If I build a house and do a bad job and someone gets hurt I am liable
If I run electrical wire and don't shield the bare wire properly and someone gets zapped, I am liable
If you bring your car to rotate the tires and I dont tighten them and they fall off, I am liable
If I am your doctor and perscribe you the wrong meds and you get sick/hurt/die I am liable
So why would programmers be any different? If your code causes harm to others by neglect on your part you should be held liable
If a bottle of whiskey is supposedly worth $20,000, assuming its a 26oz bottle and they take even 1oz out for burning that drops the value almost a grand.
Seems like an expensive waste to me.
Thats because the majority of Internet Providers restrict their users from sending email from relaying off network to their network. These same providers refuse to enable authenticated SMTP to fix the problem of open relays.
Luckily my cell phone provider, Rogers, in Canada has a mobile SMTP server accessable from the cellular network only specifically for the purpose of relaying SMTP from mail accounts configured on smart phones.
And if you take in to account the lame typing abilities of today's Internet generation you could probably squeeze that under 100 Characters as all you need... I mean, "Hi wat u up 2?" or "Did u wanna come ovr 4 a movie 2night?" 160 Characters is overkill in my opinion :-)
Mind you, my iPhone has no 160 character limit, I'm sure other smart phones just piece together the rapid recieving of messages in to one while the "dumb" phones display them in 160 character chunks.
I can see some actual value from this. For low powered netbooks this wont be much of a concern since most net books are used for... wait for it... the internet!. Which would be your Internet Explorer(God Forbid), your Mail and your messenger. This will help users to utilize their system resources properly without biatching to tech support that their computer is slow because they have 1Gb ram, and a 5Gb page file because they never close anything.
Where I can see the problem, and Microsoft will screw their own products royally because most applications aren't just one application. For example, Your Outlook while setup to use Word as its mail client launches two apps, Word and Outlook. If you pull up your address book this is a third app, now your stuck... Another example is Internet Explorer while browsing one tab that has a PDF and another that has Flash, or a WMV/Quicktime plug-in. These could easily be considered seperate apps if the app counter doesn't take in to account processes launched from other processes.
This will do two things that I can see, break apps that don't use proper threading and parent/child processes where by each app launched from another app is considered to be part of the first app, or force programmers to change the way they program.
Should be interesting none-the-less
I was having similar brute force attacks.
I've made some alterations to protect my server from brute force SSH attempts.
1) Moved SSH to another random port
2) Bound the SSHD to an IP address that is not used for Web/Mail/FTP, etc.. So the IP should generally see less traffic
3) Disable Password Authentication, Users who are given SSH access must use a password protected key file
4) Disabled Root SSH Login
5) Setup the system that 3 failed logins add the entire IP Subnet(X.X.X.0-X.X.X.255) for 15 minutes, 5 failed attempts 1 week, anything else is a never ending ban. (iptables and hosts.deny, just in case)