***: nerdd has quit IRC (Nick collision from services.)
nerdd_ is now known as nerdd
-: sroute warms up good coffee in the microwave too. Trick is not to leave it sit on a burner for hours. I make it and turn it off right away... good for a cup or two reheated later in the morning
sroute: Not ideal, but I hate making a second pot in the am.
up_the_irons: got your message, thanks.
up_the_irons: sroute: np!
***: schmir has joined #arpnetworks
DaCa: if I change my password in the portal, will that also change my password for vnc and serial console?
***: ballen has quit IRC ("Leaving...")
dbgi has joined #arpnetworks
dbgi: hi
***: schmir has quit IRC (Remote closed the connection)
baklava has joined #arpnetworks
vtoms has joined #arpnetworks
vtoms has quit IRC (Client Quit)
vtoms has joined #arpnetworks
ballen has joined #arpnetworks
ChanServ sets mode: +o ballen
ballen_ has joined #arpnetworks
ChanServ sets mode: +o ballen_
DanielHolth has joined #arpnetworks
DanielHolth: hello
***: ballen_ is now known as ballen|away
vtoms has quit IRC (Remote closed the connection)
vtoms has joined #arpnetworks
dbgi has quit IRC (Read error: 60 (Operation timed out))
dbgi has joined #arpnetworks
jeev: firebug sucks
ballen|away: whats firebug
mike-burns: It's an HTML/CSS/JavaScript debugger for Firefox.
Since been copied for IE and Webkit.
ballen|away: ah
DanielHolth: crashing too much?
jeev: na
i'm trying to understand how it's formatted in css
and firebug is being a weenie
i wish it would jus tell me, here. this is the code you need
sroute: What about developer tools for FF? "View Style Information" ctl shift y
click on the element in question...
jeev: you know what i'm not ?
a developer
sroute, if i could cut your brain and eat it and i'd learn to code
i'd do it right now
mike-burns: I hear that works with sroute .
sroute: Firebug also gives you inspect element
mike-burns: Firebug is pretty great.
sroute: ... and with inspect element you can see the style / inherited styles in a pane in firebug; much the same info as the other view I pointed you at.
Chrome inspect element is getting pretty good these days too
one plus Firefox and its tools gives you is the ability to edit html/css on the fly in a page, and preview it in the browser; to my knowledge Chrome doesn't do that. Somethings in chrome seem a little nicer. and memory usage is better too in chrome
jeev: for example, i have writing: <textbox>
the next line, writing is longer.. so it's not formatting it properly
rather than aligning everything.. it makes it weird
magically, it worked
so this guy who set uip this code with a nasty framework.. i'm trying to pretty much make it with cheap p hp
when you type in a date, it automatically adds /
what should i be lookig
for
sroute: perhaps paste a snippet - use this one http://paste.pocoo.org/
jeev: it's framework man i can't figure anything out
i think it's jquery
ui found it, some javascript stuff
***: DanielHolth has left "Ex-Chat"
vtoms has left
toddf: fun http://pastebin.com/m4e67ab92
http://seclists.org/fulldisclosure/2009/Nov/371
mike-burns: Heh, nice.
vxp: typical freebsd faggotry
dbgi: freebsd rules
***: ballen|away has quit IRC ("Leaving...")
up_the_irons: jesus
http://pastie.org/721083
rooted my box in like 2 seconds
dbgi: who was it
jeev: heh
freebsd rules
***: ballen has quit IRC (Read error: 113 (No route to host))
dbgi: i think so
nc__: oh shit
haha
guess i'm glad to be running openbsd
mike-burns: This exploit only works if they have access to your machine.
sroute: I'm fortunate not to have local users.
Although I still secure the machine as if I do...
must admit my local freebsd workstation is however a security mess. Time for a wipe one of these days.
nc__: yeah it's a local root
vxp: lol@
`i don't have local users'
up_the_irons: mike-burns: lots of people have local users though
vxp: ergo
nc__: yeah
vxp: `i'm not exploitable'
nc__: ^
vxp: lol@all of you
mike-burns: Hey, whoa, I'm not saying I'm invincible. I'm just observing that this only works for local users.
up_the_irons: mike-burns: and actually, every system has local users; tons of system users; even if they can't login, doesn't mean you can't use 'em. Wordpress + SQL injection could probably that code run as some user like "mysql", then escalate to root, then create a new user, that _may_ be able to login
vxp: learn how to read
01:43.41 <@up_the_irons> mike-burns: and actually, every system has local users; [ ... ]
^^^
mike-burns: Yes, these systems are quite exploitable, I know.
But a local exploit is less of a "drop everything to fix this now" than a remote exploit, no?
sroute: I'm fortunate not to have "local human users" other than myself. ;-)
up_the_irons: mike-burns: yeah, that's probably fair
remote root exploit has higher priority, definitely
vxp: uh
nice naivette
sroute: if we are going to be precise. Only one machine runs PHP for only one app. All other public apps are secure from sql injection; many apps use no sql whatsoever. XSS and other exploits also protected from. Ports locked down; no password logins; auto ban repeat offenders; keep up to date as possible; run portaudit nightly; subscribe to number of security mailing lists and feeds; and so on - no
naivette, I assume everyone out to get me. My own stupidity? Certainly no protection from that but I try.
vxp: didnt read that stop blogging
nc__: lol
sroute: I'd kick vxp but she is mildly amusing.
vxp: nice punctuation
***: feem has joined #arpnetworks
nc__: feem Hi
feem: hello nc
underscore underscore
is that an important part of your name
nc__: unfortunately another user is in posession of the nickname 'nc'
also, someone else is using 'nc_'
my chat client forced the use of 'nc__'
mhoran: Ah, that r00t just hit freebsd-security.
jeev: freebsd rules
vxp: why dont you
repeat that
another
500 times
jeev: that's me in the corner.
feem: is that you in the spot. light?
jeev: i'm losin' my religion
feem: gross
dbgi: arab isent a chik
***: ballen has joined #arpnetworks
ChanServ sets mode: +o ballen
ballen has quit IRC (Read error: 104 (Connection reset by peer))
mhoran: Subject: Recall: CoreSite-70 Innerbelt Emergency Maintenance Advisement
Man, these guys are so bad at e-mail.
jeev: coresite ?
in LA ?
mhoran: Boston.
jeev: ahh
i got an offer for la
with one uplink though
nc__: what part of boston?
mhoran: It's actually in Somerville.
nc__: oh nice
i live 5 minutes from Somerville
mhoran: (70 Inner Belt Rd. Somerville)
Ah.
I didn't realize there were more Bostonians in here.
nc__: hehe
mhoran: mike-burns and I live in Boston.
nc__: ah cool i didn't know mike-burns was in massachusetts
i only know one or two other people on irc who are from the boston area
jeev: maybe next time nc__ does a sad or smiley fac
e
you can go slap him
nc__: lol
i disabled that script
mhoran: http://bash.org/?4281
Except for real!
nc__: haha
mhoran: http://ivoras.sharanet.org/blog/tree/2009-11-18.how-much-performance-do-you-lose-with-vmware.html -- interesting.
up_the_irons: mhoran: you have stuff at CoreSite too?
and yeah, they suck at emails
i once complained.. was like, "why are you sending me a word doc? email doesn't work?"
mhoran: Heh.
up_the_irons: like srsly, why can't they put the maintenace advisement in the fucking email
instead they have to put it in a word doc attached to the email
mhoran: Yeah, not impressed with their e-mail abilities, but their site is solid.
up_the_irons: #fucktards
that's true, guess i should pick my battles...
mhoran: I set my previous employer up with a cab there. I still have the master account, I guess, so I get all the spam.
up_the_irons: cool
mhoran: They had just purchased it I think when we moved in.
Was cool to watch it grow.
I think it used to be an Internap site, then Internap built a new facility next door, and has been slowly moving over.
They're pretty much the cheapest colo in Boston, plus the pay-for-what-you-use power is unheard of around here, so that's great.
Berklee is at Hosted Solutions, and they suck. They're primarily focused on their own "hosted solutions", so they don't really care about people who run their own networks.
It's obnoxious not being able to just walk into the DC. I have to sign in, sign out, and have them open our cab. Plus, their remote hands service has screwed stuff up for us pretty bad before.
Never used CoreSite remote hands.
up_the_irons: How have you found the Any2Exchange? I was hoping to get hooked up with that but it never worked out.
up_the_irons: mhoran: yeah, metered power is awesome
mhoran: Any2 has worked out great so far
lots of peers for the LAX/SJC one
blovett: do you find it helps offload enough traffic to make it worthwhile?
I joked about bringing ours back online and peering with Youtube to offset our traffic to/from them. :-)
nc__: :-)
mhoran: It's back!
up_the_irons: blovett: i find it worth it, yeah
***: baklava has quit IRC (Read error: 104 (Connection reset by peer))
heavysixer has quit IRC ()
dbgi has quit IRC (Read error: 60 (Operation timed out))
jeev: i want a 1 million square foot datacenter
who's in with me to do it
we'll build it out
sroute: sure. I need 10 square feet. 999,990 left to sell!
up_the_irons: i'll take a 100
sroute: 999,890 left to sell.
This is going to take awhile.
***: baklava has joined #arpnetworks