Register | Login | |||||
Main
| Memberlist
| Active users
| ACS
| Commons
| Calendar
| Online users Ranks | FAQ | Color Chart | Photo album | IRC Chat |
| |
Acmlm's Board - I2 Archive - - Posts by Cellar Dweller |
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
User | Post | ||
Cellar Dweller Flurry !!! Level: 27 Posts: 1/269 EXP: 107817 For next: 8342 Since: 03-15-04 From: Arkansas Since last post: 16 days Last activity: 34 min. |
| ||
Originally posted by Acmlm But I'd still have to do more changes all around to make sure everything is fine, and also so it works as a general AcmlmBoard and not just "Acmlm's Board" Why not just make a copy, edit out the SQL password, compress it, and upload it with a warning that it is unsupported? That should make do until an official release. |
|||
Cellar Dweller Flurry !!! Level: 27 Posts: 2/269 EXP: 107817 For next: 8342 Since: 03-15-04 From: Arkansas Since last post: 16 days Last activity: 34 min. |
| ||
The only way I know of to expoit a properly patched AcmlmBoard is to use JavaScript to steal cookies from other users. If your host provides log access you may be able to find out what steps the attacker takes in the process of performing the attack. The attacker could be exploiting any process on the server, so don't limit your search to AcmlmBoard. |
|||
Cellar Dweller Flurry !!! Level: 27 Posts: 3/269 EXP: 107817 For next: 8342 Since: 03-15-04 From: Arkansas Since last post: 16 days Last activity: 34 min. |
| ||
Actually, anyone who is a decent coder can write migration scripts. Someone who has a board running 1.8a and wants to upgrade might be the most motivated person for the job. For new installations, the lack of migration scripts is not a problem. |
|||
Cellar Dweller Flurry !!! Level: 27 Posts: 4/269 EXP: 107817 For next: 8342 Since: 03-15-04 From: Arkansas Since last post: 16 days Last activity: 34 min. |
| ||
I registered on some other AcmlmBoards, including the test board, and I hit reload many times. Other than that, I followed the same routine. | |||
Cellar Dweller Flurry !!! Level: 27 Posts: 5/269 EXP: 107817 For next: 8342 Since: 03-15-04 From: Arkansas Since last post: 16 days Last activity: 34 min. |
| ||
I have a copy of AcmlmBoard 1.8a, and I can certify that it does not encrypt password in cookies. Encrypting the cookies will not prevent them from being used, if they are stolen, because an attacker can put them in the local cookie jar. Not only can an attacker impersonate a user after doing that, (s)he can recover the plaintext password from some forms, such as the new reply form. |
|||
Cellar Dweller Flurry !!! Level: 27 Posts: 6/269 EXP: 107817 For next: 8342 Since: 03-15-04 From: Arkansas Since last post: 16 days Last activity: 34 min. |
| ||
While the board was offline I wrote a scanning script(and tested it on the test board). Here are the results for this board with the unused ids removed:
Looks like there are no new secret forums. The scanning script: lsforums.sh The raw output: newboardforums.txt |
|||
Cellar Dweller Flurry !!! Level: 27 Posts: 7/269 EXP: 107817 For next: 8342 Since: 03-15-04 From: Arkansas Since last post: 16 days Last activity: 34 min. |
| ||
I found the download site without asking. Before the Great Crash I found found an old thread where someone posted the name of the server that had the files. I don't exactly understand why the download URL is such a secret. I think this game of "keep away" is pointless. |
|||
Cellar Dweller Flurry !!! Level: 27 Posts: 8/269 EXP: 107817 For next: 8342 Since: 03-15-04 From: Arkansas Since last post: 16 days Last activity: 34 min. |
| ||
Has anyone noticed how DOS software always outperforms software for protected mode OSs? The DOS version of NESticle out performed every other NES emulator. The DOS version of DOOM outperformed the Windows version and the Linux version. I know why this is, but few people seem to care.Originally posted by Imajin At one time the FreeDOS home page had a banner depicting a protest where people were holding up signs such as "FREE EAST TIMOR". One guy was holding a sign that said "FreeDOS". |
|||
Cellar Dweller Flurry !!! Level: 27 Posts: 9/269 EXP: 107817 For next: 8342 Since: 03-15-04 From: Arkansas Since last post: 16 days Last activity: 34 min. |
| ||
I couldn't get the testing applet to work. I almost never touch type. When I had to touch type for school don't think I ever broke 20 wpm and I'm sure that I never broke 30 wpm. |
|||
Cellar Dweller Flurry !!! Level: 27 Posts: 10/269 EXP: 107817 For next: 8342 Since: 03-15-04 From: Arkansas Since last post: 16 days Last activity: 34 min. |
| ||
OS: Debian GNU/Linux 3.0 (woody) Linux 2.4.18 CPU: 233MHz PII RAM:192MB HD (/dev/hda) (boot): WDC AC24300L 4.3GB HD (/dev/hdb) (main): Maxtor 6L060J3 60GB Video Card: AGP S3 ViRGE/GX2 based Monitor: KDS XF-70 17" CRT Display: 1024x768 75Hz vsync Sound Card: Creative ViBRA16X (is a POS) Browser: Galeon 1.2.5 Uptimes: Now : 6 day(s), 10:54:43 running Linux 2.4.18-1-686 One : 116 day(s), 13:08:59 running Linux 2.4.16-686, ended Fri Feb 20 03:23:36 2004 Two : 52 day(s), 21:23:19 running Linux 2.4.16-686, ended Fri Mar 14 16:49:15 2003 Three: 35 day(s), 04:32:30 running Linux 2.4.16-686, ended Tue Oct 7 16:16:22 2003 (edited by Cellar Dweller on 03-20-04 04:11 PM) |
|||
Cellar Dweller Flurry !!! Level: 27 Posts: 11/269 EXP: 107817 For next: 8342 Since: 03-15-04 From: Arkansas Since last post: 16 days Last activity: 34 min. |
| ||
Originally posted by Yiffy Kitten I have read that a good way to clean the contacts on a RAM module is to put a little bit of water on the contacts and wipe with a pencil eraser. Let the contacts dry before reinstalling the module. It is important not to wipe the contacts with anything dry. The water prevents the buildup of static electricity. |
|||
Cellar Dweller Flurry !!! Level: 27 Posts: 12/269 EXP: 107817 For next: 8342 Since: 03-15-04 From: Arkansas Since last post: 16 days Last activity: 34 min. |
| ||
I double checked the book that I read that in. The procedure called for contact cleaner, but it still warned about dry wiping. The procedure is suggested for removing tin oxide from gold contacts when the contact platings on the RAM module and the socket it was in did not match. I nearly fried an ATA interface back in 2000 when I was installing a new hard disk in my main computer(a 486 at the time). I got up out of a chair, and picked up the end of the cable without touching the chassis first. I heard and felt a discharge. It was a relief to find out that it was ground pin that I touched. (edited by Cellar Dweller on 03-21-04 05:22 AM) |
|||
Cellar Dweller Flurry !!! Level: 27 Posts: 13/269 EXP: 107817 For next: 8342 Since: 03-15-04 From: Arkansas Since last post: 16 days Last activity: 34 min. |
| ||
Those who are curious but don't want to scar themselves can read the article "shock site" from Wikipedia.(no link provided; look it up yourself) Be careful about where you click while reading it. | |||
Cellar Dweller Flurry !!! Level: 27 Posts: 14/269 EXP: 107817 For next: 8342 Since: 03-15-04 From: Arkansas Since last post: 16 days Last activity: 34 min. |
| ||
if you don't mind falling back on C library functions you could input a string and process it with strtod() . The code should look something like this:
|
|||
Cellar Dweller Flurry !!! Level: 27 Posts: 15/269 EXP: 107817 For next: 8342 Since: 03-15-04 From: Arkansas Since last post: 16 days Last activity: 34 min. |
| ||
I wrote a simple hack for AcmlmBoard 1.8a that allows users to receive notification whenever there is activity. If anyone thinks that this might be useful, I can finish the code and provide patching instructions. Receiving the notifications requires a program that can receive and display UDP packets. I used netcat to receive the packets.To use the system the user first subscribes to the notifications through online.php. The user supplies an IP address and a port for the notifications to be sent to. The supplied destination address as saved to the DB along with a time in the future that the subscription should expire. When there is activity, layout.php reads the the subscription list and sends an UDP packet to each person on the list. The packet contains the URI, the name of the user, and optionally the IP address of the page request. |
|||
Cellar Dweller Flurry !!! Level: 27 Posts: 16/269 EXP: 107817 For next: 8342 Since: 03-15-04 From: Arkansas Since last post: 16 days Last activity: 34 min. |
| ||
I voted for XMMS. I use the version supplied with Debian stable(i.e. version 1.2.7). I also use mpg123 sometimes. If I want to play a Windows Media file I use MPlayer. |
|||
Cellar Dweller Flurry !!! Level: 27 Posts: 17/269 EXP: 107817 For next: 8342 Since: 03-15-04 From: Arkansas Since last post: 16 days Last activity: 34 min. |
| ||
Originally posted by Atma X
The last two require GNU Diffutils. You can get Windows versions at http://www.cygwin.com/. If all you want is Diffutils, unselect all packages and select Diffutils. The setup program will only download the needed packages. |
|||
Cellar Dweller Flurry !!! Level: 27 Posts: 18/269 EXP: 107817 For next: 8342 Since: 03-15-04 From: Arkansas Since last post: 16 days Last activity: 34 min. |
| ||
I looks like it's working good enough for a release. There may be a few security bugs, so point out any that you see. Here is a 52985 byte screenshot of the system being demonstrated. The window on the top is running netcat(invocation: nc -u -l -p 31337 ). The graphical browser is showing how online.php tells users that they are being watched. It is set to autoreload so that the subscription doesn't run out. The three windows on the right are running Lynx. They are all logged on as different users for testing and demonstration.Here are the diffs: The format should not be hard to understand. If you have patch , you can edit the names at the top of the diffs and feed them to patch.Now what is needed is a client app that subscribes using POST, automatically renews, and displays the activity. |
|||
Cellar Dweller Flurry !!! Level: 27 Posts: 19/269 EXP: 107817 For next: 8342 Since: 03-15-04 From: Arkansas Since last post: 16 days Last activity: 34 min. |
| ||
Try putting quotes around the href attribute's value. Parentheses, among other characters, are prohibited in unquoted attribute values.(see http://www.w3.org/TR/html4/intro/sgmltut.html#idx-attribute-6) I have noticed that the post-crash board escapes all quotes in posts. That prevents the posting of what the HTML spec considers good HTML. EDIT: I was wrong. If I click on the logout link, I get an error in the JavaScript console:
I did some searching and it looks like " javascript:logout.submit() " should be changed to "javascript:document.logout.submit() ".like this: CLICK HERE TO LOGOUT!!(Mozilla compatible!) I also found out that single quotes can be used around attribute values. That's useful for putting double quotes inside the value. (edited by Cellar Dweller on 03-26-04 04:08 AM) |
|||
Cellar Dweller Flurry !!! Level: 27 Posts: 20/269 EXP: 107817 For next: 8342 Since: 03-15-04 From: Arkansas Since last post: 16 days Last activity: 34 min. |
| ||
Originally posted by Acmlm The first time I previewed a post after the crash the quotes in the HTML tags were escaped. That doesn't seem to be happening now. |
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
Acmlm's Board - I2 Archive - - Posts by Cellar Dweller |