Re: [gentoo-user] {OT} Opinions on Host's Decision Please
Grant wrote: >>> As I have previously posted about, my host sent me an email a few days >>> ago stating that support tickets for 5,000-6,000 of their clients had >>> been broken into. I checked my records and found that my root >>> password had previously been submitted in a support ticket. I then >>> decided I needed to reinstall my system. >>> >>> I requested that my host allow me access to a second machine for 2-5 >>> days while I switch over to a clean system, after that I would turn >>> the old system over to them and continue with the new system. >>> >>> My request was denied! I'm blown away by this. Was I asking too much? >>> >>> >> Information that was valuable leaked because they screw it, so, no >> matter what terms of service say, they must fix their own mistakes. If >> the machine crashes, the data center is burned down to the ground or >> the manager's kid pull the plug on the main server, that's a situation >> where they can say "not our fault, deal with it". But in your case >> their support system had a breach, and thus its their fault. They must >> provide you the means to ensure that YOUR information is safe, cause >> they caused the incident in the first place. You're unsure about your >> information, and information is money. >> >> If I were you I would be backing up my data by now, would then request >> a physical backup and after I get it: >> >> 1) Send them email about the actions I'm about to take. >> 2) Move away from their services and look for a better server. >> 3) Write a cool blog entry about their services and how secure they are. >> >> Of course they could answer the (1) email granting your requests and >> maybe you wouldn't have to take steps (2) and (3). Happened to me >> once. >> > > I couldn't agree more. It feels like I should have a legal recourse > in this situation. My Dad is a lawyer but has no knowledge of > technical matters. > > - Grant > That your Dad is a lawyer may be worth mentioning to them. Just don't tell them it is NOT his area of practice. May help get that #1 deal. Dale :-) :-)
Re: [gentoo-user] Hacked by association?
On Samstag, 22. September 2007, Grant wrote: > > > Do I > > > need to start this thing over? > > > > yes. No tool can tell you for certain, that no malware is rampage on your > > system. netstat, ps, emerge might be hacked already. As might be md5sum > > and other tools to generate and compare ckecksums. There is only one way > > to make sure your system is clean: > > > > reinstallation > > I had another idea. Would it work to monitor my machine's traffic > from another machine on the network and determine if I've been hacked > that way? Any ssh traffic other than mine would be a giveaway. > > - Grant and who says that the hacker uses ssh in the future? or connects to the box in the next couple of weeks? -- [EMAIL PROTECTED] mailing list
[gentoo-user] help with the dreaded mount: RPC: Program not registered
Hi, all, I have 2 gentoo machines, lotus and tobey. tobey is an nfs server to lotus. Today I upgraded tobey, and now nfs doesn't work. Previously, it worked for years. The symptoms are: 1) mount -v /mnt/tobey on lotus returns mount: RPC: Program not registered 2) /etc/init.d/nfs start on tobey produces no output, no running nfsd daemons, and exit code 1. 3) There is nothing particularly informative (to me) in the system logs. There is one instance of tobey rc-scripts: ERROR: cannot start nfs as rpc.statd could not start after the reboot following today's upgrade. I've started rpc.statd by hand and then attempted to start nfs, but nfs still does not start. There is no information in the system log explaining why. 4) I've done the usual google search, and followed the advice of other people who have had this problem, and I have read the available Gentoo Wiki documents that discuss this problem and followed the advice there. The result: nfs still does not start. 5) tobey is a machine which doesn't like to start various daemons when it boots despite their being managed by rc-update. I have no idea why - this situation started a few months ago after an upgrade. I start them by hand after reboots. 6) I always do revdep-rebuild and always follow the post installation instructions mailed by portage's elog facility. So, any brilliant ideas about why I can't start nfs or how to debug the problem? As always, thanks for your help! John Blinka
Re: [gentoo-user] {OT} Opinions on Host's Decision Please
On Sat, 22 Sep 2007 08:06:40 Grant wrote: > > > As I have previously posted about, my host sent me an email a few days > > > ago stating that support tickets for 5,000-6,000 of their clients had > > > been broken into. I checked my records and found that my root > > > password had previously been submitted in a support ticket. I then > > > decided I needed to reinstall my system. > > > > > > I requested that my host allow me access to a second machine for 2-5 > > > days while I switch over to a clean system, after that I would turn > > > the old system over to them and continue with the new system. > > > > > > My request was denied! I'm blown away by this. Was I asking too much? > > > > > > - Grant > > > > You are probably asking more than their terms of service *require* them > > to provide, especially if they don't believe the leaked information was > > used for any nefarious activity. > > However a reasonable webhost who accepts responsibility for its mistakes > > and values its customers would probably grant such a request as a gesture > > of goodwill - unless they were worried about opening the floodgates for > > every customer to request such treatment, a scenario which would likely > > leave them unable to comply even if they wanted to. > > As a side note, although I agree with all the comments about 'never been > > sure' a system is still clean, did you check whether there was actually > > any root logins to your server not from your IP since the breach? If I > > was in your situation and could confirm that no root logins occurred (via > > ssh, ftp, cpanel, whatever else is running) from other ip's I'd probably > > rest easy just changing my password. > > Wouldn't it be trivial for them to edit the logs though? > Good point, that comes down to how your server is set up. My server logs get sent to a dedicated logging host - primarily to agregate logs from half a dozen domains, with the happy side effect of securing logs from webserver breaches. My final comment was a presumptive leap based on my own setup and is invalidated if your logs are kept on the same host. - Noven -- >-- Novensiles divi Flamen --< > Miles Militis Fons < -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] {OT} Opinions on Host's Decision Please
> > As I have previously posted about, my host sent me an email a few days > > ago stating that support tickets for 5,000-6,000 of their clients had > > been broken into. I checked my records and found that my root > > password had previously been submitted in a support ticket. I then > > decided I needed to reinstall my system. > > > > I requested that my host allow me access to a second machine for 2-5 > > days while I switch over to a clean system, after that I would turn > > the old system over to them and continue with the new system. > > > > My request was denied! I'm blown away by this. Was I asking too much? > > > > Information that was valuable leaked because they screw it, so, no > matter what terms of service say, they must fix their own mistakes. If > the machine crashes, the data center is burned down to the ground or > the manager's kid pull the plug on the main server, that's a situation > where they can say "not our fault, deal with it". But in your case > their support system had a breach, and thus its their fault. They must > provide you the means to ensure that YOUR information is safe, cause > they caused the incident in the first place. You're unsure about your > information, and information is money. > > If I were you I would be backing up my data by now, would then request > a physical backup and after I get it: > > 1) Send them email about the actions I'm about to take. > 2) Move away from their services and look for a better server. > 3) Write a cool blog entry about their services and how secure they are. > > Of course they could answer the (1) email granting your requests and > maybe you wouldn't have to take steps (2) and (3). Happened to me > once. I couldn't agree more. It feels like I should have a legal recourse in this situation. My Dad is a lawyer but has no knowledge of technical matters. - Grant -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] python-2.5
> did you run python-updater after you upgraded to the version 2.5 ? If > not that might help ! Hi Boris, I did run python-updater. Where I'm stuck at this point is downgrading python back to 2.4. Not sure how that's done with slotting behavior. - Grant > > I had to upgrade to python-2.5 for a media app called listen and now > > I'm having trouble with another media app called miro. I think I need > > to downgrade to python-2.4, but I'm confused by the slotting behavior. > > Right now emerge -pv python tells me I have python-2.4.4-r4 installed > > but I know I upgraded to 2.5. How should I handle this? -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] {OT} Opinions on Host's Decision Please
On 9/21/07, Grant <[EMAIL PROTECTED]> wrote: > Hello, > > As I have previously posted about, my host sent me an email a few days > ago stating that support tickets for 5,000-6,000 of their clients had > been broken into. I checked my records and found that my root > password had previously been submitted in a support ticket. I then > decided I needed to reinstall my system. > > I requested that my host allow me access to a second machine for 2-5 > days while I switch over to a clean system, after that I would turn > the old system over to them and continue with the new system. > > My request was denied! I'm blown away by this. Was I asking too much? > Information that was valuable leaked because they screw it, so, no matter what terms of service say, they must fix their own mistakes. If the machine crashes, the data center is burned down to the ground or the manager's kid pull the plug on the main server, that's a situation where they can say "not our fault, deal with it". But in your case their support system had a breach, and thus its their fault. They must provide you the means to ensure that YOUR information is safe, cause they caused the incident in the first place. You're unsure about your information, and information is money. If I were you I would be backing up my data by now, would then request a physical backup and after I get it: 1) Send them email about the actions I'm about to take. 2) Move away from their services and look for a better server. 3) Write a cool blog entry about their services and how secure they are. Of course they could answer the (1) email granting your requests and maybe you wouldn't have to take steps (2) and (3). Happened to me once. -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] {OT} Opinions on Host's Decision Please
> > As I have previously posted about, my host sent me an email a few days > > ago stating that support tickets for 5,000-6,000 of their clients had > > been broken into. I checked my records and found that my root > > password had previously been submitted in a support ticket. I then > > decided I needed to reinstall my system. > > > > I requested that my host allow me access to a second machine for 2-5 > > days while I switch over to a clean system, after that I would turn > > the old system over to them and continue with the new system. > > > > My request was denied! I'm blown away by this. Was I asking too much? > > > > - Grant > > You are probably asking more than their terms of service *require* them to > provide, especially if they don't believe the leaked information was used for > any nefarious activity. > However a reasonable webhost who accepts responsibility for its mistakes and > values its customers would probably grant such a request as a gesture of > goodwill - unless they were worried about opening the floodgates for every > customer to request such treatment, a scenario which would likely leave them > unable to comply even if they wanted to. > As a side note, although I agree with all the comments about 'never been sure' > a system is still clean, did you check whether there was actually any root > logins to your server not from your IP since the breach? If I was in your > situation and could confirm that no root logins occurred (via ssh, ftp, > cpanel, whatever else is running) from other ip's I'd probably rest easy just > changing my password. Wouldn't it be trivial for them to edit the logs though? - Grant -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] {OT} Opinions on Host's Decision Please
On Sat, 22 Sep 2007 07:07:23 Grant wrote: > Hello, > > As I have previously posted about, my host sent me an email a few days > ago stating that support tickets for 5,000-6,000 of their clients had > been broken into. I checked my records and found that my root > password had previously been submitted in a support ticket. I then > decided I needed to reinstall my system. > > I requested that my host allow me access to a second machine for 2-5 > days while I switch over to a clean system, after that I would turn > the old system over to them and continue with the new system. > > My request was denied! I'm blown away by this. Was I asking too much? > > - Grant You are probably asking more than their terms of service *require* them to provide, especially if they don't believe the leaked information was used for any nefarious activity. However a reasonable webhost who accepts responsibility for its mistakes and values its customers would probably grant such a request as a gesture of goodwill - unless they were worried about opening the floodgates for every customer to request such treatment, a scenario which would likely leave them unable to comply even if they wanted to. As a side note, although I agree with all the comments about 'never been sure' a system is still clean, did you check whether there was actually any root logins to your server not from your IP since the breach? If I was in your situation and could confirm that no root logins occurred (via ssh, ftp, cpanel, whatever else is running) from other ip's I'd probably rest easy just changing my password. - Noven -- >-- Novensiles divi Flamen --< > Miles Militis Fons < -- [EMAIL PROTECTED] mailing list
[gentoo-user] {OT} Opinions on Host's Decision Please
Hello, As I have previously posted about, my host sent me an email a few days ago stating that support tickets for 5,000-6,000 of their clients had been broken into. I checked my records and found that my root password had previously been submitted in a support ticket. I then decided I needed to reinstall my system. I requested that my host allow me access to a second machine for 2-5 days while I switch over to a clean system, after that I would turn the old system over to them and continue with the new system. My request was denied! I'm blown away by this. Was I asking too much? - Grant -- [EMAIL PROTECTED] mailing list
RE: [gentoo-user] disable dropping to -j1 when building certain programs
> -Original Message- > From: Mick [mailto:[EMAIL PROTECTED] > Sent: Friday, September 21, 2007 6:00 AM > To: gentoo-user@lists.gentoo.org > Subject: Re: [gentoo-user] disable dropping to -j1 when building certain > programs > > On Thursday 20 September 2007, Richard Marzan wrote: > > On Thu, 2007-09-20 at 22:39 +0200, Bo Ørsted Andresen wrote: > > > > > > Stop top-posting. > > > > > > I suppose you are speaking of WANT_MP=true which is used by a few > > > packages (mozilla-sunbird, mozilla-firefox and openoffice). It does > not > > > affect any other packages though. > > > > Yes, I was referring to that variable. Thanks. Sorry for top-posting but > > it's hard not to do that at work with Outlook since reply doesn't format > > the reply as you see above my post. I would have to edit ">" manually to > > and add the date then send the reply. I'll try though. > > (Did you know that Outlook can be configured to prefix responses with > > and to > post only plain text to particular addresses? Have a look at: > Tools>>Options>>Preferences>>E-mail Options>>On replies and forwards>>When > replying to a message, for the prefix thingy). > > HTH > -- > Regards, > Mick Thanks it worked...somewhat...still not as good at evolution. -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] glibc-2.3.6 fails to compile (in a vserver)
On Thursday 20 September 2007, Bo Ørsted Andresen wrote: > On Thursday 20 September 2007 13:49:14 Alan McKinnon wrote: > > http://www.ecos.sourceware.org/ml/libc-alpha/2006-04/msg00090.html > > https://bugs.gentoo.org/show_bug.cgi?id=131108 ? Thanks. I patched glibc according to that bug, and guess what? Same error. Which seems weird given the explanation given for the failure. But no matter, I found a different stage3 to use with a suitable glibc that doesn't fail like this I'm reminded of the old saw: "It's software. Surely you didn't expect it to work?" :-) alan -- Optimists say the glass is half full, Pessimists say the glass is half empty, Developers say wtf is the glass twice as big as it needs to be? Alan McKinnon alan at linuxholdings dot co dot za +27 82, double three seven, one nine three five -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Hacked by association?
On Freitag, 21. September 2007, Grant wrote: > > > Do I > > > need to start this thing over? > > > > yes. No tool can tell you for certain, that no malware is rampage on your > > system. netstat, ps, emerge might be hacked already. As might be md5sum > > and other tools to generate and compare ckecksums. There is only one way > > to make sure your system is clean: > > > > reinstallation > > Although I haven't found any evidence of intrusion, I've been urged > off-list to reinstall and since I'm about 4 hours early to rise this > morning I think I better. If your intruder has at least some skills and don't want to leave evidence behind, you have nearly zero chance to find any signs. That is the evil part about being 'maybe hacked'. Even with the best tools you can only say 'the hacker must be good' and not 'there was no hacker'. > > Can we go over a good plan for the transition? My main concerns are > backing up the right files and a good remote installation procedure as > it's been years since I did that. Thanks. I would tar everything up and copy the files back you really want - after checking them. Stuff from /etc, like the files in /etc/conf.d, make.conf, the files in /etc/portage and other stuff you edited, the /home tree, your database and website files, if there are any. But don't copy anything back without having a look first. Your world-file might be helpfull to spare some time. /usr/portage stuff should be nuked completly - it is so easy to replace it is not worth the risk of a hacked ebuild ... Don't forget to mkfs the partitions first before you start reinstallation. About remote installation: never done that, hopefully someone else on the list can help you with that. -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Bad 3Dness from my Intel 855GM!
> this before? I don't know what other programs I can test it with that I > might be able to get a screenshot to show you with, but if anybody knows > something that might be a good test, let me know! You could test downgrading x11-drivers/xf86-video-i810 to 1.7.4. as there were some problems with i810 after the last x11 upgrade. ralf -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Hacked by association?
> > Do I > > need to start this thing over? > > yes. No tool can tell you for certain, that no malware is rampage on your > system. netstat, ps, emerge might be hacked already. As might be md5sum and > other tools to generate and compare ckecksums. There is only one way to make > sure your system is clean: > > reinstallation Although I haven't found any evidence of intrusion, I've been urged off-list to reinstall and since I'm about 4 hours early to rise this morning I think I better. Can we go over a good plan for the transition? My main concerns are backing up the right files and a good remote installation procedure as it's been years since I did that. Thanks. - Grant -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] disable dropping to -j1 when building certain programs
On Thursday 20 September 2007, Richard Marzan wrote: > On Thu, 2007-09-20 at 22:39 +0200, Bo Ørsted Andresen wrote: > > > > Stop top-posting. > > > > I suppose you are speaking of WANT_MP=true which is used by a few > > packages (mozilla-sunbird, mozilla-firefox and openoffice). It does not > > affect any other packages though. > > Yes, I was referring to that variable. Thanks. Sorry for top-posting but > it's hard not to do that at work with Outlook since reply doesn't format > the reply as you see above my post. I would have to edit ">" manually to > and add the date then send the reply. I'll try though. (Did you know that Outlook can be configured to prefix responses with > and to post only plain text to particular addresses? Have a look at: Tools>>Options>>Preferences>>E-mail Options>>On replies and forwards>>When replying to a message, for the prefix thingy). HTH -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] OT: Bash question
Frank Gruellich wrote: > * Anthony E. Caudel <[EMAIL PROTECTED]> 20. Sep 07: > >> Is there any way to make "pushd" and "popd" (Bash built-ins) silent? >> [snip] For example: >> >> OLD_VER=$(pushd /boot; ls kernel-* | sort | head -1; popd) >> echo $OLD_VER >> /boot ~ kernel-2.6.22-gentoo-r2 ~ >> > > For that exact example... why you bother at all? $( ) opens a subshell > and cd's in subshells don't interact with parent shell so you could > simply write: > > OLD_VER=$(cd /boot; ls kernel-* | sort | head -1) > > or > > OLD_VER=`cd /boot; ls kernel-* | sort | head -1` > > if you want to be more compatible. Or am I missing a point? > > HTH, kind regards, > Frank. > Thanks, Frank. That is the best solution. Tony -- Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Mouse Paste
On 9/14/07, Benno Schulenberg <[EMAIL PROTECTED]> wrote: > Korthrun wrote: > > > > Since making these changes I've lost my middleclick to paste > > > > functionality, > > Since you're not posting any more, did you succeed in getting the > middle button working again? > > > Maybe I'll just set the box on fire tonight. > > Or may we conclude that you gave in to the temptation? :) > > Benno > -- > [EMAIL PROTECTED] mailing list > > I did get the button working again, via adding Option "Protocol" "IMPS/2" To the mouse stanza. I haven't tried combining it with the extra button functionality yet. -- () The ASCII Ribbon Campaign - against HTML Email, /\ vCards, and proprietary formats. -- [EMAIL PROTECTED] mailing list