4chan just found all the passwords to Glenn Beck's database/website...

meeb

Yeah, that's stupid squared.

It does give you user home directories, shells that might be out of date and have an exploit, a list of usernames to narrow any brute forcing and so on. It's pretty helpful if you're a blackhat, but yes, anyone that thinks it's the golden skeleton key to a system is as moronic as the sysadmin/dev that allows filename=../../../../../../etc/passwd

meeb

It's not particularly hard, you have write access to the apache log file at least which is predictably stored in /proc/[PID]/fd/[number], some brute forcing can find it trivially.

There's also SELECT "<?php system(....' INTO OUTFILE '/somewhere/writable/by/mysql';" etc. if you have an injection vector.

I would be surprised if this site stays up as it is if it's not defaced pretty quickly as people find follow-up vulnerabilities. Executing remote code with privileges of the web server should be pretty easy, not that I'm going to look for it - particularly given the exposure it's just had.

Also, anyone see the pastebin paste from the passwd file? "rushlimb" has an account, the horror.

meeb

By itself it's usually completely useless, it some cases it can show a weakness however (especially if the sysadmin is a moron), in any case more information is always useful when attempting to evaluate a system.

meeb

what?

meeb

I don't know why but I find this the perfect sad song. No lyrics.

Ghosts 36

meeb

You're just trollin' now, replying to a pedant post with touché without the acute!

meeb

Just to be a pedantic asshole (you know, 'reddity'), if you were directly underneath a cell tower the reception is actually quite terrible. 250m away with direct line of sight or similar might be a better analogy :)

meeb

All that remains is a 9GB tarball split over two DVDs in some box somewhere in my flat.

meeb

Seventh day here is Sunday in any calendar I can find :P But sure, Seventh Day Adventists are Saturday-crazy. Must have been some other mental sect.

Having some hard-on over any day of the week because mythical being X says so is insane, semantics in terms of the story :p

meeb

Must have been some other crazy Christian order then!

meeb

HOPPER POPPERS

meeb

Well they can't time travel and process orders from Sunday a day before they were placed. They waited for Monday.

Methinks you missed something =)

meeb

self-facepalmage

meeb

Not when used to mean how obvious and clear something is :P "I mean it's as clear as mud, anyone should be able to work it out...".

meeb

On many occasions it was substantially more absurd than The IT Crowd as ever been, but it's quite close...

meeb

What's Cf. ? :p

meeb

Just the tip of the insanity. Asked some other ex-colleagues from there (we've all now left) for some of the other (100% accurate) quotes from him:

"as long as a piece of fish"
"you've got a foot in every cake"
"burning the midnight oil at both ends"

more to come if I can remember any others :P

meeb

Want some more? OK!

We had some able developers, I was head of the tech dept. at the time. One project was to build some massive directory thing (this was early 2000's this was still terrible but not as bad as it is today)... but every page (out of some 1000 sites and some 25000 pages or so) had to be pure HTML because the technical director (the one that later died) could only use Frontpage and demanded the ability to be able to FTP into the site and edit the pages manually himself, which he would do on a very regular basis.

So we ended up having some insane "open the file, edit it as pure html then save it again" CMS, which he didn't get.

We then had to plug Overture search results into it, but of course that's an HTTP based request API and the search results pages for obvious fucking reasons don't actually physically exist...

Yep, we had some 10million pages or something of the most common search terms "cached" as static HTML so that he could edit them manually if he wanted, obviously most of the links were broken after a week of being "cached" and it all ended up with the project exploding and me doing something else.

He also refused to allow web developers to use Dreamweaver instead of Frontpage (they HAD to use an IDE) because it wrote sites in a "different language", and refused to allow people to use XHTML instead of HTML3 or whatever because it's based on XML which is "machine code".

I was originally employed at 18 there (I'm 27 now, was there for 5 years) as a "multimedia artist", but they didn't and never did any multimedia art. Basically things like JavaScript beyond a button rollover or Flash were banned, sites had to be plain HTML work down to 640x480 and be flexible (IE: 100% width, no fixed width sites) because the tech director "hated wasted space", even on pages with like one sentence) and had some insanely rigid design constrictions (100px or so banner, then nav on the left, footer must be in this style...).

The other director who now runs the company is an ex chef who basically did nothing techy until the tech director died. That's a whole other story of crazy.

meeb

Lowercase 'm'! :)

meeb

At a company I once worked at (small to medium web house) we had a client who sold some arbitrary cosmetic product off their site. After a couple of months the couple who owned the client company both converted instantly to fanatic Seventh Day Adventists (I think, some crazy Christian order anyway).

I was asked with a completely straight face to make their little website not process orders on a Sunday, as it counted as "work". This, not being stupid enough, was compounded by them not actually wanting to lose orders (it was just some pants little CMS with Paypal I think?) so they wanted us to build something that "queued" the orders and processed them with Paypal automatically at Midnight on a Monday.

Then of course it emerged about the internet, you know, being available to the whole world. Next question was "well, how do we know it's Sunday? It could be Sunday in the UK but Monday morning in Australia..." so yeah, spooned off into nicking the clients IP for geolocation and local time with JavaScript to guess the local time zone and... all of this costing an order of magnitude over what the site was originally quoted for.

I refused to work on the project and was lucky enough to be in a position where I had enough sway to not get in too much hassle for refusing to work on something. God that place was mental.

My director also died while I was working there, but he had some completely insane comments such as "This project is as clear as mud [actually meaning the exact opposite], what we need to do here people is think outside our own heads".

I should probably write a sitcom about that place, shit like this happened on a daily occurrence, including guitar-playing directors, singing, insane clients, complete lack of any technical knowledge from directors, other director was a black belt in something and had a sword collection in his office who with a deadpan face threatened to kill me on several occasions, meetings that lasted in excess of 10 hours at a time...

meeb

You would be correct :P some 30 minutes of Haskell and some several years of Python. I assumed it was a general programming question, however.

meeb

Yep. I am :)

meeb

No, you can't add to a tuple once it's been created, it's static. I would assume that purely setting some arbitrary flag on an array so that it can't be written to is no faster than a standard array.

edit: try here and here for some more tupley info.

meeb

Tuples are immutable lists, they're faster than the normal arrays or lists usually. They're also usually read-only.

meeb

GIF DEES PEEPUL AYUR

meeb

TROPHY CASE

you'll need to login or register to do that

create a new account

login