originally posted elsewhere 2012.08.17. The Full Disclosure folks say that vulnerabilities should be disclose immediately. Their arguments have some merits. The Responsible Disclosure folks say that the vendor should have n number of weeks to get a patch out, then it goes to Full Disclosure. That has some merits as well, but the trouble...
Read more →The vsftpd standard FTP daemon on Fedora 17 comes configured to not work. It doesn’t work in normal mode (chroot problems) it doesn’t handle TLS, it allows anonymous by default, and it doesn’t handle passive mode in a way that works with the iptables firewall (because of TLS). Goal: TLS, no chroot-ing, no anonymous,Passive...
Read more →Problem: You’ve just upgraded to Fedora 17 (or perhaps 16) on your NFS server. Nothing is listening on port 2049 and rpc.idmapd isn’t running. You’ve already made sure nfs-server.service is running. Solution: your old /etc/sysconfig/nfs file is messing up the NFS server. rpc.idmapd is no longer needed. (man nfsidmap). Run: mv /etc/sysconfig/nfs /etc/sysconfig/nfs.rpmsave mv...
Read more →When re-using a disk with a GPT label (GUID Partition Table) it’s important to wipe the label stored on both the first and last blocks of the device. With an MBR Partition Table it was easy enough to just nuke the beginning of the drive (adapt sdz for your drive), ala: dd if=/dev/zero of=/dev/sdz...
Read more →Solaris variants (i.e. Nexenta) seem to lack the ‘watch’ program that’s so useful on Linux/BSD. There are several people asking for this on various forums. There might be a port available, but not stock on machines, and if your machine is inside a restrictive firewall, it might be hard to get. In a pinch,...
Read more →I run my backups on a stack that consists of: md-raid mirror LUKS encryption ZFS zvol This works nicely as it’s easy to split off an encrypted backup disk to take offsite, but since ZFS encryption hasn’t come to Linux yet, it’s still a stack of technologies to manage. My backup set gets ever...
Read more →I’ve been working for a couple days to get a usable Fedora 15 instance on the AMD A6-3650 APU. I’m using MSI’s motherboard. The biggest challenge is the integrated ATI HD 6550D graphics. Download the latest .fc16 build of Linux 3.0 from koji for proper KMS (kernel mode setting) support. Then download the latest...
Read more →The need came up to create a ZFS filesystem, shared over NFS, to Linux clients, with no permissions enforced. Much of the documentation out there is sparse, dated, confusing, or wrong. This post at least aims not to be wrong. On the Nexenta/Solaris machine, for zpool ‘storage’: zfs set aclinherit=passthrough storage/shared zfs set sharenfs=on...
Read more →Make sure you have xargs, head, and mplayer installed (via your package manager) and run: /usr/bin/curl http://www.nasa.gov/ram/35037main_portal.ram | /usr/bin/head -1 | /usr/bin/xargs mplayer If the URL above changes, look for the ‘RealPlayer’ option at http://www.nasa.gov/ntv for a new .ram file.
Read more →Good news from the 6th US Circuit Court of Appeals: At issue in Warshak’s e-mail flap was a 1986 law that allows the government to obtain a suspect’s e-mail from an internet service provider or webmail provider without a probable-cause warrant, once it’s been stored for 180 days or more. The appeals court said...
Read more →