Register | Login
Views: 19364387
 Main | Memberlist | Active users | ACS | Commons | Calendar | Online users
Ranks | FAQ | Color Chart | Photo album | IRC Chat 		11-02-05 12:59 PM
Acmlm's Board - I2 Archive - - Posts by Cellar Dweller
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14
User Post
Cellar Dweller

Flurry
!!!
Level: 27

Posts: 1/269
EXP: 107817
For next: 8342

Since: 03-15-04
From: Arkansas

Since last post: 16 days
Last activity: 34 min.
Posted on 03-15-04 10:15 AM, in Next release? Of anything Link
Originally posted by Acmlm

But I'd still have to do more changes all around to make sure everything is fine, and also so it works as a general AcmlmBoard and not just "Acmlm's Board"


Why not just make a copy, edit out the SQL password, compress it, and upload it with a warning that it is unsupported? That should make do until an official release.
Cellar Dweller

Flurry
!!!
Level: 27

Posts: 2/269
EXP: 107817
For next: 8342

Since: 03-15-04
From: Arkansas

Since last post: 16 days
Last activity: 34 min.
Posted on 03-15-04 10:39 AM, in An exploit that I have no idea how it works... Link
The only way I know of to expoit a properly patched AcmlmBoard is to use JavaScript to steal cookies from other users.

If your host provides log access you may be able to find out what steps the attacker takes in the process of performing the attack. The attacker could be exploiting any process on the server, so don't limit your search to AcmlmBoard.
Cellar Dweller

Flurry
!!!
Level: 27

Posts: 3/269
EXP: 107817
For next: 8342

Since: 03-15-04
From: Arkansas

Since last post: 16 days
Last activity: 34 min.
Posted on 03-15-04 11:45 AM, in Next release? Of anything Link
Actually, anyone who is a decent coder can write migration scripts. Someone who has a board running 1.8a and wants to upgrade might be the most motivated person for the job.

For new installations, the lack of migration scripts is not a problem.
Cellar Dweller

Flurry
!!!
Level: 27

Posts: 4/269
EXP: 107817
For next: 8342

Since: 03-15-04
From: Arkansas

Since last post: 16 days
Last activity: 34 min.
Posted on 03-15-04 12:45 PM, in Living without the fun posting experience Link
I registered on some other AcmlmBoards, including the test board, and I hit reload many times. Other than that, I followed the same routine.
Cellar Dweller

Flurry
!!!
Level: 27

Posts: 5/269
EXP: 107817
For next: 8342

Since: 03-15-04
From: Arkansas

Since last post: 16 days
Last activity: 34 min.
Posted on 03-17-04 08:16 AM, in An exploit that I have no idea how it works... Link
I have a copy of AcmlmBoard 1.8a, and I can certify that it does not encrypt password in cookies.

Encrypting the cookies will not prevent them from being used, if they are stolen, because an attacker can put them in the local cookie jar. Not only can an attacker impersonate a user after doing that, (s)he can recover the plaintext password from some forms, such as the new reply form.
Cellar Dweller

Flurry
!!!
Level: 27

Posts: 6/269
EXP: 107817
For next: 8342

Since: 03-15-04
From: Arkansas

Since last post: 16 days
Last activity: 34 min.
Posted on 03-17-04 08:37 AM, in Complete Acmlm Board Map Link
While the board was offline I wrote a scanning script(and tested it on the test board). Here are the results for this board with the unused ids removed:


1   General Chat
2   AcmlmBoard programming
3   Help / Suggestions
4   Craziness Domain
6   Anya and Christi's Corner
7   General Emulation
8   Super Mario World hacking
9   Rom Hacking
10  Spam / Abuse / Offense Report Forum
11  Admin Room
12  General Gaming
13  Super Mario series
14  Final Fantasy series
17  Movies / TV / Entertainment
20  Trash Can
22  Modern Art
23  Private area
24  Officers' Club
25  Story Forum
26  Programming
27  Brain Teasers
28  Sim-Battle Arena
29  Online Gaming
31  Sports Center
32  Display Case
36  Anime
37  Hardware/Software
38  Rpg Creation Centre
39  AcmlmBoard 2.0 Development and Suggestions
41  Newbie Forum
99  Lost threads


Looks like there are no new secret forums.

The scanning script: lsforums.sh
The raw output: newboardforums.txt
Cellar Dweller

Flurry
!!!
Level: 27

Posts: 7/269
EXP: 107817
For next: 8342

Since: 03-15-04
From: Arkansas

Since last post: 16 days
Last activity: 34 min.
Posted on 03-18-04 01:03 AM, in How does one obtain an AcmlmBoard? The answer inside... Link
I found the download site without asking. Before the Great Crash I found found an old thread where someone posted the name of the server that had the files.

I don't exactly understand why the download URL is such a secret. I think this game of "keep away" is pointless.
Cellar Dweller

Flurry
!!!
Level: 27

Posts: 8/269
EXP: 107817
For next: 8342

Since: 03-15-04
From: Arkansas

Since last post: 16 days
Last activity: 34 min.
Posted on 03-18-04 10:20 PM, in I'm enjoying my new username... Link
Has anyone noticed how DOS software always outperforms software for protected mode OSs? The DOS version of NESticle out performed every other NES emulator. The DOS version of DOOM outperformed the Windows version and the Linux version. I know why this is, but few people seem to care.

Originally posted by Imajin
FreeDOS sounds like a crazy protest sign...


At one time the FreeDOS home page had a banner depicting a protest where people were holding up signs such as "FREE EAST TIMOR". One guy was holding a sign that said "FreeDOS".
Cellar Dweller

Flurry
!!!
Level: 27

Posts: 9/269
EXP: 107817
For next: 8342

Since: 03-15-04
From: Arkansas

Since last post: 16 days
Last activity: 34 min.
Posted on 03-20-04 10:33 AM, in How fast do you type? Link
I couldn't get the testing applet to work.

I almost never touch type. When I had to touch type for school don't think I ever broke 20 wpm and I'm sure that I never broke 30 wpm.
Cellar Dweller

Flurry
!!!
Level: 27

Posts: 10/269
EXP: 107817
For next: 8342

Since: 03-15-04
From: Arkansas

Since last post: 16 days
Last activity: 34 min.
Posted on 03-21-04 01:03 AM, in Computer Specifications, please. Link
OS: Debian GNU/Linux 3.0 (woody) Linux 2.4.18
CPU: 233MHz PII
RAM:192MB
HD (/dev/hda) (boot): WDC AC24300L 4.3GB
HD (/dev/hdb) (main): Maxtor 6L060J3 60GB
Video Card: AGP S3 ViRGE/GX2 based
Monitor: KDS XF-70 17" CRT
Display: 1024x768 75Hz vsync
Sound Card: Creative ViBRA16X (is a POS)
Browser: Galeon 1.2.5

Uptimes:
Now : 6 day(s), 10:54:43 running Linux 2.4.18-1-686
One : 116 day(s), 13:08:59 running Linux 2.4.16-686, ended Fri Feb 20 03:23:36 2004
Two : 52 day(s), 21:23:19 running Linux 2.4.16-686, ended Fri Mar 14 16:49:15 2003
Three: 35 day(s), 04:32:30 running Linux 2.4.16-686, ended Tue Oct 7 16:16:22 2003


(edited by Cellar Dweller on 03-20-04 04:11 PM)
Cellar Dweller

Flurry
!!!
Level: 27

Posts: 11/269
EXP: 107817
For next: 8342

Since: 03-15-04
From: Arkansas

Since last post: 16 days
Last activity: 34 min.
Posted on 03-21-04 08:08 AM, in Windows making me cuss. (the BSoD) Link
Originally posted by Yiffy Kitten
Remove and reseat all the ram sticks (possibly wiping the contacts off with a soft cloth and, if the slots are dusty, clean with canned air BEFORE removing the RAM).


I have read that a good way to clean the contacts on a RAM module is to put a little bit of water on the contacts and wipe with a pencil eraser. Let the contacts dry before reinstalling the module. It is important not to wipe the contacts with anything dry. The water prevents the buildup of static electricity.
Cellar Dweller

Flurry
!!!
Level: 27

Posts: 12/269
EXP: 107817
For next: 8342

Since: 03-15-04
From: Arkansas

Since last post: 16 days
Last activity: 34 min.
Posted on 03-21-04 02:20 PM, in Windows making me cuss. (the BSoD) Link
I double checked the book that I read that in. The procedure called for contact cleaner, but it still warned about dry wiping. The procedure is suggested for removing tin oxide from gold contacts when the contact platings on the RAM module and the socket it was in did not match.

I nearly fried an ATA interface back in 2000 when I was installing a new hard disk in my main computer(a 486 at the time). I got up out of a chair, and picked up the end of the cable without touching the chassis first. I heard and felt a discharge. It was a relief to find out that it was ground pin that I touched.


(edited by Cellar Dweller on 03-21-04 05:22 AM)
Cellar Dweller

Flurry
!!!
Level: 27

Posts: 13/269
EXP: 107817
For next: 8342

Since: 03-15-04
From: Arkansas

Since last post: 16 days
Last activity: 34 min.
Posted on 03-21-04 03:18 PM, in How Many of you think that this site should be shut down BUT GOOD? Link
Those who are curious but don't want to scar themselves can read the article "shock site" from Wikipedia.(no link provided; look it up yourself) Be careful about where you click while reading it.
Cellar Dweller

Flurry
!!!
Level: 27

Posts: 14/269
EXP: 107817
For next: 8342

Since: 03-15-04
From: Arkansas

Since last post: 16 days
Last activity: 34 min.
Posted on 03-22-04 09:56 AM, in Testing if a value is a number or not... (c++) Link
if you don't mind falling back on C library functions you could input a string and process it with strtod(). The code should look something like this:

char *endptr;

double_var = strtod(input_string_ptr, &endptr);
if (endptr == input_string_ptr) {
punish_user_severely();
}
Cellar Dweller

Flurry
!!!
Level: 27

Posts: 15/269
EXP: 107817
For next: 8342

Since: 03-15-04
From: Arkansas

Since last post: 16 days
Last activity: 34 min.
Posted on 03-22-04 12:23 PM, in activity monitor Link
I wrote a simple hack for AcmlmBoard 1.8a that allows users to receive notification whenever there is activity. If anyone thinks that this might be useful, I can finish the code and provide patching instructions. Receiving the notifications requires a program that can receive and display UDP packets. I used netcat to receive the packets.

To use the system the user first subscribes to the notifications through online.php. The user supplies an IP address and a port for the notifications to be sent to. The supplied destination address as saved to the DB along with a time in the future that the subscription should expire.

When there is activity, layout.php reads the the subscription list and sends an UDP packet to each person on the list. The packet contains the URI, the name of the user, and optionally the IP address of the page request.
Cellar Dweller

Flurry
!!!
Level: 27

Posts: 16/269
EXP: 107817
For next: 8342

Since: 03-15-04
From: Arkansas

Since last post: 16 days
Last activity: 34 min.
Posted on 03-22-04 01:20 PM, in What's your audio player of choice? Link
I voted for XMMS. I use the version supplied with Debian stable(i.e. version 1.2.7). I also use mpg123 sometimes.

If I want to play a Windows Media file I use MPlayer.
Cellar Dweller

Flurry
!!!
Level: 27

Posts: 17/269
EXP: 107817
For next: 8342

Since: 03-15-04
From: Arkansas

Since last post: 16 days
Last activity: 34 min.
Posted on 03-24-04 09:45 PM, in CUSTOM MUSIC - IN MARIO WORLD [ASM] Link
Originally posted by Atma X
Is there any program that you know of, that can tell you which Addresses are different between 2 similar files.




The last two require GNU Diffutils. You can get Windows versions at http://www.cygwin.com/. If all you want is Diffutils, unselect all packages and select Diffutils. The setup program will only download the needed packages.
Cellar Dweller

Flurry
!!!
Level: 27

Posts: 18/269
EXP: 107817
For next: 8342

Since: 03-15-04
From: Arkansas

Since last post: 16 days
Last activity: 34 min.
Posted on 03-25-04 11:45 AM, in activity monitor Link
I looks like it's working good enough for a release. There may be a few security bugs, so point out any that you see.

Here is a 52985 byte screenshot of the system being demonstrated. The window on the top is running netcat(invocation: nc -u -l -p 31337). The graphical browser is showing how online.php tells users that they are being watched. It is set to autoreload so that the subscription doesn't run out. The three windows on the right are running Lynx. They are all logged on as different users for testing and demonstration.

Here are the diffs:
The format should not be hard to understand. If you have patch, you can edit the names at the top of the diffs and feed them to patch.

Now what is needed is a client app that subscribes using POST, automatically renews, and displays the activity.
Cellar Dweller

Flurry
!!!
Level: 27

Posts: 19/269
EXP: 107817
For next: 8342

Since: 03-15-04
From: Arkansas

Since last post: 16 days
Last activity: 34 min.
Posted on 03-26-04 10:54 AM, in Now I can't log out Link
Try putting quotes around the href attribute's value. Parentheses, among other characters, are prohibited in unquoted attribute values.(see http://www.w3.org/TR/html4/intro/sgmltut.html#idx-attribute-6)

I have noticed that the post-crash board escapes all quotes in posts. That prevents the posting of what the HTML spec considers good HTML.

EDIT: I was wrong. If I click on the logout link, I get an error in the JavaScript console:
Error: logout is not defined
In javascript:logout.submit(), Line 1,

I did some searching and it looks like "javascript:logout.submit()" should be changed to "javascript:document.logout.submit()".

like this: CLICK HERE TO LOGOUT!!(Mozilla compatible!)

I also found out that single quotes can be used around attribute values. That's useful for putting double quotes inside the value.

(edited by Cellar Dweller on 03-26-04 04:08 AM)
Cellar Dweller

Flurry
!!!
Level: 27

Posts: 20/269
EXP: 107817
For next: 8342

Since: 03-15-04
From: Arkansas

Since last post: 16 days
Last activity: 34 min.
Posted on 03-27-04 02:27 AM, in Now I can't log out Link
Originally posted by Acmlm
And what do you mean, good standard HTML (or XHTML) can't be posted?


<img src="images/ranks/goomba.gif" width="32" height="32" />

This worked just fine ...

The first time I previewed a post after the crash the quotes in the HTML tags were escaped. That doesn't seem to be happening now.
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14
Acmlm's Board - I2 Archive - - Posts by Cellar Dweller


ABII


AcmlmBoard vl.ol (11-01-05)
© 2000-2005 Acmlm, Emuz, et al



Page rendered in 0.035 seconds.