cooper
-
Posts
6,071 -
Joined
-
Last visited
-
Days Won
139
Posts posted by cooper
-
-
The solution is to buy a USB wifi adapter and to use that. There's no solution to this solution.
-
It's a wiki so for casual browsing it's pure shit.
I use it the same way I use wikipedia - google something with site:owasp.org and take it from there.
-
Advice is the same as in that other thread - the RPi3's wireless adapter doesn't play ball when it comes to hacking, so go buy a proper one that does.
Shouldn't set you back more than a tenner.
-
Also, universities get a reduced rate for things like google, making it easier for them to decide to take the jump.
-
Given that the base system is slow (and, honestly, aren't they all?) adding an extra layer will invariably slow things down even more. And I can tell you from personal experience that it's not Java (or javascript, or C, or VB) that's making the system slow. The slowness comes from poor implementation and far too low-end hardware being employed.
The only way to interact with a web-based system is via the web. What your program would be doing is taking on the role of the browser. The problem is that either your program can quickly adapt to the various requests and responses being send back and forth, or with the next update to this system your program will stop working. Worse still, it will be viewed as your program being crap, rather than the backend webserver being at fault.
So long story short, I think it's best to not go this route. You could ask some techs who run the service why specific aspects are slow. Might be that they know of certain things they could do but aren't allowed to (say, not enough memory for the DB and management is to cheap to pay for more) which would mean you can now tell your superior that the current situation would improve by X% meaning you spend Y amount of time less waiting for a system to respond. Take Y time in hours times your hourly rate times the amount of people using the help desk system times total work hours in a month. With the upgrade costing Z, the investment pays for itself in Z/Y months and saves the company money after that. If you can make this case, you might get your way.
Remember, business cares about money and risk. Your program costs money (your time) and adds risk (you die, program is now an orphan). Your cost/benefit thing for an upgrade has an up-front cost but a long-term saving and zero additional risk.
-
This isn't so much a "they can't" but more a "they won't" or, more specifically, "they chose not to".
A business can do Google for Work, but it comes at a cost and if they either found a different provider for it or they have the required expertise in-house to provide a service themselves which is good enough (comparable to eachother on the points that matter to the *business*, as opposed to something you might prefer) at a lower price-point, it's in the interest of the business to go with that cheaper option.
So yeah, gmail's spam filtering might be better and/or effective, but the business chose to not care about that simply because they don't see dealing with the expected level of spam as a significant cost to the business, relative to the cost of going with Google For Work.
An ISP, for sure, can block whatever you want. But this is now a policy issue - the ISP probably says it's not up to them to determine if something is spam or not. Who knows, you might actually WANT to purchase pill-formed sugar cubes, thinking that this would increase your penis size, even though you're female. Sounds silly, I know, but the point is that the ISP considers this YOUR problem. *Their* problem is getting the communications reliably to you.
Finally, unless you control the server that added the specific header to the mail, DO NOT trust whatever's in there. It's just text, and don't you ever forget it.
-
I can assure you, the processor doesn't give a shit. Maybe the program (Hydra) is shit at multitasking but, well, who knows?
I find these 2 lines quite descriptive. Somehow changing the command line added 264 new login attempts to the run. I'm wondering if you really didn't change anything else...
[DATA] max 16 tasks per 1 server, overall 64 tasks, 16 login tries (l:4/p:4), ~0 tries per task
[DATA] max 4 tasks per 1 server, overall 64 tasks, 280 login tries (l:14/p:20), ~1 try per task
-
Try ending both use and pass files with an empty line.
-
If you come to SteelCon you can say hi to the both of us. Hell, I'll throw in a beer.
-
At my parents' their laptop had *MASSIVE* issues to get the bastard to install at all. Once it finally did get on there things were okay.
Their desktop was a different story. The install of Win10 went fine, then the thing went ape-shit. My guess is that a Java update was happening simultaneously and resulted in a reboot at the wrong time or something. End result was that their main harddisk wasn't bootable. All data was still there though. I was planning on doing just a full reinstall next time I was over, but someone in the neighbourhood offered to fix things and succeeded after 2 days of beating the box into submission (and afterwards I fixed his shit). This fucktart managed to convince my parents they had massive virus infections - turned out to be the Trash folder for their email program. They receive phishing mails, see right through the ruse and instantly delete it, but sure enough mr Fucktart's anti virus thingy found the folder and convinced him this box was a virus-infested shitpile which he, using all his skill and wisdom (WHAHAHAHA) managed to clean up and, worse, convince my parents was a problem they were woefully unaware of. So in spite of me telling them that no, everything was fine, no virus at play, you're doing the right thing when you're using your PC, now each time something is amiss I get the "maybe it's a virus? Fucktart said we had a virus. Perhaps he was right?"
My mom's really big on video and spends a LOT of time editing holiday vids and tourist-y daytrips. Her video editing program of choice released a new version which was supposed to target Win10 but thus far has been rather unwilling to install and in fact locks up the box. I'm not going to count that as a nod against Win10 completely, but it kinda makes me wonder...
Some people at work here are using Win10 on their laptops and seem happy with it. I personally loathe every bit of it and I'm supremely thankful I don't have to bother with using it.
-
Maybe describe what you did that led up to you receiving this? I'm guessing there's a 'generic' networking issue that's preventing Ping from sending out packets. Maybe the box is configured to not be allowed to send out ICMP packets from non-admin accounts?
-
You probably lack the postcount for this. If you take a youtube ?v=whatever url it gets embedded automagically.
-
I wouldn't be at all surprised if one of them was the salt.
-
Please don't repost your question to other, less relevant parts of the forum.
-
He's uploading from Linux to Windows.
Probably should use either "/root/Desktop/program.vbs" or "~/Desktop/program.vbs" where the former is the more portable of the two.
-
A coworker of mine has this as the screen to his Pi which he uses as a portable radio to play internet stations (since the building we're in is shielded such that FM radio can't get in). Very nice image on there. The touch screen is kinda crap due to the small size.
-
Someone on twitter referenced this very nice beginners' guide to creating shellcode:
-
-
Let me start by pointing out this description of rtl_fm and its options. Maybe you should clarify what part of your gqrx config you're unable to transfer onto rtl_fm and what, if any, errors you get when you try the options you expect you need to set (and what you've set them to).
While I personally have very little interest in software defined radios, I'm quite well-versed by now with the concept of recording audio and video, including live streaming. I would recommend you stop using sox and instead switch to ffmpeg. In spite of its name, it's also extremely well-suited for bare audio and supports streaming to an icecast server which would solve that part of your problem with very little effort too. In the mean time it of course is also quite happy to just save to a file. Another reason to switch would be that ffmpeg is, to put it mildly, being more actively developed and it specifically targets ARM for numerous parts of it process. While nowadays encoding audio is rarely a taxing task for any machine, having CPU cycles to spare tends to be a good thing.
-
In all honesty, I believe this is a Lenovo problem rather than a Microsoft problem. Lenovo has something driver-like trap the keypress and kick in the browser. I'm guessing that it launches multiple instances of chrome as opposed to refreshing one that's already open which over time starves the machine of its resources.
-
Check your zip code. Here in .NL the zip code is 4 numbers and 2 letters and they had this stupid issue where when you either did or didn't put a space between those 2 components (here it's perfectly legal to do either) the form wouldn't recognize the zip code and error out like that.
-
Does AV honour this request?
-
The thing is that I could suggest something, but if it's not something you're keen on doing you'll just grow bored and will likely never see your thing reach its full potential.
So find something that captures your imagination. I started coding by making a program to keep track of my beer label collection (parents wanted me to get a hobby. It... didn't work out as they planned). Flat file, search, entry and update, that's it. I wrote it in MS Basic. FUCKING BASIC! I then built upon that as I decided upon features that would make it easier for me to do what I wanted to do or learned about ways to make the thing perform better. Eventually I rewrote the sucker in Turbo Pascal and straight C later still. Sure, all of it was rubbish by my current standards. DOESN'T MATTER! It's your own program. It doesn't have to be perfect to the eyes of the world. And humans learn from doing shit wrong and either realizing or being told it's wrong. Some sad humans get really upset because they don't like the way they're being told what they did is wrong, but as long as the comment you receive contains something that is indeed wrong or something to improve upon (from the commenter's viewpoint at least) you'll gain an insight in how others are using your program, at which point you can either say "good call, let me add that" or "if you give me a patch that enables this I'll apply it" or "that's not how I envision my program, make your own if you feel you really need this". One of the biggest lessons I learned was when I wrote a networking server program in C and got put in charge of keeping the sucker running 24/7. You learn the value of proper logging, inspectability and the pitfalls of memory leaks REAL fast.
After you make a little proggy to scratch your own itch, learned a bit and grow tired of improving it, look for programs you use on a regular basis and see if they could use some feature that currently isn't in there. Ask how the people currently involved in the development of that program feel about the feature. Be clear that if they feel it's a worthwhile addition, you'll try to build it. Most sensible developers will give you a global overview of where they expect you need to be in the code tree to make your feature. You don't have to do it like that, but it helps if you want them to accept your patch once you've made it and with a bit of luck they'll have pointed you to the way in which you achieve success with the least amount of effort while still creating something proper. Don't go jumping into huge, complex programs like OpenSSH or Firefox or Wine because you'll need a while to come to grips with that codebase and their potentially unique coding style and techniques - leave that for later, when you feel more confident in your own abilities.
-
The benchmarking programs you're using suck at showing actual RAID performance.
Both hdparm and dd do sequential io. Admittedly, this is the expected load on a media center machine so in that respect it's fair. You should use dd for a reading test aswell to get more of an apples vs apples comparison.
But let's do the math here. You have 3 drives. When you read a file from the array, let's say it's 6 blocks total, the controller (which in case of software raid is the module) will likely find on HD1 blocks 1, P3+4,6 on HD2 blocks 2,3,P5+6 and on HD3 blocks P1+2,4,5. If the controller is clever enough (=likely) it will read 1 and 6 from HD1, 2 and 3 from HD2 and 4 and 5 from HD3 and put everything in the right order. If reading any of those blocks fails, it'll read the P(arity) block for that block, subtract the block it did get and end up with the one that was missing, but in general this isn't likely to happen often.
When you think about RAID you say "3 drives in an array, so should be 3x performance". Well, not quite (as you've noticed). Because of this staggering (read 2 blocks, skip the parity block, read 2 blocks, skip parity block... repeat) and the fact that the blocks need to arrive in order (so it might delay reading block 6 until 3 and 4 have been read otherwise the drive needs to jump back to read that parity block) the best you're likely to expect is a little under the max of [raid_drives-1] stand-alone drives combined.
Another issue which impacts performance and which is solved by the very expensive devices is that they synchronize the disks meaning that they rotate at the exact same speed and have a 'row' (my word) of blocks, so in this example that would be blocks 1, 2 and P1+2, move under the reading arm at the exact same time. So for each rotation of the disks the controller would read or write (in your case) 3 blocks at the exact same time. This gets you closer to the maximum performance of the disk.
But the bottom-line is that if you want to see the great performance that RAID is capable of, you want LOTS of disks and you want LOTS of concurrent reads with not a lot of writes. RAID wasn't developed to increase performance but to increase reliability. And as long as it delivers what you need, just be happy with that. :)
Where to learn web application security?
in Security
Posted
I record the OWASP presentations that are given periodically in .NL and I go to their monthly meetings. If I want to know about something I ask one of the people present there about it which thankfully saves me from having to dive into that too much.
And in all honesty, half their stuff IS a research paper. The other half is someone scratching a personal itch. Since there's often little interaction between projects and/or next to zero effort is spent to bring stuff together to make a coherent whole. A lot of stuff tries to be language-agnostic, which makes it hard to apply something to your project because it may use a word to describe something for which, in your language, a word exists but because it only exists in your language they won't use it because they want to reference the abstract technology underpinning it rather than the implementation, which is identified by that word.
Yes, it's painful and yes, it would help if they did it differently. The upshot is that it's a wiki and some open source projects. If you want to change things you're welcome to put in the effort for that.