If you haven’t yet heard, there’s a bug in the XML-RPC function that basically allows a remote attacker to execute PHP code. WordPress, the software that runs this website, is one of a host of applications that make use of XML-RPC and is vulnerable to this bug. This website was updated awhile ago, after the June 29th announcement at wordpress.org.
Look for a worm to start exploiting this in the near future.
Hmm, guess I should create some categories or something… I’m starting to get a fair number of posts on here.
So, it’s been almost four weeks since I last posted. I always swear I’m going to post more, but never do.
Let’s see… a few minutes ago I changed the theme on the site here. There was one thing that I didn’t like about it — that links were distinguished from the regular text. You had to roll your mouse over all the text in order to figure out where links were in the body of a post. So, I changed that. They’re all green now, so if it’s ugly, it’s my fault.
Hmm, there was a very minor Wordpress upgrade a few weeks ago, from 1.5.1.1 to 1.5.1.2 or something like that — minor XSS bug in the default configuration, if memory serves. Maybe it was SQL injection? Don’t really remember, TBH — don’t really care either. Anyways, did that.
Oh, I see where I was bitching about the WiFi card on my new Inspiron 600m and SUSE Linux. Well, I ended up installing Ubuntu and it just fucking worked(tm). Period. Detected it right “out of the box” and it just plain worked. Ubuntu 1, SUSE 0.
I’m still looking to move to Bloomington, but haven’t really gotten there yet. I spend most of my time there already, between going to work and staying at Lindsey’s, but I haven’t managed to get moved as of yet. We’ve looked at a few places in the last week or so, and have a couple of potential places lined up. It’s such a PITA — applications for this, applications for that, applications so that they can tell me “yes, you make enough to live here”. Crap like that. I hate it.
I haven’t had to travel much lately, except for the occasional meeting in Indianapolis. That’s good. I like that. I used to love travelling all over the damn place, but it’s getting pretty old pretty quick. I’m good to make it to work half the time, let alone somewhere else.
Oh, I’ve been playing with Virtual PC a lot lately. We have a “test bed” at work for that kinda stuff, but since I use my laptop almost exclusively nowadays, it’s nice to just do all my testing on it. It’s got a gig of RAM so it can handle a couple of “virtual pc’s” pretty well. It’s nice to testing stuff before actually rolling it out, or if I just want to play with something new. Microsoft recently released (from beta) Windows Server Update Services (WSUS), the successor to Software Update Services (SUS) and it’s pretty sweet, to be honest. I have it running in Virtual PC at the moment, and will probably deploy it in the next few weeks. Speaking of, tomorrow is “Patch Tuesday” (here’s Microsoft’s latest bulletin), so get your PC’s patched.
I also came across some MSI packages for Firefox that are independently maintained (IOW, not an official release from the Mozilla Foundation). They seem to work pretty well (in my test environment, see above) and even have the administrative templates to go with ‘em (for Group Policy stuff). We re-image our computer labs every fall semester, so this may be a good way to get Firefox in there until Mozilla starts releasing their own MSI packages (which should be a VERY HIGH PRIORITY! Are you listening, Mozilla?). We already have Firefox on our standard lab image now, but there’s no easy way to do updates. We’ll see how these MSI packages work out (they’re deployed via group policies, which kicks ass, by the way).
I’ve been really diggin’ AvantGo, too. It was already on my PDA when I got it (though I updated it). They give you 2 MB of content for free daily and I’ve been keeping it updated. This gives me a chance to keep up on all the tech news when I’m somewhere without Internet access (e.g. Lindsey’s place). Check it out if you have a PocketPC-based PDA (the 2MB of content is free — you can “upgrade” to get up to 8MB).
I think that’s it for now, maybe I’ll update in another month or two. :)
It worked! I have a new domain name now…
At least a month or so ago, I came across an article on Steve’s UnixWiz site and thought that was a pretty good domain name. He does consulting work and I thought the domain was kinda catchy. In addition to working at the College, I do some work on the side for a few companies and wanted something a little more flashy than just “gaddis.org”. Since I’m a big Linux freak and have been since ‘97 or so, the first one I whois’d was linuxwiz.net. Taken, of course.
But wait — I noticed it was actual expired. So why was it still taken then? Over the next little bit, I found out that Go Daddy has a few “phases” that its domains go through after they expire. According to the rep I talked to, there’s a 30-day period where the owner can get the domain back no problemo, then a 45-day “REDEMPTIONPERIOD” where the owner can get it back (at a hefty cost). Failing that, the domain goes into a “PENDINGDELETE” phase for five days during which no action can be taken on it. After that five-day period, the domain is released and made available to the public again.
I was on vacation all last week, which was the time I figured the domain would become available. I just figured that I’d miss it and somebody else would probably snatch it up. I happened to think about it yesterday and checked whois again. whois said that it had been placed into “PENDINGDELETE” on March 15th. Yesterday was the 20th, so that was the five days. The domain still wasn’t available, however.
Go Daddy has a “service” called backordering, whereby they will monitor domains and attempt to snatch one up for you if or when it becomes available. I called Go Daddy back last night and asked the rep why the domain hadn’t been released since the five-day period was up and if he knew when it would be. Of course, he didn’t. He then brought up the backordering service like a good sales guy and after debating it for a minute I told him “Okay, do it. Put it on the card you have on file.” and about ten seconds later I had an e-mail from them confirming my “order”.
I checked the whois database a few times this morning at work but nothing had changed. I had pretty much forgotten about checking it anymore when I got an e-mail at 3.19pm from support@godaddy.com with a subject of “DomainAlert: LINUXWIZ.NET Successfully Captured”. w00t! Got it!
So now I have this “cool” new domain name (I think I’m just tired of this one after three years or so) to play with. I immediately set up DNS for it and it’s already working and functional just a few hours later. Since all e-mail for gaddis.org comes into Postfix on a Debian GNU/Linux box at my house anyways, it was trivial to modify its configuration to also accept mail for linuxwiz.net. So, less than six hours after I acquired the domain, it has a working website and e-mail setup.
I probably won’t do anything special with the domain and just move the blog over to it (www.linuxwiz.net is just a virtual host pointing to the same directory as www.gaddis.org anyways) over the next few days. That reminds me, I still haven’t scanned all my vacation pictures. Oh well, someday…
Apparently Debian upgraded to a newer version of cacti a week and a half or so ago, which required some changes to the database. I either didn’t notice or didn’t care at the time, which resulted in cacti not working since then until I noticed it this evening. I made the necessary changes and now my network traffic graphs are once again working.
I also installed new photo gallery software this evening. Not too long ago, I migrated from Blog:CMS to WordPress for my blogging software. Blog:CMS came with a modified version of “singapore” integrated into it. singapore is okay, but nothing spectacular. Since I was ditching Blog:CMS, I’ve been looking for a new photo gallery package also. Tonight I came across Coppermine Photo Gallery. The install was amazingly simple (untar, point browser to URL, enter in SQL host/username/password) and a few clicks later it was set up. I got the three major photo galleries moved over to Coppermine now and will be ditching Blog:CMS entirely sometime soon. Check out the new photo galleries (people seem to like the webcam one). I’ll have my vacation pictures up sometime soon too.
So it seems like I was able to migrate over to WordPress pretty easily. I even found a script that somebody wrote that would import everything from Blog:CMS, which has been the limiting factor in my migration so far. There seems to be some small formatting issues with some of the posts, but I’ll rectify that over the next few days (or attempt to anyways, depending on my schedule).
There are still some items set at their default values, which I’ll also change. It’s just before midnight and I have to get up in about six or so hours, so I’ll worry about it later.
P.S. The old site is still available [Ed: not anymore — link removed].
If you’ve been here before, you may have noticed that the site has been updated. I’ve upgraded to the latest available version of the BlogCMS software that I use to manage the site and also physically moved it to the hosted server from 1and1.com that I previously used just for large images. This should result in a faster and more stable experience for the site (not that my own Linux boxes were slow or unstable). With the latest version of the software also comes a photo gallery component, so I moved some a couple of my photo galleries over there so that I don’t have to use the ugly ones created by Microsoft FrontPage anymore, which I am extremely happy of (I loathe FrontPage. No, I hate it. It’s absolutely horrific.)
My Bookmarks My Recent Diggs
Recent Comments