route6d resulting in FreeBSD 5.2 kernel panics
Friday, February 27th, 2004We finally foun d why wsa crashing all the time – or at least we found out how to stop it: deactivate route6d. We have to further Investigate.
Archive for February, 2004
Book on the Be File System
Friday, February 27th, 2004The BeBox and BeOS have been one of the most impressive projects of their time. The speed and responsiveness of that operating system is still unequalled in my point of view. Among the really cool features was the underlying file system (Be File System, BFS) which allowed for instantaneous searching, a feature I am still waiting for on Mac OS X.
Dominic Giampaolo is the author of that file system and once wrote a book on it: Practical File System Design with the Be File System. As this book is out of print now, the author has published the book in PDF. His home page states that Dominic is working for Apple now – in the file system group. So there is hope.
Insecure Programming
Wednesday, February 25th, 2004Over at the nerxs.de wiki we have started collecting Links on InsecureProgramming. Kudos to robotnik for the links on BufferOverflows.
Mac OS X.3 and IPv6
Thursday, February 19th, 2004
Apple claims MacOS X.3 (”Panther”) is supporting IPv6. It does somewhat – but basically everything more complex than ping6 has some very rough edges or is completely broken.
Safari Older Safari versions where able to handle IPv6 addresses in URLs (like http://[2001:200:0:8002:203:47ff:fea5:3085]/#) the Panther-Safari doesn’t. Safari can access Servers only reachable via IPv6, but only if they have no IPv4 Address at all.
BTW: Safari 1.0 can handle URLS like http://[3ffe:bc0:861:1234:250:4ff:fe3b:8c9c]/ but not URLs with IPv6 only hostnames in it.
NFS, WebDAV & friends via the Finder only work with IPv4 servers.
Subject: Newsletter 2004
Tuesday, February 17th, 2004Dann doch lieber den echten ehrlichen Spam:
Date: Mon, 16 Feb 04 14:58:54 GMT
From: "Erma Anthony"
Subject: Newsletter 2004
Read what women really think:
Over 72% of all women need a larger and thicker p e n i s to reach sexual orgasm.
94% of all women agree a larger p e n i s is a visual turn-on and believe that size does make a difference.
68% of all women are not pleased with their lovers' penis size.
76% of women want sex more often than their lovers' provide.
83% of all women fake orgasms on a regular basis.
93% of all women do not mention small penis size, for fear of hurting their lovers' feelings.
Make the woman in your life satisfied! Gain major inches in a few weeks! Don't be shy infront of the women!
We can help you out!
Super size it right Here
Wuaah: “94% of all women agree a larger p e n i s is a visual turn-on and believe that size does make a difference.” Never, ever! Am besten das ganze noch dezent in einem Tiger-Tanga verpacken.
Subject: Neues Script erfolgreich installiert!
Tuesday, February 17th, 2004
Date: Tue, 17 Feb 2004 16:46:06 +0100 (CET)
From:
Subject: Neues Script erfolgreich installiert! - 17-02-2004
Hallo,
Sie erhalten diesen Newsletter da Sie sich bei http://www.speedcrawler.de oder anderen Unternehmen dieser Gruppe angemeldet haben!
Wie angekündigt können wir Ihnen nun die neue Suchmaschine präsentieren und wir möchten Ihnen auch neue Features unseres Dienstes anzeigen.
Die POWER-Werbung!
Unsere neue Suchmaschine ist im Internet weit verstreut und auf der Nr.1-Suchmaschine Google, bei vielen Suchabfragen sehr gut gelistet.
Damit Sie die Bekanntheit unserer Suchmaschine ausnutzen können, bieten wir eine Power-Werbung an. Diese Art von Werbung beinhaltet folgendes:
Ihr Banner/Link wird eingesetzt...
... rechts neben dem Logo unserer Suchmaschine im Bannerrotator
... und auf der Startseite der Suchmaschine unter Webtipps (rechts oder links).
... und im Webkatalog an erster Stelle in den Einträgen, falls dieser Platz noch nicht vergeben ist.
... und im Webkatalog/Suchergebnisseite ganz unten unter den Webtipps.
... und in der Keyword-Werbung (ähnlich wie bei Google) auf der rechten Seite bei den Suchergebnissen.
... und wir stehen Ihnen mit Rat und Tat bei, wenn Sie mit Ihre Seite so gut wie möglich, einen nutzen aus der Werbung erzielen möchten.
Gehen Sie dazu auf folgenden LINK: http://www.speedcrawler.de/bestellen.php
Mit freundlichen Grüßen
Ihr Team von Speedcrawler.de
Wenn Sie keine News mehr erhalten möchten, mailen Sie mir bitte.
Ich mag dieses: “Nein, das ist kein Spam, Sie bekommen diese Mail, weil Sie sich bei uns oder auf irgendeiner Webseite dieser Welt für einen Newsletter eingetragen haben.” wirklich nicht mehr lesen.
Verflucht nochmal das hab ich nicht! Woher ich das weiß? WEIL ICH DIE ANGEMAILTE E-MAIL-ADRESSE NIEMALS, NIEMALS, ABER AUCH WIRKLICH NIEMALS !!! BENUTZE, UND NOCH NIE JEMALS BENUTZT HABE. Und langsam werde ich echt sauer!
Sunday, February 15th, 2004
At Unicomp you can still buy high Quality PC Keyboads of the kind offered with the original IBM PS/2 machines. Seems Unicomp brought the product line from Lexmark/IBM.
Remote Installing FreeBSD
Sunday, February 15th, 2004I found out that it is possible to install FreeBSD mostly via a serial console: Insert the Stock Install CD and if the boot loader Promt appears just type boot -h and you can manage the installation via a terminal attached to the first serial port.
orkut and security advisories
Saturday, February 14th, 2004I wrote to the orkut-team the following email:
Subject: identity theft possible!
hi,
this is an advisory for a possible “hole” in the orkut
software which allows for a identity theft or identity
takeover and possible malicios actions.
since your software does not allow removal of the
account via the webinterface by a logged in user, you
made it neccessary to provide username and realname
with an email to admin@orkut.com in which i may
ask for removal of my account.
given that my friendlist mostly consists of people
i personally know, its quite likely i know their username
(as most people pick nicknames, handles or whatever for
their username). orkut does not really make clear how
important it is that nobody knows your username, so many
people think of it as “nickname” first.
now, following scenario is easily creatable:
someone logs into orkut and chooses “larry” as his username
his realname being “larry laffer”. he is a friend of mine,
or at least i know him, so i know that in other communities
and on IM or Chat he uses “larry” as a pseudonym.
i now write a mail to admin@orkut.com with a faked envelope-from header, showing his email-adress (if even checked by your staff),
and ask for removal with a wild guess of username “larry” and
realname “larry laffer”. this will, ultimately, lead to removal
of his account, giving free both his username AND realname.
now i sign up as “larry laffer” with a username of “larry012423″
and upload his picture (which most likely will be around on
the web, or i have saved it before asking for removal), join
his communities, add his friends and WOOSH! i am him.
now, even if he will be back in the community he will be
having a hard time convincing people he is who he says he is,
and i can do whatever i want with his identity. think up what
fun that may be :)
fix:
allow removal of the account via web-interface only by a
logged in user. or, as a quickfix, by message via orkut
from the logged in user. this at least needs a password
of the account.
furthermore:
because of the above problems:
please change my username “oldusername” to “newusername”, my
realname is “My Realname”. notify me of taken action via
email to this address, thanks!
greets,
stephan
Safari, Apache 2 & Charsets
Monday, February 9th, 2004Apache2 comes with a enabled by default directive of AddDefaultCharset ISO-8859-1 which adds charset=ISO-8859-1 to the outgoing HTTP headers.
Before I had UTF-8 encoded content with this HTML-header:
<meta http-equiv="Content-Type"
content="text/html; charset=utf-8">
Now Apache2 also added an HTTP header stating a different charset. Turns out Apple’s Safari Browser ignores the HTML header in favor of the HTTP header and breaks the Display of ümlauts.