I just upgraded on my X1 carbon.
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
See everyone there!
Diego will do his third installment on Clojure!
https://www.saclug.org/articles/2025/april-2025.html
6-8pm
Gary, can you bring your projector again?
Brian
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
Linus,
What was that Linux from scratch you created several years back?
Brian
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
Today I received, via email, a security warning from my ISP, who is ATT. They were advising me that my system was being attacked and that the attack was based on an OpenSSH vulnerability.
After reading some CVE and Red Hat pages, it turns out I'm at risk because I updated my bastion server. My other systems, which the bastion server front ends for, aren't affected because the version of OpenSSH is too OLD.
What a pain.
This happens all the time, whether I get notified or not. Newer versions of software are NOT more secure. In fact, they become LESS secure as developers try to incorporate more functionalty and edge uses. And, in this case, because someone made a mistake.
The whole world is on this upgrade/update treadmill and it gets you nothing. IMHO you are delusional if you think it does.
I have to get on it because I HAVE to upgrade browsers. You can only do this independently from an OS upgrade for so long.
Fortunately the exploit is very difficut to exploit beyond causing a "system crash". It takes a lot of "resources" and thousands of attempts. Which is probably how ATT noticed it.
I can't determine if, or ask ATT, to just block the attack. I can't respond to the email. It seems like blocking the attack would be nice. Fortunately, my network is on the slow side and the exploit probably can't be feasibly involked.
This is why I resist upgrading/updating. It is a waste of A LOT OF TIME. Better to have a version and just patch vulnerabilities that apply to you and forget the rest.
The recommended fix is to set the logingracetime=0 for the sshd server. I'm trying to determine how this will affect password based authentication with long passwords over slow/bad networks, my situation. It seems like it might.
I'm seriously considering just downreving the OS on the bastion server. It doesn't really need that much functionality and never runs a browser. And, although I wouldn't like it, I'm not sure what they could do by executing arbitrary code there. They would have to be able to ssh somewhere useful.
I can see from the logs that I'm being hit every 3 sec or so. All different IP's, must be a botnet.
Can someone check a user field in libre office and check if they see a
difference between the way it looks in the Writer doc in Windows vs
Linux?
Ctrl-F2 Variables
User variable
Name: fizz
Value: [fizz]
In Windows, it shows "User field fizz=[Fizz]"
In Linux, it shows "[fizz]"
Can someone check for me and let me know?
Brian
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
Hi Everyone,
We will have our third installment of Clojure at the next SacLUG
meeting.
https://www.saclug.org/articles/2025/april-2025.html
It will be at the Raley's in Natomas.
The meeting will be 6-8pm. I have the incorrect time on the website.
I am fixing it now!
Brian
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
Diego Martinez will present clojure.
https://www.saclug.org/articles/2025/march-2025.htmlhttps://www.raleys.com/store/447
6-8pm
Raley's
4650 Natomas Blvd.
Sacramento CA,
95835
See you there!
Brian
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
