News: Technical

Stories about things of a technical/geekish nature

Start New Discussion
Posted At: 11/7/2023 10:30:30 PM
Posted By: PrintableKanjiEmblem
Viewed: 140 times
0 Dislikes: 0

Come up with the most ridiculous prompts to get the most ridiculous answers. 

Posted At: 8/9/2022 9:54:28 AM
Posted By: Comfortably Anonymous
Viewed: 650 times
0 Dislikes: 0

IMO these things are best understood through the lens of Haskell's `Maybe` type.

Posted At: 12/30/2021 3:19:26 PM
Posted By: PrintableKanjiEmblem
Viewed: 7621 times
0 Dislikes: 0

As a long-time user of Dell products, and still a big fan, I should NOT have to use a secondary side keyboard just in order to be able to write code on a Dell laptop. As a software developer I heavily use both the F-Keys and the Home/End keys. On my old Dell Latitude D830, all those have their own dedicated keys. But on newer Dells, like my Precision 8510 and my work-assigned Latitude 5501, you have to resort to all kinds of ridiculous finger-twisting exercises to simply use Home and End.

Posted At: 12/13/2021 1:40:39 PM
Posted By: PrintableKanjiEmblem
Viewed: 886 times
0 Dislikes: 0

Got to work today, went to log into Kronos to clock in, and nothing... Turns out Kronos' Private Cloud has been hit with a ransomware attack. They say it could take days or weeks until they are back up. Perhaps this was not something to move to (someone else's computer) the "cloud". Pop some popcorn, this is going to be "interesting"

Posted At: 1/21/2020 3:56:53 PM
Posted By: Comfortably Anonymous
Viewed: 1292 times
0 Dislikes: 0

Reminds me of that ancient story where Microsoft CEO Satya Nadella traveled to the peak of Kangchenjunga, the highest mountain in India, with 270 trained mules carrying suppliees for a support team of thousands of trained computer software technicians.

Posted At: 3/15/2011 1:49:58 PM
Posted By: Comfortably Anonymous
Viewed: 1819 times
0 Dislikes: 0

The latest browsers (Chrome 10.x, FireFox 4.x, Opera 11.x, and Internet Explorer 9) are out now, and they include a cool new graphics technology called the Canvas Object, or just the 'canvas'. This adds a standardized way to do 3D graphics in your browser window using just HTML (Although you have to use the new HTML 5 specification to gain access to the Canvas object functionality, but HTML 5 is built into all the latest browsers.)

Posted At: 12/9/2010 12:57:59 PM
Posted By: Comfortably Anonymous
Viewed: 1784 times
0 Dislikes: 0

A great example of a web site's privacy policy if the site's owners were forced to tell the truth:

Posted At: 11/2/2009 9:41:28 PM
Posted By: Comfortably Anonymous
Viewed: 2109 times
0 Dislikes: 0

"It's useless to care about the pirates who would do it anyway, is a smaller group and usually dont have that much disposable income anyway. But it's the casual people and adults - your idea about piracy will change after you start getting more disposable income, like happened for me and lots of my friends and now happily buy what we enjoy (and another reason was the quality improvement and easiness of Steam and Spotify and other legit services)."

Posted At: 10/26/2009 10:05:50 AM
Posted By: Comfortably Anonymous
Viewed: 1862 times
0 Dislikes: 0

That era was when Nvida/3dfx were first founded - the first texture mapping graphics cards came out, then full transformation and lighting in hardware, Quake, then wide screen resolutions. 450 MHz Pentium III processors seemed super-zippy fast. Microsoft introduced 'sockets' to Windows and announced that Windows NT had made UNIX legacy. SGI wanted to prove that a software based OpenGL would be as fast as custom game rendering code. ADSL broadband was becoming available in some apartments. Previously low-key student houses who just happened to have broadband connections found themselves the most popular destinations for new students. The battle between Internet Explorer and Netscape Navigator had begun. Cell phones still had a long antennae coming out the top.

Posted At: 2/17/2009 1:31:06 PM
Posted By: Comfortably Anonymous
Viewed: 2032 times
0 Dislikes: 0

 The SQL script from the article below makes it simple to get massive performance increases in SQL Server 2005. I’ve used it religiously since they released it in the Jan 2008 issue of MSDN Magazine.

You just run it against the Master DB (It just does a bunch of reads of counters within Master DB, no writes.) and it comes up with a checklist of stuff to tune. The best is the “Missing Indexes” part - Add those missing indexes and usually you see some excellent SELECT performance increases. (Also get rid of any unneeded indexes it finds, they just slow down INSERT performance.)

Posted At: 8/9/2005 9:34:45 AM
Posted By: Comfortably Anonymous
Viewed: 2001 times
0 Dislikes: 0
No Summary
Posted At: 12/22/2004 9:32:05 AM
Posted By: Comfortably Anonymous
Viewed: 2101 times
0 Dislikes: 0
No Summary
Posted At: 12/14/2004 12:39:13 PM
Posted By: Comfortably Anonymous
Viewed: 2236 times
0 Dislikes: 0
No Summary
Posted At: 12/14/2004 11:26:35 AM
Posted By: Comfortably Anonymous
Viewed: 2244 times
0 Dislikes: 0
No Summary
Posted At: 9/26/2004 12:03:00 AM
Posted By: Comfortably Anonymous
Viewed: 2234 times
0 Dislikes: 0
No Summary
Posted At: 7/30/2004 11:41:57 AM
Posted By: Comfortably Anonymous
Viewed: 2442 times
0 Dislikes: 0
No Summary
Posted At: 4/19/2004 1:00:26 PM
Posted By: Comfortably Anonymous
Viewed: 1984 times
0 Dislikes: 0
No Summary
Posted At: 10/2/2003 11:51:52 AM
Posted By: Comfortably Anonymous
Viewed: 2183 times
0 Dislikes: 0
No Summary
Posted At: 3/18/2003 10:51:35 AM
Posted By: Comfortably Anonymous
Viewed: 2070 times
0 Dislikes: 0
No Summary
Posted At: 2/18/2002 11:12:11 PM
Posted By: Comfortably Anonymous
Viewed: 2189 times
0 Dislikes: 0
No Summary
Posted At: 8/15/2001 10:21:30 PM
Posted By: Comfortably Anonymous
Viewed: 2025 times
0 Dislikes: 0
No Summary
Posted At: 8/2/2000 2:31:46 PM
Posted By: Comfortably Anonymous
Viewed: 2131 times
0 Dislikes: 0
No Summary
Posted At: 9/27/1999 4:15:39 PM
Posted By: Comfortably Anonymous
Viewed: 2197 times
0 Dislikes: 0
No Summary
Posted At: 9/23/1999 9:20:51 PM
Posted By: Comfortably Anonymous
Viewed: 2278 times
0 Dislikes: 0
No Summary
Posted At: 7/9/1999 4:00:02 PM
Posted By: Comfortably Anonymous
Viewed: 2212 times
0 Dislikes: 0
No Summary
Posted At: 7/9/1999 12:41:32 PM
Posted By: Comfortably Anonymous
Viewed: 2339 times
0 Dislikes: 0
No Summary
Posted At: 7/6/1999 1:23:51 PM
Posted By: Comfortably Anonymous
Viewed: 2220 times
0 Dislikes: 0
No Summary
Posted At: 7/6/1999 11:50:05 AM
Posted By: Comfortably Anonymous
Viewed: 3404 times
0 Dislikes: 0

Date: Thu, 23 Apr 1998 14:36:00 -0700
From: pedward@WEBCOM.COM
To: BUGTRAQ@NETSPACE.ORG
Subject: Re: More Microsoft debri

First of all, Frontpage is braindammaged (just have to set the stage).

Ok, Frontpage works like this when you want to publish files:

It tries to GET "http://www.yourdomain.com/_vti_inf.html".  This file contains the version of the FP extensions and the path on the server where the extensions are located.  When you use Frontpage to upload content, it will try and fetch this file, if it can, it then tries to POST to "http://www.yourdomain.com/_vti_bin/shtml.exe/_vti_rpc" (that's the default).

This server binary is not password protected, so it is able to post a query to it.  The first thing it does is just establish a protocol rev in which the client and server are going to talk, and what functions the server provides.

If you have any people using Frontpage, it's likely that they FTPed the _vti_inf.html from their home machine up to your site.  Then they tried to publish, and it tried HTTP first.  If HTTP fails, it just kicks over to FTP as the publishing protocol (and notifies the user that they can't use WebBots and stuff).

Incidentally, I have a passion to hate the FP extensions.  They are fundamentally stupid in nearly all respects of implementation.

Firsly, they maintain a crapload of meta files (one shadow for every file managed) then they have all of their config info in a bunch of text files in the _vti_pvt directory.  (Oh, BTW, there exists a very HUGE privacy hole in the FP extenstions).  If you go to a site that has FP extensions, just pick any directory in the URL, yank the filename off, and put "_vti_cnf" there instead...you'll get a complete listing of all the files in the real directory.  With this you can snatch files that weren't meant to be seen by the public...and it's available on ALL FP enabled sites.

Hmm, I've contributed a "privacy bug" now. :)

Want to know an even cooler hack?  Want to break into Frontpage enabled sites?

Just snarf the "administrators.pwd" and "authors.pwd" file in:

"http://www.yourdomain.com/_vti_pvt/administrators.pwd"

That'll net you the password file for the web.  Just convert it properly and run Crack on it to obtain a useful password for defacing web sites!

Want even more???

Frontpage 98 fucks up the permissions so bad that it makes the _vti_pvt directory WORLD WRITABLE!!! No shit, you can do whatever you want to stuff in that directory.

Hmm, I love incompetent nitwits that think they can buy someone elses crappy Unix shit and sell it as their own!!! :)

Oh, you know why all the directories begin with "VTI"???

"Vermeer Technology Inc". The people the M$ bought for Frontpage. :)

--Perry

>
> i work on the iis team, not fp, but i'll take a stab. the shtml.exe file is
> used by the frontpage editor when it wants to upload work from the editor to
> the server. this communication is performed using http. the same fp server
> extensions (as they are called) are used by visual interdev.
>
> the extensions are not specific to microsoft servers, they are available on
> various flavors of unix too. what's possibly happening is someone is using
> fp or vid to work on your server. if the fp extensions are not there then
> fp/vid will not be able to upload stuff to your server, but you will
> probably see a log entry like that listed below from a tool trying to test
> if the extensions are loaded on the server.
>
> the link updating theory is interesting, but i don't think that fp tries to
> call any executable to verify off-server links. but i'd need to check with
> the fp guys... let me know if you want me to persue it...
>
> cheers, mh
> mikehow@microsoft.com
> program manager
> iis security
>
>
> Looking at my Netscape error log on my web servers recently I have found
> several entries that look like this:
>
> [08/Apr/1998:08:07:07] config: for host *blah* trying to POST
> /_vti_bin/shtml.exe/_vti_rpc, handle-processed reports: no way to service
> request for /_vti_bin/shtml.exe/_vti_rpc
>
> Host name removed to protect the -apparently- innocent
>
>
> The file being posted here is the M$ control file  for servers managed by
> "FrontPage."
>
> In the beginning I thought these were all attempts to "take over" my
> server
> by placing a hacked version of the software in my server.  Since we don't
> run NT or 95, for obvious reasons, I was somewhat surprised by the
> frequency of such brain dead attacks and even more surprised that it
> might work.
>
> Recently I have learned that the M$ software itself attempts to POST to
> this file if you attempt to "verify off site links" on a server managed
> by this software.
>
> IN-other-words, every time you attempt to verify links to other servers
> on your M$ managed
> http server, that server will ASSUME that every one is a M$ managed
> server and add yet another error entry to their error file.
>
>
> I have notified M$   -as expected No response-
>
>

--
Perry Harrington        System Software Engineer    zelur xuniL  ()
http://www.webcom.com  perry.harrington@webcom.com  Think Blue.  /\
Date: Thu, 23 Apr 1998 18:35:34 -0700
From: pedward@WEBCOM.COM
To: BUGTRAQ@NETSPACE.ORG
Subject: Another Frontpage Bug, with promiscuous ScriptAliases

The Apache hack that M$ distributes allows one to create ANY directory on a Frontpage enabled web server, and execute content in it. This also goes for the stock Netscape Server config that M$ recommends.

Hmm, I wonder if M$ deliberately places security holes in Unix apps so that they can claim "but Frontpage under IIS doesn't have that hole!".

Mainly because IIS loads Frontpage as a DLL (I suppose).  Frontpage wouldn't be anywhere near the PIG it is if it ran as an Apache module or NSAPI module...but then who has an extra 5 megs per server process to burn???

EG:

You want a rogue program to run, and the victim has anonymous uploadable FTP (or you sign up for a service and you want to run binaries on the server, but can't):

mkdir _vti_bin
cd _vti_bin
put [whatever bin]

Web browser:

http://www.victim.com/somedirectorystructure/_vti_bin/trojanfile

Boom you've got stuff runnin on that server.

They configure the Netscape server the same way.

Unless you make a special NSAPI or Apache module, you're vulnerable as a freshly born ewe of a cloned sheep named Dolly!

And why is this possible???

ScriptAlias "*/_vti_bin/*" /somedirpath