Re: [eug-lug]'nuther reason
Cory Petkovsek wrote: > With 170 linux workstations, it wouldn't even take a whole day to write > a script. Upgrading a herd of homogeneous workstations is easier than upgrading a herd of heterogeneous servers. Keeping track of which hosts require which versions of which software (especially as 3rd party packages and their binary incompatibilities complicate the situation) might slow you down a bit. I could easily see the required script growing up to or even beyond 10 lines of bash. I still think one day is a good upper bound, though. (-: [insert ref. to Scotty admitting to Kirk that he always padded his estimates] -- Bob Miller K kbobsoft software consulting http://kbobsoft.com [EMAIL PROTECTED] ___ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
Re: [eug-lug]'nuther reason
On Thursday 13 November 2003 01:37 pm, Cory Petkovsek wrote: : On Thu, Nov 13, 2003 at 10:09:54AM -0500, Linux Rocks! wrote: : > >From the Real world experience files, I did my work co-op in a govt : > > office. : > : With 170 linux workstations, it wouldn't even take a whole day to write : a script. I'd build a local debian mirror, then push out an apt sources : file and a cron job to every workstation that says to automatically : upgrade off of the server. : : apt-get update : apt-get -q -y -u upgrade Ohh.. yeah, I kinda meant that I could have had the luxury of spending the whole day writing and testing, and of course goofing on a bit... Even If I wanted to have every machine compile and install their own kernels/ modules report status/failure/success, reboot, report kernel versions... it would have been feasible to do that in one day, and have many days of uptime before needing to run the script again! Jamie : : Cory -- We apologize for the inconvenience, but we'd still like yout to test out this kernel. -- Linus Torvalds, announcing another kernel patch ___ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
Re: [eug-lug]'nuther reason
On Thu, Nov 13, 2003 at 10:09:54AM -0500, Linux Rocks! wrote: > >From the Real world experience files, I did my work co-op in a govt office. > There were 170 workstations (at that time) running NT4, and we needed to > update to SP4, IE, mcafee, and a few smaller apps. The bulk of the time was > for IE, and NT4, and it took about 2 hours per workstation. The process was > about 10 pages long, and the admin worked on one workstation at a time, at > this rate, working by himself, he would have gotten it done just in time for > the next update. If this were a linux shop, I could have taken my time (like > all day If I wanted) to write a script to completely automate this process, > and have all the workstations updated overnite (note, this means no downtime > for the user too!). This way, I could have spent the rest of my time doing > better things. With 170 linux workstations, it wouldn't even take a whole day to write a script. I'd build a local debian mirror, then push out an apt sources file and a cron job to every workstation that says to automatically upgrade off of the server. apt-get update apt-get -q -y -u upgrade Cory -- Cory Petkovsek Adapting Information Adaptable IT ConsultingTechnology to your (541) 914-8417 business [EMAIL PROTECTED] www.AdaptableIT.com ___ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
Re: [eug-lug]'nuther reason
On Thursday 13 November 2003 03:08 am, Cory Petkovsek wrote: : On Wed, Nov 12, 2003 at 09:38:46PM -0800, Ken Barber wrote: : > "Lazy sysadmins"? I beg to differ. : > : > How about "overworked sysadmins"? I was once in charge of a 'Doze : > network and there was no way I could keep current with the : > patches. Before one patch project was complete, there were two : > more vulnerabilities that needed patching. And patching M$ : > systems isn't exactly quick or easy with all of the testing that : > must be done first, not to mention trying to schedule the patch : > around various or department's schedules. I could have worked : > full-time at that place doing nothing else -- but I was required : > to do everything else. : > : > The problem isn't lazy sysadmins, unless not wanting to work 70 : > hours per week is your definition of "lazy." : : Agreed. In a recent thread about linux activism w/ numbers, I posted a : research report done by the Robert Frances Group, paid for by IBM. This : study focused on real world clients using windows, linux and solaris on : x86 and sun hardware respectively. They broke all measurements down to : normalized units so they could be compared fairly. They found from : these real world businesses that a windows administrator can generally : administer 10 servers, while a linux administrator, although more : expensive, can manage 44 servers. >From my personal experience I would agree also. I must admit to using windows far less than linux. My experince with Service packs is that they often cause a whole lot of problems, which then have to be dealt with, which turns into a whole lot of time being eaten up to fix one problem that should never have been overlooked in the first place. Its a really frustrating problem that likely keeps admins from keeping windows machines current. >From the Real world experience files, I did my work co-op in a govt office. There were 170 workstations (at that time) running NT4, and we needed to update to SP4, IE, mcafee, and a few smaller apps. The bulk of the time was for IE, and NT4, and it took about 2 hours per workstation. The process was about 10 pages long, and the admin worked on one workstation at a time, at this rate, working by himself, he would have gotten it done just in time for the next update. If this were a linux shop, I could have taken my time (like all day If I wanted) to write a script to completely automate this process, and have all the workstations updated overnite (note, this means no downtime for the user too!). This way, I could have spent the rest of my time doing better things. I belive that the sql expliot (the nasty one earlier this year that took down bank of america, and many other large instituions, and servers all over the world) admins did know about well in advance, but did not install service packs. I think the blaster instance was well documented a couple years ago... I would have to look up references about it... It was a while ago, however I think it was TV news, not some crazy linux zelot that told me. : : http://www.rfgonline.com/subsforum/LinuxTCO.pdf : : Cory -- [In 'Doctor' mode], I spent a good ten minutes telling Emacs what I thought of it. (The response was, 'Perhaps you could try to be less abusive.') -- Matt Welsh ___ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
Re: [eug-lug]'nuther reason
On Wed, Nov 12, 2003 at 09:38:46PM -0800, Ken Barber wrote: > "Lazy sysadmins"? I beg to differ. > > How about "overworked sysadmins"? I was once in charge of a 'Doze > network and there was no way I could keep current with the > patches. Before one patch project was complete, there were two > more vulnerabilities that needed patching. And patching M$ > systems isn't exactly quick or easy with all of the testing that > must be done first, not to mention trying to schedule the patch > around various or department's schedules. I could have worked > full-time at that place doing nothing else -- but I was required > to do everything else. > > The problem isn't lazy sysadmins, unless not wanting to work 70 > hours per week is your definition of "lazy." Agreed. In a recent thread about linux activism w/ numbers, I posted a research report done by the Robert Frances Group, paid for by IBM. This study focused on real world clients using windows, linux and solaris on x86 and sun hardware respectively. They broke all measurements down to normalized units so they could be compared fairly. They found from these real world businesses that a windows administrator can generally administer 10 servers, while a linux administrator, although more expensive, can manage 44 servers. http://www.rfgonline.com/subsforum/LinuxTCO.pdf Cory -- Cory Petkovsek Adapting Information Adaptable IT ConsultingTechnology to your (541) 914-8417 business [EMAIL PROTECTED] www.AdaptableIT.com ___ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
Re: [eug-lug]'nuther reason
On Wednesday 12 November 2003 17:20, jgw wrote: > The patch for that vulnerability was issued nearly a month > before Blaster. I believe Blaster first showed up around August > 11th. The patch in question, MS03-026, came out in mid-July... > the 16th? > > The worm was relatively successful not because Microsoft hadn't > yet issued a patch, it was successful due to lazy sysadmins not > patching their systems in a timely manner. "Lazy sysadmins"? I beg to differ. How about "overworked sysadmins"? I was once in charge of a 'Doze network and there was no way I could keep current with the patches. Before one patch project was complete, there were two more vulnerabilities that needed patching. And patching M$ systems isn't exactly quick or easy with all of the testing that must be done first, not to mention trying to schedule the patch around various or department's schedules. I could have worked full-time at that place doing nothing else -- but I was required to do everything else. The problem isn't lazy sysadmins, unless not wanting to work 70 hours per week is your definition of "lazy." Ken ___ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
Re: [eug-lug]'nuther reason
> On Wednesday 12 November 2003 12:47 pm, jgw wrote: > : > FYI, beginning this month, MS changed to announcing/releasing critical > : > update security patches only on the second Tuesday of each month. > : > : If this is true, this plan isn't going to last long. Any hack victim > would > : have a heyday in court if it could prove that Microsoft knowingly knew > : about an exploit, and held onto an announcement/patch for a month. > You mean like the port exploit the the blaster worm uses ? I think they > knew > about the issue 2 years ago! This is a common piece of FUD spread by the anti-Microsoft crowd. The patch for that vulnerability was issued nearly a month before Blaster. I believe Blaster first showed up around August 11th. The patch in question, MS03-026, came out in mid-July... the 16th? The worm was relatively successful not because Microsoft hadn't yet issued a patch, it was successful due to lazy sysadmins not patching their systems in a timely manner. Certainly, not a Windows 2000-specific issue. This same bit of FUD was spread about the Slammer worm and it's associated vulnerability. The patch for that vulnerability was patched some 5 months before the Slammer worm appeared. That patch was quite difficult to install, however. Microsoft kind of rushed that one out. Regardless, the patch was included in the next service pack, which I believe, was a month or so before the Slammer worm came out. Thus, users had two chances to patch their systems for that one. /jgw ___ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
Re: [eug-lug]'nuther reason
On Wednesday 12 November 2003 12:47 pm, jgw wrote: : > FYI, beginning this month, MS changed to announcing/releasing critical : > update security patches only on the second Tuesday of each month. : : If this is true, this plan isn't going to last long. Any hack victim would : have a heyday in court if it could prove that Microsoft knowingly knew : about an exploit, and held onto an announcement/patch for a month. You mean like the port exploit the the blaster worm uses ? I think they knew about the issue 2 years ago! Jamie : : /jgw : ___ : EuG-LUG mailing list : [EMAIL PROTECTED] : http://mailman.efn.org/cgi-bin/listinfo/eug-lug -- > I've hacked the Xaw3d library to give you a Win95 like interface and it > is named Xaw95. You can replace your Xaw3d library. Oh God, this is so disgusting! -- seen on c.o.l.development.apps, about the "Win95 look-alike" ___ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
Re: [eug-lug]'nuther reason - Backup for Ben
In response to jgw, Ben wrote: >So we hope although I'm pretty certain there has >almost *always* >been some outstanding, known exploits on M$ products >which they >continually deny, put off, delay, etc. Anyone got >handy links to back >me up? > > Ben Ben/all, pivx.com used to publish a popular 'Unpatched IE vulnerabilities' page. As of 9/11/2003, there were 31 known, unpatched vulnerabilities in Internet Explorer. Because of Microsoft's increasingly positive and proactive actions in the realm of security, along with increasing attacks on Windows systems, pivx.com took down the page, but continues to update the list internally. For those interested, a small schpeil (sp?) is at: http://www.pivx.com/larholm/unpatched/ Jason __ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree ___ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
Re: [eug-lug]'nuther reason
On Wed, Nov 12, 2003 at 10:42:53AM -0800, Ben Barrett wrote: > So we hope although I'm pretty certain there has almost *always* > been some outstanding, known exploits on M$ products which they > continually deny, put off, delay, etc. Anyone got handy links to back > me up? > >Ben How about any security company reports compared with patch release dates. A browsing through securityfocus.com should provide many such companies and reports. Cory -- Cory Petkovsek Adapting Information Adaptable IT ConsultingTechnology to your (541) 914-8417 business [EMAIL PROTECTED] www.AdaptableIT.com ___ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
Re: [eug-lug]'nuther reason
On Wed, Nov 12, 2003 at 09:47:06AM -0800, jgw wrote: > > FYI, beginning this month, MS changed to announcing/releasing critical > > update security patches only on the second Tuesday of each month. > > If this is true, this plan isn't going to last long. Any hack victim would > have a heyday in court if it could prove that Microsoft knowingly knew > about an exploit, and held onto an announcement/patch for a month. That's not hard to prove, since MS discovers only a small portion of their vulnerabilities, most come from security companies who post the results, and dates of what they find. Cory -- Cory Petkovsek Adapting Information Adaptable IT ConsultingTechnology to your (541) 914-8417 business [EMAIL PROTECTED] www.AdaptableIT.com ___ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
Re: [eug-lug]'nuther reason
So we hope although I'm pretty certain there has almost *always* been some outstanding, known exploits on M$ products which they continually deny, put off, delay, etc. Anyone got handy links to back me up? Ben On Wed, 12 Nov 2003 09:47:06 -0800 (PST) "jgw" <[EMAIL PROTECTED]> wrote: | > FYI, beginning this month, MS changed to announcing/releasing | > critical update security patches only on the second Tuesday of each | > month. | | If this is true, this plan isn't going to last long. Any hack victim | would have a heyday in court if it could prove that Microsoft | knowingly knew about an exploit, and held onto an announcement/patch | for a month. | | /jgw | ___ | EuG-LUG mailing list | [EMAIL PROTECTED] | http://mailman.efn.org/cgi-bin/listinfo/eug-lug -- ___ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
Re: [eug-lug]'nuther reason
> FYI, beginning this month, MS changed to announcing/releasing critical > update security patches only on the second Tuesday of each month. If this is true, this plan isn't going to last long. Any hack victim would have a heyday in court if it could prove that Microsoft knowingly knew about an exploit, and held onto an announcement/patch for a month. /jgw ___ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
Re: [eug-lug]'nuther reason
Darren Hayes wrote: > FYI, beginning this month, MS changed to announcing/releasing critical > update security patches only on the second Tuesday of each month. Does this mean the Bad Guys will be rolling out their new exploits on the second Wednesday of each month, to be sure their attacks will be indefensible for the next 29 days? That could also have positive implications, if the sysadmins of the world only have to adjust their filters once a month. (-: -- Bob Miller K kbobsoft software consulting http://kbobsoft.com [EMAIL PROTECTED] ___ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
Re: [eug-lug]'nuther reason
I installed today's released W2K (Workstation service), IE6 (cumul. update) and MS Office critical security patches on a client machine today with no unusual issues noted. FYI, beginning this month, MS changed to announcing/releasing critical update security patches only on the second Tuesday of each month. Reportedly in order to avoid overworking IT folks trying to stay up to date with all the random patch releases. However it is possible MS is only doing this to keep their security issues out of the news, as much as is possible. I guess the thinking is once a month is better than every other day. ;-) Me think this once a month idea is actually a disservice. Some things never change. Darren - Original Message - From: "Ben Barrett" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, November 12, 2003 12:24 AM Subject: [eug-lug]'nuther reason > to avoid the noid: > > http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-048.asp > > > > brief from page: > > > Microsoft Security Bulletin MS03-048 > > Cumulative Security Update for Internet Explorer (824145) > > ___ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
[eug-lug]'nuther reason
to avoid the noid: http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-048.asp brief from page: Microsoft Security Bulletin MS03-048 Cumulative Security Update for Internet Explorer (824145) Issued: November 11, 2003 Version: 1.0 Summary Who Should Read This Document: Customers who have Microsoft Internet Explorer installed Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical Recommendation: Customers should install this security update immediately. Security Update Replacement: This update replaces the one that is provided in Microsoft Security Bulletin MS03-040, which is itself a cumulative update. Caveats: None The Real Question: Is this spam? I've been seeing an awful lot of "Install this patch immediately" spams spoofed from "Microsoft Security Bulletin", but this is a real (and new) security update from M$. My source only claimed that this update is being reviewed, not that it should indeed be installed. = ) cheers Ben ___ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug