Planet Sysadmin

The other peculiar effects of grant funding at universities

2010-08-01T02:53:47+00:00

The other peculiar effects of grant funding at universities

A long time ago, I wrote about the power that grant funding gives people at universities. But there's a flip side to grant funding, and it is that people with grant funding often don't really have money as the business world thinks of it.

From the outside, it looks like people with grant funding are rolling in cash; they get hundreds of thousands of dollars, or even million dollar grants. From the inside, though, that money is almost entirely tied down for very specific things. Professors do not get to go to grant agencies, tell them 'I would like to do this promising research; it will take about $200K', and walk away with $200K in their research account that they can spend on anything that's necessary to do the research. Instead, both the grant requests and the grant approvals allocate all of that money to quite specific things; so much for buying servers, so much for storage, so much for network switches, so much to pay two people for a year, and so on.

So far, this may sound just like the budgeting process for a department in a company. But here's the kicker for grant funding: you are legally required to only spend the money on what it was approved for. Does it turn out that two people for a year isn't what you actually needed, or you need more servers and less storage than you thought? Do you have a sudden emergency need for money in some other area of the project? Tough. You're pretty much stuck. There is no spending the money on what you need now and justifying it later, or even going to your boss and saying that you'd like to shift the specific allocations around and here's why.

(Naturally there is an entire cottage industry of figuring out how to slide what you really need into the grant's funding categories in a way that will pass auditing, if you ever get audited. For example, just how much disk space does a server have to have before you can say with a straight face that you bought it for storage, not as a compute server?)

One thing that combines somewhat unhappily with this is that grant agencies generally have restrictions on what sort of things they will fund. There is of course an art to describing what you really need in a way that the grant agency will approve funding for and that you can spend the resulting money on with a straight face.

(Sometimes they also effectively have restrictions on who you can buy from, where in theory you can buy from any vendor that is willing to go to the effort but in practice only a few vendors are interested enough to brave the bureaucracy.)

There are sources of relatively unconstrained grant funding, but they are generally not very large when compared to the constrained sort. Generally all of the big ticket grants that sound so impressive are going to come with lots of restrictions on what that money can actually be used for.

(Ie, it is not so much money as somewhat fuzzy things that haven't shown up on the loading dock yet.)

UNIX Text Processing

2010-07-31T16:30:23+00:00

I am at the library in Minneapolis and I just ran across UNIX Text Processing which you can buy for less than a single USD. Buy that book and my work here is done.

Google App Inventor

2010-07-31T13:27:45+00:00

At the SAAD-NYC event last night I explained how Google App Inventor lets you make apps for Android phones without knowing how to program. It was beta tested "mainly in schools with groups that included sixth graders, high school girls, nursing students and university undergraduates who are not computer science majors."

He said, "Why haven't you written about this amazing thing on your blog?"

I dunno! So here. I'm mentioning it now.

(I think the NY Times article is the best overview.)

Happy, Jim?

Linux on IBM x3650 M2: Online Hardware RAID Re-Configuration Using MegaRAID Storage Manager

2010-07-31T12:21:51+00:00

Objective To perform online reconfiguration of hardware RAID in Linux system. Prologue I have an IBM x3650 M2 with 6 physical hard disks (slot 0-5, 146GB each) and all of the hard disks have been configured as RAID 1 (slot 0 & 1 as 1 set of RAID, slot 2 & 3 as 1 set [...]

SMF/FMA Update

2010-07-31T10:27:25+00:00

A rather large and interesting putback for SMF/FMA related technologies went into Open Solaris yesterday. It will be available in build 146.

PSARC/2009/617 Software Events Notification Parameters CLI
PSARC/2009/618 snmp-notify: SNMP Notification Daemon for Software Events
PSARC/2009/619 smtp-notify: Email Notification Daemon for Software Events
PSARC/2010/225 fmd for non-global Solaris zones
PSARC/2010/226 Solaris Instance UUID
PSARC/2010/227 nvlist_nvflag(3NVPAIR)
PSARC/2010/228 libfmevent additions
PSARC/2010/257 sysevent_evc_setpropnvl and sysevent_evc_getpropnvl
PSARC/2010/265 FMRI and FMA Event Stabilty, 'ireport' category 1 event class, and the 'sw' FMRI scheme
PSARC/2010/278 FMA/SMF integration: instance state transitions
PSARC/2010/279 Modelling panics within FMA
PSARC/2010/290 logadm.conf upgrade
6392476 fmdump needs to pretty-print
6393375 userland ereport/ireport event generation interfaces
6445732 Add email notification agent for FMA and software events
6804168 RFE: Allow an efficient means to monitor SMF services status changes
6866661 scf_values_destroy(3SCF) will segfault if is passed NULL
6884709 Add snmp notification agent for FMA and software events
6884712 Add private interface to tap into libfmd_msg macro expansion capabilities
6897919 fmd to run in a non-global zone
6897937 fmd use of non-private doors is not safe
6900081 add a UUID to Solaris kernel image for use in crashdump identification
6914884 model panic events as a defect diagnosis in FMA
6944862 fmd_case_open_uuid, fmd_case_uuisresolved, fmd_nvl_create_defect
6944866 log legacy sysevents in fmd
6944867 enumerate svc scheme in topo
6944868 software-diagnosis and software-response fmd modules
6944870 model SMF maintenance state as a defect diagnosis in FMA
6944876 savecore runs in foreground for systems with zfs root and dedicated dump
6965796 Implement notification parameters for SMF state transitions and FMA events
6968287 SUN-FM-MIB.mib needs to be updated to reflect Oracle information
6972331 logadm.conf upgrade PSARC/2010/290

It's the indirect failure modes that will get you

2010-07-31T06:53:57+00:00

It's the indirect failure modes that will get you

The University of Toronto's Internet link went down recently (well, became really slow and lossy, so we may just be being DDoS'd or something). I'm at home, so when I noticed the link problems I shrugged and carried on; it's not as if my home machine depends on stuff from work, so I didn't expect anything beyond the annoyance of not being able to get to work networks.

(Although the network being unreachable was going to be somewhat inconvenient, since I had a WanderingThoughts entry to write.)

Except that all of my web browsing was achingly slow. Epically, totally slow. Pages would only come up very slowly, or come up but the browser would say they were still loading. This was quite puzzling; my network link wasn't busy and it's not as if I proxy my web traffic through work. A check of my DNS setup confirmed that I was using my local caching DNS server and that server wasn't bouncing everything through work.

And then I looked at my DNS server's query logs:

[...] query [...] www.flickr.com.cs.toronto.edu.
[...] query [...] www.flickr.com.toronto.edu.
[...] query [...] www.flickr.com.

An uncomfortable light dawned. I had work's domains configured as my search domain list in /etc/resolv.conf and I had the ndots option set very high (for bad reasons), so every hostname resolution attempt was trying several university domains first. Normally I don't notice these because I promptly get negative answers from work's nameservers, but with the university's Internet link down those queries instead had to time out before the lookup could move on to trying the real name.

It turns out that modern web pages use a lot of different things from a lot of different domains. When each of these domains takes plural seconds to resolve, loading pages gets really slow. Slow on the initial load (as the browser resolves the actual website IP address) and then slow to finish, as the browser tries to fetch additional resource after additional resource.

This isn't a direct failure mode, where I was routing traffic through work; instead it was an indirect failure mode, where a couple of configuration options had an inobvious effect that was itself relatively invisible in normal operation. Direct failure modes are easy to see and relatively easy to remember; you can, for example, see that all of your traffic goes over your VPN to work, a VPN that is not working. Indirect failures are much less obvious and so are much more interesting (in the sense of causing excitement) and hard to notice in advance.

Sidebar: my `ndots` mistake

Many years ago when I first ran into the ndots option in resolv.conf, either it behaved differently than it does today or I just wound up with a mistaken impression about how it works. Back then, I believed that queries for names with at least ndots dots in them entirely ignored the resolv.conf search path and only ever looked up the absolute hostname. Since we love using abbreviated hostnames around here and local subdomains can have any number of dots in them, this implied that essentially no small value of ndots was safe. Thus I set a very large one and grumbled, and carried all of this forward when I configured my home machine.

This is not how ndots works today; today, ndots just sets the point at which the resolver will try an absolute hostname before trying your search path instead of only trying an absolute hostname only after running all the way through it. This is safe, and implies that an ndots of 2 is generally what I want (since I make frequent use of '<host>.<subdomain>' to refer to various machines at work).

BAR - Backup application

2010-07-31T06:06:42+00:00

What is BAR?

From application author

BAR is backup archiver program. I developed this program after I could not find a simple to use archiver program to create compressed and encrypted archives of my files which can be stored on a cd or dvd. While I devoped the program - development is still not finished - I added some more useful features. Now I use the program to make automated backups from all my files either on dvd or directly via an Internet connection to a file server.

(...)
Read the rest of BAR - Backup application (241 words)

© admin for Ubuntu Geek, 2010. | Permalink | 2 comments | Add to del.icio.us
Post tags: bar Backup application ubuntu, desktop, install bar Backup application ubuntu

How important is system administration?

2010-07-30T21:50:00+00:00

It is trite to say that society is more than ever dependent on technology.

But consider this...

I work in New York City. Experts claim NYC has a 3-day food supply. That is, if all the bridges and tunnels were closed on Monday, 8 million people would be without food by Wednesday night. Scary, right?

The food that comes to NYC is brought by trucks that are scheduled using big IT systems that manage logistics. In fact, from the farm to the table, logistics and supply chain technology is required at the huge scale we do things now a days.

While NYC might be an extreme case, the same technology-dependent food system is probably what you rely on too.

This dependency is true for the delivery of nearly all services: healthcare, governance, media, security and defense.

If you want to make the world a better place, if you want to "save the world", wouldn't it be impactful to make all of those services run more efficiently? Scaled ahead of demand? Detected problems, routed around them automatically, and repaired them quickly?

That's what system administrators do.

We don't do it alone. System administration is a team sport. We are the pivot point between customers of technology and people. As "technician brokers we often find ourselves with "responsibility without authority"". Our work is highly collaborative even though the tools we use come from vendors that assume we work alone.

Our work is risky and stressful. I don't think non-sysadmins realize how risky and how stressful it is.

Today is System Administrator Appreciation Day. I feel a little weird celebrating a day that we created to ask for appreciation. Secretaries didn't invent Secretary's Day (thought I think Hallmark did). On the other hand, I do firmly believe that it is important for sysadmins to create their own positive visibility. When we do our job well we are invisible. When you have a job like that, you need to do your own PR.

And with a job as important as system administration, we should be doing that every day.

Tom Limoncelli

P.S. I'll be doing my Time Management training (and other classes too!) a lot in the next 6 months: August (Tasmania, SAGE-AU), November (Los Angles, MacTechConf), November (San Jose, Usenix LISA), January (San Francisco, TBD). I hope to be at the Sept meeting of my local sysadmin users group LOPSA-NJ.

IMG_0045 [Flickr]

2010-07-30T20:55:33+00:00

aallan posted a photo:

IMG_0044 [Flickr]

2010-07-30T20:55:22+00:00

aallan posted a photo:

IMG_0038 [Flickr]

2010-07-30T20:55:06+00:00

aallan posted a photo:

IMG_0031 [Flickr]

2010-07-30T20:54:56+00:00

aallan posted a photo:

IMG_0023 [Flickr]

2010-07-30T20:54:45+00:00

aallan posted a photo:

Sci Foo 2010

2010-07-30T21:33:42+00:00

I'm currently on my way to the Googleplex for this year's Science Foo Camp (SciFoo). Based on the original O'Reilly Foo Camp unconference model, there's no agenda until the first evening when the attendees collectively create one, SciFoo is a gathering of "leading scientists, technologists, writers and other thought-leaders" for a weekend of discussion, demonstration and debate.

From SciFoo 2009 - Charlotte Stoddart
I'm absolutely amazed and delighted to be here for SciFoo amougst some great people, it's going to be an amazing weekend...

XSS vulnerability in Campsite

2010-07-30T19:44:19+00:00

Vulnerability ID: HTB22494 Reference: Product: Campsite Vendor: Sourcefabric o.p.s ( ) Vulnerable Version: 3.3.6 and Probably Prior Versions Vendor Notification: 16 July 2010 Vulnerability Type: XSS (Cross Site Scripting) Status: Fixed by Vendor Risk level: Medium Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing Vulnerability Details: User can execute arbitrary JavaScrip

XSS vulnerability in Campsite

2010-07-30T19:38:12+00:00

Vulnerability ID: HTB22495 Reference: Product: Campsite Vendor: Sourcefabric o.p.s ( ) Vulnerable Version: 3.3.6 and Probably Prior Versions Vendor Notification: 16 July 2010 Vulnerability Type: XSS (Cross Site Scripting) Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response Risk level: Medium Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing Vulnerability Details:

XKCD, let's see how we did...

2010-07-30T19:31:50+00:00

The blue underlines are items that are on our front page, the gold underlines are items that are linked directly from the front page. I happen to know you can get to some of the other items directly from the front page, but they're not labeled in any way that you'd ever expect to get there from the top. I marked those in psychic white.

University front pages are a mismash of competing goals.

Current students looking for information
Marketing: attracting new students
Marketing: keeping Alumni engaged and giving
Marketing: attracting community interest in campus events

This is why we have a large, hard to miss link on the right side of the page for logging in to MyWestern. That's our portal where more of the right-side venn-diagram stuff can be found.

ESA-2010-012: EMC Disk Library (EDL) Denial Of Service Vulnerability

2010-07-30T19:29:40+00:00

Hash: SHA1 ESA-2010-012: EMC Disk Library (EDL) Denial Of Service Vulnerability CVE Identifier: CVE-2010-2633=20 EMC Identifier: ESA-2010-012=20 Severity Rating: CVSS v2 Base Score: 7.1 Affected Software:=20 EMC SW: EMC Disk Library (EDL) earlier than 3.2.7=20 EMC SW: EMC Disk Library (EDL) 3.3.x=20 EMC SW: EMC Disk Library (EDL) 4.0.x=20 Vulnerability Summary:=20 A vulnerability exists i

Happy SysAdmins Day

2010-07-30T18:25:00+00:00

Its that time of the year again. Happy SysAdmin Day everyone.

If today is dragging, might want to refresh your memory of the great OddTodd... always a pick-me-up.

Top 10 Reasons Why I Avoided Twitter for so Long

2010-07-30T17:14:45+00:00

I don’t care about what you’re doing.
You don’t care about what I’m doing.
I don’t want to use anything that has the word “twit” in it.
I was scared to use anything that Britney Spears is known to use.
I don’t like being stalked and murdered (See 10 reasons why I don’t like FaceBook)
I don’t want to accidentally geo tag my posts and have everyone know that I shop at ALDI.
The concept of random people following me, listening to what I’m saying and not speaking to me directly is something that I’ve been trained by my culture to consider as a precursor to a violent attack and thus avoid.
My attention span is already microscopic enough and I don’t want to throw mental alum on it by consistently thinking in 140 characters. kthxbai.
I don’t need to start using yet another web based service that has availability issues. Google and EC2 are about all I can handle, thankyouverymuch.
Tweets are like IMs that are public and never go away. Ever. Think about that for a few minutes. Yeah, it scared me really bad too.

Do you tweet? Post your Twitter name below. Do you not have a Twitter account? What are your reasons for avoiding it?

Being the WTF person

2010-07-30T17:06:35+00:00

At both this job and my last one I have ended up becoming the WTF person. The WTF person is the person people go to when things are acting strangely, they can't figure it out, and need another set of eyes. Preferably a set of eyes with a reputation for pulling rabbits out of hats.

WTF people are the kind of people that end up on level 2 or 3 tech support, because that's who you want to have at that level. People who solve weird stuff.

At a place like ours where the support relationships are largely informal, at least among people who dink around with servers, the concept of L2 or L3 support doesn't really exist. It manifests as phone-calls or emails from people with strange questions, looking for leads in their own inquiries. Or in the case of my immediate co-workers, a head poked around the door, and, "I'm lost, can you take a look?"

As I alluded to before, becoming the WTF person takes time. You have to make some awesome saves so people notice, and then continue to crack weird, hard to describe problems. It helps a lot to have a deep understanding of the technology you work with. I suspect being ebullient about how you found the problem and describing the problem once it was resolved helps in this.

Once you get there, though, you do get passed some strange, strange things. I've been asked advice on figuring out how something broke in that specific way when the symptoms described... have no causal relationship I can think of. I also get passed weird questions in areas I don't know much about (MS Office for one), but at least those can be deflected.

Honest to goodness bugs are perhaps the hardest to figure out. These are problems that take a few conditions to set up, and it isn't always clear that those conditions are in place. This skill got a lot of work back when I was working on the OES2 SP1 beta. On software that's already been through a beta-test and perhaps a service-pack or two, the bug conditions can be very arcane.

One-man IT shops tend to attract WTF people, simply due to the breadth and complexity of the environment. People who thrive in such environments definitely are. They do a little bit of everything, which sets them up to make connections that other people miss.

At the other end of the IT spectrum, highly specialized IT people in large organizations, you still find WTF people. They're perhaps not as common, but they do exist. And strange but awesome synchronicities can occur if WTF people from different specialties start hammering on a problem together. This kind of thing sometimes happens when I talk to L2/3 vendor-support.

I'm proud to see this happen, even if in the moment I'm also going WTF?? in my head.

Google Apps highlights – 7/30/2010

2010-07-30T17:39:59+00:00

This is part of a regular series of Google Apps updates that we post every couple of weeks. Look for the label “Google Apps highlights" and subscribe to the series. - Ed.

Over the last couple of weeks, we introduced several new capabilities in Google Docs for documents and drawings, and added the ability for organizations to tailor Google Apps to meet the needs of different groups within their organizations. We also launched a new version of Google Apps to meet the security and policy needs of government agencies in the U.S.

Document translation and undo smartquotes in Google Docs
On Tuesday we introduced automatic document translation to the new document editor in Google Docs. This allows you to instantly convert your document into any one of the 53 languages, powered by the technology behind Google Translate. And while we were at it, we added the ability for you to change smartquotes—angled quotation marks—back to straight quotation marks by pressing Ctrl-Z (Cmd-Z on a Mac).

Zoom and more in drawings
Last Monday, we also made improvements to the drawing editor in Google Docs, too. You can zoom in several different ways now: with the toolbar zoom icon, by drawing a rectangle around the area to zoom, zoom options in the “View” menu and with zoom keyboard shortcuts. We also introduced several changes to the shape-drawing tools, including pie and arc drawing improvements, the ability to duplicate shapes while resizing and rotating, new line ending decoration controls and new style options for the corners of shapes.

User policy management
One of the top requests from businesses, organizations and schools using Google Apps has been the ability to enable different applications for different groups within the organization. For example, a K-12 school may choose not to give Chat to students, but still allow faculty and staff to instant message with each other. Last Tuesday we launched user policy management, which lets administrators divide their users in to organizational units, and give each group access to different sets of services.

Google Apps for Government now available
On Monday we announced Google Apps for Government, a new version of Google Apps specifically tailored to the policy and security needs of federal, state and local governments in the United States. In addition to the applications and administrative controls available in the business edition of Google Apps, the service for government agencies has received Federal Information Security Management Act (FISMA) certification and accreditation from the U.S. General Services Administration, the first such certification for any cloud computing messaging and collaboration suite.

Who’s gone Google?
To go along with the launch of Google Apps for Government, we’re excited to share stories from two government organizations who are now using Google Apps. The U.S. Navy InRelief program is using Google Apps to improve coordination in disaster relief efforts, and the Berkeley Lab, a member of the National Laboratory system supported by the U.S. Department of Energy, is using Google Docs and Sites to support better collaboration among scientists and researchers.

We’re also thrilled to welcome another new crop of schools to Google Apps. Haverford College, Wayne County Community College District and Westwood College are all going Google!

I hope you're making the most of these new features, whether you're using Google Apps with friends, family, coworkers or classmates. For more details and updates from the Apps team, head on over to the Google Apps Blog.

Posted by Jeremy Milo, Google Apps Marketing Manager

iPhone 4 launch in Canada

2010-07-30T16:31:43+00:00

Today the iPhone 4 launched in Canada. I decided to stop by the Vancouver Apple Store in Pacific Centre to check out the action.

People were lined up outside Pacific Centre, down Granville Street almost to Denman. Apple Store employees were generally milling about. One was handing out iPhone 4 cupcakes!

Inside Pacific Centre the line to the Apple Store was just as long. People had started lining up at 1 in the morning for this!

When I got to the front of the line the store was already open, before the mall’s normal opening of 10am. People were being let in one at a time to buy their new shiny toys. The benches at the front were set up with the new iPhones, and the banners and advertising was already up.

After spending 20 minutes hanging about, I got bored and checked out. I didn’t get a cupcake.

Thank you.

2010-07-30T15:48:19+00:00

If you’re reading this, you’re probably an IT administrator of some sort (or want to be one). So thank you. Thank you for making your own part of the internet go. Sure, I’m an administrator, but I also use the internet, and without people like yourself, I wouldn’t be able to write this page, or make a telephone call, or talk to people on IM or twitter, or do any one of a countless number of things that I take for granted every day.

Thank you to all of the system, network, telephony, storage, application, and general IT administrators out there who make our modern life possible.

Day of bugs in WordPress 2

2010-07-30T15:38:52+00:00

Hello Bugtraq! I want to inform readers of the list about new project - Day of bugs in WordPress 2 - which I'll conduct at 30.07.2010, which I already announced today at my site. After conducting of Month of Search Engines Bugs in June 2007 and Month of Bugs in Captchas in November 2007, I switched to smaller and less time-consuming, but still very interesting projects, which I called "Day of

Akamai Download Manager arbitrary file download & execution

2010-07-30T15:31:29+00:00

Akamai Download Manager arbitrary file download & execution Yorick Koster, April 2009 Abstract Akamai's Download Manager allows attackers to download arbitrary files onto a user's desktop. Using a so-called "blended threat" attack it is possible to execute arbitrary code. This attack affects the ActiveX control as well as the Java applet. Tested version This issue was tested on Akamai Down

Insomnia : ISVA-100730.1 - CMS Multiple SQL injection Vulnerabilities

2010-07-30T15:26:16+00:00

Insomnia Security Vulnerability Advisory: ISVA-100730.1 Name: EasyManage CMS Multiple SQL injection Vulnerabilities Released: 30 July 2010 Vendor Link: Affected Products: Easy Manage CMS Original Advisory: Researcher: James Burton, Insomnia Security _______________ Description _______________ EasyManage Content Management System is a modular

Tribalism is the enemy within

2010-07-30T12:32:34+00:00

Tribalism is when one group of people start to think people from another group are “wrong by default”. It’s the great-granddaddy of racism and sexism. And the most dangerous kind of tribalism is completely invisible: it has nothing to do with someone’s “birth tribe” and everything to do with their affiliations: where they work, which sports team they support, which linux distribution they love.

There are a couple of hallmarks of tribal argument:

1. “The other guys have never done anything useful”. Well, let’s think about that. All of us wake up every day, with very similar ambitions and goals. I’ve travelled the world and I’ve never met a single company, or country, or church, where *everybody* there did *nothing* useful. So if you see someone saying “Microsoft is totally evil”, that’s a big red flag for tribal thinking. It’s just like someone saying “All black people are [name your prejudice]“. It’s offensive nonsense, and you would be advised to distance yourself from it, even if it feels like it would be fun to wave that pitchfork for a while.

2. “Evidence contrary to my views doesn’t count.” So, for example, when a woman makes it to the top of her game, “it’s because she slept her way there”. Offensive nonsense. And similarly, when you see someone saying “Canonical didn’t actually sponsor that work by that Canonical employee, that was done in their spare time”, you should realize that’s likely to be offensive nonsense too.

Let’s be clear: tribalism makes you stupid. Just like it would be stupid not to hire someone super-smart and qualified because they’re purple, or because they are female, it would be stupid to refuse to hear and credit someone with great work just because they happen to be associated with another tribe.

The very uncool thing about being a fanboy (or fangirl) of a project is that you’re openly declaring both a tribal affiliation and a willingness to reject the work of others just because they belong to a different tribe.

One of the key values we hold in the Ubuntu project is that we expect everyone associated with Ubuntu to treat people with respect. It’s part of our code of conduct – it’s probably the reason we *pioneered* the use of codes of conduct in open source. I and others who founded Ubuntu have seen how easily open source projects descend into nasty, horrible and unproductive flamewars when you don’t exercise strong leadership away from tribal thinking.

Now, bad things happen everywhere. They happen in Ubuntu – and because we have a huge community, they are perhaps more likely to happen there than anywhere else. If we want to avoid human nature’s worst consequences, we have to work actively against them. That’s why we have strong leadership structures, which hopefully put people who are proven NOT to be tribal in nature into positions of responsibility. It takes hard work and commitment, but I’m grateful for the incredible efforts of all the moderators and council members and leaders in LoCo teams across this huge and wonderful project, for the leadership they exercise in keeping us focused on doing really good work.

It’s hard, but sometimes we have to critique people who are associated with Ubuntu, because they have been tribal. Hell, sometimes I and others have to critique ME for small-minded and tribal thinking. When someone who calls herself “an Ubuntu fan” stands up and slates the work of another distro we quietly reach out to that person and point out that it’s not the Ubuntu way of doing things. We don’t spot them all, but it’s a consistent practice within the Ubuntu leadership team: our values are more important than winning or losing any given debate.

Do not be drawn into a tribal argument on Ubuntu’s behalf

Right now, for a number of reasons, there is a fever pitch of tribalism in plain sight in the free software world. It’s sad. It’s not constructive. It’s ultimately going to be embarrassing for the people involved, because the Internet doesn’t forget. It’s certainly not helping us lift free software to the forefront of public expectations of what software can be.

I would like to say this to everyone who feels associated with Ubuntu: hold fast to what you know to be true. You know your values. You know how hard you work. You know what an incredible difference your work has made. You know that you do it for a complex mix of love and money, some more the former, others the more latter, but fundamentally you are all part of Ubuntu because you think it’s the most profound and best way to spend your time. Be proud of that.

There is no need to get into a playground squabble about your values, your ethics, your capabilities or your contribution. If you can do better, figure out how to do that, but do it because you are inspired by what makes Ubuntu wonderful: free software, delivered freely, in a way that demonstrates real care for the end user. Don’t do it because you feel intimidated or threatened or belittled.

The Gregs are entitled to their opinions, and folks like Jono and Dylan have set an excellent example in how to rebut and move beyond them.

I’ve been lucky to be part of many amazing things in life. Ubuntu is, far and away, the best of them. We can be proud of the way we are providing leadership: on how communities can be a central part of open source companies, on how communities can be organised and conduct themselves, on how the economics of free software can benefit more than just the winning distribution, on how a properly designed user experience combined with free software can beat the best proprietary interfaces any day. But remember: we do all of those things because we believe in them, not because we want to prove anybody else wrong.

10 awesome sysadmins and devops

2010-07-30T11:53:27+00:00

It’s Sysadmin Appreciation Day, so here is my personal list of the most interesting and influential sysadmins and devops folk that I know (in alphabetical order, not order of merit). If you are on Twitter, you need to be following these people, and all of them are also excellent bloggers as well as awesome sysops / devministrators / tech gods.

1. James Turnbull (@kartar)

James is Director of Operations at Puppet Labs and the author of the excellent Pulling Strings With Puppet book, among others. His Twitter feed has lots of useful news and info about Puppet.

2. John Allspaw (@allspaw)

John is VP of Technical Operations at Etsy and former ops supremo at Flickr. His Kitchen Soap blog is a must-read for those interested in web operations.

3. Kris Buytaert (@KrisBuytaert)

Kris is a Linux and open source expert, currently Senior Consultant at Inuits. His blog, Everything is a Freaking DNS problem, is required reading for devops and sysadmins.

4. Lindsay Holmwood (@auxesis)

Lindsay is the author of Cucumber-Nagios and the Flapjack monitoring system. Currently Senior Engineer at Bulletproof Networks, Lindsay is frequently to be seen at conferences, speaking on deployment, configuration management, testing, and automation.

5. Matt Simmons (@standaloneSA)

Matt is the author of the respected Standalone Sysadmin blog and a frequent Twitterer, organiser of the SysAdmin Day Meetup in NYC, and full of valuable tips and information.

6. Matthias Marschall (@mmarschall)

Matthias is tech lead for helpster and co-editor of the must-read Agile Web Operations blog. He writes frequently on devops, kanban, and Agile techniques, and describes himself as “passionate about simplicity and agility in web development”.

7. Patrick Debois (@patrickdebois)

Patrick is the founder of the DevOpsDays conference and a hard-working consultant, developer, network specialist, system administrator, tester and project manager. His blog, Just Enough Developed Infrastructure, is full of interesting and thoughtful articles on the devops movement and how operations fits into the bigger picture.

8. RI Pienaar (@ripienaar)

RI is a sysadmin, Ruby developer and Puppet expert; the author of MCollective, a popular server management framework, he is also co-founder of the London DevOps group, a frequent speaker on sysadmin topics, and reliably ever-present on the #puppet IRC channel.

9. Stephen Nelson-Smith (@LordCope)

Stephen is an experienced tech leader and consultant, founder of Atalanta Systems and author of the excellent Agile Sysadmin blog, which regularly features useful articles on open source software and agile operations.

10. Tom Limoncelli (@yesthattom)

Tom is co-author of The Practice of System and Network Administration, an invaluable book which is, or should be, on all good sysadmins’ desks, along with his Time Management for System Administrators. His blog at EverythingSysadmin is likewise essential reading.

Image by Robot Comics

A little modern Unix twitch

2010-07-30T05:49:44+00:00

A little modern Unix twitch

Every so often, I just want to read a file (or a bunch of files) without doing anything to them. I have all sorts of reasons for this; sometimes I want to prime the OS's disk cache, or I want to time the file read speed, or I want to put some IO load on the system, or any number of other reasons (the worst is to just update the file atimes). The common element is that I don't care what happens to the file data after it gets read off the disk, so I dump it in /dev/null.

When I do this these days, I never do the redirection to /dev/null in the same process that is doing the reading; instead, I always feed things through a pipe. In other words, instead of running:

cat file >/dev/null

I run:

cat file | cat >/dev/null

This is completely wasteful and annoying, but the problem with not doing this is that far too many commands and Unix systems are too smart for their own good these days; there are all sorts of things that notice you are writing to /dev/null and optimize away all of that read IO that I want to happen. Putting a pipe in the middle kills all of those optimizations because no matter how optimized the writer is, the data has to go across the pipe which means that the reader has to actually read it.

Sometimes this is unnecessary paranoia, but it's easier to be paranoid and slightly inefficient all of the time than to try to remember when I can be completely efficient and when I can't be. (It's not as if an extra cat process really matters on any modern system.)

Sidebar: How this optimization can happen naturally

I can't swear that I'm remembering something that actually happened in a real Unix, but here's an example of how this sort of stuff can get optimized without any individual component being too crazy. You need two pieces:

a version of cat that prefers to work by mmap()'ing each source file and then write()'ing it to the output in one go.
This is less absurd than it sounds; when mmap() was first introduced, a lot of people became very enthused about using it on everything (which sometimes led to fun bugs when these programs were asked to work on something that couldn't be mmap()'d). You can even argue that this version of cat is better because it doesn't try to guess the right buffer size, it just defers everything to the operating system.
(If the kernel has bits of the file in kernel buffers, it can even do 'zero copy' IO, where it doesn't have to copy things to user level on a read() only to immediately copy them back into the kernel on the following write().)
a kernel that optimizes write()'s to /dev/null by not actually copying data from the user level process into the kernel only to then discard it; instead, it just checks that the buffer given to it is a valid one and then returns immediate success.

When the file is mmap()'d, nothing is immediately read from disk; instead the reads will happen when the mapped pages are touched and produce virtual memory faults. If you wrote to a real file, this would happen when the write() started copying data from your process into kernel buffers; however, because the write() to /dev/null never does this copy, it never causes any page faults on the mapped pages and thus never does any IO to read the source file. Ergo, 'cat file >/dev/null' does nothing real and runs startlingly fast.

It's hard to argue with either of these optimizations in isolation (apart from the whole issue of hitting everything with the mmap() stick), but when they combine together you get an unfortunate result.

High Speed Network Authentication Cracking Tool - Ncrack

2010-07-30T04:27:26+00:00

Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its

Event: System Administrator Appreciation Day 2010 in New York

2010-07-30T00:09:47+00:00

On each last Friday of July the annual System Administrator Appreciation Day is taking place.

Matt Simmons organized a SysAdmin Day Meetup to celebrate this event in New York. If you’re in New York on 30th of July consider registering yourself (it’s free and takes just a few seconds).

If you are participant of the Debian Conference in New York and are already hacking at the DebCamp you might want to join our group of Debian people who plan to show up, currently consisting of Paul Wise, Lars Wirzenius, Thomas Lange and myself. If you plan to join please ping me so we can show up at the SysAdmin Day Meetup together.

[SECURITY] [DSA 2077-1] New openldap packages fix potential code execution

2010-07-29T20:01:18+00:00

Hash: SHA1 - Debian Security Advisory DSA-2077-1 security@debian.org Florian Weimer July 29, 2010 - Package : openldap Vulnerability : several Problem type : remote Debian-specific: no CVE Id(s) : CVE-2010-0211 CVE-2010-0212 Two remote vulnerabilities have been discovered in OpenLDAP. The Common Vulnerabilit

NYC-area Sysadmins: free beer!

2010-07-29T19:28:08+00:00

Matt at the Standalone-Sysadmin Blog announced that Etsy has offered to buy the first $x of beer at the NYC Sysadmin Appreciation Day event on Friday (tomorrow). "x" is a lot. We need your help to drink it all.

At last year's event a number of people told me they wished they had brought copies of my books so they could get autographs. I'll be bringing a pen this year to help facilitate this. Please get to me before too much beer

More info about the event in NYC here: http://www.standalone-sysadmin.com

Dell and HP Continue Supporting Solaris

2010-07-29T19:28:04+00:00

New announcement about Solaris support on non-Oracle servers:

Oracle today announced Dell and HP will certify and resell Oracle Solaris, Oracle Enterprise Linux and Oracle VM on their respective x86 platforms.

Customers will have full access to Oracle’s Premier Support for Oracle Solaris, Oracle Enterprise Linux and Oracle VM running on Dell and HP servers. This will enable fast and accurate issue resolution and reduced risk in a company’s operating environment.

Customers who subscribe to Oracle Premier Support will benefit from Oracle’s continuing investment in Oracle Solaris, Oracle Enterprise Linux and Oracle VM and the resulting innovation in future updates.

[HITB-Ann] Reminder: HITB2010 Malaysia Call for Papers Closing August 9th

2010-07-29T18:47:11+00:00

This is a reminder that the Call for Papers for Asia's largest network security event, HITBSecConf2010 - Malaysia is closing on the 9th of August!= This will be a QUAD TRACK conference featuring 2 dedicated tracks focusing on cutting edge attack and defense techniques, a track with dedicated hands-on lab sessions and a brand new lightning talk segment! HITB CFP: =3D=3D=3D Venue: Crowne Plaza

Cool things I saw at SIGGRAPH 2010 exhibition hall

2010-07-29T17:14:08+00:00

SIGGGRAPH 2010

Trip Report of Cool Things Aleksey Saw in the Exhibition Hall

(Coolest stuff at the top.)

- FusionIO had the coolest demo!! 1500 DVD-quality videos streaming
from a single Fusion IO (RAM-based) 640 GB drive displayed onto a large
virtual screen (composed of 16 - that's 4x4 large displayes). all 1500
videos were displayed simultaneiously in tiny little rectangles.

- Digital Double Agency - a French company (www.adnda.com) used to capture
your face (three sessions of 4 hours each) and a wide variety of facial expression; and capture your voice; and then the double can talk and interact -- so you can capture a celebrity's likeness and have the digital double act in movies; or so you can have an avatar online.

Etsy Now Sponsoring SysAdmin Appreciation Day Event in NYC!

2010-07-29T16:15:14+00:00

Last night, I got an email out of the blue. It was from Chris Munns, sysadmin at Etsy, the home to a huge online community of people who make and sell things. The email basically asked if there was any way that Etsy could help sponsor the SysAdmin Appreciation Day event! Excellent.

The only question in my mind was, what kind of sponsorship would our event need? In the end, it winds up being a bunch of system administrators sitting around drinking, swapping war stories. I told them as much, and Chris responded:

Hey Matt,
Chad Dickerson who is the CTO here at Etsy was actually the one who wanted to us to help sponsor/participate. We were wondering if maybe we could just throw some money in for drinks on behalf of Etsy?

- Chris

Pick up some of the bar tab? Well, ok!

After some more discussion, we’ve got it settled down, and I am happy to say that Etsy is contributing a very significant amount towards our bar tab tomorrow. I’m not going to say how much just yet, because I haven’t worked out how it’s going to be handled, but I’ll be surprised if anyone ends up paying for a drink themselves.

A huge(!) thank you to Etsy! And if you’re wondering why a site largely dedicated to crafting cares this much about the community of System Administrators, you should read their blog, Code As Craft. They believe strongly in Dev/Ops cooperation, and they spend a lot of time on that blog discussing their infrastructure. If you’re interested in Hadoop installations and continuous deployments, I recommend you check it out.

If you were holding back because you didn’t want to spend the dough on drinks, then don’t be afraid any longer. Check out the event page, then register!

Event registration for SysAdmin Appreciation Day – NYC powered by Eventbrite

How to View bash shell history and Change bash history file size in Ubuntu

2010-07-29T15:19:08+00:00

The Bash shell is the default shell environment in most Linux distributions, including all flavours of Debian. One default feature of the Bash shell is to record a history of all the commands entered by a user in a log file called .bash_history, found in the user’s home directory.
(...)
Read the rest of How to View bash shell history and Change bash history file size in Ubuntu (143 words)

© admin for Ubuntu Geek, 2010. | Permalink | 2 comments | Add to del.icio.us
Post tags: Change bash history file size in Ubuntu, desktop, how to View bash shell history ubuntu, View bash shell history ubuntu

CFP NcN 2010

2010-07-29T15:06:02+00:00

* No cON Name 2010 Congress Call For Papers * Congress http://noconname.org October: 20,21 Trainings http://noconname.org October: 18,19 ** What is No cON Name ** This congress is aimed at system and network administrators, programmers, experts and/or security auditors, and also independent self-taught computer security experts. All of them with the sa

Rails and Snowmen

2010-07-29T15:03:52+00:00

People have started to notice that Rails is adding a snowman to their URLs. There even is now a website devoted to this.

These types of social implications of technical decisions fascinate me. Here’s some further background that I have pieced together. I may have some details wrong, corrections welcome.

For starters, Rails by default standardizes on utf-8 for web pages. As with pretty much everything in Rails, you can change the default, but virtually nobody does. Utf-8 is a good choice here, and certainly is better than iso-8859-1 or win-1252.

Rails provides the encoding information on the Content-Type header, and on the accept-charset attribute. Under normal circumstances, this will cause all responses to be encoded as utf-8, across all commonly used browsers. Yes, including IE.

Most pages in Rails are produced using templates, and generally these templates are not the problem. Data in those templates typically come from databases, and sometimes data can get into databases that isn’t 100% pure and clean. In particular, sometimes this data may have encoding errors. Such errors can easily become visible when that data is displayed in a form.

Browser recovery strategies vary on encoding errors, but often involve displaying a diamond with a question mark in it.

User behavior varies in the presence of such errors, but a common reaction is to switch the encoding.

The trouble starts when the user then proceeds to submit the form. The net result, with some browsers, is that the data is sent respecting the user’s choice. In other cases, browsers send the data using the application’s choice.

How Rails will react to encoding other than utf-8 being used depends on the version of Rails, the version of Ruby and a number of other factors. In some cases, the result is an HTTP 400 response code (Bad Request). In others, a 500 (Server Error). In others, a 404 (Not found). In others, even more misencoded data will make it all the way to the database.

As I said, sometimes the browser will chose to respect the user’s choice. This is generally only done if it is possible to do so. As not every character can be encoded using Western ISO Latin1, including such a character in a hidden field has been found to be an effective strategy of forcing the browser’s hand.

Enter the snowman.

In most cases, this is simply invisible metadata that solves a real problem that is otherwise hard to describe and debug.

Unfortunately, it isn’t always so invisible. Try a query on this page and observe the resulting URI. This page opted to use HTTP GET in order to make the URI meaningful. Unfortunately the URIs with the latest version of Rails now have a bit of exposed cruft.

The fact that people care about such things to complain indicates that socialization of the concept of that URIs are to be meaningful is working. The unfair perception that this is (yet another) workaround for IE has also entered into the debate.

This is a very real problem. One without clean and comprehensive solutions. The Rails team is aware of the _charset_ hidden value, but that opens up a different set of problems.

Solutions being discussed to date include renaming the form field, choosing a different character, moving the field to the end of the query, and providing a mechanism to opt out.

[ MDVSA-2010:142 ] openldap

2010-07-29T14:51:48+00:00

Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:142 Package : openldap Date : July 28, 2010 Affected: 2008.0, 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in openldap: The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22

PBBooking 1.0.4_3 Joomla Component Multiple Blind SQL Injection

2010-07-29T14:35:14+00:00

[security bulletin] HPSBUX02556 SSRT100014 rev.2 - HP-UX Running rpc.ttdbserver, Remote Execution of Arbitrary Code

2010-07-29T14:27:04+00:00

Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02288473 Version: 2 HPSBUX02556 SSRT100014 rev.2 - HP-UX Running rpc.ttdbserver, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2010-07-13 Last Updated: 2010-07-28 Potential Security Impact: Remote execution of arbitrary code Sourc

Local Deals Website

2010-07-29T13:20:45+00:00

Check out http://www.dealsnear.me a brand new site to find, post and follow local deals in your area. Visit the site, select your market, and find local offers, all for free.

Book Idea: Distributed Computing Economics... EXPLAINED

2010-07-29T11:27:28+00:00

I don't have the time or expertise to write such a book, so I'm giving this idea away in hopes that someone else writes it.

I incredibly impressed by the now classic paper "Distributed Computing Economics" by Jim Gray). (Sadly Dr. Gray passed away much too soon in an accident.)

If you haven't read it, here it is in HTML, or PDF and MS-Word. It is brilliant. It summarizes everything you need to know if you want to predict the next 30 years of "cloud computing."

So here's the book idea: Write a book that expands each paragraph into a chapter. Either write it for college students that are early in their computer science education, or for business executives that are non-technical. Either way, you have an excellent book.

Ok, who's going to write it?

Links: 7-28-2010

2010-07-29T08:28:59+00:00

Story Mapper by Carbon Five
Nice tool to use alongside Pivotal Tracker for release planning.
(categories: agile tools )
ongoing by Tim Bray · How To Sell Apps?
Some interesting notes on what makes a good app store.
(categories: appstore ecommerce platform plugins )

Some brief notes on OpenSSH's known_hosts hashing

2010-07-29T05:56:07+00:00

Some brief notes on OpenSSH's known_hosts hashing

A number of current distributions of OpenSSH default to storing host names and IP addresses in ~/.ssh/known_hosts in a hashed form, in order to make it harder for an intruder to work out where else you have an account on that you access from this system (this is the HashKnownHosts option for ssh). Since I recently wound up digging into this and the details are underdocumented, here's what I know about how this works.

The summary is that this is your traditional one-way cryptographic hash. The specific hash is a SHA1-based HMAC, but I strongly suggest not writing any code that knows that. The host name or IP address is treated like a password and hashed together with a random salt; both the salt and the HMAC result are stored in the known_hosts line. Matching the line later is done by extracting the salt, HMAC'ing your candidate hostname with it, and seeing if you got the same encrypted result.

(The salt appears to have relatively strong randomness.)

This means that checking to see if a particular host is present in a known_hosts file requires computing a separate HMAC for each line in the file. I imagine that this is not a problem in practice since most people have relatively short known_hosts files and SHA1 HMAC is relatively fast. As with unencrypted hostnames, it's possible to have multiple entries for a given host in known_hosts, each with a different key; if all of the hostnames are hashed, this may not be at all obvious.

(See sshd(8) for how multiple entries for a single host work. The short answer is that OpenSSH considers itself to have found a known host key if any of them match.)

This all means that hashed known_hosts files are system independent and will continue working fine when moved to a different host.

(As it turned out, the problem I was seeing was because my new test system had a different system known hosts file. Once I fixed that, everything worked, but I almost went off on a complete wild goose chase worrying about potential system dependent hashing of known_hosts. Having a hashed known_hosts did make it less obvious that the other host's key wasn't even in it, though.)

Create your own Linux from Scratch (Download free PDF Guide)

2010-07-29T05:38:11+00:00

Linux from Scratch describes the process of creating your own Linux system from scratch from an already installed Linux distribution, using nothing but the source code of software that you need.

(...)
Read the rest of Create your own Linux from Scratch (Download free PDF Guide) (107 words)

© admin for Ubuntu Geek, 2010. | Permalink | No comment | Add to del.icio.us
Post tags: Create your own Linux from Scratch, News

How To Extract data from .deb file in Linux

2010-07-29T04:27:30+00:00

A Debian "package", or a Debian archive file, contains the executable files, libraries, and documentation associated with a particular suite of program or set of related programs. .deb package are just the tar archives but with a proper structural format of files. You can see and extract any deb package with archive manager tool. From the dpkg-deb man page: “dpkg-deb packs, unpacks and provides

New vulnerabilities in Cetera eCommerce

2010-07-28T18:57:49+00:00

Hello Bugtraq! I want to warn you about security vulnerabilities in Cetera eCommerce. Advisory: New vulnerabilities in Cetera eCommerce URL: Affected products: Cetera eCommerce 14.0 and previous versions. Timeline: 31.10.2009 - found vulnerabilities. 31.10.2009 - informed developers about persistent XSS in their engine by placing special code (designed to draw attention) directly at their

Vulnerabilities in Cetera eCommerce

2010-07-28T18:27:45+00:00

Hello Bugtraq! I want to warn you about security vulnerabilities in Cetera eCommerce. Which I disclosed already in December 2009 (SecurityVulns ID: 10489). Advisory: Vulnerabilities in Cetera eCommerce URL: Affected products: Cetera eCommerce 14.0 and previous versions. Timeline: 01.03.2009 - found vulnerabilities. 30.10.2009 - announced at my site. 31.10.2009 - informed developers. 23.12

PhotoMap Gallery 1.6.0 Joomla Component Multiple Blind SQL Injection

2010-07-28T15:50:16+00:00

[security bulletin] HPSBMA02549 SSRT090158 rev.2 - HP Insight Control Power Management for Windows, Local Unauthorized Read Access to Data

2010-07-28T15:42:36+00:00

Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02282361 Version: 2 HPSBMA02549 SSRT090158 rev.2 - HP Insight Control Power Management for Windows, Local Unauthorized Read Access to Data NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2010-07-12 Last Updated: 2010-07-27 Potential Security Impact: Local unauthorized

Jira Enterprise 4.0.1 - Multiple Low Risk Vulnerabilities

2010-07-28T15:34:59+00:00

Jira - Multiple Low Risk Vulnerabilities Versions Affected: 4.0.1 (other versions were not checked.) Info: JIRA provides issue tracking and project tracking for software development teams to improve code quality and the speed of development. (and so forth.) External Links: Credits: MaXe (no previous vulnerability information about these bugs were found.) -:: The Advisory ::- Jira is prone

Secunia Research: Autonomy KeyView wkssr.dll Record Parsing Buffer Overflows

2010-07-28T15:27:45+00:00

Secunia Research 28/07/2010 - Autonomy KeyView wkssr.dll Record Parsing Buffer Overflows - Table of Contents Affected Vendor's Description of Description of Time About 1) Affected Software * Autonomy KeyView 10.4 and 10.9 NOTE: Other versions may also be affected. 2) Severity Rating: Highly critical Impact: System compromise Where: Remote 3)

Secunia Research: Autonomy KeyView wkssr.dll String Indexing Vulnerability

2010-07-28T15:19:52+00:00

Secunia Research 28/07/2010 - Autonomy KeyView wkssr.dll String Indexing Vulnerability - Table of Contents Affected Vendor's Description of Description of Time About 1) Affected Software * Autonomy KeyView 10.4 and 10.9 NOTE: Other versions may also be affected. 2) Severity Rating: Highly critical Impact: System compromise Where: Remote 3) V

Secunia Research: Autonomy KeyView wkssr.dll Integer Underflow Vulnerability

2010-07-28T15:12:58+00:00

Secunia Research 28/07/2010 - Autonomy KeyView wkssr.dll Integer Underflow Vulnerability - Table of Contents Affected Vendor's Description of Description of Time About 1) Affected Software * Autonomy KeyView 10.4 and 10.9 NOTE: Other versions may also be affected. 2) Severity Rating: Moderately critical Impact: Denial of Service System c

Secunia Research: Autonomy KeyView wosr.dll Data Block Parsing Buffer Overflow

2010-07-28T15:04:27+00:00

Secunia Research 28/07/2010 - Autonomy KeyView wosr.dll Data Block Parsing Buffer Overflow - Table of Contents Affected Vendor's Description of Description of Time About 1) Affected Software * Autonomy KeyView 10.4 and 10.9 NOTE: Other versions may also be affected. 2) Severity Rating: Highly critical Impact: System access Where: From r

Secunia Research: Autonomy KeyView rtfsr.dll RTF Parsing Signedness Error

2010-07-28T14:56:49+00:00

Secunia Research 28/07/2010 - Autonomy KeyView rtfsr.dll RTF Parsing Signedness Error - Table of Contents Affected Vendor's Description of Description of Time About 1) Affected Software * Autonomy KeyView 10.4 and 10.9 NOTE: Other versions may also be affected. 2) Severity Rating: Highly critical Impact: System access Where: From remote 3

Secunia Research: Autonomy KeyView wkssr.dll Floating Point Conversion Buffer Overflow

2010-07-28T14:49:33+00:00

Secunia Research 28/07/2010 - Autonomy KeyView wkssr.dll - - Floating Point Conversion Buffer Overflow - Table of Contents Affected Vendor's Description of Description of Time About 1) Affected Software * Autonomy KeyView 10.4 and 10.9 NOTE: Other versions may also be affected. 2) Severity Rating: Highly critical Im

Secunia Research: Autonomy KeyView Compound File Parsing Buffer Overflow

2010-07-28T14:42:22+00:00

Secunia Research 28/07/2010 - Autonomy KeyView Compound File Parsing Buffer Overflow - Table of Contents Affected Vendor's Description of Description of Time About 1) Affected Software * Autonomy KeyView 10.4 and 10.9 NOTE: Other versions may also be affected. 2) Severity Rating: Highly critical Impact: System compromise Where: Remote 3) V

Re: TTVideo 1.0 Joomla Component SQL Injection Vulnerability

2010-07-28T14:36:43+00:00

Thanks for spotting this. I overlooked this in my haste to release. I have fixed the issue now and the flawed version is not longer available for download.

Appointinator 1.0.1 Joomla Component Multiple Remote Vulnerabilities

2010-07-28T14:29:05+00:00

Lists of length 1, 2, 3 and 4 have special meaning

2010-07-28T14:27:03+00:00

We are sysadmins. We love numbers. They mean a lot to us. They are specific and clean.

We also like a lot of details. When someone asks what operating system we use, we rattle off all fifty we can think of. That includes the embedded OS we know is buried deep in our toaster. Why? Because when we discovered it has a serial port, we plugged in and watched the bootup messages. That's why.

However, when writing and speaking the number of things we list means something to the reader/listener more than the number. Controlling the number of items in the list is more important than being complete.

Lists of length 1, 2 3 and "4 or more" have particular meaning.

A list with one element means "Hey! Look at this! Remember it!". If you ask me what operating system I use at work, the complete answer is a list a mile long. If I want you to remember that I am a Linux sysadmin, you won't remember that if I list "Linux, Mac OS X, Windows, IOS, JunOS, Android and ChromiumOS". The word Linux gets lost in the noise, even if it is the first item of the list. If I simply say, "I administer Linux machines" then that is what people will remember. If you want someone to remember what you said reduce the list down to one item.

A list with two elements implies comparison. "I am knowledgeable about Windows and Linux." invites comparison. It implies that these are different things and emphasizes that I have two very different skill sets: the ability to run Windows, and the ability to run Linux. A reader unfamiliar with computers will understand that these are two different things and might ask questions that relate to how they compare. It is actually jarring to list two items that you don't want the user to compare in their minds. In fact, the more similar they are, the more someone will think about the differences. "I run Ubuntu 9.1 and 9.2" makes people wonder what is so different about them that I list them both. Think about how these phrases invite comparison: "At home and at work", "night and day", "HTML5 and Flash", "Ubunto 9.x and 10.x", "apples and oranges". If your point isn't to emphasize differences (good or bad) make sure your list doesn't contain two items. If you want to emphasize differences, make sure your list has exactly two items.

A list with three elements implies (a) that you expect the reader/listener to hold all three in their head while I discuss them, (b) that you will discuss them in that order, (c) that the order matters. A three-item list is short enough that the reader can hold them all in their brain for the duration of the discussion. You haven't made the statement so complex as to have overloaded them. When you "drill down" on the items in the list, cover each item in the same order as the original list. This parallel format helps the reader/listener understand the flow. Lastly, order the items with great care. Often we put the most important item first but I find that people most remember the last item the most, so put it last. If I want you to "reboot the machine, make sure it comes back up, and come to my desk when you are done" I am emphasizing the need for you to come back to me. When writing an article or giving a presentation the last item often gets the most discussion. If you have one complicated and two short topics, end with the complicated item. This lets you cover the first two briefly and then focus on the third item for the remainder of your time.

A list with four or more elements implies that the point isn't the contents of the list, but that the list is very long. I might tell you that I use a lot of operating systems: MacOS, Ubuntu, Redhat, Windows, Android, JunOS and IOS. The point I am making is that the list is very long. The contents of the list is not so important. The reader/listener walks away remembering "Tom knows a lot of operating systems". If this is not what you intend, reduce the list to be shorter than 4 items. You may have to summarize ("Tom knows Linux, Windows, and some lesser-known operating systems.") If you don't want someone to focus on the details of the list, make sure there are 4 or more items on it.

We are sysadmins. Numbers are important to us. However, it is important to remember that the number of items in a list tells people a lot more than just what is on the list:

Remember me.
Comparison
Things to keep in your head
The quantity is more important that the details.

[SECURITY] [DSA 2075-1] New xulrunner packages fix several vulnerabilities

2010-07-28T14:03:07+00:00

Hash: SHA1 - Debian Security Advisory DSA-2075-1 security@debian.org Moritz Muehlenhoff July 27, 2010 - Package : xulrunner Vulnerability : several Problem type : remote Debian-specific: no CVE Id(s) : CVE-2010-0182 CVE-2010-0654 CVE-2010-1205 CVE-2010-1208 CVE-2010-1211 CVE-2010-1214 CVE-2010-2751 CVE-2010-2753 C

Alex Trebek, teachers and Googlers unite at the Google Geo Teachers Institute

2010-07-28T14:45:00+00:00

(Cross-posted from the Lat Long Blog)

What do Alex Trebek, teachers and Googlers have in common? Last week, these individuals and groups all came together at the Googleplex in Mountain View, CA to celebrate exploration and learning.

Google hosted its first Geo Teachers Institute, an intensive two-day workshop in which 150 educators received hands-on training and experience with Google Maps, Google SketchUp and Google Earth, including features like Mars, Moon and SkyMaps. Attendees from around the globe not only learned how these products work, but also discovered tips and resources for introducing these tools to students and using them to conceptualize, visualize, share and communicate about the world around them. Through this event, teachers were hopefully inspired to bring the world's geographic information to students in compelling, fresh and fun ways.

John Hanke, VP of Product Management, addressing the audience of educators

As part of our continued effort to collaborate with teachers and help students get a better sense of places across the globe, we also announced that Google Earth Pro is now available to educators for free through the Google Earth for Educators site. Educators from higher educational and academic institutions who demonstrate a need for the Pro features in their classrooms can now apply for single licenses for themselves or site licenses for their computer labs. A similar program exists for SketchUp Pro through the Google SketchUp Pro Statewide License Grant, which is currently being provided via grants to 11 states, and available to all others at the K-12 level at no cost.

In conjunction with these exciting Geo-related events and announcements, the Geo Education team also thought it’d be timely and fun to test Googlers’ geographic knowledge by hosting the company’s first ever Google Geo Bee. With help from National Geographic, 68 teams relived their school years and took a written geography exam, competing for a spot on stage with Alex Trebek, who hosted the main event. The competition was based on the group version of the National Geographic Bee for students, which Google has sponsored for the past two years. Questions included those like “Which country contains most of the Balkan Mountains, which mark the boundary between the historical regions of Thrace and Moesia?” and “Ben Nevis, the highest peak in the United Kingdom, is located in which mountain chain?”

The winners of our Google Geo Bee: Ian Sharp, Marcus Thorpe and Rob Harford

The final three Google teams (the Tea-Drinking Imperialists, the Geoids and the Titans) all showed off their geographic literacy and answered a plethora of diverse and complex questions. In the end, it was the Tea-Drinkers who emerged the winners when they figured out that Mecca was the answer to the clue, “Due to this city’s location on a desert trading route, many residents were merchants, the most famous of whom was born around A.D. 570.” And they didn’t just walk away with bragging rights; thanks to Sven Linblad from Linblad Expeditions, they also won an amazing adventure trip to either the Arctic, the Galapagos or Antarctica.

Through all of these education efforts — for teachers, students and grown-up Googlers alike — we hope people of all ages never stop exploring.

Posted by Tina Ornduff, Geo Education Team

Certification? Not yet.

2010-07-28T13:27:51+00:00

At PICC I may have sounded like I thought there was an urgent need to create a sysadmin certification program. While I did talk about what I thought it would/could/should look like, I don't think this is a good time to create such a thing. A long-winded version of this paragraph is below.

An open letter:

I wish to clarify a statement I made at the PICC conference and point those of us that think about the future of system administration in a particular direction.

It has become apparent to me that a certification program cannot exist until the educational standards that it measures are generally accepted. That is, a certification should measure conformance to an pre-existing educational standard.

At the PICC conference, part of my keynote made the case for another attempt at creating a certification for system administrators. In the last few months I've thought a lot about the issue of certification. I've also had the chance to talk with with people that are familiar with how the AMA created its certifications for doctors. While I was not advocating for the immediate creation of a certification program, I may have given that impression. Let me be clear that I do not think that the industry has reached sufficient maturity to warrant a certification program as I described. The AMA's now pervasive certification program came after they worked with universities to develop curricula and other educational programs.

It would be prudent to focus on creating educational standards for the profession of system administration. We, the wider professional system administration community, need to work with academic institutions to create curriculum standards for system administration programs. While there have been attempts in the past, I do not feel this has gotten traction because the profession is not taken seriously in academia. This is changing. A number of factors are leading academia to take notice of the importance of operational excellence in IT. I would be glad to discuss strategy and opportunities with interested parties.

Every movement needs to be, at its heart, an attempt to save the world. It is trite to say that society is more and more dependent on computers. Yet our dependence is staggering even to me. From the logistics of getting food from farms to tables, to providing services related to healthcare, governance, media, security and defense; all of these things are reliant on IT such that they can no longer exists without it. And yet I feel that the digitization of society is still in its earliest of stages.

What could be more a more important way to save the world than making sure that society's underlying IT infrastructures are professionally designed, maintained, secured, and operated? We can not leave these things to amateurs and hobbyists, nor bureaucrats and lobbyists.

Sincerely, Thomas Limoncelli

[SECURITY] [DSA 2076-1] New gnupg2 packages fix potential code execution

2010-07-28T13:17:12+00:00

Hash: SHA1 - Debian Security Advisory DSA-2076-1 security@debian.org Florian Weimer July 27, 2010 - Package : gnupg2 Vulnerability : use-after-free Problem type : local (remote) Debian-specific: no CVE Id(s) : CVE-2010-2547 Debian Bug : 590122 It was discovered that GnuPG 2 uses a freed pointer when verif

What to search when you’re expecting

2010-07-28T13:54:32+00:00

This is part of our summer series of new Search Stories. Look for the label Search Stories and subscribe to the series. -Ed.

Having been a new dad for six months now, I’ve quickly come to learn two valuable parenting lessons. First, being a father is truly a full-time job—and second, sleep is completely overrated. Whether buying the latest bottles, binkies, blankets and bibs, or just blogging about the whole magical journey, becoming a father has been the most invigorating and moving experience of my lifetime.

This week, I’m excited to help introduce our latest search story, New Baby. The video really captures the joys (and costs!) of becoming a new parent. I’d like to share my heart-felt compassion with new dads everywhere (and of course, my wife and the other mothers out there who are the true heroes.) We will all rest when they head off to college—in the meantime, enjoy!

Posted by Murali Viswanathan, Product Manager

Download your free Oracle Magazine

2010-07-28T10:42:34+00:00

Contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more.

Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world’s largest enterprise software company.
(...)
Read the rest of Download your free Oracle Magazine (36 words)

Smuxi -User-friendly and cross-platform IRC client for sophisticated users for GNOME/GTK+

2010-07-28T10:28:03+00:00

Smuxi is an irssi-inspired, flexible, user-friendly and cross-platform IRC client for sophisticated users, targeting the GNOME desktop.

Smuxi is based on the client-server model: The core application (engine) can be placed onto a server which is connected to the Internet around-the-clock; one or more frontends then connect to the core. This way, the connection to IRC can be kept up even when all frontends have been closed. The combination of screen and irssi served as example for this architecture.
(...)
Read the rest of Smuxi -User-friendly and cross-platform IRC client for sophisticated users for GNOME/GTK+ (168 words)

© admin for Ubuntu Geek, 2010. | Permalink | One comment | Add to del.icio.us
Post tags: desktop, install Smuxi ubuntu, install Smuxi ubuntu 10.04, install smuxi ubuntu lucid, Smuxi ubuntu

FreeBSD Foundation Newsletter

2010-07-28T10:21:49+00:00

The FreeBSD Foundation's semi-annual Newsletter is now available. There's a lot of information in this edition, including:

LSI’s MegaCLI & MegaRAID Storage Manager for Linux

2010-07-28T09:56:10+00:00

This is just a note for my personal reference. 1) MegaCLi for Linux [root@sgbwaprec01 ~]# rpm -qi MegaCli-8.00.23-1 Name : MegaCli Relocations: (not relocatable) Version : 8.00.23 Vendor: LSI Logic Corporation Release : 1 Build Date: Wed 19 May 2010 10:46:16 PM MYT Install Date: Tue 27 Jul 2010 11:27:22 AM MYT Build Host: localhost.localdomain [...]

Links: 7-27-2010

2010-07-28T08:28:48+00:00

Quora - What are the scaling issues to keep in mind while developing a social network feed?
Title says it all.
(categories: socialsoftware scalability performance socialnetworks )

If the sysadmin of the year is for good work…

2010-07-28T08:26:33+00:00

…do we have an appropriate award for doing bad work?

I’m only asking, because today on reddit, I came across an amazing post.

There is a subreddit called IAMA, where you can submit a thread allowing people to ask you questions because you are, in some way, unusual or interesting. The thread I found was called “IAMA Wildly Incompetent Network Security Admin and have no business in my job“.

The job? He’s network security for a Vegas casino.

When you actually click on the thread, it gets way, way worse. There’s a summary at the top, so I’m stealing some and pasting here. This is all copyright of reddit user throwawayscared, I don’t want it.

Since alot of people are asking this question: The reason I dont spend time learning the job is partly due to laziness. I mean it’s awesome spending all day playing battlefieldheroes or transformice.

I refuse to wear my ID badge so people dont stop and ask me questions. I’ve been reprimanded and even warranted the CEO sending out a memo that stated ‘EVERYONE HAS TO WEAR THEIR BADGE’ and I still dont do it. I just changed my schedule to leave earlier than any execs and get in after they do so they never see me without it.
also working at a casino means you get free lunches too. we’re only supposed to eat once, but i go several times throughout the day. I once changed the settings on the turnstyle applicatoin to allow me unlimited cafeteria entries. Everyone else was set at 1. The benefits of admin passwords

To further prove how much I should be fired, I’d like to share a quick story with you. I have stolen every bit of computer shit I can get my hands on. When the security team started cracking down on thieving employees and searching us on the way out, I just started mailing the shit to my house through the mailroom. Then I just started listing shit on ebay and sending it to the buyers right through the same mailroom. I also convinced the mailroom dude that I should’t pay for postage. I’m not proud, but I’m certainly not ashamed.

wow. It’s like a trainwreck.

Please, don’t be this guy.

Legal rubber hose usage increases

2010-07-28T05:57:49+00:00

According to The Register, the UK police have increased the exercise of the power that allows them to compel the revealing of crypto keys. That fancy duress key you put on your truecrypt volume is only good for earning you jail time. I've mentioned this before, but crypto is vulnerable at the end-points. If the Government can point a loaded law at you to force you to reveal your keys, the strength of your convictions, not your crypto, is what is being tested. Perhaps that 2-5 year prison term is worth it. Or maybe not.

I take heart that a majority of those served with the demand notice have refused. But we still don't quite know what'll happen to them.

This is harder to pull off in the US thanks to the 5th amendment, but there is nothing stopping this kind of thing off our shores. Or heck, at our borders.

My Fedora 8 problem: upgrading

2010-07-28T04:42:03+00:00

My Fedora 8 problem: upgrading

My Fedora 8 problem is that I still have a machine running Fedora 8, which means that I need to upgrade it. Worse, this is not some disused machine sitting in the corner but my home workstation; it doesn't have much bandwidth, and I kind of want it to be up and usable as much as possible when I'm home. So I've been gloomily contemplating my upgrade options for some time.

The officially supported or semi-supported way to do this is to do the upgrade from a Fedora 13 install DVD. This will likely take many hours during which my system is unusable and, assuming it works, will then require me to download a gigabyte or two of updates and third partly packages over a relatively slow DSL link before the system is really usable again.

(I am assuming here that the Fedora 13 installer will upgrade a Fedora 8 system; it's possible that it won't touch machines that are that old.)

Now, this machine uses my full workstation partitioning scheme, with duplicate partitions for /, /usr, and /var. In theory the best way to upgrade is to make a copy of the system in these partitions, chroot into it, and do a yum upgrade. There are two problems with this, though. First, I don't know if a yum upgrade works in a chroot'd environment or if it tries to kill and restart various daemons at inopportune times and so on; I would not be surprised if this was neither tested nor recommended. Second, you can't upgrade directly from Fedora 8 to Fedora 13 this way; you have to upgrade to Fedora 10 and then again to Fedora 11 as intermediate steps. This is a lot of downloads over my slow DSL link, even if I figure out how to make yum get as many packages as possible from a local DVD or directory.

(The bandwidth of a DVD or two transported from work vastly exceeds my DSL link.)

I'm pretty sure that I can't put together a version of PreUpgrade that will go from Fedora 8 to Fedora 13 in one operation; certainly, the Fedora 8 version only offers up to Fedora 10 as an option. Using PreUpgrade might cut one step off the yum upgrade process (but might not) and would let me download all of the necessary packages and updates in advance, but it would also have my machine down for many hours again. Twice (at least).

The crazy option is to not upgrade to Fedora 13 but to use those spare partitions to install Fedora 13 from scratch. This would probably require the machine to be down (I expect that Anaconda's live DVD installs still take over the entire machine), but Fedora generally installs much faster than it upgrades. And I would get to start over without four years of accumulated random bits and pieces. The downside of this is that I would really, really want to have good backups of all of my data.

(One of the things I'm taking away from this exercise and a similar although less drastic exercise at work is that next time around, I really want all of my user data on different physical disks than the system disk(s). This would let me completely disconnect them during upgrades and reinstalls so that I don't have to count on the install or upgrade process leaving my user filesystems alone and untouched.)

Finally, at this point it's getting increasingly tempting to 'upgrade' the machine by buying a new one and installing Fedora 13 (and all of my local changes) onto the machine from scratch and copying my data over. But getting a new machine still feels kind of wasteful at this point; while my home machine will be four years old this fall, it's still perfectly good for most of what I do (although I would like more RAM and CPU power for processing digital photos, especially since I have one of the cores turned off due to reliability problems).

(5 comments.)

How to Compress / Uncompress files using bzip2 in Linux?

2010-07-28T04:27:26+00:00

bzip2 compresses files using the Burrows-Wheeler block sorting text compression algorithm, and Huffman coding. Compression is generally considerably better than that achieved by more conventional LZ77/LZ78-based compressors, and approaches the performance of the PPM family of statistical compressors. bzip2 and bunzip2 are file compression and decompression utilities. The bzip2 and bunzip2

Time Issues in Libpcap Traces

2010-07-28T01:50:10+00:00

Time is an important aspect of Network Security Monitoring. If you don't pay close attention to the time shown in your evidence, and recognize what it means, it's possible you could misinterpret the values you see.

My students and I encountered this issue in TCP/IP Weapons School at Black Hat this week. Let's look at the first ICMP packet in one of our labs.

I'm going to show the output using the Hd tool and then identify and decode the field that depicts time.

In the following output, 2d 0c 65 49 occupies the part of the packet where Libpcap has added a timestamp.

Hd output:


$ hd icmp.sample.pcap 
00000000  d4 c3 b2 a1 02 00 04 00  00 00 00 00 00 00 00 00  |................|
00000010  ea 05 00 00 01 00 00 00  2d 0c 65 49 5f bf 0c 00  |........-.eI_...|
00000020  4a 00 00 00 4a 00 00 00  00 0c 29 82 11 33 00 50  |J...J.....)..3.P|
00000030  56 c0 00 01 08 00 45 00  00 3c 02 77 00 00 80 01  |V.....E...w....|
00000040  ea f1 c0 a8 e6 01 c0 a8  e6 05 08 00 43 5c 07 00  |............C\..|
00000050  03 00 61 62 63 64 65 66  67 68 69 6a 6b 6c 6d 6e  |..abcdefghijklmn|
00000060  6f 70 71 72 73 74 75 76  77 61 62 63 64 65 66 67  |opqrstuvwabcdefg|
00000070  68 69                                             |hi|
00000072

Tpo convert 2d 0c 65 49 to a time, we have to swap the bytes, so becomes 0x49650c2d, or 1231359021 in decimal. 1231359021 is a Unix timestamp that we can convert with the -r option found in the FreeBSD version of the date command.

First let me show the date on this system so you can see the timezone of the FreeBSD system, and then I'll convert the seconds into a human readable time.


$ date
Wed Jul 28 00:11:23 EDT 2010

$ date -r 1231359021
Wed Jan  7 15:10:21 EST 2009

So, this ICMP packet has a timestamp of Wed Jan 7 15:10:21 EST 2009. Note that the date command produces a time in EST and not EDT. 15:10:21 EST becomes 16:10:21 EDT. I would have preferred seeing the date output show EDT since that is the time zone on the system in question, but I can understand the output. That seems simple enough, right?

Let's see what Tcpdump says about this packet. First I run the date command to remind us where we are running Tcpdump.

FreeBSD Tcpdump:


$ date
Wed Jul 28 00:11:23 EDT 2010

$ tcpdump -h
tcpdump version 3.9.8
libpcap version 0.9.8

$ tcpdump -n -tttt -r icmp.sample.pcap 
2009-01-07 16:10:21.835423 IP 192.168.230.1 > 192.168.230.5:
 ICMP echo request, id 1792, seq 768, length 40

As we expected, this packet has a timestamp of 16:10:21 (ignore the fractions of a second), and since the time zone is EDT it matches what we expect.

Let's see what a tool like Tshark says.

FreeBSD Tshark:


$ tshark -v
TShark 1.0.7
...edited...
Compiled with GLib 1.2.10, with libpcap 0.9.8, with libz 1.2.3, without POSIX
capabilities, without libpcre, without SMI, without ADNS, without Lua, without
GnuTLS, without Gcrypt, with Heimdal Kerberos.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.

Running on FreeBSD 7.2-RELEASE-p7, with libpcap version 0.9.8.

Built using gcc 4.2.1 20070719  [FreeBSD].

$ tshark -n -t ad -r icmp.sample.pcap 
  1 2009-01-07 15:10:21.835423 192.168.230.1 -> 192.168.230.5
 ICMP Echo (ping) request

What? Why does it show 15:10:21? That's the result for EST, not EDT, which is the time zone of the FreeBSD system.

Let's see if a Linux system in EDT behaves the same way.


$ date
Wed Jul 28 00:44:54 EDT 2010

$ tcpdump -V
tcpdump version 4.0.0
libpcap version 1.0.0

$ tcpdump -n -tttt -r icmp.sample.pcap 
2009-01-07 16:10:21.835423 IP 192.168.230.1 > 192.168.230.5:
 ICMP echo request, id 1792, seq 768, length 40

$ tshark -v
TShark 1.2.7
...edited...
Compiled with GLib 2.24.0, with libpcap 1.0.0, with libz 1.2.3.3, with POSIX
capabilities (Linux), with libpcre 7.8, with SMI 0.4.8, with c-ares 1.7.0, with
Lua 5.1, with GnuTLS 2.8.5, with Gcrypt 1.4.4, with MIT Kerberos, with GeoIP.

Running on Linux 2.6.32-23-generic, with libpcap version 1.0.0, GnuTLS 2.8.5,
Gcrypt 1.4.4.

Built using gcc 4.4.3.

$ tshark -n -t ad -r icmp.sample.pcap 
  1 2009-01-07 15:10:21.835423 192.168.230.1  192.168.230.5
  ICMP Echo (ping) request

Again, we see Tcpdump correctly honor the local time zone (EDT) and display the timestamp as 16:10:21, whereas Tshark shows the timestamp as EST or 15:10:21.

I am really disappointed by this Tshark behavior. Incidentally, you get the same results from any tool in the Wireshark suite, such as Wireshark itself, capinfos, etc.

Does anyone know why Tshark and the like don't really honor the local time zone, and instead use Standard Time instead of recognizing Daylight Savings Time?

Hack for quickly trimming invalid ssh keys

2010-07-27T20:28:00+00:00

If you reimage a machine or change dns, you may get any of these messages when sshing in:

Offending key for IP in /home/jsissel/.ssh/known_hosts:239
Matching host key in /home/jsissel/.ssh/known_hosts:252
Offending key in /home/jsissel/.ssh/known_hosts:237

Seem familiar? Here's a very quick way to trim those.

#!/bin/sh

eval "value=$$#"

if [ "$#" -lt 1 ] ; then
  echo "Invalid arguments."
  exit 1
fi

if ! echo "$value" | egrep -q '.*:[0-9]+$' ; then
  echo "Invalid file:lineno format: $value"
  exit 1
fi

echo "$value" | awk -F: '{print "sed -i -e "$2"d",$1}' | sh -x

Put this in ~/bin/clearssh.sh
chmod 755 ~/bin/clearssh.sh
ln -s ~/bin/clearssh.sh ~/bin/Matching
ln -s ~/bin/clearssh.sh ~/bin/Offending

Now the next time you see these messages and want to clear the offending key, just paste the log message, as a command, into your terminal:

jls(~) % Offending key for IP in /home/jsissel/.ssh/known_hosts:239
+ sed -i -e 239d /home/jsissel/.ssh/known_hosts

Makes for a quick fix if you hit these messages in your normal day.

I prefer this to using 'ssh-keygen -R' as the error message has exactly the information you need to clear the bad key.

Planet Sysadmin

The other peculiar effects of grant funding at universities

The other peculiar effects of grant funding at universities

UNIX Text Processing

Google App Inventor

Linux on IBM x3650 M2: Online Hardware RAID Re-Configuration Using MegaRAID Storage Manager

SMF/FMA Update

It's the indirect failure modes that will get you

It's the indirect failure modes that will get you

Sidebar: my ndots mistake

BAR - Backup application

Related Articles

How important is system administration?

IMG_0045 [Flickr]

IMG_0044 [Flickr]

IMG_0038 [Flickr]

IMG_0031 [Flickr]

IMG_0023 [Flickr]

Sci Foo 2010

XSS vulnerability in Campsite

XSS vulnerability in Campsite

XKCD, let's see how we did...

ESA-2010-012: EMC Disk Library (EDL) Denial Of Service Vulnerability

Happy SysAdmins Day

Top 10 Reasons Why I Avoided Twitter for so Long

Being the WTF person

Google Apps highlights – 7/30/2010

iPhone 4 launch in Canada

Thank you.

Day of bugs in WordPress 2

Akamai Download Manager arbitrary file download & execution

Insomnia : ISVA-100730.1 - CMS Multiple SQL injection Vulnerabilities

Tribalism is the enemy within

Do not be drawn into a tribal argument on Ubuntu’s behalf

10 awesome sysadmins and devops

A little modern Unix twitch

A little modern Unix twitch

Sidebar: How this optimization can happen naturally

High Speed Network Authentication Cracking Tool - Ncrack

Event: System Administrator Appreciation Day 2010 in New York

[SECURITY] [DSA 2077-1] New openldap packages fix potential code execution

NYC-area Sysadmins: free beer!

Dell and HP Continue Supporting Solaris

[HITB-Ann] Reminder: HITB2010 Malaysia Call for Papers Closing August 9th

Cool things I saw at SIGGRAPH 2010 exhibition hall

Etsy Now Sponsoring SysAdmin Appreciation Day Event in NYC!

How to View bash shell history and Change bash history file size in Ubuntu

Related Articles

CFP NcN 2010

Rails and Snowmen

[ MDVSA-2010:142 ] openldap

PBBooking 1.0.4_3 Joomla Component Multiple Blind SQL Injection

[security bulletin] HPSBUX02556 SSRT100014 rev.2 - HP-UX Running rpc.ttdbserver, Remote Execution of Arbitrary Code

Local Deals Website

Book Idea: Distributed Computing Economics... EXPLAINED

Links: 7-28-2010

Some brief notes on OpenSSH's known_hosts hashing

Some brief notes on OpenSSH's known_hosts hashing

Create your own Linux from Scratch (Download free PDF Guide)

Related Articles

How To Extract data from .deb file in Linux

New vulnerabilities in Cetera eCommerce

Vulnerabilities in Cetera eCommerce

PhotoMap Gallery 1.6.0 Joomla Component Multiple Blind SQL Injection

[security bulletin] HPSBMA02549 SSRT090158 rev.2 - HP Insight Control Power Management for Windows, Local Unauthorized Read Access to Data

Jira Enterprise 4.0.1 - Multiple Low Risk Vulnerabilities

Secunia Research: Autonomy KeyView wkssr.dll Record Parsing Buffer Overflows

Secunia Research: Autonomy KeyView wkssr.dll String Indexing Vulnerability

Secunia Research: Autonomy KeyView wkssr.dll Integer Underflow Vulnerability

Secunia Research: Autonomy KeyView wosr.dll Data Block Parsing Buffer Overflow

Secunia Research: Autonomy KeyView rtfsr.dll RTF Parsing Signedness Error

Secunia Research: Autonomy KeyView wkssr.dll Floating Point Conversion Buffer Overflow

Secunia Research: Autonomy KeyView Compound File Parsing Buffer Overflow

Re: TTVideo 1.0 Joomla Component SQL Injection Vulnerability

Appointinator 1.0.1 Joomla Component Multiple Remote Vulnerabilities

Lists of length 1, 2, 3 and 4 have special meaning

[SECURITY] [DSA 2075-1] New xulrunner packages fix several vulnerabilities

Alex Trebek, teachers and Googlers unite at the Google Geo Teachers Institute

Certification? Not yet.

[SECURITY] [DSA 2076-1] New gnupg2 packages fix potential code execution

Sidebar: my `ndots` mistake