Recently I started doing a internet-wide scan for rsync servers, thinking it might be fun to write a toy search-engine/indexer.
Even the basics such as searching against the names of exported shares would be interesting, I thought.
Today I abandoned that after exploring some of the results, (created with zmap), because there's just too much private data out there, wide open
IP redacted for obvious reason:shelob ~ $ rsync rsync://xx.xx.xx.xx/ ginevra Ginevra backup krsna Alberto Laptop Backup franziska Franz Laptop Backup genoveffa Franz Laptop Backup 2
Some nice shares there. Lets see if they're as open as they appear to be:shelob ~ $ rsync rsync://xx.xx.xx.xx/ginevra/home/ drwxrwsr-x 4096 2013/10/30 13:42:29 . drwxr-sr-x 4096 2009/02/03 10:32:27 abl drwxr-s--- 12288 2014/02/12 20:05:22 alberto drwxr-xr-x 4096 2011/12/13 17:12:46 alessandra drwxr-sr-x 20480 2014/02/12 22:55:01 backup drwxr-xr-x 4096 2008/10/03 14:51:29 bertacci ..
Yup. Backups of /home, /etc/, and more.
I found numerous examples of this, along with a significant number of hosts that exported "www" + "sql", as a pair, and a large number of hosts that just exported "squid/". I assume they must be some cpanel-like system, because I can't understand why thousands of people would export the same shares with the same comments otherwise.
I still would like to run the indexer, but with so much easy content to steal, well I think the liability would kill me.
I considered not posting this, but I suspect "bad people" already know..,
This is a repost from Stefano Zacchiroli's post
how-can-i-help by Lucas Nussbaum is one of the best things that happened in the area of attracting contributions to Debian in quite a while. It can be used both as a standalone tool to list opportunities for contributing to Debian which are related to your installed packages, and as an APT hook (which is also the default configuration) that at each upgrade will inform you of new contribution opportunities.
how-can-i-help is great for newbies who are looking for ways to give back to Debian which are a good match for their skills: among other things, how-can-i-help shows bugs tagged "gift" related to packages you use.
how-can-i-help is also great for experienced developers, as it allows them to find out, in a timely manner, that packages they use are in dire need of help: RC bugs, pending removals, adoptions needed, requests for sponsor, etc. (As highly unscientific evidence: I've noticed a rather quick turnover of RFA/O/ITA bugs on packages installed on my machine. I suspect how-can-i-help is somehow responsible for that, due to the fact that it increases awareness of ongoing package issues directly with the people using them.)
So, if you haven't yet, please apt-get install how-can-i-help RIGHT NOW.
I daresay that we should aim at installing how-can-i-help by default on all Debian machines, but that might be an ambitious initial goal. In the meantime I'll settle for making how-can-i-help's popcon count skyrocket. As of today, it looks like this:
which is definitely too low for my taste. Please spread the word about how-can-i-help. And let's see what we can collectively do to that graph.
how-can-i-help is just a tiny teeny helper, but I'm convinced it can do wonders in liberating dormant contributions to the Debian Project.
Later this year I am going to do something stupid. I’m going to climb Mount Mulanje, the highest mountain in southern Africa. It will take 5 days to get up and I’ll be carrying a heavy pack all the way.
People keep asking me if I’m in training. I’m not. I probably should be. What those people don’t know is that it’s not climbing the 3,002m peak that worries me. It’s the insects. I am extremely attractive to insects. Even in the UK I get bitten, a lot. When I was working on an outdoor theatre production I got bitten so much that they put it in the accident book.
I’m doing all this for AMECA, a UK charity who have built a sustainable hospital in Malawi. Adults pay for their treatment, which funds free medical care for children. Sadly there is no NHS in Malawi. So, is this just about helping people in Africa? (As if that wasn’t reason enough!) No.
The money that I’m raising pays bursaries for nurses from the UK to go to Malawi and work out there for 6 months. The nurses get valuable experience that they bring back to the UK. Everyone benefits.
I first wrote about this last summer, and I’ve had a lot of generous sponsorship from people. Only some of whom want me to suffer whilst I’m doing the climb. Some generous people donated anonymously, so I can’t thank them in person. But thank you. Thank you so so much to everyone who has helped. I really do appreciate it.
I’ve only got 4 months to reach my fundraising target of £2,550. If you can help out, the link is right here:Please donate on my Virgin Money page
All the money goes straight to AMECA. Thank you.Pin It
There are times when I'm very proud of the Debian project, the developers, the contributors, the bug-reporters, even the users.
There are times when I'm less impressed.
These days I guess I'm not qualified to comment, being an ex-developer, but I still am disappointed.
Part of me wants to rejoin the project, to see if I can help. The other part is thinking there are other choices, maybe I should look at them.
Conflict is bad.
Being conflicted is worse.
The simple external-comments code is now complete enough for me to stop poking it on a daily basis:
In an ideal world the client-side code should be a jQuery plugin, but I've not worked out how to make a static method (the JSONP callback) be a member of a jQuery plugin-object. So without that I have to re-pass the options around too many places, rather than making them a member of "this".
Meh, pull requests welcome for adding new storage back-ends (redis and sqlite are supported by default), and similarly for cleanups.
I’m very pleased to reveal a brand new logo for my photography. I think it reflects my geekiness, my excellent sense of humour (you may disagree) and generally straightforward approach to photography.
It was a fun but challenging process to collect together ideas that might influence the design. “Describe yourself” is always a difficult question to answer, but gradually I collected a pinterest board full of things I feel describe my aspirations and that I admire: Classic design, comedy heroes, retro computing.
My photographic style has developed so much since I started photographing weddings back in the dim and distant past of 2011. This new branding reflects the clearer understanding I have of my style, but also who I am as a person and a photographer. I’m not going to be in your face and demanding, but I will be smiley and chatty. I won’t filter, airbrush and process your photos until they look completely artificial: I will produce natural looking images that show your personalities. I won’t try and pose every tiny aspect of your photos: I will create a space where you feel comfortable and can act naturally.
My new branding was designed by the brilliant Tom Holmes and I will be using it for my wedding photography as well as other photography and video work (about which more soon!).
I think the little fella should have a name though. Any suggestions?Pin It