Re: [Full-disclosure] Re: tar alternative
quoth the Tim: > > What problems ? > > 1. tar archives contain information about the user and group of a file. >This is critical for backups, but quite unnecessary for software >distribution in the vast majority of cases. It is a common pitfall >for software authors to leak information about their systems this >way. What tar are you using? With every tarball I download the files within are given the owner:group of the user I extract them as. I have never seen a developer's username or group disclosed... > 2. As discussed in this thread, tar archives contain permissions for >files. Also important for backups, not important for software >distribution IMHO. Sure they are important. Would you want to manually chmod +x all executables and scripts? Manually chmod +r all documentation? Even stipulating that we could use the umask value to decide permissions it is still a PITA. > 3. tar traditionally allows files to be extracted to any directory, >which can be dangerous. This can be mitigated if you don't blindly extract tarballs as root, and you only extract in safe locations. If you unpack stuff to '/' you deserve to hose your system. True, some boneheads don't package their stuff in a top-level directory potentially overwriting existing files in the pwd. Perhaps the GNU folks should add a 'noclobber' option > > True, these behaviors can be overridden, or a tool developed that has > safe defaults, but then the tool would be less useful for backups. The > point is, the Unix community has been using a backup tool for software > distribution for many years. Perhaps having the right tool for the job > would be safer. > > For instance, a format that only contained filenames and timestamps, and > is built to only output all files under a specific directory tree would > be nice. > > > I would say cpio, but you don't want any backup designed archivers. > > Yeah, I had thought of that as well, but it likely has the same issues. > > thanks, > tim -d -- darren kirby :: Part of the problem since 1976 :: http://badcomputer.org "...the number of UNIX installations has grown to 10, with more expected..." - Dennis Ritchie and Ken Thompson, June 1972 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] LOL HY
quoth the Ajay Pal Singh Atwal: > ----- darren kirby <[EMAIL PROTECTED]> wrote: > > +1 > > > > The signal/noise ratio here has really gotten unbearable in the last > > few > > months. We can deal with most undesired mail from repeat posters with > > a > > filter, but the crapfloods need to be dealt with in a more drastic > > fashion. > > > > -d > > -- > > darren kirby :: Part of the problem since 1976 > > Sounds like **drastic** search for WMD has begun Mr President, with > **drastic** efforts to deter childish activities. > > Hmmm... > > Ajay Pal Singh Atwal Yeah yeah yeah... I'm a tool, wad, fucktard what have you...yadda yadda yadda. I was not aware of the moderated subset of the list, I was made aware, and I have joined. I suggest that whoever feels the same as me do the same, it's a perfectly reasonable solution for those who don't want the noise . I am just hanging around FD for another week or so to get a sense of just how much of a 'subset' it is...and what sort of lag there is. Seems little point in banging heads with the others here who are willing to fight and die to preserve their right to post and download megs of animal porn and other assorted bullshit to and from a security ML. cya -- darren kirby :: Part of the problem since 1976 pgplQxUbP3hKO.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] LOL HY
quoth the Matt Burnett: > You really think this would be hard to design. Think about how most > spam solutions work, if you get 25 posts in hour with 100k > attachments from a new user, do you think they are talking about > security or are they posting porn. Anything a spam filter would > consider suspicous could be flaged for moderator approval. Its not > 100% fool proof but do you really think some 16 year old kid whos > posting porn here would take the time to try to defeat it, in order > just to post crappy porn? > > If implemented properly it would not limit the free exchange of > SECURITY RELATED information, but would limit the exchange of porn on > FD. You dont think a couple thousand security people, most of whom > are strong supporters of privacy rights/civil rights/etc couldnt > devise a proper system that would not impead the exchange of security > related information? +1 The signal/noise ratio here has really gotten unbearable in the last few months. We can deal with most undesired mail from repeat posters with a filter, but the crapfloods need to be dealt with in a more drastic fashion. -d -- darren kirby :: Part of the problem since 1976 pgpTEB2QAusNM.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] .An uncontrolled fiscal crisis.. America.s future under George Bush.
quoth the Red Leg: > > I am loathe to contribute to this OT thread, but I just wanted to mention > > that as a non-American, I am much more fearful of actions from the US > > than Iraq/Iran/dirkadirkastan etc etc... > > Hey I'm loathe to read your shit, too. So, we're even. > > Have you been watching our elections in the U.S. lately (polls don't > count--talk about rigging...)? Does it look like Americans give a damn > about what the rest of you assholes think? Of course not. Why? Because you > sorry bastards fucked up the world during your free reign on earth during > the colonial times. We're in Iraq right now because you stupid assholes > fucked it up during World War I. And now, you have the unmitigated gall to > make accusations against the United States? You fools screwed up the entire > world, and when the U.S. tries to unfuck the fuckups you people caused, we > get called on the carpet by the same idiots who created the mess in the > first place. > > You morons can't even handle your own affairs without U.S. Help. Bosnia is > just one example of the typical crap that you have put Americans through > since World War I. We were perfectly happy to sell you idiots the gunpowder > to blow yourselves to Kingdom Come, but no you had to drag us into your > friggin messes. > > So, cry like little babies when we have nukes and threaten to kick you > sorry asses when you try to sell them to the Iranians. > > For those of you Europeans and other that are helping us straighten out the > world, please understand that there is so much that we can take from > incompetent, arrogant morons. > > Peace on Earth - Through STRENGTH > > Pax Americana! > Thanks guy, you made my point way better than I ever could have... -d pgpLfWLjc3lZL.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] .An uncontrolled fiscal crisis.. America.s future under George Bush.
quoth the [EMAIL PROTECTED]: > J A (Jack Ass) If the NYT went out of business today would you loose all > reference to what is real? Read the Post Dude. > > With silver spoon growing up under mommies wing in Battery Park Plaza, I > guess Starret City in the Bronx was too polluted, so you privileged > bastards chose another land fill to live on, better start those PSA tests > today, your obvious politico paranoia is influencing your judgment. > > WE ARE AT WAR Douche BAG. I suppose you think its ok for IRAN to Develop > Nuclear power? Or continue to buy a delivery System from Russia (Oh right, > thats just for defense) CAN YOU SAY DIRTY BOMB? > I am loathe to contribute to this OT thread, but I just wanted to mention that as a non-American, I am much more fearful of actions from the US than Iraq/Iran/dirkadirkastan etc etc... Why is it OK for the US to stockpile nukes, and invade sovereign nations at will, but no one else? Oh yeah, because the US is savior of the world right? Because US is the biggest and baddest and can impose their will on anyone. This is the reason so many non-Americans hate the US so much, and I'm not just talking terrorists here. Trust me, I am not alone in thinking that the current Bush administration is just as dangerous as anyone in Iran/Iraq. And this war you're at right now, it was started on the most specious of pretexts to forward GWB's own agenda. But then, I'm just one of those hippy liberal douchebags that thinks that _nobody_ should have nukes. Flame away buddy, enjoy it while you still have some freedom in that country you love so much, because it won't last long. The decline of freedom in the US has started to move downhill at an exponential rate since GWB took (and by 'took' I mean rigged) that first election ~6 years ago... I encourage all Americans who still have free will to take action against their oppressors. A definition of facism: >Fascism is commonly defined as an open terror-based dictatorship which is: >Reactionary: makes policy based upon current circumstances rather than creating policies to prevent problems; piles lies and misnomers on top of more lies until the truth becomes indistinguishable, revised or forgotten. >Chauvinistic: Two or more tiered legal systems, varying rights based upon superficial characteristics such as race, creed and origin. >Imperialist elements of finance capital: Extending a nation's authority by territorial acquisition or by the establishment of economic and political domination of one state over its allies. Seems to fit the current Bush administration quite well. See you in hell... > Or maybe Saddam would have let us tromp through his country, what's the > magic word (PLEASE), to get to the Bio-Weapon making cell in the North of > Iraq. Do you need another major event to wake you up? WTC 1992, was the > wake-up, WTC 2001 got our attention, and what the future holds I am not > sure, get your crystal ball polished up sweetheart, its coming, make sure > you stand and rotate to get that even all over tan. > > So what a few identified sympathizers were tagged, by the NSA, maybe a > warrant wasnt sought, cause a press scoop wasnt needed by your beloved > NYT. You have no facts, just liberal out lash. Are you going to save us? > Do you have your NBC suit ready? > > You should take a bigger dose of those Meds, relax, A Dem will get in > office next time, and fuck things up worse. George may be an idiot, but he > is a predictable idiot. > > -- > vote for me > pgpSpIMVDMEnI.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] List Charter, amended...
- Introduction & Purpose - This document serves as a charter for the [Full-Disclosure] mailing list hosted at lists.grok.org.uk. The list was created on 9th July 2002 by Len Rose, and is primarily concerned with slagging on n3td3v. The list is administered by John Cartwright. - Moderation & Management - The [Full-Disclosure] list is unmoderated. Typically posting will be restricted to members only, however the administrators may choose to accept submissions from non-members based on exactly how good the slag on n3td3v is. It is expected that the list will be largely self-policing, however in special circumstances (eg spamming, misappropriation, defending n3td3v) then offending members may be removed from the list by the management, or perhaps just publically slagged. - Acceptable Content - Any information pertaining to n3td3v is acceptable, for instance announcement and discussion thereof, Google XSS exploit techniques and code, related tools and papers, links to n3td3v's geocities sites, and other useful information about n3td3v. Gratuitous advertisement, product placement, or self-promotion is welcome, especially if n3td3v is mentioned. Disagreements, flames, arguments, and off-topic discussion is encouraged, as it pisses off people trying to weed through it for useful security information. Humour is acceptable in moderation, providing it is offensive, and directed at n3td3v. Politics should be avoided at all costs, unless it concerns n3td3v. Members are reminded that due to the open nature of the list, they should use discretion in executing any tools or code distributed by n3td3v on this list. - Posting Guidelines - The primary language of this list is venomous. Members are expected to maintain a reasonable standard of n3td3viquette when posting to the list. -- darren kirby :: Part of the problem since 1976 :: http://badcomputer.org "...the number of UNIX installations has grown to 10, with more expected..." - Dennis Ritchie and Ken Thompson, June 1972 pgp6WuRjLEQqM.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
