- Lug-nuts - bigbrie.com

by Gary

Today I received, via email, a security warning from my ISP, who is ATT. They were advising me that my system was being attacked and that the attack was based on an OpenSSH vulnerability. After reading some CVE and Red Hat pages, it turns out I'm at risk because I updated my bastion server. My other systems, which the bastion server front ends for, aren't affected because the version of OpenSSH is too OLD. What a pain. This happens all the time, whether I get notified or not. Newer versions of software are NOT more secure. In fact, they become LESS secure as developers try to incorporate more functionalty and edge uses. And, in this case, because someone made a mistake. The whole world is on this upgrade/update treadmill and it gets you nothing. IMHO you are delusional if you think it does. I have to get on it because I HAVE to upgrade browsers. You can only do this independently from an OS upgrade for so long. Fortunately the exploit is very difficut to exploit beyond causing a "system crash". It takes a lot of "resources" and thousands of attempts. Which is probably how ATT noticed it. I can't determine if, or ask ATT, to just block the attack. I can't respond to the email. It seems like blocking the attack would be nice. Fortunately, my network is on the slow side and the exploit probably can't be feasibly involked. This is why I resist upgrading/updating. It is a waste of A LOT OF TIME. Better to have a version and just patch vulnerabilities that apply to you and forget the rest. The recommended fix is to set the logingracetime=0 for the sshd server. I'm trying to determine how this will affect password based authentication with long passwords over slow/bad networks, my situation. It seems like it might. I'm seriously considering just downreving the OS on the bastion server. It doesn't really need that much functionality and never runs a browser. And, although I wouldn't like it, I'm not sure what they could do by executing arbitrary code there. They would have to be able to ssh somewhere useful. I can see from the logs that I'm being hit every 3 sec or so. All different IP's, must be a botnet.

1 month, 3 weeks

2
3
0 0

user field libre office (windows vs linux)

by Brian E. Lavender

Can someone check a user field in libre office and check if they see a difference between the way it looks in the Writer doc in Windows vs Linux? Ctrl-F2 Variables User variable Name: fizz Value: [fizz] In Windows, it shows "User field fizz=[Fizz]" In Linux, it shows "[fizz]" Can someone check for me and let me know? Brian -- Brian Lavender https://www.brie.com/brian/ "There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies." Professor C. A. R. Hoare The 1980 Turing award lecture

1 month, 3 weeks

1
0
0 0

FlatSnap

by Linus Sphinx

Was sure this must be the Onion. Can't believe it, RPM should have won. https://news.itsfoss.com/onepackage-announcement/

2 months

3
6
0 0

We are live: Diego talks clojure

by Sen Hastings

https://gnulinux.tube/w/7zuJFP5wBya9sbYaTxb1wZ

2 months

2
3
0 0

3rd installment of clojure

by Brian E. Lavender

Hi Everyone, We will have our third installment of Clojure at the next SacLUG meeting. https://www.saclug.org/articles/2025/april-2025.html It will be at the Raley's in Natomas. The meeting will be 6-8pm. I have the incorrect time on the website. I am fixing it now! Brian -- Brian Lavender https://www.brie.com/brian/ "There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies." Professor C. A. R. Hoare The 1980 Turing award lecture

2 months

1
0
0 0

Oddities

by Linus Sphinx

Poking Fedora 41 gently with a stick, are odd versions still bad juju? Feeling like I should wait for 42.

2 months

3
2
0 0

meeting tonight at the Raley's in Natomas. Topic Clojure.

by Brian E. Lavender

Diego Martinez will present clojure. https://www.saclug.org/articles/2025/march-2025.html https://www.raleys.com/store/447 6-8pm Raley's 4650 Natomas Blvd. Sacramento CA, 95835 See you there! Brian -- Brian Lavender https://www.brie.com/brian/ "There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies." Professor C. A. R. Hoare The 1980 Turing award lecture

2 months, 2 weeks

3
3
0 0

rc.local

by Gary

Before, I could just add things to rc.local if I wanted them to run at start up.According to the systemd docs, I should still be able to do that. According to the web, and my experience, it doesn't work. NP. I'll just make a systemd unit and do it right. There are 12 different kinds. Trying to read the docs and figure out what to do is going to be fun. I just copy a template from the web that is suppose to do what I want. There apparently aren't any tools to make this easier because, "It's all really simple already." Conceptually, it does look fairly straightforward, if I had the info I needed. Which is probably there. I just have to do a lot of reading and get a lot of religion. My executable runs and does what I want. Let's fire up the systemd service and see what happens. Oh, SELinux happens. I haven't played with SELinux. Perhaps now is a good time to learn. I am somewhat curious why the SELinux interface tells me a temporary workaround and not a permanent fix. But, with what it does tell me, I figure I have to learn about SELinux policies. Are you kidding me? I have to install an _devel package. I can follow the cookie cutter script, which has 10 nontrivial steps. I start, but I don't get the results that the script tells me I should. Since I don't know what I'm doing, I have no idea if this will be a problem or not. There are only 10 or so man pages I need to read. I'm sure none of them are short. How long has this stuff been around now? Am I missing something? Because it looks like something I stepped in once. We went from adding a line in a file, to all this. It is allegedly more secure.But it looks to me that things could be a lot easier and someone made a big mistake somewhere. I haven't decided how I'll proceed. I either turn off SELinux and start my stuff automatically. Or keep starting it manually, as I do now. It's on a box I like to keep secure, so there is that. Is there a way out or around that I have missed?

2 months, 2 weeks

4
8
0 0

Systemd

by Gary

After my last post, I started thinking that perhaps systemd is designed to take advantage of multicore processors during startup. That might explain a lot. After doing a bit of googling on whether on not different CPU's can access RAM at the same time, since start up is all about getting things into RAM, it turns out probably not. In fact, one post indicated that a "boot CPU 0" is used for the whole startup. While it may be nice to have the system figure out what needs to run in what order, was it really that hard to execute things in lexical order and just name them appropriately. You pretty much have to do that math anyhow. In my little unit, my script needs the firewalld. Both my unit and the firewalld unit want "multiuser". Mine runs first and dies. I have to expressly tell systemd to run after the firewalld, which isn't a target. How is this easier? On a separate note, I found it really nice that neither the nft docs, nor the firewalld docs tell you how to persist changes. You have to read the firewall-cmd docs. Google told me that. Eventually. This is really poor too. I recently realized I can still use iptables even though the distro dumped me into nft. I don't really see an advantage to nft and I'm not even sure of firewalld's role. I'm thinking of going back to iptables. It is a complex thing to make things simple and a simple thing to make things complex. It looks like we've really gone down that rabbit hole.

2 months, 3 weeks

1
0
0 0

March meeting Clojure, Wednesday, March 19. new location!

by Brian E. Lavender

We will have the next SacLUG meeting on Wednesday at the Natomas Bel Aire market https://www.raleys.com/store/447 6-8pm Diego Martinez will present Clojure, episode 2. More details will come on the SacLUG website. I believe Diego will summarize his notes form the previsous meeting as well. Stay tuned for updates. https://www.saclug.org/articles/2025/march-2025.html Brian -- Brian Lavender https://www.brie.com/brian/ "There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies." Professor C. A. R. Hoare The 1980 Turing award lecture

3 months, 1 week

1
0
0 0

2025

2024

2023

2022

Lug-nuts