Archive for September, 2006

Article: Why is everybody so busy?

I might still be classifed as a young man, but even I can see the rapid change in styling of the World and how our lives revolve around it. A familiar phrase you mid 20’s may have heard as a child “I’m not taking homework provided on printout paper from a computer”. To me this phrase then was not a good thing to hear, it was a result of people too fixed in their ways, unable to think in new ways, or able to comprehend the use that computers could be for different types of people; for instance I myself was dyslexic, and found it much easier to use computers, now I have a verified wpm of 130 and am very happy with it , as well as my grammar, and the ease of use I have when I need to know something (wikipedia, google, dictionaries, etc) it’s all there.

article2.PNG

Now, people are so busy, even those without computers are extremely busy. A familiar phrase from older generations would have to be “kids have too many choices these days , when I was a boy…”, which demonstrates thie phenomenan to a tip of perfection, and I hope, validates my point, that clearly there must be some sort of balance between opportunity and execution. Infact thats (ironically) exactly how the faster cryptanalytic time memory trade off works (here). This essentially is taking pre-calculated data and using it in a lookup table (memory) in combination with the usual algorithm, the access is faster, but there is a tradeoff (for every force there must be an equal and opposite force), much like in modern society.

The parallel exists, I’m sure of it i.e. there is a direct proportionality between N opportunities and N executions (acceptances). I.e. there is a great need for balance.

In a sense, technology has given us too many opportunities, and ways of doing things, its unlikely that a balanced path is pathed out. Much like how I felt people were wrong surpressing the use of computers, people would be just as wrong to insist the presence of computers was essential, which is an interesting suggestion from a Technical Director, whos job depends on Comp Sci. However consider it, and what is lost by using computers, just as much as what is gained. System analysis freaks will know exactly what im talking about! :)
(It is just as bad to overcomplexify a system (or a design for that matter) , as it is to oversimplify).

Most truly amazing genius’ I’ve seen were from people to combine, what could be considered, ancient simplicity, with, technological complexity. Most designs that qualify for both and bring a balance, become netural forces in our lifes. These neutral forces become tools that are harder to exploit, and although I could go on about the history of exploitation and hacking , that is being saved for another article. Harder to exploit you say? Ok azio, you’ve really lost it this time.

When I say exploit it doesnt necesarily mean hack or abuse, it simply means , “be used for means other than the sole intention of the device”. One could infact argue that a combination between such ancient and modern techniques could greater widen the orifice to which exploits exist in, greater efficiency, etc.
Maybe people are not ready yet, to realise the balance between the society they created, and the society they left behind, as I am sure history proves itself, this is not the first revolution, or balance conundrum to rise on our tide of existance, I hope though that a few enlightened people may come to realise, that there should always be a balance between technology (or complex systems), and non-technology (or simplified systems).

Comments (3)

Howto: Using a MYSQL Server Database

Any session starts by connecting to the MySQL server. For API’s which require a servername, use localhost.

The example below shows you how to connect to the server from a unix shell.

mysql -u username -p mysql

Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1136 to server version: 4.1.11-Debian_4sarge4-log
Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the buffer.

Lets Query the Database:

mysql> SELECT CURRENT_DATE;

+—————–+
| CURRENT_DATE |
+—————–+
| 2006-09-27 |
+—————–+
1 row in set (0.00 sec)

A simple example of course, notice that usual c syntax is used for termination of a command. There is an exception to this rule or two, quit is one of them.

When mysql is done executing the command mysql> prompt is returned

Lets Query Multiple Entries:

mysql> SELECT VERSION(),CURRENT_DATE;

+—————————+————–+
| VERSION() | CURRENT_DATE |
+—————————+————–+
| 4.1.11-Debian_4sarge4-log | 2006-09-27 |
+—————————+————–+
1 row in set (0.00 sec)

Accessing a Database:

mysql> USE mydb
database changed
mysql>

You need to replace mydb with the mysql database you created with your webhost (since this is a simple guide, im assuming your not running your own SQL server, etc).

Lets Create a Table:

Tables define structures for data to be entered into databases. Before we create the table, let’s look up the existing tables in the database we selected. For me my database is called mysql.

mysql> SHOW TABLES;

+—————————+
| Tables_in_mysql |
+—————————+
| columns_priv |
| db |
| func |
| help_category |
| help_keyword |
| help_relation |
| help_topic |
| host |
| tables_priv |
| time_zone |
| time_zone_leap_second |
| time_zone_name |
| time_zone_transition |
| time_zone_transition_type |
| user |
+—————————+

As I expected, my tables do exist in my database and MYSQL has happily shown them to me.

Lets Create a Table:

mysql> CREATE TABLE person (name VARCHAR(20),
-> birth DATE,
-> website VARCHAR(20));
Query OK, 0 rows affected (0.08 sec)
Excellent the table was created successfully. If your feeling overly happy and want to check that the person table exists, just type SHOW TABLES; again at the mysql> prompt. You will probably want to , at some point, view the specifics of your table, in SQL this is called DESCRIBE.

Show Table Data (DESCRIBE):

mysql > DESCRIBE person
+———+————-+——+—–+———+——-+
| Field | Type | Null | Key | Default | Extra |
+———+————-+——+—–+———+——-+
| NAME | varchar(20) | YES | | NULL | |
| birth | date | YES | | NULL | |
| website | varchar(20) | YES | | NULL | |
+———+————-+——+—–+———+——-+

Entering Data:

mysql> INSERT INTO person
-> VALUES(’Azio’,'1984-07-21′,’www.azio.org’);
Query OK, 1 row affected (0.00 sec)

Viewing your shiny new table with a query:

mysql> SELECT * FROM person
+——+————+————–+
| NAME | birth | website |
+——+————+————–+
| Azio | 1984-07-21 | www.azio.org |
+——+————+————–+
Da Da!

Comments

HowTo: Anonymously surf the web, from your browser, without a website

I recently was recommended some software called torpark, I was like “what is this crap then?” and proceeded to install it for a bit of fun. Turned out I really could use it, because of my network at the time it allowed me to access my sql/php/apache2 server running locally (to test outside connections) which to me was actually very useful. The truth is thats just the tipe of the iceburg, Tor Park can be used for anonymous browsing in general (even if your behind a NAT). There’s no ads (that I know of or saw whilst using it), it “hijacks” firefox until your terminate the process (it goes away). Best of all you can switch from anonymous/non-anonymous browsing on the click of a button in tor park itself.

Oh, I think its american, it was a little slow for me, but useful.

I really was taken quite back by it, and have decided to give it 2 thumbs up, its a well designed app, whoever wrote it obviously knows what a pain it is to be blocked from a site from somewhere in the world, thus blocking their freedom of information so to speak. Remember, keep the freedom of speech on the internet!!

torpark diagram

check it out now here

also checkout the cloak, a decent http “proxy” /anonymous browsing website

Comments (2)

IRC Dataminer/Proxy/Thingy/Logger/Privacy Intrusion

Today I finally lost it with automated bots that have continually been joining our irc channel on irc.quakenet.org #game-zero. I wouldnt mind if it was 10 or 20, but 50 of these bloody things join on a daily basis and I’m sick of it. I decided to keep a record of them joining.

I was able to derive they aren’t specifically mallicious, but the data is probably used somehow, for spamming perhaps, for informational purposes, databases, or just to get a very large amount of IP information without having to scan multiple targets (which is detectable at the speculated IP and the ranges router/gateway, probably). Is it possible these are hackers gathering large amounts of information (known as datamining), without having to do any scanning? I think it is. Quakenet have said I need to ban them, I’ve just filled up the ban list. Could this be the beginning of the return of an age old thing, automated in a whole new way? I thinkso, quakenet is the biggest irc network in the world, aswell.
Features:

  1. random idents eg. G0fLGkxcG:
  2. no reply (non human)
  3. differing hostnames
  4. idle one channel or 2 or 3 channels
  5. collect’s whois data in one channel, once finished, moves onto other channels revealed by whois data in initial scans.
  6. automative (relentless)
  7. Intentionally changes nickname onjoin sometimes (to stop ban, or to make it harder to track). i.e. intentionally self deprecating/counter-surveilance

Even now these bots continue to join, I feel powerless really, and I know it sounds stupid at first, but something WRONG is clearly going on here.
Here I name and shame these host masks,

#1 *!*@wird.niemals.ein.pr0gam3r.de
#2 *!*@*tassie.net.au
#3 *!*@c-48dc70d5.05-28-67626710.cust.bredbandsbolaget.se
#4 *!*@i.love.my.10.meg.int0rw3b.com
#5 *!*@*q-hosting.net
#6 *!*@p85.212.4.94.tisdip.tiscali.de
#7 *!*@98.217-149-112.enivest.net
#8 *!*@ip130-171-173-82.adsl2.versatel.nl
#9 *!*@*.telia.com
#10 *!*@*telesp.net.br
#11 *!*@*cs-server.at
#12 *!*@CPE-24-208-93-84.neb.res.rr.com
#13 punkyma[hN-!*n0rm@bysteini.de
#14 *!*@*web.de
#15 *!*@*dotsi.net
#16 KaEGN-EM!*ROY@ti121210a081-1953.bb.online.no
#17 *!*@*evillook.com
#18 *!*@*tuxforge.de
#19 moToope_Bo!*WalL@c213-100-228-179.swipnet.se
#20 CHAiNSxajniPhat!*m0@0c0.de
#21 *!*@*numericable.fr
#22 *!*@*gaoland.net
#23 *!*@*viastore.de
#24 *!*@*ipconnect.de
#25 *!*@*suomi.net
#26 *!*@*prophane.net
#27 *!*@ist.geisteskrank.und.das.ist.gut-s0.de
#28 *!*@*.il
#29 *!*@62-30-33-182.cable.ubr01.pres.blueyonder.co.uk
#30 *!*@unknown.cust.bredbandsbolaget.se
#31 *!*@*.fi
#32 *!*@81.244.170.0/24
#33 *!*@*belgacom.be
#34 *!*@*kuschelkueken.de
#35 *!*@*hansenet.de
#36 *!*@*aei.ca
#37 *!*@*rima-tde.net
#38 *!*@*versanet.de
#39 *!*@*t-dialin.net
#40 *!*@*comcast.net
#41 *!*@*sgsnet.se
#42 *!*@*poppstueck.de
#43 *!*@*linux-power.com
#44 *!*@dslb-082-083-118-061.pools.arcor-ip.net
#45 PaD`!*PaD@DJSpunk.users.quakenet.org

Comments (3)

HowTo:NV40 (Nvidia 6800 Chip) to Quadro 4000 without hardmod

It’s as easy as Step 1, Step 2 and Step 3,

Although this is an old guide I wrote for guru3d.com at some point 2 years ago, I thought I’d give it a quick show. Notice the simplicity of this softmod, all you need to do is enable the professional abilities using riva tuner, then restart, and then reinstall the drivers (and the nvidia forceware will detect what it thinks is the quadro chip). The beautiful thing is the Quadro’s use the EXACT same chipset (nv40), so the performance *should* be identical. The lock as far as I know is only the “strap”, i.e. the drivers installation actually control if you can use the Quadro, there might be other protections once they are loaded so I wouldnt recommend trying to force the quadro drivers out of the nvidia install (probably not possible?) I don’t know you’d have to be an oldskool decompiler duder for this perhaps? Anyway I probably just saved you a few $1000 for something you might already have, if I didnt and your a 3dsmax/maya/cad designer, or are planninng to build a render farm (distributed supercomputer), this may have just saved you a lot of time aswell as money.

Best Wishes.

Comments

Funny Jokes from Yikers.com

I was broswing a forum , and came across this site yikers.com, which is packed full of links, and from what i’ve heard a total of 50,000 pages. Well done Yikers.

I came across Yikers Jokes , which I found hillarious, they are even listed methodically so, for people like me with bad sense of humour, I can find what I want quickly :)

Thanks Yikers,

Pay Him a vist here

Comments

Draft: Google has been Ruined? I refuse to believe it.

http://www.google.co.uk/ig?hl=en

Hello azio.org readers. A lot of us will remember how google has remained, in essence, 75% the same over what must be almost a decade now. Recently something bad has happened, google.com has turned into yahoo.com

I personally feel, along with the masses of people with a clue, that this is unncessary on google’s behalf. There is No competition here. Right?

Has google lost its simplicity and ease of use with commercial bloatism? I , and I dont usually swear on my blog, farking hope not.

An update coming soon.

Comments (1)

NEW Gadget: MicroMoscito Helicopter takes to the skies!!

Hahahaha, nice one. This is one of those toys that only 30 somethings only can dream about having. Check the picture below and the youtube link ive embedded!

Micro Mosquito

The landing pad charging station introduces an element of challenge to wannabe pilots, being as it is not much greater in diameter than the stretch of the helicopter’s legs. If you can manage to get it hovering in front of your eyes, then you can even see the internals working thanks to the open bodywork.

Who made it?

http://www.interactivetoy.com/ :)

Comments

GoogleWhack Adventure - by Dave Gorman

Well, I’ve just had myself away from the PC for at least a few hours, (thats a bloody eternity for me) , omg users might need support or something! Yes , I know. Well, I just watched GoogleWhack adventure by Dave Gorman, I missed most of it, but the last hour or so was hillarious, I even sat down away from a computer which was a first for the last few weeks. This guy is truly hillarious, he’s about as technical as a bedpost, but does well with his extremely methodical and interestingly clever social indinuity, maybe I’m over analysing, i’m not the best of comedian’s, oh wait, im not one at all. :)

I highly recommend getting hold of the video or watching it on Paramount Comedy sometime like I did, he’s a truly truly funny man, and (although the video isnt life changing, no offence Dave!), I know what its like to be a googlewhack.
Observations

  1. Dave appears to have been the “only person with a googlewhack to actually make the best of it in the biggest way yet”.
  2. Dave appears to have little technical skill (oh no offence dave i love ya!), yet provided the best SEO he will ever have. Being number 3 on google for “Google Whack”, hell how many hits do you think that is? A lot.. Comments please :)
  3. Dave is an extremely intelligent person (in my opinion), he seems to use his and others projected disadvantages to his advantage. Sound plan. Works.

Comments

HowTo: Cracking Prevention

The best method of preventing your machines from being rooted is to make sure that people cannot access the encrypted password itself (thus are unable to decrypt/exploit/match/lookup and counter-measure it). Encrypted passwords used to be stored in a publicaly accessible file “/etc/passwd” file, from what I Understand, /etc/passwd refers to /etc/shadow and the main passwords on any new production machine are (or bloody should be) stored there. /etc/shadow should only be accessible by users with enhanced priveileges (system/root etc). Unfortunately many common network protocols transmit the hashed passwords to allow remote authentication, which is a problem at best.

Even if the attacker has no physical access to the /etc/shadow file itself, it is still possible to gain access to the hash, to crack at later times to exploit the system.

It’s important to choose good passwords, obviously?!!!

Also make sure your chosing a good encryption or hash algorithm that has stood the test’ of production server’s over the years. For instance:

  1. AES
  2. SHA-2
  3. MD5

You can also strengthen even a 10 character password (if you can adequately protect the data transmission by network protocol and disk permissions otherwise) simply by limiting the LOGIN attempts or Loginwait time. :) So simple.

The moral of my story is there is no sufficient amount of security to any system to prevent cracking. Most definately not without a proper security policy for your business, or for yourself personally. The common example of exploited people are those that are putting their passwords (which commonly are used for telephone, banking, email, and a whole sorry collection of things) on post-it notes on their monitor, or even on their hard disk drive, pretty worrying to be honest. Even sophisticated users warned repeatedly about it are known to have such lapses.

Why? Basically, users of any kind get tired of sacraficing usability in the path of security, and as a result, chose to sacrafice the security in aid to work faster; which works well, but can completely ruin the amount of effort spent if gambled badly (i.e. top secret system thats usable = owned). Interesting conclusion, please dont flame me for it. :)

Comments (5)

« Previous entries