Again sent earlier. Thanks for the intervening comments about
vulnerabiliteis and versions.
A lot of issues and suggestions have been made and raised. My brief
response is that yes, according to nmap and my intention I had port 23,
for ssh (I moved it) and port 5900 open and the rpc port, I think. I'm
going by memory.
Theoretically the only pinhole in the ISP router firewall was port 23.
To use port 5900, you had to use an ssh tunnel.
My web server is on another machine. Since I only use it for
development, I don't leave it up.
My actual web pages are hosted externally on a vendor's box.
My experience with the upgrade treadmill is that it is a waste of time.
By its own admission (if a concept can have that) the new versions will
have issues and you need to upgrade. If the issues with an older
version don't affect you, then it is perfectly fine to use it. Why
upgrade and risk the fact that the new issues will affect your use case.
The developers for Fedora 13 were no smarter or dumber than the
developers who are writing Fedora 36. Or pick your distro of choice.
The issue with an older release is that nifty new things come out and
you can't really use them. But, if you run a VM with a recent version
of the distro, you can use them just fine.
The other issues is that if you are getting vendor support, they can
only reasonably commit to supporting a limited number of versions.
This is AMD hardware from '06.
-Gary
On Fri, Aug 05, 2022 at 06:19:54PM -0700, Rick Moen wrote:
> Quoting Brian E. Lavender (brian(a)brie.com):
>
> > Gary,
> >
> > You were running Fedora 13?
>
> If so, _that_ is likely a big problem. Fedora 13's initial release was
> May 25, 2010, and it was EOLed on June 24, 2011.
>
> Because Fedora. If you don't want to keep moving to newer versions,
> it's about the worst possible distro. (But it's possible Gary meant
> that he did _original_ installation 15 years ago, but has been following
> the recommended upgrade treadmill^W path.
>
> Linus Sphinx wrote:
>
> > https://www.bleepingcomputer.com/news/security/new-linux-malware-brute-forc…
>
> You know, I have a _lot_ of things to be grateful for, and somewhere on
> the list is the glad tidings that I don't need to rely on
> Bleepingcomputer.com for IT information.
>
> Over the past 1.5 months since its discovery, the new botnet used
> over 3,500 unique IPs worldwide to scan and attempt brute-forcing Linux
> SSH servers.
> [...]
> The SSH brute-forcing relies on a list of credentials downloaded from
> the [command and control server]. [...]
>
> *snore*
>
> So, doorknob-twisting for "joe accounts", like user=service
> password=manager and like that.
>
> Guestimate the math, and measure the lengthly setup and teardown times
> for remote connections to an sshd, and you'll find that
> dictionary-attacking an sshd with any reasonable rules set about
> password quality and length is going to take an appreciable fraction of
> the time to the heat death of the universe, to succeed.
>
> I mentioned upthread that a lot of IT device comes from gadget freaks.
> The _other_ common problem is that most security _articles_ are
> copied-pasted press releases from security/antimalware firms.
> So, they're big on shockhorror, and small on conveying understanding.
>
> I've only quick-glanced at this article about enforcing password policy
> via PAM, so won't swear to it being a good one:
> https://www.techrepublic.com/article/controlling-passwords-with-pam/
> Of course, if you're the -only- user, you ought to stick to decent
> passwords without PAM forcing you to. (Also, a user who can su to
> root has the power to overrule PAM. But if you do that, you have only
> yourself to blame for consequences.)
>
> _______________________________________________
> Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
> To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
----- End forwarded message -----
We started a development using Pelican using the nblug.org as a
baseline!
https://github.com/brieweb/saclug.org
--
Brian Lavender
http://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
We will have a meetup for SacLUG on Tuesday, August 15 at Kupros
on 21st St in Midtown. See you there at 6:30pm.
https://www.kuproscrafthouse.com/
1217 21st St.
Sacramento, CA 95811
Brian
--
Brian Lavender
http://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
I asked Tek Systems if they would host a meeting for us and they said
that they don't have the capacity currently. Perhaps we ought to do a
social like we did in the past?
--
Brian Lavender
http://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
The only thing I found in settings was tracking. I changed it to custom and unchecked everything. It always fails at the login screen. Either before or after I enter my credentials.
Other pages work fine.
Anyone using Firefox?
On Tue, Jul 25, 2023 at 01:01:04PM -0600, Linus Sphinx wrote:
> Upgrade to a 64 bit virus. Anything in F12/errors? Maybe it's the web page
> cross domain or something and firefox has upgraded their security model.
> Sandwich menu button->settings->security and put it in stupid mode, scary
> but it might work.
>
> On Tue, Jul 25, 2023 at 12:35 PM Gary <saclug(a)garymcglinn.com> wrote:
>
> > I don't really get on the upgrade treadmill. I've been running Firefox 84
> > on Fedora 23 or something for awhile. Its in a VM I had a system issue
> > with the host and had to do a reinstall and upgraded to fc 36. Everything
> > was fine, running my fc 23 VM's on a fc 36 host. I'm on a different VM, my
> > "fun" VM as I write this, which also runs Firefox 84 on fc 23 with no
> > problems. I'll upgrage at some point.
> >
> > The VM with the issues is my "finance" VM. I use it for my credit cards
> > and banking and all that. Banks started to complain about my Firefox 84,
> > so I tried to upgrade to 113. It crashes. A lot. So, I built a new VM
> > with fc 38. And installed Firefox 115. It crashes almost immediately.
> > But I was able to get some forensics. Its complaining that it is sending a
> > 64 bit code to a subsystem that "doesn't support it". Implying that there
> > is a 32 bit library somewhere.
> >
> > I sort of do need to log in to banks and all that. Any thoughs or
> > suggestions? It seems really unlikely that there would be a 32 bit library
> > somewhere.
> >
> > Desktop browsers and Firefox are getting increasingly less mindshare. Is
> > this just EOL thrashing?
> >
> > Any thoughts?
> >
> > As you may have guessed, the hardware is pretty old, but I don't see where
> > that would be an issue with this.
> >
> > -Gary
> > _______________________________________________
> > Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
> > To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
> >
I don't really get on the upgrade treadmill. I've been running Firefox 84 on Fedora 23 or something for awhile. Its in a VM I had a system issue with the host and had to do a reinstall and upgraded to fc 36. Everything was fine, running my fc 23 VM's on a fc 36 host. I'm on a different VM, my "fun" VM as I write this, which also runs Firefox 84 on fc 23 with no problems. I'll upgrage at some point.
The VM with the issues is my "finance" VM. I use it for my credit cards and banking and all that. Banks started to complain about my Firefox 84, so I tried to upgrade to 113. It crashes. A lot. So, I built a new VM with fc 38. And installed Firefox 115. It crashes almost immediately. But I was able to get some forensics. Its complaining that it is sending a 64 bit code to a subsystem that "doesn't support it". Implying that there is a 32 bit library somewhere.
I sort of do need to log in to banks and all that. Any thoughs or suggestions? It seems really unlikely that there would be a 32 bit library somewhere.
Desktop browsers and Firefox are getting increasingly less mindshare. Is this just EOL thrashing?
Any thoughts?
As you may have guessed, the hardware is pretty old, but I don't see where that would be an issue with this.
-Gary
I laughed so hard!
Interview with an Emacs Enthusiast in 2023 [Colorized]
https://youtu.be/urcL86UpqZc
Brian
--
Brian Lavender
http://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
