Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
The Internet

Geek Flavor 155

Posted by emmett from the do-what-thou-wilt-shall-be-the-whole-of-the-law dept.
snowphoton told us to check out http://www.geekflavor.com. "It seems to be an 'open source' Web site, in that people are allowed to ftp anything they want to the site, or use ssh to modify the contents." I took a quick look at this, and it looks like a really cool net experiment. The word 'geek' is getting kind of over-used (CT:KIND of overused! Sheesh), but this seems like a lot of fun, and a nifty way to waste time when you should really be working.
This discussion has been archived. No new comments can be posted.

Geek Flavor More

Geek Flavor

Comments Filter:
  • Cell phones ring, pagers beep and people hold converstations at normal speaking tones on their cellphones.

    Vermifax
  • Deep voice: "Good evening Mr. Gates, today... I will be your server."
    :)
  • Yeah, great, humans can sit in a movie theater. That's due to societal conditioning. We are told from birth to deal with our species. This is not natural. How many people do you actually like as people? How often are you fine with the people around you? How much human induced suffering is there is the world? How do you explain S&M?



    On another level, "The hedgehog's dilemma" is another condition that impairs human contact. 2 hedgehogs try to approach each other, and the closer they get, the more they hurt each other. So they stay far away from others for fear of getting hurt, sound familiar?

  • i was the first one to find that page(and change it), before it was /.'ed. I still have an exact replica if anyone wants it. and check out www.cyberia200o.org [crosswinds.net] My hits were crazy for the time the site survived. -cyberia
  • The index.html was already replaced by Tux. Anyone knows the password so we can fight over the site?

    Let take it back from script kiddies!!!

  • Yet another example of how bad the moderation system works. Some idiot rated this "Overrated" when it wan't even rated... Taco, you should fix this. If a post hasn't been mod:ed it shouldn't be possible to mod it over/under-rated.

    Thank you.
    //Frisco
    --
    "No se rinde el gallo rojo, sólo cuando ya está muerto."

  • I think this is a very interesting experiment in how much freedom you can give people.

    Says quite a lot, unfortunately, about your average Slashdotter. :(

  • Well at least document the experiment in its entirety. What went wrong? What went right? I'd say giving anyone ssh access to anything is bad news (local exploits vs. remote exploits). In fact, i can't really think of a way you could allow people to execute code without opening huge security risk. Maybe give everyone a virtual server?
  • [feel free to add anything below this line, such as links to uploaded pages, etc.]
    Am I the first to modify this? -Sean

    Hey, look at me, I'm famous (-:

    I figured the index.html file was uneditable because nobody else had modded it yet, and it turns out that I'm not a lame first poster. And I didn't even think of it that way (-:
  • There is a color picture of Tux up on the site right now, but it is made up of colored text. Does anyone know of the program used to generate a picture like this?
  • Now the site can't be accessed at all. :( No permission for the directory. Either it's been shut down, or someone has done something really lame.
  • This didnt occurr to me before but it makes sense

    What a way to go, virtually ensuring the isps box gets rootkitted...
  • ...in ASCII, yet. And it's still there. Not bad...

    Now, $5 to the first person who figures out what program's sourcecode was used for the text :)

    -- Sig, 120 chars --
    Your friendly neighborhood mIRC scripter.
    if (ismoderator(reader)) hidecomment(this);
  • Stupid me... it's part of Linux sourcecode :)

    -- Sig, 120 chars --
    Your friendly neighborhood mIRC scripter.
    if (ismoderator(reader)) hidecomment(this);
  • You don't. It comes from Rabelais. But he wasn't
    using it the way that Crowley was.

    Not that it matters much.
  • dude.. i just added 3 pages that will call itselves.. loop till u drop hehehe >:P. metababy is now uneditable hehe :).

  • I have something to say about all this:

    If you're going to open a server to the world, at least use your own server.

    A little bit of research revealed that this server probably belongs to an ISP and and snowphoton (who submitted the URL to /. in the first place and who is also the administrative, technical, and billing contact for geekflavor.com) is not likely to be in a position of authority at that ISP. Therefore, he/she/it should not have opened the server to us.

    How do I know that the server is most likely owned by an ISP? Because it is hosting sites for multiple domains. www.messagerieradidex.com is at the same IP address as www.geekflavor.com.

    How do I know that snowphoton is not somebody at the ISP that would be allowed to do whatever he/she/it wants? The ISP in question (WebHosting.com) is in Toronto, ON, CA. Snowphoton is in Mesa, AZ, US. That's a long commute.

    Now, even is snowphoton happens to own WebHosting.com, he/she/it should never be so reckless with a server that hosts multiple customers' sites.

  • How about a system where you upload your page and it gets voted for/against like on kiro5hin [kuro5hin.org] ? I think that would be an interesting site.
  • yeah.. I kept trying to upload the index.html file and got a permission denied.. so I uploaded index1.html and renamed it to index.html... which lasted for about 30 seconds before it was wiped. I'm guessing some moron has hosed the default permissions...

    Emmett had to know this would happen when he posted the story... way to go Emmet, very resonsible of you

  • Hmmm.. (Score:3)

    by The-Bus ( 138060 ) on Tuesday July 25, 2000 @01:51AM (#907726)
    Are there going to be 'FIRST UPLOADS'?

    I'm specifically worrying about Signal:Noise ratios and illegal content...

  • I click on the link to this Geekflavor. I'm greated with a 321k index page, which being all text I *can't* avoid loading -- and it's just an image as text (and that's ALL I get, no links or info or anything). Gee, I guess someone is used to having a T1 line to their desk and is more interested in how clever they look than in how useful the site is to us poor modem-bound types from the wrong side of the net. (Of necessity, I live miles from the nearest DSL or cable access.)

  • Cute (Score:1)

    by QuMa ( 19440 )
    Nice idea, but I don't think they'll survive for long. Even if the content system works, giving out what is essentially a free shell account will certainly kill em. (mind you, while it lasts it's a nice shell to have, ('SunOS vux2 5.7 Generic_106541-10 sun4u sparc SUNW,Ultra-250' in case anyone wondered :-) ). But at least the pw can't be changed with a simple 'passwd' :-). Still, there are 1001 methods to fsck up the account for others...
  • I don't know what a Hotline server is. From his description, he was running the server in his own home as part of his graphic-artist web business.

  • Simply place all html files in the /htdocs directory, and cgi scripts in the /cgi-bin directory.

    What is somebody wants to put a 'format c:' script in there or something else very malicious. What's then?


  • Actually, I want to know what program they used to *generate* it... :)

    I wrote something similar in C (that interfaces with convert; I didn't write any *real* image code if you're wondering :), but my program tends to use two characters/image pixel, just to keep things looking square, and I make sure to use PRE blocks to keep it aligned.

    A later version attempted to do sub-pixel anti-aliasing, and optimizing for size by ignoring close colors, but it wasn't incredibly successful. Also, I could probably rewrite the whole thing in Perl now, and it'd be tiny. (and then backport it to C again if I need the speed. ;)
    ---
    pb Reply or e-mail; don't vaguely moderate [ncsu.edu].
  • ...and now i have a giant Tux Penguin.
  • The problem is not wether we can sit by each other in a theater... we have to look at each other then. The problem comes from the fact that on the internet ppl have little remorse for defacing websites because they ppl they live around have no clue what they did... no social punsihment.
  • I have only one noting (since i dont have SSH right now.. I cannot log in and have a look)

    I love the idea of content management going free for all... but considering that we are in a society where freedom does not necessarily lead to productive activities.. how will someone like geekflav keep the sanity of the site ..

    I mean you wouldnt want someone to change links to point to useless (read porno, other undesirable ) links ...

    Does anyone have a clue ?

    -/r
  • This is a very cool idea but I wonder how long it will work. Although there are a lot of people that will play with it I am sure there will be some people that will wax the whole site over and over again. I guess I just dont have that much faith in people.

  • For a more open freeforall on the web, try playing around with a wiki:

    http://www.joyful.com/zwiki/ [joyful.com]
    or the original:
    http://c2.com/cgi/wiki [c2.com]

  • Re:Cute (Score:1)

    by QuMa ( 19440 )
    woohoo. When I logged in I was the only one using that account. within 5 mins there are now 7... Let's see how soon they shut the account down :-).
  • OK, How's about some content?, please look at http://www.shellscript.org, Anon FTP, BBS, Tech news, editorials, activism, columns, environmentalism and so-on.
  • Its a virtual hosted domain. Hosted by www.webhosting.com. They locked the account, why they are still allowing the domain i wouldnt know why. I hadn't seen anyone mention this yet. I dont believe script kiddies broke the account. Root locked them out. Amazing what you can learn by doing a reverse lookup. I don't belive in sigs.
  • Well, a start would be making index.html read only (and not owned by the public account). If you protected that, and provided links from there to pages that could be modified, or perhaps provided a way to register new content through a script that would add a link to it, it might be a *little* more stable. The bottom line, though, is that every community has lame losers who get their rocks off by fscking sh*t up for others, and there is nothing we can do put protect ourselves from them and hope they find someone else to bug.
  • Is the server still up and accepting connections? I'm getting denied on ssh and on the ftp. The ftp says something like "531 Can't set guest privledges" and denies access if I try user: geekflav, pass: dnzvmsii, which I got from another user's post in this forum. I get denied on ssh with that user/pass too.
  • I was going to do something like this, and was just waiting till I moved back to my hometown, Toronto ( a coincidence? ;-) .

    However, I was going to do it on my own machine, the second one which I have and which is pretty open to potential destruction.

    The idea, however, was not to 'open source' it. I'd read a long time ago (back in '92, probably in the book 'Hackers') that rms fundamentally opposed the idea of introducing passwords into the MIT AI lab. I knew that doing this under the current circumstances would result in major destruction (it's always easier to tear down than to construct), but I wanted to see what would happen anyways. I wanted to see what would _eventually_ come about. It _is_ a great experiment. The box will be trashed initially, but what would happen _eventually_? Would the constructors get in eventually and build-up the necessary walls against the destructors? Would the forces of light prevail? A communal space on the Net?

    It'll be another 2 months before I'll be back in Toronto. I do hope that someone else wil give this a try in the mean time.

  • As soon as somebody opens up a flexible server, it is broken into and broken up. Is this necessary?

    No. There exists a solution! The basic idea is to give the people who want to use it the means to observe what others are doing and to secure the system against abuse.

    In fact, that is exactly what people did in the ``good old days'' in the AI lab before ``strict security'' was built into systems as a standard.

    In a lecture [gnu.org] about the history of GNU, RMS even complains about the use of passwords and "strict security". He writes about people damaging the system by accident and about outsiders using MITs computers:

    On ITS [the old, anarchist Incompatible Timesharing System -- Yaakov] we evolved other means of discouraging people from doing those things by accident, but on Twenex [the new "secure" system -- Yaakov] you didn't have them because they assumed that there was going to be be strict security in effect and only the bosses were going to have the power to do them. So they didn't put in any other mechanism to make it hard to do by accident.

    ...That machine wasn't designed also to support the phenomenon called ``tourism''. Now ``tourism'' is a very old tradition at the AI lab, that went along with our other forms of anarchy, and that was that we'd let outsiders come and use the machine.

    ...The ITS machines had certain ... features that helped prevent this from getting out of hand, one of these was the ``spy'' feature, where anybody could watch what anyone else was doing. And of course tourists loved to spy, they think it's such a neat thing, it's a little bit naughty you see, but the result is that if any tourist starts doing anything that causes trouble there's always somebody else watching him. So pretty soon his friends would get very mad because they would know that the continued existence of tourism depended on tourists being responsible. So usually there would be somebody who would know who the guy was, and we'd be able to let him leave us alone. And if we couldn't, then what we would do was we would turn off access from certain places completely, for a while, and when we turned it back on, he would have gone away and forgotten about us. And so it went on for years and years and years.

    Maybe we can reconstruct some of the features that the AI lab used to secure ``tourism''? Maybe we can develop new mechanisms?

    Of course, nowadays the job is harder than it was. Now, more people have just bad intentions and the ability to act anonymously and fast. Worse, the ``save tourism'' features haven't been developed for a long time.

    Here are some suggestions how ``save tourism'' could be revived.

    The following features would give a responsible person an advantage over intruders: First, allow spying what others do and save logs on another server where they can be read but not destroyed.

    Second, create alerts and delays when important files are changed: Say, the changes take effect only after ten minutes during which observers have the right to veto the change. Once one person vetos another one, a trusted person can override the veto if it is not a matter of an attack.

    This policy would not stop legitimate users from working with and improving the system. But an attacker would be noticed before he can take over control.

    A third feature would be to back-up data on a safe account (which just serves the files) so that an original state can be rebuilt quickly after an attack.

    One way to combine these features would be to request users to keep their sources and configurations on another (their own) WWW server. 10 Minutes after they notify the free system about changes, the changes are downloaded and installed. Checksums of the installation are stored safely so that the same files can be re-installed without delay when the user wants to roll back.

    Finally, we would need some distributed system of trust such that a person can loose his reputation by attacking the system or recommending attackers to be trusted. Here, the PGP trust system springs to mind.

    Any more ideas?

    Yaakov

  • hotline server is a program similar to an ftp client and server.

    you can get more information on hotline at http://www.hotlinesw.com or http://www.bigredh.com

    used primarily for pirating. created by a teenage australian, but then he got in a shady deal with a canadian co. (that now owns the product) and there was a huge legal battle, rumors of his sister being kidnapped, and the original programmer on the run.
  • Appears to be cracked, or at least broken. Front webpage has the title "hello. i own u." and an impressive piece of ascii art (Tux, made from what appears to be Linux kernel code), but no way to progress beyond that first page.
    Christopher A. Bohn

  • err, well if it's a standalone box at his ISP (which I what I'm assuming), all they have to do is unplug it from the network and reinstall an OS or something. I would assume that any ISP worth their beans has ways to defend against damage to the rest of their network caused by a rogue box.

    It would be different if it were a shared server, which can't be the case because then he wouldn't have been able to give access to everyone.

    but it seems more likely to me that it's HIS box at HIS home and he's simply got a high bandwidth connection or something.

  • Shame. Slashdotting is a bad thing. (Score:1)

    by Anonymous Coward
    Amazing, isn't it?

    This site has sat there for a while. And then it was slashdotted. Some moron has put a huge text file of a penguin up. Great, fly the mascot and show that the Linux community is a collection of script kiddies and lamers.

    Earlier the author had replaced the index.html page that they had asked not to be removed. Which has once again vanished. All that this person's experiment has proved is that the people that frequent Slashdot aren't the wonderful people they claim to be.

    Get a life guys, and read the advocacy HOWTO.

  • uhm, not really. I saw a 0:thoor account in /etc/passwd seconds before they pulled the plug.
  • Just mod apache or whatever server it is to put the login/pass at the top of every page it spits out. Let people edit whatever they want, but this will always be there. And for the love of god, don't give out SHELL ACCESS!
  • It's a collaborative site - crack it yourself and restore the main page.

    $ cat < /dev/mouse

  • You can FTP stuff up to the Web site? And they host it? Unless they filter out *.MP3 files (which would be wrong because it would prevent legitimate MP3 files from being hosted), they're probably going to have a lot of k1dd135 uploading MP3s of Britney Spears.

    And they actually are hosting the files unlike Napster.

    Refrag
  • From my recovered index.html:

    Login: geekflav
    Password: dnzvmsii
    FTP site: ftp.geekflavor.com

  • Received disconnect: Command terminated on signal 9.
  • Well, some people edited the page, then root came on, the webpage was taken down and now it's refusing connections on port 22 :)

    /james.
  • This experiment just demonstrates the fact that, without rules, the people who create something will always lose to the who know how to type 'rm -rf'.

    Sad, isn't it...
  • Now its a 404 file / not found that greets you when you try load the page :)
  • I don't know? Are they? The legal system has been insane with links! Look at what is happening to 2600! The same thing could happen here... Fucking america... Why are the courts so dumb about technology/
  • Which OTO? There are at least three at last count.
  • This probably would have been fun and cool--if it hadn't been posted on Slashdot.

    There is no way this would have been fun or cool. People just can't be trusted with any sort of anonymous forum. I mean, moderation was invented here because of the ACs, and there are still ACs posting volumes of off-topic junk.

    Anything like this would require some sort of moderation or regulation. And even then, a post on /. would probably lead to someone cracking into the system. People are jerks.

  • Pretty sure it can't be his though, since they wouldn't give him cron access. And from what I saw, he only had one login that he gave everyone, which was just HIS login basically, you know? I wish the page were accessible to get more info.

    sig:

  • Re:Cracked? (Score:1)

    by Anonymous Coward
    it's not just any kernel--it's and older mac68K kernel. scroll down to the bottom--the SCSI intitialization string is quite identifiable. now, my question is, who would use that wonderfully archaic kernel to make such a fine rendering of tux? "hmmmm...today i'll spend three hours turning a kernel into tux....and to make it all the stranger, i'll use an old-school mac kernel!" oh well. at least he's artistic.
  • Interesting to see if the intelligence that has closed the box will at some point become enlightened enough to free it up again.
  • Anyone know what the following ports go to?
    3138/tcp unassigned
    3306/tcp unassigned
    6010/tcp unassigned
    6011/tcp unassigned

    These ports are open on geekflavor.com, as well as the SSH/FTP/HTTP ports.. one of them (3306) actually sends stuff to you, and reports "Bad Handshake" after you type anything in ... is this a way for alternate access???

  • This server offers a bit more: tourists can put up CGI scripts that serve dynamic content. It would be nice to see something like this securely with a wiki web...
  • no, you didn't get root access. you got access as a user named geekflav, on a shared box at the ISP.

    sig:

  • Just ran a few scans, the PUT method is still allowed into root. Might be a way to get an index back up possibly. It's a shame the whole thing went down but the ascii art is cool!

    It's made me wonder whether hooking an old p60 of mine up to the university net connection with open acess would be like. Could be an interesting research project into the psychology of 31337 hax0r script kiddies. Just a shame I'm an electronic engineer althought that does mean I can monitor the box from a hardware level so if they trash it I can still find out how.
  • And I suppose urinating all over the place to mark it as mine doesn't count as vandalism, but spray-painting a concrete wall with "Kra-zee's turf, stay out!" does.

    I would also venture to say humans have a bit more tendency to *create* things that are useful to everyone.

    Let me know when the dogs finally settle on a routing protocol to get howls from Dallas to Tibet.
  • Slashdot's name is a killing word!

    saaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaLASHDOT!
  • Google has a cache of geekflavor.com/index.html [google.com]. Albeit, there's nothing much to look at.
  • Even the stats page is whacked. It redirects you to some dumbass and the fag page...
  • "Don't create anything new and free. People will go out of their way to destroy it."

    Give away a site like this for free, and it'll be rooted and destroyed. How many people do you think wanted to know the connection speed for warez hosting? or shell account trading? (or mp3s or porn, what have you..)

    Redundant? Perhaps. But some days I feel Slashdot's readers are so clue-resistant as to need every little redundant post beaten into their skulls.

    Do you want to create a site like this? Then don't let the Slashdot crowd see it. It'll be 'hot grits!-ed' within the hour. (I refuse to say 'hax0r', My IQ is a positive integer.)

    Nice Try geekflavor. I'll give you points for trying. You just got the bad fortune to be on Slashdot, the aqua regia of free geek items.
  • Hardly. more of a 'root notices a lot of logins, logs in, looks around, kills the account' kind of thing.
  • How does the first index.html keep getting put back? IT (index.html) said that cron isn't working on this thing... so is this guy sitting there watching all these 31337 h4x0rs delete this file and retoring it? I hate script kiddies....
  • Absolutely nothing: It's running SunOs :)

    Somehow I don't think that this is even all that relevant, you ALREADY have root access. You can delete/modify anything you want.

    Rami
    --

  • Was it locked out or did someone just change the password? :)


    ===
  • > Good luck.

    "Against stupidity the gods themselves contend in vain."

  • It's closed. (Score:5)

    by el_nino ( 4271 ) on Tuesday July 25, 2000 @02:08AM (#907778) Homepage Journal
    A discussion between some users logged in as geekflav:

    Broadcast Message from geekflav (pts/16) on vux2 Tue Jul 25 07:59:59...
    At least you can't change the password easily
    Broadcast Message from geekflav (pts/20) on vux2 Tue Jul 25 08:00:14...
    Is kill -9 -1 stupid enough?
    ;-)
    Broadcast Message from geekflav (pts/6) on vux2 Tue Jul 25 08:00:21...
    well it took about 10 mins for someone to erase the index.html (spot the twit that can't read). [Mike]
    Message from geekflav on vux2 (pts/21) [ Tue Jul 25 08:00:21 ] ...

    Broadcast Message from geekflav (pts/13) on vux2 Tue Jul 25 08:00:53...
    This takes me back 10 years!
    Broadcast Message from geekflav (pts/4) on vux2 Tue Jul 25 08:01:03...
    And I was watching top hoping to see some major slashdotting.. har when there's no page
    Broadcast Message from geekflav (pts/26) on vux2 Tue Jul 25 08:01:08...
    will you lot shut the fuck up!
    Broadcast Message from geekflav (pts/13) on vux2 Tue Jul 25 08:01:22...
    Nah!
    Broadcast Message from ??? (pts/4) on vux2 Tue Jul 25 08:01:40...
    root pts/18 7:57am vi /etc/passwd
    oops
    Broadcast Message from ??? (pts/7) on vux2 Tue Jul 25 08:01:44...
    Hmm, root is editing /etc/passwd... Wonder why ;)
    Received disconnect: Command terminated on signal 9.

    And here is some w(1) output:

    8:01am up 19 day(s), 3:38, 28 users, load average: 1.27, 1.25, 0.90
    User tty login@ idle JCPU PCPU what
    amzmusic pts/1 10:21pm 9:26 -csh
    geekflav pts/3 7:47am 1 2 -tcsh
    geekflav pts/4 7:49am 16 w
    geekflav pts/5 7:50am 10 -tcsh
    geekflav pts/6 7:54am 1 -tcsh
    geekflav pts/7 7:51am 1:06 -tcsh
    geekflav pts/8 7:51am 1 2 -tcsh
    geekflav pts/9 7:54am 3 more index.html
    geekflav pts/10 7:53am 3 -tcsh
    geekflav pts/11 7:53am 1 bash
    geekflav pts/12 8:00am 1 -tcsh
    geekflav pts/13 7:55am 1 wall
    geekflav pts/14 7:56am -tcsh
    geekflav pts/15 7:56am 2 1 -tcsh
    geekflav pts/16 7:56am -tcsh
    geekflav pts/17 8:00am vi index.html
    root pts/18 7:57am vi /etc/passwd
    geekflav pts/19 7:57am 1 ftp ftp.bitchx.com
    geekflav pts/21 7:58am 1 -tcsh
    geekflav pts/20 7:58am -tcsh
    geekflav pts/22 7:58am 2 -tcsh
    geekflav pts/23 7:58am -tcsh
    geekflav pts/24 7:59am -tcsh
    geekflav pts/25 7:59am 1 -tcsh
    geekflav pts/26 7:59am -tcsh
    geekflav pts/27 7:59am vi index.html
    geekflav pts/28 8:01am26days /usr/openwin/bin/xauth -q -
    geekflav pts/29 8:01am -tcsh

    --
    Niklas Nordebo | nino at sonox.com | +46-708-405095
  • My girlfriends calls the world that you and I want Utopia. I agree with you all the way, idiots can ruin great things without a moment's notice.

    Humans CAN'T get along, people are impaired from helping each other, one would rather kill his friend to get the big bag of money than save his friend and get a lesser bag. I came across a site yesterday that talks about The Prisoner's Dilemma [spectacle.org] - very intresting reading about human nature. This Geekflavor incident is a clear demonstration of this, script kiddiots and e-tards working together to blast "A Good Thing"(tm) clear out of the water.

    Well, on the other hand, it did come out on Slashdot...
  • Ok, the main problem here is defacing the page(s).

    That's solved easily: any file uploaded becomes read-only.

    Now, as far as deleting/editing content you've sent... Can you make a script that allows deleting of files uploaded ONLY if the IP/IP range matches between the uploaded file and the delete request?

    Or, of course, you can have registered users each with their own folder. Then again, that's Geocities (or Tripod, etc.).

    Bottom line, this doesn't work, and we've been proved right. Anyone else have some suggestions so this DOES work? There has to be some point in-between full/root access and Slashdot moderation/separate accounts where this can work. I'm curious to see if this, eventually, can work.

  • if slashdot ever gets wind of your new site it's probably screwed too, but that notwithstanding... 1) Run Apache 2) Use SSI 3) Make sure that the main index page is owned by a separated account from the one you hand out 4) Make sure that the account you hand out can't chown the index page 5) Set up a separate file that can be modified/deleted by whomever, and that in the index page 6) Set up a process to replicate the entire directory structure (preferably to a new location) every x minutes, this way you have a history of a living document. Wait 6 months and document the results. The truth is it'll never be truely protected, but you could take some really basic steps to keep your head above the storm, so to speak... Cheers! -Gentry

  • From the Geekflavor Admin (Score:4)

    by Anonymous Coward on Tuesday July 25, 2000 @04:33AM (#907785)
    I'm the guy who did this GeekFlavor thing, and I have to say that I'm very disappointed in how it turned out. It wasn't up for very long at all before some script kiddie had to bust some 1337 moves on it.

    I will admit that I didn't exactly idiot-proof the project. I was hoping that by giving complete control to everyone, something truly interesting might develop, but I failed to take into account the power of a single ignorant admin.

    People have always used technology for destructive purposes -- the thrill of anonymity is intoxicating, and people often lose sight of their everyday code of conduct. Once little Timmy Smith because |)Ar|I never expected this project to amount to much. I just had some webspace and a domain, and decided to give it a shot. I think, though, that perhaps this experiment deserves another chance, although with a better plan on my part.

    If anyone out there has some suggestions on how this "Open Source" website experiment could work better, please contact me at ibn_qalb@arabia.com [mailto] (not my usual address, if you were wondering). I'd love to have some help in creating a new, sturdier site that would actually be built to handle something like this.

    Thanks everyone! It was fun while it lasted - Keep an eye out for the Alpha release!

  • I bet the sys admin are not happy. I would think this could be a great security risk for them. A better way to do something like this would be in a controlled enviroment like a Wiki. go to http://minnow.cc.gatech.edu/squeak/ to see what I mean. I think it is great but I don't know

  • Danger Will Robinson! (Score:4)

    by John Jorsett ( 171560 ) on Tuesday July 25, 2000 @04:45AM (#907792)
    There was a posting by a guy over on Kuro5hin who had set up an open file area for his web users to put their files so that they could be accessed anywhere in the world. Unfortunately he set it up so that anyone could acess anyone else's files. People put copyrighted programs and fonts there, and apparently people were downloading them. The vendors complained and the FBI came and seized his computers and the U.S. attorney was considering prosecuting him. He may or may not have been in the right, but he faces some heavy legal bills nevertheless.
  • The last I saw was:

    Broadcast Message from ??? (pts/7) on vux2 Tue Jul 25 08:01:44...
    Hmm, root is editing /etc/passwd... Wonder why ;)
    > Received disconnect: Command terminated on signal 9.

    I doubt his ISP likes having people logged on anonymously.

  • Collaborative webs are old news (Score:5)

    by werdna ( 39029 ) on Tuesday July 25, 2000 @02:34AM (#907805) Journal
    Ward Cunningham designed the first such web site of which I am aware (called a Wiki, or a Wiki-Wiki) several years ago. Co-webs have been in use for quite some time, though they tend to be somewhat more sophisticated than a mere place to dump ftp -- usually providing editors and "smart" pre-parsers to facilitate collaboration by newbies.'

    See, e.g., this swiki page. [gatech.edu]

    Despite the skepticism, these things work very well and are rarely the subject of abuse. A sandbox is provided for people who just want to play, and folks are generally quite courteous as a matter of practice. We use one for the Squeak Smalltalk open source community, which you can access from the main (traditional) web site page for Squeak. [squeak.org]. The Swiki is one of the primary repositories of information for the Squeak community.

    We have found cowebs an excellent vehicle for collaboratively creating documentation for open source projects that have run too long without doco support.. While it is not a great place to build final documents, it is a great place to gather information, and over time mold into the same.

  • Media destruction (Score:5)

    by FascDot Killed My Pr ( 24021 ) on Tuesday July 25, 2000 @01:55AM (#907806)
    This probably would have been fun and cool--if it hadn't been posted on Slashdot. Face it, Taco, your project now has a lot of intertia--you can't tiptoe delicately into something anymore. Once you mention it, it is toast.

    How many times have we seen things like this on cool websites posted to Slashdot: "Well, we got mentioned on Slashdot. Sorry I have to take this down, but my bandwidth can't handle it." Pretty soon people are going to start thinking twice before even creating sites like this. Slashdot will be "stifling innovation".
    --
    Give us our karma back! Punish Karma Whores through meta-mod!
  • Somebody just fscked it up:
    "r0x0r" - that's the content of the index page.
    Good luck.
  • The admin of Geekflavor posted something as AC, so it's score 0. Please find it and mod it up. ZP

  • not that new an idea (Score:3)

    by Hollins ( 83264 ) on Tuesday July 25, 2000 @01:57AM (#907815) Homepage
    This idea has been implemented for awhile in a more elegant fashion via WikiWikiWebs. To see how they work, check out The Portland Pattern Repository [c2.com]

    To set up one yourself, I recommend checking out phpwiki [sourceforge.net].
  • All it takes is one dedicated troll to ruin a site. I mean, if someone continually adds malicious and/or useless content to a page, eventually it's going to be a ruined experiment. There has to be some way to deal with those that have enough time and bitterness in their hands to ruin the website for everyone else involved.

    Oh, wait, what's this about GeekFlavor? I was ruminating about something else *cough* /. *cough*

  • Oddly enough, I was thinking of checking it out BECAUSE of the illegal content . . . :-)

  • The true spirit of mass human communication? (Score:4)

    by Phaid ( 938 ) on Tuesday July 25, 2000 @02:14AM (#907822) Homepage
    ...and I hope this ain't it. As evidenced by the number of posts as I write this (9) this article hasn't been up more than a few minutes and already someone's been clever enough to disable it. Props to your mad skillz, d00d...

    Not that I in any way agree with web page defacements, but at least I can understand how taking down or modifying a secured web page that a lot of people will see has a certain publicity stunt appeal to it - defacing Seti@Home and putting your h4x0r nick on it is kind of like spraypainting your name atop the world's biggest water tower. But what does it say about human nature when the very first thing people want to do to a supposed community collaboration project is to anonymously make it unavailable to everyone else?

    Here I am, always an advocate of privacy and anonymity, and yet when I see people do stuff like this it makes me want to rethink all of those positions. On the one hand I'm cynical enough to think a whole lot of people would want to nuke a site like this; on the other hand even after I've had my coffee and am no longer quite so misanthropic I realize that with total anonymity even a single idiot can ruin a lot of other people's day with total impunity.

    Makes ya think...

  • Re: Here's the text of index.html (Score:5)

    by PhilHibbs ( 4537 ) <snarks@gmail.com> on Tuesday July 25, 2000 @02:14AM (#907823) Journal
    GeekFlavor Free-for-All!

    THE STORY

    A while ago, I had a great website called Geekflavor, which had daily-updated geek news. It ran on perl, and recreated itself every few minutes to get the latest headlines from other sites. I tried different hosting services, however, but none of them (this one included) were very perl-friendly. So I gave up, and never got around to finding another one. Maybe one day, when I have more time....

    SO WHAT?

    So -- I have decided to Open Source this website! I am giving away the password and making it a free-for-all. As long as it's nothing illegal or pornographic, you can upload whatever you like. The site has got good bandwidth, so that's not a problem. All I ask is that you leave this page (index.html) intact, with the exception of adding links to additional pages (which you can do with a text editor).

    HOW DO I PLAY?
    Login: geekflav
    Password: dnzvmsii
    FTP site: ftp.geekflavor.com

    Simply place all html files in the /htdocs directory, and cgi scripts in the /cgi-bin directory. Perl seems to work well, it's just that my site relied on crontab, which was disabled by the admins.

    Shell access is also available, but you have to use SSH software (i.e., you can't just telnet to Geekflavor.com). Try PenguiNet -- It's my client of choice. This is useful for editing existing files (such as adding links from this page to other pages), and tweaking scripts.

    RULES

    Since it's a free-for-all, nothing is really sacred. Anyone can modify anything that has been uploaded by anyone else. This is meant to be creative and productive, however, rather than destructive. I hope that this site will grow and evolve in an interesting way, rather than simply serving as a giant spamwad. Also, I ask that you leave this text intact for the benefit of others.

    Have fun!

    [feel free to add anything below this line, such as links to uploaded pages, etc.]


    Am I the first to modify this? -Sean


    Before it becomes too much of a free for all -Mike

    Hot grits rule - Andy

    www.cyberia200o.org : cyberia : sub-dir on www.geekflavor.com

  • MetaBaby [metababy.com] has the same thing: pages which are modifiable or creatable by just about anyone.

    It was nominated for a Webby Award [webbyawards.com] last year for best personal site. Slashdot was nominated (and won People's Choice) for Community.
  • When I went to the site this morning I found very little there... it was just a directory listing and all of the directories were password protected. I take it that its not supposed to look this way, and reading the log listed in one of the posts here, it seems that they had to restrict access because people (via the slashdot article) were fooling with it.

    I think this is a very interesting experiment in how much freedom you can give people. Everybody would like to be part of a collective (like this site) where the structure is completely bottom-up and decentralized and everybody has a say, in fact a major say, in everything. Unfortunately, this doesn't seem to work too well. There will always be the people who for one reason or another would like to mess it up, and because of the lack of structure, can and will do so.

    I guess the reason I'm bringing this up is because this whole concept, the struggle between structure and freedom seems to come up again and again in the computer world. Should software design be centralized or Open Source? Should the Internet have laws? Who decides the structure of the Internet/should there be a structure? It seems to me that any system that has no organization or constraints (like this site) will fail. It seems pretty much inevitable that there will always be the few (or sometimes the majority) who will mess up the spirit and the workings of the project because of spite, carelessness, or greed. That's why although institutions like ICANN need major changes, they are still damn important. Let's not forget that the Internet *does* have structure, and it is this structure (some centralization of naming, routing, etc) that has allowed it to grow to the amazing extent that it has.

  • How can I FTP a 'u' into Flavor ?
  • ...but this isn't some new community site or grand experiment. The guy's just sticking it to his ISP for not delivering the services he needs on his way out. Slashdot-scale havoc until his credit for this billing period runs out, or they terminate the account.

    That said, I'd love to see the looks on the faces of the admins right about now, assuming they don't read slashdot. :)

    ---
    Where can the word be found, where can the word resound? Not here, there is not enough silence.
  • Sounds like what www.pagein.com [pagein.com] was trying to do.
  • I also doubt this will work. I've tried something similar myself once, where I made a script allowing people to use my webspace as a sort of BBS system, leaving files and messages for others. I quickly found the need to moderate far greater than was my intention. People just start abusing this much too quickly.
    In this case giving away Your account info is just plain dumb. With several hundreds if people uploading whatever they want, giving away the addy for friends, or linking or whatever, and the next guy deleting the files, overwriting them or something else. Nah... This will never work....

    Even geeks will goof it... :)

  • From what I can see, this site was hosted just on some hosting provider and then this guy gave away the password to a billion people right? That is pretty retarded, just asking for trouble, unless he worked for them or had permission or something.

    I am guessing this webhost will be extremely angry at this for having their machine broken into (by some accounts people who sshed in got root, yes?) and possibly try to burn him for violating their terms if they included anything to cover this.

    I am not sure if he did it intentionally, but if you were some guy who was mad at you host cause they didn't let you use cron, what better way to get back at them than just running a shell account guaranteed to attract crackers and script kiddies?

    So, basically I don't feel sorry for this guy at all. He didn't have any important files he lost or anything, but the workers at his webhost are now going to have to clean up a box because some jackass gave shell access to the readership of slashdot. I would imagine that would be any security team's nightmare, no matter how well they had applied all the latest security patches.

    sig:

  • Message from the Admin (repost) (Score:5)

    by zpengo ( 99887 ) on Tuesday July 25, 2000 @05:22AM (#907846) Homepage
    Someone thought it would be cool to mod this down to -1, so I'm bringing it back.

    ---------

    I'm the guy who did this GeekFlavor thing, and I have to say that I'm very disappointed in how it turned out. It wasn't up for very long at all before some script kiddie had to bust some 1337 moves on it.

    I will admit that I didn't exactly idiot-proof the project. I was hoping that by giving complete control to everyone, something truly interesting might develop, but I failed to take into account the power of a single ignorant admin.

    People have always used technology for destructive purposes -- the thrill of anonymity is intoxicating, and people often lose sight of their everyday code of conduct. Once little Timmy Smith because |)Ar|I never expected this project to amount to much. I just had some webspace and a domain, and decided to give it a shot. I think, though, that perhaps this experiment deserves another chance, although with a better plan on my part.

    If anyone out there has some suggestions on how this "Open Source" website experiment could work better, please contact me at ibn_qalb@arabia.com [mailto] (not my usual address, if you were wondering). I'd love to have some help in creating a new, sturdier site that would actually be built to handle something like this.

  • Here are the top referrers to the site. You can get all these stats by going to geekflavor.com/stats [geekflavor.com]. Oh, and although ssh is apparently down, ftp is still up.

    Top 23 of 35 Total Referrers

    # Hits Referrer

    1 954 36.82% - (Direct Request)

    2 28 1.08% http://slashdot.org/article.pl

    3 8 0.31% http://cgi.zdnet.com/zdpoll/savevote.html

    4 7 0.27% http://linuxtoday.com/news_story.php3

    5 6 0.23% http://www.nerdperfect.com/

    6 5 0.19% http://slashdot.org/yro/00/05/31/1534236.shtml

    7 4 0.15% http://slashdot.org/articles/00/07/21/1422251.shtm l

    8 2 0.08% http://arcanum.simplenet.com/links.html

    9 2 0.08% http://slashdot.org/submit.pl

    10 2 0.08% http://slashdot.org/comments.pl

    11 2 0.08% http://slashdot.org/interviews/00/05/23/007214.sht ml

    12 2 0.08% bookmarks

    13 2 0.08% http://slashdot.org/askslashdot/00/07/15/2030252.s html

    14 1 0.04% http://slashdot.org/apache/00/05/22/1858206.shtml

    15 1 0.04% news://news.sprint.ca/397CFD3F.5FE204BA@metallicaf an.com

    16 1 0.04% http://slashdot.org/articles/00/05/17/2136258.shtm l

    17 1 0.04% http://slashdot.org/index.pl

    18 1 0.04% http://slashdot.org/askslashdot/00/05/09/0131249.s html

    19 1 0.04% http://www.greatdomains.com/domains/details.asp

    20 1 0.04% http://slashdot.org/science/00/05/04/0816244.shtml

    21 1 0.04% http://slashdot.org/articles/00/07/24/1617240.shtm l

    22 1 0.04% http://www.zdnet.com/gamespot/filters/

    23 1 0.04% http://slashdot.org/articles/00/05/22/1345215.shtm l

  • In the middle there. Oh well.

  • Humans get along remarkably well (Score:5)

    by Karmageddon ( 186836 ) on Tuesday July 25, 2000 @03:04AM (#907851)
    Humans CAN'T get along, people are impaired from helping each other

    I understand the point of and the lamentation in your post. However, I heard an anthropologist point out an interesting fact, how well humans do get along, better than most other species. Humans are willing to sit quietly next to total strangers in a dark movie theater or in a crowded train. Other animals are mostly not capable of this sort of feat.

  • How do you know they didn't know it would be posted to Slashdot? If you look at the whois record of geekflavor.com, snowphoton@MINDSPRING.COM is listed as technical and administrative contact. 'snowphoton' was the handle of the person who submitted the story.

Slashdot Top Deals

If you think nobody cares if you're alive, try missing a couple of car payments. -- Earl Wilson

Close