I was reading an article on Slashdot that said Firefox 4 is being discontinued. Since I don't use Firefox by default, I've been pretty much using Chrome, this caused me to take a look at what version I was running on my workstation which is Fedora 11 at the moment; version 3.5.9, which is the one the repository has for yum install.

So, I guess I completely missed out on Firefox 4 - what about Firefox 5?

So - off to the Mozilla home page where I was immediately redirected to a page with a big green "Firefox - free download" button. Click the button, download the file; hmmm - where to put it?

Ooops - the button, in small print, says Linux i686 and I'm running X86_64 on my AMD quad core - wrong version??? Maybe they put both in the one download?

Un-tar the files into /usr/lib64, where the current version lives - ensuring not to crash over top of the ones already there - and use "file firefox-bin" to peer inside the file - nope, it's 32 bit - but where is the 64 bit version?

Back to Google

WIFI hotspots in the world that are otherwise "open" should be set with a WEP2 password of "free" to protect your information from snooping. Here's why.

Every now and then someone comes up with an idea that is a "head smacker" - you know, you smack your head and say "why didn't I think of that?"

So it is with an article by Chester Wsniewski in the Naked Security section of Sophos.com (Sophos is a vendor of computer/network security products)

As Chester points out, the recently crafted "Firesheep" plugin for Firefox browser that lets you see other WIFI users' Facebook login info and which is somewhat mitigated by "Blacksheep," would be fully foiled if all the public (and free) WIFI systems had at least a known WEP2 password, because then all the sessions would be encrypted over the airwaves - and snooping would not be possible at all.

Chester proposes, and I fully back this, that the password for any/all WIFI systems that are otherwise "default" be the simple word "free"

It's so simple!

Manufacturers should start NOW - make sure your WIFI has a password by default, and set that password to "free" - it's so simple, just do it!

Coffee shops and others with free WIFI services - set your system to use WEP2 encryption and set the password to "free"

Laptop and smart-phone users - tell your favorite locations that you want this and tell them why. You don't want to have others snooping your clear-text passwords.

Update: OK - I should have read the comments at the bottom of the article before I posted this but... the basic idea is still sound - ensure that all WIFI is using encryption, one way or another. Read on for more...

Sometimes serendipity steps in just as you think you're going to have to re-invent the wheel or (shudder) pay for some proprietary software and run it on Windoze.

This happened late last week as I looked around for ways of converting the publishing PDF of a huge reference book (made using Quark) into something I could put up online as a reference work with good search engine coverage and potential for crowd-sourced editing and extension.

The project is about to be announced as an adjunct to the work being done by Hancock Wildlife Foundation, an organization I've been part of in both technical and managerial roles since its founding in 2006.

The book Raptor Research and Management Techniques is a compendium of papers that deal with all manner of the life management of raptors; eagles, hawks, falcons, ospreys, owls, vultures, etc. - birds of prey.

The problem I ran into is that once the manuscript was in Quark (where all the final editing had been done), the only way to get it out in any "portable" fashion is via conversion to PDF - just one of those things you find when you deal with proprietary software it seems; nothing reads Quark files because they are not documented and the format is protected jealously by the company.

OK - so I have a PDF. I also have tools that can take one apart and do other "interesting things" like convert to Postscript (pdf2ps) which can then be converted to ASCII (ps2ascii) and all the stuff in the PDF Toolkit (pdftk) but... none of them work properly with the format of this book with its two columns and lots of diagrams, etc.

What I needed was some method of running OCR on the file and getting things out that way. I've seen some impressive facilities that accompany scanners and such - and of course only run on their output it seems. 

I and many others have been looking for some open source facility that would do the trick. One that appeared to be "interesting" was Cuneiform, but the information on this Russian software is sparse in English. I had downloaded the source and had a short session trying to get it to run on my Fedora Core 11 box but was missing some libraries, and the docs are for Debian systems with "apt get" instead of "yum" and obviously different package names so I had put it aside for the time being.

The alternative was a Windows binary already configured - low on my list for now but a fall-back.

And lo and behold, along comes a note about a bootable Linux disk with all the things necessary:

WatchOCR.

It's web page contains a link to Cuneiform so maybe the problem is resolved.

Read on to find out how the system performed but the docs differ from reality - and how to make the system at least a bit better and do some other interesting things such as create HTML output from your PDFs.

OK - it was my fault, I admit it and I'll take my licks.

I was in the midst of doing a number of site updates of glFusion and got distracted midway through one of my own sites - and left the installation directory in place for over a month. No wonder the site was hacked. I should know better and now I ensure that this tool repository is removed no matter what, and that permissions are changed and things tidied up before I let myself get pulled away.

I've informed the glFusion support as well as SANS - and dumped a copy of the code on them. It turned out to be a couple of fairly well known tools, c99shell and fx29shell - with their names changed to css.php and cyber.php respectively.

I twigged to the exploit because the number of emails the hack created to one user at Yahoo got the Yahoo email system hot and bothered, and it slowed down reception of the stream long enough for a timeout message to be generated (4 hours) by the system - and I got the message since I'm the recipient of last resort for all such messages on the server.

That got me looking and I found the hack and disabled it. I spent most of the rest of the day inspecting the machine and documenting the hack - a nice sunny Sunday I'd rather have back thank you.

You may find some nuggets in the rest of the story

I monitor the activities of a number of servers. They send me a log report daily and various special activities such as backups also send me e-mail after they've finished, showing what was done.

Today a strangeness caught my eye.

/root/bin/single-roller1.sh georgia
mv: cannot stat `5/georgia': No such file or directory
mv: cannot stat `4/georgia': No such file or directory
mv: cannot stat `3/georgia': No such file or directory
mv: cannot stat `2/georgia': No such file or directory
mv: cannot stat `1/georgia': No such file or directory
mv: cannot stat `0/georgia': No such file or directory
job 578 at 2009-03-14 01:28

 

Over the past few months I've been moving many of the Linux systems I look after over to CentOS 5.2 - the latest free version of Red Hat's system.

One of the ongoing problems has been intermittant timeouts by some of the users of ftp. All of them use Proftpd.

After doing some tcpdump analysis, one customer and I noted that no matter what the settings in the proftpd.conf file, the system was doing a IDENT callout which was taking up to 30 seconds to time out.

Over the years I've run into all manner of problems where systems have run out of memory and swap space. With the latest versions of the Linux kernel there are some new tools that allow you to control what the system does when this happens.

A recent discussion on the Exim (mail transport agent) mail list got me to looking around a bit as I've had a problem with my workstation running out of swap/RAM (and it has lots of both) when I keep lots of Firefox windows open. One of the comments lead me to do a search for "overcommit" on Google, and that lead me to an article in Red Hat's magazine and from there things got interesting.

As many of you may know, I have a lot of computers in my home. I deal with huge amounts of data (mostly video but a lot of other stuff too) and just having it all online means I have more than 10 systems here.

But I have a core of 4 systems that I work with daily and that make up my primary set of working files: My old workstation (pacdat), my new workstation (video), my file server (NFS1) and my backup and domain name master (NETFS)

A few months ago I decided to move much of the data that still resided on my old workstation (P4 2.0GHz- called "pacdat") to a NFS file server (NFS1), including my home directory which is huge.

The old machine had several sets of mirrored drives of various sizes - usually the "sweet spot" size for whenever I purchased them - from 160 Gigs to 300 Gigs. My home directory has grown to outstrip each of these and in fact now has links to several such pairs of RAID 1 arrays. It was my intention to build a RAID 5 array of 320Gig drives that would do me for at least a year or so of growth at present rate - and host them on a single computer that I could mount from several of the systems in my home as needed.

All was going well - until Mother Nature stepped in a couple of weeks ago.

read on for the tail of woe

I was setting up one of my servers to be a workstation for my wife, and had to bring in some video drivers. The latest version of the drivers referenced a new kernel, and of course I have not been updating the kernel because on this machine I also run VMWare's free server instance. VMWare requires that their software be linked against the latest kernel development kit so updating the kernel all the time requires re-linking the software, so I use the "exclude=kernel-*" line in /etc/yum.conf to not automatically update the kernel each time I do other updates.

So I updated the kernel - version 2.6.25.4-10.fc8-i686 - and rebooted.

Then I went to re-link the VMWare software and it wouldn't link :(

I use the "vmware-any-any" patches - version 116 being the latest from http://www.miscreant.org/files/rpms/ - but in this case the compile failed and nothing I did would bring it back to working status.

So I put the incantation "vmware-any-any 2.6.25.4-10.fc8-i686" into Google and came up with a single hit - a French language blog entry at forums.fedora-fr.org which Google kindly offered to translate for me

It turns out I would have saved myself a whole mess of trouble if I'd kept up with the updates from VMWare - seems their latest version, 1.0.6, no longer needs the patches. Thank you REMI

I downloaded the Linux server file from www.vmware.com and the install went without a hitch.