The more things change, the more they stay the same.


log in

Advanced search

Message boards : Technical News : The more things change, the more they stay the same.

Previous · 1 · 2 · 3 · 4 · 5 · 6 · 7 · 8 . . . 10 · Next
Author Message
Profile Gary Charpentier
Volunteer tester
Avatar
Send message
Joined: 25 Dec 00
Posts: 11732
Credit: 5,969,877
RAC: 0
United States
Message 974850 - Posted: 28 Feb 2010, 20:55:53 UTC - in response to Message 974826.

But *nix doesn't get hacked! Surely it must have been a Windows machine that caused all the problems...

Well if helps if the password isn't password!

____________

OzzFan
Volunteer tester
Avatar
Send message
Joined: 9 Apr 02
Posts: 13307
Credit: 27,856,439
RAC: 15,778
United States
Message 974856 - Posted: 28 Feb 2010, 21:17:05 UTC - in response to Message 974850.

But *nix doesn't get hacked! Surely it must have been a Windows machine that caused all the problems...

Well if helps if the password isn't password!


Damn! Now I have to change all my passwords.
____________

Profile Ageless
Avatar
Send message
Joined: 9 Jun 99
Posts: 12128
Credit: 2,519,735
RAC: 280
Netherlands
Message 974866 - Posted: 28 Feb 2010, 21:46:14 UTC - in response to Message 974856.

But *nix doesn't get hacked! Surely it must have been a Windows machine that caused all the problems...

Well if helps if the password isn't password!


Damn! Now I have to change all my passwords.

Set it to Admin? :-)
____________
Jord

Loving awareness is free.

Profile RottenMutt
Avatar
Send message
Joined: 15 Mar 01
Posts: 992
Credit: 207,638,286
RAC: 11,769
United States
Message 974867 - Posted: 28 Feb 2010, 21:47:41 UTC

what's up the cricket graphs are pulsing???
____________

Profile Gary Charpentier
Volunteer tester
Avatar
Send message
Joined: 25 Dec 00
Posts: 11732
Credit: 5,969,877
RAC: 0
United States
Message 974890 - Posted: 28 Feb 2010, 23:26:43 UTC - in response to Message 974866.

But *nix doesn't get hacked! Surely it must have been a Windows machine that caused all the problems...

Well if helps if the password isn't password!


Damn! Now I have to change all my passwords.

Set it to Admin? :-)

While you are at it, tell the world with a blog post the exact version and service pack of the O/S you are running so they can look up a known exploit.


____________

Eric Korpela
Volunteer moderator
Project administrator
Project developer
Project scientist
Avatar
Send message
Joined: 3 Apr 99
Posts: 1076
Credit: 7,777,513
RAC: 6,982
United States
Message 975044 - Posted: 1 Mar 2010, 16:09:15 UTC - in response to Message 974826.

But *nix doesn't get hacked! Surely it must have been a Windows machine that caused all the problems...


There were two problems, neither unix specific. One was a developer. He wrote two scripts that didn't properly sanitize their parameters. The other was a configuration problem that allowed php to be run in any directory that the web server could see.
____________

Profile FrostKing9
Avatar
Send message
Joined: 20 Oct 01
Posts: 39
Credit: 23,815,960
RAC: 0
United States
Message 975057 - Posted: 1 Mar 2010, 16:41:06 UTC

I just discovered another small problem.

On the YOUR ACCOUNT page... next to CERTIFICATE... when I click on ACCOUNT, TEAM or CROSS-PROJECT I no longer get an options page. It immediately brings up the actual certificate.

Yep, it's a small problem... but one that Eric or Matt may want to look into.


____________


I DONATE money to SETI@home.... DO YOU?

I'm just slowly BOINC'ing along.

Hey... ET... you have a sister who likes earthlings?

OzzFan
Volunteer tester
Avatar
Send message
Joined: 9 Apr 02
Posts: 13307
Credit: 27,856,439
RAC: 15,778
United States
Message 975062 - Posted: 1 Mar 2010, 17:06:50 UTC - in response to Message 975044.

But *nix doesn't get hacked! Surely it must have been a Windows machine that caused all the problems...


There were two problems, neither unix specific.


Somehow I was expecting something like this to be said.
____________

Profile tullio
Send message
Joined: 9 Apr 04
Posts: 3403
Credit: 345,196
RAC: 96
Italy
Message 975070 - Posted: 1 Mar 2010, 17:33:39 UTC - in response to Message 974847.

But *nix doesn't get hacked! Surely it must have been a Windows machine that caused all the problems...


Good one there OzzFan :)

UNIX *is* a hack. It evolved from a quick-and-dirty lab experiment that got loose, and security was never designed into it from the ground up. The same holds for the more popular UNIX staples like NFS: hack upon hack and no security to speak of under the hood. Compared to other OSes Unices are comparatively easy to compromise if one has access to a system login or if one can remotely convince a daemon to spawn a shell. UNIX is not the best OS out there, it is merely one of the less horrible ones.

Flamesuit : I'm UNIX admin by trade.

AFAIK Unix evolved from the Multics project which was intended to be a secure OS but never met its design goals. Then two guys from Bell Labs took the basic Multics ideas and developed a small and working OS by the principle "keep it small keep it simple".The rest is history. Now about 90% of the top500 list run Linux (a UNIX clone) and other UNIX variants. Not bad for a "quick and dirty lab experiment".
Tullio

____________

Profile Gary Charpentier
Volunteer tester
Avatar
Send message
Joined: 25 Dec 00
Posts: 11732
Credit: 5,969,877
RAC: 0
United States
Message 975148 - Posted: 1 Mar 2010, 21:54:16 UTC - in response to Message 975044.

But *nix doesn't get hacked! Surely it must have been a Windows machine that caused all the problems...


There were two problems, neither unix specific. One was a developer. He wrote two scripts that didn't properly sanitize their parameters. The other was a configuration problem that allowed php to be run in any directory that the web server could see.

Ah, typical Apache problems.

So before any script gets deployed in the future, /dev/random gets piped to it? :)

____________

Eric Korpela
Volunteer moderator
Project administrator
Project developer
Project scientist
Avatar
Send message
Joined: 3 Apr 99
Posts: 1076
Credit: 7,777,513
RAC: 6,982
United States
Message 975154 - Posted: 1 Mar 2010, 22:09:42 UTC - in response to Message 975148.

More like: If anyone wants to deploy a script for personal use, they have to swallow /dev/random and then survive being thrown in /dev/null. Regardless of whether they survive or not, the answer is still "No!"
____________

OzzFan
Volunteer tester
Avatar
Send message
Joined: 9 Apr 02
Posts: 13307
Credit: 27,856,439
RAC: 15,778
United States
Message 975184 - Posted: 2 Mar 2010, 0:53:11 UTC - in response to Message 975154.

Is there really any way to survive /dev/null?
____________

Profile Gary Charpentier
Volunteer tester
Avatar
Send message
Joined: 25 Dec 00
Posts: 11732
Credit: 5,969,877
RAC: 0
United States
Message 975187 - Posted: 2 Mar 2010, 1:42:21 UTC - in response to Message 975154.

Personal? ! !!!

I've got a yard arm you can borrow if you need to string someone up.

____________

Profile Gary Charpentier
Volunteer tester
Avatar
Send message
Joined: 25 Dec 00
Posts: 11732
Credit: 5,969,877
RAC: 0
United States
Message 975189 - Posted: 2 Mar 2010, 1:43:49 UTC - in response to Message 975184.

Is there really any way to survive /dev/null?

No one has come back after crossing the river Styx so we don't know.

____________

John McLeod VII
Volunteer developer
Volunteer tester
Avatar
Send message
Joined: 15 Jul 99
Posts: 23702
Credit: 493,333
RAC: 128
United States
Message 975232 - Posted: 2 Mar 2010, 3:51:01 UTC - in response to Message 975189.

Is there really any way to survive /dev/null?

No one has come back after crossing the river Styx so we don't know.

And here I thought /dev/nul was a black hole.
____________


BOINC WIKI

Profile KWSN THE Holy Hand Grenade!
Volunteer tester
Avatar
Send message
Joined: 20 Dec 05
Posts: 1830
Credit: 7,537,700
RAC: 22,413
United States
Message 975331 - Posted: 2 Mar 2010, 16:42:07 UTC

I hate to throw another wrench into things, but there appears to be something wrong with the stats export for S@H: non of the stats websites have any record of the almost 7k of credits I've been awarded over the past three days...
____________
.

Profile arkayn
Volunteer tester
Avatar
Send message
Joined: 14 May 99
Posts: 3543
Credit: 46,151,715
RAC: 30,673
United States
Message 975345 - Posted: 2 Mar 2010, 17:22:08 UTC - in response to Message 975331.

See this thread for a small update.
http://setiathome.berkeley.edu/forum_thread.php?id=58940
____________

Profile FrostKing9
Avatar
Send message
Joined: 20 Oct 01
Posts: 39
Credit: 23,815,960
RAC: 0
United States
Message 975501 - Posted: 3 Mar 2010, 16:30:00 UTC
Last modified: 3 Mar 2010, 16:37:03 UTC

KNOCK, KNOCK, KNOCK.... on wood. It's running very good.... thus far.

But the really minor problem I mentioned ^^ there, in Message 975057 is still present.
____________


I DONATE money to SETI@home.... DO YOU?

I'm just slowly BOINC'ing along.

Hey... ET... you have a sister who likes earthlings?

Profile [seti.international] Dirk Sadowski
Volunteer tester
Avatar
Send message
Joined: 6 Apr 07
Posts: 6969
Credit: 57,088,948
RAC: 22,614
Germany
Message 975571 - Posted: 3 Mar 2010, 21:01:15 UTC


Ohh.. I got two 'validate errors'.. 'hostid=5069275'

Maybe someone could let run the 'famous script'?


____________
[Optimized project applications, for to increase your PC performance (double RAC)!][Overview of abbreviations, which are used often in forum and their meaning.]
____________
BR



>Das Deutsche Cafe. The German Cafe.<

parl
Send message
Joined: 22 May 04
Posts: 83
Credit: 1,190,628
RAC: 1,374
United States
Message 975617 - Posted: 4 Mar 2010, 2:00:02 UTC

If this is not the appropriate thread, I'd like to know which one is. I've looked around and don't see anything.

I'm not getting new tasks. I had set up my preferences to maintain enough work for 2 days (perhaps overly optimistic?). For a brief shining moment, I had a bunch of tasks but those days are gone, my friend; we thought they'd never end. . . .

Some others suggested having a front-page announcement of the degree of up or down status, but I expect that that would not be good PR. Still, a thread here in Technical News or perhaps over in Number Crunching would allow folks to check if they could expect work units any time soon.

Yes, fixing is more to the point than reporting and after a long problem time there'll be an even longer busy time, but perhaps a message at the beginning of an actual outage and another at the end (barring busy time when the world is hitting for more WU) would suffice.

Ross
____________

Previous · 1 · 2 · 3 · 4 · 5 · 6 · 7 · 8 . . . 10 · Next

Message boards : Technical News : The more things change, the more they stay the same.

Copyright © 2014 University of California