Das Blog
InterMapper & RT: You two play nice now…
This is going to be one of my rambling sysadmin-y entries talking about stuff that's probably of little general interest. Fair warning given.
There are two components that I would consider essential to proper system administration: GOOD Monitoring and Issue/Incident Tracking. It is imperative that you know when a problem arises (preferably before anyone else notices) and that you keep track of the problems you have encountered in order to spot troublesome systems and redesign them to stop bugging you.
Those of you who have worked with me know I have my prejudices in both of these areas, and that for the last few years I've settled on two pieces of software to fill these roles: InterMapper for monitoring and RT for issue tracking.
The major caveat of this pairing is that the two have no formal integration: InterMapper will happily send emails, and RT will happily accept emails and turn them into tickets, but RT doesn't know when InterMapper is telling it about the same problem twice, or that a previous issue has been cleared. The end result of this lack of integration is that you have a bunch of RT tickets for the same issue which need to be manually merged and resolved, and this manual bit bugged me enough that I actually took the time to fix it!
Continue reading "InterMapper & RT: You two play nice now…"
F the CC - Joe Biden's F-Bomb
So the Vice President of the United States of America said "Fuck". On the air. Twice.
Big fucking deal.
I've been prodded by a few people about this, so here's my 90 second commentary:
Joey-B dropped the F-Bomb twice during daytime programming hours (well outside the 10pm - 6am "Safe Harbor" for cussing up a storm on the air).
The last time I checked the FCC was to levy a fine of $7000 for each violation (i.e. every time a word slips out over the air), scalable up to $32500 based on other factors, like a history of prior infringements (and we clearly have at least two violations here).
So I have a few quetions.
- Is the FCC going to fine all the broadcasters who carried this speech live-live (no delay) and/or those who carried it with a net & failed to hit the bleep button fast enough?
- Is the FCC going to fine either Joe Biden (personally) or the US Government (as an entity) for producing/distributing profane material?
- Will we ever get rid of our nation's irrational fear of the word FUCK and the sight of breasts?
Interesting (impractial) OpenSSL attack
While I usually read El Reg for teh lulz occasionally they come up with an interesting nugget, like their article on a "severe" OpenSSL vulnerability (quotes theirs). This vulnerability comes to us courtesy of the University of Michigan, and is tied to a simple oversight in the OpenSSL code: It doesn't perform a verification pass on signatures before sending them to a client.
So all you crypto-nerds, how many of you do a verify on your signatures before you send them? Hands please? Nobody? Not even me? -- Yeah, we all tend to trust that our math Just Works. I mean it's a computer, you put in fixed input through a deterministic algorithm and you get the same output ever time. Right? Nope.
- Computers, as we all hopefully know, aren't perfect. Trillions of minor errors happen every day, and they're usually compensated for: ECC RAM, cross-checks of math, etc. But because OpenSSL doesn't do a cross-check it's possible for those minor errors to creep into a transmitted signature. As the good folks from UMichigan explain in their paper if you can induce some minor errors in the OpenSSL signature math and collect a good signature and a large enough set of flawed signatures you can eventually derive the private key used for the signing.
That is all well and good, except it relies on errors in the system generating the signatures. These errors are rare (and pretty random) in the real world, so no problem, right? Wrong again Sparky! These clever folks came up with something I wouldn't ever have thought of.
-
Those of you who have worked on old Commodore computers probably know one of the first symptoms of a power supply going wonky is that the system starts acting up: Lots of random crashes, video corruption, etc. Why does that happen? Because the voltage being supplied to the system is fluctuating. Fluctuating voltages (specifically down-swings) cause all the magical voltage regulation hardware to go out of regulation, which feeds out-of-spec voltages to the chips, which in turn start making mistakes in their math.
The bottom line for this attack is an extension of that well-known Commodore problem: By putting controlled voltage fluctuations into the power supply of real computers (SPARC boxen running Linux) the UMichigan folks were able to induce errors in the math used by the real-world OpenSSL code and recover an actual key.
Continue reading "Interesting (impractial) OpenSSL attack"
Born Trilogy (@rob_t_firefly takes the blame for this)
So the point of this whole thing is trivial enough that I went ahead and did it: Go to Wikipedia and type in your birthday (month and day). Then you write down 3 events, 3 births, 3 deaths and 3 holidays.
December 29
Events
- 1778 – American Revolutionary War: 3,500 British soldiers under the command of Lieutenant Colonel Archibald Campbell capture Savannah, Georgia without firing a shot.
Way to go Georgia, just roll over and take it. Bitches. - 1890 – United States soldiers kill more than 200 Oglala Lakota people with four Hotchkiss guns in the Wounded Knee Massacre.
120 years later we're still treating the natives like shit & using the treaties to wipe our national ass -- Progress, we no can has - 2003 – The last known speaker of Akkala Sami dies, rendering the language extinct.
Interesting tidbit in honor of all those linguistics courses I took.
Births
- 1800 – Charles Goodyear, American inventor (d. 1860)
A subtle reminder from the universe to check your tire inflation and wear pattern - 1921 – Robert C. Baker, Inventor of the chicken nugget (d. 2006)
Cue ironic chorus of "Nugget Man" - 1967 – Andy Wachowski, American director
I still won't forgive him for the Matrix sequels. Filthy humans ruinsed a good thing.
Deaths (Excluding the "event" death)
- 1731 – Brook Taylor, English mathematician (b. 1685)
- 1737 – Joseph Saurin, French mathematician (b. 1659)
- 1891 – Leopold Kronecker, German mathematician (b. 1823)
Holidays
Only 2 and nothing relevant: The 5th day of Christmas (but nobody cares aside from the song) and apparently St. Becket's day (patron saint of secular clergy, so I suppose that's appropriate with me being an ordained minister and all)
The Wheel: Let me reinvent it for you! (update-notifier redux)
OK, for the record: I DESPISE Linux. I Hate, Loathe, Abhor and Revile it. I am a BSD-Bigot and proud of it, and if all the BSDs suddenly evaporated I would eschew Linux in favor of a commercial Unix (probably AIX).
Why do I hate Linux so much? Simply put, it's shoddy code written by shoddy coders. In my experience shit mysteriously breaks for no reason, standards and conventions are arbitrarily ignored, critical components of the system are perpetually at version zero-dot-something, regression testing seems to be a myth, and the average Linux developer seems to make no effort to ensure their code will work on anything except their particular favorite distribution (to say nothing about porting it to <GASP> a BSD system, or <HORRORS> Commercial Unix).
This particular tirade was kicked off by the Ubuntu update-notifier program suddenly and mysteriously no longer popping up update notification balloons. As some of you know my company ships a Linux-based appliance (built around a very stripped-down Ubuntu plus our commercial packages), and one of the things that made me go with Ubuntu was that they had gotten the update-notifier thing working beautifully and it had been stable for several versions.
Lo and Behold about a month ago our support guys came to visit me and asked "Hey, is the update notifier bubble broken?" I looked upon it and saw that it indeed appeared to be non-functional, but as all good (lazy) admins are wont to do I demanded they test and verify the breakage.
The breakage came back to me verified earlier this week, and as I really couldn't be assed to figure out why the update-notifier is happy to display the "you must reboot!" dialog box but refuses to display the "Yo, bitch! You have updates!" notifier icon & bubble I took the easy way out and re-implemented update-notifier in Python.
Continue reading "The Wheel: Let me reinvent it for you! (update-notifier redux)"