![]() |
HomeGraffitiAboutSitemapVisualDevWorkWebCam![]() Email BrianGPG Key |
GRAFFITI -- March 10 thru March 16, 2003>> Link to the Current Week <<Last Week << Mon Tues Wed Thu Fri Sat Sun >> Next Week Welcome to Orb Graffiti, a place for me to write daily about life and computers. Contrary to popular belief, the two are not interchangeable. About eMail - I publish email sometimes. If you send me an email and you want privacy or anonymity, please say so clearly at the beginning of your message.. |
March 10, 2003 - Updates at 0930 and 1745 EST
Good morning. It's going to be one of those days. Marcia's got surgery on her knee at around noon, so I'm going to be busy bustling about getting things ready beforehand, then playing chauffer, then nursemaid once we get home. I will be checking email fom time to time, and that's the best way to get in touch.
You have a great day, okay?
1745 - Hullo. The good news is that Marcia's fine. Surgery on the right knee went fine: The cutter found more damage than showed on the radiological or MRI (NMR) films, but he fixed it all up. She was on the table for less than an hour. We left here at about 11 this morning and were back home by 1600. Now she's in front of a movie or five, napping, gnawing on a cracker or two, sipping some soda, or napping some more.
I see that earlier I managed to leave the wrong time in at the head of this page. I really did post first at 0930, not at 1515. And I've come home to some 125 emails, only three of which were spam. Some were work related, and a number of them security related, including this important notice that came in from several sources - here's one of the most informative:
...I think it is the new worm called DELOADER and is described at the website of Tendmicro:
The German site http://www.heise.de has written today (in German only unfortunately) that the worm spreads via Windows network shares at port 445. It tries to get access by a built-in list of 85 commonly known weak "Administrator" passwords. After getting access it writes a write-protected copy of itself in the Windows directory named Dvldr32.exe. Then it installs and runs a backdoor programm listening at port 5800. The backdoor programm hides itself as "Explorer.exe". The worm is spreading especially in China but may come to the US and Europe too.
Remember, the rule goes like this: Block all inbound traffic. ALL of it. Then explicitly open those ports that you must to conduct your business, and stay up to date security-wise with the services that run on those ports. Regarding the above warning, it's also important to note that the Worm also opens up port 5900, and leaves a VNC server connection running there for someone to come in and finish the job of raping your box.
Did you see that Niven's been interviewed on Slashdot? If you want to know how well getting "free" press in the right venue works, I've already gotten three inquiries personally about recommendations for specific books that Niven wrote. It must be that I've made it well known in these pages before how much I like his writing, and Pournelle's, among several others. Why doesn't Niven have his own website? You've got me... I don't know why not. Of course, following that link to Jerry's site, I don't know why it isn't VERY easy to get to a list of books he's written, with synopses, and links to buy. You'd think that would be FIRST on the list of things that an author would do with his website, don't you?
Okay, I'd best russle up some food for myself. It's been a long day already, and I've eaten little to nothing yet. The good news is that Coca-Cola is a food group unto itself (Don't try that at home kids, this is one of those "professional driver, closed course" sort of behaviours). See you around.
March 11, 2003 - Updates at 0915
And good morning to you this fine day. There's been precious little that happened since yesterday evening's post. Marcia continues well, thank you. Vicodin works it's magic, and pain is managed. I don't think she'll need those for long though - she's just on half doses as it is. When we're done with prescription meds like this, we always flush the balance, too. It's good not to have such things laying about should we have kid visitors... not that that happens often, but still, prudence, neh?
Here's some more email about ARP floods...
From: Robert Lund
Subject: arp flood
Date: Sun, 9 Mar 2003 02:14:27 -0600Hello Brian
Was reading Mr. Thompson... well trying ... the server was down, anyway wound up on your site to get the indepth news of the calamity which makes for good read, especially when it's somebody elses. My days are filled with similiar and I don't need any more, thankyou.
Anyway the reason I write is that I also have been getting drummed with arp requests at my cable modem (charter cable) which has been going on for a couple months now. After the first three days of it, when it didn't subside and didn't look like it was going to, I put a packet sniffer on it and at least was able to conclude that it wasn't me under attack but rather similiar if not the same to what you witnessed.
This anomoly while annoying is not stealing much in the way of bandwith but I'd just as soon it would be gone as your are, the difference being I have less patience with tech support and truly loath the Benson zone when applied in such manner as you endured.
Still, resolution would be an interesting read to look forward to and I wish you well in this endevour especially since your better equiped to cut to the heart of this matter than most. On the other hand I would well understand if time spent was considered time wasted providing free diagnostic services to companies we pay good money to for the privilege.
At any rate I do enjoy dropping by your pages from time to time. Good stuff all.
Best regards;
Robert Lund
Mine has softened up quite a bit over the last few days. I am guessing that while I can't actually REACH anyone of competence in such matters at Comcast, there are those with such access who read me and passed along the word. It was only a day or so after the post when the ARP flood took a dive.
This outage (on Saturday) affected Bob, Jerry, Greg, myself and others on Rocket. I think we're making progress both at the policy and at the technical levels.
Glad to be your host here from time to time.
Finally, for now, in case you were worried about our weather, yes... it's snowing again. Little useless flakes that currently are not sticking to anything, and the fall is supposed to end before noon, but still. Back in California, I had my tomatoes in the ground for nearly a MONTH by this time of year. Sheesh. Have a fun day where ever you are!!!
March 12, 2003 - Updates at 0715
Howdy. Well, it's back to work for me and for Marcia. I've got two or three separate client gigs today; Marcia's working from home, so she can rest easily if the need arises. We've got just about everything she needs up here, ready to hand. She'll venture downstairs once around lunchtime. I'm thinking she'll be fine.
Yesteday I spent a few hours sprucing up an old logo and dinking around with some different menu schemes while I roiled around some new site ideas for an old customer. I also called/exchanged email with a couple of the clients that I'll be seeing today and tomorrow. So, you see, I've stayed busy while playing at nursemaid, too.
Hmmm. I've got nothing more to say. I suppose I'll toddle off to work then. You have a lovely day, and you, and especially you.
March 13, 2003 - Updates at 0700
Time is short, and I've got to be across two counties by 8 this morning, so this will be brief. Oh, good morning! First off, news to rejoice by: That Utah teenager's been found after 9 months missing - alive! On the news, the maroonic talking head was asking the pre-paid expert how unlikely it was that Elizabeth might have been found alive. The "expert" said that only one to two percent of child abductions are ever resolved with the child being found alive... failing to mention that most of those are in the first 24 to 48 hours. Elizabeth Smart's case is now in the astronomically low odds category.
Second, I've had to reset several pieces of equipment just to try to get back online this morning. That and I've got nearly continuous traffic on the line again. I'll check it out tonight. But now I must fly. See ya!
March 14, 2003 - Updates at 0645
G ood morning. Sorry for the immediate brevity but I must fly. However, there is this news from/about Chris Ward-Johnson (aka Dr. Keyboard)...
From: Phil Hough
Subject: Dr Keyboard Sites
Date: Fri, 14 Mar 2003 10:34:39 +0000 (GMT)Chris has asked if you'd mention on your sites that the DrKeyboard websites (and emails) are all currently down, and that if people need to contact him urgently via email, to use chriswj [at] tiscali.fr
That's it for now, I've got to fly. Posts during the day as appropriate.
March 15, 2003 - Updates at 0915
From: Ronald Laplante <[email protected]>
Cc: [email protected]
Date: Fri, 14 Mar 2003 20:32:27 -0500your site sucks ass. it should be about graf but it aint
Thank you for your kind words, Mr. Laplante. I've left the email addresses in place so that interested parties, like spam-harvesting robots, can pick up your address and send you some of those important offers that you might have been missing, along with your friend who uses Yahoo up in Canada. Best wishes on a more literate and productive future than you seem likely to end up in.
Heh. Good morning. Sometimes it takes a moron to make my day. Mr. Laplante accomplished more than he expected (or was that expectorated?). Anywho, what's new in the world? I've been busy putting out assorted technical brushfires this morning. That included modifying my DNS zone files to compensate for our development server picking up a new IP address from Comcast. Then I found that Postfix, running on that self-same server, was sucking up all of the available CPU. I haven't had time to suss that one yet, so I simply shut it down. It's not a production mail server anyway, so doesn't need to be running, although Greg and I will be interested to see what is breaking it before the same thing happens on Rocket. Then I ran the backups from Rocket here into my network - the backups that failed the last couple of nights because the dev box picked up a new IP. There, do you see that Doug Adams in the persona of Dirk Gently was right? Everything IS interconnected. I think I need to go sit on a beach someplace and contemplate this prospect.
On tap for today I have the following chores: bills, shower stall recaulk (yeah, it's cracking out again), Costco run, and laundry. That's all I can remember at the moment, and maybe more than I can do in one day. While Marcia is improving daily (and went to work yesterday), she needs to spend as little time ON her knee as possible for another week or so. The exercise she's doing is from a recumbent position, with leg lifts, muscle tension tricks and other movements accomplished without having actual weight on her knee.
If I get some time in between all of those, then I'm going to work on the CVS thing for Tom. So here's something else for you to read, since I'm leading such a boring life at the moment. In this link, Eric Raymond posts a proposed Amicus Curiae pertaining to the SCO vs. IBM suit. It's an informative read. Now, on with my day. You have a good'un, too.
March 16, 2003 - Updates at 0823
Good morning. First, here's an important newsbreak from Roland Dobbins:
Subject: Samba exploit, fix
From: Roland Dobbins <elided>
Date: Sat, 15 Mar 2003 18:05:24 -0800Please post ASAP, thanks!
Roland Dobbins
Yesterday was moderately successful. The caulking didn't happen, and Marcia helped with the laundry. But I got both cars vacuumed, cleaned inside, and washed outside. I made some progress on the CVS project. Life goes on. So the shower stall is first up this morning, followed by the big weekly shopping run. Boring, boring, boring... so I won't inflict any more of it upon you. Later, perhaps, I'll be more alert, lively and interesting. And pigs may fly. See you around!
Last Week << Mon Tues Wed Thu Fri Sat Sun >> Next Week
Visit the rest of the DAYNOTES GANG, a collection of bright minds and sharp wits. Really, I don't know why they tolerate me <grin>. My personal inspiration for these pages is Dr. Jerry Pournelle. I am also indebted to Bob Thompson and Tom Syroid for their patience, guidance and feedback. Of course, I am sustained by and beholden to my lovely wife, Marcia. You can find her online too, at http://www.dutchgirl.net/. Thanks for dropping by.
All Content Copyright © 1999-2003 Brian P. Bilbrey.