Centralized file server holds the documents/whatever folders, the mappings to said centralized file server are restored via login script... so what exactly am I missing here? What's the benefit of bringing down your eloquently customized desktop "if all you need to do is send a quick email"? Curse you Windows for having a homogenous, more or less user-friendly interface!
When was SomethingAwful funny?
on
Seanbaby.com
·
· Score: 1
I seem to have missed out. Tired rehashings of characters that couldn't quite make the cut for some D-grade Saturday Night Live timekiller closing skits aren't my idea of "a level of hilarity that has never been rivaled in this universe", unless from your frame of reference, crib death and cancer are on par with Richard Pryor, in which case point well made.
"Miguel" IS Seanbaby, dullard.
on
Seanbaby.com
·
· Score: 1
Shh. Don't tell anyone.
Fuck Seanbaby. K. Thor is where it's at.
on
Seanbaby.com
·
· Score: 1
A Short and Happy Life kills all the tired rehashings of URR HOSTESS CAKES KICK YOUR DICK IN that Seanbaby blabbers out. You've seen one Seanbaby section, you've seen it all; KTJ is the multimedia megamack for the new millenium. Dammit.
Slashdot's been around since 1970, right?
Maybe they'll consider porting to a compiled language someday. Until then, I look forward to Slashdot's unavailability on its lunch hour, as well as geeks giving one another the knowing virtual smirk and smarmy high-fives when their traffic brings down another server.
I suppose you've never heard of "roaming profiles"? Add in shared folders in your login profile and you're there and have been since NT 3.51.
Your point again?
I mean, it's nice and all that they've got a page explaining that they had someone else build their site, but why? Is it too complex an application? Are open source databases not robust enough? What's up with that?
And last I'd heard, jobs.osdn.com was sporting a slew of long-since-patched vulnerabilities as well as an open SQL*Server port on it; for a website that likes to preach about security and knowing who's working for you to make sure they do things right and all that jazz, they sure don't keep their own house in order.
...I can weld wings onto my car. Does it mean I'm now the proud owner of a flying car?
Oh. You mean I should have engineered this sort of thing from the start rather than grafting it on as an afterthought? Get the funk out!
AT&T in southern NH is still blocking.. so what?
on
Broadband Crackdown
·
· Score: 1
You know what? It doesn't bother me one bit, either. I run IIS and have my box all patched up with the latest and greatest; I also know how to relocate the port my server's bound to.
Who is this really affecting? Users who don't know enough about their machines to keep them patched much less change their port's binding. Boo hoo for them, but I don't need their incompetence throwing any wrenches in the network's gears.
I agree that it'd be better for AT&T to get in touch with every user who's been infected and warn them that they need to clean and patch their machine (better yet, reformat and reinstall) or be booted off the network as they present a clear and present danger to the other users, but blocking port 80 is a good start.
Not sure whether it's a good thing or not, but you can run any server on any of the "well known" ports (think 1024) as opposed to having to find a high port. Which can be a handy thing if, for example, you're behind a firewall that has FTP open and you need to run a web server on port 21...
I'm not sure which you're talking about. Blackholing port 80 isn't a bad idea short-term, but running with the assumption that sooner or later, it'll be opened back up, while insane amounts of traffic may not come with it, there's still a small matter of rooted boxes out there that people haven't fixed, which present a big problem: their ISPs should block traffic to their webserver based on the rooting and send them an e-mail indicating as such.
Why's a "good worm" a bad idea? Something about it being untested, something about it whoring up bandwidth on its own, something about it being as much of an unknown quantity as the worm it purports to fix, you know. Like that.
And for one simple reason: while it looks like the Code Red XXX variant, the fact of the matter is that you don't conclusively know that it is and even if you do, we're not dealing with a clinical lab dissection here. It's in the wild, it's already been backdoored, and someone else may have already loaded SubSeven or something of the sort on and been smart enough about it to cover their tracks, so you're left with your hands in the cookie jar and some explaining to do to some common sense-challenged lawyers.
The Code Red worm is a known quantity. If people see files indicating they've been hit, hopefully they'll be smart enough to pull the plug and reformat/reinstall their system. Past that, there's not much you can do: pulling traces of the worm off the machine might actually be helping someone who came in between the time the machine got rooted and you fixed it as no traces of the worm means they can go back to their ignorant bliss.
Leave it and report it to their ISP's help desk. It's unfortunately the best thing you can do.
It sounds like you just described a web page to me.
Also, it's high time that PDFs came with their own e-mail client so I don't have to go through the pesky details of saving and attaching and that horrible rigamarole. And a web browser so I can go fact-check or check m-w.com before I'm done.
I demand these features in PDF. Just because no one needs them and other applications already do them doesn't mean they shouldn't put them in... right?
I could've sworn I saw something on the W3C about SOAP?
I don't see what's so bad about judiciously applied XML. If you'd like to piddlefart around with obscure offsets and byte counts in binary transfers, knock yourself out. XML doesn't bloat transmissions up that much (argue about node overhead, then remember filler columns) and every machine in existence speaks text.
Of course it's not all things for all people, but in the right place at the right time, it's just fine.
...feature creep. What does anyone need Javascript or anything "dynamic" in a PDF for, anyhow?
When people start applying the KISS principle judiciously, things will get a whole lot safer.
I'm on AT&T Mediaone...
on
Code Redux
·
· Score: 1
And I can vouch for port 80 being blackholed. Around 2:30 last night was the last scan for default.ida on my machine. I've of course since sent the list of chatty boxes to the helpdesk here, but my webserver's still blackholed as is, I imagine, every other one on here. 5 scans a minute is quite enough.
That said, I haven't gotten so much as a bulk e-mail explaining their actions; it doesn't bother me except that there are inevitably going to be infected users _still_ in the dark about it when the blackhole's lifted.
So if they're patenting this, does this mean that people either pay or risk the Wrath of Redmond for violating the DMCA by not paying?
Wow. Who'd have guessed that it'd be game, set, match already?
600 if you're running a Chinese NT installation; not that you're not being a good Samaritan, but best case, you're tying up 1/300th of what it's trying to do for a while. Extrapolate this to a few hundred "chatty" Code Red boxes sending off a few hundred threads apiece (if you're on a broadband line, this is not so outlandish) and you're looking at potentially DoSing yourself.
Holy crap. It's affecting *nixes now?
Come on. Your average NT admin won't bother looking at the webserver logs, much less the event logs: the fact that their web servers are completely owned by the worm yet they're not doing anything is proof enough of this. Maybe a post to the _desktop_ would get through, but not likely. Log the IP and the attack and contact their ISP.
That's all I've been doing. Anything more and you can look forward to explaining to a bunch of lawyers why your eally weren't a Bad Guy.
Never forget that lawyers and plaintiffs have neither a sense of common decency nor common sense.
But it requires admin/power user privs and the rootshells spawned run under webserver user privs, which is to say you can call it but it won't do much.
Word on the street has it that the first Code Red worm contained a buffer overflow of its own: querying a default.ida with an overflow string of 64K of garbage would crash it out. Doubt the newer varieties have the same problem, but then again, k1dd10t5 aren't known for their innovative coding style...
...is the same reason that AOL dominates the ISP market: people by and large have crowd mentality about what they don't understand and they want what everyone else has, and everyone else has MP3s. MP3 is cheap and easy and a known quantity; it's the McDonald's of audio.
Convenience over quality: it doesn't get much simpler than that.
... that (paraphrasing here) "the only place for a just man in an unjust society is in jail."
Civil disobedience has a long, long history. There have been some major figures practicing it throughout history, but I don't think it's any one human's "creation".
Slashdot Mirror
And when the fuck do I get new fishfiction? As in: the Flash extravaganza you've been teasing at in-between bouts with sobriety.
Centralized file server holds the documents/whatever folders, the mappings to said centralized file server are restored via login script... so what exactly am I missing here? What's the benefit of bringing down your eloquently customized desktop "if all you need to do is send a quick email"? Curse you Windows for having a homogenous, more or less user-friendly interface!
I seem to have missed out. Tired rehashings of characters that couldn't quite make the cut for some D-grade Saturday Night Live timekiller closing skits aren't my idea of "a level of hilarity that has never been rivaled in this universe", unless from your frame of reference, crib death and cancer are on par with Richard Pryor, in which case point well made.
Shh. Don't tell anyone.
A Short and Happy Life kills all the tired rehashings of URR HOSTESS CAKES KICK YOUR DICK IN that Seanbaby blabbers out. You've seen one Seanbaby section, you've seen it all; KTJ is the multimedia megamack for the new millenium. Dammit.
Slashdot's been around since 1970, right?
Maybe they'll consider porting to a compiled language someday. Until then, I look forward to Slashdot's unavailability on its lunch hour, as well as geeks giving one another the knowing virtual smirk and smarmy high-fives when their traffic brings down another server.
I suppose you've never heard of "roaming profiles"? Add in shared folders in your login profile and you're there and have been since NT 3.51.
Your point again?
I mean, it's nice and all that they've got a page explaining that they had someone else build their site, but why? Is it too complex an application? Are open source databases not robust enough? What's up with that?
And last I'd heard, jobs.osdn.com was sporting a slew of long-since-patched vulnerabilities as well as an open SQL*Server port on it; for a website that likes to preach about security and knowing who's working for you to make sure they do things right and all that jazz, they sure don't keep their own house in order.
At the same time MS was switching Hotmail to run Linux, OSDN was switching their jobs site to run IIS. Nutty!
...I can weld wings onto my car. Does it mean I'm now the proud owner of a flying car?
Oh. You mean I should have engineered this sort of thing from the start rather than grafting it on as an afterthought? Get the funk out!
You know what? It doesn't bother me one bit, either. I run IIS and have my box all patched up with the latest and greatest; I also know how to relocate the port my server's bound to.
Who is this really affecting? Users who don't know enough about their machines to keep them patched much less change their port's binding. Boo hoo for them, but I don't need their incompetence throwing any wrenches in the network's gears.
I agree that it'd be better for AT&T to get in touch with every user who's been infected and warn them that they need to clean and patch their machine (better yet, reformat and reinstall) or be booted off the network as they present a clear and present danger to the other users, but blocking port 80 is a good start.
Not sure whether it's a good thing or not, but you can run any server on any of the "well known" ports (think 1024) as opposed to having to find a high port. Which can be a handy thing if, for example, you're behind a firewall that has FTP open and you need to run a web server on port 21...
I'm not sure which you're talking about. Blackholing port 80 isn't a bad idea short-term, but running with the assumption that sooner or later, it'll be opened back up, while insane amounts of traffic may not come with it, there's still a small matter of rooted boxes out there that people haven't fixed, which present a big problem: their ISPs should block traffic to their webserver based on the rooting and send them an e-mail indicating as such.
Why's a "good worm" a bad idea? Something about it being untested, something about it whoring up bandwidth on its own, something about it being as much of an unknown quantity as the worm it purports to fix, you know. Like that.
@Home/Mediaone has blackholed all incoming traffic on port 80. Go figure.
It's still a bad idea in so many ways, but that'd just be a redundant rant.
And for one simple reason: while it looks like the Code Red XXX variant, the fact of the matter is that you don't conclusively know that it is and even if you do, we're not dealing with a clinical lab dissection here. It's in the wild, it's already been backdoored, and someone else may have already loaded SubSeven or something of the sort on and been smart enough about it to cover their tracks, so you're left with your hands in the cookie jar and some explaining to do to some common sense-challenged lawyers.
The Code Red worm is a known quantity. If people see files indicating they've been hit, hopefully they'll be smart enough to pull the plug and reformat/reinstall their system. Past that, there's not much you can do: pulling traces of the worm off the machine might actually be helping someone who came in between the time the machine got rooted and you fixed it as no traces of the worm means they can go back to their ignorant bliss.
Leave it and report it to their ISP's help desk. It's unfortunately the best thing you can do.
It sounds like you just described a web page to me.
Also, it's high time that PDFs came with their own e-mail client so I don't have to go through the pesky details of saving and attaching and that horrible rigamarole. And a web browser so I can go fact-check or check m-w.com before I'm done.
I demand these features in PDF. Just because no one needs them and other applications already do them doesn't mean they shouldn't put them in... right?
I could've sworn I saw something on the W3C about SOAP?
I don't see what's so bad about judiciously applied XML. If you'd like to piddlefart around with obscure offsets and byte counts in binary transfers, knock yourself out. XML doesn't bloat transmissions up that much (argue about node overhead, then remember filler columns) and every machine in existence speaks text.
Of course it's not all things for all people, but in the right place at the right time, it's just fine.
...feature creep. What does anyone need Javascript or anything "dynamic" in a PDF for, anyhow?
When people start applying the KISS principle judiciously, things will get a whole lot safer.
And I can vouch for port 80 being blackholed. Around 2:30 last night was the last scan for default.ida on my machine. I've of course since sent the list of chatty boxes to the helpdesk here, but my webserver's still blackholed as is, I imagine, every other one on here. 5 scans a minute is quite enough.
That said, I haven't gotten so much as a bulk e-mail explaining their actions; it doesn't bother me except that there are inevitably going to be infected users _still_ in the dark about it when the blackhole's lifted.
So if they're patenting this, does this mean that people either pay or risk the Wrath of Redmond for violating the DMCA by not paying?
Wow. Who'd have guessed that it'd be game, set, match already?
600 if you're running a Chinese NT installation; not that you're not being a good Samaritan, but best case, you're tying up 1/300th of what it's trying to do for a while. Extrapolate this to a few hundred "chatty" Code Red boxes sending off a few hundred threads apiece (if you're on a broadband line, this is not so outlandish) and you're looking at potentially DoSing yourself.
> post a message to /var/log/messages
Holy crap. It's affecting *nixes now?
Come on. Your average NT admin won't bother looking at the webserver logs, much less the event logs: the fact that their web servers are completely owned by the worm yet they're not doing anything is proof enough of this. Maybe a post to the _desktop_ would get through, but not likely. Log the IP and the attack and contact their ISP.
That's all I've been doing. Anything more and you can look forward to explaining to a bunch of lawyers why your eally weren't a Bad Guy.
Never forget that lawyers and plaintiffs have neither a sense of common decency nor common sense.
But it requires admin/power user privs and the rootshells spawned run under webserver user privs, which is to say you can call it but it won't do much.
Word on the street has it that the first Code Red worm contained a buffer overflow of its own: querying a default.ida with an overflow string of 64K of garbage would crash it out. Doubt the newer varieties have the same problem, but then again, k1dd10t5 aren't known for their innovative coding style...
...is the same reason that AOL dominates the ISP market: people by and large have crowd mentality about what they don't understand and they want what everyone else has, and everyone else has MP3s. MP3 is cheap and easy and a known quantity; it's the McDonald's of audio.
Convenience over quality: it doesn't get much simpler than that.
... that (paraphrasing here) "the only place for a just man in an unjust society is in jail."
Civil disobedience has a long, long history. There have been some major figures practicing it throughout history, but I don't think it's any one human's "creation".