For those of you with Linodes and are curious/concerned about the recent VENOM (CVE-2015-3456) vulnerability, this Linode blog entry describes the vulnerability and why Linode VPSs aren't affected.
Even if you've no Linode, it would behoove you to understand the vulnerability so that you can ask questions of your VPS provider to ensure you're not affected by this vulnerability. And note that this vulnerability affects QEMU, which is an open-source emulator. That means that it's free (as in source and beer) and that it'll most likely be widespread in use. Many IT security products use virtualization and if they're using QEMU, that's a problem, this can be as widespread an issue as Heartbleed was.
I'll be sure to post as I discover more information about this vulnerability.
Thursday, May 14, 2015
Tuesday, May 12, 2015
How to configure a user to run privileged commands & and how to switch user accounts...all via CLI.
How to switch users in Linux? How to run privileged commands without having to run the command as root (or switch to the root account, which can be dangerous)?
'su' can be used to switch from a regular user to the root user. You can check to see which user you are by using the 'whoami' command. Or, you can tell what type of user account you're using by looking at the prompt. The # prompt is the root account and the $ prompt is a regular user account.
You can also use sudo to run privileged commands if the system admin allows your account to run privileged commands.
One quick way to configure sudo to allow a regular user to run privileged commands is to:
Type visudo, which will open up the /etc/sudoers file using vi. Visudo allows you to edit the file in a safe fashion. (visudo locks the sudoers file against multiple simultaneous edits, provides basic sanity checks, and checks for parse errors.) You should find "# %wheel ALL=(ALL) ALL". If you see # in front of a row, it usually means that it's been commented out. That means that any commands will be treated as regular file comments/notes and will not be executed as commands. It means the command is disabled, so to enable that particular command, remove the "#". Save and quit the edit session by typing ":wq" which means write to file and quit the session.
Next, type 'vigr', which opens up the /etc/group file in a safe fashion for you to edit. Find the wheel group within the file and add the account name to the group. For example, my current wheel group within /etc/group shows the following:
wheel:x:10:root,ron,nor
I added the 'nor' user. Type ':wq' again, which saves the edit and quits the session.
Now, when you need to run root-level commands, you don't have use 'su -c' and enter the root password. What happens is that you'll still be prompted for a password, but you'll type in the password associated with the regular account. This keeps the admin from having to share out the system's root password.
Again, these are pretty basic and simple steps unless you're totally not familiar with *nix (these steps can apply to the BSDs or other Unix clones, as well).
'su' can be used to switch from a regular user to the root user. You can check to see which user you are by using the 'whoami' command. Or, you can tell what type of user account you're using by looking at the prompt. The # prompt is the root account and the $ prompt is a regular user account.
You can also use sudo to run privileged commands if the system admin allows your account to run privileged commands.
One quick way to configure sudo to allow a regular user to run privileged commands is to:
Type visudo, which will open up the /etc/sudoers file using vi. Visudo allows you to edit the file in a safe fashion. (visudo locks the sudoers file against multiple simultaneous edits, provides basic sanity checks, and checks for parse errors.) You should find "# %wheel ALL=(ALL) ALL". If you see # in front of a row, it usually means that it's been commented out. That means that any commands will be treated as regular file comments/notes and will not be executed as commands. It means the command is disabled, so to enable that particular command, remove the "#". Save and quit the edit session by typing ":wq" which means write to file and quit the session.
Next, type 'vigr', which opens up the /etc/group file in a safe fashion for you to edit. Find the wheel group within the file and add the account name to the group. For example, my current wheel group within /etc/group shows the following:
wheel:x:10:root,ron,nor
I added the 'nor' user. Type ':wq' again, which saves the edit and quits the session.
Now, when you need to run root-level commands, you don't have use 'su -c' and enter the root password. What happens is that you'll still be prompted for a password, but you'll type in the password associated with the regular account. This keeps the admin from having to share out the system's root password.
Again, these are pretty basic and simple steps unless you're totally not familiar with *nix (these steps can apply to the BSDs or other Unix clones, as well).
Monday, May 11, 2015
Linux - User Account Management, Part I
I've never administered user accounts in Linux. I know Linux but I'd be lying if I said I knew every facet of it. I've created accounts and actually gave a fellow Linux user access to my machine once (checking the logs from time to time just to ensure he wasn't doing things he wasn't supposed to do), but I'd never made an account that had an expiration date (nor a password that had an expiration date). So, yesterday, I created a test account that had an account expiration of May 15, 2015. I want to be able to unexpire the account once it has expired.
I referenced some commands that would allow me to monitor a user account's status. 'chage' is one of those commands:
To check if the password has expired, use the following:
I know these are simple commands and the process itself is simple, but again, I've never done this before and wanted to share what I've learned...someone out there will learn from my experience.
I referenced some commands that would allow me to monitor a user account's status. 'chage' is one of those commands:
I'd use the 'usermod' or 'chage' commands to change the expiration date (using sudo):ron@slackbox:~$ sudo chage -l norPassword:Last password change : May 10, 2015Password expires : neverPassword inactive : neverAccount expires : May 15, 2015Minimum number of days between password change : 0Maximum number of days between password change : 99999Number of days of warning before password expires : 7
usermod -e yyyy-mm-dd usernameI'll use the above commands in a few days just to test.
chage -E yyyy-mm-dd username
To check if the password has expired, use the following:
grep ‘username’ /etc/shadowThe following command would re-enable an expired password:
password -u usernameI encourage you to read the chage and passwd manual pages for further insight on how to use these two commands.
I know these are simple commands and the process itself is simple, but again, I've never done this before and wanted to share what I've learned...someone out there will learn from my experience.
Saturday, May 09, 2015
Installing Slackware 14.1
Awhile back, I bought a bunch of 500GB SATA drives so that I could experiment with Linux and RAID. The plan was to use the drives as one gigantic drive. The setup was somewhat easy to do, but I could never finish the configuration because I kept getting errors when trying to use lilo and grub, so I stopped.
Today, I picked up again, giving up on RAID and just using a conventional setup. I'm trying to install Slackware 14.1, but for some reason, the machine won't boot up after installation. I created a USB boot drive and for some weird reason, it's not readable, although I didn't get any errors when creating it. I also opted to boot from the MBR, and initially had issues getting the system booted up, until I looked in the BIOS settings and saw that the system was trying to boot from one of the other unused disks. Once I fixed that, it booted up without issue. I still may try to recreate the USB boot disk, but I'll do that later.
So far I've done the standard things: created a regular user (immediately), added the regular user to the wheel group and edited the sudoers file to accept root commands from the wheel group. The system also has two NICs and when installing Slackware, the install used the motherboard's NIC and not the extra NIC I installed (this wasn't a huge issue, but had me wondering why I couldn't get an internet connection).
I'm currently using XFCE as a desktop environment. I wanted to use KDE but for some reason, it's not working. It's something to look into later.
I've been without Slackware for quite awhile (the last 4-5 years). I'm also not so Slackware-savvy, but I'm so familiar with installing Slack that I had no issues getting it up and running. I know that Slack has many new and enhanced features. The challenge is to get familiar again. I'll do this without relying on IRC (the days of IRCing are over for me).
I did apply some of the tips listed here, though.
Today, I picked up again, giving up on RAID and just using a conventional setup. I'm trying to install Slackware 14.1, but for some reason, the machine won't boot up after installation. I created a USB boot drive and for some weird reason, it's not readable, although I didn't get any errors when creating it. I also opted to boot from the MBR, and initially had issues getting the system booted up, until I looked in the BIOS settings and saw that the system was trying to boot from one of the other unused disks. Once I fixed that, it booted up without issue. I still may try to recreate the USB boot disk, but I'll do that later.
So far I've done the standard things: created a regular user (immediately), added the regular user to the wheel group and edited the sudoers file to accept root commands from the wheel group. The system also has two NICs and when installing Slackware, the install used the motherboard's NIC and not the extra NIC I installed (this wasn't a huge issue, but had me wondering why I couldn't get an internet connection).
I'm currently using XFCE as a desktop environment. I wanted to use KDE but for some reason, it's not working. It's something to look into later.
I've been without Slackware for quite awhile (the last 4-5 years). I'm also not so Slackware-savvy, but I'm so familiar with installing Slack that I had no issues getting it up and running. I know that Slack has many new and enhanced features. The challenge is to get familiar again. I'll do this without relying on IRC (the days of IRCing are over for me).
I did apply some of the tips listed here, though.
Wednesday, April 29, 2015
Wordpress - Zero Day Vulnerability Discovered
http://hackingdude.com/2015/04/29/wordpress-zero-day-vulnerability/
Most of the time, we have reported about WordPress vulnerabilities involving vulnerable plugins, but this time a Finnish security researcher has discovered a critical zero-day vulnerability in the core engine of the WordPress content management system.I thought I'd post about this since the vulnerability is a bit unusual. I also though it was a bit unusual that Wordpress reportedly ignored a previous vulnerability that the researcher reported to them. Wordpress has a responsibility to it's users and for them to purposefully ignore such a discovery is wrong, in my opinion.
So, if you've Wordpress CMSs that you administer, I'd advise you to upgrade to v4.2.1 (I did a few days ago).
Wednesday, January 28, 2015
CVE-2015-0235: Linux and glibc "Ghost" Vulnerability
Wondering about the Linux Ghost vulnerability?
Here's what I received from the US CERT:
Here's what I received from the US CERT:
The Linux GNU C Library (glibc) versions prior to 2.18 are vulnerable to remote code execution via a vulnerability in the gethostbyname function. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. Linux distributions employing glibc-2.18 and later are not affected.How to determine if your distribution is affect: run "ldd --version". If versions prior to v2.18 show in the results, you're vulnerable.
US-CERT recommends users and administrators refer to their respective Linux or Unix-based OS vendor(s) for an appropriate patch if affected. Patches are available from Ubuntu and Red Hat. The GNU C Library versions 2.18 and laterare also available for experienced users and administrators to implement.
I used this link to check my Ubuntu servers. Although, that resource doesn't cater to Slackware, the checks can still be applied. I'm not using Slackware as a flavor at the moment, but I'm sure Pat V. is working on a patched version of glibc. In fact, it would be wise to check your distribution's website for further news about this vulnerability and how to patch your particular flavor of Linux.
Sunday, October 19, 2014
Refreshing My Slackware Box
I have been trying to refresh my lab a bit. My Slackware machine hasn't been used in a few years and has 4 older hard drives. I decided to replace the older drives (4 drives - 60-, 80-, 160-, and 60-GB, 3 IDE drives and one SATA drive) and invest in 4 newer drives (4 x 500-GB SATA III).
I want to set up 2 x 500-GB in RAID 0, if possible (software RAID, if possible, hardware RAID if not). I've never set up a RAID array before, and if I can set up 2 x 500-GB in RAID 0, I'll essentially have a 1-TB drive.
I ran into a problem, though. My system seems to not want to always detect the CD drive anymore. Initially, it did, but stopped when I tried to install Slackware 14.1 last night. I got as far as selection of the source drive, even though it detected the CD drive when booting the install CD. I changed the jumper on the back of the drive but it did nothing, and now it won't see the install CD at all. So I decided to try using a USB flash drive as an install source. I also just now noticed that the .iso I'm trying to use is 64-bit, which is the wrong arch. :( I'll download the proper image right now.
I tried using my Alienware system to set up a Slackware install USB flash drive...it was a mess! I ended up just going to my Ubuntu machine and giving it a shot...it is far less confusing. Part of the confusion is that I don't see flushed-out documentation on how to do this in Windows. Most people are either using Unetbootin but the Windows tool for that wasn't detecting the USB flash drive, for some reason. Then, when I tried to use manual instructions, most of the HOWTOs I found weren't clear enough and were a bit vague (trust me...I know how to follow instructions and I've written HOWTOs before).
Hopefully, I can get this working so I can push myself into using Slackware again.
UPDATE --
Just as I finished this post, 'dd' finished. Here's what I did:
This took maybe 10 minutes to do. Again, I have the wrong image, so I'll have to do this all over again...shouldn't be an issue, though.
UPDATE 2 --
Annnnddd...after 2 days of trying getting CDs to be read by the CD reader, I swapped it out with a known working reader. It worked and I threw out the non-working reader. The swapped reader worked for a bit then stopped working too. I then swapped out the IDE cable (yep...no SATA reader in this particular system). It started working again. So, it was the cable and not the readers. Oh, and I went to the trash can and reclaimed the trashed CD reader. :) Slackware 14.1 is now installing, although I still need to read the RAID HOWTO to see what's needed to set that up.
UPDATE 3 --
About that CD reader...it ain't the reader(s). The one I swapped in is intermittent as well, even when paired with known working cabling. It has to be the motherboard that's acting flakey. As well, LILO won't install on my RAID 5 setup...it keeps erroring out and telling me to use another bootup method or to fix the issue (issue has to do with using "--metadata=0.90" on my boot partition setup...I've tried it without setting this particular metadata configuration and it flat-out won't boot). I'd use an alternative boot-up method but the damned motherboard is so old that it doesn't support removable drives such as flash drives as boot-up options. And since the BIOS update utility for this motherboard requires a Windows OS to be installed (and I'm not going to install Windows on this system just to update the BIOS, which might not even fix what I'm complaining about). I'm thinking of just upgrading the motherboard, but if I do that, I'm going to upgrade the CPU as well...gonna go Intel Core i5 and Gigabyte GA-Z87-HD3, more than likely...and if I do that, I'm just going to use it as my main desktop gaming rig, which means I won't be using it as a Linux machine. That might be ideal, since I've a gaming rig that is acting up (its a 6-core AMD CPU system that keeps powering down)...I can relegate that machine to Linux duty after also upgrading it's motherboard and CPU (going Intel i5 as well). I have some decisions to make, I guess.
I want to set up 2 x 500-GB in RAID 0, if possible (software RAID, if possible, hardware RAID if not). I've never set up a RAID array before, and if I can set up 2 x 500-GB in RAID 0, I'll essentially have a 1-TB drive.
I ran into a problem, though. My system seems to not want to always detect the CD drive anymore. Initially, it did, but stopped when I tried to install Slackware 14.1 last night. I got as far as selection of the source drive, even though it detected the CD drive when booting the install CD. I changed the jumper on the back of the drive but it did nothing, and now it won't see the install CD at all. So I decided to try using a USB flash drive as an install source. I also just now noticed that the .iso I'm trying to use is 64-bit, which is the wrong arch. :( I'll download the proper image right now.
I tried using my Alienware system to set up a Slackware install USB flash drive...it was a mess! I ended up just going to my Ubuntu machine and giving it a shot...it is far less confusing. Part of the confusion is that I don't see flushed-out documentation on how to do this in Windows. Most people are either using Unetbootin but the Windows tool for that wasn't detecting the USB flash drive, for some reason. Then, when I tried to use manual instructions, most of the HOWTOs I found weren't clear enough and were a bit vague (trust me...I know how to follow instructions and I've written HOWTOs before).
Hopefully, I can get this working so I can push myself into using Slackware again.
UPDATE --
Just as I finished this post, 'dd' finished. Here's what I did:
ron@Ubuntu1:~$ isohybrid slackware64-14.1-install-dvd.iso
isohybrid: Warning: more than 1024 cylinders: 2326
isohybrid: Not all BIOSes will be able to boot this device
ron@Ubuntu1:~$
ron@Ubuntu1:~$
ron@Ubuntu1:~$ sudo dd if=slackware64-14.1-install-dvd.iso of=/dev/sdb
4763648+0 records in
4763648+0 records out
2438987776 bytes (2.4 GB) copied, 1150.13 s, 2.1 MB/s
This took maybe 10 minutes to do. Again, I have the wrong image, so I'll have to do this all over again...shouldn't be an issue, though.
UPDATE 2 --
Annnnddd...after 2 days of trying getting CDs to be read by the CD reader, I swapped it out with a known working reader. It worked and I threw out the non-working reader. The swapped reader worked for a bit then stopped working too. I then swapped out the IDE cable (yep...no SATA reader in this particular system). It started working again. So, it was the cable and not the readers. Oh, and I went to the trash can and reclaimed the trashed CD reader. :) Slackware 14.1 is now installing, although I still need to read the RAID HOWTO to see what's needed to set that up.
UPDATE 3 --
About that CD reader...it ain't the reader(s). The one I swapped in is intermittent as well, even when paired with known working cabling. It has to be the motherboard that's acting flakey. As well, LILO won't install on my RAID 5 setup...it keeps erroring out and telling me to use another bootup method or to fix the issue (issue has to do with using "--metadata=0.90" on my boot partition setup...I've tried it without setting this particular metadata configuration and it flat-out won't boot). I'd use an alternative boot-up method but the damned motherboard is so old that it doesn't support removable drives such as flash drives as boot-up options. And since the BIOS update utility for this motherboard requires a Windows OS to be installed (and I'm not going to install Windows on this system just to update the BIOS, which might not even fix what I'm complaining about). I'm thinking of just upgrading the motherboard, but if I do that, I'm going to upgrade the CPU as well...gonna go Intel Core i5 and Gigabyte GA-Z87-HD3, more than likely...and if I do that, I'm just going to use it as my main desktop gaming rig, which means I won't be using it as a Linux machine. That might be ideal, since I've a gaming rig that is acting up (its a 6-core AMD CPU system that keeps powering down)...I can relegate that machine to Linux duty after also upgrading it's motherboard and CPU (going Intel i5 as well). I have some decisions to make, I guess.
Tuesday, February 25, 2014
Edward Snowden enables Chinese hack attacks
China’s military hackers are back, more brazen than ever. You can thank Edward Snowden. A year ago, the Internet security firm Mandiant went public with what cyber-war watchers had known for some time: Unit 61398, a secret branch of the Chinese military, had been behind more than 1,000 cyber attacks on Western targets since 2006. But now we know they didn’t stop for long — and the West and the Obama administration are looking as ill-prepared and impotent as ever in dealing with the threat. China’s usual attacks on banks, weapons manufacturers and other juicy targets are now back to almost daily.Read more @ http://nypost.com/2014/02/24/chinas-military-hackers-can-thank-edward-snowden/
Monday, February 03, 2014
Why You Should Learn to Run a Server Before You Learn to Code
http://lifehacker.com/why-you-should-learn-to-run-a-server-before-you-learn-t-1497178889
This was a good read!
The reader comments were also very much full of rich details and advice. Everyone nowadays wants to learn to program and only thinks of the glorious moments (creating the perfect, most popular app that will make you tons of money). A perfect programmer would be well-rounded and understand server management as well as coding.
This was a good read!
The reader comments were also very much full of rich details and advice. Everyone nowadays wants to learn to program and only thinks of the glorious moments (creating the perfect, most popular app that will make you tons of money). A perfect programmer would be well-rounded and understand server management as well as coding.
Saturday, January 25, 2014
Google's 1/24 Outage
Google's response to their outage yesterday: Software bug
Read more @ http://www.androidheadlines.com/2014/01/google-damage-control-issues-apology-explanation-yesterdays-service-outage.html
Read more @ http://www.androidheadlines.com/2014/01/google-damage-control-issues-apology-explanation-yesterdays-service-outage.html
Scripting book?
I found something nice. See below. As well, I neglected to even consider that Dave Taylor had a Google Plus account (I will follow him).
Tuesday, January 21, 2014
AMC movie theater calls FBI to arrest a Google Glass user
The article is upsetting to me. And it lacks certain details, so some people might debate on its authenticity. But it definitely highlights that one should NOT take Google Glass devices into theaters without knowing the possible repercussions. In fact, it may be prudent to not even mess with your phone while in the theater, as the same thing could happen.
It really burns me up that no apology was offered by those "cops" and that the movie association guy gave two free movie vouchers to him (then upped it to four), like that is equivalent recompense. WTF?
It really burns me up that no apology was offered by those "cops" and that the movie association guy gave two free movie vouchers to him (then upped it to four), like that is equivalent recompense. WTF?
Monday, January 20, 2014
LifeHacker: Why You Should Learn to Run a Server Before You Learn to Code
This is a great read! I also love the subject-matter (coding and server administration). I forgot how I came upon this URL, but I love it...I'll be bookmarking it at Delicious.
Friday, December 27, 2013
nmon - Linux
Found this little tidbit (nmon) on Google+ (Ubuntu group):
https://plus.google.com/101635552034658832984/posts/BoQk2BibQkJ
It may come in handy during my next troubleshooting crisis.
Monday, December 23, 2013
For those people who are trying to chose the best Linux distro...
For those people who are trying to chose the best Linux distro...
The whole research is here.
Google+ link
The whole research is here.
Google+ link
Snowden again...
2.5 months ago, I posted my thoughts about Snowden and his intentional spillage of classified data.
A few days ago, a friend of mine posted an article discussing how Snowden didn't make Google's top 10 most searched topics.
Today, a different friend posted (on Facebook...due to respect for his [and others'] privacy, I will not copy/paste or screenshot the discussion) that Snowden was filtered from Twitter's search engine.
Some musings and things to think about:
Firstly, I'm glad I'm not the only person out there that thinks this "Snowden is a hero" thing is ridiculous. The fact that I saw several articles that mimicked my thoughts is a bit refreshing. Here's one.
Secondly, there seems to be a lot of people on the web (and in real life) that think that the government is censoring the search content. They don't have *that* much power and hooks into the systems to achieve that goal...no way. Google (and more than likely Twitter too) wouldn't mess with such query results...what would they have to gain, and why would they do this when they're already pissed that the NSA was able to intercept much of their back-end data? If the query results show that Snowden didn't make the top ten, that means that he didn't make the top ten...maybe people don't care so much about him. Oh, they understand the implications of NSA snooping, but they don't need to read articles on Snowden to study up. The only people that are concerned about Snowden are his supporters (and maybe the NSA and other 3-letter gov't orgs -- from the standpoint of never letting such a thing happen again). Yes, I'll say it again: The only people that are concerned about Snowden are the people wearing the tin foil hats...and, apparently, there aren't many of those types of people compared to the rest of the world, because their concerns didn't show in Google's top ten topics for 2013. Thinking on that, that is rather shameful, yeah...people were more concerned with Miley Cyrus and her twerking than their privacy where the NSA is concerned. Again, I am concerned with snooping...I *am*, but, as I explained my my last post about all of this, the NSA isn't attempting to record the whole of the world's lives. They're data-mining and looking for trends that tend to stick out like a sore thumb. They aren't looking at you at a personal level every day (unless you've an anthrax factory in your basement).
A few days ago, a friend of mine posted an article discussing how Snowden didn't make Google's top 10 most searched topics.
Today, a different friend posted (on Facebook...due to respect for his [and others'] privacy, I will not copy/paste or screenshot the discussion) that Snowden was filtered from Twitter's search engine.
Some musings and things to think about:
Firstly, I'm glad I'm not the only person out there that thinks this "Snowden is a hero" thing is ridiculous. The fact that I saw several articles that mimicked my thoughts is a bit refreshing. Here's one.
Secondly, there seems to be a lot of people on the web (and in real life) that think that the government is censoring the search content. They don't have *that* much power and hooks into the systems to achieve that goal...no way. Google (and more than likely Twitter too) wouldn't mess with such query results...what would they have to gain, and why would they do this when they're already pissed that the NSA was able to intercept much of their back-end data? If the query results show that Snowden didn't make the top ten, that means that he didn't make the top ten...maybe people don't care so much about him. Oh, they understand the implications of NSA snooping, but they don't need to read articles on Snowden to study up. The only people that are concerned about Snowden are his supporters (and maybe the NSA and other 3-letter gov't orgs -- from the standpoint of never letting such a thing happen again). Yes, I'll say it again: The only people that are concerned about Snowden are the people wearing the tin foil hats...and, apparently, there aren't many of those types of people compared to the rest of the world, because their concerns didn't show in Google's top ten topics for 2013. Thinking on that, that is rather shameful, yeah...people were more concerned with Miley Cyrus and her twerking than their privacy where the NSA is concerned. Again, I am concerned with snooping...I *am*, but, as I explained my my last post about all of this, the NSA isn't attempting to record the whole of the world's lives. They're data-mining and looking for trends that tend to stick out like a sore thumb. They aren't looking at you at a personal level every day (unless you've an anthrax factory in your basement).
Tuesday, November 26, 2013
Time-saving Tips - Linux Journal
Wow. I was reading the below link, to refresh myself with screen (I've been slacking with admin'ing my Linux machines, and I rarely get the chance to log in via CLI.
I tried the bit in the article here:
http://www.linuxjournal.com/content/time-saving-tricks-command-line?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+linuxjournalcom+%28Linux+Journal+-+The+Original+Magazine+of+the+Linux+Community%29&utm_content=FaceBook
I tried the bit in the article here:
...[L]et's say I want to run a git push command again, but I don't remember exactly which one. So I press Ctrl-r and start typing "push". This will match the most recent command, but I actually want the one before that, and I don't remember a better fragment to type. The solution is to press Ctrl-r again, in the middle of my current search, as that jumps to the next matching command.
My mind was blown away. I've never used that method. I always referenced 'history', found the ID# for the command I needed, then typed "!ID" (example, !2015), which would run the command. I'm still in the middle of the article (just two pages), but I'm going to skim over LJ articles during the next few days since I'm off until next Monday...I need to force myself to become more immersed in *nix.http://www.linuxjournal.com/content/time-saving-tricks-command-line?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+linuxjournalcom+%28Linux+Journal+-+The+Original+Magazine+of+the+Linux+Community%29&utm_content=FaceBook
Web Administration Scripts - Linux Journal
I haven't read all of this yet, but since it's related to Linux, Apache, and DDoS, I thought I'd bookmark it and share it here. It's an article by Dave Taylor.
http://www.linuxjournal.com/content/web-administration-scripts?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+linuxjournalcom+%28Linux+Journal+-+The+Original+Magazine+of+the+Linux+Community%29
After I finish reading the article, I'll add any comments I may have to this blog entry.
http://www.linuxjournal.com/content/web-administration-scripts?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+linuxjournalcom+%28Linux+Journal+-+The+Original+Magazine+of+the+Linux+Community%29
After I finish reading the article, I'll add any comments I may have to this blog entry.
Friday, November 01, 2013
Healthcare.gov web site launch leaves lessons for health of your IT career
Healthcare.gov web site launch leaves lessons for health of your IT career
IT pros following the troubled launch of healthcare.gov can only feel grateful that they were looking at it purely clinically, and as “outside observers”—especially if they were reading some the criticism about the web site in national publications. The President was even quoted in international presses as he acknowledged the web site’s problems, saying "There's no sugarcoating it. The web site has been too slow. People have been getting stuck during the application process. And I think it's fair to say that nobody is more frustrated by that than I am."
Read more @:
http://www.techrepublic.com/blog/career-management/healthcaregov-web-site-launch-leaves-lessons-for-health-of-your-it-career/?tag=nl.e124&s_cid=e124&ttag=e124&ftag=TREdcc9ddc
I thought this was a good read. Last week, my wife had mentioned the woes of this project (she's a budding IT security geek). She'd been listening to radio talk show hosts discussing the issue while commuting to/from work. I'd neglected to track the issue via the media but I'd heard there were issues. She asked my opinion and I told her that I couldn't see how the project went production-live without conducting quality assurance testing and other validation testing. She concurred and stated that the project went live without proper testing. I was shocked. Now, for a seasoned IT person, the article highlights nothing new, but think about this: there had to be some senior guys involved in that project...how in the hell could it have went live without someone being accountable to the state of the product? With the scope of the requirements and the possible political implications, you'd have thought that a high-press project would've been watched closely. That's food for thought, I guess.
IT pros following the troubled launch of healthcare.gov can only feel grateful that they were looking at it purely clinically, and as “outside observers”—especially if they were reading some the criticism about the web site in national publications. The President was even quoted in international presses as he acknowledged the web site’s problems, saying "There's no sugarcoating it. The web site has been too slow. People have been getting stuck during the application process. And I think it's fair to say that nobody is more frustrated by that than I am."
Read more @:
http://www.techrepublic.com/blog/career-management/healthcaregov-web-site-launch-leaves-lessons-for-health-of-your-it-career/?tag=nl.e124&s_cid=e124&ttag=e124&ftag=TREdcc9ddc
I thought this was a good read. Last week, my wife had mentioned the woes of this project (she's a budding IT security geek). She'd been listening to radio talk show hosts discussing the issue while commuting to/from work. I'd neglected to track the issue via the media but I'd heard there were issues. She asked my opinion and I told her that I couldn't see how the project went production-live without conducting quality assurance testing and other validation testing. She concurred and stated that the project went live without proper testing. I was shocked. Now, for a seasoned IT person, the article highlights nothing new, but think about this: there had to be some senior guys involved in that project...how in the hell could it have went live without someone being accountable to the state of the product? With the scope of the requirements and the possible political implications, you'd have thought that a high-press project would've been watched closely. That's food for thought, I guess.
Thursday, October 24, 2013
Google blacklist blocking php.net
Google blacklist blocking php.net
Google's safe browsing API, a security blacklist service which warns of malicious web sites, has marked the php.net site as malicious. As a result, users of Google Chrome and Mozilla Firefox get a dire warning when attempting to visit the site.
Read more here:
Note: Also, be aware of the comments section under the article. There is a bit of banter going on about 1) it was a non-news-worthy event, since Google did what it was supposed to have done -- ie, it was not a false positive, 2) a reader insists that it was a false positive and that Google has a habit of blocking small business owners, causing them financial woes, and 3) reader points out that Netcraft detected possible malware at php.net (substantiated by a Hacker News analysis), which substantiates Google's claim.
Subscribe to:
Posts (Atom)