Planet Sysadmin               

I am at the library in Minneapolis and I just ran across UNIX Text Processing which you can buy for less than a single USD. Buy that book and my work here is done.

At the SAAD-NYC event last night I explained how Google App Inventor lets you make apps for Android phones without knowing how to program. It was beta tested "mainly in schools with groups that included sixth graders, high school girls, nursing students and university undergraduates who are not computer science majors."

He said, "Why haven't you written about this amazing thing on your blog?"

I dunno! So here. I'm mentioning it now.

• The Google App Inventor Homepage
• NY Times: Google's Do-It-Yourself App Creation Software
• JK On The Run's Hands On article

(I think the NY Times article is the best overview.)

Happy, Jim?

Objective To perform online reconfiguration of hardware RAID in Linux system. Prologue I have an IBM x3650 M2 with 6 physical hard disks (slot 0-5, 146GB each) and all of the hard disks have been configured as RAID 1 (slot 0 & 1 as 1 set of RAID, slot 2 & 3 as 1 set [...]

A rather large and interesting putback for SMF/FMA related technologies went into Open Solaris yesterday. It will be available in build 146.

PSARC/2009/617 Software Events Notification Parameters CLI
PSARC/2009/618 snmp-notify: SNMP Notification Daemon for Software Events
PSARC/2009/619 smtp-notify: Email Notification Daemon for Software Events
PSARC/2010/225 fmd for non-global Solaris zones
PSARC/2010/226 Solaris Instance UUID
PSARC/2010/227 nvlist_nvflag(3NVPAIR)
PSARC/2010/228 libfmevent additions
PSARC/2010/257 sysevent_evc_setpropnvl and sysevent_evc_getpropnvl
PSARC/2010/265 FMRI and FMA Event Stabilty, 'ireport' category 1 event class, and the 'sw' FMRI scheme
PSARC/2010/278 FMA/SMF integration: instance state transitions
PSARC/2010/279 Modelling panics within FMA
PSARC/2010/290 logadm.conf upgrade
6392476 fmdump needs to pretty-print
6393375 userland ereport/ireport event generation interfaces
6445732 Add email notification agent for FMA and software events
6804168 RFE: Allow an efficient means to monitor SMF services status changes
6866661 scf_values_destroy(3SCF) will segfault if is passed NULL
6884709 Add snmp notification agent for FMA and software events
6884712 Add private interface to tap into libfmd_msg macro expansion capabilities
6897919 fmd to run in a non-global zone
6897937 fmd use of non-private doors is not safe
6900081 add a UUID to Solaris kernel image for use in crashdump identification
6914884 model panic events as a defect diagnosis in FMA
6944862 fmd_case_open_uuid, fmd_case_uuisresolved, fmd_nvl_create_defect
6944866 log legacy sysevents in fmd
6944867 enumerate svc scheme in topo
6944868 software-diagnosis and software-response fmd modules
6944870 model SMF maintenance state as a defect diagnosis in FMA
6944876 savecore runs in foreground for systems with zfs root and dedicated dump
6965796 Implement notification parameters for SMF state transitions and FMA events
6968287 SUN-FM-MIB.mib needs to be updated to reflect Oracle information
6972331 logadm.conf upgrade PSARC/2010/290

What is BAR?

From application author

BAR is backup archiver program. I developed this program after I could not find a simple to use archiver program to create compressed and encrypted archives of my files which can be stored on a cd or dvd. While I devoped the program - development is still not finished - I added some more useful features. Now I use the program to make automated backups from all my files either on dvd or directly via an Internet connection to a file server.

(...)
Read the rest of BAR - Backup application (241 words)

---

© admin for Ubuntu Geek, 2010. | Permalink | 2 comments | Add to del.icio.us
Post tags: bar Backup application ubuntu, desktop, install bar Backup application ubuntu

Related Articles

• Howto upgrade ubuntu 9.04 (Jaunty) to 9.10 (Karmic) Desktop/Server (3)
• Histwi — Powerful twitter tools (3)
• Open Movie Editor - a simple non-linear video editor (7)
• Ubuntu Tip : Easy way to enable font smoothing in Wine (10)
• How to install two microsoft fonts (office 2007) ‘APA’ or ‘Turabian’? (15)
• Upgrade Ubuntu 8.10 (Intrepid Ibex) to Ubuntu 9.04 (Jaunty Jackalope) Beta (46)
• Rename Them All - A simple and easy to use batch renaming utility (4)
• Performance tuning with System Control (sysctl) in Ubuntu (13)
• KDE Software Compilation 4.4.4 Released: Codename “cheers” (1)

It is trite to say that society is more than ever dependent on technology.

But consider this...

I work in New York City. Experts claim NYC has a 3-day food supply. That is, if all the bridges and tunnels were closed on Monday, 8 million people would be without food by Wednesday night. Scary, right?

The food that comes to NYC is brought by trucks that are scheduled using big IT systems that manage logistics. In fact, from the farm to the table, logistics and supply chain technology is required at the huge scale we do things now a days.

While NYC might be an extreme case, the same technology-dependent food system is probably what you rely on too.

This dependency is true for the delivery of nearly all services: healthcare, governance, media, security and defense.

If you want to make the world a better place, if you want to "save the world", wouldn't it be impactful to make all of those services run more efficiently? Scaled ahead of demand? Detected problems, routed around them automatically, and repaired them quickly?

That's what system administrators do.

We don't do it alone. System administration is a team sport. We are the pivot point between customers of technology and people. As "technician brokers we often find ourselves with "responsibility without authority"". Our work is highly collaborative even though the tools we use come from vendors that assume we work alone.

Our work is risky and stressful. I don't think non-sysadmins realize how risky and how stressful it is.

Today is System Administrator Appreciation Day. I feel a little weird celebrating a day that we created to ask for appreciation. Secretaries didn't invent Secretary's Day (thought I think Hallmark did). On the other hand, I do firmly believe that it is important for sysadmins to create their own positive visibility. When we do our job well we are invisible. When you have a job like that, you need to do your own PR.

And with a job as important as system administration, we should be doing that every day.

Tom Limoncelli

P.S. I'll be doing my Time Management training (and other classes too!) a lot in the next 6 months: August (Tasmania, SAGE-AU), November (Los Angles, MacTechConf), November (San Jose, Usenix LISA), January (San Francisco, TBD). I hope to be at the Sept meeting of my local sysadmin users group LOPSA-NJ.

aallan posted a photo:

aallan posted a photo:

aallan posted a photo:

aallan posted a photo:

aallan posted a photo:

I'm currently on my way to the Googleplex for this year's Science Foo Camp (SciFoo). Based on the original O'Reilly Foo Camp unconference model, there's no agenda until the first evening when the attendees collectively create one, SciFoo is a gathering of "leading scientists, technologists, writers and other thought-leaders" for a weekend of discussion, demonstration and debate.


From SciFoo 2009 - Charlotte Stoddart
I'm absolutely amazed and delighted to be here for SciFoo amougst some great people, it's going to be an amazing weekend...

Vulnerability ID: HTB22494 Reference: Product: Campsite Vendor: Sourcefabric o.p.s ( ) Vulnerable Version: 3.3.6 and Probably Prior Versions Vendor Notification: 16 July 2010 Vulnerability Type: XSS (Cross Site Scripting) Status: Fixed by Vendor Risk level: Medium Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing Vulnerability Details: User can execute arbitrary JavaScrip

Vulnerability ID: HTB22495 Reference: Product: Campsite Vendor: Sourcefabric o.p.s ( ) Vulnerable Version: 3.3.6 and Probably Prior Versions Vendor Notification: 16 July 2010 Vulnerability Type: XSS (Cross Site Scripting) Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response Risk level: Medium Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing Vulnerability Details:

The blue underlines are items that are on our front page, the gold underlines are items that are linked directly from the front page. I happen to know you can get to some of the other items directly from the front page, but they're not labeled in any way that you'd ever expect to get there from the top. I marked those in psychic white.

University front pages are a mismash of competing goals.

• Current students looking for information
• Marketing: attracting new students
• Marketing: keeping Alumni engaged and giving
• Marketing: attracting community interest in campus events

This is why we have a large, hard to miss link on the right side of the page for logging in to MyWestern. That's our portal where more of the right-side venn-diagram stuff can be found.

Hash: SHA1 ESA-2010-012: EMC Disk Library (EDL) Denial Of Service Vulnerability CVE Identifier: CVE-2010-2633=20 EMC Identifier: ESA-2010-012=20 Severity Rating: CVSS v2 Base Score: 7.1 Affected Software:=20 EMC SW: EMC Disk Library (EDL) earlier than 3.2.7=20 EMC SW: EMC Disk Library (EDL) 3.3.x=20 EMC SW: EMC Disk Library (EDL) 4.0.x=20 Vulnerability Summary:=20 A vulnerability exists i

Its that time of the year again. Happy SysAdmin Day everyone.

If today is dragging, might want to refresh your memory of the great OddTodd... always a pick-me-up.

1. I don’t care about what you’re doing.
2. You don’t care about what I’m doing.
3. I don’t want to use anything that has the word “twit” in it.
4. I was scared to use anything that Britney Spears is known to use.
5. I don’t like being stalked and murdered (See 10 reasons why I don’t like FaceBook)
6. I don’t want to accidentally geo tag my posts and have everyone know that I shop at ALDI.
7. The concept of random people following me, listening to what I’m saying and not speaking to me directly is something that I’ve been trained by my culture to consider as a precursor to a violent attack and thus avoid.
8. My attention span is already microscopic enough and I don’t want to throw mental alum on it by consistently thinking in 140 characters. kthxbai.
9. I don’t need to start using yet another web based service that has availability issues. Google and EC2 are about all I can handle, thankyouverymuch.
10. Tweets are like IMs that are public and never go away. Ever. Think about that for a few minutes. Yeah, it scared me really bad too.

Do you tweet? Post your Twitter name below. Do you not have a Twitter account? What are your reasons for avoiding it?

At both this job and my last one I have ended up becoming the WTF person. The WTF person is the person people go to when things are acting strangely, they can't figure it out, and need another set of eyes. Preferably a set of eyes with a reputation for pulling rabbits out of hats.

WTF people are the kind of people that end up on level 2 or 3 tech support, because that's who you want to have at that level. People who solve weird stuff.

At a place like ours where the support relationships are largely informal, at least among people who dink around with servers, the concept of L2 or L3 support doesn't really exist. It manifests as phone-calls or emails from people with strange questions, looking for leads in their own inquiries. Or in the case of my immediate co-workers, a head poked around the door, and, "I'm lost, can you take a look?"

As I alluded to before, becoming the WTF person takes time. You have to make some awesome saves so people notice, and then continue to crack weird, hard to describe problems. It helps a lot to have a deep understanding of the technology you work with. I suspect being ebullient about how you found the problem and describing the problem once it was resolved helps in this.

Once you get there, though, you do get passed some strange, strange things. I've been asked advice on figuring out how something broke in that specific way when the symptoms described... have no causal relationship I can think of. I also get passed weird questions in areas I don't know much about (MS Office for one), but at least those can be deflected.

Honest to goodness bugs are perhaps the hardest to figure out. These are problems that take a few conditions to set up, and it isn't always clear that those conditions are in place. This skill got a lot of work back when I was working on the OES2 SP1 beta. On software that's already been through a beta-test and perhaps a service-pack or two, the bug conditions can be very arcane.

One-man IT shops tend to attract WTF people, simply due to the breadth and complexity of the environment. People who thrive in such environments definitely are. They do a little bit of everything, which sets them up to make connections that other people miss.

At the other end of the IT spectrum, highly specialized IT people in large organizations, you still find WTF people. They're perhaps not as common, but they do exist. And strange but awesome synchronicities can occur if WTF people from different specialties start hammering on a problem together. This kind of thing sometimes happens when I talk to L2/3 vendor-support.

I'm proud to see this happen, even if in the moment I'm also going WTF?? in my head.

This is part of a regular series of Google Apps updates that we post every couple of weeks. Look for the label “Google Apps highlights" and subscribe to the series. - Ed.

Over the last couple of weeks, we introduced several new capabilities in Google Docs for documents and drawings, and added the ability for organizations to tailor Google Apps to meet the needs of different groups within their organizations. We also launched a new version of Google Apps to meet the security and policy needs of government agencies in the U.S.

Document translation and undo smartquotes in Google Docs
On Tuesday we introduced automatic document translation to the new document editor in Google Docs. This allows you to instantly convert your document into any one of the 53 languages, powered by the technology behind Google Translate. And while we were at it, we added the ability for you to change smartquotes—angled quotation marks—back to straight quotation marks by pressing Ctrl-Z (Cmd-Z on a Mac).


Zoom and more in drawings
Last Monday, we also made improvements to the drawing editor in Google Docs, too. You can zoom in several different ways now: with the toolbar zoom icon, by drawing a rectangle around the area to zoom, zoom options in the “View” menu and with zoom keyboard shortcuts. We also introduced several changes to the shape-drawing tools, including pie and arc drawing improvements, the ability to duplicate shapes while resizing and rotating, new line ending decoration controls and new style options for the corners of shapes.




User policy management
One of the top requests from businesses, organizations and schools using Google Apps has been the ability to enable different applications for different groups within the organization. For example, a K-12 school may choose not to give Chat to students, but still allow faculty and staff to instant message with each other. Last Tuesday we launched user policy management, which lets administrators divide their users in to organizational units, and give each group access to different sets of services.


Google Apps for Government now available
On Monday we announced Google Apps for Government, a new version of Google Apps specifically tailored to the policy and security needs of federal, state and local governments in the United States. In addition to the applications and administrative controls available in the business edition of Google Apps, the service for government agencies has received Federal Information Security Management Act (FISMA) certification and accreditation from the U.S. General Services Administration, the first such certification for any cloud computing messaging and collaboration suite.

Who’s gone Google?
To go along with the launch of Google Apps for Government, we’re excited to share stories from two government organizations who are now using Google Apps. The U.S. Navy InRelief program is using Google Apps to improve coordination in disaster relief efforts, and the Berkeley Lab, a member of the National Laboratory system supported by the U.S. Department of Energy, is using Google Docs and Sites to support better collaboration among scientists and researchers.



We’re also thrilled to welcome another new crop of schools to Google Apps. Haverford College, Wayne County Community College District and Westwood College are all going Google!

I hope you're making the most of these new features, whether you're using Google Apps with friends, family, coworkers or classmates. For more details and updates from the Apps team, head on over to the Google Apps Blog.

Posted by Jeremy Milo, Google Apps Marketing Manager

Today the iPhone 4 launched in Canada. I decided to stop by the Vancouver Apple Store in Pacific Centre to check out the action.

People were lined up outside Pacific Centre, down Granville Street almost to Denman. Apple Store employees were generally milling about. One was handing out iPhone 4 cupcakes!

Inside Pacific Centre the line to the Apple Store was just as long. People had started lining up at 1 in the morning for this!

When I got to the front of the line the store was already open, before the mall’s normal opening of 10am. People were being let in one at a time to buy their new shiny toys. The benches at the front were set up with the new iPhones, and the banners and advertising was already up.

After spending 20 minutes hanging about, I got bored and checked out. I didn’t get a cupcake.

If you’re reading this, you’re probably an IT administrator of some sort (or want to be one). So thank you. Thank you for making your own part of the internet go. Sure, I’m an administrator, but I also use the internet, and without people like yourself, I wouldn’t be able to write this page, or make a telephone call, or talk to people on IM or twitter, or do any one of a countless number of things that I take for granted every day.

Thank you to all of the system, network, telephony, storage, application, and general IT administrators out there who make our modern life possible.

Hello Bugtraq! I want to inform readers of the list about new project - Day of bugs in WordPress 2 - which I'll conduct at 30.07.2010, which I already announced today at my site. After conducting of Month of Search Engines Bugs in June 2007 and Month of Bugs in Captchas in November 2007, I switched to smaller and less time-consuming, but still very interesting projects, which I called "Day of

Akamai Download Manager arbitrary file download & execution Yorick Koster, April 2009 Abstract Akamai's Download Manager allows attackers to download arbitrary files onto a user's desktop. Using a so-called "blended threat" attack it is possible to execute arbitrary code. This attack affects the ActiveX control as well as the Java applet. Tested version This issue was tested on Akamai Down

Insomnia Security Vulnerability Advisory: ISVA-100730.1 Name: EasyManage CMS Multiple SQL injection Vulnerabilities Released: 30 July 2010 Vendor Link: Affected Products: Easy Manage CMS Original Advisory: Researcher: James Burton, Insomnia Security _______________ Description _______________ EasyManage Content Management System is a modular

Tribalism is when one group of people start to think people from another group are “wrong by default”. It’s the great-granddaddy of racism and sexism. And the most dangerous kind of tribalism is completely invisible: it has nothing to do with someone’s “birth tribe” and everything to do with their affiliations: where they work, which sports team they support, which linux distribution they love.

There are a couple of hallmarks of tribal argument:

1. “The other guys have never done anything useful”. Well, let’s think about that. All of us wake up every day, with very similar ambitions and goals. I’ve travelled the world and I’ve never met a single company, or country, or church, where *everybody* there did *nothing* useful. So if you see someone saying “Microsoft is totally evil”, that’s a big red flag for tribal thinking. It’s just like someone saying “All black people are [name your prejudice]“. It’s offensive nonsense, and you would be advised to distance yourself from it, even if it feels like it would be fun to wave that pitchfork for a while.

2. “Evidence contrary to my views doesn’t count.” So, for example, when a woman makes it to the top of her game, “it’s because she slept her way there”. Offensive nonsense. And similarly, when you see someone saying “Canonical didn’t actually sponsor that work by that Canonical employee, that was done in their spare time”, you should realize that’s likely to be offensive nonsense too.

Let’s be clear: tribalism makes you stupid. Just like it would be stupid not to hire someone super-smart and qualified because they’re purple, or because they are female, it would be stupid to refuse to hear and credit someone with great work just because they happen to be associated with another tribe.

The very uncool thing about being a fanboy (or fangirl) of a project is that you’re openly declaring both a tribal affiliation and a willingness to reject the work of others just because they belong to a different tribe.

One of the key values we hold in the Ubuntu project is that we expect everyone associated with Ubuntu to treat people with respect. It’s part of our code of conduct – it’s probably the reason we *pioneered* the use of codes of conduct in open source. I and others who founded Ubuntu have seen how easily open source projects descend into nasty, horrible and unproductive flamewars when you don’t exercise strong leadership away from tribal thinking.

Now, bad things happen everywhere. They happen in Ubuntu – and because we have a huge community, they are perhaps more likely to happen there than anywhere else. If we want to avoid human nature’s worst consequences, we have to work actively against them. That’s why we have strong leadership structures, which hopefully put people who are proven NOT to be tribal in nature into positions of responsibility. It takes hard work and commitment, but I’m grateful for the incredible efforts of all the moderators and council members and leaders in LoCo teams across this huge and wonderful project, for the leadership they exercise in keeping us focused on doing really good work.

It’s hard, but sometimes we have to critique people who are associated with Ubuntu, because they have been tribal. Hell, sometimes I and others have to critique ME for small-minded and tribal thinking. When someone who calls herself “an Ubuntu fan” stands up and slates the work of another distro we quietly reach out to that person and point out that it’s not the Ubuntu way of doing things. We don’t spot them all, but it’s a consistent practice within the Ubuntu leadership team: our values are more important than winning or losing any given debate.

Do not be drawn into a tribal argument on Ubuntu’s behalf

Right now, for a number of reasons, there is a fever pitch of tribalism in plain sight in the free software world. It’s sad. It’s not constructive. It’s ultimately going to be embarrassing for the people involved, because the Internet doesn’t forget. It’s certainly not helping us lift free software to the forefront of public expectations of what software can be.

I would like to say this to everyone who feels associated with Ubuntu: hold fast to what you know to be true. You know your values. You know how hard you work. You know what an incredible difference your work has made. You know that you do it for a complex mix of love and money, some more the former, others the more latter, but fundamentally you are all part of Ubuntu because you think it’s the most profound and best way to spend your time. Be proud of that.

There is no need to get into a playground squabble about your values, your ethics, your capabilities or your contribution. If you can do better, figure out how to do that, but do it because you are inspired by what makes Ubuntu wonderful: free software, delivered freely, in a way that demonstrates real care for the end user. Don’t do it because you feel intimidated or threatened or belittled.

The Gregs are entitled to their opinions, and folks like Jono and Dylan have set an excellent example in how to rebut and move beyond them.

I’ve been lucky to be part of many amazing things in life. Ubuntu is, far and away, the best of them. We can be proud of the way we are providing leadership: on how communities can be a central part of open source companies, on how communities can be organised and conduct themselves, on how the economics of free software can benefit more than just the winning distribution, on how a properly designed user experience combined with free software can beat the best proprietary interfaces any day. But remember: we do all of those things because we believe in them, not because we want to prove anybody else wrong.

It’s Sysadmin Appreciation Day, so here is my personal list of the most interesting and influential sysadmins and devops folk that I know (in alphabetical order, not order of merit). If you are on Twitter, you need to be following these people, and all of them are also excellent bloggers as well as awesome sysops / devministrators / tech gods.

1. James Turnbull (@kartar)

James is Director of Operations at Puppet Labs and the author of the excellent Pulling Strings With Puppet book, among others. His Twitter feed has lots of useful news and info about Puppet.

2. John Allspaw (@allspaw)

John is VP of Technical Operations at Etsy and former ops supremo at Flickr. His Kitchen Soap blog is a must-read for those interested in web operations.

3. Kris Buytaert (@KrisBuytaert)

Kris is a Linux and open source expert, currently Senior Consultant at Inuits. His blog, Everything is a Freaking DNS problem, is required reading for devops and sysadmins.

4. Lindsay Holmwood (@auxesis)

Lindsay is the author of Cucumber-Nagios and the Flapjack monitoring system. Currently Senior Engineer at Bulletproof Networks, Lindsay is frequently to be seen at conferences, speaking on deployment, configuration management, testing, and automation.

5. Matt Simmons (@standaloneSA)

Matt is the author of the respected Standalone Sysadmin blog and a frequent Twitterer, organiser of the SysAdmin Day Meetup in NYC, and full of valuable tips and information.

6. Matthias Marschall (@mmarschall)

Matthias is tech lead for helpster and co-editor of the must-read Agile Web Operations blog. He writes frequently on devops, kanban, and Agile techniques, and describes himself as “passionate about simplicity and agility in web development”.

7. Patrick Debois (@patrickdebois)

Patrick is the founder of the DevOpsDays conference and a hard-working consultant, developer, network specialist, system administrator, tester and project manager. His blog, Just Enough Developed Infrastructure, is full of interesting and thoughtful articles on the devops movement and how operations fits into the bigger picture.

8. RI Pienaar (@ripienaar)

RI is a sysadmin, Ruby developer and Puppet expert; the author of MCollective, a popular server management framework, he is also co-founder of the London DevOps group, a frequent speaker on sysadmin topics, and reliably ever-present on the #puppet IRC channel.

9. Stephen Nelson-Smith (@LordCope)

Stephen is an experienced tech leader and consultant, founder of Atalanta Systems and author of the excellent Agile Sysadmin blog, which regularly features useful articles on open source software and agile operations.

10. Tom Limoncelli (@yesthattom)

Tom is co-author of The Practice of System and Network Administration, an invaluable book which is, or should be, on all good sysadmins’ desks, along with his Time Management for System Administrators. His blog at EverythingSysadmin is likewise essential reading.

Image by Robot Comics

Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its

On each last Friday of July the annual System Administrator Appreciation Day is taking place.

Matt Simmons organized a SysAdmin Day Meetup to celebrate this event in New York. If you’re in New York on 30th of July consider registering yourself (it’s free and takes just a few seconds).

If you are participant of the Debian Conference in New York and are already hacking at the DebCamp you might want to join our group of Debian people who plan to show up, currently consisting of Paul Wise, Lars Wirzenius, Thomas Lange and myself. If you plan to join please ping me so we can show up at the SysAdmin Day Meetup together.

Hash: SHA1 - Debian Security Advisory DSA-2077-1 security@debian.org Florian Weimer July 29, 2010 - Package : openldap Vulnerability : several Problem type : remote Debian-specific: no CVE Id(s) : CVE-2010-0211 CVE-2010-0212 Two remote vulnerabilities have been discovered in OpenLDAP. The Common Vulnerabilit

Matt at the Standalone-Sysadmin Blog announced that Etsy has offered to buy the first $x of beer at the NYC Sysadmin Appreciation Day event on Friday (tomorrow). "x" is a lot. We need your help to drink it all.

At last year's event a number of people told me they wished they had brought copies of my books so they could get autographs. I'll be bringing a pen this year to help facilitate this. Please get to me before too much beer

More info about the event in NYC here: http://www.standalone-sysadmin.com

New announcement about Solaris support on non-Oracle servers:

• Oracle today announced Dell and HP will certify and resell Oracle Solaris, Oracle Enterprise Linux and Oracle VM on their respective x86 platforms.

This is a reminder that the Call for Papers for Asia's largest network security event, HITBSecConf2010 - Malaysia is closing on the 9th of August!= This will be a QUAD TRACK conference featuring 2 dedicated tracks focusing on cutting edge attack and defense techniques, a track with dedicated hands-on lab sessions and a brand new lightning talk segment! HITB CFP: =3D=3D=3D Venue: Crowne Plaza

SIGGGRAPH 2010

Trip Report of Cool Things Aleksey Saw in the Exhibition Hall

(Coolest stuff at the top.)

- FusionIO had the coolest demo!! 1500 DVD-quality videos streaming
from a single Fusion IO (RAM-based) 640 GB drive displayed onto a large
virtual screen (composed of 16 - that's 4x4 large displayes). all 1500
videos were displayed simultaneiously in tiny little rectangles.

- Digital Double Agency - a French company (www.adnda.com) used to capture
your face (three sessions of 4 hours each) and a wide variety of facial expression; and capture your voice; and then the double can talk and interact -- so you can capture a celebrity's likeness and have the digital double act in movies; or so you can have an avatar online.

Last night, I got an email out of the blue. It was from Chris Munns, sysadmin at Etsy, the home to a huge online community of people who make and sell things. The email basically asked if there was any way that Etsy could help sponsor the SysAdmin Appreciation Day event! Excellent.

The only question in my mind was, what kind of sponsorship would our event need? In the end, it winds up being a bunch of system administrators sitting around drinking, swapping war stories. I told them as much, and Chris responded:

Hey Matt,
Chad Dickerson who is the CTO here at Etsy was actually the one who wanted to us to help sponsor/participate. We were wondering if maybe we could just throw some money in for drinks on behalf of Etsy?

- Chris

Pick up some of the bar tab? Well, ok!

After some more discussion, we’ve got it settled down, and I am happy to say that Etsy is contributing a very significant amount towards our bar tab tomorrow. I’m not going to say how much just yet, because I haven’t worked out how it’s going to be handled, but I’ll be surprised if anyone ends up paying for a drink themselves.

A huge(!) thank you to Etsy! And if you’re wondering why a site largely dedicated to crafting cares this much about the community of System Administrators, you should read their blog, Code As Craft. They believe strongly in Dev/Ops cooperation, and they spend a lot of time on that blog discussing their infrastructure. If you’re interested in Hadoop installations and continuous deployments, I recommend you check it out.

If you were holding back because you didn’t want to spend the dough on drinks, then don’t be afraid any longer. Check out the event page, then register!

The Bash shell is the default shell environment in most Linux distributions, including all flavours of Debian. One default feature of the Bash shell is to record a history of all the commands entered by a user in a log file called .bash_history, found in the user’s home directory.
(...)
Read the rest of How to View bash shell history and Change bash history file size in Ubuntu (143 words)

---

© admin for Ubuntu Geek, 2010. | Permalink | 2 comments | Add to del.icio.us
Post tags: Change bash history file size in Ubuntu, desktop, how to View bash shell history ubuntu, View bash shell history ubuntu

Related Articles

• xdg-open — opens a file or URL in the user’s preferred application (6)
• DeaDBeeF - Ultimate Music Player For GNU/Linux (7)
• Appnr - Web-based tool and a service that install applications on Ubuntu (6)
• MultiVNC - Multicast-enabled VNC viewer (4)
• MyPaint - A fast and easy graphics application for digital painters (3)
• Quickly change volume in Ubuntu 10.04 (Lucid Lynx) (5)
• How to add Ubuntu 8.04 to win server 2003 Active Directory Domain (14)
• Switch to a lightweight filemanager (Thunar) (14)
• Gnomenu 2.8 released and ubuntu installation instructions included (3)

* No cON Name 2010 Congress Call For Papers * Congress http://noconname.org October: 20,21 Trainings http://noconname.org October: 18,19 ** What is No cON Name ** This congress is aimed at system and network administrators, programmers, experts and/or security auditors, and also independent self-taught computer security experts. All of them with the sa

People have started to notice that Rails is adding a snowman to their URLs.  There even is now a website devoted to this.

These types of social implications of technical decisions fascinate me.  Here’s some further background that I have pieced together.  I may have some details wrong, corrections welcome.

For starters, Rails by default standardizes on utf-8 for web pages.  As with pretty much everything in Rails, you can change the default, but virtually nobody does.  Utf-8 is a good choice here, and certainly is better than iso-8859-1 or win-1252.

Rails provides the encoding information on the Content-Type header, and on the accept-charset attribute.  Under normal circumstances, this will cause all responses to be encoded as utf-8, across all commonly used browsers.  Yes, including IE.

Most pages in Rails are produced using templates, and generally these templates are not the problem.  Data in those templates typically come from databases, and sometimes data can get into databases that isn’t 100% pure and clean.  In particular, sometimes this data may have encoding errors.  Such errors can easily become visible when that data is displayed in a form.

Browser recovery strategies vary on encoding errors, but often involve displaying a diamond with a question mark in it.

User behavior varies in the presence of such errors, but a common reaction is to switch the encoding.

The trouble starts when the user then proceeds to submit the form.  The net result, with some browsers, is that the data is sent respecting the user’s choice.  In other cases, browsers send the data using the application’s choice.

How Rails will react to encoding other than utf-8 being used depends on the version of Rails, the version of Ruby and a number of other factors.  In some cases, the result is an HTTP 400 response code (Bad Request).  In others, a 500 (Server Error).  In others, a 404 (Not found).  In others, even more misencoded data will make it all the way to the database.

As I said, sometimes the browser will chose to respect the user’s choice.  This is generally only done if it is possible to do so.  As not every character can be encoded using Western ISO Latin1, including such a character in a hidden field has been found to be an effective strategy of forcing the browser’s hand.

Enter the snowman.

In most cases, this is simply invisible metadata that solves a real problem that is otherwise hard to describe and debug.

Unfortunately, it isn’t always so invisible.  Try a query on this page and observe the resulting URI.  This page opted to use HTTP GET in order to make the URI meaningful.  Unfortunately the URIs with the latest version of Rails now have a bit of exposed cruft.

The fact that people care about such things to complain indicates that socialization of the concept of that URIs are to be meaningful is working.  The unfair perception that this is (yet another) workaround for IE has also entered into the debate.

This is a very real problem.  One without clean and comprehensive solutions.  The Rails team is aware of the _charset_ hidden value, but that opens up a different set of problems.

Solutions being discussed to date include renaming the form field, choosing a different character, moving the field to the end of the query, and providing a mechanism to opt out.

Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:142 Package : openldap Date : July 28, 2010 Affected: 2008.0, 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in openldap: The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22

Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02288473 Version: 2 HPSBUX02556 SSRT100014 rev.2 - HP-UX Running rpc.ttdbserver, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2010-07-13 Last Updated: 2010-07-28 Potential Security Impact: Remote execution of arbitrary code Sourc

Check out http://www.dealsnear.me a brand new site to find, post and follow local deals in your area. Visit the site, select your market, and find local offers, all for free.

I don't have the time or expertise to write such a book, so I'm giving this idea away in hopes that someone else writes it.

I incredibly impressed by the now classic paper "Distributed Computing Economics" by Jim Gray). (Sadly Dr. Gray passed away much too soon in an accident.)

If you haven't read it, here it is in HTML, or PDF and MS-Word. It is brilliant. It summarizes everything you need to know if you want to predict the next 30 years of "cloud computing."

So here's the book idea: Write a book that expands each paragraph into a chapter. Either write it for college students that are early in their computer science education, or for business executives that are non-technical. Either way, you have an excellent book.

Ok, who's going to write it?

• Story Mapper by Carbon Five
  Nice tool to use alongside Pivotal Tracker for release planning.
  (categories: agile tools )

• ongoing by Tim Bray · How To Sell Apps?
  Some interesting notes on what makes a good app store.
  (categories: appstore ecommerce platform plugins )

Linux from Scratch describes the process of creating your own Linux system from scratch from an already installed Linux distribution, using nothing but the source code of software that you need.

(...)
Read the rest of Create your own Linux from Scratch (Download free PDF Guide) (107 words)

---

© admin for Ubuntu Geek, 2010. | Permalink | No comment | Add to del.icio.us
Post tags: Create your own Linux from Scratch, News

Related Articles

• Canonical’s opportunity to simplify Ubuntu (0)
• Ubuntu-sponsored FOSScamp builds community (0)
• Ubuntu App Centre – Replacing Add/Remove, Synaptic, Gdebi, Update Manage (20)
• Run Your Own Web Server Using Linux & Apache (PDF Guide Download) (0)
• Google Chrome(Beta) Released For Linux and Ubuntu Installation instructions (20)
• Awesome Ubuntu Software Center Updates in Lucid (9)
• Shuttleworth Stepping Down as Canonical Head, Silber New CEO in 2010 (2)
• Ubuntu 10.04 Code Named Lucid Lynx (6)
• 30 reasons why Ubuntu is here to stay (41)

A Debian "package", or a Debian archive file, contains the executable files, libraries, and documentation associated with a particular suite of program or set of related programs. .deb package are just the tar archives but with a proper structural format of  files. You can see and extract any deb package with archive manager tool. From the dpkg-deb man page: “dpkg-deb packs, unpacks and provides

Hello Bugtraq! I want to warn you about security vulnerabilities in Cetera eCommerce. Advisory: New vulnerabilities in Cetera eCommerce URL: Affected products: Cetera eCommerce 14.0 and previous versions. Timeline: 31.10.2009 - found vulnerabilities. 31.10.2009 - informed developers about persistent XSS in their engine by placing special code (designed to draw attention) directly at their

Hello Bugtraq! I want to warn you about security vulnerabilities in Cetera eCommerce. Which I disclosed already in December 2009 (SecurityVulns ID: 10489). Advisory: Vulnerabilities in Cetera eCommerce URL: Affected products: Cetera eCommerce 14.0 and previous versions. Timeline: 01.03.2009 - found vulnerabilities. 30.10.2009 - announced at my site. 31.10.2009 - informed developers. 23.12

Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02282361 Version: 2 HPSBMA02549 SSRT090158 rev.2 - HP Insight Control Power Management for Windows, Local Unauthorized Read Access to Data NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2010-07-12 Last Updated: 2010-07-27 Potential Security Impact: Local unauthorized

Jira - Multiple Low Risk Vulnerabilities Versions Affected: 4.0.1 (other versions were not checked.) Info: JIRA provides issue tracking and project tracking for software development teams to improve code quality and the speed of development. (and so forth.) External Links: Credits: MaXe (no previous vulnerability information about these bugs were found.) -:: The Advisory ::- Jira is prone

Secunia Research 28/07/2010 - Autonomy KeyView wkssr.dll Record Parsing Buffer Overflows - Table of Contents Affected Vendor's Description of Description of Time About 1) Affected Software * Autonomy KeyView 10.4 and 10.9 NOTE: Other versions may also be affected. 2) Severity Rating: Highly critical Impact: System compromise Where: Remote 3)

Secunia Research 28/07/2010 - Autonomy KeyView wkssr.dll String Indexing Vulnerability - Table of Contents Affected Vendor's Description of Description of Time About 1) Affected Software * Autonomy KeyView 10.4 and 10.9 NOTE: Other versions may also be affected. 2) Severity Rating: Highly critical Impact: System compromise Where: Remote 3) V

Secunia Research 28/07/2010 - Autonomy KeyView wkssr.dll Integer Underflow Vulnerability - Table of Contents Affected Vendor's Description of Description of Time About 1) Affected Software * Autonomy KeyView 10.4 and 10.9 NOTE: Other versions may also be affected. 2) Severity Rating: Moderately critical Impact: Denial of Service System c

Secunia Research 28/07/2010 - Autonomy KeyView wosr.dll Data Block Parsing Buffer Overflow - Table of Contents Affected Vendor's Description of Description of Time About 1) Affected Software * Autonomy KeyView 10.4 and 10.9 NOTE: Other versions may also be affected. 2) Severity Rating: Highly critical Impact: System access Where: From r

Secunia Research 28/07/2010 - Autonomy KeyView rtfsr.dll RTF Parsing Signedness Error - Table of Contents Affected Vendor's Description of Description of Time About 1) Affected Software * Autonomy KeyView 10.4 and 10.9 NOTE: Other versions may also be affected. 2) Severity Rating: Highly critical Impact: System access Where: From remote 3

Secunia Research 28/07/2010 - Autonomy KeyView wkssr.dll - - Floating Point Conversion Buffer Overflow - Table of Contents Affected Vendor's Description of Description of Time About 1) Affected Software * Autonomy KeyView 10.4 and 10.9 NOTE: Other versions may also be affected. 2) Severity Rating: Highly critical Im

Secunia Research 28/07/2010 - Autonomy KeyView Compound File Parsing Buffer Overflow - Table of Contents Affected Vendor's Description of Description of Time About 1) Affected Software * Autonomy KeyView 10.4 and 10.9 NOTE: Other versions may also be affected. 2) Severity Rating: Highly critical Impact: System compromise Where: Remote 3) V

Thanks for spotting this. I overlooked this in my haste to release. I have fixed the issue now and the flawed version is not longer available for download.

We are sysadmins. We love numbers. They mean a lot to us. They are specific and clean.

We also like a lot of details. When someone asks what operating system we use, we rattle off all fifty we can think of. That includes the embedded OS we know is buried deep in our toaster. Why? Because when we discovered it has a serial port, we plugged in and watched the bootup messages. That's why.

However, when writing and speaking the number of things we list means something to the reader/listener more than the number. Controlling the number of items in the list is more important than being complete.

Lists of length 1, 2 3 and "4 or more" have particular meaning.

A list with one element means "Hey! Look at this! Remember it!". If you ask me what operating system I use at work, the complete answer is a list a mile long. If I want you to remember that I am a Linux sysadmin, you won't remember that if I list "Linux, Mac OS X, Windows, IOS, JunOS, Android and ChromiumOS". The word Linux gets lost in the noise, even if it is the first item of the list. If I simply say, "I administer Linux machines" then that is what people will remember. If you want someone to remember what you said reduce the list down to one item.

A list with two elements implies comparison. "I am knowledgeable about Windows and Linux." invites comparison. It implies that these are different things and emphasizes that I have two very different skill sets: the ability to run Windows, and the ability to run Linux. A reader unfamiliar with computers will understand that these are two different things and might ask questions that relate to how they compare. It is actually jarring to list two items that you don't want the user to compare in their minds. In fact, the more similar they are, the more someone will think about the differences. "I run Ubuntu 9.1 and 9.2" makes people wonder what is so different about them that I list them both. Think about how these phrases invite comparison: "At home and at work", "night and day", "HTML5 and Flash", "Ubunto 9.x and 10.x", "apples and oranges". If your point isn't to emphasize differences (good or bad) make sure your list doesn't contain two items. If you want to emphasize differences, make sure your list has exactly two items.

A list with three elements implies (a) that you expect the reader/listener to hold all three in their head while I discuss them, (b) that you will discuss them in that order, (c) that the order matters. A three-item list is short enough that the reader can hold them all in their brain for the duration of the discussion. You haven't made the statement so complex as to have overloaded them. When you "drill down" on the items in the list, cover each item in the same order as the original list. This parallel format helps the reader/listener understand the flow. Lastly, order the items with great care. Often we put the most important item first but I find that people most remember the last item the most, so put it last. If I want you to "reboot the machine, make sure it comes back up, and come to my desk when you are done" I am emphasizing the need for you to come back to me. When writing an article or giving a presentation the last item often gets the most discussion. If you have one complicated and two short topics, end with the complicated item. This lets you cover the first two briefly and then focus on the third item for the remainder of your time.

A list with four or more elements implies that the point isn't the contents of the list, but that the list is very long. I might tell you that I use a lot of operating systems: MacOS, Ubuntu, Redhat, Windows, Android, JunOS and IOS. The point I am making is that the list is very long. The contents of the list is not so important. The reader/listener walks away remembering "Tom knows a lot of operating systems". If this is not what you intend, reduce the list to be shorter than 4 items. You may have to summarize ("Tom knows Linux, Windows, and some lesser-known operating systems.") If you don't want someone to focus on the details of the list, make sure there are 4 or more items on it.

We are sysadmins. Numbers are important to us. However, it is important to remember that the number of items in a list tells people a lot more than just what is on the list:

1. Remember me.
2. Comparison
3. Things to keep in your head
4. The quantity is more important that the details.

Hash: SHA1 - Debian Security Advisory DSA-2075-1 security@debian.org Moritz Muehlenhoff July 27, 2010 - Package : xulrunner Vulnerability : several Problem type : remote Debian-specific: no CVE Id(s) : CVE-2010-0182 CVE-2010-0654 CVE-2010-1205 CVE-2010-1208 CVE-2010-1211 CVE-2010-1214 CVE-2010-2751 CVE-2010-2753 C

(Cross-posted from the Lat Long Blog)

What do Alex Trebek, teachers and Googlers have in common? Last week, these individuals and groups all came together at the Googleplex in Mountain View, CA to celebrate exploration and learning.

Google hosted its first Geo Teachers Institute, an intensive two-day workshop in which 150 educators received hands-on training and experience with Google Maps, Google SketchUp and Google Earth, including features like Mars, Moon and SkyMaps. Attendees from around the globe not only learned how these products work, but also discovered tips and resources for introducing these tools to students and using them to conceptualize, visualize, share and communicate about the world around them. Through this event, teachers were hopefully inspired to bring the world's geographic information to students in compelling, fresh and fun ways.



As part of our continued effort to collaborate with teachers and help students get a better sense of places across the globe, we also announced that Google Earth Pro is now available to educators for free through the Google Earth for Educators site. Educators from higher educational and academic institutions who demonstrate a need for the Pro features in their classrooms can now apply for single licenses for themselves or site licenses for their computer labs. A similar program exists for SketchUp Pro through the Google SketchUp Pro Statewide License Grant, which is currently being provided via grants to 11 states, and available to all others at the K-12 level at no cost.

In conjunction with these exciting Geo-related events and announcements, the Geo Education team also thought it’d be timely and fun to test Googlers’ geographic knowledge by hosting the company’s first ever Google Geo Bee. With help from National Geographic, 68 teams relived their school years and took a written geography exam, competing for a spot on stage with Alex Trebek, who hosted the main event. The competition was based on the group version of the National Geographic Bee for students, which Google has sponsored for the past two years. Questions included those like “Which country contains most of the Balkan Mountains, which mark the boundary between the historical regions of Thrace and Moesia?” and “Ben Nevis, the highest peak in the United Kingdom, is located in which mountain chain?”



The final three Google teams (the Tea-Drinking Imperialists, the Geoids and the Titans) all showed off their geographic literacy and answered a plethora of diverse and complex questions. In the end, it was the Tea-Drinkers who emerged the winners when they figured out that Mecca was the answer to the clue, “Due to this city’s location on a desert trading route, many residents were merchants, the most famous of whom was born around A.D. 570.” And they didn’t just walk away with bragging rights; thanks to Sven Linblad from Linblad Expeditions, they also won an amazing adventure trip to either the Arctic, the Galapagos or Antarctica.

Through all of these education efforts — for teachers, students and grown-up Googlers alike — we hope people of all ages never stop exploring.

Posted by Tina Ornduff, Geo Education Team

At PICC I may have sounded like I thought there was an urgent need to create a sysadmin certification program. While I did talk about what I thought it would/could/should look like, I don't think this is a good time to create such a thing. A long-winded version of this paragraph is below.

An open letter:

I wish to clarify a statement I made at the PICC conference and point those of us that think about the future of system administration in a particular direction.

It has become apparent to me that a certification program cannot exist until the educational standards that it measures are generally accepted. That is, a certification should measure conformance to an pre-existing educational standard.

At the PICC conference, part of my keynote made the case for another attempt at creating a certification for system administrators. In the last few months I've thought a lot about the issue of certification. I've also had the chance to talk with with people that are familiar with how the AMA created its certifications for doctors. While I was not advocating for the immediate creation of a certification program, I may have given that impression. Let me be clear that I do not think that the industry has reached sufficient maturity to warrant a certification program as I described. The AMA's now pervasive certification program came after they worked with universities to develop curricula and other educational programs.

It would be prudent to focus on creating educational standards for the profession of system administration. We, the wider professional system administration community, need to work with academic institutions to create curriculum standards for system administration programs. While there have been attempts in the past, I do not feel this has gotten traction because the profession is not taken seriously in academia. This is changing. A number of factors are leading academia to take notice of the importance of operational excellence in IT. I would be glad to discuss strategy and opportunities with interested parties.

Every movement needs to be, at its heart, an attempt to save the world. It is trite to say that society is more and more dependent on computers. Yet our dependence is staggering even to me. From the logistics of getting food from farms to tables, to providing services related to healthcare, governance, media, security and defense; all of these things are reliant on IT such that they can no longer exists without it. And yet I feel that the digitization of society is still in its earliest of stages.

What could be more a more important way to save the world than making sure that society's underlying IT infrastructures are professionally designed, maintained, secured, and operated? We can not leave these things to amateurs and hobbyists, nor bureaucrats and lobbyists.

Sincerely, Thomas Limoncelli

Hash: SHA1 - Debian Security Advisory DSA-2076-1 security@debian.org Florian Weimer July 27, 2010 - Package : gnupg2 Vulnerability : use-after-free Problem type : local (remote) Debian-specific: no CVE Id(s) : CVE-2010-2547 Debian Bug : 590122 It was discovered that GnuPG 2 uses a freed pointer when verif

This is part of our summer series of new Search Stories. Look for the label Search Stories and subscribe to the series. -Ed.

Having been a new dad for six months now, I’ve quickly come to learn two valuable parenting lessons. First, being a father is truly a full-time job—and second, sleep is completely overrated. Whether buying the latest bottles, binkies, blankets and bibs, or just blogging about the whole magical journey, becoming a father has been the most invigorating and moving experience of my lifetime.

Contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more.

Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world’s largest enterprise software company.
(...)
Read the rest of Download your free Oracle Magazine (36 words)

---

© admin for Ubuntu Geek, 2010. | Permalink | No comment | Add to del.icio.us
Post tags: download free oracle, News

Related Articles

• Ubuntu 9.10 makes a serious charge toward the enterprise level (4)
• Ubuntu One Music Store: A Real Business? (0)
• Ubuntu 10.04 Code Named Lucid Lynx (6)
• Shuttleworth Stepping Down as Canonical Head, Silber New CEO in 2010 (2)
• How Does Ubuntu 9.04 Measure Up to Mac OS X? (16)
• Why Ubuntu excites me more than Windows or Macintosh (3)
• Ubuntu 10.10 (Maverick Meerkat) Release schedule (3)
• Ubuntu 10.04 (Lucid) Alpha 1 is coming on 10th December 2009 (3)
• New Release : Linux Kernel 2.6.28 (13)

Smuxi is an irssi-inspired, flexible, user-friendly and cross-platform IRC client for sophisticated users, targeting the GNOME desktop.

Smuxi is based on the client-server model: The core application (engine) can be placed onto a server which is connected to the Internet around-the-clock; one or more frontends then connect to the core. This way, the connection to IRC can be kept up even when all frontends have been closed. The combination of screen and irssi served as example for this architecture.
(...)
Read the rest of Smuxi -User-friendly and cross-platform IRC client for sophisticated users for GNOME/GTK+ (168 words)

---

© admin for Ubuntu Geek, 2010. | Permalink | One comment | Add to del.icio.us
Post tags: desktop, install Smuxi ubuntu, install Smuxi ubuntu 10.04, install smuxi ubuntu lucid, Smuxi ubuntu

Related Articles

• Ubuntu Tip : gecko-mediaplayer - Media plug-in for Gecko browsers (0)
• Quick and Easy Title Bar Button Side Switching in Ubuntu 10.04 (Lucid)/9.10 (Karmic) (8)
• Linux Theme Mockups for Firefox 4.0/3.7 (6)
• New Release : Pidgin 2.5.3 (4)
• Workaround for Thunderbird not starting via profile manager (1)
• Back In Time - A Simple backup tool for ubuntu (16)
• BAR - Backup application (2)
• Gaupol - Subtitle editor for text-based subtitle files (0)
• BleachBit 0.8.0 released and ubuntu installation instructions included (1)

The FreeBSD Foundation's semi-annual Newsletter is now available. There's a lot of information in this edition, including:

This is just a note for my personal reference. 1) MegaCLi for Linux [root@sgbwaprec01 ~]# rpm -qi MegaCli-8.00.23-1 Name : MegaCli Relocations: (not relocatable) Version : 8.00.23 Vendor: LSI Logic Corporation Release : 1 Build Date: Wed 19 May 2010 10:46:16 PM MYT Install Date: Tue 27 Jul 2010 11:27:22 AM MYT Build Host: localhost.localdomain [...]

• Quora - What are the scaling issues to keep in mind while developing a social network feed?
  Title says it all.
  (categories: socialsoftware scalability performance socialnetworks )

…do we have an appropriate award for doing bad work?

I’m only asking, because today on reddit, I came across an amazing post.

There is a subreddit called IAMA, where you can submit a thread allowing people to ask you questions because you are, in some way, unusual or interesting. The thread I found was called “IAMA Wildly Incompetent Network Security Admin and have no business in my job“.

The job? He’s network security for a Vegas casino.

When you actually click on the thread, it gets way, way worse. There’s a summary at the top, so I’m stealing some and pasting here. This is all copyright of reddit user throwawayscared, I don’t want it.

Since alot of people are asking this question: The reason I dont spend time learning the job is partly due to laziness. I mean it’s awesome spending all day playing battlefieldheroes or transformice.

I refuse to wear my ID badge so people dont stop and ask me questions. I’ve been reprimanded and even warranted the CEO sending out a memo that stated ‘EVERYONE HAS TO WEAR THEIR BADGE’ and I still dont do it. I just changed my schedule to leave earlier than any execs and get in after they do so they never see me without it.
also working at a casino means you get free lunches too. we’re only supposed to eat once, but i go several times throughout the day. I once changed the settings on the turnstyle applicatoin to allow me unlimited cafeteria entries. Everyone else was set at 1. The benefits of admin passwords

To further prove how much I should be fired, I’d like to share a quick story with you. I have stolen every bit of computer shit I can get my hands on. When the security team started cracking down on thieving employees and searching us on the way out, I just started mailing the shit to my house through the mailroom. Then I just started listing shit on ebay and sending it to the buyers right through the same mailroom. I also convinced the mailroom dude that I should’t pay for postage. I’m not proud, but I’m certainly not ashamed.

wow. It’s like a trainwreck.

Please, don’t be this guy.

According to The Register, the UK police have increased the exercise of the power that allows them to compel the revealing of crypto keys. That fancy duress key you put on your truecrypt volume is only good for earning you jail time. I've mentioned this before, but crypto is vulnerable at the end-points. If the Government can point a loaded law at you to force you to reveal your keys, the strength of your convictions, not your crypto, is what is being tested. Perhaps that 2-5 year prison term is worth it. Or maybe not.

I take heart that a majority of those served with the demand notice have refused. But we still don't quite know what'll happen to them.

This is harder to pull off in the US thanks to the 5th amendment, but there is nothing stopping this kind of thing off our shores. Or heck, at our borders.

bzip2 compresses files using the Burrows-Wheeler block sorting text compression algorithm, and Huffman coding. Compression is generally considerably better than that achieved by more conventional LZ77/LZ78-based compressors, and approaches the performance of the PPM family of statistical compressors. bzip2 and bunzip2 are file compression and decompression utilities. The bzip2 and bunzip2

Time is an important aspect of Network Security Monitoring. If you don't pay close attention to the time shown in your evidence, and recognize what it means, it's possible you could misinterpret the values you see.

My students and I encountered this issue in TCP/IP Weapons School at Black Hat this week. Let's look at the first ICMP packet in one of our labs.

I'm going to show the output using the Hd tool and then identify and decode the field that depicts time.

In the following output, 2d 0c 65 49 occupies the part of the packet where Libpcap has added a timestamp.

Hd output:

$ hd icmp.sample.pcap 
00000000  d4 c3 b2 a1 02 00 04 00  00 00 00 00 00 00 00 00  |................|
00000010  ea 05 00 00 01 00 00 00  2d 0c 65 49 5f bf 0c 00  |........-.eI_...|
00000020  4a 00 00 00 4a 00 00 00  00 0c 29 82 11 33 00 50  |J...J.....)..3.P|
00000030  56 c0 00 01 08 00 45 00  00 3c 02 77 00 00 80 01  |V.....E...w....|
00000040  ea f1 c0 a8 e6 01 c0 a8  e6 05 08 00 43 5c 07 00  |............C\..|
00000050  03 00 61 62 63 64 65 66  67 68 69 6a 6b 6c 6d 6e  |..abcdefghijklmn|
00000060  6f 70 71 72 73 74 75 76  77 61 62 63 64 65 66 67  |opqrstuvwabcdefg|
00000070  68 69                                             |hi|
00000072

Tpo convert 2d 0c 65 49 to a time, we have to swap the bytes, so becomes 0x49650c2d, or 1231359021 in decimal. 1231359021 is a Unix timestamp that we can convert with the -r option found in the FreeBSD version of the date command.

First let me show the date on this system so you can see the timezone of the FreeBSD system, and then I'll convert the seconds into a human readable time.

$ date
Wed Jul 28 00:11:23 EDT 2010

$ date -r 1231359021
Wed Jan  7 15:10:21 EST 2009

So, this ICMP packet has a timestamp of Wed Jan 7 15:10:21 EST 2009. Note that the date command produces a time in EST and not EDT. 15:10:21 EST becomes 16:10:21 EDT. I would have preferred seeing the date output show EDT since that is the time zone on the system in question, but I can understand the output. That seems simple enough, right?

Let's see what Tcpdump says about this packet. First I run the date command to remind us where we are running Tcpdump.

FreeBSD Tcpdump:

$ date
Wed Jul 28 00:11:23 EDT 2010

$ tcpdump -h
tcpdump version 3.9.8
libpcap version 0.9.8

$ tcpdump -n -tttt -r icmp.sample.pcap 
2009-01-07 16:10:21.835423 IP 192.168.230.1 > 192.168.230.5:
 ICMP echo request, id 1792, seq 768, length 40

As we expected, this packet has a timestamp of 16:10:21 (ignore the fractions of a second), and since the time zone is EDT it matches what we expect.

Let's see what a tool like Tshark says.

FreeBSD Tshark:

$ tshark -v
TShark 1.0.7
...edited...
Compiled with GLib 1.2.10, with libpcap 0.9.8, with libz 1.2.3, without POSIX
capabilities, without libpcre, without SMI, without ADNS, without Lua, without
GnuTLS, without Gcrypt, with Heimdal Kerberos.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.

Running on FreeBSD 7.2-RELEASE-p7, with libpcap version 0.9.8.

Built using gcc 4.2.1 20070719  [FreeBSD].

$ tshark -n -t ad -r icmp.sample.pcap 
  1 2009-01-07 15:10:21.835423 192.168.230.1 -> 192.168.230.5
 ICMP Echo (ping) request

What? Why does it show 15:10:21? That's the result for EST, not EDT, which is the time zone of the FreeBSD system.

Let's see if a Linux system in EDT behaves the same way.

$ date
Wed Jul 28 00:44:54 EDT 2010

$ tcpdump -V
tcpdump version 4.0.0
libpcap version 1.0.0

$ tcpdump -n -tttt -r icmp.sample.pcap 
2009-01-07 16:10:21.835423 IP 192.168.230.1 > 192.168.230.5:
 ICMP echo request, id 1792, seq 768, length 40

$ tshark -v
TShark 1.2.7
...edited...
Compiled with GLib 2.24.0, with libpcap 1.0.0, with libz 1.2.3.3, with POSIX
capabilities (Linux), with libpcre 7.8, with SMI 0.4.8, with c-ares 1.7.0, with
Lua 5.1, with GnuTLS 2.8.5, with Gcrypt 1.4.4, with MIT Kerberos, with GeoIP.

Running on Linux 2.6.32-23-generic, with libpcap version 1.0.0, GnuTLS 2.8.5,
Gcrypt 1.4.4.

Built using gcc 4.4.3.

$ tshark -n -t ad -r icmp.sample.pcap 
  1 2009-01-07 15:10:21.835423 192.168.230.1  192.168.230.5
  ICMP Echo (ping) request

Again, we see Tcpdump correctly honor the local time zone (EDT) and display the timestamp as 16:10:21, whereas Tshark shows the timestamp as EST or 15:10:21.

I am really disappointed by this Tshark behavior. Incidentally, you get the same results from any tool in the Wireshark suite, such as Wireshark itself, capinfos, etc.

Does anyone know why Tshark and the like don't really honor the local time zone, and instead use Standard Time instead of recognizing Daylight Savings Time?

If you reimage a machine or change dns, you may get any of these messages when sshing in:

Offending key for IP in /home/jsissel/.ssh/known_hosts:239
Matching host key in /home/jsissel/.ssh/known_hosts:252
Offending key in /home/jsissel/.ssh/known_hosts:237

Seem familiar? Here's a very quick way to trim those.

#!/bin/sh

eval "value=$$#"

if [ "$#" -lt 1 ] ; then
  echo "Invalid arguments."
  exit 1
fi

if ! echo "$value" | egrep -q '.*:[0-9]+$' ; then
  echo "Invalid file:lineno format: $value"
  exit 1
fi

echo "$value" | awk -F: '{print "sed -i -e "$2"d",$1}' | sh -x

• Put this in ~/bin/clearssh.sh
• chmod 755 ~/bin/clearssh.sh
• ln -s ~/bin/clearssh.sh ~/bin/Matching
• ln -s ~/bin/clearssh.sh ~/bin/Offending

Now the next time you see these messages and want to clear the offending key, just paste the log message, as a command, into your terminal:

jls(~) % Offending key for IP in /home/jsissel/.ssh/known_hosts:239
+ sed -i -e 239d /home/jsissel/.ssh/known_hosts

Makes for a quick fix if you hit these messages in your normal day.

I prefer this to using 'ssh-keygen -R' as the error message has exactly the information you need to clear the bad key.

Vulnerability ID: HTB22487 Reference: Product: Theeta CMS Vendor: MN Tech Solutions ( ) Vulnerable Version: 0.0 Vendor Notification: 12 July 2010 Vulnerability Type: XSS (Cross Site Scripting) Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response Risk level: Medium Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing Vulnerability Details: User can execute arbitrary Ja

Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:141 Package : samba Date : July 27, 2010 Affected: 2010.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in samba: The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (

Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:140 Package : php Date : July 27, 2010 Affected: 2010.0, 2010.1 Problem Description: This is a maintenance and security update that upgrades php to 5.3.3 for 2010.0/2010.1. Security Enhancements and Fixes in PHP 5.3.3: * Rewrote var_export() to use smart_str rather than output buffering,

For those unable to make it to Vegas this week, we present DC4420! Fun talk: jontyw/russss - London hackspace No tech talk this month, floor will be open for lightning talks from anyone on any topic. Once all the talking's done with it's social/drinking time until the early hours. venue: Upstairs at The Black Horse, 6 Rathbone Place, W1T 1HH nearest stations: Tottenham Court Ro

[MajorSecurity SA-079]PHPKIT WCMS - Multiple stored Cross Site Scripting Issues Details Product: PHPKIT WCMS Security-Risk: low Remote-Exploit: yes Vendor-URL: http://www.phpkit.com/ Advisory-Status: published Credits Discovered by: David Vieira-Kurz of MajorSecurity Original Advisory Affected Products: PHPKIT WCMS 1.6.5 Prior versions may also be vulnerable Descri

Ubuntu Security Notice USN-964-1 July 26, 2010 likewise-open vulnerability CVE-2010-0833 A security issue affects the following Ubuntu releases: Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 10.04 LTS: likewise-open5-ls

Hello, I'd like to announce FuzzDiff, a simple tool to help make crash analysis during file format fuzzing a bit easier.=A0 I'm sure many people have written similar tools for their own purposes, but I haven't seen any that are publicly available. Hopefully at least one person finds it useful. When provided with a fuzzed file, a corresponding original un-fuzzed file, and the path to the targete

Vulnerability ID: HTB22488 Reference: Product: Theeta CMS Vendor: MN Tech Solutions ( ) Vulnerable Version: 0.0 Vendor Notification: 12 July 2010 Vulnerability Type: XSS (Cross Site Scripting) Status: Not Fixed, Vendor Alerted Risk level: Medium Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing Vulnerability Details: User can execute arbitrary JavaScript code within the v

Vulnerability ID: HTB22491 Reference: Product: SyndeoCMS Vendor: The SyndeoCMS team ( ) Vulnerable Version: 2.9.0 and Probably Prior Versions Vendor Notification: 12 July 2010 Vulnerability Type: Stored XSS (Cross Site Scripting) Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response Risk level: Medium Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing Vulnerability D

Vulnerability ID: HTB22489 Reference: Product: Theeta CMS Vendor: MN Tech Solutions Vulnerable Version: 0.0 Vendor Notification: 12 July 2010 Vulnerability Type: XSS (Cross Site Scripting) Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response Risk level: Medium Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing Vulnerability Details: User can execute arbitrary JavaScri

Vulnerability ID: HTB22492 Reference: Product: SyndeoCMS Vendor: The SyndeoCMS team ( ) Vulnerable Version: 2.9.0 and Probably Prior Versions Vendor Notification: 12 July 2010 Vulnerability Type: Stored XSS (Cross Site Scripting) Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response Risk level: Medium Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing Vulnerability D

Vulnerability ID: HTB22490 Reference: Product: Theeta CMS Vendor: MN Tech Solutions ( ) Vulnerable Version: 0.0 Vendor Notification: 12 July 2010 Vulnerability Type: SQL Injection Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response Risk level: High Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing Vulnerability Details: The vulnerability exists due to failure in t

Vulnerability ID: HTB22493 Reference: Product: SyndeoCMS Vendor: The SyndeoCMS team ( ) Vulnerable Version: 2.9.0 and Probably Prior Versions Vendor Notification: 12 July 2010 Vulnerability Type: XSS (Cross Site Scripting) Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response Risk level: Medium Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing Vulnerability Details:

Tested on: Media Player Classic - Home Cinema Build number: 1.3.1333.0 MPC Compiler: VS 2008 FFmpeg Compiler: GCC 4.4.1 REPORT START################## ModLoad: 77be0000 77bf5000 ModLoad: 77bd0000 77bd7000 ModLoad: 73ee0000 73ee4000 ModLoad: 10000000 100fb000 C:\Program Files\K-Lite Codec ModLoad: 590b0000 590ce000 ModLoad: 71b20000 71b32000 ModLoad: 6bf50000 6bfcd000 ModLoa

Ubuntu Security Notice USN-930-6 July 26, 2010 firefox, firefox-3.0, xulrunner-1.9.2 vulnerability CVE-2010-2755 A security issue affects the following Ubuntu releases: Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu

A new research paper from the Freedom And Law Center deals with issues that some of us keep raising these past few years, and does a good job at it - bionic hacking (or cybernetic hacking if you prefer). "Killed by Code: Software Transparency in Implantable Medical Devices" outlines some of the history of these devices and even shows some cases where devices have been recalled (likely due to

iKAT - Interactive Kiosk Attack Tool v3 http://ikat.ha.cked.net It is with my great pleasure that i would like to introduce iKAT v3. iKAT - The Interactive Kiosk Attack Tool is the worlds premier Internet hacking tool. Designed as a SaaS, iKAT features many methods of escaping out of a browser jailed environment and gaining command execution. iKAT is a website you visit from a Kiosk, its quick

Ailurus is a simple application installer, and GNOME tweaker. Ailurus helps to reduce the difficulty people encounter when they are using Linux. Ailurus also promotes other elegant open-source software which has not entered official repository. With 10 developers (engineers and students), Ailurus is being rapidly developed.
(...)
Read the rest of Ailurus 10.07.6 is released and installation instructions included (282 words)

---

© homer.xing for Ubuntu Geek, 2010. | Permalink | No comment | Add to del.icio.us
Post tags: Ailurus 10.07.6, Ailurus 10.07.6 ubuntu 9.10, desktop, install Ailurus 10.07.6 ubuntu 10.04

Related Articles

• Supported Files Of Various Ubuntu Multimedia Programs (21)
• Install Jdownloader in Ubuntu 10.10/10.04/9.10 using Ubuntu PPA (12)
• Ubuntu Package Management from Command line using apt (Advanced Packaging Tool) (7)
• WebMail Notifier (Firefox Add-on) - Checks your webmail accounts and notifies the number of unread emails (0)
• Pana - A music player based on Amarok 1.4 (8)
• How to add an icon to apps in Ubuntus’ Application-menu that only show a generic icon (3)
• MyPaint - A fast and easy graphics application for digital painters (3)
• Mound Data Manager - Manage data in the context of other applications (2)
• Appnr - Web-based tool and a service that install applications on Ubuntu (6)