The more things change, the more they stay the same.

Message boards : Technical News : The more things change, the more they stay the same.

To post messages, you must log in.

Previous · 1 · 2 · 3 · 4 · 5 · 6 · 7 · 8 . . . 10 · Next

AuthorMessage
Profile Gary CharpentierCrowdfunding Project Donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 18644
Credit: 21,473,336
RAC: 19,834
United States
Message 974850 - Posted: 28 Feb 2010, 20:55:53 UTC - in response to Message 974826.  

But *nix doesn't get hacked! Surely it must have been a Windows machine that caused all the problems...

Well if helps if the password isn't password!

ID: 974850 · Report as offensive
OzzFan
Volunteer tester
Avatar

Send message
Joined: 9 Apr 02
Posts: 15117
Credit: 45,511,071
RAC: 46,845
United States
Message 974856 - Posted: 28 Feb 2010, 21:17:05 UTC - in response to Message 974850.  

But *nix doesn't get hacked! Surely it must have been a Windows machine that caused all the problems...

Well if helps if the password isn't password!


Damn! Now I have to change all my passwords.

ID: 974856 · Report as offensive
Profile Ageless
Avatar

Send message
Joined: 9 Jun 99
Posts: 13819
Credit: 3,269,733
RAC: 0
Netherlands
Message 974866 - Posted: 28 Feb 2010, 21:46:14 UTC - in response to Message 974856.  

But *nix doesn't get hacked! Surely it must have been a Windows machine that caused all the problems...

Well if helps if the password isn't password!


Damn! Now I have to change all my passwords.

Set it to Admin? :-)
Jord

Ancient Astronaut Theorists suggest that in many ways, you can be considered an alien conspiracy!

ID: 974866 · Report as offensive
Profile RottenMutt
Avatar

Send message
Joined: 15 Mar 01
Posts: 1011
Credit: 230,274,184
RAC: 0
United States
Message 974867 - Posted: 28 Feb 2010, 21:47:41 UTC

what's up the cricket graphs are pulsing???


ID: 974867 · Report as offensive
Profile Gary CharpentierCrowdfunding Project Donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 18644
Credit: 21,473,336
RAC: 19,834
United States
Message 974890 - Posted: 28 Feb 2010, 23:26:43 UTC - in response to Message 974866.  

But *nix doesn't get hacked! Surely it must have been a Windows machine that caused all the problems...

Well if helps if the password isn't password!


Damn! Now I have to change all my passwords.

Set it to Admin? :-)

While you are at it, tell the world with a blog post the exact version and service pack of the O/S you are running so they can look up a known exploit.


ID: 974890 · Report as offensive
Eric KorpelaProject Donor
Volunteer moderator
Project administrator
Project developer
Project scientist
Avatar

Send message
Joined: 3 Apr 99
Posts: 1203
Credit: 17,408,615
RAC: 7,353
United States
Message 975044 - Posted: 1 Mar 2010, 16:09:15 UTC - in response to Message 974826.  

But *nix doesn't get hacked! Surely it must have been a Windows machine that caused all the problems...


There were two problems, neither unix specific. One was a developer. He wrote two scripts that didn't properly sanitize their parameters. The other was a configuration problem that allowed php to be run in any directory that the web server could see.
@SETIEric

ID: 975044 · Report as offensive
Profile FrostKing9
Avatar

Send message
Joined: 20 Oct 01
Posts: 39
Credit: 23,815,960
RAC: 0
United States
Message 975057 - Posted: 1 Mar 2010, 16:41:06 UTC

I just discovered another small problem.

On the YOUR ACCOUNT page... next to CERTIFICATE... when I click on ACCOUNT, TEAM or CROSS-PROJECT I no longer get an options page. It immediately brings up the actual certificate.

Yep, it's a small problem... but one that Eric or Matt may want to look into.




I DONATE money to SETI@home.... DO YOU?

I'm just slowly BOINC'ing along.

Hey... ET... you have a sister who likes earthlings?

ID: 975057 · Report as offensive
OzzFan
Volunteer tester
Avatar

Send message
Joined: 9 Apr 02
Posts: 15117
Credit: 45,511,071
RAC: 46,845
United States
Message 975062 - Posted: 1 Mar 2010, 17:06:50 UTC - in response to Message 975044.  

But *nix doesn't get hacked! Surely it must have been a Windows machine that caused all the problems...


There were two problems, neither unix specific.


Somehow I was expecting something like this to be said.

ID: 975062 · Report as offensive
Profile tullioProject Donor
Volunteer tester

Send message
Joined: 9 Apr 04
Posts: 5715
Credit: 973,416
RAC: 2,790
Italy
Message 975070 - Posted: 1 Mar 2010, 17:33:39 UTC - in response to Message 974847.  

But *nix doesn't get hacked! Surely it must have been a Windows machine that caused all the problems...


Good one there OzzFan :)

UNIX *is* a hack. It evolved from a quick-and-dirty lab experiment that got loose, and security was never designed into it from the ground up. The same holds for the more popular UNIX staples like NFS: hack upon hack and no security to speak of under the hood. Compared to other OSes Unices are comparatively easy to compromise if one has access to a system login or if one can remotely convince a daemon to spawn a shell. UNIX is not the best OS out there, it is merely one of the less horrible ones.

Flamesuit : I'm UNIX admin by trade.

AFAIK Unix evolved from the Multics project which was intended to be a secure OS but never met its design goals. Then two guys from Bell Labs took the basic Multics ideas and developed a small and working OS by the principle "keep it small keep it simple".The rest is history. Now about 90% of the top500 list run Linux (a UNIX clone) and other UNIX variants. Not bad for a "quick and dirty lab experiment".
Tullio

ID: 975070 · Report as offensive
Profile Gary CharpentierCrowdfunding Project Donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 18644
Credit: 21,473,336
RAC: 19,834
United States
Message 975148 - Posted: 1 Mar 2010, 21:54:16 UTC - in response to Message 975044.  

But *nix doesn't get hacked! Surely it must have been a Windows machine that caused all the problems...


There were two problems, neither unix specific. One was a developer. He wrote two scripts that didn't properly sanitize their parameters. The other was a configuration problem that allowed php to be run in any directory that the web server could see.

Ah, typical Apache problems.

So before any script gets deployed in the future, /dev/random gets piped to it? :)

ID: 975148 · Report as offensive
Eric KorpelaProject Donor
Volunteer moderator
Project administrator
Project developer
Project scientist
Avatar

Send message
Joined: 3 Apr 99
Posts: 1203
Credit: 17,408,615
RAC: 7,353
United States
Message 975154 - Posted: 1 Mar 2010, 22:09:42 UTC - in response to Message 975148.  

More like: If anyone wants to deploy a script for personal use, they have to swallow /dev/random and then survive being thrown in /dev/null. Regardless of whether they survive or not, the answer is still "No!"


@SETIEric

ID: 975154 · Report as offensive
OzzFan
Volunteer tester
Avatar

Send message
Joined: 9 Apr 02
Posts: 15117
Credit: 45,511,071
RAC: 46,845
United States
Message 975184 - Posted: 2 Mar 2010, 0:53:11 UTC - in response to Message 975154.  

Is there really any way to survive /dev/null?


ID: 975184 · Report as offensive
Profile Gary CharpentierCrowdfunding Project Donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 18644
Credit: 21,473,336
RAC: 19,834
United States
Message 975187 - Posted: 2 Mar 2010, 1:42:21 UTC - in response to Message 975154.  

Personal? ! !!!

I've got a yard arm you can borrow if you need to string someone up.


ID: 975187 · Report as offensive
Profile Gary CharpentierCrowdfunding Project Donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 18644
Credit: 21,473,336
RAC: 19,834
United States
Message 975189 - Posted: 2 Mar 2010, 1:43:49 UTC - in response to Message 975184.  

Is there really any way to survive /dev/null?

No one has come back after crossing the river Styx so we don't know.

ID: 975189 · Report as offensive
John McLeod VII
Volunteer developer
Volunteer tester
Avatar

Send message
Joined: 15 Jul 99
Posts: 24806
Credit: 754,585
RAC: 65
United States
Message 975232 - Posted: 2 Mar 2010, 3:51:01 UTC - in response to Message 975189.  

Is there really any way to survive /dev/null?

No one has come back after crossing the river Styx so we don't know.

And here I thought /dev/nul was a black hole.


BOINC WIKI

ID: 975232 · Report as offensive
Profile KWSN THE Holy Hand Grenade!
Volunteer tester
Avatar

Send message
Joined: 20 Dec 05
Posts: 2581
Credit: 34,757,194
RAC: 20,054
United States
Message 975331 - Posted: 2 Mar 2010, 16:42:07 UTC

I hate to throw another wrench into things, but there appears to be something wrong with the stats export for S@H: non of the stats websites have any record of the almost 7k of credits I've been awarded over the past three days...


.

ID: 975331 · Report as offensive
Profile arkaynProject Donor
Volunteer tester
Avatar

Send message
Joined: 14 May 99
Posts: 4097
Credit: 51,576,341
RAC: 968
United States
Message 975345 - Posted: 2 Mar 2010, 17:22:08 UTC - in response to Message 975331.  

See this thread for a small update.
http://setiathome.berkeley.edu/forum_thread.php?id=58940



ID: 975345 · Report as offensive
Profile FrostKing9
Avatar

Send message
Joined: 20 Oct 01
Posts: 39
Credit: 23,815,960
RAC: 0
United States
Message 975501 - Posted: 3 Mar 2010, 16:30:00 UTC
Last modified: 3 Mar 2010, 16:37:03 UTC

KNOCK, KNOCK, KNOCK.... on wood. It's running very good.... thus far.

But the really minor problem I mentioned ^^ there, in Message 975057 is still present.




I DONATE money to SETI@home.... DO YOU?

I'm just slowly BOINC'ing along.

Hey... ET... you have a sister who likes earthlings?

ID: 975501 · Report as offensive
Profile Dirk Sadowski
Volunteer tester

Send message
Joined: 6 Apr 07
Posts: 7066
Credit: 101,527,909
RAC: 83,450
Germany
Message 975571 - Posted: 3 Mar 2010, 21:01:15 UTC


Ohh.. I got two 'validate errors'.. 'hostid=5069275'

Maybe someone could let run the 'famous script'?


____________
[Optimized project applications, for to increase your PC performance (double RAC)!][Overview of abbreviations, which are used often in forum and their meaning.]


ID: 975571 · Report as offensive
parl

Send message
Joined: 22 May 04
Posts: 93
Credit: 2,735,365
RAC: 2,078
United States
Message 975617 - Posted: 4 Mar 2010, 2:00:02 UTC

If this is not the appropriate thread, I'd like to know which one is. I've looked around and don't see anything.

I'm not getting new tasks. I had set up my preferences to maintain enough work for 2 days (perhaps overly optimistic?). For a brief shining moment, I had a bunch of tasks but those days are gone, my friend; we thought they'd never end. . . .

Some others suggested having a front-page announcement of the degree of up or down status, but I expect that that would not be good PR. Still, a thread here in Technical News or perhaps over in Number Crunching would allow folks to check if they could expect work units any time soon.

Yes, fixing is more to the point than reporting and after a long problem time there'll be an even longer busy time, but perhaps a message at the beginning of an actual outage and another at the end (barring busy time when the world is hitting for more WU) would suffice.

Ross


ID: 975617 · Report as offensive
Previous · 1 · 2 · 3 · 4 · 5 · 6 · 7 · 8 . . . 10 · Next

Message boards : Technical News : The more things change, the more they stay the same.


 
©2016 University of California
 
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.