Roundtable May 2017

roundtable@muug.ca

13 participants
8 discussions

big Intel bug with SMT firmware
by Trevor Cordes 17 May '17

17 May '17

Intel has announced a big (VCSSv3 8.4 and 9.8 critical) bug in their AMT/ISM/SBT technologies, which are mostly only in their business lines. Most consumer desktops will not be affected. It seems more laptops than you would think are affected so if you have an Intel-based laptop from 0-6 years old you might want to check this out. If you have a desktop with a "Q" chipset (aka vPro) then you also are probably affected. I'll repeat this so as to not cause undo alarm: MOST HOME DESKTOP SYSTEMS ARE *NOT* AFFECTED. Looks like this flaw could let an attacker take full control of the system, probably including remote BIOS/desktop and/or OS image control (not sure about file system?). Not sure if exploits are actually in the wild yet, but once they are, just using any public wifi could get you hosed. And this isn't just a Windows user problem like all the RansomWare: this one is at the hardware/BIOS level so it affects all OS users. Patched firmware coming soon, or are already out. https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&lang… Here's direct links to the list of affected systems for brands relevant to my customers (other brands are at the link above): https://support.lenovo.com/ca/en/product_security/len-14963 https://www.intel.com/content/www/us/en/support/boards-and-kits/000024181.h… https://www.asus.com/News/uztEkib4zFMHCn5r Note, for Lenovo laptops: W series W520 and up are affected, and most T and X series. There are Windows (and maybe Ubuntu) programs you can d/l to check if you have an affected system. Check the firmware site for your system often until a fix is posted and then apply it. -- Your friendly neighbourhood MUUG security announcer

1 0

config setup
by Trevor Cordes 11 May '17

11 May '17

Forwarded on behalf of Dan Keizer. Remember folks, keep your attachments to the mailing list as small as possible. I shrunk the pdf from 500k to a 69k single jpg (it was just embedded jpg's anyhow). === Dan Keizer asked === Well, I decided not to ask this at the round table yesterday as it would have taken too much time and have lots of possible options ... a friend has a friend who has a 14 year old teenager looking at building a gaming machine .. he put together some info and this friend is looking for some feedback I've attached a pdf of what they were looking at as options - not sure where the pricing was scraped from -- but with guys on-line who are in the business would have a better idea ... What's your guys takes on this? I'm not into gaming machine configurations ... Dan.

4 6

Linux in Azure
by John Lange 11 May '17

11 May '17

Thanks everyone who attended my Linux on Azure presentation last evening, but I guess I gave my presentation a day early. Microsoft just announced today (at Build) a bash shell built into the Azure portal! Now instead of spinning up a linux virtual machine, or installing azure cli on your linux laptop, you can instead use bash to manage your entire Azure environment right from any browser. Plus, an Azure app for iOS and Android was also announced and it also includes the bash shell so you can use bash to manage Azure from a mobile device. Would have made a great demo. Perhaps at a future meeting. And just a side note, Azure bash shell has been released before the PowerShell module. -- John Lange

3 2

Re: [RndTbl] Second screen view from first screen
by Trevor Cordes 11 May '17

11 May '17

At the meeting the other day a member asked about an interesting problem. He has 2 monitors on a linux box and one monitor is in a different room. He wants to be able to see what is on the other-room monitor on the first monitor (monitor the monitor??). Got the ol' hamster spinning. My hunch that VNC could do it is correct. Here's the solution I just hacked out: 1. install x11vnc package (dnf install x11vnc in Fedora/RH/CentOS; something similar in other distros). install tigervnc package (or any other compatible vnc client). 2. as root: x11vnc -storepasswd -- enter in a pw 3. as root (*might* work as normal user if the stars are aligned?): x11vnc -many -usepw -clip xinerama1 -viewonly -scale 1/4 \ -auth /var/run/lightdm/root/:0 -display :0 4. as normal user: vnc localhost This will put a little 1/4 scaled copy of the 2nd monitor on your current one. IMPORTANT: the above -auth voodoo works only for lightdm display manager setups like I use on XFCE. Any other DM will need slightly different voodoo, which you can probably divine by poking around /var/run for dm-sounding entries. There's probably plenty of google hits to help you too. Notes: - Change xinerama1 to 0 depending on which xinerama screen is which. Any modern non-tweaked linux will use xinerama under the hood for any multi-monitor setup. If for some reason you don't have xinerama then -clip lets you specify actual X,Y WxH coords instead! Neat - -viewonly is probably what you want, and without it I lost keyboard repeat and if I ventured into the vnc window with the cursor it was very hard to get out again as I entered some sort of recursive dimension effect where many have perished. - -scale adjust to make it as big/little as you want. Now, for the ambitious reader: figure out a way to do this with just X (no VNC). I'm thinking something that works like the old xmag but in reverse and with a stationary target? If xmag can do its magic, surely something like this is possible. For bonus points, figure out how you can do this in wayland. BZZZZZZZ. Trick question, it's almost certainly impossible (though I could be proven wrong). If you're using wayland (i.e. new install of F25) then read the docs on how to switch back to X and then curse wayland three times while spinning in circles on the spot. Good for the soul. (P.S. You might want to block external port 5900 (but not loopback!) with iptables on your box if it's world-accessible... default vnc security stinks.)

1 0

Big-endian RAID5 recovery problem
by Adam Thompson 07 May '17

07 May '17

So I've got 4 IDE HDDs, each with 3 RAID partitions on them, that were part of a RAID array in a now-very-dead NAS. Of course, I need to get data off them that wasn't backed up anywhere else. I've got a 4-port USB3 PCIe card, and 4 IDE/SATA USB adapters, and all the hardware seems to work. So far, so good. The problem is that the disks use the v0.90 metadata format, and they came from a big-endian system, not a little-endian system. MD superblocks *since* v0.90 are endian-agnostic, but back in v0.90, the superblock was byte-order specific. mdadm(8) on an Intel processor refuses to acknowledge the existence of the superblock. Testdisk detects it and correctly identifies it as a Big-endian v0.90 superblock. I'm reluctant to blindly do a forced --create on the four disks, because I'm not 100% certain of the RAID topology; there are at least two RAID devices, one of which was hidden from the user, so I have no a-priori knowledge of its RAID level or layout. The filesystems on the md(4) devices are, AFAIK, all XFS, and so should (hopefully) not have any endianness issues. I can't find any modern big-endian Linux systems... looks like all the ARM distros run in little-endian mode. Any suggestions on the best way to move forward? Thanks, -Adam

6 10

Man Loses Will to Live During Gentoo Install
by Adam Thompson 07 May '17

07 May '17

https://www.sudosatirical.com/articles/man-loses-will-to-live-during-gentoo… Title speaks for itself :-) -- Sent from my Android device with K-9 Mail. Please excuse my brevity.

1 0

Google Earth points within circle/object
by Dan Keizer 06 May '17

06 May '17

Odd question - but I'll ask if anyone else has done such a thing ... Using google earth pro on PC ... Can't seem to find an easy solution to this one ... I have a bunch of points on a map that were geocoded by address .. and I have this circle (radius 50km or such) I drew on the map ... I want to know the number of points that are within this circle -- optionally also want to extract these /save them to extrapolate out the attached meta data on the points ... anyone do such a thing directly in GEP? Dan.

3 3

MUUG Meeting, May 9, 7:30pm -- Linux on Azure
by Gilbert E. Detillieux 02 May '17

02 May '17

*** Please note the updated meeting location below *** The Manitoba UNIX User Group (MUUG) will be holding its next monthly meeting on Tuesday, May 9. The meeting topic for this month is as follows: An Introduction to Linux on Azure Microsoft has made Linux a "First Class" citizen on Azure. In this presentation by John Lange, we'll cover some Azure basics, then dive into setting up your first Linux systems on Azure and reveal some of the hidden benefits of using public cloud to run and manage your Linux virtual machines. Time permitting, we will setup a small domain managed Linux cluster with load balancing and automated management. Daemon-Dash: Let's Encrypt Adam Thompson will give a short tutorial on Let's Encrypt: the up-and-coming, and free (as in beer), way to obtain hitherto costly SSL certificates for your web servers. The group usually holds its meetings at 7:30pm on the second Tuesday of every month from September to June. (There are no meetings in July and August.) Meetings are open to the general public; you don't have to be a MUUG member to attend. ****************************************************************** Please note our *NEW* meeting location for this month: *Room 2L17* Lockhart Hall, University of Winnipeg, entrance on Ellice Ave. between Spence St. and Balmoral St. Parking is available on the surrounding streets and in the lots on nearby streets. Look for signage once you're at the building, or ask a security guard. ****************************************************************** For more information about MUUG, and its monthly meetings, check out their web server: https://muug.ca/ Help us promote this month's meeting, by putting this poster up on your workplace bulletin board or other suitable public message board: https://muug.ca/meetings/MUUGmeeting.pdf -- Manitoba UNIX User Group E-mail: <gedetil(a)muug.ca> c/o Gilbert E. Detillieux Web: http://muug.ca/ University of Manitoba Phone: (204)474-8161 Winnipeg MB CANADA R3T 2N2 Fax: (204)474-7609

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

Roundtable May 2017