iGuest

eot files are more than likely just simple text files. Just open them in a text editor and it should work.As for the font system, it is best to use the combination of the following fonts in your CSS.Arial, Helvettica, VerdanaThose three put together seem to be the pretty bogstandard text, that has literally become a design essential. Any serif-fonts are not looked upon as being eye-candy when it comes to websites. However, this rule doesn't apply to documents.For ages it has been the annoyance of many web newbies. The best way to do it is to stick to the design standards. I you are going to use non-standard fonts, then make sure they are images.--mik:P

Acidmist.com has suspended its thingies until further notice.I like to use uni.ccI think that in time, more valuable free NAME SERVERS (DNS) will be given, such as .com and .co.ukUntil then, we have to put up with bog-standard freebies like .tk and .uni.cc

Thinking your site is safe and knowing it is safe are two different things. Hackers can easily get into any site that isn't protected. They can then access databases to find user information, steal files, or plant dubious files that will get your account taken off of you. To ensure that the above doesn't happen, you need to keep your site as secure as possible. If you think that databases and the relevant programming (PHP, ASP, etc) are secured, think again. Simple SQL injections, Cross-site scripting, exposed session data or session hijacking is but a few suggestions that hackers use. Google Hacking. Last December set a new foot-mark for all hackers everywhere. The Santy worm used Google to search the web for sites vulnerable to a particular form of attack. The attack was only minor and the only damage done was the text on a front page of the site being changed.. However, some 40,000+ sites were affected within...24 hours. This is a daunting fact, as the worm could have easily been very serious. And who is to say the next one wont be. The terrible news to all, is that anyone can search for vulnerabilities in sites. For example, enter inurl:"passwd.txt" at Google. This command returns an addresses that have passwd.txt in the URL.* Don't Panic: There are ways in which to help prevent hackers. 1) Don't use obvious file(s) and folder(s) names. 2) Use Gooscan from ihackstuff.com* to scan your site for various risks when searched for using Google. 3) Encrypt your coding. 4) The Google Hack Honeypot (ghh.sourceforge.net) pretends to be a vulnerable PHP application, but actually watches and records everything that an attacker does. Overall: (adapted from a .NET article to suit.) 1) Check the log files of you site occasionally, to look for any attempted attacks. A decent log analyser might help. 2) Make sure that the permissions on your site folders are set correctly. 3) Site developers should make sure tha all input data is properly validated and anything isn't validated us deleted. 4) Turn all detailed error reporting offm if possible(set display_errors to 0 in PHP for instance). 5) Think about the file extensions on your server. Ue .inc for PHP included files, for instance. 6) If you want to portect a particular area of your site, then validate the user's login credentials every time. 7) Unexpected user input or actions can lead to application erors, giving away system information or casuing other problems. 8) Be careful about browser caching. Finally, there are no real 100% methods of trying to stop hackers, but if the worst should happen, contact your webhost for further help. --mik:P

A.I will NEVER reach the extent of suddenly plotting to kill all man, as scientists say. It is feasably impossible for a robot to be given the precise "human" or "humanoid" instinct in which to have the natural curiosity of what man has.I am not bothered by AI, infact I embrace it. As long as we are moving life forward, I think that AI is just another stepping stone, both major and minor.If you are as complex (or simple?) as me then you will understand or relate to what I believe.It does not generally matter whether or not AI will ever expand or not. If it expands, it expands. We must then deal with the consiquences (both good and bad) and if it is abandonned, then it is to be left for some event to pick up on it again.Everything is inevitable. Everything happens within or without time, space and all the other unknown forces.A little cryptic I know, but like I said, it is the way you think.--mik:P

It is concievable that the PS3 & Xbox (new) will come out on the same day. This is probably the new way in which business are competing these days.And, people who are very gaming manic will be able to buy both on the same day. Therefore, more inclined to buy games faster.I don't see as why they are constanly bringing out new consoles, one after the other. Sony have recently released the slim-line one (in the UK, the 4th quarter of 2004). And I don't like the XBox anyway, it looks like a conrete slab (at the moment) and I can't afford it nor the games.When they bring out a new console that does everything perfectly, is cheap, and has many good games that are also cheap, then I will be the manic over such hardware. Until then, I'll just bide my time.Finally, more games that are being produced for the likes of GameCube, Xbox & PS are also being developed for the PC. The difference is that to make your software work with your computer, all you have to do is upgrade it (if need be).--mik:P

I don't think that the mac minis will be much use to the company.Yes they maybe cheaper for the type of computer it is, but they are just not that leading edge.They have less features of a PC of its same price range, and it has extremely less software compatibility. People are being blinded by the new mac mini, as Macs are often considered to be 'stronger' systems.I just hope people wake up and smell the **** before it is too late.

I didn't get a chance to read the whole article completely, therefore I cannot expand on the "skirt" idea.I used the classification of the height against the Twin Towers as an example to show better the treue height of such a buidling.As well as being high, it is also pretty thick and it only apeared to have one purpose, produce electricity.Now, there must be an extremely feasable reason for the power output of such a station. It must be more than a nuclear power plant, or otherwise it wont get accepted. It is to my belief, that the designers of the station took everything into account.The station is set to be built in the Outback of Australia, and some land has already been purchased for it.I wish I had baught the magazine in which I saw it. The name of the mag is "Focus".

Oh well... the thought was there. steve

Hey Sadas, thanks for the link above.This guy has saved me a lot of work tracking down specific information. However IPv6 is not checked for in this, and I've read in the RFC that IPv4 and IPv6 are valid, but the preferred method is domain or more correctly Fully Qualified Domain Name (FQDN).What I don't understand is he's saying what is valid and what is not, then in his script he's not actually testing for what he said, he's just testing in general. Especially overlooking the formatting of how a username can appear at the beginning of an email.I would have been more impressed if he had actually worked on what's valid and what's not. Which is the whole reason for a validator, and hopefully all MTAs have all got a method of validating whether the address is formed correctly or not. Might save me even more effort in reading the RFCs further if I can just find that part of the code.Cheers,MC

I have just had to post twice, which has increased my hosting credits. The first of my posts was 90% wrong, then next was 90% correct. That means that I have basically got some hosting credits for nothing.With or without the edit button, the resultant effect will be inadventantely the same.Mis-users of the function should be warned or banned.

Please read the rules. You must first earn 10 credits or 30 credits for a more advanced package. Once that is done, you SHOULD complete the registration form for a new account. You must then continue to post valuable threads/topics/ etc to keep your site online.*Sorry, misunderstood the question.I don't believe that they include tomcat in the account. If it is an apache module, then you may be able to install it yourself.Regards,--mik

m^e, If I maybe so bold, I want to test your theory on the any state. Depending on how your altered the jump, how about inputting the correct username and password into it and seeing whether this is the case? MC

If that's not a funny scene then what is? Thanks for the hints. Now it might be possible, yet still something I may have overlooked. And there's 30 in the ban list at current. MC

dfgfdgfdgfdgfdg Notice from m^e: Spam. Warned

Hi, Now sure about some of this stuff here.... However, I found today, this site... https://www.google.com/?hl=xx-hacker&gws_rd=ssl Is it a hack after all????

Here's a post regarding me searching for the best method of email validation, one thing that may need to be altered is the length check. Which is what I never found while reading the RFCs on the situation. http://forums.xisto.com/topic/80809-topic/?findpost= As with your script, it needs to be secured a bit more, there's no checks on user input, this is by far the worse thing that you could let run by. You may also want to make the script more uptodate with whatever version you're running of PHP, if it's greater than 4.0 then you should work on making it compatible for that, avoid PHP 5 for now till it's more mainstream. I can help you on this, my email script in the above post is good from my point of view, it will check validity, but it won't check existence, that's something else we need to do. We can do that easily, by sending out a confirmation email, if it's not validated within 7 days, we should remove that entry. With full names, it's basically a similar method to the email validation, yet we make sure that information that's entered is stripped of all slashes, etc. We need to fix up the query string for the database, we've left doors open for SQL Injection and that's not a good thing, that's why we must perform checks on the data first before trying to store it in the database. There's also other things like making sure the form isn't tampered with, making sure it's being sent from the right location, etc. Cheers, MC

Thanks for that.

Not fond of VB but still was able to do this challenge under Linux, which is just a bonus, since I hate needing to switch back to Windows.Hopefully you'll bring more challenges similar to this but a bit harder, we could find all the information we needed just viewing this in a hex-editor, without needing that username and password but we could use them and still get a popup of what the key is.Cheers,MC

I can't login into my ftp not cPanel.I have a banner constantly telling me that I am suspended, yet I can still post in these forums.This is doing my nut in.Please help.

In the Australian outback, plans have been granted to build a new Solar Power Tower. The plans have been accepted and it all goes under way next year (2006).What is it?The Solar Power Tower is a massively huge building. So tall, that nothing of it's sort has ever been thought or built before. It dwarfs the once Twin Towers. The size of this mass is 1Km high. It is generally one massive Solar Power Energy mast.How does it work?The sun's light has very little to do with this new building. It is the actual heat radiation from the Sun. The building is layered in 200 "skirts" which lift while the heat expands the coils beneath. The resultant action turns the turbines, causing electricity to be produced.What about at night?This is probably the best part. During the day, whilst the heat radiation is beaming on the ground, it gathers in it. Then at night, it releases slowly. The solar power tower collects or re-radiates the energy during the abscence of the sun. Is this clever or what? I read an articl on this in the Focus mag.

Think before you post. This froum does not need slatering. If you are going to slater it, at least have some exacting evidence to back up your comments, if not, take a HIKE off a cliff. (A little extreme I know).Yours truthely,--mik

astahost : you should not call your service free as it isn't - as you demand 50 posts then in fact you are trading your service for people's content. I'm not giving you lots of content to get a bit of space. I only use free services, not paid ones that stupidly lie and pretend to be free. On yer bikes, you wrong'uns, you ignorant time wasters..............................

Religion is such a grey area. Personally, I am agnostic.And in the future, you should think about what you are going to put instead of making useless posts that serve no real purpose in life except to increase your post count. Either make valid, contributary posts / threads or don't bother.--mik

I was working on this by hand at work. All I had with me was a hexeditor and a calculator.Basically how I solved this was:I took the first 6 bytes, so I could compare it against <html> plus qwijibow metioned the password less than 7 characters.0c 42 42 42 4c 43Found it's hexadecimal equivalents3c 68 74 6d 6c 3eand started XORing it. This produced: 30 2A I stopped here 2A is the equivalent of * and I've never encountered any HTML tags that did this, I wanted to believe < was still the first character since it produced a valid hex value, so my next step was against <?xml 3c 3f 78 6d 6c 20 (including the space for 6 bytes)This produced 30 7D again I stopped here 7D is the equivalent of } So I tried <!DOC which is3c 21 44 4f 43 20 (including space)This produced 30 63 06 I stopped here 06 is not a printable character. Morale for < was getting slim but I still wanted to believe it because I really couldn't think of an HTML page that doesn't start with it, well not a valid page that is.So I tried <!-- including space and newline just for the 6 bytes, and usually how I would write it3c 21 2d 2d 20 0aThis produced 30 63 6f 6f 6c 34Which when converted to ASCII produced0cool4Now I thought this was some find, I also noticed "0cool" before I had finished putting the 4 on the end, as I have seen the movie hackers, I thought this is it, so I was going to use 0cool for the first 24 bytes to make sure but I stopped after 10 bytes. That was enough for me to believe it was correct.0c 42 42 42 4c 43 36 1f 0a 1e 7e 0c 19 0e 4c 1d 4e 51 65 50 11 27 20 2c30 63 6f 6f 6c 30 63 6f 6f 6c 30 63 6f 6f 6c 30 63 6f 6f 6c 30 63 6f 6f 6c3c 21 2d 2d 20 73 55 70 65 72 < ! - - s U p e rAnd that's when I stopped.I couldn't really explain this while at work, nor wanted to be seen doing this during work. So it was mostly written down in a text file and worked on while I wasn't as busy.And that's my story of XOR decryption of that time filling challenge. Tune in next week when I produce a program to beat this... well if I've got time, plus I want to know what is in the contents of this encrypted file :(Cheers,MC

Anyone want to provide clues to this, it is indeed hard, here's things that I need other people's understanding for:The wording tells us first we must find the guest, trick or no trick?None Shall Pass, this riddles me but what does it mean.And then what I understand, and what could help others:We have a form using the post method, with 3 fieldnames, two are shown and one is hidden.user="admin" # is there also a guest user?pass="" # this is what we want to findid="<?php echo md5($_SERVER['REMOTE_ADDR']); ?>" # one method of how this could be generated.In the header we're told there's many ambushes, you're only given one chance to get this right, although depends on the verification methods order. You'll be blocked by either IP address or the MD5 encryption of the address. Now the posted information relates back to the same page. action="<?php echo $_SERVER['PHP_SELF']; ?>" quite possibly.I can't tell if any database is being used, but there's no reason why we can't try SQL Injection on this but could this be a bit too much.Now lets assume the SQL query$query = "SELECT * FROM user WHERE user='{$_POST['user']}' AND pass='{$_POST['pass']}'";There seems to be checks performed on the posted information than anything else, especially the user. Then the next check would be to check if you were banned and if not show the page, however we may not be able to continue if we have been banned. If this is indeed SQL Injection, we have another query to check if we're banned or not.We maybe able to bypass the banned list or even better, remove it.First things first, is solving the riddle before attempting to try anything. If you have a dynamic IP, you've got better chances. Static IP, well anonymous web proxies that support the POST and GET methods if needs be.If anyone has any clues, they should share them.Cheers,MC