Re: To whoever hacked into my Database
On 11/11/13 09:36, Νίκος Αλεξόπουλος wrote: Tell the mighty female hacker to polish her nails, do her hair and fix a good meal. Nikos, I'm afraid I'm not very impressed by this misogynist nonsense you keep coming out with about how your supposed female hacker ought to be doing stereotypically female things instead. Please can you stop making these comments? I don't think it's very pleasant or inclusive for the Python community (as a whole, not just women) to see comments like these being made and not being called out. Thanks, Rob -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
Στις 13/11/2013 11:46 μμ, ο/η Ferrous Cranus έγραψε: root@secure:~/lib64# ls -al | grep libkey lrwxrwxrwx 1 root root 20 Jun 22 2012 libkeyutils.so.1 - libkeyutils.so.1.3.0* -rwxr-xr-x 1 root root 10192 Jun 22 2012 libkeyutils.so.1.3* -rwxr-xr-x 1 root root 32920 Jun 22 2012 libkeyutils.so.1.3.0* root@secure:~/lib64# rpm -qf libkeyutils.so.1.3.0 file /lib64/libkeyutils.so.1.3.0 is not owned by any package It appears that my server has been compromised with a malicious payload designed to sniff for and steal server passwords. This must have happened when i was handling my root passwords out in the open. Served me well. Can somebody explain to me why there is so many failed attempts to login into my linux server under various user accounts? http://i.imgur.com/5PaZAWu.png I mean is this some normal background radiation of the Internet or is something directed to me? Does this happen on your servers at this extend too? -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On Thu, 14 Nov 2013 12:46:29 +0200, Ferrous Cranus wrote: This must have happened when i was handling my root passwords out in the open. Served me well. At least you seem to be learning this lesson Can somebody explain to me why there is so many failed attempts to login into my linux server under various user accounts? http://i.imgur.com/5PaZAWu.png I mean is this some normal background radiation of the Internet or is something directed to me? Does this happen on your servers at this extend too? any open ports on the internet are likely to attract attention of the 'Black Hats' this is why you have been advised to check your firewall settings you should only expose the ports that are absolutely necessary for a web server these would be 80 443 currently you have many other services also open that probably should not be. if you check the logs for those services you will probably find even more login attempts (I hope they have failed) -- Paranoid schizophrenics outnumber their enemies at least two to one. -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
Στις 14/11/2013 2:32 μμ, ο/η Alister έγραψε: On Thu, 14 Nov 2013 12:46:29 +0200, Ferrous Cranus wrote: This must have happened when i was handling my root passwords out in the open. Served me well. At least you seem to be learning this lesson Can somebody explain to me why there is so many failed attempts to login into my linux server under various user accounts? http://i.imgur.com/5PaZAWu.png I mean is this some normal background radiation of the Internet or is something directed to me? Does this happen on your servers at this extend too? any open ports on the internet are likely to attract attention of the 'Black Hats' this is why you have been advised to check your firewall settings you should only expose the ports that are absolutely necessary for a web server these would be 80 443 currently you have many other services also open that probably should not be. if you check the logs for those services you will probably find even more login attempts (I hope they have failed) Yes i have more ports open as 'nmap' reports but don't forget that i'm running cPanel for my customers, hence more ports need to be opened for cPanel and WHM use, let alone mail and sshd. But the response wasn't clear to me. Ia this randomly normal background Internet radiation or some personal directed attacks? -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On 2013-11-14 13:24, Ferrous Cranus wrote: But the response wasn't clear to me. Ia this randomly normal background Internet radiation or some personal directed attacks? We don't know. This is not the appropriate forum for such questions. Please find a different forum for your server administration questions. Try this one: http://serverfault.com/ -- Robert Kern I have come to believe that the whole world is an enigma, a harmless enigma that is made terrible by our own mad attempt to interpret it as though it had an underlying truth. -- Umberto Eco -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On Fri, Nov 15, 2013 at 12:24 AM, Ferrous Cranus nikos.gr...@gmail.com wrote: But the response wasn't clear to me. Ia this randomly normal background Internet radiation or some personal directed attacks? This is not a Python question. You have to judge for yourself whether the antagonism you've created here and elsewhere has merited a directed attack, or if it's likely to be just drive-by attacks. Computer security is a field on which we could discourse for hours... but not on this list unless it's particularly Python-related. ChrisA -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On Thu, 14 Nov 2013 15:24:32 +0200, Ferrous Cranus wrote: Στις 14/11/2013 2:32 μμ, ο/η Alister έγραψε: On Thu, 14 Nov 2013 12:46:29 +0200, Ferrous Cranus wrote: This must have happened when i was handling my root passwords out in the open. Served me well. At least you seem to be learning this lesson Can somebody explain to me why there is so many failed attempts to login into my linux server under various user accounts? http://i.imgur.com/5PaZAWu.png I mean is this some normal background radiation of the Internet or is something directed to me? Does this happen on your servers at this extend too? any open ports on the internet are likely to attract attention of the 'Black Hats' this is why you have been advised to check your firewall settings you should only expose the ports that are absolutely necessary for a web server these would be 80 443 currently you have many other services also open that probably should not be. if you check the logs for those services you will probably find even more login attempts (I hope they have failed) Yes i have more ports open as 'nmap' reports but don't forget that i'm running cPanel for my customers, hence more ports need to be opened for cPanel and WHM use, let alone mail and sshd. But the response wasn't clear to me. Ia this randomly normal background Internet radiation or some personal directed attacks? As others have said this is no longer python related i am not going to answer any further. -- The brain is a wonderful organ; it starts working the moment you get up in the morning, and does not stop until you get to work. -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
Op 13-11-13 01:41, Steven D'Aprano schreef: On Tue, 12 Nov 2013 17:27:08 +0100, Antoon Pardon wrote: Somebody has to accept the responsibility to walk away and break the positive feedback loop, or it will never end. And I can't see Nikos being the one to do that. Not my problem. It might not be a problem for you, since you are obviously getting far more pleasure out of arguing with others then you do about discussing Python. But you are a problem for the rest of us. So? Spoon feeders and others who seem unwilling or unable to ignore Nikos's cravings for attention are a problem for me and others who get frustrated by it. I don't see much people care about that. So why should I care about other people's problem? I always get requests to care about the problem of others but I don't see much consideration for the problems I and those like me experience. Why do you come to me? I didn't contribute to this thread for about two days. And now you are keeping it alive, just because they started it. So? if it was all right for others to blow life into this thread, then why is it wrong if I would keep it alive? And for your information, IMO I'm not keeping it alive for now. At this moment all those who are eager to argue me into behaving as they would prefer seem more responsible for keeping it alive than me. Antoon, I don't remember the last time I've seen you contribute anything productive to a Python thread. I'm not responsible for your memory Steven. Chris and Mark have a regrettable tendency to tease or bait Nikos, or at least run off on tangents mocking him, but they at least are also productive members of the community who contribute to discussing Python and helping solve Python problems. You don't, not as far as I can see. Since you are now in my opinion almost as big a problem here as Nikos, I'm adding you back to my kill-file. That is your perogative. -- Antoon Pardon -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
Op 12-11-13 22:26, Ian Kelly schreef: On Tue, Nov 12, 2013 at 9:27 AM, Antoon Pardon antoon.par...@rece.vub.ac.be wrote: Op 12-11-13 14:02, Ian Kelly schreef: On Tue, Nov 12, 2013 at 2:09 AM, Antoon Pardon antoon.par...@rece.vub.ac.be wrote: So you are complaining about people being human. Yes that is how people tend to react when they continualy are frustrated by someone who refuses to show the slightest cooperation. So no rejecting such responses, particullarly by the person who caused them is not right. It is defelecting the blame from the primal cause. As you say you're a human, not a sheep, so stop pointing at the behavior of others to justify your own. No, because often enough what is justifiable and what is not depends on the context and what happened before. Morals are generally not absolute so that a particular action would be either right or wrong no matter what the circumstances. I never claimed that they are. What you said suggested it strongly enough to treat it as such. That doesn't mean that when somebody misbehaves, you can do whatever you want in retaliation without regard for others who might be involved. But I didn't do whatever. What I did was similar in what others had been doing before. And while those others were doing it they received very little reaction. So why the reaction now? But he started it wasn't an excuse in kindergarten, and it still isn't one now. Then that kindergarten teacher was lousy at her job and would probably let the bullies maninupulate her in punishing their victems. That is what you get if you unconditionally tell people that he started it can't be an excuse. Yes, when one kid is yelling at another kid because the second kid pulled the first kid's hair, the teacher should just ignore the yelling because, after all, he started it. I'm sure that won't cause any disruption in the classroom at all, and having one kid yelling probably isn't going to set any of the others off, is it? Thank you for making my point. You are concentrating completely on the yelling and ignoring that somebody pulled the yellers hair. So you have no problem with the teacher telling the yeller to stop it, while ignoring that the hair puller is largely ignored in this. As for letting the bullies (which I'll take as a metaphor for trolls, since I've not once seen Nikos act like a bully) get away with things, none of these threads have been about pursuing any sort of justice, so don't try to frame the discussion as if they are. No I'm just pointing out, that he started it, can at times be important enough to at least create some understanding for why someone behaved in the way he did. Not my problem. Why do you come to me? I didn't contribute to this thread for about two days. That is two days of various contributors that didn't accept their responsibility and whom you left alone. If it wasn't a problem then that the positive feedback loop was maintained, then why is it a problem now? I'll start taking you seriously when I see you tackling the specific behaviour in a consistent manner instead of you tackling specific contributors. My apologies then for implying that you have been actively feeding the troll; I have not been paying attention to who is or isn't doing that. I replied to you because you've been very vocal on the topic, and because you wrote things that I wanted to respond to, not to single you out as the problem. I'm not going to individually address every single person who I think is contributing to the problem, because that's not my job and I don't have time for it. If you think that's not being fair, then that's tough, but this mailing list is not a kindergarten. We're all adults here, and I expect that others who are feeding the troll will have the maturity and self-awareness to recognize that what I wrote applies to them without me having to repeat myself a dozen times. Well you can expect all you want. It is not going to happen. Your expectations are completely unrealistic and the way you react will be perceived by a number of people as just an attempt to getting those that are frustrated silenced without much care about what caused those frustrations. If you leave a thread alone for four days while various contributors maintain a positive feedback loop then you are implicitly saying that such behaviour is not a big problem. So don't come complaining now. I've spoken up on this issue before. I'm not going to repetitively respond to every single post or even every single thread that I think is problematic. If I did that, then I would be part of the problem. As I said above, I chose to speak up now because you wrote things that I specifically wanted to respond to. For the most part however I prefer silence in the knowledge that making noise just invites more noise. For that reason you can expect that I will drop out of this thread again shortly, likely after this post. If you
Re: To whoever hacked into my Database
Στις 13/11/2013 1:38 πμ, ο/η Mark Lawrence έγραψε: On 12/11/2013 23:27, Ian Kelly wrote: On Tue, Nov 12, 2013 at 2:59 PM, Ethan Furman et...@stoneleaf.us wrote: Every time he uses foul language against somebody he's acting like a bully. Every time he reposts questions and ignores answers he's acting like a bully. Every time he declares that what he wants is the most important and so he is going to ignore our culture and the topic of this forum/ml/ng he is acting like a bully. If you haven't seen those posts, I have. Now you know. Per Wikipedia: Bullying is the use of force, threat, or coercion to abuse, intimidate, or aggressively to impose domination over others. ... One essential prerequisite is the perception, by the bully or by others, of an imbalance of social or physical power. None of the behaviors that you cite are examples of bullying. What would you classify insulting my late mother as? I apologize for that and of course by that time i didn't knew this info about your mother. But please recall how many times and in what degree you insulted me (let alone others insulting me simultaneously) prior of me loosing my temper and spoke the way i did. When the pressure is too high and i'm having difficulties on solving something and all i get back are collective insults instead of actual help i let some steam off. But my insults should have been explicitly directed at you, not at your mother. -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
Op 13-11-13 12:14, Ferrous Cranus schreef: Στις 13/11/2013 1:38 πμ, ο/η Mark Lawrence έγραψε: On 12/11/2013 23:27, Ian Kelly wrote: What would you classify insulting my late mother as? I apologize for that and of course by that time i didn't knew this info about your mother. But please recall how many times and in what degree you insulted me (let alone others insulting me simultaneously) prior of me loosing my temper and spoke the way i did. When the pressure is too high and i'm having difficulties on solving something and all i get back are collective insults instead of actual help i let some steam off. You are again trying to spin this as if you are just the victim of bullies. But the fact is that you did get actual help. What you didn't get was a solution completely to your satisfaction. You also displayed no interest in actual learning but expected others to do your work. This is a pattern that is repeated numerous times and people are getting utterly fed up with it. So when you come around for yet another round of the same, frustration levels rise and people let off some steam. -- Antoon Pardon -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On Tue, Nov 12, 2013 at 6:19 PM, Ethan Furman et...@stoneleaf.us wrote: On 11/12/2013 03:27 PM, Ian Kelly wrote: On Tue, Nov 12, 2013 at 2:59 PM, Ethan Furman et...@stoneleaf.us wrote: Every time he uses foul language against somebody he's acting like a bully. Every time he reposts questions and ignores answers he's acting like a bully. Every time he declares that what he wants is the most important and so he is going to ignore our culture and the topic of this forum/ml/ng he is acting like a bully. If you haven't seen those posts, I have. Now you know. Per Wikipedia: Bullying is the use of force, threat, or coercion to abuse, intimidate, or aggressively to impose domination over others. ... One essential prerequisite is the perception, by the bully or by others, of an imbalance of social or physical power. So even though he is being verbally abusive, the fact that he's not standing over me with a stick makes him not a bully? We'll have to agree to disagree on this point. No, that's not my point. Who has more power in this social forum, you or Nikos? I don't condone Nikos' behavior in any way, but if anybody is acting like a bully here, it is the people attempting to intimidate and coerce him into leaving. -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On Wed, Nov 13, 2013 at 2:08 AM, Antoon Pardon antoon.par...@rece.vub.ac.be wrote: That doesn't mean that when somebody misbehaves, you can do whatever you want in retaliation without regard for others who might be involved. But I didn't do whatever. What I did was similar in what others had been doing before. And while those others were doing it they received very little reaction. So why the reaction now? I've already answered that, so as far as I can see you're only asking to be argumentative. But he started it wasn't an excuse in kindergarten, and it still isn't one now. Then that kindergarten teacher was lousy at her job and would probably let the bullies maninupulate her in punishing their victems. That is what you get if you unconditionally tell people that he started it can't be an excuse. Yes, when one kid is yelling at another kid because the second kid pulled the first kid's hair, the teacher should just ignore the yelling because, after all, he started it. I'm sure that won't cause any disruption in the classroom at all, and having one kid yelling probably isn't going to set any of the others off, is it? Thank you for making my point. You are concentrating completely on the yelling and ignoring that somebody pulled the yellers hair. So you have no problem with the teacher telling the yeller to stop it, while ignoring that the hair puller is largely ignored in this. No, they both get detention. But I'm not going to bother addressing the hair puller about it in this case, because he is incorrigible. It would serve no purpose and only fan the flames. Well you can expect all you want. It is not going to happen. Your expectations are completely unrealistic and the way you react will be perceived by a number of people as just an attempt to getting those that are frustrated silenced without much care about what caused those frustrations. There is absolutely nothing that I can do about what caused those frustrations, so what practical difference does it make whether I care or not? It looks like in your world you have a very limited idea of how adults behave. Expecting the others to behave like adults has often enough been the strategy of the priveledged to ignore justified frustration. Nobody is being disenfranchised here. If you want to make this about privilege, then I will just say that I think it is the height of privilege to be fussing over the fact that there are people who annoy you on the internet, and moreover doing so to the detriment of the community. It is a win either way. If the frustration is uttered in an adult, mature way it doesn't cause much discomfort and is easily ignored. So when those who are frustrated see that being adult and mature doesn't get them much and start reacting a bit less adultly and maturely the frustration can now be dismissed as not being done in an adult and mature way. That is your goal here too. You are not interested in the frustrations of a number of people. You just want to be able to ignore there are frustrated people on the news group. It's not about me at all. If it were, I would be more likely to just unsubscribe than to raise a fuss about it. It's also not about you, and it's not even about Nikos. What it is about is that this crap about Nikos is often the first thing that newcomers will see when they join this group. You seem very concerned in your posts about what kind of message I'm sending by what I choose to respond to. Well, think about what kind of message it sends to a new user when their introduction to the group -- which is supposedly about Python -- is a lot of flaming directed at some poster whom they know nothing about. You keep trying to cast certain people who are frustrated by Nikos as victims in all this, but they're not. I think that all who have posted in this thread, and many who haven't, are probably all frustrated in one way or another by all this -- I know that I certainly am. The victims are the community as a whole, and anybody who decides not to join because they see this fracas and decide to seek out a more inviting forum. Here's my plea to everybody, in a nutshell. Remember that the name of this group is comp.lang.python. It's *not* alt.misc.flame.trolls.nikos.sucks. The topic here is Python, and if you want to talk about that, then welcome and please do. If on the other hand you just want to vent your frustration, then find somewhere else to do it. Please. I said I would be bowing out soon, and now I will. This argument is tiresome and seems only to be counter-productive. If these threads are still going on in another six months then I will probably speak up again, and we can rejoin this circus then. -- https://mail.python.org/mailman/listinfo/python-list
Re: Bullying [was Re: To whoever hacked into my Database]
On Tue, Nov 12, 2013 at 8:40 PM, Steven D'Aprano st...@pearwood.info wrote: Is bullying the new terrorism, which in turn is the new socialism? That is, a meaningless term of opprobrium used on anything you don't like? That's what it sounds like to me. Nikos has practically no power in this community. He's one person, friendless in this community, with no social standing. His position is way down the bottom of what little pecking order a bunch of geeks has. Nobody looks up at him for guidance or for hints as to what sort of behaviour is acceptable. He has no Python know-how to withhold from those he doesn't approve of (or inclination to help others). He can't even force anyone to read his comments. I say this not to make him out to be the victim here, he is at least equally responsible for the position he is in, but to highlight the absurdity of claiming he is bullying anywhere here. Just because (generic) you are annoyed by Nikos, or even if your feelings are hurt because he called you a bad name or insulted your dead mother, doesn't mean you are the victim of bullying. Claiming the badge of victimhood for mild annoyances and hurt feelings is one of the least admirable parts of the politically-correct crowd, please don't emulate them. Well put. If I had seen your response earlier, I would not have written my own, because yours was much better written and more to the point.. -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
Op 13-11-13 15:10, Ian Kelly schreef: Well you can expect all you want. It is not going to happen. Your expectations are completely unrealistic and the way you react will be perceived by a number of people as just an attempt to getting those that are frustrated silenced without much care about what caused those frustrations. There is absolutely nothing that I can do about what caused those frustrations, so what practical difference does it make whether I care or not? If you want to persuade people to change their behaviour, it matters very much if you can show them you care. It looks like in your world you have a very limited idea of how adults behave. Expecting the others to behave like adults has often enough been the strategy of the priveledged to ignore justified frustration. Nobody is being disenfranchised here. If you want to make this about privilege, then I will just say that I think it is the height of privilege to be fussing over the fact that there are people who annoy you on the internet, and moreover doing so to the detriment of the community. Is it? Then why are you fussing here? Why don't you address the spoon feeders who frustrate other group members to the detriment of the community. It is a win either way. If the frustration is uttered in an adult, mature way it doesn't cause much discomfort and is easily ignored. So when those who are frustrated see that being adult and mature doesn't get them much and start reacting a bit less adultly and maturely the frustration can now be dismissed as not being done in an adult and mature way. That is your goal here too. You are not interested in the frustrations of a number of people. You just want to be able to ignore there are frustrated people on the news group. It's not about me at all. If it were, I would be more likely to just unsubscribe than to raise a fuss about it. It's also not about you, and it's not even about Nikos. What it is about is that this crap about Nikos is often the first thing that newcomers will see when they join this group. So? If this wasn't about you, this just wouldn't make a difference to you. You seem very concerned in your posts about what kind of message I'm sending by what I choose to respond to. Just making sure you were aware of that aspect as the rest of your contribution strongly suggested you were not. Well, think about what kind of message it sends to a new user when their introduction to the group -- which is supposedly about Python -- is a lot of flaming directed at some poster whom they know nothing about. Well one message obviously is that it is possible to annoy the regulars to the point that they start flaming you. I don't think that is bad. You keep trying to cast certain people who are frustrated by Nikos as victims in all this, but they're not. I think that all who have posted in this thread, and many who haven't, are probably all frustrated in one way or another by all this -- I know that I certainly am. The victims are the community as a whole, The community as a whole suffers when its members get frustrated and one part of the community telling the other part to just deal with it is no way to turn the community into something welcoming again and is IMO more detrimental to the community than a number of people venting their frustration. You expect those that get frustrated to tolerate Nikos and to tolerate the spoon feeding, but you are unable to tolerate the venting of frustrations. and anybody who decides not to join because they see this fracas and decide to seek out a more inviting forum. Why would they be a victim? What is there to be victim about seeking out a more inviting forum? I also think you are confusing a welcome community with a community without conflict. Here's my plea to everybody, in a nutshell. Remember that the name of this group is comp.lang.python. It's *not* alt.misc.flame.trolls.nikos.sucks. It is also not alt.misc.keep.spoon.feeding.nikos. The topic here is Python, and if you want to talk about that, then welcome and please do. If on the other hand you just want to vent your frustration, then find somewhere else to do it. Please. But if you want to spoon feed a help vampire to the detriment of the group you can go right ahead? -- Antoon Pardon -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
hi all, I've been thinking about learning Python for scientific programming.. but all of these flame war type posts make the user community look pretty lame. How did all of these nice packages get written when most of the user interaction is this?? Can anyone tell me, is there another newsgroup where the discussion is more on python programming? thanks -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On Wednesday, November 13, 2013 1:27:39 PM UTC-5, superchromix wrote: hi all, I've been thinking about learning Python for scientific programming.. but all of these flame war type posts make the user community look pretty lame. How did all of these nice packages get written when most of the user interaction is this?? Can anyone tell me, is there another newsgroup where the discussion is more on python programming? thanks I apologize for all of the flame wars. All online communities have to deal with negative forces in their midst, and we are no exception. It doesn't always go smoothly. Please start a new thread with your question about scientific programming. I promise it won't go badly. --Ned. -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On Wednesday 13/11/2013 at 12:31 pm, superchromix wrote: hi all, I've been thinking about learning Python for scientific programming.. but all of these flame war type posts make the user community look pretty lame. How did all of these nice packages get written when most of the user interaction is this?? Can anyone tell me, is there another newsgroup where the discussion is more on python programming? most of the user interaction is this?? LOL hope your problem and code analysis is better than your social analysis -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On 13/11/2013 19:27, superchromix wrote: hi all, I've been thinking about learning Python for scientific programming.. but all of these flame war type posts make the user community look pretty lame. How did all of these nice packages get written when most of the user interaction is this?? Can anyone tell me, is there another newsgroup where the discussion is more on python programming? thanks Sadly, I'm inclined to agree with you but this is a relatively recent development. I joined this group about a year ago and, while it wasn't all 'sweetness and light', it was a lot better than '. . . . this' - in fact I'd say it was pretty good, I certainly got treated well and got quality answers to my (few) questions. Right now, we have a 'help vampire' who has demanded an inordinate amount of time from the list members - and not in a polite or well structured way. The members of this list have responded in various ways, ranging from continuing to help through to kill-file on the offending person. The discourse around how to deal with this issue has degenerated into some unfortunate and vitriolic debate. As far as I can see, it remains possible to post sensible, well constructed questions and get sensible well-considered answers - just let the intense arguments pass you by and focus on your own issues and their resolutions and you'll be fine on this list. There are plenty of very capable Pythonistas ready to help. Some basic advice (not wanting to teach you to suck eggs): - Include relevant info on your environment (OS; version of Python; any specialist libraries in use; etc) - Come to the list with a clear description of what you are trying to do - Preferably include a code sample that displays the problem - Include the trace-back if you are getting one - Try to avoid using Google Groups as your 'reader' Welcome! Ignore the BS and Enjoy :-) Steve S -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On Wed, Nov 13, 2013 at 12:27 PM, superchromix mark...@gmail.com wrote: hi all, I've been thinking about learning Python for scientific programming.. but all of these flame war type posts make the user community look pretty lame. How did all of these nice packages get written when most of the user interaction is this?? Can anyone tell me, is there another newsgroup where the discussion is more on python programming? Please don't judge the whole community by this thread, I promise we're not all bad! The majority of the traffic on this list is of a useful sort, and you can learn fairly quickly the addresses that are best ignored, blocked, or otherwise passed over. For myself using Gmail, I have a filter set up to mark particular threads that I don't want to be notified about and mute them after the first few mails come in. I didn't see your message initially because it was part of a muted thread, I only saw it at all because the thread spilled over the 100 message mark into a new thread in Gmail with one of the replies to your message. Also, if you have a specific question about how to do something in Python you can try the tutor list (tu...@python.org) which is much more focused, much lower traffic, and has several very knowledgeable Pythonistas listening in. Give us a chance, and I don't think we'll let you down :) -- Zach -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On Nov 13, 2013 6:31 PM, superchromix mark...@gmail.com wrote: I've been thinking about learning Python for scientific programming.. but all of these flame war type posts make the user community look pretty lame. How did all of these nice packages get written when most of the user interaction is this?? This isn't usually what happens on this list. Most people on this list (myself included) are ignoring or at least not contributing to these particular threads. Can anyone tell me, is there another newsgroup where the discussion is more on python programming? For a beginner I would certainly recommend the python-tutor list. I've never seen a flame war there. Threads tend to stay on-topic and are usually helpful to the OP. The tutor list is for generic python problems but you can usually get help for simple scientific programming problems. https://mail.python.org/mailman/listinfo/tutor Oscar -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On Nov 13, 2013, at 1:27 PM, superchromix mark...@gmail.com wrote: hi all, I've been thinking about learning Python for scientific programming.. but all of these flame war type posts make the user community look pretty lame. How did all of these nice packages get written when most of the user interaction is this?? Can anyone tell me, is there another newsgroup where the discussion is more on python programming? thanks -- https://mail.python.org/mailman/listinfo/python-list I'd like to add one final thought to the note about joining the python-tutor list. For scientific programming you are almost certainly going to want to learn about scipy, numpy and matplotlib. These specialized libraries have dedicated discussion groups, which can be found at: numpy-discuss...@scipy.org, and matplotlib-us...@lists.sourceforge.net I'd recommend looking over the material at http://www.scipy.org Welcome to the community. -Bill -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
root@secure:~/lib64# ls -al | grep libkey lrwxrwxrwx 1 root root 20 Jun 22 2012 libkeyutils.so.1 - libkeyutils.so.1.3.0* -rwxr-xr-x 1 root root 10192 Jun 22 2012 libkeyutils.so.1.3* -rwxr-xr-x 1 root root 32920 Jun 22 2012 libkeyutils.so.1.3.0* root@secure:~/lib64# rpm -qf libkeyutils.so.1.3.0 file /lib64/libkeyutils.so.1.3.0 is not owned by any package It appears that my server has been compromised with a malicious payload designed to sniff for and steal server passwords. This must have happened when i was handling my root passwords out in the open. Served me well. -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On Wednesday, November 13, 2013 4:46:59 PM UTC-5, Ferrous Cranus wrote: root@secure:~/lib64# ls -al | grep libkey lrwxrwxrwx 1 root root 20 Jun 22 2012 libkeyutils.so.1 - libkeyutils.so.1.3.0* -rwxr-xr-x 1 root root 10192 Jun 22 2012 libkeyutils.so.1.3* -rwxr-xr-x 1 root root 32920 Jun 22 2012 libkeyutils.so.1.3.0* root@secure:~/lib64# rpm -qf libkeyutils.so.1.3.0 file /lib64/libkeyutils.so.1.3.0 is not owned by any package It appears that my server has been compromised with a malicious payload designed to sniff for and steal server passwords. This must have happened when i was handling my root passwords out in the open. Served me well. This has nothing to do with the topic of this mailing list. Please don't post it here. --Ned. -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
Op 12-11-13 07:31, ru...@yahoo.com schreef: On 11/11/2013 06:16 PM, Ned Batchelder wrote: On Monday, November 11, 2013 5:47:28 PM UTC-5, ru...@yahoo.com wrote: On 11/08/2013 11:08 AM, Chris Angelico wrote: On Sat, Nov 9, 2013 at 4:11 AM, ru...@yahoo.com wrote: On 11/08/2013 03:05 AM, Νίκος Αλεξόπουλος wrote: I never ignore advices. I read all answers as carefully as i can. But nevertheless sometimes i feel things should have been better implemented using my way. Not of course that i know better, but thats better suited for me in the level iam. Most of the advice I've seen posted here has, as far as I can tell, not intended to be useful but to serve as a way to telling you are incompetent are in other ways insulting or useless. I think you are quite right to ignore it (or tell the poster to get lost.) Actually no; most of the advice has been genuine. Actually yes; most of the advice has not been genuine. rurpy, I applaud your efforts to make this forum more civil. I do not like the general tone of the responses to Nikos these days. But you are being naive to present this as the big bad meanies against the innocent OP. I never claimed Nikos was innocent. I was complaining about responses, driven by frustration or hostility, that go beyond reasonable and become so dogmatic and absolutist that they themselves become wrong. Nikos (or anyone else) is right to reject such responses. So you are complaining about people being human. Yes that is how people tend to react when they continualy are frustrated by someone who refuses to show the slightest cooperation. So no rejecting such responses, particullarly by the person who caused them is not right. It is defelecting the blame from the primal cause. Nikos has received a good deal of genuine advice. He has also been genuinely difficult to help. Yes. If he is too difficult to help without getting angry because he won't do what you (generic) tell him then perhaps a more constructive response is to stop trying to help him rather than join the lynch mob that is making the atmosphere here far worse (IMO) than Nikos alone could. However, I have made that argument in the past and am not interested in rearguing it. That is correct but is expecting too much from people in general. Expecting from frustrated people to act rational and constructive is just a recipe for your own frustrations. And your own reaction illustrates the problem beautifully because you come with an irrational non-constructive proposal, that is very unlikely to motivate people in actually want to cooperate with you in getting this community to be more positive again. -- Antoon Pardon. -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On 12/11/2013 05:21, Gregory Ewing wrote: Ned Batchelder wrote: I don't know how best to make things better overall. I know that overlooking Nikos' faults won't do it. If everyone who reached the point where they don't think they can help any more would simply say so in a calm manner and then walk away, that would make things better overall. It wouldn't help *Nikos*, but it would prevent the discussion from degenerating into a flamefest. It takes two to spiral. In this case three, the OP, the spoon feeders who've tried so hard to help on so many occasions, but have consistently seen their help rejected, and the responders who finally get fed up. -- Python is the second best programming language in the world. But the best has yet to be invented. Christian Tismer Mark Lawrence -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On Fri, Nov 8, 2013 at 7:11 PM, ru...@yahoo.com wrote: Long before you showed up here, I noticed the tendency to not answer questions directly but to jerk people off by giving hints or telling them to do something other than they want to do. Often that is good because the original request was for something that the OP really didn't want to do. But sometimes the OP knows they want to do (but doesn't want or is unable to clearly explain why) and when they clearly state that, yes, they do want to do it their way, their question should be answered in good faith or, for those who just can't tell how to do something wrong, ignored. Instead the response is typically a lot of hostility directed at them for not taking advice. In other words, the advice here is not free advice, but come with the price that you are expected to except it gratefully whether it was what you asked for or not. I think you are quite right to reject advice that does not do what you want and ask again for advice that does. FWIW, I am quite sure there are other readers of this group who feel the same way, but most people aren't willing to subject themselves to the bullying that will be directed at anyone who publicly agrees with you. It is the same way in real life too as I'm sure you know. Just wanted to let you know that not everybody here is an asshole. It is just that assholes, by their nature, are the loudest. When I've been given advice on this list or others that does not directly answer my question, I've found that the advice comes from one of two types of posters: 1) Those who don't understand my question, possibly due to my own failure to properly articulate. -or- 2) Those who understand my predicament better than I do, and show my how to get the results that I need despite my own failure to understand what exactly I need. With Python specifically, the latter far outnumber the former. When somebody here is giving advice, I listen humbly. Likewise I advise any newcomer to do. -- Dotan Cohen http://gibberish.co.il http://what-is-what.com -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On Tue, Nov 12, 2013 at 8:34 PM, Mark Lawrence breamore...@yahoo.co.uk wrote: On 12/11/2013 05:21, Gregory Ewing wrote: Ned Batchelder wrote: I don't know how best to make things better overall. I know that overlooking Nikos' faults won't do it. If everyone who reached the point where they don't think they can help any more would simply say so in a calm manner and then walk away, that would make things better overall. It wouldn't help *Nikos*, but it would prevent the discussion from degenerating into a flamefest. It takes two to spiral. In this case three, the OP, the spoon feeders who've tried so hard to help on so many occasions, but have consistently seen their help rejected, and the responders who finally get fed up. And then it all goes meta. This thread hasn't had anything productive for quite some time now... nor even anything funny. ChrisA -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
Op 12-11-13 10:35, Chris Angelico schreef: On Tue, Nov 12, 2013 at 8:34 PM, Mark Lawrence breamore...@yahoo.co.uk wrote: On 12/11/2013 05:21, Gregory Ewing wrote: Ned Batchelder wrote: I don't know how best to make things better overall. I know that overlooking Nikos' faults won't do it. If everyone who reached the point where they don't think they can help any more would simply say so in a calm manner and then walk away, that would make things better overall. It wouldn't help *Nikos*, but it would prevent the discussion from degenerating into a flamefest. It takes two to spiral. In this case three, the OP, the spoon feeders who've tried so hard to help on so many occasions, but have consistently seen their help rejected, and the responders who finally get fed up. And then it all goes meta. This thread hasn't had anything productive for quite some time now... nor even anything funny. Well if people disagree about what kind of response is appropiate, then I think discussing that, is productive. At least it is more productive than trying to be funny. -- Antoon Pardon -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On Tuesday, November 12, 2013 1:31:32 AM UTC-5, ru...@yahoo.com wrote: On 11/11/2013 06:16 PM, Ned Batchelder wrote: Nikos has received a good deal of genuine advice. He has also been genuinely difficult to help. Yes. If he is too difficult to help without getting angry because he won't do what you (generic) tell him then perhaps a more constructive response is to stop trying to help him rather than join the lynch mob that is making the atmosphere here far worse (IMO) than Nikos alone could. I absolutely agree with this. --Ned. -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On 2013-11-11 22:24, ru...@yahoo.com wrote: And your suggestion is not necessarily best either: why a 1:M relationship? why not a M:M relationship? There may be duplicate file downloads resulting in your suggestion being non-normalized. You think that, after rejecting the addition of *one* new table for 1:M relationships, he'd go for adding *two* new tables for an N:M relationship? But I think he is being perfectly reasonable in rejecting a separate table if he feels it does not meet *his* needs (even if he is wrong in your opinion.) However, the needs that he *describes* call for at least one more table, on pain of future problems, inter alia: - non-atomic updates - growth to an unknown number of files, exceeding the size of his one CHAR/VARCHAR field - difficulty querying which files were used (including the inability to easily summarize/group by file) - inability to maintain metadata for each file (a case for your N:M suggestion) Knowing these things and Nikos' historical inability to debug issues, it' worthwhile to get him to use a method that will result in less pain. Especially when you know from his description that his choices *WILL* cause him future pain. -tkc -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On Tue, Nov 12, 2013 at 2:09 AM, Antoon Pardon antoon.par...@rece.vub.ac.be wrote: So you are complaining about people being human. Yes that is how people tend to react when they continualy are frustrated by someone who refuses to show the slightest cooperation. So no rejecting such responses, particullarly by the person who caused them is not right. It is defelecting the blame from the primal cause. As you say you're a human, not a sheep, so stop pointing at the behavior of others to justify your own. But he started it wasn't an excuse in kindergarten, and it still isn't one now. Somebody has to accept the responsibility to walk away and break the positive feedback loop, or it will never end. And I can't see Nikos being the one to do that. That is correct but is expecting too much from people in general. Expecting from frustrated people to act rational and constructive is just a recipe for your own frustrations. In my experience, conduct follows from self esteem and self worth, and those things follow in turn from the respect and expectations of others. If I expect others to act like animals, then I disrespect them, and so why should they behave any differently toward me or in my presence? By expecting others to be rational and mature I show my respect for them, and so perhaps they will see fit to behave in a way to maintain that respect. -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
Στις 11/11/2013 11:36 πμ, ο/η Νίκος Αλεξόπουλος έγραψε:
Στις 6/11/2013 5:25 μμ, ο/η Νίκος Γκρ33κ έγραψε:
Okey let the hacker try again to mess with my database!!!
He is done it twice, lets see if he will make it again!
I'am waiting!
I can't believe your ignorance. You're actually telling a huge group of
developers from all over the globe that your site is impenetrable. Do
you know how ridiculous you sound? Have you stopped and thought that
maybe people have better things to do than try to hack your stupid circa
1990 website? My three year old could have modified your database. It
doesn't take a pro to take down your 'security'. Have you not read up on
anything these people have suggested? Cross Site Scripting? SQL
Injection? Digital Piracy? Private User Information? No.. you haven't.
That's why your code is starting to look like this:
if not '..' in page and not page == '/etc/passwd' and
os.path.isfile(page) and os.path.exists('/cgi-bin' + page) and cookieID
== 'some_secret' and host == 'superhost.gr' and
hacker_is_not_being_mean_today:
load_site()
load_private_user_phone_numbers_and_then_post_a_screenshot_for_everyone_to_see()
else:
play_pre_millenium_music_and_load_lots_of_gifs()
wait___go_back_and_load_pirated_music_and_gifs_from_1995_anyway(extra_sauce=True)
You can't sue me for posting the code to your site, there was no copyright.
I guess my whole point is, if someone really cared I'm sure they could
get into your site. They could get into a lot of sites that were created
by people way smarter than you. Ever heard of apache exploits? cpanel
exploits? for that matter..python exploits? Some of this is beyond your
control. Actually, all of this is beyond your personal control, you lack
the capability. What I meant to say is that you could not possibly fix
all of this even if you were a better python programmer. Be glad 'she'
wasn't mean.
==
Somebody this morning sent me an email as nikos.su...@gmail.com sayign
the above.
My code is not like you provided you ignorant.
# is it a python file or an html template?
if page and page in os.listdir( cgi_path ):
pyvalid = True
elif os.path.isfile( file ):
page = file.replace( path, '' )
htmlvalid = True
else:
file = 'forbidden'
if 'forbidden' in file:
print( '''h2font color=redΔεν επιτρέπεται η απευθείας πρόσβαση
στο script παρά μόνον μέσω της αρχικής σελίδας!Ανακατεύθυνση σε
5...''' )
print( '''meta http-equiv=REFRESH
content=5;URL=http://superhost.gr;''' )
sys.exit(0)
if cookieID != 'wont_say' and ( htmlvalid or pyvalid ) and re.search(
r'(amazon|google|proxy|cloud|reverse|fetch|msn|who|spider|crawl|ping)',
host ) is None:
# do database insertion here
Tell the mighty female hacker to polish her nails, do her hair and fix a
good meal.
She is incompetent just like yourself.
These all is just an excuse of not being able to mess with my script
again, because is she could she would.
Numerous attempts so far but no break through and database mess 2 days now.
Okey i think its safe to say that manipulation of databases through my
script's variables cannot happen again.
--
https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
Op 12-11-13 14:02, Ian Kelly schreef: On Tue, Nov 12, 2013 at 2:09 AM, Antoon Pardon antoon.par...@rece.vub.ac.be wrote: So you are complaining about people being human. Yes that is how people tend to react when they continualy are frustrated by someone who refuses to show the slightest cooperation. So no rejecting such responses, particullarly by the person who caused them is not right. It is defelecting the blame from the primal cause. As you say you're a human, not a sheep, so stop pointing at the behavior of others to justify your own. No, because often enough what is justifiable and what is not depends on the context and what happened before. Morals are generally not absolute so that a particular action would be either right or wrong no matter what the circumstances. But he started it wasn't an excuse in kindergarten, and it still isn't one now. Then that kindergarten teacher was lousy at her job and would probably let the bullies maninupulate her in punishing their victems. That is what you get if you unconditionally tell people that he started it can't be an excuse. Somebody has to accept the responsibility to walk away and break the positive feedback loop, or it will never end. And I can't see Nikos being the one to do that. Not my problem. Why do you come to me? I didn't contribute to this thread for about two days. That is two days of various contributors that didn't accept their responsibility and whom you left alone. If it wasn't a problem then that the positive feedback loop was maintained, then why is it a problem now? I'll start taking you seriously when I see you tackling the specific behaviour in a consistent manner instead of you tackling specific contributors. If you leave a thread alone for four days while various contributors maintain a positive feedback loop then you are implicitly saying that such behaviour is not a big problem. So don't come complaining now. That is correct but is expecting too much from people in general. Expecting from frustrated people to act rational and constructive is just a recipe for your own frustrations. In my experience, conduct follows from self esteem and self worth, and those things follow in turn from the respect and expectations of others. If I expect others to act like animals, then I disrespect them, and so why should they behave any differently toward me or in my presence? You are confusing realistic expectations with moralistic expeactations. In some circumstances it is realistic to expect people to behave like animals. You may see that as a sign of disrespect but that is because you assigned it a moral judgement. By expecting others to be rational and mature I show my respect for them, and so perhaps they will see fit to behave in a way to maintain that respect. No you are not showing respect that way. You are more likely unable to empathise with the frustrations those people experience and are feeling smug because you can handle it in such a rational and mature way. -- Antoon Pardon -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On Tue, Nov 12, 2013 at 9:27 AM, Antoon Pardon antoon.par...@rece.vub.ac.be wrote: Op 12-11-13 14:02, Ian Kelly schreef: On Tue, Nov 12, 2013 at 2:09 AM, Antoon Pardon antoon.par...@rece.vub.ac.be wrote: So you are complaining about people being human. Yes that is how people tend to react when they continualy are frustrated by someone who refuses to show the slightest cooperation. So no rejecting such responses, particullarly by the person who caused them is not right. It is defelecting the blame from the primal cause. As you say you're a human, not a sheep, so stop pointing at the behavior of others to justify your own. No, because often enough what is justifiable and what is not depends on the context and what happened before. Morals are generally not absolute so that a particular action would be either right or wrong no matter what the circumstances. I never claimed that they are. That doesn't mean that when somebody misbehaves, you can do whatever you want in retaliation without regard for others who might be involved. But he started it wasn't an excuse in kindergarten, and it still isn't one now. Then that kindergarten teacher was lousy at her job and would probably let the bullies maninupulate her in punishing their victems. That is what you get if you unconditionally tell people that he started it can't be an excuse. Yes, when one kid is yelling at another kid because the second kid pulled the first kid's hair, the teacher should just ignore the yelling because, after all, he started it. I'm sure that won't cause any disruption in the classroom at all, and having one kid yelling probably isn't going to set any of the others off, is it? As for letting the bullies (which I'll take as a metaphor for trolls, since I've not once seen Nikos act like a bully) get away with things, none of these threads have been about pursuing any sort of justice, so don't try to frame the discussion as if they are. Somebody has to accept the responsibility to walk away and break the positive feedback loop, or it will never end. And I can't see Nikos being the one to do that. Not my problem. Why do you come to me? I didn't contribute to this thread for about two days. That is two days of various contributors that didn't accept their responsibility and whom you left alone. If it wasn't a problem then that the positive feedback loop was maintained, then why is it a problem now? I'll start taking you seriously when I see you tackling the specific behaviour in a consistent manner instead of you tackling specific contributors. My apologies then for implying that you have been actively feeding the troll; I have not been paying attention to who is or isn't doing that. I replied to you because you've been very vocal on the topic, and because you wrote things that I wanted to respond to, not to single you out as the problem. I'm not going to individually address every single person who I think is contributing to the problem, because that's not my job and I don't have time for it. If you think that's not being fair, then that's tough, but this mailing list is not a kindergarten. We're all adults here, and I expect that others who are feeding the troll will have the maturity and self-awareness to recognize that what I wrote applies to them without me having to repeat myself a dozen times. If you leave a thread alone for four days while various contributors maintain a positive feedback loop then you are implicitly saying that such behaviour is not a big problem. So don't come complaining now. I've spoken up on this issue before. I'm not going to repetitively respond to every single post or even every single thread that I think is problematic. If I did that, then I would be part of the problem. As I said above, I chose to speak up now because you wrote things that I specifically wanted to respond to. For the most part however I prefer silence in the knowledge that making noise just invites more noise. For that reason you can expect that I will drop out of this thread again shortly, likely after this post. That is correct but is expecting too much from people in general. Expecting from frustrated people to act rational and constructive is just a recipe for your own frustrations. In my experience, conduct follows from self esteem and self worth, and those things follow in turn from the respect and expectations of others. If I expect others to act like animals, then I disrespect them, and so why should they behave any differently toward me or in my presence? You are confusing realistic expectations with moralistic expeactations. In some circumstances it is realistic to expect people to behave like animals. You may see that as a sign of disrespect but that is because you assigned it a moral judgement. By expecting others to be rational and mature I show my respect for them, and so perhaps they will see fit to behave in a way to maintain that respect. No you
Re: To whoever hacked into my Database
On 11/12/2013 01:26 PM, Ian Kelly wrote: As for letting the bullies (which I'll take as a metaphor for trolls, since I've not once seen Nikos act like a bully) Every time he uses foul language against somebody he's acting like a bully. Every time he reposts questions and ignores answers he's acting like a bully. Every time he declares that what he wants is the most important and so he is going to ignore our culture and the topic of this forum/ml/ng he is acting like a bully. If you haven't seen those posts, I have. Now you know. -- ~Ethan~ -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
Op 12-11-13 12:23, Ned Batchelder schreef: On Tuesday, November 12, 2013 1:31:32 AM UTC-5, ru...@yahoo.com wrote: On 11/11/2013 06:16 PM, Ned Batchelder wrote: Nikos has received a good deal of genuine advice. He has also been genuinely difficult to help. Yes. If he is too difficult to help without getting angry because he won't do what you (generic) tell him then perhaps a more constructive response is to stop trying to help him rather than join the lynch mob that is making the atmosphere here far worse (IMO) than Nikos alone could. I absolutely agree with this. This ignores the contribution of the spoon feeders. The frustration originates with seeing Nikos ignoring helpful advices and repeating the same question. So stop trying to help, doesn't deminish the frustration in a significant way as long as the spoon feeders continue to motivate Nikos in this kind of behaviour. As long as the spoon feeders are allowed to contribute to the frustration of other group members, you will have people who feel they are justified in venting their frustration in the news group. And only taking the venters to task while ignoring the spoon feeders will mostly result in not be taken serious and will produce rather bad will than good will to your goal. -- Antoon Pardon -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On 12/11/2013 17:22, Antoon Pardon wrote: Op 12-11-13 12:23, Ned Batchelder schreef: On Tuesday, November 12, 2013 1:31:32 AM UTC-5, ru...@yahoo.com wrote: On 11/11/2013 06:16 PM, Ned Batchelder wrote: Nikos has received a good deal of genuine advice. He has also been genuinely difficult to help. Yes. If he is too difficult to help without getting angry because he won't do what you (generic) tell him then perhaps a more constructive response is to stop trying to help him rather than join the lynch mob that is making the atmosphere here far worse (IMO) than Nikos alone could. I absolutely agree with this. This ignores the contribution of the spoon feeders. The frustration originates with seeing Nikos ignoring helpful advices and repeating the same question. So stop trying to help, doesn't deminish the frustration in a significant way as long as the spoon feeders continue to motivate Nikos in this kind of behaviour. As long as the spoon feeders are allowed to contribute to the frustration of other group members, you will have people who feel they are justified in venting their frustration in the news group. And only taking the venters to task while ignoring the spoon feeders will mostly result in not be taken serious and will produce rather bad will than good will to your goal. I'm 100% behind you with this. Sadly the message just doesn't seem to get across so I suggest that we talk to brick walls, at least we'll not expect a response of any kind. -- Python is the second best programming language in the world. But the best has yet to be invented. Christian Tismer Mark Lawrence -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On Tue, Nov 12, 2013 at 2:59 PM, Ethan Furman et...@stoneleaf.us wrote: Every time he uses foul language against somebody he's acting like a bully. Every time he reposts questions and ignores answers he's acting like a bully. Every time he declares that what he wants is the most important and so he is going to ignore our culture and the topic of this forum/ml/ng he is acting like a bully. If you haven't seen those posts, I have. Now you know. Per Wikipedia: Bullying is the use of force, threat, or coercion to abuse, intimidate, or aggressively to impose domination over others. ... One essential prerequisite is the perception, by the bully or by others, of an imbalance of social or physical power. None of the behaviors that you cite are examples of bullying. -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On 12/11/2013 23:27, Ian Kelly wrote: On Tue, Nov 12, 2013 at 2:59 PM, Ethan Furman et...@stoneleaf.us wrote: Every time he uses foul language against somebody he's acting like a bully. Every time he reposts questions and ignores answers he's acting like a bully. Every time he declares that what he wants is the most important and so he is going to ignore our culture and the topic of this forum/ml/ng he is acting like a bully. If you haven't seen those posts, I have. Now you know. Per Wikipedia: Bullying is the use of force, threat, or coercion to abuse, intimidate, or aggressively to impose domination over others. ... One essential prerequisite is the perception, by the bully or by others, of an imbalance of social or physical power. None of the behaviors that you cite are examples of bullying. What would you classify insulting my late mother as? -- Python is the second best programming language in the world. But the best has yet to be invented. Christian Tismer Mark Lawrence -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On Tue, Nov 12, 2013 at 4:38 PM, Mark Lawrence breamore...@yahoo.co.uk wrote: What would you classify insulting my late mother as? Rudeness. I'm not defending Nikos here, but let's not call it something that it isn't. -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On 12/11/2013 23:54, Ian Kelly wrote: On Tue, Nov 12, 2013 at 4:38 PM, Mark Lawrence breamore...@yahoo.co.uk wrote: What would you classify insulting my late mother as? Rudeness. I'm not defending Nikos here, but let's not call it something that it isn't. Only being rude, well that's alright then, I take back everything I've ever said about him. Not. -- Python is the second best programming language in the world. But the best has yet to be invented. Christian Tismer Mark Lawrence -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On Tue, 12 Nov 2013 17:27:08 +0100, Antoon Pardon wrote: Somebody has to accept the responsibility to walk away and break the positive feedback loop, or it will never end. And I can't see Nikos being the one to do that. Not my problem. It might not be a problem for you, since you are obviously getting far more pleasure out of arguing with others then you do about discussing Python. But you are a problem for the rest of us. Why do you come to me? I didn't contribute to this thread for about two days. And now you are keeping it alive, just because they started it. Antoon, I don't remember the last time I've seen you contribute anything productive to a Python thread. Chris and Mark have a regrettable tendency to tease or bait Nikos, or at least run off on tangents mocking him, but they at least are also productive members of the community who contribute to discussing Python and helping solve Python problems. You don't, not as far as I can see. Since you are now in my opinion almost as big a problem here as Nikos, I'm adding you back to my kill-file. See you in six months. -- Steven -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On 11/12/2013 03:27 PM, Ian Kelly wrote: On Tue, Nov 12, 2013 at 2:59 PM, Ethan Furman et...@stoneleaf.us wrote: Every time he uses foul language against somebody he's acting like a bully. Every time he reposts questions and ignores answers he's acting like a bully. Every time he declares that what he wants is the most important and so he is going to ignore our culture and the topic of this forum/ml/ng he is acting like a bully. If you haven't seen those posts, I have. Now you know. Per Wikipedia: Bullying is the use of force, threat, or coercion to abuse, intimidate, or aggressively to impose domination over others. ... One essential prerequisite is the perception, by the bully or by others, of an imbalance of social or physical power. So even though he is being verbally abusive, the fact that he's not standing over me with a stick makes him not a bully? We'll have to agree to disagree on this point. -- ~Ethan~ -- https://mail.python.org/mailman/listinfo/python-list
Bullying [was Re: To whoever hacked into my Database]
On Tue, 12 Nov 2013 17:19:43 -0800, Ethan Furman wrote: On 11/12/2013 03:27 PM, Ian Kelly wrote: On Tue, Nov 12, 2013 at 2:59 PM, Ethan Furman et...@stoneleaf.us wrote: Every time he uses foul language against somebody he's acting like a bully. Every time he reposts questions and ignores answers he's acting like a bully. Every time he declares that what he wants is the most important and so he is going to ignore our culture and the topic of this forum/ml/ng he is acting like a bully. If you haven't seen those posts, I have. Now you know. Per Wikipedia: Bullying is the use of force, threat, or coercion to abuse, intimidate, or aggressively to impose domination over others. ... One essential prerequisite is the perception, by the bully or by others, of an imbalance of social or physical power. So even though he is being verbally abusive, the fact that he's not standing over me with a stick makes him not a bully? We'll have to agree to disagree on this point. Is bullying the new terrorism, which in turn is the new socialism? That is, a meaningless term of opprobrium used on anything you don't like? That's what it sounds like to me. Nikos has practically no power in this community. He's one person, friendless in this community, with no social standing. His position is way down the bottom of what little pecking order a bunch of geeks has. Nobody looks up at him for guidance or for hints as to what sort of behaviour is acceptable. He has no Python know-how to withhold from those he doesn't approve of (or inclination to help others). He can't even force anyone to read his comments. I say this not to make him out to be the victim here, he is at least equally responsible for the position he is in, but to highlight the absurdity of claiming he is bullying anywhere here. Just because (generic) you are annoyed by Nikos, or even if your feelings are hurt because he called you a bad name or insulted your dead mother, doesn't mean you are the victim of bullying. Claiming the badge of victimhood for mild annoyances and hurt feelings is one of the least admirable parts of the politically-correct crowd, please don't emulate them. -- Steven -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
Στις 6/11/2013 5:25 μμ, ο/η Νίκος Γκρ33κ έγραψε:
Okey let the hacker try again to mess with my database!!!
He is done it twice, lets see if he will make it again!
I'am waiting!
I can't believe your ignorance. You're actually telling a huge group of
developers from all over the globe that your site is impenetrable. Do
you know how ridiculous you sound? Have you stopped and thought that
maybe people have better things to do than try to hack your stupid circa
1990 website? My three year old could have modified your database. It
doesn't take a pro to take down your 'security'. Have you not read up on
anything these people have suggested? Cross Site Scripting? SQL
Injection? Digital Piracy? Private User Information? No.. you haven't.
That's why your code is starting to look like this:
if not '..' in page and not page == '/etc/passwd' and
os.path.isfile(page) and os.path.exists('/cgi-bin' + page) and cookieID
== 'some_secret' and host == 'superhost.gr' and
hacker_is_not_being_mean_today:
load_site()
load_private_user_phone_numbers_and_then_post_a_screenshot_for_everyone_to_see()
else:
play_pre_millenium_music_and_load_lots_of_gifs()
wait___go_back_and_load_pirated_music_and_gifs_from_1995_anyway(extra_sauce=True)
You can't sue me for posting the code to your site, there was no copyright.
I guess my whole point is, if someone really cared I'm sure they could
get into your site. They could get into a lot of sites that were created
by people way smarter than you. Ever heard of apache exploits? cpanel
exploits? for that matter..python exploits? Some of this is beyond your
control. Actually, all of this is beyond your personal control, you lack
the capability. What I meant to say is that you could not possibly fix
all of this even if you were a better python programmer. Be glad 'she'
wasn't mean.
==
Somebody this morning sent me an email as nikos.su...@gmail.com sayign
the above.
My code is not like you provided you ignorant.
# is it a python file or an html template?
if page and page in os.listdir( cgi_path ):
pyvalid = True
elif os.path.isfile( file ):
page = file.replace( path, '' )
htmlvalid = True
else:
file = 'forbidden'
if 'forbidden' in file:
print( '''h2font color=redΔεν επιτρέπεται η απευθείας πρόσβαση
στο script παρά μόνον μέσω της αρχικής σελίδας!Ανακατεύθυνση σε
5...''' )
print( '''meta http-equiv=REFRESH
content=5;URL=http://superhost.gr;''' )
sys.exit(0)
if cookieID != 'wont_say' and ( htmlvalid or pyvalid ) and re.search(
r'(amazon|google|proxy|cloud|reverse|fetch|msn|who|spider|crawl|ping)',
host ) is None:
# do database insertion here
Tell the mighty female hacker to polish her nails, do her hair and fix a
good meal.
She is incompetent just like yourself.
These all is just an excuse of not being able to mess with my script
again, because is she could she would.
--
https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On 11/08/2013 11:08 AM, Chris Angelico wrote: On Sat, Nov 9, 2013 at 4:11 AM, ru...@yahoo.com wrote: On 11/08/2013 03:05 AM, Νίκος Αλεξόπουλος wrote: I never ignore advices. I read all answers as carefully as i can. But nevertheless sometimes i feel things should have been better implemented using my way. Not of course that i know better, but thats better suited for me in the level iam. Most of the advice I've seen posted here has, as far as I can tell, not intended to be useful but to serve as a way to telling you are incompetent are in other ways insulting or useless. I think you are quite right to ignore it (or tell the poster to get lost.) Actually no; most of the advice has been genuine. Actually yes; most of the advice has not been genuine. Of course neither you nor I know for sure since we can't read minds. But when advice consists of things like Maybe try some of the advice you have been given instead? use php Try starting with something simple. The following is a step by step guide... Now, and this is really really going to tax you... A treatise on 1nf in six short sentences followed by ruminations on competence including ...never shows a glimmer of interest in learning. Now that helpful suggestions have been offered, and the OP continues to obstinately refuse to learn, I don't consider it helpful nor do I believe the claims of such people (who have an history of antagonistic responses) that they are genuinely trying to be helpful. If you want to be helpful try posting useful information without the insults, with an attempt to tune it to the level of understanding the recipient and without the offensive do what I tell you attitude. Long before you showed up here, I noticed the tendency to not answer questions directly but to jerk people off by giving hints or telling them to do something other than they want to do. Often that is good because the original request was for something that the OP really didn't want to do. But sometimes the OP knows they want to do (but doesn't want or is unable to clearly explain why) and when they clearly state that, yes, they do want to do it their way, their question should be answered in good faith or, for those who just can't tell how to do something wrong, ignored. I disagree. If you go to a doctor and ask for a prescription for insert name of medication, the doctor is quite right in refusing if s/he believes that that won't help you. If the OP asks for a way to stuff more into a single record in MySQL, then we're right to say No, don't do it that way. No you're not. Without determining how the data is to be used you can't say it's not normalized. Otherwise one could claim every of the millions of databases containing addresses is not even 1nf because their designers crammed two pieces of information (street number and street name) into a single datum. Second, to simply say, don't do that, it's not 1nf when most database systems provide data types like arrays, set, composites etc whose purpose is to do what you're saying not to do is not being helpful -- it's being domineering and condescending. Finally you're wrong to say no because you are not in a position to evaluate all the criteria that determines right or wrong for the OP. For example it is often easier when learning to use something one understands better, or uses less code or is simpler is some other way to the learner, with the intent to fix it later if experience shows the need. Generally, people who ask for one thing and are advised another will see that the advice is actually getting them to where they really wanted to be. There's another thread now about calling from Python into C, which I haven't been following closely, but I saw a comment from its OP to the effect of Oh right! Standard input/output would do what I want! - it may not have been specifically what was asked for, but it was helpful. If it's not helpful, give a reason for that. Right. Which is why I wrote Often that telling the OP he is doing it wrong] is good because the original request was for something that the OP really didn't want to do. I then went on to address my comments to the case where the OP insists he *does* want what he asks for. So you could have saved us all a little time by leaving out the above irrelevant paragraph. Do you (anyone) know better than all the people of this newsgroup? That you are so naive as to propose that majority opinion is always right is so naive I'm not sure what to think, other than to wonder how old you are. I would think not, firstly because you're asking the question (why are you asking if you already know better), That's pretty illogical thinking. How can he know better *before* he asks and sees the answers. Only after he gets the answers can one decide if they are better or not. and secondly because the collective knowledge and skill is far greater than any
Re: To whoever hacked into my Database
On Mon, Nov 11, 2013 at 5:47 PM, ru...@yahoo.com wrote: On 11/08/2013 11:08 AM, Chris Angelico wrote: On Sat, Nov 9, 2013 at 4:11 AM, ru...@yahoo.com wrote: On 11/08/2013 03:05 AM, Νίκος Αλεξόπουλος wrote: I never ignore advices. I read all answers as carefully as i can. But nevertheless sometimes i feel things should have been better implemented using my way. Not of course that i know better, but thats better suited for me in the level iam. Most of the advice I've seen posted here has, as far as I can tell, not intended to be useful but to serve as a way to telling you are incompetent are in other ways insulting or useless. I think you are quite right to ignore it (or tell the poster to get lost.) Actually no; most of the advice has been genuine. Actually yes; most of the advice has not been genuine. Of course neither you nor I know for sure since we can't read minds. But when advice consists of things like Maybe try some of the advice you have been given instead? use php It seems like you take the view that people have decided to bully or tease or laugh at this one person here. Sometimes other's ask question and they quickly get gently (maybe not gently) teased, but since I have been listening here it is one person overwhelmingly who gets this response. It doesn't mean its really the highest order behavior, but its not done in a vacuum either. Try starting with something simple. The following is a step by step guide... Now, and this is really really going to tax you... So, you don't like teasing. Why not go back and see where this teasing started. I would guess that its not from the beginning. Its only after a history that makes it appropriate (maybe not appropriate, but understandable). A treatise on 1nf in six short sentences followed by ruminations on competence including ...never shows a glimmer of interest in learning. This one I think is mine. I don't pretend to be able to write a treatise in however many sentences, let alone 6. This 'guidance' was to provide a link to a more substantial authority than me about why its a bad idea to use a database without normalizing data. If you want to get stuff out of a database with sql you have to normalize it, or know well why you would not. The thread about normalizing degenerated (sorry if the term is loaded) into people talking about various language data types that can be stored in a sql database. Blob, is the one I remember. So, if you refuse the idea that its better to build a second table with a one to many relationship to the first table rows, then you need to know how much python code will be required to reverse that 'shoving stuff' in a single column. Its a choice. Some people like writing sql, some like writing whatever. If you come here for advice, and you expect to be taken seriously, you need to come back with questions or arguments about why the advice doesn't make sense to you. The meme about the shortage of new lines is amusing, not because of the first time it came up, but because it is such a densely recurring theme. Now that helpful suggestions have been offered, and the OP continues to obstinately refuse to learn, I don't consider it helpful nor do I believe the claims of such people (who have an history of antagonistic responses) that they are genuinely trying to be helpful. What do you consider 'helpful', because in this case, people have tried the go slow approach, the here is some stuff you can read approach, the here is a 5 line piece of code that solves your problem approach. When not having fun, people in this list have put an order of magnitude more time into trying to help this OP than any other questioner, and the story always circles back. If you want to be helpful try posting useful information without the insults, with an attempt to tune it to the level of understanding the recipient and without the offensive do what I tell you attitude. Long before you showed up here, I noticed the tendency to not answer questions directly but to jerk people off by giving hints or telling them to do something other than they want to do. Often that is good because the original request was for something that the OP really didn't want to do. But sometimes the OP knows they want to do (but doesn't want or is unable to clearly explain why) and when they clearly state that, yes, they do want to do it their way, their question should be answered in good faith or, for those who just can't tell how to do something wrong, ignored. I disagree. If you go to a doctor and ask for a prescription for insert name of medication, the doctor is quite right in refusing if s/he believes that that won't help you. If the OP asks for a way to stuff more into a single record in MySQL, then we're right to say No, don't do it that way. No you're not. Without determining how the data is to be used you can't say it's not normalized. Otherwise one could claim
Re: To whoever hacked into my Database
On 11/11/2013 23:49, Joel Goldstick wrote: On Mon, Nov 11, 2013 at 5:47 PM, ru...@yahoo.com wrote: Lets get this right folks once and for all. Let's carry on welcoming Nikos with open arms as he's such a wonderful benefactor to the community, but ban people such as Matt who had the audacity to write about an hour ago Thank you guys so much. Brain fart moment. I appreciate it. This latter approach is simply intolerable. I'm assuming that representatives of the Python Software Foundation will be protesting to Matt in the strongest possible terms about this, and threatening him with a life long ban from this list should he repeat such disgusting words on our forum. -- Python is the second best programming language in the world. But the best has yet to be invented. Christian Tismer Mark Lawrence -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On Monday, November 11, 2013 5:47:28 PM UTC-5, ru...@yahoo.com wrote: On 11/08/2013 11:08 AM, Chris Angelico wrote: On Sat, Nov 9, 2013 at 4:11 AM, ru...@yahoo.com wrote: On 11/08/2013 03:05 AM, Νίκος Αλεξόπουλος wrote: I never ignore advices. I read all answers as carefully as i can. But nevertheless sometimes i feel things should have been better implemented using my way. Not of course that i know better, but thats better suited for me in the level iam. Most of the advice I've seen posted here has, as far as I can tell, not intended to be useful but to serve as a way to telling you are incompetent are in other ways insulting or useless. I think you are quite right to ignore it (or tell the poster to get lost.) Actually no; most of the advice has been genuine. Actually yes; most of the advice has not been genuine. rurpy, I applaud your efforts to make this forum more civil. I do not like the general tone of the responses to Nikos these days. But you are being naive to present this as the big bad meanies against the innocent OP. Nikos has received a good deal of genuine advice. He has also been genuinely difficult to help. If you want to be helpful try posting useful information without the insults, with an attempt to tune it to the level of understanding the recipient and without the offensive do what I tell you attitude. Lots of people have provided useful information, tuned to the recipient. And yet the threads continue to spiral out of control. You must acknowledge that threads started by Nikos end up going badly far more often than average. It can't simply be that everyone irrationally hates Nikos. He didn't reject it out of hand, he gave some reasons why he rejected it. But as is SOP here, you chose not to see or pay any attention to those reasons. Actually, Nikos often has rejected advice out of hand. I want to do it in one line isn't a good reason to reject advice. But I don't want to make another table isn't a good criterion for database design. I like mine better than yours, it just doesn't work, can you help me fix it isn't a good way to get help. As I said, I applaud your efforts to improve the tone of this forum. But you won't do it by ignoring part of the problem: Nikos is difficult to help. He ignores advice; he doesn't seem to want to research the fundamentals of his problems; he refuses suggestions for capricious reasons; he reposts panicky questions, sometimes within minutes of each other. All of these things make him difficult to help, and raise the ire of people who are otherwise generous with their time and experience. I don't know how best to make things better overall. I know that overlooking Nikos' faults won't do it. --Ned. -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
Ned Batchelder wrote: I don't know how best to make things better overall. I know that overlooking Nikos' faults won't do it. If everyone who reached the point where they don't think they can help any more would simply say so in a calm manner and then walk away, that would make things better overall. It wouldn't help *Nikos*, but it would prevent the discussion from degenerating into a flamefest. It takes two to spiral. -- Greg -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On 11/11/2013 04:49 PM, Joel Goldstick wrote: On Mon, Nov 11, 2013 at 5:47 PM, ru...@yahoo.com wrote: On 11/08/2013 11:08 AM, Chris Angelico wrote: On Sat, Nov 9, 2013 at 4:11 AM, ru...@yahoo.com wrote: On 11/08/2013 03:05 AM, Νίκος Αλεξόπουλος wrote: I never ignore advices. I read all answers as carefully as i can. But nevertheless sometimes i feel things should have been better implemented using my way. Not of course that i know better, but thats better suited for me in the level iam. Most of the advice I've seen posted here has, as far as I can tell, not intended to be useful but to serve as a way to telling you are incompetent are in other ways insulting or useless. I think you are quite right to ignore it (or tell the poster to get lost.) Actually no; most of the advice has been genuine. Actually yes; most of the advice has not been genuine. Of course neither you nor I know for sure since we can't read minds. But when advice consists of things like Maybe try some of the advice you have been given instead? use php It seems like you take the view that people have decided to bully or tease or laugh at this one person here. Sometimes other's ask question and they quickly get gently (maybe not gently) teased, but since I have been listening here it is one person overwhelmingly who gets this response. It doesn't mean its really the highest order behavior, but its not done in a vacuum either. I do not (as another poster put it) think that Nikos is an innocent being picked on. I do think that this group would be a better place were those who enjoy baiting, flaming and otherwise venting their frustration with Nikos to vent in some other private way, but it seems I was unable to convince anyone else of that (or at least any of those who do it most). I am not unequivocally defending Nikos but in this particular case, where he is being bashed for not accepting a solution that doesn't meet his needs (as he sees them), I think he is right. Try starting with something simple. The following is a step by step guide... Now, and this is really really going to tax you... So, you don't like teasing. Why not go back and see where this teasing started. I would guess that its not from the beginning. Its only after a history that makes it appropriate (maybe not appropriate, but understandable). Ridicule is a more accurate description than teasing. And you're right, I don't like it. Yes, it's understandable (in the same way it is understandable that the victim of a crime might want to murder the perpetrator) but that doesn't make it acceptable. A treatise on 1nf in six short sentences followed by ruminations on competence including ...never shows a glimmer of interest in learning. This one I think is mine. I don't pretend to be able to write a treatise in however many sentences, let alone 6. This 'guidance' was to provide a link to a more substantial authority than me about why its a bad idea to use a database without normalizing data. If you want to get stuff out of a database with sql you have to normalize it, or know well why you would not. The thread about normalizing degenerated (sorry if the term is loaded) into people talking about various language data types that can be stored in a sql database. Blob, is the one I remember. So, if you refuse the idea that its better to build a second table with a one to many relationship to the first table rows, then you need to know how much python code will be required to reverse that 'shoving stuff' in a single column. Its a choice. Right, that's my point. It is a choice with tradeoffs; either option will have some advantages and some disadvantages. He was trying to figure out the Python code needed. And your suggestion is not necessarily best either: why a 1:M relationship? why not a M:M relationship? There may be duplicate file downloads resulting in your suggestion being non-normalized. So I think there is some justification in his looking for a simpler Python solution even if it is not the way the majority here would do it. [...] No you're not. Without determining how the data is to be used you can't say it's not normalized. Otherwise one could claim every of the millions of databases containing addresses is not even 1nf because their designers crammed two pieces of information (street number and street name) into a single datum. Talking about whether an address is atomic is a can of worms. Anyone who has worked with addresses finds this out. But in the generic sense an address is a single description of a location. Saying that it should be two fields, one with number, and one with name doesn't sound right to me because each field is too small to have any meaning. Of course it has meaning. The number identifies a location on a street. My point was that what is atomic depends on *you* and how *you* analyze your data (which depends on how you
Re: To whoever hacked into my Database
On 11/11/2013 06:16 PM, Ned Batchelder wrote: On Monday, November 11, 2013 5:47:28 PM UTC-5, ru...@yahoo.com wrote: On 11/08/2013 11:08 AM, Chris Angelico wrote: On Sat, Nov 9, 2013 at 4:11 AM, ru...@yahoo.com wrote: On 11/08/2013 03:05 AM, Νίκος Αλεξόπουλος wrote: I never ignore advices. I read all answers as carefully as i can. But nevertheless sometimes i feel things should have been better implemented using my way. Not of course that i know better, but thats better suited for me in the level iam. Most of the advice I've seen posted here has, as far as I can tell, not intended to be useful but to serve as a way to telling you are incompetent are in other ways insulting or useless. I think you are quite right to ignore it (or tell the poster to get lost.) Actually no; most of the advice has been genuine. Actually yes; most of the advice has not been genuine. rurpy, I applaud your efforts to make this forum more civil. I do not like the general tone of the responses to Nikos these days. But you are being naive to present this as the big bad meanies against the innocent OP. I never claimed Nikos was innocent. I was complaining about responses, driven by frustration or hostility, that go beyond reasonable and become so dogmatic and absolutist that they themselves become wrong. Nikos (or anyone else) is right to reject such responses. Nikos has received a good deal of genuine advice. He has also been genuinely difficult to help. Yes. If he is too difficult to help without getting angry because he won't do what you (generic) tell him then perhaps a more constructive response is to stop trying to help him rather than join the lynch mob that is making the atmosphere here far worse (IMO) than Nikos alone could. However, I have made that argument in the past and am not interested in rearguing it. [...] -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
Am 09.11.2013 15:07, schrieb Steven D'Aprano: ... Nikos, you have annoyed and alienated enough people here... Sorry, I DO NOT AGREE! These threads keep my entire office entertained. I would even go so far to suggest, that we should set up an entirely new mailing list for Nikos only, maybe something called like acropolis-list(at)python.org. Mea culpa, I am entirely aware that this is an IT list, but hey, when you have done 2x65ish hrs per week in a row - standing in for our Ops Guy, holidaying - you really start to appreciating little interruptions like this... Greekings ...oops, meant greetings from Tartan-Land, SasCo -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
Στις 10/11/2013 12:20 πμ, ο/η Chris Angelico έγραψε: On Sun, Nov 10, 2013 at 2:32 AM, Antoon Pardon antoon.par...@rece.vub.ac.be wrote: And i had until i made some new changes last night, which i think i have corrected now as we speak. Continuing the arrogance. Just to put that in perspective, by the way: *EVERYONE* writes vulnerable code. Even Python itself has been found to have had significant exploits (hash randomization had to get backported a long way). There's nothing wrong with fixing security bugs; there's not even a lot wrong with the iterative process of find bug, fix bug, find another bug, fix another bug. There are two major problems with what you did here, Nikos, and they are: 1) Starting with a hopelessly insecure system and then trying to band-aid patch it one vulnerability at a time, which is folly; and 2) Boasting that your system was now secure. The main issue is the boasting, which is utterly unwarranted arrogance. All you have to do is look at how, after boasting previously, you were provably vulnerable - which means that you clearly still had problems while you were boasting. A more humble attitude of Oops, well, that's fixed now without saying Ha ha, now try to break THAT, I'm oh so perfect now would suit you far better, based on your history. ChrisA Ha, ha ha! I'm safe now!! No breaks in this time! -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On Sun, 10 Nov 2013 01:44:17 +, ishish wrote: Am 09.11.2013 15:07, schrieb Steven D'Aprano: ... Nikos, you have annoyed and alienated enough people here... Sorry, I DO NOT AGREE! These threads keep my entire office entertained. I would even go so far to suggest, that we should set up an entirely new mailing list for Nikos only, maybe something called like acropolis-list(at)python.org. Mea culpa, I am entirely aware that this is an IT list, but hey, when you have done 2x65ish hrs per week in a row - standing in for our Ops Guy, holidaying - you really start to appreciating little interruptions like this... Greekings ...oops, meant greetings from Tartan-Land, SasCo I too am leaning plenty from watching Nicos' tales of woe, thank you Nicos. To repay the favour one instant lesson i can see that you need to apply is how you are using the page variable to select pages. Do not use the value provided as the direct source of the page name instead us it as a key to look up the page in a white-list, no where do i store that white list? I know how about another database table. I know you don't seem to like using more than one table Nicos but that is daft. they are not rationed cost nothing. Also when you fail to find a page in the white-list return nothing, there is no point in giving potential hackers any more clues than necessary. I also suggest you check your firewall you seem to have far more ports open to the public internet than should ever be necessary. to follow on from one of the other security analogy's posted here you would not put the door to your house safe on the outside wall even if you think it has a stronger lock than your front door. -- He who despises himself nevertheless esteems himself as a self-despiser. -- Friedrich Nietzsche -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
Op 10-11-13 11:32, Νίκος Αλεξόπουλος schreef: Στις 10/11/2013 12:20 πμ, ο/η Chris Angelico έγραψε: There are two major problems with what you did here, Nikos, and they are: 1) Starting with a hopelessly insecure system and then trying to band-aid patch it one vulnerability at a time, which is folly; and 2) Boasting that your system was now secure. The main issue is the boasting, which is utterly unwarranted arrogance. ,,, Ha, ha ha! I'm safe now!! No breaks in this time! You just can't help yourself, can you? I predict your database will be broken in, within a week, after which you will plug one leak and after an other day boast again about how secure your system is, because you hadn't had a break in after your latest fix. -- Antoon Pardon -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On 10/11/2013 10:32, Νίκος Αλεξόπουλος wrote: Ha, ha ha! I'm safe now!! No breaks in this time! She's just biding her time again. Or was it the little fingers of my team? Clearly you haven't the faintest idea. I've now come to the conclusion that someone is going to make a fortune from these hacking incidents, as the film industry is always looking for new material, and this would make one of the greatest comedies ever. You could play yourself, you wouldn't need a script, and you could certainly help with the screenplay!!! -- Python is the second best programming language in the world. But the best has yet to be invented. Christian Tismer Mark Lawrence -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
Στις 10/11/2013 3:49 μμ, ο/η Antoon Pardon έγραψε: Op 10-11-13 11:32, Νίκος Αλεξόπουλος schreef: Στις 10/11/2013 12:20 πμ, ο/η Chris Angelico έγραψε: There are two major problems with what you did here, Nikos, and they are: 1) Starting with a hopelessly insecure system and then trying to band-aid patch it one vulnerability at a time, which is folly; and 2) Boasting that your system was now secure. The main issue is the boasting, which is utterly unwarranted arrogance. ,,, Ha, ha ha! I'm safe now!! No breaks in this time! You just can't help yourself, can you? I predict your database will be broken in, within a week, after which you will plug one leak and after an other day boast again about how secure your system is, because you hadn't had a break in after your latest fix. It won't break again. 'page' variable cannot be manipulated by arbitrary url strings no more. This time is fixed for good. Your predictions are wrong. -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On 10/11/2013 15:01, Νίκος Αλεξόπουλος wrote: Στις 10/11/2013 3:49 μμ, ο/η Antoon Pardon έγραψε: Op 10-11-13 11:32, Νίκος Αλεξόπουλος schreef: Στις 10/11/2013 12:20 πμ, ο/η Chris Angelico έγραψε: There are two major problems with what you did here, Nikos, and they are: 1) Starting with a hopelessly insecure system and then trying to band-aid patch it one vulnerability at a time, which is folly; and 2) Boasting that your system was now secure. The main issue is the boasting, which is utterly unwarranted arrogance. ,,, Ha, ha ha! I'm safe now!! No breaks in this time! You just can't help yourself, can you? I predict your database will be broken in, within a week, after which you will plug one leak and after an other day boast again about how secure your system is, because you hadn't had a break in after your latest fix. It won't break again. 'page' variable cannot be manipulated by arbitrary url strings no more. This time is fixed for good. Your predictions are wrong. I'm not a gambling man, but I'd put my house on the fact that your site is so insecure that even the little fingers of my team can get in. -- Python is the second best programming language in the world. But the best has yet to be invented. Christian Tismer Mark Lawrence -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
Στις 10/11/2013 4:45 μμ, ο/η Mark Lawrence έγραψε: On 10/11/2013 10:32, Νίκος Αλεξόπουλος wrote: Ha, ha ha! I'm safe now!! No breaks in this time! She's just biding her time again. Or was it the little fingers of my team? Tell your female friend to polish her nails or do her hair instead as she will not be successful any more to mess with any of my 3 scripts. If it was little fingers tell him to stick those fingers you know where -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On 10/11/2013 15:12, Νίκος Αλεξόπουλος wrote: Στις 10/11/2013 4:45 μμ, ο/η Mark Lawrence έγραψε: On 10/11/2013 10:32, Νίκος Αλεξόπουλος wrote: Ha, ha ha! I'm safe now!! No breaks in this time! She's just biding her time again. Or was it the little fingers of my team? Tell your female friend to polish her nails or do her hair instead as she will not be successful any more to mess with any of my 3 scripts. Congratulations, you've just let the cat in amongst the pigeons. I suggest you take cover before the brickbats quite rightly start flying. If it was little fingers tell him to stick those fingers you know where I hope you're not suggesting what I think you're suggesting, I couldn't possibly make such a statement to a group of four year olds, how dare you. -- Python is the second best programming language in the world. But the best has yet to be invented. Christian Tismer Mark Lawrence -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
Op 10-11-13 16:01, Νίκος Αλεξόπουλος schreef: Στις 10/11/2013 3:49 μμ, ο/η Antoon Pardon έγραψε: Op 10-11-13 11:32, Νίκος Αλεξόπουλος schreef: Ha, ha ha! I'm safe now!! No breaks in this time! You just can't help yourself, can you? I predict your database will be broken in, within a week, after which you will plug one leak and after an other day boast again about how secure your system is, because you hadn't had a break in after your latest fix. It won't break again. 'page' variable cannot be manipulated by arbitrary url strings no more. So you fixed one specific leak and you think that is enough to declare yourself safe?! This time is fixed for good. The fact that you said this before and were wrong didn't teach you anything? Your predictions are wrong. And you wonder why people think you are arrogant. You are a perfect example of the arrogance of the ignorant. -- Antoon Pardon. -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On Sunday, November 10, 2013 10:28:46 AM UTC-5, Antoon Pardon wrote: Op 10-11-13 16:01, Νίκος Αλεξόπουλος schreef: Στις 10/11/2013 3:49 μμ, ο/η Antoon Pardon έγραψε: Op 10-11-13 11:32, Νίκος Αλεξόπουλος schreef: Ha, ha ha! I'm safe now!! No breaks in this time! You just can't help yourself, can you? I predict your database will be broken in, within a week, after which you will plug one leak and after an other day boast again about how secure your system is, because you hadn't had a break in after your latest fix. It won't break again. 'page' variable cannot be manipulated by arbitrary url strings no more. So you fixed one specific leak and you think that is enough to declare yourself safe?! This time is fixed for good. The fact that you said this before and were wrong didn't teach you anything? Your predictions are wrong. And you wonder why people think you are arrogant. You are a perfect example of the arrogance of the ignorant. -- Antoon Pardon. Can we please just ignore Nikos' boasts? The only way to end a Nikos thread is to ignore Nikos. At this point, Mark and Antoon are as much of a problem as Nikos is. Continuing to insult and bait Nikos just prolongs the noise. Yes, we know he is wrong. But no amount of nyah-nyah posts is going to convince him. We have to settle for an end to the thread. --Ned. -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
Στις 10/11/2013 5:28 μμ, ο/η Antoon Pardon έγραψε: Op 10-11-13 16:01, Νίκος Αλεξόπουλος schreef: Στις 10/11/2013 3:49 μμ, ο/η Antoon Pardon έγραψε: Op 10-11-13 11:32, Νίκος Αλεξόπουλος schreef: Ha, ha ha! I'm safe now!! No breaks in this time! You just can't help yourself, can you? I predict your database will be broken in, within a week, after which you will plug one leak and after an other day boast again about how secure your system is, because you hadn't had a break in after your latest fix. It won't break again. 'page' variable cannot be manipulated by arbitrary url strings no more. So you fixed one specific leak and you think that is enough to declare yourself safe?! This time is fixed for good. The fact that you said this before and were wrong didn't teach you anything? Your predictions are wrong. And you wonder why people think you are arrogant. You are a perfect example of the arrogance of the ignorant. Really? I have even pasted the code as i used to had it and the new correction i have made. Since my code is so crappy try to mess with the script and databases since you re so competent and smart -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On Nov 10, 2013, at 4:28 PM, Antoon Pardon antoon.par...@rece.vub.ac.be wrote: You are a perfect example of the arrogance of the ignorant. Finally! The Dunning–Kruger effect proven beyond a doubt. -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
Στις 10/11/2013 7:57 μμ, ο/η Petite Abeille έγραψε: On Nov 10, 2013, at 4:28 PM, Antoon Pardon antoon.par...@rece.vub.ac.be wrote: You are a perfect example of the arrogance of the ignorant. Finally! The Dunning–Kruger effect proven beyond a doubt. You are a moron, no doubt! Freddy Kruger Effect! -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On Nov 10, 2013, at 7:46 PM, Νίκος Αλεξόπουλος nikos.gr...@gmail.com wrote: You are a moron Rumor has it you are the head of ELSTAT, the Hellenic Statistical Authority. Any truth to that? -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
Στις 10/11/2013 9:16 μμ, ο/η Petite Abeille έγραψε: On Nov 10, 2013, at 7:46 PM, Νίκος Αλεξόπουλος nikos.gr...@gmail.com wrote: You are a moron Rumor has it you are the head of ELSTAT, the Hellenic Statistical Authority. Any truth to that? Perhaps i'm working for NSA too and i was assigned to keep an eye on what's happening on Python News Lists. -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On Nov 10, 2013, at 8:21 PM, Νίκος Αλεξόπουλος nikos.gr...@gmail.com wrote: Perhaps You're in a desert, walking along in the sand, when all of a sudden you look down and see a tortoise. It's crawling toward you. You reach down and you flip the tortoise over on its back. The tortoise lays on its back, its belly baking in the hot sun, beating its legs trying to turn itself over, but it can't. Not without your help. But you're not helping. Why is that? -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On Sun, 10 Nov 2013 20:32:11 +0100 Petite Abeille petite.abei...@gmail.com wrote: On Nov 10, 2013, at 8:21 PM, Νίκος Αλεξόπουλος nikos.gr...@gmail.com wrote: Perhaps You're in a desert, walking along in the sand, when all of a sudden you look down and see a tortoise. It's crawling toward you. You reach down and you flip the tortoise over on its back. The tortoise lays on its back, its belly baking in the hot sun, beating its legs trying to turn itself over, but it can't. Not without your help. But you're not helping. Why is that? Tortoise? What's a tortoise? LOL! Officially now the best thread every on the internet. From a lurker that has been watching the slow train wreck. -- Rod http://www.rodperson.com He who knows himself to be one way and pretends it is another way is a thief who robs his own soul. The Mahabharata Sakuntala 25 -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
Op 10-11-13 17:15, Ned Batchelder schreef: On Sunday, November 10, 2013 10:28:46 AM UTC-5, Antoon Pardon wrote: Op 10-11-13 16:01, Νίκος Αλεξόπουλος schreef: Στις 10/11/2013 3:49 μμ, ο/η Antoon Pardon έγραψε: Op 10-11-13 11:32, Νίκος Αλεξόπουλος schreef: Ha, ha ha! I'm safe now!! No breaks in this time! You just can't help yourself, can you? I predict your database will be broken in, within a week, after which you will plug one leak and after an other day boast again about how secure your system is, because you hadn't had a break in after your latest fix. It won't break again. 'page' variable cannot be manipulated by arbitrary url strings no more. So you fixed one specific leak and you think that is enough to declare yourself safe?! This time is fixed for good. The fact that you said this before and were wrong didn't teach you anything? Your predictions are wrong. And you wonder why people think you are arrogant. You are a perfect example of the arrogance of the ignorant. -- Antoon Pardon. Can we please just ignore Nikos' boasts? When I'm bored with them. I don't understand why you suddenly complain. This whole thread started with what amounts to a boast. So why wait four days before you ask for them to be ignored. The only way to end a Nikos thread is to ignore Nikos. At this point, Mark and Antoon are as much of a problem as Nikos is. Continuing to insult and bait Nikos just prolongs the noise. Yes, we know he is wrong. But no amount of nyah-nyah posts is going to convince him. We have to settle for an end to the thread. This much we new when the thread started. Thus IMO all those that reacted and blew life into this thread are to blame that it could flourish. But it seemed they were having their fun. So why shouldn't I have my fun now? They were a problem then, I am a problem now, that seems perfectly fair. -- Antoon Pardon -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On Nov 10, 2013 9:01 PM, Rod Person rodper...@rodperson.com wrote: Tortoise? What's a tortoise? Is that a real question? If yes, then it's an animal, similar to a turtle. Ask Google or Wikipedia for more details. -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On Sun, 10 Nov 2013 21:41:54 +0100 Chris “Kwpolska” Warrick kwpol...@gmail.com wrote: On Nov 10, 2013 9:01 PM, Rod Person rodper...@rodperson.com wrote: Tortoise? What's a tortoise? Is that a real question? If yes, then it's an animal, similar to a turtle. Ask Google or Wikipedia for more details. Check the movie Blade Runner. -- Rod http://www.rodperson.com He who knows himself to be one way and pretends it is another way is a thief who robs his own soul. The Mahabharata Sakuntala 25 -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On Sun, 10 Nov 2013 21:41:54 +0100 Chris “Kwpolska” Warrick kwpol...@gmail.com wrote: On Nov 10, 2013 9:01 PM, Rod Person rodper...@rodperson.com wrote: Tortoise? What's a tortoise? Is that a real question? If yes, then it's an animal, similar to a turtle. Ask Google or Wikipedia for more details. http://youtu.be/Umc9ezAyJv0?t=1m10s -- Rod http://www.rodperson.com He who knows himself to be one way and pretends it is another way is a thief who robs his own soul. The Mahabharata Sakuntala 25 -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On Mon, Nov 11, 2013 at 7:41 AM, Chris “Kwpolska” Warrick kwpol...@gmail.com wrote: On Nov 10, 2013 9:01 PM, Rod Person rodper...@rodperson.com wrote: Tortoise? What's a tortoise? Is that a real question? If yes, then it's an animal, similar to a turtle. Ask Google or Wikipedia for more details. The Master was an old Turtle. We called him Tortoise... Why did you call him Tortoise if he wasn't one? We called him Tortoise because he taught us! Really, you are very dull. -- the Mock Turtle explaining his lessons to Alice (they lessened every day, and I still have no idea how they managed on the twelfth day). ChrisA -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On Sat, Nov 9, 2013 at 6:44 PM, Νίκος Αλεξόπουλος nikos.gr...@gmail.com wrote: You are right. You could have servers anywhere in the world. But i will assume the following hostnames are yours: mail14.ess.barracuda.com mail0.ess.barracuda.com I'm quite sure this time because i notice that the last days when i make a post about my script these 2 hostnames were the first hits into my website and your comments are the most immediate responses i had in my threads just a few minutes after the hits. You go right ahead and assume that. I wonder who barracuda.com is... and whether, I dunno, maybe someone else here is more likely to be associated with a Californian company than I am. Also, very interesting that your oh-so-hardened script is still insecure. Do you now understand my earlier comments about it being insecure-by-default? ChrisA -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
Στις 9/11/2013 9:54 πμ, ο/η Νίκος Αλεξόπουλος έγραψε:
Στις 9/11/2013 9:05 πμ, ο/η Νίκος Αλεξόπουλος έγραψε:
Στις 9/11/2013 8:37 πμ, ο/η Chris Angelico έγραψε:
On Sat, Nov 9, 2013 at 5:32 PM, Νίκος Αλεξόπουλος
nikos.gr...@gmail.com wrote:
I'am not saying out of arrogance but i was really under the
impression i had
secure my script.
And i had until i made some new changes last night, which i think i
have
corrected now as we speak.
In other words, you closed off whatever you could see as being a
problem, and then boasted that the script was secure... until someone
proved to you that it wasn't. Your script is insecure by default, and
you're band-aid patching everything you happen to be made aware of.
What makes you think that it's now secure?
ChrisA
Its probably unwise to post the following snippet of code that validates
user input so an attacker wouldn't pass arbitrary values to my script
but what the heck.
==
# initiate some local variables
htmlvalid = pyvalid = False
path = '/home/nikos/public_html/'
cgi_path = '/home/nikos/public_html/cgi-bin/'
# define how the .html or .python pages are called
file = form.getvalue('file')# this value should come only
from .htaccess and not as http://superhost.gr/~nikos/cgi-bin/metrites.py
page = form.getvalue('page')# this value comes from
'index.html' or from within 'metrites.py'
# is it a python file or an html template?
if page and os.path.exists( cgi_path + page ):
pyvalid = True
elif os.path.exists( file ):
page = file.replace( path, '' )
htmlvalid = True
else:
file = 'forbidden'
.
.
if 'forbidden' in file:
print( '''h2font color=redΔεν επιτρέπεται η απευθείας πρόσβαση
στο script παρά μόνον μέσω της αρχικής σελίδας!Ανακατεύθυνση σε
5...''' )
print( '''meta http-equiv=REFRESH
content=5;URL=http://superhost.gr;''' )
sys.exit(0)
==
Now, when it comes to database insertions i use this check to prevent
bogus data:
==
if cookieID != 'some_secret_here' and ( htmlvalid or pyvalid ) and
re.search(
r'(amazon|google|proxy|cloud|reverse|fetch|msn|who|spider|crawl|ping)',
host ) is None:
==
Even if i get re-hacked i'll find a security alternative.
How on earth did the hacker managed to alter the database again:
http://superhost.gr/?show=stats
i can't ing believe it!
He is actually trying to read sensitive stuff from my linux server by
passing arguments into 'page' variable like '../../../../etc/passwd'
How was he able to pass that info again?!?!
Okey mighty one!
Try to do the same thing again and be successfull.
i know what you did last summer!
You took advantage of this is statemnt:
if page and os.path.exists( cgi_path + page ):
and manages to pass arbitrary values to page by giving input
of '../../../../etc/passwd' ehich is actually translated as:
if page and os.path.exists( '/home/nikos/public_html/cgi-bin/' +
'../../../../etc/passwd' ):
So
1. you actually are passign a value to page
2. you passed value is in fact exist as a
'pathname/to/a/linux/sensitive/file'
I know what i have to do now:
Alter the if to soemthing like:
if page and os.path.isfile( cgi_path + page ) and page should only
allowed to be an actual file but only from within the 'cgi-bin' directory.
Hence, i altered the code to this:
if page and os.path.isfile( cgi_path + page ) in os.listdir( cgi_path ):
Try pass bogus values again into my database!
--
https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On Sat, Nov 9, 2013 at 7:31 PM, Νίκος Αλεξόπουλος nikos.gr...@gmail.com wrote: if page and os.path.isfile( cgi_path + page ) in os.listdir( cgi_path ): Try pass bogus values again into my database! Well done! *slow clap* In the interests of security, you have just locked everything out, including legitimate usage! ChrisA -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
Στις 9/11/2013 10:39 πμ, ο/η Chris Angelico έγραψε: On Sat, Nov 9, 2013 at 7:31 PM, Νίκος Αλεξόπουλος nikos.gr...@gmail.com wrote: if page and os.path.isfile( cgi_path + page ) in os.listdir( cgi_path ): Try pass bogus values again into my database! Well done! *slow clap* In the interests of security, you have just locked everything out, including legitimate usage! ChrisA What ?!!? -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
Στις 9/11/2013 10:39 πμ, ο/η Chris Angelico έγραψε: On Sat, Nov 9, 2013 at 7:31 PM, Νίκος Αλεξόπουλος nikos.gr...@gmail.com wrote: if page and os.path.isfile( cgi_path + page ) in os.listdir( cgi_path ): Try pass bogus values again into my database! Well done! *slow clap* In the interests of security, you have just locked everything out, including legitimate usage! ChrisA Ah yes you are right! Correction! if page and page in os.listdir( cgi_path ): That should keep the site working and still leave the attacker away from my daatabase! -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On Sat, 09 Nov 2013 09:05:51 +0200, Νίκος Αλεξόπουλος wrote: Its probably unwise to post the following snippet of code that validates user input so an attacker wouldn't pass arbitrary values to my script but what the heck. On the contrary, it is wise to publicise your security code. It is a very strong principle of security that you should not put your trust in obscurity. To give an analogy, your doors should be secure even if people know where the door is, what brand of lock you use, and even the type of key used. Nikos, you have annoyed and alienated enough people here that the following may not apply to you, but in general I would expect that publishing your code in a friendly forum would lead to many eyes make shallow bugs -- people who spotted a bug in your security code, a weakness or a flaw, would speak up and tell you. Your security should depend on the strength of the security mechanism, and not rely on others being ignorant of what security you have in place. On the other hand, it is possible to be *too* open. Secrets should not be publicised. Secrets include passwords. Occasionally they may include other things. For example, in port-knocking, the precise sequence of ports used is a secret. There is, sometimes, value in obfuscating parts of your security. E.g. rather than allowing ssh on the usual port 22, some people prefer to use some other port number for that extra bit of security. But they don't rely on that -- if the attacker manages to discover that they use port 45081 instead of 22, they still have to defeat the normal ssh security before gaining access. -- Steven -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
Στις 9/11/2013 5:07 μμ, ο/η Steven D'Aprano έγραψε: On Sat, 09 Nov 2013 09:05:51 +0200, Νίκος Αλεξόπουλος wrote: Its probably unwise to post the following snippet of code that validates user input so an attacker wouldn't pass arbitrary values to my script but what the heck. On the contrary, it is wise to publicise your security code. It is a very strong principle of security that you should not put your trust in obscurity. To give an analogy, your doors should be secure even if people know where the door is, what brand of lock you use, and even the type of key used. Nikos, you have annoyed and alienated enough people here that the following may not apply to you, but in general I would expect that publishing your code in a friendly forum would lead to many eyes make shallow bugs -- people who spotted a bug in your security code, a weakness or a flaw, would speak up and tell you. Your security should depend on the strength of the security mechanism, and not rely on others being ignorant of what security you have in place. On the other hand, it is possible to be *too* open. Secrets should not be publicised. Secrets include passwords. Occasionally they may include other things. For example, in port-knocking, the precise sequence of ports used is a secret. There is, sometimes, value in obfuscating parts of your security. E.g. rather than allowing ssh on the usual port 22, some people prefer to use some other port number for that extra bit of security. But they don't rely on that -- if the attacker manages to discover that they use port 45081 instead of 22, they still have to defeat the normal ssh security before gaining access. Thank you Steven, indeed posting my code helped me realize that it wasn't the secure code i though it were. The attacker compromised my counters database once again and that helped me push my logic further into delve into how we went successful. Now witht he last changed i have made, for 9 hours or so, my databases are intact. I feel a bit sad though because if i wasn't able to detect the flaw nobody -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
Στις 9/11/2013 5:07 μμ, ο/η Steven D'Aprano έγραψε: On Sat, 09 Nov 2013 09:05:51 +0200, Νίκος Αλεξόπουλος wrote: Its probably unwise to post the following snippet of code that validates user input so an attacker wouldn't pass arbitrary values to my script but what the heck. On the contrary, it is wise to publicise your security code. It is a very strong principle of security that you should not put your trust in obscurity. To give an analogy, your doors should be secure even if people know where the door is, what brand of lock you use, and even the type of key used. Nikos, you have annoyed and alienated enough people here that the following may not apply to you, but in general I would expect that publishing your code in a friendly forum would lead to many eyes make shallow bugs -- people who spotted a bug in your security code, a weakness or a flaw, would speak up and tell you. Your security should depend on the strength of the security mechanism, and not rely on others being ignorant of what security you have in place. On the other hand, it is possible to be *too* open. Secrets should not be publicised. Secrets include passwords. Occasionally they may include other things. For example, in port-knocking, the precise sequence of ports used is a secret. There is, sometimes, value in obfuscating parts of your security. E.g. rather than allowing ssh on the usual port 22, some people prefer to use some other port number for that extra bit of security. But they don't rely on that -- if the attacker manages to discover that they use port 45081 instead of 22, they still have to defeat the normal ssh security before gaining access. Thank you Steven, indeed posting my code helped me realize that it wasn't the secure code i though it were. The attacker compromised my counters database once again and that helped me push my logic further into delve into how we went successful. Now witht he last changed i have made, for 9 hours or so, my databases are intact. I feel a bit sad though because if i wasn't able to detect the flaw nobody would have heed me solve it. -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
Op 09-11-13 07:32, Νίκος Αλεξόπουλος schreef: Στις 9/11/2013 8:20 πμ, ο/η Chris Angelico έγραψε: On Sat, Nov 9, 2013 at 4:54 PM, Νίκος Αλεξόπουλος nikos.gr...@gmail.com wrote: Στις 6/11/2013 5:25 μμ, ο/η Νίκος Γκρ33κ έγραψε: Okey let the hacker try again to mess with my database!!! He is done it twice, lets see if he will make it again! I'am waiting! I have to congratulate the hacher because as it seems s/he's done it again. S/he's manages to actually pass fake filename values inside my db even after my changes: https://en.wikipedia.org/wiki/Hubris ChrisA I'am not saying out of arrogance but i was really under the impression i had secure my script. That is arrogance. That you with your history of misunderstandings (to put it midly) were under the impression that you had a secure script and that you thought that impression was somehow reliable is pure arrogance. And i had until i made some new changes last night, which i think i have corrected now as we speak. Continuing the arrogance. -- Antoon Pardon -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On Sun, Nov 10, 2013 at 2:32 AM, Antoon Pardon antoon.par...@rece.vub.ac.be wrote: And i had until i made some new changes last night, which i think i have corrected now as we speak. Continuing the arrogance. Just to put that in perspective, by the way: *EVERYONE* writes vulnerable code. Even Python itself has been found to have had significant exploits (hash randomization had to get backported a long way). There's nothing wrong with fixing security bugs; there's not even a lot wrong with the iterative process of find bug, fix bug, find another bug, fix another bug. There are two major problems with what you did here, Nikos, and they are: 1) Starting with a hopelessly insecure system and then trying to band-aid patch it one vulnerability at a time, which is folly; and 2) Boasting that your system was now secure. The main issue is the boasting, which is utterly unwarranted arrogance. All you have to do is look at how, after boasting previously, you were provably vulnerable - which means that you clearly still had problems while you were boasting. A more humble attitude of Oops, well, that's fixed now without saying Ha ha, now try to break THAT, I'm oh so perfect now would suit you far better, based on your history. ChrisA -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
Στις 6/11/2013 5:25 μμ, ο/η Νίκος Γκρ33κ έγραψε: Okey let the hacker try again to mess with my database!!! He is done it twice, lets see if he will make it again! I'am waiting! I'am pleased to see that various ppl have tried to mess my db by 1. submitted my webiste to netcraft.com for secucirty vuln search 2. tried to pass arbitrary values to 'page' variable by doing http://superhost.gr?page=some_string_here; 3. tried to access the sources of my scripts by http://superhost.gr/~nikos/cgi-bin/metrites.py http://superhost.gr/~nikos/cgi-bin/pelatologio.py http://superhost.gr/~nikos/cgi-bin/files.py Fortunately for me they have all failed. That means that i have *actually* made security of my scripts stronger. Now whoever called me incompetent should think again before he accused me of so. :-) -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On Fri, Nov 8, 2013 at 7:20 PM, Νίκος Αλεξόπουλος nikos.gr...@gmail.com wrote: Fortunately for me they have all failed. That means that i have *actually* made security of my scripts stronger. Now whoever called me incompetent should think again before he accused me of so. :-) https://en.wikipedia.org/wiki/Hubris ChrisA -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On 11/07/2013 03:32 PM, Chris Angelico wrote: On Fri, Nov 8, 2013 at 10:28 AM, Νίκος Αλεξόπουλος nikos.gr...@gmail.com wrote: Also i don't have to explain my job or grant permission from Grant to start a business. I don't care if you think otherwise. You don't need Grant to grant permission for you to run a business, but if you're running a business then you ARE professional. That's what he's saying. ChrisA Naturally I know nothing about Greek laws, but I assume their tax laws would be similar to those of the US. Nikos admits he is making money from this, but I would not be surprised if he doesn't report it as income. Pure speculation, of course. -=- Larry -=- -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
Στις 8/11/2013 10:31 πμ, ο/η Chris Angelico έγραψε: On Fri, Nov 8, 2013 at 7:20 PM, Νίκος Αλεξόπουλος nikos.gr...@gmail.com wrote: Fortunately for me they have all failed. That means that i have *actually* made security of my scripts stronger. Now whoever called me incompetent should think again before he accused me of so. :-) https://en.wikipedia.org/wiki/Hubris ChrisA I have said this not out of arrogance but to shut some mounts calling me complete incompetent. -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On 07/11/2013 21:45, Joel Goldstick wrote: On Thu, Nov 7, 2013 at 4:39 PM, Ian Kelly ian.g.ke...@gmail.com wrote: On Thu, Nov 7, 2013 at 2:20 PM, Denis McMahon denismfmcma...@gmail.com wrote: I think the hacker is a figment of Nick's imagination, or rather a consequence of his broken python code corrupting his data. Unless the Python installation on Nikos' system has become self-aware and is actively objecting to his code, I think that messages like Read a manual and Learn to code inserted into a database (as seen in the images that Nikos linked earlier) would normally suggest a hacker. -- https://mail.python.org/mailman/listinfo/python-list but... a very polite hacker My highly trained team were all brought up to be extremely polite. -- Python is the second best programming language in the world. But the best has yet to be invented. Christian Tismer Mark Lawrence -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On 07/11/2013 23:10, Νίκος Αλεξόπουλος wrote: I will improve on linux and python scripting over time, day by day No you won't!!! Everytime you're offered advice on best practice you state that you want to do it differently. -- Python is the second best programming language in the world. But the best has yet to be invented. Christian Tismer Mark Lawrence -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On 08/11/2013 08:59, Νίκος Αλεξόπουλος wrote: Στις 8/11/2013 10:31 πμ, ο/η Chris Angelico έγραψε: On Fri, Nov 8, 2013 at 7:20 PM, Νίκος Αλεξόπουλος nikos.gr...@gmail.com wrote: Fortunately for me they have all failed. That means that i have *actually* made security of my scripts stronger. Now whoever called me incompetent should think again before he accused me of so. :-) https://en.wikipedia.org/wiki/Hubris ChrisA I have said this not out of arrogance but to shut some mounts calling me complete incompetent. Ignoring the bit about shutting mounts, which shows how much effort you ever put into anything that you post, actually here I agree with you. But don't get too excited, it's only because completely isn't a strong enough adjective to use for your level of incompetence. -- Python is the second best programming language in the world. But the best has yet to be invented. Christian Tismer Mark Lawrence -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On 08/11/2013 01:32, alex23 wrote: On 8/11/2013 7:39 AM, Ian Kelly wrote: Unless the Python installation on Nikos' system has become self-aware and is actively objecting to his code, I think that messages like Read a manual and Learn to code inserted into a database (as seen in the images that Nikos linked earlier) would normally suggest a hacker. I just assumed he'd written himself a to-do app and couldn't be bothered with the hussle of creating a separate table to store its items. Made my day :) -- Python is the second best programming language in the world. But the best has yet to be invented. Christian Tismer Mark Lawrence -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
Στις 8/11/2013 11:15 πμ, ο/η Mark Lawrence έγραψε: On 08/11/2013 01:32, alex23 wrote: On 8/11/2013 7:39 AM, Ian Kelly wrote: Unless the Python installation on Nikos' system has become self-aware and is actively objecting to his code, I think that messages like Read a manual and Learn to code inserted into a database (as seen in the images that Nikos linked earlier) would normally suggest a hacker. I just assumed he'd written himself a to-do app and couldn't be bothered with the hussle of creating a separate table to store its items. Made my day :) And if you jump over a bridge it would make my day! -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
Στις 8/11/2013 11:19 πμ, ο/η Mark Lawrence έγραψε: On 08/11/2013 08:59, Νίκος Αλεξόπουλος wrote: Στις 8/11/2013 10:31 πμ, ο/η Chris Angelico έγραψε: On Fri, Nov 8, 2013 at 7:20 PM, Νίκος Αλεξόπουλος nikos.gr...@gmail.com wrote: Fortunately for me they have all failed. That means that i have *actually* made security of my scripts stronger. Now whoever called me incompetent should think again before he accused me of so. :-) https://en.wikipedia.org/wiki/Hubris ChrisA I have said this not out of arrogance but to shut some mounts calling me complete incompetent. Ignoring the bit about shutting mounts, which shows how much effort you ever put into anything that you post, actually here I agree with you. But don't get too excited, it's only because completely isn't a strong enough adjective to use for your level of incompetence. You wouldn't be able to write the scripts i have written. All you do is criticize me, but you never ever have posted code to anything i have asked. Perhaps you can't even write a simpel script -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
Στις 8/11/2013 11:19 πμ, ο/η Mark Lawrence έγραψε: On 08/11/2013 08:59, Νίκος Αλεξόπουλος wrote: Στις 8/11/2013 10:31 πμ, ο/η Chris Angelico έγραψε: On Fri, Nov 8, 2013 at 7:20 PM, Νίκος Αλεξόπουλος nikos.gr...@gmail.com wrote: Fortunately for me they have all failed. That means that i have *actually* made security of my scripts stronger. Now whoever called me incompetent should think again before he accused me of so. :-) https://en.wikipedia.org/wiki/Hubris ChrisA I have said this not out of arrogance but to shut some mounts calling me complete incompetent. Ignoring the bit about shutting mounts, which shows how much effort you ever put into anything that you post, actually here I agree with you. But don't get too excited, it's only because completely isn't a strong enough adjective to use for your level of incompetence. You wouldn't be able to write the scripts i have written. All you do is criticize me, but you never ever have posted code to anything i have asked. Perhaps you can't even write a simple script. -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On Fri, Nov 8, 2013 at 8:34 PM, Νίκος Αλεξόπουλος nikos.gr...@gmail.com wrote: Στις 8/11/2013 11:15 πμ, ο/η Mark Lawrence έγραψε: Made my day :) And if you jump over a bridge it would make my day! Mar-Kal El-awrence! Able to leap tall bridges in a single bound, more powerful than a steaming (and fuming) Greek webmaster, the Man of Silicon, BREAMOREBOY! ChrisA just finished watching this year's Man of Steel movie, and was disappointed despite low expectations -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On 08/11/2013 09:34, Νίκος Αλεξόπουλος wrote: Στις 8/11/2013 11:15 πμ, ο/η Mark Lawrence έγραψε: On 08/11/2013 01:32, alex23 wrote: On 8/11/2013 7:39 AM, Ian Kelly wrote: Unless the Python installation on Nikos' system has become self-aware and is actively objecting to his code, I think that messages like Read a manual and Learn to code inserted into a database (as seen in the images that Nikos linked earlier) would normally suggest a hacker. I just assumed he'd written himself a to-do app and couldn't be bothered with the hussle of creating a separate table to store its items. Made my day :) And if you jump over a bridge it would make my day! I feel no need to jump but thank you anyway. When your customers start taking legal action for you exposing their data, and when I start visiting your web site and demanding data on my usage which you must provide in accordance with EU law, then I'm hoping that you'll be kind enough to us do this favour and jump. Failing that the blow lamp and piece of iron are still available, I just wish they'd been used months ago. No, I withdraw that last comment, the previous months have led to some of the funniest threads I've ever seen on this list, and you've been at the heart of them. Thank you for making me laugh my socks off. -- Python is the second best programming language in the world. But the best has yet to be invented. Christian Tismer Mark Lawrence -- https://mail.python.org/mailman/listinfo/python-list
Re: To whoever hacked into my Database
On 08/11/2013 09:37, Νίκος Αλεξόπουλος wrote: You wouldn't be able to write the scripts i have written. All you do is criticize me, but you never ever have posted code to anything i have asked. Perhaps you can't even write a simpel script I may be drunk, Miss, but in the morning I will be sober and you will still be ugly. Winston Churchill. -- Python is the second best programming language in the world. But the best has yet to be invented. Christian Tismer Mark Lawrence -- https://mail.python.org/mailman/listinfo/python-list
