Welcome 
to Orb Designs

Home

Graffiti

About

Sitemap

Visual

DevWork


Email Brian Bilbrey

Email Brian

GPG Key

GRAFFITI -- October 25, 2004 thru October 31, 2004

>> Link to the Current Week <<

Last Week << Mon   Tues   Wed   Thu   Fri   Sat   Sun >> Next Week


Search this site :

Welcome to Orb Graffiti, a place for me to write daily about life and computers. Contrary to popular belief, the two are not interchangeable.     About eMail - I publish email sometimes. If you send me an email and you want privacy or anonymity, please say so clearly at the beginning of your message.

Ron Paul in 2008

Creative Commons License

Read LinuxGazette, get a clue.

MONDAY    Tues    Wed    Thu    Fri    Sat    Sun   
October 25, 2004

0640 - Good morning. Welcome to my first day on the job at (nfr)(security). In un-related news, here's a warning I sent out.

Subject: PHISHING ALERT !!! [Fwd: [TAG] RedHat: Buffer Overflow in "ls" and "mkdir"]

WARNING! Danger, Will Robinson.

The below message showed up on the Linuxgazette.net TAG list this
evening. This is NOT a legitimate alert, nor is it a legitimate patch.
BAD THINGS will happen if you follow the instructions in the email. This
is the first major phishing expedition I've seen against Linux.

Going to the site specified has it still up at this point. I'll be
sending a message to [email protected] in a moment, since this site is
hosted by yahoo... The whois record shows a real name and address ...
this starts to feel like a joe-job.

Be warned. The people LIKELY to be fooled by a message like this are new
Linux users, and especially new Linux admins, recently migrated over
from their MSCE-ness.

-------- Original Message --------
Subject: 	[TAG] RedHat: Buffer Overflow in "ls" and "mkdir"
Date: 	Sun, 24 Oct 2004 17:48:34 -0500
From: 	RedHat Security Team 
Reply-To: 	[email protected], The Answer Gang 
To: 	[email protected]



Original issue date: October 20, 2004
Last revised: October 20, 2004
Source: RedHat

A complete revision history is at the end of this file.

Dear RedHat user,

Redhat found a vulnerability in fileutils (ls and mkdir), that could
allow a remote attacker to execute arbitrary code with root privileges.
Some of the affected linux distributions include RedHat 7.2, RedHat 7.3,
RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2 and not only. It is
known that *BSD and Solaris platforms are NOT affected.

The RedHat Security Team strongly advises you to immediately apply the*
fileutils-1.0.6 patch*. This is a critical-critical update that you must
make by following these steps:

    * First download the patch from the Security RedHat mirror: */wget
      www.fedora-redhat.com/fileutils-1.0.6.patch.tar.gz/*
    * Untar the patch:/* tar zxvf fileutils-1.0.6.patch.tar.gz*/
    * /*cd fileutils-1.0.6.patch*/
    * /*make*/
    * /*./inst*/

Again, please apply this patch as soon as possible or you risk your
system and others` to be compromised.

Thank you for your prompt attention to this serious matter,

RedHat Security Team.

Copyright © 2004 Red Hat, Inc. All rights reserved.

-- Brian Bilbrey : http://www.orbdesigns.com/ ... 
    ... maybe they can't be called "volunteers" any more if somebody 
    ends up being silly enough to pay them for something they'd have 
    done for free anyway. - Linus in the Seattle Times 

Here's hoping for a good day all around, even if it IS Monday. I should have started on a Friday, so that I could have a weekend right after my first day. Heh! Okay, gotta roll. Take it easy.

Top  /  Email Brian


Mon    TUESDAY    Wed    Thu    Fri    Sat    Sun   
October 26, 2004

0632 - Good morning. So commences day two. Yesterday was filled with paperwork, grand tours, five-minute tours, nickel tours, and a meeting or two. We laid out the work and goals for my next six months or so at (nfr), and I have until the end of November to get most of that done... heh. Just kidding. But there's a lot of work ahead of me - I'll be able to contribute here, and learn a lot of new stuff at the same time. This one is gonna be fun, too, but then, I always try to have fun doing what I do for a living. Otherwise it's just a drudge.

I've got little time this morning, night before last I didn't sleep well -- pre-first-day jitters, I presume. Then, although I was blessed with a nearly miraculous 38 minute commute home, by the time chores, email and so forth was done with, I was pretty much through. I got to read the latest Linux Magazine while eating a late supper ... that's generally a pretty good piece of dead-tree-ware, and the November issue is no exception, with good surrounding articles and commentary around a core set of articles about HPC and related topics.

No thanks to my friend Mike for sharing this with me:

William Shatner sings again

Oh, and I owe all of you another link, too. Greg has finally gotten his typing fingers back online and away from the backstage of Zidane - check out his new 'blog at tetious.livejournal.com. Now I should go to work. Have a great day!

Top  /  Email Brian


Mon    Tues    WEDNESDAY    Thu    Fri    Sat    Sun   
October 27, 2004

0656 - Good morning. My, I have a lot to learn. More about their systems and the relationships between them, interactions, service offered and allowed, etc. etc. etc. My brain is busy. The only good news is that out of the last three days that I've awakened at 0400, this morning I finally managed to get back to sleep for a little while. Besides that, I've nothing new to offer this morning. Have a great day!

Top  /  Email Brian


Mon    Tues    Wed    THURSDAY    Fri    Sat    Sun   
October 28, 2004

0619 - Good morning. You know, sometimes, a body just has to laugh, for good reason, or at inappropriate times. A good reason was the bumpersticker I saw this morning: Stop Continental Drift. Alrighty. You go on ahead. I'll watch, maybe film it. Were you thinking of throwing your own little self into a subduction zone or what? Hmmm. Then there was this tidbit in the Debian Weekly News:

"Support for real i386 Machines. Frank Lichtenheld [5]aggregated the opinion of the release team and reported that they have decided to keep -i386 kernels which will continue to run on real 80386 machines. The used [6]patch, though, is [7]said to contain security problems, which only exist on real 80386 machines."

Buggywhips, too, please. Or is this for embedded use? I know, it's a two sentence contraction of a long email discussion, but it seemed pretty incongruous to me when it whacked me upside the head first thing I opened my email yesterday morning. Don't get me wrong. Debian is and guards a lot of what is best about Linux development. There's no distro I prefer more for server applications, and I'm semi-prone to running it on desktop hardware from time to time. I'm just not sure how applicable true -i386 is in the mainline Debian tree. There's plenty of architectures there, though, so as long as that's someone's calling, I can get behind that.


I wanted to point out a resource and a new friend: Ross Barkman (Mike Barkman's son). Ross has been very thoughtful in keeping us geographically challenged Daynoters a little bit in the loop as we each took in our bit of mortality following the passing of Mike. The UK contingent of the Daynotes Gang has had a chance to meet Ross and validates our experience of him as a good bloke. Ross has a home page with more on it than I could ever want to know about Macs, Cellphones, and how thost devices work together (or not, as the case may be). If you need to know that sort of stuff, or just want to track Ross down and thank him for having a great dad, then that's a decent starting point. And if you talk him into the time-eating exercise that we practice in the Daynotes, then we might get him some pointage on one of the main pages one of these years.


A rapidly waning moon A rapidly waning moon A rapidly waning moon

Not the best shots in the world, but shot by hand with an auto-focusing digital camera? Not as shabby as might have been, though those are the best three out of perhaps 60 shots. Most were a bit blurrier from not holding my hand absolutely still. There you are, though.


Now, with me nursing what threatens to be a hell of a headcold, I had better be on my way into work. I've got a fun day ahead touching lots of hardware and reading off serial numbers as we audit the hardware in preparation for allocation to the reimaging, donation or disposal stacks.

Top  /  Email Brian


Mon    Tues    Wed    Thu    FRIDAY    Sat    Sun   
October 29, 2004

1835 - Good evening. I didn't even try to get a post up this morning. I rolled out of bed, in and out of the shower, into clothes, car and traffic, in about that short a time. Another early day to get to, but finished up what needed doing, and I'm solving a few small problems here and there ... starting to make my presence felt.

I've got another little distraction ... the Patriarch had a small heart attack yesterday. The FD came along at his call and fetched him out to John Muir Hospital, when they did a bunch of tests, then an angiogram, and finally installed a stent. He was probably ready to come home from the hospital last night, but I'm waiting for the latest word now, whether it's today or tomorrow. That's an odd event, for sure. Heart trouble just isn't in the family genes, but I suppose that since we all live way longer than the actuaries would like, bits can start wearing out. Eeeesh! Send good thoughts his way, when you get a chance, okay?

Well, I guess I'll figure out what's for supper next. Take 'er easy, I'll catch up with you soonish.


Current listening: Blues Traveler - Straight On Till Morning

Top  /  Email Brian


Mon    Tues    Wed    Thu    Fri    SATURDAY    Sun   
October 30, 2004

1810 - Good afternoon. A wasted day, really. Slept really late, until nearly 0900. We have good dogs. Marcia headed out for an errand or two, but we're both still fighting this congestion thingy that isn't somehow full boat gonzo cold nor flu, just a drag and a drain. The vitamins and such are probably helping keep things at bay. So I haven't done jack-all today except get 3D acceleration working here on Vimes, and test it with a few rounds of UT2003.

The prognosis from the left coast is good. The Patriarch (and I mean that in a Kzinti sense) is doing well, he was allowed home yesterday. The stent is doing it's job in the one problem area, and all the other arteries were clean as a whistle. Odd, that. But we spoke at length, although I didn't do as Marcia asked and tell him to "knock that shit off, they're supposed to live into their hundreds." Thanks for the thoughtful emails that I've received from a number of y'all. It's very kind.

Now it's time to feed the mutts. Have a good evening. Bah humbug!

Top  /  Email Brian


Mon    Tues    Wed    Thu    Fri    Sat    SUNDAY  
October 31, 2004

Molly desktop wallpaper for Halloween.

1048 - Good morning. Did you set your clocks back an hour? Replace the batteries in the smoke detectors? Good, good. Above you can see a screenshot of my new desktop wallpaper. Molly got in the Halloween spirit for me and the camera last night, and I just love this shot. Bob, show Malcolm what he's in for, okay?

I've plenty of chores today, from mowing front and back to bills and deposits and such. More later as events permit. Happy All Hallow's Eve, and study those voters guides so you know what you're doing on Tuesday. There'll be a lot of voters out there, and if you dally, then someone else may give up out of frustration. Be prepared, and GET OUT THE VOTE!

Top  /  Email Brian


Last Week << Mon   Tues   Wed   Thu   Fri   Sat   Sun >> Next Week


Visit the rest of the DAYNOTES GANG, a collection of bright minds and sharp wits. Really, I don't know why they tolerate me <grin>. My personal inspiration for these pages is Dr. Jerry Pournelle. I am also indebted to Bob Thompson and Tom Syroid for their patience, guidance and feedback. Of course, I am sustained by and beholden to my lovely wife, Marcia. You can find her online too, at http://www.dutchgirl.net/. Thanks for dropping by.

All Content Copyright © 1999-2011 Brian P. Bilbrey.

Creative Commons License
Except where otherwise noted, this site is licensed under the
Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.