clutch

Quote: well unfortuantly - this system is only controlled by remote and is about, mmm , 2000 miles away from me i ran symante code red patch - it foudn nothing, i install some IIS patches and rebooted, but IIS still goes down - it was up for about an hour and then juts turned its self off again Then first and foremost, I would advise that you have someone do what I outlined locally. Then, you might want to check for other updates, run SP4 (again, if you already have it) and maybe even the latest MDAC (2.8) if you have any kind of data access going on in your website.

In order to properly patch the system, it *must* be disconnected from the network *before* you run the patches. So, you disconnect it, reboot it, install the patches, reboot it, then reconnect it.

The mail server does a reverse lookup to validate if the server is who it claims to be. If your server is named mail.domain.com and it talks to a box that is vali[censored], the receiving server will do an nslookup to validate the name from its IP. Now, it sounds like you are trying to send from an IP that isn't the mail server's IP and *claiming* (by the name of the box presented to the receiving server) that it is. Your best bet would be to name the server "listserver.domain.com" and register that subdomain name with your name servers (wherever your DNS name is being hosted, be it yourself or your ISP). Then, when the mail server looks up the IP, it can match your server name back up with the machine's IP and go through (unless it's black-listed, which is a diff story).

Quote: As for HTML.. it drives me crazy, because it doesn't really require to much effort.. Phew.. people are so ignorant sometimes.. Yeah, I know. It would seem that these WYSIWYG editors would have the simplest HTML licked by now, but it doesn't. I really like using VS.NET for ASP.NET stuff, and yet it will still not do the simplest things like close off tags for bullets and such (but then again, GoLive and Dreamweaver didn't either a while ago, I don't know about now). It just seems like it would be easy to take care of, but it must be easier to make browsers work around sloppy code... ;(

Mostly, those points were to serve as a counterpoint for what you were saying. The MD5 checksums *could* be generated for the altered binaries and then uploaded to a compromised site, at which point you would easily validate the compromised file since the MD5 was made for it. As for the HTML response, you were stating that is was so easy to follow the standards, yet I was showing that just about any site picked online doesn't follow them (and getting Flash to run requires libraries that you will probably need, which require something else and blah blah blah - thank God for "apt" and "emerge" ). Now, for tracing the problem, a later release of Mozilla did address the issue, but my point was that it shouldn't have happened to begin with. Since the browser is not part of X (like IE is part of the shell in Windows) there was no valid reason for it to be compromised like that.

1. Not just home, but these can be easily circumvented. Again, like any OS, it relies on the ability to physically secure the server. So all OS vendors rely on this same premise and can be compromised in a similar manner (no OS is all that better than any other). That's the point. 2. While you *could* do that, many don't. Also, there's no guarantee that the MD5 wasn't generated to match the new binary. If someone can generate an original, another can be generated for a fake. Also, drivers can suck, but for the most part only if you don't know what you are doing. Plus, having so many distros and kernel options to consider can't make it much easier for the manufacturers. 3. vi is on everything UNIX, and therefore compromised every UNIX installation in use. I still consider that a *big* deal since it isn't a core function of the OS (like IE, remember the browser is the OS and the OS is the browser ), but rather an added (and needed) application. 4. From what I remember, Flash isn't part of a standard, yet tons of pages use it (and is a major PIA for many *NIX/BSD users). While it doesn't take much to follow the simple standards, very few will properly pass either the HTML or CSS validate from the w3c (check out www.ntcompatible.com, sorry Philipp ). In addition, many browsers can't properly process all the CSS2 functions, and many web desingers are still using tables to align graphics. But this can be reserved for a separate debate . My point is that a stupid application could repeatedly crash X, and this happened on all my installations and that of others. As for using Linux, I have been working with it for about 4 years before I took a break, so I am somewhat familiar with it myself . 5. Actually, I get many free utilities from MS (even before working with the Army) for performance tuning and security. But here's a better question: How long did it take for the UNIX guys to realize that shipping out user accounts and passwords in plain text was a bad idea?

Quote: They could call it the Penitum 242, or 246 lol Then again AMD never was good at marketing Nahh... More like P4.NET, P4XP, or P4+.

Was gonna do a bunch of quotes for the responses, but that's too much effort. In any case... 1. Ext2, Ext3, ReiserFS, etc. can all easily be chrooted into unless you are using some sort of extended ACL control, which almost nobody is. I have done this over and over again to repair screwball installs for others by simply booting off of a CD-based distro, or using a core installer off of a CD such as Gentoo. While you may need a Linux disk to reset an admin password on a Windows box, you don't even need that for a typical Linux install. Just replace a few "choice" files and you're done. Hell, you can even be network enabled with some of these boot CDs and move your files wherever you want. Nice and handy indeed. With the new Gentoo disk, you can have someone boot a system off with it, and start the SSH server. Now, you have a nice and secure means to work with a system over the network and not need to be in the same room anymore. 2. I would rather have the source code contained for security measures than have the whole world find holes or simply imbed their own BS into it. Also, out of all the apps that I have ever used in Linux (compiled for about 90% of them), I have only really "used" the source code twice. Once I used it to hack the nvidia drivers for suspend use in a laptop (although most of the driver is still closed source, this is more of a config thing) and once to bypass a function that disabled UDMA on my ASUS P4PE (which wasn't an issue in Windows, and was ready to go with proper drivers out of the gate while the Linux community with all the "eyes" on the code could only come up with a hack to disable one thing to enable another). Neither of these issues were of consequence in Windows, but hurray for Open Source, right? ;( Not to mention that many applications are being pimped as RPMs anyway, so most users aren't even bothering to compile these things. So, we can now have thousands of users with Linux boxes using precompiled binaries (Open Source not saving them here since compiling is such a "hassle" for them) from a compromised source. Hell, who needs an automated worm? Just attack a server running an out of date vi and change the source code and hosted binaries. That's a lot easier. 3. vi has had several issues from what I remember, and my point is that no *text editor* should be able to let someone take over an OS, period. Although a notepad exploit would be funny, it's unlikely. 4. Yeah, so nVidia doesn't follow the W3C, but then again how many sites do? In addition, the web browser was *still* able to crash X and all the apps that were dependent on it. This is the point. People bash IE and yell about exploits for it, when Mozilla can crash the OS with just a screwed up menu, and a text editor (yes, I know it can do more, but it is on almost *every* distro of *NIX there is) can be used to take over the OS. 5. I wasn't talking about security of Office XP, but then again that's what I use a virus scanner for, and I don't enable macro usage unless I know the source (default setup anyway). I liked the ease of use of the application, as opposed to the clunky behavior of OpenOffice.org. This, coupled with the odd font rendering in it while using Fluxbox or KDE at 1600x1200 on my laptop, it just wasn't worth wasting my time with anymore. However, I am not a Linux basher as I was a big Gentoo geek for a while. I love Fluxbox, and miss it dearly. But when someone extols the virtues of Linux without sharing the full story, I take issue with it. A Windows system can be *heavily* secured using the right templates that measures that are freely available. This can be done for pretty much any OS, but any OS has weaknesses. At work, we take security pretty seriously (Sr Systems Engineer for the Department of the Army, Active Directory Project) and we have a whole bunch of things applications have to get through before use in the Enterprise. While MS products have security holes, they can be addressed before use in production, and in many cases can be secured before an exploit is even discovered (such as the hi-sec template for IIS, or URLScan for IIS, with CodeRed). In many cases, we can't use Linux because it isn't FIPS compliant, unless we are using Red Hat stuff (ick) since no other distro either has the funds or the confidence to get it tested. Oh well.

Or, you could just boot up off of one distro, and chroot into the one on the disk. Or, just simply move files off one-by-one as desired since the vast majority of filesystems available for Linux do not have very good permissions management available. It's bad enough that Open Source has been shown to have flaws in the concept when people can imbed worms into the source and make that available (such as when OpenSSH was compromised) or when the most common text editor (vi) has a vulnerability that would allow someone to take over a machine. Not to mention the "stability" of Linux-based desktop when I am running Gentoo, X, Fluxbox, and Mozilla, go to the nVidia website for some drivers, and consistently see X crash when I hit one of the fancy mouse-over menus at their site. I was a big Linux fan for a while (and I still am, to a point) but with seeing all the new and wonderful holes in the OS everyday, coupled with the greatly reduced tools (I missed Office XP and VS.NET, and no, OpenOffice.org is *NOT* a suitable replacement) it was only useful as a utility OS.

Quote: this bugger is tough to get rid of i formatted my computer several times today installing both win nt and 2000 and i still have the worm dunno what else to do If you keep performing fresh installations of the OS with a hot connection to the internet, then you will be exposing the system to whatever exploits are currently running in the wild (like CodeRed). The best thing to do is slipstream the OS as mentioned, and then download the hotfixes and burn them onto the same CD (you can even "QChain" them if you like). Then, make sure to disconnect the system from the network (ideal) or disconnect the LAN from the uplink to the Internet. Now, install the OS and the patches. Once you bring it online, you should be set. If you are behind a firewall or NAT device, you should be OK assuming that there are no systems on the LAN that are infected and trying to infect others already on the LAN.

In the graphical query layout view, go to the column you want to filter info on and use [] to generate the prompt. For example, if I had a product table and wanted it to prompt for something, I would make a query for tblProduct, and under prodCompany I would put [Please enter company name] in the criteria section, using the brackets. That will make a prompt window come up with "Please enter company name" and a blank to put in the info. In SQL view it would look like this: Code: SELECT *FROM tblProductWHERE (((tblProduct.prodCompany)=[Please enter company name])); If I wanted it to match partial names, I would use: Code: SELECT *FROM tblProductWHERE (((tblProduct.prodCompany) LIKE "*" & [Please enter company name] & "*")); The * wildcard will then let partials like "so", "on", and "ny" match "Sony" in the prodCompany column. Lastly, if you want to add support for wildcards AND the ability to click "OK" with a blank field and have it return ALL records (no filter) then use this: Code: SELECT *FROM tblProductWHERE ((([tblProduct].[prodCompany]) Like "*" & [Please enter company name] & "*") And (([Please enter company name]) Is Not Null)) Or ((([Please enter company name]) Is Null)); This will let it handle blank entries and combines that with support for wildcards. HTH

I use VS.NET, and started working in C#. It's a lot like Java, and carries over behaviors from C++ (or so I am told). The only downside to C# is that it doesn't have the userbase (yet) of VB.NET, so there isn't as much code snippets to work with.

Quote: Quote: Quote: I bought a OEM DVD burner that did not come with software. That's dead-up dumb! How on earth do they expect you to use it?? APK Well it was a really good deal. I bought it for $120 if I remember correctly. I didn't realize that I couldn't use the Nero that came with my CDRW. I somewhat expect to be able to do it through XPs interface like I can with CDRs It's only a good deal at that price if you can use it...

I was speaking of this actually: http://www.neverstolen.com/ Also, many alarms (such as mine, it was $235 w/o installation, about $500-$600 installed) have "fail-safe" starter kill relays. These relays are "normally closed" units, and are designed so that if the alarm dies, the car can still be started. Well, many thieves simply cut the power to the alarm, and the relay closes so they can start it. In my case, I have a "dummy brain" in the car as a decoy, and I have all the relays hidden all over the place in the dash. Plus, I am working on an ingnition/fuel kill setup to keep it from going anywhere. As for the theft deterrent, I was more concerned about the jackasses that break into cars because "they're there" and take stuff from them. Now, I am looking to harden the car from most attacks.

Heh, my radar detector was stolen from my car on the 4th of July, along with the radio out of my inlaw's car. I bought the next version up from my old detector (I had an Escort Passport 8500, and got the SR7 and installed it myself) and an alarm (Viper 790xv, again I installed this myself). I had one car with a ton of audio gear in it, and when I had my alarm I never had an issue. So, I bought this one with the 2-way "Responder" transmitter (will page you if there's an issue, and can send/receive up to 1/4mi. away), and it's working out pretty well. I am going to finish up the remote start this week so I can fire up the A/C when I get ready to go out. Now, while an alarm isn't absolute protection by any means, it's definately a great deterrent. In addition, you can get a lockout module that wires up to several systems in your car and you get a "key" that you have to plug in before the car will even start, or prime the fuel pump, let alone go anywhere.

I middle click the mouse for tabs. Also, I have the plugin/extension that monitors downloads and gives you shortcuts at the bottom to open them when they are done. Very nice.

If you configure the tables properly and it can support a System DSN to it, then probably. There is a .sql file in the inetpub dir for IIS, and that's your SQL script to configure the db.

Your best bet may be to have something that logs to a database, and then query that db. I have done this with IIS (which logs WWW, FTP, and SMTP) where I have it connect to my SQL server using ODBC and log everything that way. Then, I use an ASP app that I wrote to query it.

Quote: Yes they put stickers on the joints Wow, they give you complimentary weed with the PC? Hell, I wouldn't think that the warranty (or the PC, or anything else) would matter much...

When you have over 50GB of media, having the auto-generating library feature of WMP is very handy. While I have a gazillion MP3s to keep track of, it's still much nicer than pulling the original CD from storage just to hear one track from it.

It's pretty funny how they badger Intel with their dim-witted "Chipzilla" remarks, yet this behavior is allowed. I have known for a long time that Tom has been a fan of AMD, but I didn't realize that he and his crew were completely in bed with them. I would say that it's a shame, but I don't really care about his site either way. As for AMD, well, shame on them for allowing this supposedly "unknown" deal to continue, regardless of allowing other editors/reporters to show up.

I remember other video cards exhibiting this kind of corruption a long time ago with overclocking, and if they were run like that for an extended period of time the damage was permanent. If this card was overclocked, and the damage was related to it, then you might have your RMA denied if they can prove it was abused in this manner.

Well, I just got a new job as a DoD contractor for AD/Enterprise Application Development, and I have been advised to hold off until the 2003 exams come out. We will probably be moving to 2003 and skipping 2000 all together in our move from NT 4 domains. Basically, the existing engineers and architects state that many of the qualities are the same, so if you are strong with AD now you should probably just practice with 2003 and then test for that.

Yes, it is harder on your system if you keep shutting it down. In many systems, you have a ton of disk activity during startup which causes mechanical wear. In addition, every application you launch causes more activity on the first pass, and then every subsequent launch has much less activity (due to caching if you have large amounts of memory). Also, many high-end audio shops tend to encourage leaving amplifiers on all the time due to powersupply cycling and keeping the components warm (as opposed to stone cold where they have to warm up). This premise could be applied to PCs I imagine. The largest point of power consumption would have to be the monitor, and proper power management settings can be configured to have the monitor power down after a certain time of inactivity. Next, you can setup the harddrives to power down (or "suspend", like the monitor) after a while. In addition, more advanced systems will power down fans when they are not needed. More and more components are being designed to support 24/7 operation like this, and the equipment is getting better. Today, it is getting much harder to find an old sleeve bearing fan, but rather ball bearing fans are more common. I subscribe to the belief that every start of the equipment is much harder on it than just leaving it running, and that all equipment really has only so many starts left in them. This is the case with modern H.I.D. (High Intensity Discharge) lighting systems that you see on upscale cars, where they have a long life of straight running time (much, much longer than normal halogen bulbs) but each start of the light reduces its life slightly (which is probably why you don't see them in high-beam applications as much, since they are so expensive and used briefly or for flash-to-pass scenarios). If you ask any of the more seasoned people on this board about run-ins with flakey drives, you will usually hear one thing: keep them running! When a drive is about to die, and you can't get everything you need off of it right then, it is usually best to keep it running until you can get back to it. Many times, if you shut off the drive you might have to go through several reboots to get it restarted. Again, this is why I feel that starting something many times is much harder on it than just letting it run and suspend via the OS. HTH

Quote: A for not typing www, normally IE will add the www and try that too, but your is not for some reason. Probably because of what DS3circuit said, cause you are uing your own DNS server I presume. Using your own DNS box will have no effect on that. I have been using my own DNS at home for 4 years, and never had that issue. The client and its applications don't care where the DNS is being handled, as long as it is. The attempt to find a "WWW" even works if using a proxy and you have IE setup to work with just that.