Roundtable February 2013

roundtable@muug.ca

15 participants
16 discussions

SpamAssassin false positives on DATE_IN_FUTURE_96_Q?
by Gilbert E. Detillieux 23 Feb '16

23 Feb '16

I mentioned this problem at the last round-table session, but didn't get a solution, so I thought I'd post it here, just in case anyone has any suggestions to offer. I'm still seeing a whole bunch of false positives in SpamAssassin, since an update was installed in mid-September on a CentOS 5.7 system, for a rule called DATE_IN_FUTURE_96_Q, which is only supposed to be triggered when the "Date:" header has a date that is 4 days to 4 month ahead of the date in the "Received" header that has the _smallest_ difference in date. Here are the headers from the latest e-mail I've received with this false-positive. (I've stripped out irrelevant headers, for the sake of clarity and simplicity.) From topfivestories(a)messagent.itworldcanada.com Mon Nov 14 07:50:13 2011 Received: from mail.messagent.itworldcanada.com (mail.messagent.itworldcanada.com [207.112.10.80]) by palladium.cs.umanitoba.ca (8.13.8/8.13.8) with SMTP id pAEDoAxV028594 for <gedetil(a)cs.umanitoba.ca>; Mon, 14 Nov 2011 07:50:12 -0600 Date: Mon, 14 Nov 2011 08:50:13 -0500 X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00,DATE_IN_FUTURE_96_Q, HTML_MESSAGE,RP_MATCHES_RCVD autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on palladium.cs.umanitoba.ca Note that I'm calling spamd via the spamass-milter on a system running sendmail. Note also, that in the above example, the only "Received" header was the one generated by my own server. (I've had other false positives, however, with multiple "Received" headers, all of which were within seconds of the time in the "Date" header.) Any ideas? -- Gilbert E. Detillieux E-mail: <gedetil(a)muug.mb.ca> Manitoba UNIX User Group Web: http://www.muug.mb.ca/ PO Box 130 St-Boniface Phone: (204)474-8161 Winnipeg MB CANADA R2H 3B4 Fax: (204)474-7609

6 11

WRT routers?
by Dan Keizer 28 Feb '13

28 Feb '13

Hey there -- a retired ham acquaintance I know is looking to do some work on exploring mesh networks and is looking for some 'older' (read: inexpensive) WRT-type routers that can be flashed with openwrt/ddwrt/etc ... If anyone has some lying around willing to part with them, let me know -- he's been looking for a while. Thanks. Dan, ve4drk

3 4

O'Reilly e-Book deal on PHP books (until Feb 28)
by Gilbert E. Detillieux 27 Feb '13

27 Feb '13

Sorry for the short notice on this one, but I just noticed this buried in the text of a routine e-mail from O'Reilly. They're running a 50% off deal, that "expires Feb. 28, 2013 at 11:59pm PT", on selected PHP e-books... http://shop.oreilly.com/category/deals/php-owo.do?code=WKPHP&imm_mid=0a1e7b… The discount code you need is on the web page above. -- Gilbert E. Detillieux E-mail: <gedetil(a)muug.mb.ca> Manitoba UNIX User Group Web: http://www.muug.mb.ca/ PO Box 130 St-Boniface Phone: (204)474-8161 Winnipeg MB CANADA R2H 3B4 Fax: (204)474-7609

1 0

Console
by Robert Dyck 25 Feb '13

25 Feb '13

I have a machine running Ubuntu Server 12.10; this is server, not desktop, so command line only. The CRT monitor fried. I have an old LCD monitor, but it only accepts 800x600 resolution at 60Hz. I'm trying to get that working as the console. I can get in via SSH using PuTTY from a Windows machine, but that's not a long term solution for a few reasons. This monitor does display BIOS POST, and the Grub menu, but does not display the login prompt. I tried "sudo dpkg-reconfigure console-setup" but that just has encoding, character set, font, and font size. Nothing for console resolution. I tried editing /etc/default/console-setup to add "GRUB_GFXPAYLOAD_LINUX=800x600". The console is visible during POST, and the GRUB menu, but then changes to an unsupported mode. I haven't even looked at anything that could be put in .profile because I don't get that far. I can't even see the login prompt. Could you guys help me? Thanks, Rob Dyck

3 3

Odd LDAP issue
by Robert Keizer 20 Feb '13

20 Feb '13

Greetings, At work I have an OpenLDAP daemon running. ( 2.4.28, standard ubu 12.04 repo before someone asks ). For those who don't know: OpenLDAP as of 2.3+ allows the storage of the LDAP schema to reside in LDAP. As a result, you can modify the schema in runtime. I have been taking full advantage of this feature and adding attributes and classes when I need, rather than planning for production downtime. I couldn't for the life of me figure out why replacing an olcObjectClass in runtime wasn't working properly. I was getting a "Duplicate objectClass" error. That may seem like a simple fix. It would have been if it actually had been a duplicate. I spent quite a long time working away, turning OpenLDAP debug up to 9 which is copious in and of itself. In the end this is what I found. My guess is that I have stumbled upon an OpenLDAP bug, or perhaps that some developer designed it to on SIGHUP refresh its internal structures. # ldapmodify -Y EXTERNAL -H ldapi:/// -f ./tmp.ldif .. ( snip ) .. modifying entry "cn={5}yst,cn=schema,cn=config" ldap_modify: Other (e.g., implementation specific) error (80) additional info: olcObjectClasses: Duplicate objectClass: "1.3.6.1.4.1.40605.1.1.1.1.1" # /etc/init.d/slapd restart * Stopping OpenLDAP slapd ...done. * Starting OpenLDAP slapd ...done. # ldapmodify -Y EXTERNAL -H ldapi:/// -f ./tmp.ldif .. ( snip ) .. modifying entry "cn={5}yst,cn=schema,cn=config" I am inclined to believe this is a bug in OpenLDAP because the first time after a fresh start I am able to make the modification, with the same LDIF. Thoughts? Is there some face-palming worthy piece of documentation out there that explains this? Rob

1 0

Fwd: SkullSpace Crypto night Wednesday! [Everyone is invited!]
by Colin Stanners 20 Feb '13

20 Feb '13

To other Winnipeg technology-oriented organizations: here's a technical event at Sksp, if you can distribute to anyone who would be interested. Sorry for the late announcement, no one here is really a "promotion" person, I'm trying to setup a better/faster system to announce our events to other organizations... ---------- Forwarded message ---------- From: Ron <ron(a)skullsecurity.net> Date: Tue, Feb 19, 2013 at 8:22 AM Subject: [SkullSpace-Announce] Crypto night: TOMORROW! [Everyone is invited!] To: announce(a)lists.skullspace.ca -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey everybody, In honour of my Shmoocon talk - which went *exceptionally* well on Saturday - we're doing some crypto talks at SkullSpace tomorrow! It's gonna be a great night, and everybody is invited! The target audience is developers or security people. Anybody technical will have a good time, I suspect. I'm gonna cover the basic crypto constructs we're attacking, then talk about how to attack them. We aren't attacking the math of crypto at all - I don't do math - but rather how they're implemented. *Everybody is welcome, whether or not you're a member!!* We're gonna be getting some pizza, if you plan to eat then please bring a $5 or $10 donation. I'm paying for the pizza out of my own pocket, so it'd be nice if others would pitch in. The night is going to look something like this: ======================================================================== 6:00pm - I'm gonna aim to be there for 6 to unlock the doors and set up/greet/socialize/hang out ======================================================================== 6:30pm - PIZZA ======================================================================== 7:00 - 7:05 - Ron "iagox86" Bowes: Welcome A quick welcome/greeting from me, an intro of the speakers, and a bit about SkullSpace if we have a lot of guests showing up. ======================================================================== 7:05 - 7:20 - Colin "Phoul" Childs: "Introducing FROST" FROST is a method for stealing data off locked phones using a coldboot-style attack ======================================================================== 7:25 - 7:40 - Alex "AlexWebr" Weber: "I Can Hear You Tunneling" Alex will be presenting - for the first time ever! - a tool he's developing to discover information from SSH sessions based on packet timings. ======================================================================== 7:45 - 8:00 - Mak "mak" Kolybabi: TBA Mak... well, we all love Mak. He'll talk about something cool. I have faith ======================================================================== 8:05 - 9:15 - Ron "iagox86" Bowes: Crypto: You're doing it wrong Ron will be doing a reprise of his Shmoocon talk about how to fail at crypto. It was well received at Shmoocon and - while this is a somewhat different audience - plans to give the same talk at SkullSpace! ======================================================================== After the talks, we'll hang around for awhile for questions, comments, and general hacking. Feel free to hang out with us! See you all tomorrow! Ron -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlEjisEACgkQ2t2zxlt4g/SXrgCcDsw3V5V3RSRW/ngr/0fGbgTz 1rMAoLd9zbDU7KQvDY5lhIbo9dJFZBjH =WCeP -----END PGP SIGNATURE----- _______________________________________________ SkullSpace Announce Mailing List Help: http://www.skullspace.ca/wiki/index.php/Mailing_List#Announce Archive: https://groups.google.com/group/skullspace-announce-archive/

2 2

Re: [RndTbl] view client on Linux
by Adam Thompson 20 Feb '13

20 Feb '13

Considering how shabby overall VMWare client support is for everything non-Windows, that wouldn't surprise me. You still can't deploy a vSphere environment without a Windows workstation to at least bootstrap it, for example. (Although that Windows system could be a VM inside Workstation on Linux...) -Adam

1 0

view client on Linux
by Kat 20 Feb '13

20 Feb '13

Am I reading this right? VMware's View Client for Linux is at version 1.7.0. Really? And the Google Code open version is at 4.5.0, but doesn't support PCoIP? I have no other alternatives??? I can kinda made do with RDP, but I don't want to. -- ------------------------------------------------------------ Katherine Scrupa Network Technology CCNA, Hons.

1 0

Doug Shewfelt's memorial service
by Gilbert E. Detillieux 13 Feb '13

13 Feb '13

Doug Shewfelt's memorial service will be held on Friday, Feb. 15 at 2:00pm at St. Andrew's United Church in Manitou MB. A private family internment service will precede the public service. If you are planning to attend, please let me know via e-mail. I'll collect the list of names, and pass it along to Dave Clement, who asked for responses (to get an attendance estimate). Thank you. For further information please check the web site: http://www.wheatlandfs.com/shewfelt-douglas/ The church is located at the corner of Hamilton St. and Fuller Ave. in Manitou: http://goo.gl/maps/nr1yn To get to Manitou, take highway 3 past Carman and Morden, and stay on highway 3 right to Manitou. Alternatively, it may be slightly shorter to turn west onto highway 23 between Carman and Morden, then south onto highway 244 to Manitou. (Google Maps also suggests taking highway 2 from Winnipeg, then south on highway 244.) Taking highway 23 has the advantage that you can see Manitoba Hydro's wind farm up close. It's impressive if you haven't seen it before. -- Gilbert E. Detillieux E-mail: <gedetil(a)muug.mb.ca> Manitoba UNIX User Group Web: http://www.muug.mb.ca/ PO Box 130 St-Boniface Phone: (204)474-8161 Winnipeg MB CANADA R2H 3B4 Fax: (204)474-7609

3 3

O'Reilly discount
by Trevor Cordes 13 Feb '13

13 Feb '13

As discussed at the meeting tonight: The latest O'Reilly User Group book mailings show a new code, which appears to be meant to be in addition to the existing code (DSUG): "Buy 1 Ebook, Get 1 Free with your user group discount code: DSUG2"

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

Roundtable February 2013