Roundtable September 2014

roundtable@muug.ca

14 participants
18 discussions

IBM "clicky" keyboards
by Adam Thompson 13 Oct '16

13 Oct '16

Enough people have wondered/asked/complained to me about this that I'm posting this now as a public service. IBM Model "M" keyboards are still available, *NEW*, today. They are expensive, but they are the original design that you can use as a melee weapon. The catch is that they don't say "IBM" or even "Lexmark" on them. They are available for purchase from the manufacturer, Unicomp, who can be found online at http://www.pckeyboard.com/. You can also find some vintage NIB units from time to time at http://www.clickykeyboards.com/. There are also a number of other manufacturers now making similar, but not quite as good, keyboards. - CVT Inc., the maker of the Avant Stellar (I own two of them), which is the direct descendant of the Northgate Omnikey, seems to have restructured and no trace of their keyboard manufacturing operation can be found online. However, Northgate keyboards are still available new-in-box from (this is a horrible site, beware) http://www.northgate-keyboard-repair.com/. - The Happy Hacking keyboard (now owned by Fujitsu, apparently) is equally comforting to some people despite having a totally different feel. They, and many others, can be had from http://www.elitekeyboards.com/ - Das Keyboard - Anything using Cherry MX Green, Blue, or White keyswitches. The "green" switches apparently are the closest anyone's come yet to emulating the IBM/Lexmark/Unicomp switches... and they can be had in MUCH cheaper keyboards, like the Rosewill RK-9000 (http://www.newegg.ca/Product/Product.aspx?Item=N82E16823201040 and http://techreport.com/review/23405/rosewill-rk-9000-series-mechanical-ke yboards-reviewed). - And there are an increasing number (yes, again, after the big die-off ca. 2009) of speciality manufacturers of "ergonomic" keyboards that are making clicky keyswitches available as an option. One of the better ones is a tiny shop in Ontario, but I can't find the name right now. References: http://en.wikipedia.org/wiki/Model_M_keyboard http://en.wikipedia.org/wiki/Unicomp http://deskthority.net/wiki/Cherry_MX -Adam Thompson athompso(a)athompso.net

7 12

SpamAssassin false positives on DATE_IN_FUTURE_96_Q?
by Gilbert E. Detillieux 23 Feb '16

23 Feb '16

I mentioned this problem at the last round-table session, but didn't get a solution, so I thought I'd post it here, just in case anyone has any suggestions to offer. I'm still seeing a whole bunch of false positives in SpamAssassin, since an update was installed in mid-September on a CentOS 5.7 system, for a rule called DATE_IN_FUTURE_96_Q, which is only supposed to be triggered when the "Date:" header has a date that is 4 days to 4 month ahead of the date in the "Received" header that has the _smallest_ difference in date. Here are the headers from the latest e-mail I've received with this false-positive. (I've stripped out irrelevant headers, for the sake of clarity and simplicity.) From topfivestories(a)messagent.itworldcanada.com Mon Nov 14 07:50:13 2011 Received: from mail.messagent.itworldcanada.com (mail.messagent.itworldcanada.com [207.112.10.80]) by palladium.cs.umanitoba.ca (8.13.8/8.13.8) with SMTP id pAEDoAxV028594 for <gedetil(a)cs.umanitoba.ca>; Mon, 14 Nov 2011 07:50:12 -0600 Date: Mon, 14 Nov 2011 08:50:13 -0500 X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00,DATE_IN_FUTURE_96_Q, HTML_MESSAGE,RP_MATCHES_RCVD autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on palladium.cs.umanitoba.ca Note that I'm calling spamd via the spamass-milter on a system running sendmail. Note also, that in the above example, the only "Received" header was the one generated by my own server. (I've had other false positives, however, with multiple "Received" headers, all of which were within seconds of the time in the "Date" header.) Any ideas? -- Gilbert E. Detillieux E-mail: <gedetil(a)muug.mb.ca> Manitoba UNIX User Group Web: http://www.muug.mb.ca/ PO Box 130 St-Boniface Phone: (204)474-8161 Winnipeg MB CANADA R2H 3B4 Fax: (204)474-7609

6 11

big scanner
by Trevor Cordes 27 May '15

27 May '15

Does anyone have big (like tabloid or bigger) scanner they want to sell? Even an ancient SCSI or parallel one might be ok. I just want *big*. Do they even make scanners bigger than legal or tabloid?

4 6

Solaris fix for the bash bug
by Kevin McGregor 30 Sep '14

30 Sep '14

I'm trying to apply IDR 126546-06 to our Solaris servers. One of them (eventually) went fine. The second one I tried failed with this message: ERROR: IDR 126546-06 cannot be applied until all Interim Relief/Diagnostics are backed out. Dryrun complete. No changes were made to the system. Okay, so how do I find a list of IDRs I need to back out of? This is Oracle Solaris 10 9/10 s10s_u9wos_14a SPARC (SunOS <server> 5.10 Generic_142909-17 sun4u sparc SUNW,Sun-Fire-V490). Both servers show have been identically installed; how do I find out the differences, on a package basis? Kevin

1 1

Desktop SSDs
by Kevin McGregor 30 Sep '14

30 Sep '14

Does anyone have an opinion ( ;-) ) on which desktop SSDs to buy or avoid in the ~250 GB size? How about the Kingston HyperX Fury 240GB SSD SATA3 SandForce SF2281 <http://www.ncix.com/detail/kingston-hyperx-fury-240gb-ssd-82-100152-1342.htm> ? (E.g. $140 + tax & shipping from NCIX) Kevin

3 2

any MTS employees here?
by Adam Thompson 29 Sep '14

29 Sep '14

Any MTS employees here, who know where to report this internally? athompso@t5400:~$ dig @dns1.mts.net in mx mymts.ca ; <<>> DiG 9.8.1-P1 <<>> @dns1.mts.net in mx mymts.ca ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21118 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;mymts.ca. IN MX ;; ANSWER SECTION: *mymts.ca. 43200 IN MX 0 localhost.* This makes it a bit difficult to send mail to accounts @mymts.ca, which plenty of people still (claim to) use. -- -Adam Thompson athompso(a)athompso.net

2 1

bash + procmail vulnerabilities
by Trevor Cordes 26 Sep '14

26 Sep '14

Wonderful, another day, another big bad security hole... or two. Run your patches! First up: bash: $ env x='() { :;}; echo OOPS' bash -c /usr/sbin/nologin OOPS This account is currently not available. http://www.openwall.com/lists/oss-security/2014/09/24/10 claims: > In many common configurations, this vulnerability is exploitable over > the network. I'm trying to guess how? In what instance is some program allowing network vectors to set env vars, especially without sterilization? Or do I not want to know... Next up, procmail has a formail buffer overflow that may or may not allow arb code exec CVE-2014-3618. Many stock procmail recipes use formail. It's easy to see how this one is remotely exploitable.

3 5

ssl cert renewal warning/anecdote
by Trevor Cordes 24 Sep '14

24 Sep '14

People who manage (paid for) SSL certs (for web servers, etc), don't make the same mistake I just did. It was renewal time and I did what I always do: blindly hit renew on my cert provider/reseller control panel. I get the cert, install into apache, restart, then boom: [ssl:emerg] [pid 11648] AH02565: Certificate and private key mydomain.blah:443:0 from /etc/pki/tls/certs/mycert.crt and /etc/pki/tls/private/mykey.key do not match AH00016: Configuration Failed After a very brief WTF moment, it dawned on me: "heartbleed". I regen'd my CSR/key and got a reissued cert a few months back. That is done direct with the vendor (Thawte), and *not* through my reseller (OpenSRS). So Thawte had my new CSR, but OpenSRS still had my old CSR on file (the one with the possibly-compromised heartbleed key) and that is the CSR they sent to Thawte when I renewed! Doh! So I had to make yet a new CSR/key, and have Thawte reissue a new cert, and then revoke the cert I (didn't) use for all of 5 seconds. Blah, there goes half an hour. I verified this is indeed what was happening with some openssl -modulus command line magic. I've written to notify OpenSRS they should put up a warning on the renewal page. This doubly sucks because OpenSRS *still* will have cached the revoked/compromised CSR and if I forget *next* year to paste a new CSR in, I'll be doing the exact same thing! Maybe the moral of the story is: always regen a new CSR everytime you renew. An extra 2 mins, and remembering some cryptic openssl commands, but not the end of the world, but still a pain vs. just hitting "renew". Maybe everyone else already does this and I wasn't following "best practices", but don't we all like to keep things simple when we can? Exercise for the curious/pedantic/strange people who read this far: Is there a way SRS or Thawte could have prevented this? Perhaps by linking the CSR used to make a revoked cert and disallowing renewals based on it? Or perhaps SRS needs an API with Thawte whereby you reissue via SRS, not Thawte, or Thawte needs to pass back the last-used-CSR to SRS so it can replace the stale cached copy.

2 3

multi-platform encryption
by Dan Martin 16 Sep '14

16 Sep '14

I am in need of encryption software that would keep files encrypted on the cloud as well as local on all machines. Here is what I'm looking for: Downloaded files saved to a particular folder on a Windows 7 or 8 machine would automatically be encrypted (after a prompt for passphrase). Ideally, this folder would be in a Dropbox or Google Drive folder, or on a thumb drive. No record of the unencrypted file would remain on the local PC (I am not worried about pieces of it on swap). I would prefer that the files are individually encrypted with the same passphrase, rather than added to one large file which is encrypted. I don't want the cloud storage to have to recreate the whole folder, and I don't want a bit error to trash all of my files. The file names do not need to be encrypted. Since I will be the only user in the foreseeable future, a symmetric encryption scheme would be fine. >From the cloud (preferably) or thumb drive folder, my ruby program running on Mac OS X would edit the files. I would also want to be able to decrypt the files to view in a text editor or other software, after which I would secure erase copies of decrypted files - again, no unencrypted files on the local machine other than in swap. This is the ideal. An alternative would be to send the files via https to a web server on the Mac (which could handle encryption in a local Mac environment) and the secure erase the files on the PC. If I did this, could I send the files unencrypted (since https will encrypt them while they are on the internet)? True Crypt appears to be close to what I want, but it is discontinued. I don't know if I could use something like gpg, since I don't have admin privileges on the PC. -Dan -- Dan Martin, MD GP Hospital Practitioner Computer Scientist ummar143(a)shaw.ca (204) 831-1746 answering machine always on

4 3

Fwd: MbOUG: Welcome to our next exciting event on Sep 23!
by Gilbert E. Detillieux 12 Sep '14

12 Sep '14

I'm passing this along in case any of you might be interested in learning more about Oracle Linux... I have no affiliation with MbOUG, so please respond to <info(a)mboug.org> if you want to register or have any questions. (Please don't just reply to this e-mail.) Gilbert ---------- Forwarded message ---------- From: *MbOUG Info* <info(a)mboug.org> Date: Sat, Sep 6, 2014 at 10:28 AM Subject: MbOUG: Welcome to our next exciting event on Sep 23! You are cordially invited to the next Manitoba Oracle Users Group (MbOUG) event focused on Oracle Linux/VM/OEM12c. Tuesday September 23, 4:15 - 7:45pm Norwood Hotel (112 Marion St.) - Tache Room and parking is free! More details are provided in the attached invitation or online at http://www.mboug.org or https://www.linkedin.com/groups?home=&gid=3751612 To help entice you in attending, there is food & complimentary gifts as well so don't miss out! If you know of other Oracle/Linux/VM Professionals (or wannabe professionals) who didn't receive the invitation but are interested to come, please spread the word. We expect a great turnout so please take advantage of the opportunity to network, exchange ideas, and share stories with your local peers. To register, please send an email with your name and professional contact information to: register(a)mboug.org Kudos to our event sponsors Oracle and networkEARTH in keeping this event free! Hope to see you there! Your local MbOUG Team "Your Participation is always needed and most welcome" -------- End Forwarded message -------- -- Gilbert E. Detillieux E-mail: <gedetil(a)muug.mb.ca> Manitoba UNIX User Group Web: http://www.muug.mb.ca/ PO Box 130 St-Boniface Phone: (204)474-8161 Winnipeg MB CANADA R2H 3B4 Fax: (204)474-7609

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

Roundtable September 2014