Crossed Wires

Vic’s Blog

Archive for November, 2008

Security blows

Nov 25

Posted by Vic in Linux, Soapbox | No Comments

I was about to post about how pleased I was with Synergy in helping me tidy up my desktop clutter (by removing a keyboard and mouse from the surface). Ironically, I’m instead posting about a problem with the configuration that will cause me to throw it out and look for something else. Why the title? Because the default configuration of a Linux distribution nowadays has given me no way to fix this ridiculously simple problem without powering off the running PC, VMware guests and all.

The problem is that Synergy and the VMware console don’t play well together (I could have sworn that when I first started using Synergy I had no trouble with it, but there are a few hits around that describe problems like I’ve now hit). The problems people are reporting are that keys like Shift and Ctrl are not passed to the VM (some described here and here).

My problem is slightly different: the screen of my Synergy client (the one that’s running VMware) locked while a VMware guest had focus. Now, the Shift and Ctrl keys are not picked up by gnome-screensaver to unlock the screen. Even the real keyboard attached directly via USB doesn’t work. Big problem, for the following reasons:

* Thanks to password strength rules enforced on the Linux build I use, my password now has a Shift-obtained punctuation character.
* I can’t switch to a virtual console, since that requires Ctrl (e.g. Ctrl-Alt-F1).

Okay, so the keyboard doesn’t work. This client machine just happens to be a tablet PC, and I had hacked gnome-screensaver (to display the onscreen keyboard to allow the screen to be unlocked in tablet mode). I grabbed the pen and tapped out my password, but it *still* didn’t work: even the output of the virtual keyboard gets the Shift modifier dropped. Hmm… Starting to fume now.

Never mind, I’ll connect via the network…

* Fedora does not start SSH by default (okay, yes, and I didn’t make sure it gets started after I’d finished the install).
* There is no remote desktop (VNC server, XDMCP) configured.
* The shiny web-based management interface on VMware Server 2.0 only listens on 127.0.0.1 (or is being blocked by the Fedora firewall).

So with no way to get access to the machine to try and fix it, a power-off is the only solution. Some readers are probably thinking “boo-hoo, diddums had to kill-switch his widdle poota, how tewwible,” but I hate having to do that; not because the system doesn’t recover, but it’s “problem resolution, Windows-style”.

Even though the real problem was between Synergy and VMware, I’m blaming the (perceived) need for security since without that I wouldn’t have a cryptic password that I can’t enter without Shift and a system I can’t administer over the network. Red Hat and Fedora doing everything in their power to ensure I don’t fall prey to nasty Internet fiends (rich analogies to governmental nannying, but that’s probably over-thinking things).

So in summary: Synergy is great, just as long as you’re not using VMware console and have a password with punctuation or uppercase… Remember to have your SSH or other network access enabled before you play!

Tags: , , , ,

We finally meet K (a.k.a. Clinker)

Nov 19

Posted by Vic in Family, Life | No Comments

To our beautiful baby girl, the warmest and fondest welcome!

The post I made here last night was going to be a comment about how ironic it was that we didn’t want to know our baby’s gender and yet the time of the birth was known. Well as fortune would have it, I would have been wrong on both points!

We were due to arrive at hospital at 1:30pm today for a 2pm induction, but our baby had different plans! S went into labour spontaneously at about 1:30am this morning, so we had the dash to the hospital that we never thought we’d have. By 2:30am we were in the birthing suite, and just over one hour after that our baby girl K arrived!

As for the gender thing, although we were obviously going to be happy to have a healthy baby of either gender we’d both been hoping for a girl. This time, something was telling me that it was in fact a girl–I guess you’d say I was very confident. So confident in fact, that S was quite angry at me about a week ago for not committing to a name for a boy. :-)

N met his baby sister this morning… he has a very proud-looking smile on his face whenever he looks at her! He’s a wakeup to our grownup tricks though–we’d bought him a present to take home with him “from the baby”. When given the present, he reportedly (and in his best “hang-on-a-minute-you-can’t-trick-me” voice) said “that’s not from the baby, babies can’t go shopping!”

PS: What’s Clinker? That’s the nickname that S’s work friends gave to her baby-bump!

Tags:

Tomorrow is a Big Day

Nov 18

Posted by Vic in Family, Life | Comments off

Every one of us experiences life-changing events. Sometimes we’re fortunate enough to know about them in advance. One such event will come tomorrow for my wife and I, with the scheduled arrival of our second child! All going well, I’ll make an update here with news (and I’m veejoe on Twitter, so look out there for progress too).

Tags:

Scourges of the Universe: Blog Spam, and ISPs

Nov 10

Posted by Vic in Soapbox | No Comments

If you can read this, it means that Round 3 of my fight with my ISP is over and my ADSL is back up, which is a good thing because it means that I can tell you about why my ClustrMaps image has so many red dots on it suddenly…

Every so often I found that some random junk would show up in comments to my blog posts. When I saw it I’d just delete it, and it didn’t occur often so I didn’t really think much of it.

This was until I spied a comment that I actually needed to reply to, and found I couldn’t. I started looking at why the record number of the comment was so high, and found that my blog of little-more than 100 entries had become home to over 13000 items of blog-spam. :(

I blame myself, obviously, as the software I use had introduced spam-filtering techniques a couple of versions ago and I hadn’t kept up.

In cleaning up the garbage, behind the red mist of rage I saw at having my blog being violated so, I noted something interesting. The issue had been going on for some time, and I realised that in front of me, in my humble little blog, I had a snapshot of the evolution of blog-spam.

The early stuff was primitive, and easily identified by querying for the names of erectile dysfunction drugs and other medications. The later stuff was harder and harder to detect until I was virtually picking it record-by-record out of the database. Some of it made absolutely no point to me at all: strings of random alphabetics with not even a URL in sight; maybe this was a worm just looking for the kudos of a DOS.

The thought occurred to me that perhaps I should have kept it, in much the same way as someone I know keeps copies of PC viruses and worms in a little (hopefully isolated) folder. Then I realised two things:

* Preserving something, or putting it in a museum, gives it some legitimacy. I don’t want to legitimise blog-spam; and

* The art (if any) in blog-spam is in the code that generates it, not in the crap it leaves behind.

As for all the hits on my ClustrMap, I figure 80% are the spambots infecting the blog and about 19% are the poor folk that got drawn to my site as a result of the spam. I had been thinking of a different blog platform, perhaps this episode shows that I need something a little harder.

Of course another way to fight blog-spam is to get your network disconnected from the ‘Net, and my ever-so-unfriendly ISP went out of their way to do that for me this weekend. Unsolicited, of course, which is even better. On a Friday afternoon, too — better still, as if you do actually manage to get someone on the phone it’s too late for them to find anyone who can do anything about it (apparently).

Recommendations of a good ADSL ISP accepted: although keep it to yourself if your ISP’s called wwkjukhkkjlpuggh or qjkdfsdfaksjkulkfhg… :)

Tags: , ,