I really wish there was something we could do about Conficker as a Technology community. There’s a spread of between 3 million and 12 million computers in the world according to CNN. Seems insignificant given the size of the entire Internet. I’d like to pose a question to the community. What tools would we need in order to mitigate the risks of Conficker or any worm for that matter?
Do the normal rules of engagement apply here? When I was in the telecommunications industry, we tackled problems like this systematically:
Identify the risk.
Identify the number of infections.
Allocate all parties and resources necessary to resolve.
Run hourly checks to ensure every compromised system is attended to.
“Lessons Learned” with all parties involved once 100% resolution is attained.
Seems like documentation and tracking are the key. At my former company, we used massive spreadsheets and sent updates to those assigned to verify resolution and remove the record. What would scale on the Internet, considering it is between 3 million and 12 million records?
Another question: Should this all be centralized is a consortium? I have mixed feelings with this. In a corporate office it certainly was convenient to have strict policies and standards. Consistent problems bring consistent solutions, as the saying goes. I also consider myself a free market and free Internet kind of technologist.
Perhaps just a crowd-sourced site (I know, I know) focused on the resolution of all the Confickers of the world, providing information, links, etc. would be on the right course. Make it a condition that all the information is Creative Commons and low and behold, maybe we’d have a winner.
Here is CNN’s information regarding recent activity on Conficker. What troubles me about it is the apparent loss of hope in a resolution. Kind of makes me sad to think that Sunday breakfast table conversation might end up starting with Dad opening a newspaper and asking “I wonder what Conficker is up to today?” Very disturbing.
I’ve recently been drawn to technology security and just wanted to share this video. Bruce Schneier has a very clairvoyant view on the big picture of security.
Pidgin is arguably the de facto open source instant messaging client. The biggest advantage you have using it is the multi-protocol support which allows you to connect to AIM, Yahoo, MSN, Google Talk, Jabber, IRC and a few others I’ve never even heard of by default. Plugins add additional services and features. Here is a look at the services I currently connect to all at once:
Pidgin is available for Linux, Windows, and Mac here.
I have been in need of a new GPS receiver for a while. While I love my Garmin eTrex and it has been a lifesaver on several occasions, the netbook lacks serial ports. Carrying a serial to USB adapter is out of the question. I wanted ultra-portability for my kit, especially on vacations and while traveling. Whatever solution I came up with, I knew from previous experience what package would need to be installed first:
sudo apt-get install gpsd
Enter this device:
No brand name, no fancy package. I plugged it in and it functioned beautifully. Ubuntu detects it as a Prolific PL2303 USB to Serial Bridge Controller as revealed by dmesg:
[ 950.076139] usb 2-2: new full speed USB device using uhci_hcd and address 3
[ 950.242660] usb 2-2: configuration #1 chosen from 1 choice
[ 950.246324] pl2303 2-2:1.0: pl2303 converter detected
[ 950.271393] usb 2-2: pl2303 converter now attached to ttyUSB0
That last line is important. I needed it to issue the next command:
gpsd /dev/ttyUSB0
As this device lacks a screen to indicate satellite fix, my next step was to install xgps:
sudo apt-get install gpsd-clients
I mostly use xgps for testing connectivity. It is a very basic interface with limited information. Pretty useless for navigation unless you work with satellites all day and know where they are supposed to be in the sky.
Eight years ago when I started experimenting with laptops and gps, I quickly found GPSdrive. It was really the only map-based GPS software available. Recently, using a netbook’s small 16:9 screen became a major problem when I realized the application wasn’t written for the Gnome toolkit. I was unable to maximize to my screen resolution of 1024×600, making any buttons at the bottom of the app hidden. TangoGPS has most of the functionallity necessary to track where you are on a map. Like GPSDrive, it is compatible with the Open Street Map project, works with gpsd, and even allows for friend updates.
For now, I have a system that tells me where I am, how fast I’m driving, and allows me to contribute to open street map. I will be eperimenting with another program called viking shortly and will discuss it here when I know more about it.
All of my computers are now on Ubuntu 8.10 (Intrepid Ibex). That’s a Dell D820, a Precision 650, the GQ computer that I picked up at Fry’s a couple years ago, and even the One. I’m usually cautious about moving from a LTS edition to a newer version, but for some reason I decided to pull the trigger on upgrading each of my systems instead of performing complete reloads. All four machines upgraded without catastrophic failures. I did have to reload the kernel modules for my sound card on the Aspire, but it’s not a big deal. On the Precision, some lunkhead sysadmin (who is reamining nameless) forgot to move /home to the second drive last time. All I needed were these instructions and I was back in business: http://ubuntu.wordpress.com/2006/01/29/move-home-to-its-own-partition/
I now have several machines running Ubuntu and Debian on my home network. Each one had an inconsistent version of the packages on it, and I finally decided this morning I was done upgrading each machine individually and downloading updates when I got around to it. Mikey’s got his own repo now and Mikey likes it.
I found some very simple, very focused instructions at this link:
Okay, so the Acer Aspire One now has a nickname of AA1. I kind of like it, so we’ll see if it sticks. I received my own Acer netbook for my birthday and am in the process of tweaking it to my satisfaction. My biggest annoyance so far has been the lack of codec support out of the box. XVID has been my favorite codec for a couple years now and I am not about to go back to wmv, especially on a Linux machine. One little tip I can throw everyone’s way though, the Fedora Repositories were intruded upon back in August. VLC is the package I noticed this with, but if you tell yum to install vlc, you will receive these errors:
Error: Missing Dependency: libpulse.so.0(PULSE_0) is needed by package vlc
Error: Missing Dependency: libopendaap.so.0 is needed by package vlc-core Error: Missing Dependency: libdvdnav.so.4 is needed by package vlc-core
This is a result of the security breach (looks like file corruption to me). To fix it, you need to run this command:
Acer recently released the Aspire One. My wife was looking for a laptop to check email and visit her forums while on the road. The tech details were GMail and phpBB, for those interested. We met at MicroCenter after work to look at netbooks on her birthday. I will not criticize Asus. They have made large strides in creating the market for the cheap ultra mobile pc, and I love them for it. But there they were, right next to each other, the EEE Surf and the Acer Aspire One. Comparing the two, spec to spec, the Acer made the Asus loook like a toy. It has a standard resolution width (1024). It has a larger keyboard (80% of a standard keyboard). To be honest, the “triple-E” looked breakable.
So anyway, we picked one up at a store after dinner. The clerk gave us the question that I often get hit with when trying to purchase items. “Now, you know, this isn’t exactly what most people expect from a computer…” I promptly interrupted, “It runs Linux, right?” Then we walked out the door with her new laptop and weren’t concerned about the price we paid.
I am more than impressed with the thing, mostly for it’s flexibility. The distribution that it runs standard is called Linpus. It’s essencially Fedora with a Mobile interface. It’s very easy to get to a terminal and start customizing to your heart’s content. I have already added Skype and upgraded the browser to Firefox 3 with AdBlock Plus to prevent the annoyances, both easy tasks if you already understand how Fedora. For the sake of resource management, Linpus uses XFCE and it’s a simple matter of editing an XML file to modify what your default apps are on the screen interface.
Due to it being Fedora based, I was able to successfully get the Citrix Presentation Server client functioning for her work stuff. The only major hiccup in this was replacing Thawte’s security certificate in the Citrix package. It wasn’t very difficult, just a minor annoyance of downloading from elsewhere. I could see this being a problem for someone with less computer experience. Here’s my suggestion to Citrix: Make your software update the certs automatically. This is the only reason the RPM didn’t work properly.
Well, regardless, the Acer Aspire one is very impressive piece of hardware and I am considering getting one myself just to have the convenience of an extra machine with ssh and a web browser. Acer really thought this one out.
With the hurricane season at it’s peak, I’ve decided to include a section focused on DR. I hope to add links to sites detailing weather and EOC information for the United States. If anyone elsewhere would like to contribute, please email me at <mike at itadmins dot org>. I’d also like to add sections convering power systems and other details.
Today, Google relased Chrome Beta, an open source web browser based on Firefox and Webkit. I am currently writing this post from Chrome. The biggest benefit I see to Google’s method of writing this program is the intense resource management. If one tab locks up, the others are fine. From a technical perspective, this is the best idea since tabbed browsing itself. Here is a link to the download: http://www.google.com/chrome
