252 posts • joined 18 May 2007
Gnome is terrible of late.
But who the hell installs desktop code on server hardware?
systemd *shudder* but I haven't tangled with rhel7 yet. 6 still suffices for now. I don't relish digging into startup issues on hosts where we spawn 15 or 20 apache instances because the app teams are lazy, and have to coordinate that and the application instances.
On my work laptop, KDE, not gnome and fedora20. And I get to work on my systemd paranoia.
Gentoo is still my personal preference.
I rather like the bits of CloudForms I've seen in the presentations. It rather looks to me like they could do very very good things with the ideas there.
(grumpy old guy, cause thats just me these days)
I have a feeling that it's a combination of hipsters, skinny jeans and oversized phones....
If the iPhone 6plus rids the world of
skinny jeanshipsters it will have done us all a huge favour !
Only reason I haven't hunted one down yet is that I tend to use my phone left handed, and it strikes me that I'd want the curve on the left side not right... but then, I'm weird that way.
(grumpy old fart 'cause I'm hunting down a problem on a winders DB server. *shudder*)
Norwich has an apple store?
Last I looked it was a table on the side of the road.
but thats my Norwich. And those apples DONT bend. They mush. And make good cider too.
Icahn dissasemble #5
(although I'm sure its more than 5 he's hit I'm sure there are some that will get it)
Lets see what happens to the rest of the property in the package. I do not hold my breath.
Re: More patches....
Say it with me now folks:
1500 to 1600 active systems, no sanity in trying to do each one manually. Test against the app layer in a controlled environment, validate results and push it out with automation. Including the validation.
Hmmm. Parallel for a bank would be:
While you are on your way to work try to find a homeless person who would like a mortgage they can't afford.
>>> end of cycle >>>
"we need a bailout!!"
(okay yeah, I'm carrying on a bit aren't I?)
Re: Straight outta Nuland
Governments - looking out for themselves since the Assyrian empire.
Bash patches and the flack.
I've been following the discussions that this group of folks are having, on the mailing list. Quite closely.
In our case (approximately 1600 linux hosts, all RHEL, covering 4->6 in numerous set ups, we've had 0 issues with the patches, we waited until the second fix came out before we pushed, and cfengine did the job it was built for so there was no overtime involved. The patch does not require a reboot, but in most cases we did an apache (or other) graceful restart, just to play it safe.
Long and short - the issue was discovered, and about 4 days later a set of suggested fixes were discussed, and the first set of fixes was put in place, those were tested and one tester found an additional unique path that had a similar flaw. That opened up a new set of discussions because it was a substantially different path through the code. The debate on how to handle that took much longer since it required much more stringent logic to avoid breaking things in current use. If you went and read the list to see what they were discussing, you'd find that the secondary fix is in no way easy, and despite us already having a fix, will result in much larger code changes in the future.
What scares the crap out of me on this front is all those landfill wifi routers out there that use cgi - many of them DONT use bash, but I'll bet that there will be a crapton that do and have lousy coding practices, and will NOT be updated anytime soon. Worm time anyone? *that* will be a pain in the tuchus when it comes down.
These guys are bright, solid coders, applying solid common sense and strong skills to fix the problem, without breaking things that work the way they should. Not an easy job folks.
We can predict where the terrorists will sit on the plane.
And just shoot those seats.
what could go wrong?
VC's are part of the disease. Wallstreet is the pandemic
I'll just re-iterate my previous comment from here:
Re: Smartphone vulnerability?
I was being fairly specific -- I've rooted my phone and put Cyanogen on it - I checked the other 4 phones in the house last night.
a) default shell in all cases is /bin/sh - not bash.
b) bash is present on my Cyanogen unit *and* on the moto (on the moto, it *might* have been installed by an app the young fella installed)
*and* Cyanogen pushed an update last night that has the *first* patch to bash.
Rooted iphone has something *called* bash on it but it does not appear to be a binary.
Re: Smartphone vulnerability?
/wanders off to go fiddle some more --
(for the record, most versions of weblogic have some sort of sanity checking for data strings, but if you happen to *know* the checking done....... it can get ugly fast.)
Damn. I can point out that bash on Cyanogen 11.(2) is vulnerable as far as the default test goes.
Re: What about Windows
if you have bash installed in there anywhere, you'll want to patch it.
And yes, I have windows servers with bash that have to be patched. Its not available yet but it will be out soon.
Re: shell shocked admins?
-- Process p = Runtime.getRuntime().exec("bash -c '" + injectCommandLikeABeachedWhale() + '"); --
Thanks for that -- playing with it now.
Re: shell shocked admins?
I understand that at this point it's too late?
I suppose that depends on what you do to strip it - check your sshd_config for AcceptEnv objects.
I accept that not everyone is running sshd updated for that - but in our case we are.
shell shocked admins?
I think I've got my head wrapped around the worst of this one:
a) in the case of ssh calling bash, this is not an issue until after authentication has completed, ie, you cannot (at the moment at least from what I've read and tested) *spawn* a shell without completing the authentication process. -> no open sewer there that would have opened a pit to hell.
With ssh the issue is the "ForcedCommand" functionality - authentication completes, and with some creativity a user COULD pass in a function definition that would spawn them a shell.
I've about 40 of these accounts out there and I don't know about anyone else, but I wipe the environment at the top of the script intentionally ... and then parse the hell out of the command coming in to make sure it qualifies.
b) HOWEVER - in cases where services are exposed to the network, where those services *can* accept input from outside, and where those services then *can* call or invoke a shell with that input (unchecked) -
You haz a great big cheezburger.
So - at least in my *managed* apache environments we don't allow cgi, and php is heavily limited, we don't have any *screaming* issues -- I've found a couple of things that made me go *ick* but nothing terrifying.
I don't do the DHCP, but its on BSD and should not have an issue
things like weblogic and jboss at this point make things in my gut go ickky. I seem to recall an input in Java 1.5.(something) that could be used to fork a shell out of a jvm.....
We have a few "packaged" apache solutions. *sigh* no comment. 3rd party vendors getting calls to investigate those.
Last check of the patched RH systems indicates that the issue is not 100% resolved yet - and my fedora systems arent fixed yet either. Its gonna be a hella long weekend for some admins.
Simple really, statistics
I'd hate to have people look at me and say, 'Well how come you can't save this kid,' 'How come you can't do this thing
Please provide statistics that indicate that the FBI has saved hundreds of kids based on evidence found on other persons phones.
Ahhhhhhhhhhhhh. I see. Never happened. Okay.
*ding dong* <st>avon</st> spacex calling
@JDX -- might be interesting to see how quickly they adapt to (near 0) G. Fruitflies aren't too bright to start with. (contemplates neon painted fuitflies in (near 0) G under a blacklight) ......
@Irongut. considering the capabilities it has, it wouldn't denigrate it by labelling it a baseball mitt. But I'll grant the license in context.
Always nice to see another successful launch and delivery. I really would like to see the first "controlled" landing in the first person, hell I wouldn't mind being on one of the early passenger ready modules either, but I seriously doubt they'd need me to do an "on site" visit.
Re: Once some players drop out then....
doesn't butter any parsnips - or direct capital.
Wall street might disgree with you on that one - although profit is the principle driver, when profits in general are low, the target with the largest market segment gets the pip, usually since it has the greatest chance of ticking the profit box.
fibre cable undersea splicing jobs.
I thought we had sharks with frikkin lazers man! I mean, teeth. Lazers. Job done no?
Oh look. There's a free port on that there Sonet tree. 'click'. pokes at keyboard.
What? yup, we're all good here.
Re: What a total rip-off!
CST 100 does come down on land, using airbags to cushion the landing.
What a wonderful way for the americans to recycle used polititcians!
Re: USA Freedom Act?
And you thought there was some OTHER reason GOOGLE are wanting this in place???????
Anything that's likely to make your (meta) data safer on line is likely to take away something google is making money from selling to someone else.
I *like* this idea
COBOL on linux. Even if its targetted at SUSE and I run RH.
Rock solid port platform for legacy cruft. Heck, I can even move some stuff off HPUX to linux when they get this wrapped up nicely.
And perhaps we'll get something better than TN3270 for linux.
EFCC simply said it is a "new generation bank."
As in "formed out of money farmed from email suckers"
Apparently this lot missed the "security requirements" documents, at a guess they got lost i the "spam folder". Irony at its finest.
printer lp0 on fire
can now be updated:
"printer lp0, We're ALL DOOMED I tell ya...."
You can tune SAS/IDE/SSA disks at the host level. No SAN needed.
I'm fiddling out network solutions for the hadoop here. Hardware is relatively cheap now, storage is dirt cheap now, but dear lord the networking to get it all glued together well is horrendously expensive. And god help you if you don't grok your storage performance tuning.
All that even before you bring in the analytics, and in that case you need folks that understand WHERE the data is relevant, not just what it might be good for. At this point I get the feeling that those of us actually doing the work have aquired the appearance of wizards, and we're expected to pull all sorts of strange things out of ..... well a hat would be polite.
(grumpy old wizard, no windows here)
(we NEED a pointy hat icon)
Re: The list
Handy link there SNC
I'm not on the list, but the account I set up for the 8 year old is on the list. I'll have to go find the actual list and see if it has the (one) password I stuffed on it 3 months before he was born.
I find it hard to believe they "cracked" that one, its not something rational. Nor am I most days.
windows products now running in vm snapshots.
If there are updates needed they get applied, and tested for 48 hours. If there are no issues, update the snapshots, otherwise roll back.
keep 3 copies in backup.
Burnt twice too often thanks.
I didn't think I was working on the production system.
News headlines by a greek ox?
Well -- we're finally getting somewhere on whats going on in the world.
the Spiggers are getting ginormous. This is what's causing the Jihadis to go on terror sprees, which is causing global warming.
Or at least, the spiggers getting so big is what is keeping me occupied at home, peeling my SO off the ceiling each time one wanders past the monitor.
Zombie Pirates Vs Alien Vampire Ninja's!!! (the pirate ships are robots and the Alien Vampire ninja's have pet human werewolves, it works, really it does, and I have a script if you want.....)
(it is friday after all and i"m heading off to vacation )
and as a result
I think I saw a tent somewhere near the apple store this afternoon.
Mines the one with a Blackberry Bold, Samsung SIIx and a set of car keys......
Could you tilt that "US" map view north by about 25 °?
Who knows, you could find stretches of Alberta or Saskatechewan suitable to purpose.
I'll still chip in though, a mug sounds right.
Icon, since we've got generally better tasting bevvies up here and you'll want one.
Re: Punishing the wrong people.
You've clearly never worked in a large company IT environment.
I'm usually the one running around saying DONT DO EEET!!!!
The business users on the other hand are the ones throwing $$$ at the project, so get more say in how it gets done. Every once in a while I get a win in.
Wall Street Woes : Oh noooooes, there are new kids in our sandbox.
After the @#$%@#$% that wallstreet pulled in lesseee:
1974, 1986, 1995/6/7/8,2000, 2004, 2006->2008
People wonder why they are loosing business? Its about time the whole damn fleet were rolled up, packed on a barge, sailed out to the Marianas Trench, handed concrete life perservers and told to swim for Australia.
While I get the concept about raising funds to enable growth in the economy, I'm a firm believer in *real* value rather than market value. And the market value crap is what keeps causing these "little hiccups" that cost 25% to 45% of "market value" to vanish abruptly. And we've all seen the results of that.
Pensions? what pensions? These are not the pensions you'd been paying into for the last 30 years... these are NEW pensions.
Oh never mind.
still don't like mice.
Sadly -- trackballs are becoming harder and harder to find.....
(at least without diving into the more interesting or expensive parts of the interwebz)
But - as kooky as the apple one button mouse was it was a *much* nicer thing than the blocky ugly critter that was the alternative at that time.
We Is the Law 'round there.
@gaz -- you're getting the right idea.
You have to remember that senior police employees are obsessed with the opportunity to become senior security advisors in the *private* sector, notably to those entities that are eating our governmental financial soup whilst tripling costs, by replacing the public sector staff with underpaid foreign contractors, who cannot do the job, and pocketing the balance.
(oops is my cynicism showing?)
Re: Practical Interim Cost-saving measure
"Deflated versions could be built into the floors of buses and trains to be inflated at the touch of a button when a (necessarily short-sighted) 'oik' causes a minor inconvenience on a train."
Shirley there's an autopilot that might have a vector on that Victor.
tagline says it all
**Warning** the sum total of intelligence on the planet is a constant. The population is growing.
Shhhhhhhhh. No one is supposed to know what I'm up to .....
...... at the back of every IT conference
Was the new guy just there for the free copies of software.....
(what? you didn't?)
These have been called "gypsy" cabs in other times.
Effectively - Lyft and Uber have decided to say "Your business model is broken, we're replacing it for you" to "Taxi Companies".
Sadly - the folks at Pirate Bay have been saying that to a couple of corporate entities for years.
Oh hell -- I"m bitter and cynical today aren't I?
".. or we could just launch patent attorneys at the thing."
This is a viable solution, but not for the issue of the object hitting earth.
Cloudy with a chance of ........
I'm not sure what.
Apps running in cloud A
Authentication services in cloud B
Mail and office apps in cloud C
Desktop in cloud D
Joni Mitchell tune ringing in my head now.
Why am I working in IT?
What is a cloud? A collection of dust, water, and other small particulate matter subject to the wind.
wait a minute here.......
"But instead of providing the long list of questionable tactics that Lyft has used over the years, we are focusing on"
OK -- I get the OMG we're fyghting 4 ur Lyves bit.
But "over the years"? --- as far as I can tell these two entities have only existed for 2. But then I'm just a sane person in canada. (yes, there are a couple of us)
Both of these entities are symptomatic of the economic horsecrap that will sink our global economy.
(icon, tired, grumpy old guy)
It makes me think somewhat.
That parts of Vera were assembled not many feet from where I sit these days.....
You folks over there enjoy the tour please, since we wont get the joy of seeing two of these in the air togther....
Soya lattes. Really?
I get too much blood in my caffeine stream and I turn into nasty bear.
Nice start to my Friday is a Timmie's. Real coffee.
(icon as I'm in need of a coffee top off)
- +Comment Anti-Facebook Ello: Here's why we're still in beta. SPAMGASM!
- Vid+Pics Microsoft WINDOWS 10: Seven ATE Nine. Or Eight did really
- Analysis Windows 10: One for the suits, right Microsoft? Or so one THOUGHT
- Xbox hackers snared US ARMY APACHE GUNSHIP ware - Feds
- George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests