avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • September 17, 2019, 03:54 AM
  • Proudly celebrating 13 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Gothi[c] [ switch to compact view ]

Pages: prev1 2 3 4 5 6 [7] 8 9 10 11 12 ... 32next
Mircryption / FreeBSD
« on: May 29, 2009, 08:03 PM »
Looks like Mircryption made it into FreeBSD's official port collection at some point or another! It's been in there since 2005.
I was hanging out with mouser and apparently he never knew about it! :)


[ excerpt from developer's web site with modifications ]

Mircryption is a free encryption add-on for the popular irc clients
mIRC and XChat. Features:

- Channel text, Private query windows, DCC Chats, Actions, Topics can
all be encrypted. All crypto-related algorithms used are taken from
published, common, trusted sources. Encryption algorithm is Blowfish
(no known vulnerabilities); encryption keys are themselves stored
in encrypted form.

- Supports CBC mode encryption.

- No need to modify the way you work - text is encrypted and decrypted
automatically; encryption status of conversations is clear but

- User-friendly key management routines; menu driven and easy to
temporarily disable & re-enable encryption on a channel, send plain
text quicky, etc.

LICENSE: free without any limitation

WWW: https://www.donation...ircryption/index.php


Usually you can just rm the files out of the maildir for the account in question.
It would help if you tell us what server software you're using (postfix/dovecot/qmail/exim/etc...).

It's not a security risk, it's a data loss risk.
Relying on one single backup strategy is what gets most people screwed.
Single point of failure.

That said, I can't blame them. The site was 100% run by hobbyists for fun. None of them were professional server administrators...

Avsim had thousands of custom user-made aircraft, repaints, and other addons for the ms flight simulator series. Only ONE such addon takes the typical user MONTHS of work. This is 13 years of user contributed HARD work down the drain. The loss of work here is very tragic to say the least...

Personally I would have never felt comfortable just relying on server to server backups, when 13 years of user contributed work is at stake. However, not being professional admins, they probably thought their server-to-server backup system was pretty clever.
Server-to-server backup is a good layer to have in a backup system. But it shouldn't be the only one. Not if you have that much at stake...

That said, unfortunately, even with multiple redundant strategies in place, something can and will always go wrong, that you haven't thought of before.

In their defense, backing up such a huge set of data is not that easy. You can't just go download 13 years of flightsim mod development. One simple plane model with textures, effects, etc... can go upto 40MB or more... I can't even begin to imagine the amount of data they had on there... I don't know if it was dedicated or colocated servers, but it seems to me that the only way to do this in full (non/incremental) without killing your bandwidth or waiting for the transfer to finish into eternity is by sneakernet, and if it was a dedicated server, they wouldn't have had access to the datacenter to make a copy of the hard drive(s). The difficulties in making a full backup of such vast amounts of data is probably what made them put it off...

Living Room / Re: whats that smell???
« on: May 15, 2009, 12:31 PM »
or could be documenting they were affected in the event a liability lawsuit comes out of it.  Easy way to make some money.

Most plausible thing I heard so far :D

Living Room / Re: whats that smell???
« on: May 14, 2009, 12:44 AM »
If you watch the vid Goth Man, she recently had nasal surgery and can't smell anything.

So? She still inhales, doesn't she?
If it were truly chemicals or spores or whatever (ie, something truly harmful), then she would also be affected.

Living Room / Re: whats that smell???
« on: May 14, 2009, 12:16 AM »
I think, just the fact that the person cleaning the fridge wasn't affected; probably means that a lot of people were overreacting :p

FPGA == supercomputing? O_o
No, the idea is to build a cluster of FPGA's for specific purposes...
Gothic, how many normal people take on programming?
A lot? but they take on stuff like javascript and vb :)

Anyway, it's just a general observation that the bar for what is considered geeky is getting lower and lower. Now yuppies that throw money against a bunch of gadgets are geeks too...  :-\

I'm going back into hiding now :)

I don't like 'top lists'... but the bulk of these things are things normal (l)users would do. not geeks.... the first things that come to mind would be inventing a time machine, a warp drive, and stuff like that... then stuff like designing a new computer architecture and writing an OS for it, or do some super-computing with FPGA's. One of the applications are decrypting gsm signals in near-real-time. Grabbing all kinds of stuff obscure digital stuff out of the air with modded radio's is fun too. The GNU radio project has it's own hardware and software for playing with these things... etc... but not any of the stuff on that list :) Seriously... learning javascript? writing a wordpress theme? Since when is stuff like that geeky? The java syntax is so simple, infants should be able to do it without effort. In fact, learning any computer language I would consider non-geeky, as any self-respecting geek would grok the syntax of any language within a few hours to a day, depending on the language. Really learning the in's and out's of a language is something done by using it every day over the years, which I don't think is what the author had in mind... meh. Ah, and according to that guy, using tinyurl is geeky now too. Aaaaarghjkllllllll.

Hey, they mentioned us :) nice find :D

Q1: Can humans distinguish between fact and opinion easily? Do they?

Perhaps, question 0 should be, can there be a difference, in practice, between the two?

For example, take the most fact-based community of them all, the scientific one. Earth was flat, earth is round. Light moves in waves, light moves in particles, no it's really both; electricity goes from negative to positive, no electricity moves from positive to negative, etc....

Many of these things were perceived as fact, yet false. The truth is, we never know 100% whether a fact is really a fact. A fact is a really dirty word in my opinion. Our senses, minds, and logic can deceive us, and the minute we think something is a fact, we are being very arrogant indeed.

One could argue that fact is opinion with proof. But then proof can invalidate itself too, just like opinions.

The word 'fact', implies a static universe, where truth can be static, with a non-relative reality. That's simply not how our universe works. (and that being an opinion too, we reach quite a paradox indeed :D)

So, what I'm getting at is, trying to implement methods to differentiate between fact and opinion is an exercise in futility (in my opinion :D).

I'd go even further, and saying that sticking to perceived fact, and tuning out anything else, is diminishing your chances to discover that your perceived fact is incorrect, which is quite damaging to innovation if you ask me :D

Flynn and rubber ducky have been part of gkrellm on *nix for ages.
I still use it daily.

Flynn in gkrellm screenshot (to the left):

This one shows rubber ducky in gkrellm (to the right) (not mine):


The thought of a windows command that could format windows from inside windows. Can you imagine the support calls?
-mediaguycouk (May 01, 2009, 03:52 AM)

Unfortunately it seems it can only overwrite unused data, so you wouldn't be able to erase windows while running it. (So you probably leave a lot of registry data behind etc)

I'd be interesting if someone were to find a tool to wipe the entire OS. as you're running it, remotely, just like you can on *nix.

So far it looks like a boot disk (eg dban) is the best solution, but usually (but not always) that requires physical access. Softlayer for example, lets you mount remote media, so it would be possible to pull it off there, but I don't think many other hosts offer that feature, and often the budget limits the choices you have.

I submit that "New user" could be inferred as deprecatory whereas post count is non-judgmental.

I think they both could be interpreted as either, depending on who is doing the interpreting. :)

Then maybe instead of a post count, there should just be a "new user" tag added under certain conditions. (e.g., if post count is less than 5 and user registered less than 1 month ago).

Gothi[c]: it actually is safer - while it was affected by the JBIG2 issue (used same rerefrence library, I betcha) the crash wasn't code-executable exploitable as with Adobe. You could call this "by obscurity" if you insist, but nobody has shown that FR is exploitable through this bug, afaik. And for basically all the other AR exploits, Foxit hasn't been vulnerable - that would would simply be because of less bugs.

Yes, I call that obscurity :) The only reason nobody has shown foxit isn't vulnerable is because it's not as big a target as acrobat, not because the software is not exploitable.

That said, I would have to agree that adobe has indeed shown incompetence with their slow response times etc.
I can't say they practice bad coding habits (though it may be likely) since the software is closed source. It's not because a piece of software has many heap overflows, that the developers are incompetent. All complex software has those. What is incompetent is their slow patch time and unresponsiveness, but whether or not that is to blame on the coding team or internal politics/management is a different issue.
I don't know what's going on there, and as it's closed source, I can't judge the quality of it, and definitively not the people that have been writing it.

Foxit may have less bugs because it's less bloated and simpler. Which is only natural. I'm not bashing foxit here. I'm just trying to point out the fact that when people say less used application x is more secure because it has less discovered bugs/vulnerabilities than popular application y, they are advocating obscurity, not security, and the fact that the vulnerability is present in both applications is a good reminder of that.

I wish we wouldn't show post count either.

I don't care because i use Foxit reader for my PDF viewing needs, works pretty well.

Every time there is a thread on an adobe vulnerability, everyone is always quick to say that foxit is better or safer etc...

I hate to break it to you, but it's not. It's just more obscure.

In fact, foxit is implementing JBIG in the same was as adobe, and is also listed as vulnerable.

This nice video explains (and mentions foxit):

Use text-only browsers, email, etc... ! the only way! :) (And even then there is risk (there have been vulnerabilities in vim, for example)

I don't think I like the idea of karma and voting or anything that creates 'elitism' or divides members in any way.

Living Room / Re: Interesting Discovery Involving Rented Servers
« on: April 29, 2009, 10:26 AM »
Didn't know it happens in server-land. You'd think people would have half a clue...

Most people assume the hosting company wipes the drive before reusing it. Obviously they don't. Most just do a simple format, which leaves all the data intact.

eg: mk2fs -j /dev/sda1 - which is what your typical GNU/Linux distro install cd runs to format the hd, does not null the hd. It only creates the inodes table to hold the links of files to the raw data. (like the file allocation table in fat16/32 or the master file table on ntfs)

Most people, including hosting companies, just figure that when they delete the partition, and reinstall another OS, all old data is gone.

Living Room / Re: Intresting discovery involving rented servers
« on: April 29, 2009, 09:13 AM »
It's quite a disturbing discovery with some serious implications.

Hollow's server is a GNU/Linux server, and he was able to tell, just from looking at the raw harddrive data (which is a simple oneliner command on GNU/Linux: eg: strings /dev/sda), that the previous user ran windows on it. He was able to retrieve pieces of registry data, emails, and other data.

What this means:
  • Say you decide to move hosts, or discontinue a server, the next person that gets your hard drive (hosting companies recycle a lot, of course), also gets all of your data, if you don't properly wipe your hard drive before discontinuing the server.
  • When you get a new server, all the old data is still floating around on the hard drive, just invisible to your OS.
    This means that if your server were ever subjected to an investigation by authorities for whatever reason, and the old owner had illegal material on it, they could easily think it's data you deleted.
    Thus it is a good idea to not only wipe the hard drive when leaving a host, but also when getting a new server.

How to properly wipe data:

Obviously, if the data survives a reformat, it will also survive when you simply delete the files.

The only way to be certain the data is gone, is by actually overwriting the physical data on the disk with random data.

On GNU/Linux there is an utility called 'shred' which offers a secure way of removing files by overwriting the physical data multiple times with random data, unlike 'rm' which only removes the links to the physical data, so the file 'appears' gone.

Alternatively you can use dd to overwrite the entire harddrive like so:
dd if=/dev/urandom of=/dev/sda
(where sda = the harddrive to erase of course)

Perhaps someone can give some tips on what to use on windows servers to properly wipe data.
The problem on windows is that the OS typically stops working when it's erasing itself :) (which is not the case on *nix when you use a statically linked application that can run from memory, like dd).

I have always been aware that data is not removed after a reformat or after removing a file. Though I must admit I never connected the dots, thinking about the implications when it comes to server hosting.
I think this practical experiment hollow did, clearly illustrates that the dangers of not wiping data are real!
Thanks hollow!

How about making viewing easier, but still allow for sorting.

Keep what you have, but add buttons on top for 'sort by'...

I don't see why you would all of a sudden have to lose your sorting ability using this UI approach...

And yes, great post :)

wow! kinda harsh...
I don't know :) My initial idea was making it black-on-black so nobody can read it! (without selecting the text or viewing it in a text browser)

Maybe I should do a browser detection. If javascript is enabled:
" Error. Javascript is enabled. Please use a browser without javascript support. "

(Like the reverse of what some sites do)

Developer's Corner / Re: Panda3d - nice looking new 3d game engine
« on: April 21, 2009, 02:20 AM »
Correcting my ancient previous post here...

Panda is 100% open now and making great progress.

It's really great to use, both in python and C++.

The new maintainer of the FOSS release is putting more effort in the C++ documentation.
I am currently using the C++ side of things in a project, and it's been great to work with.
They just released 1.6.0 which has a lot of nice additions.

This is a really great engine. Whether you're wanting to make the next great mmorpg or you're just learning to code. (Disney's pirates mmorpg was made using this engine)

.. Of course, the opposite is true as well:
Why should I make a switch button when 99% of the internet that makes MY eyes hurt doesn't have one.

Well, I'm fully aware that my preferences are not most people's preferences, I hope I made that clear. That's why I stressed that 'one size fits all' never works.

Pages: prev1 2 3 4 5 6 [7] 8 9 10 11 12 ... 32next