November 2006 Archives

The honeymoon is indeed over.

Dang.

I was never an arrogant Mac user - I'm too freaking old to still think that any one OS is inherently better than any other - but this sort of thing is really disappointing.

Maybe in a few years, once Linux has grown up a bit more, I'll take another look at it, but it could just be that the problem of an OS that's generally usable and also generally secure is unsolvable.

I refuse to go back to my command-line only (WindowMaker if I felt like pushing the envelope) OpenBSD on the desktop days, but again... dang.

From Always On The Road, Smyth interviewed on radio.

"I'm no pushover, I have been for many years . . . I think they may be taking on the past." (The latter bit was not entirely clear to me, but it was in reference to the question "Do you think you may be at a bit of a disadvantage since your parents are just an hour down the road and everybody knows how much you like it here" - not exact quote, but along those lines.) He also said something about there's always UFA, and named some ex-Oilers who'd gone elsewhere to win Cups: Arnott, DeVries, Weight... all guys he played with during the Dallas/Colorado Colorado/Dallas series of the late 90s.

Haven't done the math lately, but there can't be a lot left for Smyth, even if the Oilers spend to a raised cap for next season.

Smyth's sounding like a man who feels he's been left out in the cold a bit and taken advantage of in the past - he's laid it on the line for the team before, and now he wants his payday in shinier financial times.

Good for him. I love him as an Oiler, but if Lowe and company continue to balk, I'd have no problems if he walked. A little piece of me would walk out the door with him though.

At the risk of sounding like Everybody Else Out There... big money extensions for Horcoff, Staios, Hemsky, Pisani, Moreau, and Roloson isn't leaving a whole lot left for Smyth. Yeah, he'd likely sign for less than he could get elsewhere just to stay an Oiler - but should he sign for less simply because his teammates are all getting market rates and that leaves much less for him?

I can't help but shake the feeling that this may be The Mullet's last season as an Oiler, unless he's feeling a lot more charitably inclined towards Kevin Lowe than he really ought to be.

I think Saturday may have actually been the first live NHL shootout I've seen. I didn't think I'd like it, but I found myself through OT hoping that they'd go to it, and I was hoping for more shooters each time, but it ended at just the right time (and for the right guys).

Don't know that I'd want to see it more often than every once in a while, and it's still a lousy way to lose a gold medal game (thanks, Peter Forsberg, although we saw a Forsberg-esque attempt Saturday), but yeah, I'm sold on them.

(Edit 22 November: whoops, forgot to publish this.)

For a change I have a few free moments and some motivation when some news came down the Pipeline. The Oilers have recalled Zack Stortini.

I'm frankly somewhat surprised. MacTavish had said that with Moreau out, he didn't think the team would be lacking toughness, but I guess he changed his mind. (I think either he or Lowe had said that if they felt the team was lacking toughness, that Stortini would be potentially on tap.) I haven't seen him play, but by all accounts he's a project. Team captain of the Sudbury Wolves shows some character though - the Oilers have at least three former CHL captains in their system with London's Danny Syvret, Rimouski's Marc-Antoine Pouliot, and Stortini.

I doubt they'll be calling him up to sit in the pressbox, but maybe they just want him up for a 5 or 10 game stint with a few minutes a game, a la Jacques or Mikhnov. Damn, this is so much nicer than 10 or 12 years ago, when not only would he be playing, he'd be getting second or third line ice time.

I watched the Wings game last Saturday, and while the Wings weren't pushing them around, the physical presence was noticeable by its absence, and the Wings aren't noted for their tough guys either. Would have been nice to see Maltby get jacked for the shoulder to Smyth though. Staios is always willing, but the team absolutely cannot afford to lose him to an instigator again. Smith is usually willing too, but... ditto.

Whose place will Stortini take? Winchester's, no doubt. Winny's willing, but he's not very capable. On the other hand, he can pot the occasional goal too, and I don't have a lot of confidence that Storts will be much of a scoring threat. I guess I'll have to find out through osmosis - some times I really miss Centre Ice.

Process Monitor by the Sysinternals team looks like it would be pretty useful in investigating a compromise: what's running, what DLLs it's loaded, and so on. I've been a fan of the Sysinternals stuff, looks like they're keeping up the good work. I've used Portmon and Process Explorer before, to good results.

I loves me my IBM Model M keyboards. I have 3 or 4 left now - one's in my office on a KVM for my testbed PCs, another is on loan to my wife, I think I have a third in storage, and a fourth is on loan to a grad student friend. My wife has killed two more (for which she shall be forced to use a cheap Lexmark "multimedia" keyboard in purgatory, I'm sure).

However, I also like Apples, but those are hard to use without at least the splat key, and I also like the keyboard eject button for the CD drive. Furthermore, Model Ms and USB don't mix. I was flipping around irongeek and found that he'd hosted a radio show wherein he talked about Model M's - lots of nice clicky links. I may have to see about getting a Unicomp Customizer USB once I'm a bit more flush.

I'm generally satisfied with MacOS X - it's software so it sucks, but for my purposes it generally sucks less than most anything else.

One area which I've recently discovered that greatly displeases me is the fact that it's pretty crap at doing NTP. My G5 at work had its clock skewed by something like 4 minutes - "oh noes!" one might say, but the fact is that accurate time is important to sysadmin stuff, *and I have it configured to sync time*.

I discovered that it would adjust time ok once I opened date and time settings, but that's a crap way to sync one's time. Turns out that it writes a crap ntp.conf, so it can't really help it, and apparently it'll clobber changes you make too, if you're not careful.

Herewith some bookmarks to help me on my crusade for better time in OS X:

utah.edu tells us about their configs, and offer a few hints for making life better for most too.

The NTP folks themselves are at least peripherally aware of troubles in Apple-land too.

I will post further if and when I solve this issue. I'm just happy that I don't run any OS X Server machines, since I really wonder if they do the same thing.

Apparently that was the first OpenSuSE 10.1 in my previous post. I reinstalled the machine with the "remastered" ISO and it was much happier to allow me to update.

I wonder why Novell called it "remastered" instead of 10.1.1 or something. The release so nice they named it twice? Historical revisionism? Curious what software vendors do.

Oh well, I'm sure there's equally stupid error messages in even the remastered release.

More stupid error messages.

I set up a spanking new OpenSuSE 10.1 box. Being security-minded, I wanted to check for updates. I clicked the system update icon in yast and told it to configure now - seems reasonable.

Here's what I got (link is to 1280x1024 original):

I'd clicked "Next" in configuration, then got the message box entitled "Error", so I clicked Details. Nice.

The little "notification area" icon that later appeared (no idea what KDE calls that area) let me set up our local mirror as a source for updates, which is good, but refused to let me actually apply any of them - kept erroring out with vague messages.

Needless to say, my system is not updated and I am not impressed. Maybe it's a pilot error on the latter, but the former I didn't do anything but click.

I'm not much of a Windows user myself, "but some of my best friends are".

Windowssecurity.com has an article on using TLS/SSL encrypted RDP sessions. Not useful for people connecting workstation to workstation, but potentially useful for Windows users connecting to a Server TS session.

I Am Not At All A Windows Guy, but the advice looks good and relatively straightforward to follow.

At work we mostly use Ubuntu for our Linux needs.

Recently our campus security officer started alarming a bunch of VNC services as having potentially been compromised by the RealVNC noauth exploit. Some of them I was morally positive were not vulnerable, so I decided I'd try out the metasploit 2.6 (latest stable at the time) bypass exploit from my trusty Ubuntu box. It didn't work, as expected, but I wanted to prove that it would work on vulnerable systems; such demonstrations carry a lot more weight. I have a VMWare Workstation for Linux license, so I made a new VM "PantsDown XP", installed XP SP2 to it, disabled updates, and disabled the firewall. I dug around and found a RealVNC 4.1 Windows executable - google is your friend - and installed it.

Then I RTFMed, fired up msfconsole, and exploited it. Or rather, I tried to. vncviewer would try to start, but nothing happened. I googled, I beat my head against it, I tried disabling the autolaunch of vncviewer and did it by hand, no joy. I made a Windows 98SE box, unpatched, and put the same VNC server on it. No luck. (At least the 98 box takes 1/4 the RAM.)

Finally, today, I fired up my Fedora Core 5 virtual machine whose only use to that moment had been to demonstrate how to sync such a machine against our local repositories, and installed metasploit 2.7 on it. (Couldn't find the perl packages for Readline that it really wants to use and I hate using CPAN and the like, so I lived without that.) Fired up msfconsole, and... poof. It worked against the 98 box.

I haven't tried it against the PantsDownXP box, but I'm sure it would work. Just now I fired up a Dapper Drake LiveCD (well, the install CD), enabled remote desktop, pointed metasploit at it, and started the install from the resulting VNC window. (In its defence, the Ubuntu box asked me if I wanted to let the Fedora box through.)

So, metasploit doesn't like Ubuntu very much, I guess, or at least not the realvnc exploit - I haven't tried any others. I'll see if I can figure out why, but figured I'd post this in case google finds it and anybody else has the same problems.

Something that's been kicking around occupying space in one of my secondary inboxes, but I write about here in order to get it out there: Jarnal, a Java application for taking notes and such, intended mostly for tablets it looks like, but it works with mice and such as well. It likes PDFs. One of the profs here uses it and likes it, so I figured it was worth taking note of.