Sie sind hier

Gallery2 and Comment Spam BotNets

In his blog post about the m68k port he's writing about the port being dead, because there's simply no security support for it.

I have to admit that he might be right about it.

Although the m68k port is doing fine with keeping up, there are so many problems, that I doubt that m68k will be allowed to get back. My current list, of why m68k might be dead is:

  1. There's no security support for m68k
  2. m68k has no glibc support in current versions (pthread thingie or so)
  3. m68k is not in stable
  4. packages are getting bigger and bigger and slower and slower all over the place
  5. there is basically no interest in supporting m68k in the majority of DDs
  6. some more minor reasons

I expect some of the above points to be taken against any possible re-inclusion of m68k, such as no security support and being not in stable, which is some sort of paradox because, you'll guess it, m68k is not release with Etch and thus is not in stable. I guess this is difficult to understand when you're not a m68k user, but from my point of view, this is forseeable because of past discussion about the status of m68k.
There had been spent so much energy on getting rid off m68k with the Vancouver Massacre, that it's unlikely that a similar amount of energy will be spent to get m68k back in, because there wasn't much energy spent for the time after Etch release. Ok, there was the introduction of etch-m68k on the mirrors, but as Joey already stated, that's only part of the game.
There was a clear view of how to get rid off of m68k, but no vision of how m68k can exist outside of Etch. Now, the m68k support is basically gone, it's even more problematic to keep up with other ports that are still considered for testing. The whole release infrastructure is based on the migration from unstable to testing. If a port doesn't exist in testing, because it wasn't released with the last stable, then it's hard to get released with the next version of stable.

So, yes, I believe as well that m68k is pretty dead when no miracle happens soon...

Kategorie: 

proftpd and SQL uid

For about two weeks now it seems that a botnet is attacking one of my Gallery2 installations in order to either comment spam me or to solve the captchas:


121.132.186.55 - - [14/Jun/2007:09:09:27 +0200] "POST /main.php?g2_GALLERYSID=4cc6b5e4b7ce4a207957a07c081b6f65 HTTP/1.1" 200 12167 "http://gallery.foobar.net/main.php?g2_GALLERYSID=631acbacb15f2cfb83cdaf5..." "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" 0 gallery.foobar.net
121.132.186.55 - - [14/Jun/2007:09:09:30 +0200] "GET /main.php?g2_view=comment.AddComment&g2_itemId=7152&g2_return=
main.php%3Fg2_itemId%3D7152%26&&g2_returnName=photo HTTP/1.1" 200 10349 "http://gallery.foobar.net/main.php?g2_view=comment.AddComment&g2_itemId=
7152&g2_return=main.php%3Fg2_itemId%3D7152%26&&g2_returnName=
photo" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" 0 gallery.foobar.net
121.132.186.55 - - [14/Jun/2007:09:09:32 +0200] "POST /main.php?g2_GALLERYSID=b45c76223a933ba3bed6e09a9589a6cd HTTP/1.1" 200 12081 "http://gallery.foobar.net/main.php?g2_view=comment.AddComment&g2_itemId=
7152&g2_return=main.php%3Fg2_itemId%3D7152%26&&g2_returnName=
photo" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" 0 gallery.foobar.net

Sadly Gallery2 seems to not offer the configuration option to disable comments for non-authorized/logged-in users, just only to disable captchas for some users/groups, but apparently disabling captchas for guests seems totally wrong for me.
Currently I'm blocking the hosts with an iptables rule whenever I see an attacking host by accident, but I guess that there should be a better option...

Kategorie: 

G8 summit in Heiligendamm

UPDATE:
There was a configuration error. Now everything works as intended.

Hmmm, maybe I'm missing a point, dear lazyweb, but it seems as if proftpd in Etch is somewhat broken.
Ok, I have a setup with proftpd, SQL backend (psql) and quota. First the SQL backend:


Table "public.users"
Column | Type | Modifiers
---------+------------------------+-----------
userid | character varying(30) | not null
passwd | character varying(80) | not null
uid | integer |
gid | integer |
homedir | character varying(255) |
shell | character varying(255) |
clear | character varying(80) |
Indexes:
"userid_pkey" PRIMARY KEY, btree (userid)
"users_uid_key" UNIQUE, btree (uid)
"users_userid_key" UNIQUE, btree (userid)

Proftpd.conf:

[...]
RequireValidShell off
DefaultRoot /home/%u
AuthOrder mod_sql.c
#PostgresInfo localhost dbadmin dcf1330 vftp
SQLAuthTypes Plaintext
SQLAuthenticate users* userset
SQLConnectInfo vftp dbadmin dcf1330
SQLDefaultGID 65534
SQLDefaultUID 65534
SQLMinUserGID 2100000
SQLMinUserUID 400000000
#SQLUserInfo users userid clear "uid" "gid" homedir shell
SQLNamedQuery userinfo FREEFORM "SELECT userid, clear, uid, gid, homedir, shell
SQLUserInfo custom:/userinfo

The problem is now, that those files that are uploaded by ftp get owned by uid 65533 instead of the uid defined in the SQL table, whereas the gid is being set correctly. Example:


-rw-r--r-- 1 65533 2101 14838 2007-06-11 15:34 front.jpg

Both, uid and gid, have the same value within the database (exampel is "2101" here), but only gid will be used correctly by proftpd when uploading files. I would prefer to use usrquota instead of grpquota, though.
I'm appreciating tips to solve this problem or to confirm that this is a proftpd bug! :-)

Kategorie: 

Kurzbesuch in Berlin

As you might already know: there is the G8 summit in Heiligendamm taking place, which is near Rostock - the place where I live.
Although there were some street fights between violent opponents (hiding in the mass of other demonstrants) and the Police, it's been quite silent so far. The summit begins today and apparently the demos and actions against the summit are starting as well.
When driving around (work/home) you can see Police everyone: at the train station, on bigger crossroads, on bridges, under bridges, driving around, etc...
It's like you're living in a police state.

Kategorie: 

LinuxTag 2007

Da Ende letzter Woche in Berlin der LinuxTag 2007 stattfand, haben meine Freundin und ich die Gelegenheit genutzt, uns bei ihren Verwandten einzuquartieren und den Besuch des LinuxTages mit einem Kurzbesuch bzw. -urlaub in Berlin zu verbinden.
Der LinuxTag an sich war wenig spektakuär: recht klein und übersichtlich. So blieb dann entsprechend viel Zeit für das Rahmenprogramm.
So waren wir am Donnerstag abend z.B. spontan Richtung Gendarmenmarkt gefahren und sind dann auch noch zum Brandenburger Tor gegangen. Und wo wir dann schonmal da waren, haben wir den Reichstag auch noch gleich mitgenommen. Erstaunlicherweise kamen wir sogar mit der vorletzten Besuchergruppe um ca. 21:45 Uhr rein und durften uns dann von den Sicherheitsleuten durchleuchten lassen. Nachdem auch diese Hürde erfolgreich überwunden war, ging es dann per Fahrstuhl auf die Besucherterrasse.
Leider hatte der Sicherheitscheck zu lange gedauert, um von dort noch den Sonnenuntergang beobachten zu können, aber das Abendrot war noch entsprechend stark vorhanden.
Dummerweise hatten wir aufgrund der Spontaneität unsere Fotokameras nicht dabei, so daß letztendlich das Fotohandy meiner Freundin herhalten musste.
Für Freitag nach dem LinuxTag war dann angesagt, den Ku'damm aufzusuchen. Wer Frauen kennt, weiß, daß das nicht unbedingt auf meinem Mist gewachsen war. ;) Das resultierte dann letztendlich auch in entsprechenden Fußschmerzen durch das viele Hin- und Hergelaufe, der Warterei in den diversen Läden, etc. Dafür haben wir aber dann später am Ku'damm auf dem Rückweg noch in einem Steakhouse lecker gegessen.
Samstag war dann eigentlich Sanssouci angesagt, aber aufgrund der Tatsache, daß die Verwandten meiner Freundin Musikprofessoren sind, gingen die Nächte Donnerstag und Freitag auch nicht unbedingt früh zuende. (jenachdemwiemanessehenwill) Womit dann nun wieder etliche Klischees über Musiker bestätigt sind. ;)
Jedenfalls hatte das zur Folge, daß wir Samstag halbwegs ausgeschlafen und erst um 12 Uhr gefrühstückt hatten. Der Rest war dann noch ein bißchen Familiengedöns und wieder Klamotten packen und Kaffeetrinken um 18 Uhr. Abreise war dann ca. 19:45 Uhr Richtung Heimat.

Da Samstag auch der große Krawall-Tag in Rostock wegen des G8-Gipfels war, war die Heimreise dementsprechend spannend. Vom Autobahnkreuz Wittstock-Dosse aus war die Autobahn aber ziemlich leer - selbst für mecklenburgische Verhältnisse! Erst kurz vor Rostock überholten wir dann wieder einige LKWs. Auf der Gegenfahrbahn kamen uns dann auch Massen von Polizeiwagen auf dem Weg in die Schlafunterkünfte entgegen. Wir sind dann durch den Warnowtunnel gefahren, um der Sperrung in der Rostocker City zu entgehen. Außerdem war der Weg durch den Tunnel eh kürzer... ;)

Kategorie: 

Please stop it

Since the LinuxTag took place in Berlin this year, I was able to attend it. LT in Wiesbaden, Karlsruhe, Stuttgart or whereever else was just to far away for me for a short trip. But this year it was near enough to plan a short trip to Berlin and stay some days at the home of the relatives of my girlfriend.
Anyway, the LT itself was, well, smallish. After the show it was said, that there have been 9600 attendees. My impression during my visit on Thursday and Friday was the same: very few people visiting.

On one hand, this is nice, because it gives you the possibility to have some in-depth talks to people, which is more difficult when there are lots of visitors. On the other hand, this is bad, because it reflects the importance of the show: nearly null.

When I remember my visits to the Amiga fairs in Cologne in the 90s, the numbers are somewhat different: 65.000 visitors in 3 days.

But not only the numbers of visitors were disappointing, the exhibition itself was it as well. Many booths from community projects showed generic information about themselves. This might be nice and interesting for new users, but when the subtitle of the fair is "where .com meets .org" this is really what one might expect.
Of course, maybe you could have asked the people there for details, but when the booth is looking rather dull and the flyers just have some buzz words on it without more information (like on the FreeWRT booth), it made me passing on to the next booth.

Something positive: I think the lectures were good. At least those I attended.

Kategorie: 
Tags: 

Skandalautobahn A20

I think everyone knows about the issues between Sven Luther and the d-i team. This is going on for about a year now and although I'm usually a supporter of Svenl here, I have to admit that I can't hear/read it anymore.
So, please stop it now. Everyone!

Svenl, you did a great job for the PPC port in Debian, but there's so much in life beside Debian! Enjoy it! You're wasting your time and life if you insist in being right. Maybe you're right, but I don't that this does matter. Take a time off from the project and have a nice time with our stuff! Been there, done that and found it worthwhile! :-)

All others: I think it would be better to not respond to every mail by Svenl, especially when you're opposing him. This will make it even worse for him and for everybody else, too, because the impression of being insulted will grow with every mail that tells him to shut up.

Every party involved in this dilemma does have valid points. For example I would like to see some sort of Code of Conduct or a Social Commitee or anything else that will prevent such incidents over and over again.
I think it's highly unprofessional how Sven was pushed out of the d-i team. Sure, everyone can disagree with anyone else, but I expect DDs to be professional enough to work together despite their personal dislikenings. OTOH, Svenl didn't earn glory insisting every now and then of being mistreated and being right.

So, can we now stop that neverending story, please?

Service-Wueste Deutschland

Gestern hatte ich die große Ehre, eine der zahlreichen Baupannen der Bundesautobahn A20 live zu erleben.
Die Rede ist natürlich von der Blasenbildung bei warmem Wetter, wie wir es nunmal gestern so hatten. Wikipedia erklärt das sehr schön in dem Artikel. Aber es ist schon recht heftig, wenn man über die Beulen drüberrattert.

Kategorie: 
Tags: 

Ubuntu: the new universal OS?

Also da befinden sich die Mitarbeiter der Telekom nun im Streik, weil Herr Obermann die Service-Qualität für die Kunden verbessern möchte, da diese ihm scharenweise davonlaufen. Dazu sollen die Telekom-Mitarbeiter nun länger zu einem niedrigen Lohn arbeiten. Diese sind verständlicherweise davon weniger begeistert, daß sie die schwerwiegenden Managementfehler der letzten Jahre ausbaden sollen.

Wir hier wollen hingegen zurück in den Schoß von Mutter ·T···, obwohl wir bei der vielgelobten Konkurrenz mit unserem DSL sind - aber eben auch nur mit dem DSL und nicht mit dem gesamten Anschluß, denn das Telefon kommt immer noch von der Telekom.
Nun ist es aber so, daß Telekom und in unserem Fall Alice sich bei Störungen den Ball gegenseitig zuspielen. Nicht, daß wir übermaäßig viele Störungen gehabt hätten, aber wenn alles aus einer Hand geliefert wird, ist das halt unproblematischer.

Na, jedenfalls hatten wir letztens unser Reseller-DSL bei Alice gekündigt. Lustigerweise können wir aber nur einen T-DSL Anschluß bestellen, wenn wir die Kündigungsbestätigung von Alice haben. Die ist aber noch immer nicht eingetroffen. Eine telefonische Nachfrage hat letztens ergeben, daß die Kündigungsbestätigung 6 Tage vor Vertragsende zugeschickt wird. Warum? Das weiß wohl niemand so recht. Es ist aber davon auszugehen, daß die Telekom auch nicht soooo schnell sein wird, um das DSL innerhalb von 2-4 Tagen zu liefern - nicht vor dem Streik, nicht während des Streiks und nicht nach dem Streik.

Also wollte ich nun bei der Alice Hotline erfragen, ob es möglich wäre, die Kündigung wegen des Telekom-Streiks aufzuschieben. Nachdem ich mir nun all die tollen Ansagen angehört und mich mühsam durch das computergesteuerte Telefonmenü gehangelt habe, kommt die lapidare Ansage, daß derzeit der Anruf nicht entgegen genommen werden kann, weil alle Plätze belegt seien. Toll! Dafür verschwendet Alice meine wertvolle Zeit?! Wieso geht denn dann überhaupt der Computer ran und meldet nicht einfach, daß besetzt ist?
Immerhin hat die Alice-Hotline eine 0800-Nummer... *sigh*

Kategorie: 

G8-Gipfel: Die Freiheit der Demokratie

Well, when Ubuntu started it was said that it aims at the Desktop market. An enhanced Debian distribution for desktop users, so to say. In the meantime Ubuntu released Ubuntu LTS for servers and announced lately Ubuntu Mobile and Embedded Edition.
Apparently Ubuntu becomes a direct opponent to Debian: first the desktop, next the servers and now embedded systems. I wonder when Debian will finally react and make some changes in order to compete with Ubuntu, because Ubuntu is simply that: a competitor.
And a quite successful competitor, I've to admit! I'm recommending Ubuntu instead of Debian now for new Linux users and I'm using Ubuntu on an increasing number of machines (mostly laptops) myself. Such things like packages stuck in new queue for 2 months are driving me away from Debian slowly. I would like to know what the newly elected DPL is going to do about this problem of losing ground to Ubuntu? I'm just curious.... :)

Note: Yes, I know that "universal OS" is somewhat of an urban legend...

Kategorie: 

Seiten

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer