 |
||||
HomeGraffitiWebCamAboutSiteVisualDevGPG Key |
Orb Designs Grafitti -- January 20 thru January 26, 2003
Welcome to Orb Graffiti, a place for me to write daily about life and computers. Contrary to popular belief, the two are not interchangeable. EMAIL - I publish email sometimes. If you send me an email and you want privacy or anonymity, please say so clearly at the beginning of your message.. |
MONDAY
Tues
Wed
Thu
Fri
Sat
Sun
January 20, 2003 - Updates at 0816 EST
Good morning. I hope you've had a good weekend. Whether you're working or not today, take a moment to spare a thought for Martin Luther King, Jr. This day is the Federal holiday to mark the January 15th birthday of this man who lead the way for so much of the civil rights reform that this country needed. There were many others - from Rosa Parks to Malcom X. And many were killed in the struggle. I'm sure that Dr. King didn't set out to be a martyr, but I don't think he'd have changed his goals or his activism. The color of your skin is a terrible way to sort people. Attitude? Intelligence? Sure - merit-based judgements are fine in this book. If you're not bright enough to be a rocket scientist, then you're not - bussing and legislation won't change that. If you're an asshole and no fun to be around, well then, that is likely to affect your ability to play well with others, neh? These are the things I look at when evaluating someone else. I do find one thing useful: When I know that someone else does make their judgement based on skin-tone ... then I can tell you that's someone that I have no use for. They're either stupid, ignorant, or both.
Svenson writes in this morning, on a couple of topics based on yesterday's post. First, about the grass being greener where it rains, he notes, "*sigh, looks out to the puddled lawn* Here it does rain. And I can tell drowned grass doesn't look green." Then, regarding my astonishment at CMP online article charges, Svenson says, "Bandwith costs so I suppose you should add a cent there as well. That's gonna tip the balance. ^_^ And of course they are not ever going to put ads on their web site ..." Indeed!
I also had fun with fonts yesterday. You know how the standard complaint goes - I've got some document created in a Microsoft environment, and the fonts don't render (properly or at all, depending) when it's opened in Linux. Well, I've got a flipside story for you. First off, I have a bunch of Ogg Vorbis encoded tunes. Instead of running them off of my computer, I decided to put them over on Marcia's machine. Then we can listen from there instead, as my machines are in and out of different OSes a little more often than hers. But when I went to copy the files over, I started running into something: File Error 1026. Again and again, and I just couldn't seem to find ou what the problem was. I went back and forth between machines, and finally found this: For one example, on Linux in Konqueror, the filename looks like this:
Tannhäuser_opera_in_3_acts_WWV70_Overture.ogg
Whereas this is how the actual characters look when cut from a browser and pasted here.
Tannh%A4user_opera_in_3_acts_WWV70_Overture.ogg
Now the problem is that this is a valid filename in Linux. The whole 8-bit character set is in use. It doesn't care as long as reserved symbols (like ?, *, /, etc.) aren't used as a part of the filename. Depending on the font set that is being used to render the filename, it either shows up properly, or with a ? where the unknown characters are. But when I tried to move these files over to Marcia's Windows 98 box, it flatly refused, giving me the error above. I presume that Windows only likes 7-bit characters in filenames. I ended up having to go through and change those filenames to their un-marked equivalents, from ä to a, in the case above. 20 or 30 of those were necessary to get the batch of 2000-plus files moved. What a PITA!
Have a great day. I've got some consulting work to do, and a piece of furniture to assemble, perhaps. Take it easy.
Mon
TUESDAY
Wed
Thu
Fri
Sat
Sun
January 21, 2003 - Updates at 0715
Hullo. I spent the bulk of yesterday slogging through a batch of possible site re-designs for ETS. Yeah, I've continued to do a little consulting for them here and there. They've got Rob Barton now, helping them out with some of the IT stuff locally. He's a competent guy, I'm impressed with his work and he appears to be getting on fine with Jack, Trudy and the gang. That pleases me no end. I'll be moving their webs and email over to Rocket one day soon, too.
Last night, Marcia and I went out to supper up in Baltimore, back to Legal Seafoods. We had a nice certificate for them from the Sales force at Marcia's office (as a holiday/appreciation gift), so there we went. Afterwards, we were off to Macy's to exchange a gift basket that didn't survive the shipping. In it's place we've got... another basket on order, and they're down to clearance prices now, so we also picked up one of those George Foreman grilling things. I've seen Larry and Cheryl's in operation - it works well and drains the fat away from the meat. Good deal.
Today starts a busy, busy four day run. I've got several clients to visit this week, but I haven't been able to schedule any of them yet because I need to coordinate with someone else who's planning wasn't set until last night, when he called the Jury line to see if he's been called. This morning, I find out and we set the week in stone. And joy of joys, the snow that managed not to fall in the last two days is dropping like ash during a volcanic eruption. It's not sticking to the roads at the moment, and it's not supposed to accumulate much - just there to screw up the morning commute following the three day weekend, I guess.
I need to get out in that, just as soon as I've done the email... and that's done. There's some interesting discussions on the CBP list about the fallout from the Eldred decision. I end up having to flash through that and keep going, there's so much to do. Okay, have a great day, folks. Stay safe.
Mon
Tues
WEDNESDAY
Thu
Fri
Sat
Sun
January 22, 2003 - Updates at 0719
Good morning. I received a note from Holden Aust in my morning's mail, containing a link to CNN. This article, HP getting $2B in sales from Linux, is clear just from the headline, for once. So, with HP making two billion a year from Linux, out of a total revenue of approximately 72 billion, that seems somewhat less than significant. Except that that's almost three percent of a revenue stream that has a large component of laserjet and ink cartridges. That part of HP's business is generally considered to be about one third of their business, so let's put Linux's up against the remaining 48 billion: Hmm, we're up over four percent of total revenue now. How cool is that? Then there was this one interesting quote from the end of the article:
Market research groups such IDC have estimated the number of Linux installations has grown by some 35 percent last year, while overall IT budgets were flat or declining.
Lovely, really. Now, I've got two sites to be at today. In succession, not simultaneously, fortunately, but I really must fly. One of them involves a Linux box configuration, so my rate for today is about 50%. Even better than HP, eh? Have an interesting day, mine will be!
Mon
Tues
Wed
THURSDAY
Fri
Sat
Sun
January 23, 2003 - Updates at 0724
Good morning. It's trash day, and things have piled up since there was no pick up this week, and we didn't put out the recycling last week this time. So there's a bit of that to do before I get rolling. But first, a few items of interest. Last night I installed a new kernel from sources here on Goldfinger, my Gentoo workstation. The package is called ck-sources, a desktop-performance enhancing set of kernel source patches from Con Kolivas. When I built this kernel, I tweaked a number of options, and selected several new things to implement, with interesting results.
The new kernel started out booting like a lamed and arthritic banana slug, then got slower! After much experimenting and tweaking of the variables that I'd chosen, I found the problem. There's a new option that turned up under the Character Devices section in kernel configuration; it's called AMD 76x native power management. Two things to note about this. One is that it's marked experimental, right there. Second... it doesn't work on my hardware to save the world. Once I unchecked that, and rebuilt, then all was both hunky and dory. Then I went back in one last time, and added all the tweaks that I wanted in. I ended up building that kernel a good ten or twelve times to get it where I want it. And it's fast, yep, fast. Look for a number of these patches to end up in a released kernel from someone like Red Hat, one of these days. Not all, of course. It's likely that some sacrifice to stability comes with speed. I'll keep you updated.
There is a vulnerability notice in my inbox this morning for Vim. It appears this was discovered last month, and finally made it out to the distributions. Here's the original warning. I'll be updating Vim on all my systems, just as a matter of precaution. I use Vim not only as me, but as root for doing all sorts of admin tasks. I'm not fond of running vulnerable packages as root, which is why I stay on top of security stuff, best as I can.
Okay, time to get busy. I'm going to get the Elantra oiled this morning, then spend the balance of the day at a customer site installing DVD burners (for image data backup), workstation scanners and a new Win2K server. Sounds like a full day to me. Take it easy.
Mon
Tues
Wed
Thu
FRIDAY
Sat
Sun
January 24, 2003 - Updates at 0700
Good morning. Greg dropped me an email last night to let me know that he was running a particular Perl script on our testbed server (not this one, another one, this box is nominally a production server, right? Right!). This script may or may not bring into being a vulnerability of some kind or another, but he warned that it might stress the system a little bit. Now the test server is sitting right by me, and it's the once and future Grendel, the workhorse of a Gateway with a PII-233 and other weenie little girly-man components, in this day and age of quad-hyperthreading-Xeons and so forth. That is, Grendel's a great server, he just keeps chugging along. So I log into the box via ssh, just to see what's up, and run top. I saved this for you...
8:09pm up 67 days, 23:57, 3 users, load average: 333.76, 293.74, 276.36
402 processes: 72 sleeping, 330 running, 0 zombie, 0 stopped
CPU states: 11.8% user, 50.8% system, 37.3% nice, 0.0% idle
Mem: 127476K av, 75620K used, 51856K free, 0K shrd, 884K buff
Swap: 530136K av, 16444K used, 513692K free 17188K cached
A load average of 333.76. Why, why, that's almost perfectly half-satanic. And very, very heavily loaded. The cool thing is that even under this ludicrous (one might say Plaid) load, the Apache and MySQL daemons just keep doing their thing. It's a little slower than you'll see on the real LinuxMuse site, but then that's running on a AMD Athlon(tm) XP 1700+ running at .1460.173 MHz. That's just a wee bit faster than an Intell Pentium II (Klamath) clocked at 233.291 MHz. It's not, at this point, how well the bear dances, but that he dances at all.
All I can think is that Greg's writing some new articles for LinuxMuse, and is also under the influence of some strongly hallucinogenic alien mind-warp rays from the planet Polyester. I mean... wow!
It's in the single digits or low teens (Farenheit) right here and now. There was a light dusting of snow overnight, but it's so light, dry and cold that there's no problems with sticking at all. The high today is going to be nearly up to freezing, up from the past couple of days. Woo hoo. Yesterday I froze some windex to the windshield, then came inside. Making my lunch, the food in the refrigerator felt warm. And yes, the fridge is working fine.
Now it's off to Rockville. Some more fun stuff is happening, and I'll tell you all about it tomorrow. Have a lovely day.
Mon
Tues
Wed
Thu
Fri
SATURDAY
Sun
January 25, 2003 - Updates at 0910, 0956
Good morning, if you can call it good. So here goes. RED ALERT. That's right, I had to change bulbs in the Orb Designs Threat Board, by myself since Kryten isn't aboard at the moment. There's a new worm in the wild. I had notices from the Quest internet team and Roland Dobbins (the latter forwarded by way of Bob Thompson), and started hunting about for more information. Here's the initial warning from SecurityFocus' BugTraq list
To: BugTraq
Subject: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!
Date: Jan 25 2003 7:11AM
Author: Michael Bacarella <removed>
Message-ID: <[email protected]>
I'm getting massive packet loss to various points on the globe.
I am seeing a lot of these in my tcpdump output on each
host.
02:06:31.017088 150.140.142.17.3047 > 24.193.37.212.ms-sql-m: udp 376
02:06:31.017244 24.193.37.212 > 150.140.142.17: icmp: 24.193.37.212 udp port ms-sql-m unreachable
[tos 0xc0
It looks like there's a worm affecting MS SQL Server which is
pingflooding addresses at some random sequence.
All admins with access to routers should block port 1434 (ms-sql-m)!
Everyone running MS SQL Server shut it the hell down or make
sure it can't access the internet proper!
I make no guarantees that this information is correct, test it
out for yourself!
--
Michael Bacarella 24/7 phone: removed
Netgraft Corporation http://netgraft.com/
"unique technologies to empower your business"
There's more than a few responses to that message up on the site. Following that, I logged into Rocket, our server here to see what was going on. In Roland's message he suggested blocking all of port 1434, and that's a good thing. We do that already, of course. Our strategy is to block everything by default, then allow that which must be allowed - port 80, etc. For packets blocked by the firewall, those are logged. The first packet in this attack arrived at our server in the wee hours of this morning, and looked like this in our firewall logs
Jan 25 00:30:54 rocket kernel: FIREWALL:IN=eth0 OUT= MAC=00:e0:06:fd:62:bc:00:e0:52:0e:81:e6:08:00
SRC=204.157.2.6 DST=64.246.16.16 LEN=404 TOS=0x00 PREC=0x00 TTL=122 ID=540 PROTO=UDP
SPT=4067 DPT=1434 LEN=384
Since then, there have been another 180 logged arrivals destined for port 1434, all UDP. The terrible part about this is twofold. First, why are there MS SQL Server ports open to the Internet? What reason on God's green Earth can one have for running a service like that exposed to the world. As if IIS isn't bad enough, eh? Secondly, this worm apparently exploits a vulnerability that's been patched already by Microsoft. For MONTHS, since last July. Sheesh.
More later, I've got work to do...
0956 - The people at FoxNews TV have editors that shorten things up just a little too much. This was apparently on the News Ticker at the bottom of the screen: "The virus spreads using a Microsoft vulnerability known as 'SQL Server'". Meantime, at least one comment someplace suggested that the right name for this beastie is Bill's Tapeworm. More as events warrent...
Mon
Tues
Wed
Thu
Fri
Sat
SUNDAY
January 26, 2003 - Updates at 1125
Good morning. Within hours of my post yesterday, the largest part of the attack vector known in these parts as Bill's Tapeworm (aka "Sapphire" SQL worm, SQL Slammer, etc.) was trailing off rapidly. Mind you, that had nothing to do with my post, it was just that the people that matter - administrators for key core routers - set their systems to stop routing UDP traffic destined for port 1434. At it's peak, the internet as a whole experienced packet losses ranging up to nearly 20%. Of course, that's an average, and some sectors were whacked much harder.
The funny thing is that people are crying woe, doom and gloom over the fragility of the internet. I say, huzzah! It got hit hard by a blind-side worm that attacked a vulnerability that was very hard to patch properly (thank YOU, Microsoft) and still we were back up to full speed in a matter of hours.
Now, it's easy to blame MS for not repairing the vulnerability properly. I am given to understand that later roll-up patches removed the original vulnerability patch, if it had been applied. Silly, really. It's also true that committed, responsible system adminstrators should never have had machines with SQL Server ports open showing on the internet. That's irresponsible firewalling policy. But the bad guy here is the asshole who thought it would be a hoot to put this ~400 byte UDP packet out into the wild, and see how much havoc he could cause.
For those of you interested in the post-mortem on the beastie, here's an analysis I found while scanning the BugTraq archives: http://www.techie.hopto.org/sqlworm.html
For the late start this morning, sorry. We were out until the wee hours this morning, having had a lovely dinner and relaxing jazz filled evening at 701 Restaurant (Flash and Javascript there, not my fault) down in the District last night. We went with Jim and Judy and Lee and Jim. The assorted dogs stayed home and moped about. A marvelous time was had by all, and dinner cost enough to feed an entire swamp full of Mattresses from Squornshellous Zeta for an eon or two. Of course, looking up the name of that particular planet ran me past one of my favorite poems from Marvin, the paranoid android:
Now the world has gone to bed,
Darkness won't engulf my head,
I can see by infrared,
How I hate the night.Now I lay me down to sleep,
Try to count electric sheep,
Sweet dream wishes you can keep,
How I hate the night.
There's one to teach to the kidlets. They'll giggle their way through that as they annoy their mother, then make a few beep beep noises and drop off like Hotblack Desiato's black stunt ship diving into the sun. Yesterday, for chores, I managed to assemble the wine rack that Marcia ordered in several months ago. Yes, yes, I know that I'm a slacker, but I'm her slacker, and she loves me anyway. Now on with the day. Take care...
Mon
Tues
Wed
Thu
Fri
Sat
Sun
Last Week
<-- * -->
Next Week
Visit the rest of the DAYNOTES GANG, a collection of bright minds and sharp wits. Really, I don't know why they tolerate me <grin>. My personal inspiration for these pages is Dr. Jerry Pournelle. I am also indebted to Bob Thompson and Tom Syroid for their patience, guidance and feedback. Of course, I am sustained by and beholden to my lovely wife, Marcia. You can find her online too, at http://www.dutchgirl.net/. Thanks for dropping by.
All Content Copyright © 1999-2003 Brian P. Bilbrey.