Journal of a Sysadmin

Bike downtown

From home, over to Sandy Beach then along the elbow to fourth. Down to O’Clair, over to Edworthy on the south side of the Bow River, then home. Nice ride, the hill at Edworthy still kills…

Total Time 1:00:39
Total Distance 25.76 km
Average Cadence 88 rpm
Average Speed 25.5 km/h
Odo 962 km (from 936)
Max Cadence 125 rpm
Max Speed 48 km/h

Biking again finally!

Around the resevoir, down through marda loop and all the way to 26th ave, then to 45th street and home. Good ride too! Using Sue and Pauls Pedometer on my own site I’ve mapped the ride right here.

Total Time 0:55:09
Total Distance 23.67 km
Average Cadence 88 rpm
Average Speed 25.7 km/h
Odo 936 km (from 880)
Max Cadenc 132 rpm
Max Speed 44 km/h

Something I noticed, was in the past two weeks I haven’t done a lot of biking. The weekend was a wash (though we had a hike in there up to the Ink Pots) and it rained and rained. Generally it was miserable out so I didn’t want to go.

By Tuesday this past week I was being offered coffee as a way to cheer me up, people thought I was getting grumpier then normal (I guess I’m normally fairly grumpy but this was above and beyond!). On Wed. I started biking to work again and I’m feeling great again. Not exercising was making me miserable too!

So there you have it, now my mood depends on how much exercise I get… I’m such a creature of habit aren’t I…

Wordpress upgrade or, why full disclosure.

It’s been so busy this is the first chance I had to write about this. I’ve been steamed about it since, oh, last Wed. or so (a week and a half ago) and now that WP 1.5.2 has been released I’m going to vent.

So, yours truely is a little pissed at a certain group of tight lipped developers and here’s why. They seem to entertain the idea that not telling anyone about problems is a solution in itself. They could not be more wrong.

A week and a half ago I had the pleasure of attending a system that had a security vulnerability in WP and this wasn’t the first time, a week before that someone had also got through another security problem in WP. Now obviously I run WP and so does jhb so you can see which system this is fairly easily.

Thing is, how much did we hear about either problem?

With the first one, 1.5.1.2 had a problem in xmlrpc.php. June 29th I see there’s an update posted but it says stuff like this:

The problem is not yet public but you should update your blog as soon as possible to 1.5.1.3. If you are unable to do upgrade in the short-term you may protect yourself by deleting the xmlrpc.php file from your WordPress directory.

Bull shit, it was completely public by the time they released 1.5.1.3.

Ok, delete xmlrpc.php but nothing earth shattering. I should have read between the lines. Remotely executable command exploit is written all over this thing… Nothing on other security mailing lists because it wasn’t an "Official Security Announcement" which minimizes the effectiveness of this information.

So shortly on the heels of the first one (don’t the developers understand this? The bad guys already KNOW about it) came a second one where a cookie can be set and is not checked correctly if register globals is set to ON in php. This is the norm for OLDER SITES WITH A LOT OF IN HOUSE WORK DONE BEFORE REGISTER GLOBALS. In addition, WTF can’t they do some variable cleansing here?

Some stupid prick^Wvolunteer who will remain nameless starts bantering on in the #wordpress channel on freenode about you need to do this and you need to do that. I went there to make sure they knew about this issue which, even though the person said they know about the problem and have a fix already (and had the fix for a few days) the update wasn’t commited for several days after this (I contacted them the morning of the 12th and the fix was commited on the 14th).

It tells me they are lying about it all.

Again, no security information about any of this… Anywhere except the original posting site on the 10th of August. There have since been a bunch of sites pick up on this one… None though that I could see on the XMLRPC issue.

The third in a string of fuck-up-able issues I found out about after the fact.

They (the wordpress developers) packaged a tarball without the proper fix in it as 1.5.2. Instead of admitting to their mistake they just uploaded a correct version 1.5.2. Now there are a bunch of vulnerable sites out there running the incorrect version of 1.5.2.

And btw, to all developers and especially the developers of wordpress:

Everyone thanks you for your contribution to opensource software but remember that you can negate all of that karma by simply ignoring the people that you provide service too. If you do make a mistake, admit it and make sure that everyone KNOWS about it so that they can take proper precautions.

Otherwise you will be eaten alive by people that would otherwise be on your side.

(Note: I started writing this on the 15th, and didn’t manage to finish it until the 27th of August… I wish I had been able to do it without delay but couldn’t. Sometimes life’s like that.)

40Km bike around the city

From home around the resevoir, along the elbow, through downtown over to Edworthy park then home again. It was a good ride, fairly fast and I felt strong (first time in about 2 weeks). It’s been so crazy a ride has just been impossible (one day this past week I actually spent a straight 21.5 hours at work…). I’m glad that the weekend is here, and I’m hoping for another 40k tomorrow if I can.

Total Time 1:39:52
Total Distance 40.2 km
Average Cadence 88 rpm
Average Speed 27 km/h
Odo 880 km (from 827)
Max Cadenc84.2e 120 rpm
Max Speed 51 km/h

Sunday night crawl

You know.

I wanted to go for a long ride this weekend. Only problem is I’ve had this completely negative energy thing going the whole time. I forced myself tonight to go for the Sunday Night Sprint but being that I could barely move I came in really really slow and I hurt from my head to my heals…

Total Time 0:15:19
Total Distance 7.07 km
Average Cadence 87 rpm
Average Speed 27.6 km/h
Odo 827 km (from 805)
Max Cadence 111 rpm
Max Speed 41 km/h

A bloody week already and xmlrpc…

So it’s been a week already since the adventure with the temporary spare backup puppy dog Kahlua (better known as gandalf) and since my last real bike ride . My body is not happy but I’m so f’ing tired today I don’t know if I’ll go yet…

Of course, it was a busy week which is why I’m tired and it didn’t help that friday night we stayed up too late and I couldn’t drag myself out of bed before 10:30am… argh.

So today I go to check out some stats and the web server is dead… wtf? Seems another process was using port 80, what could that be?

An irc bot, brought to you by your friendly neighborhood cracker from (it turns out) just around the corner in romania of course. Some 16 year old kid that is too stupid to bother trying to figure out that what he does makes others lives a pain. Anyway, locked it down and cleaned it up. He won’t get back in that way…

Now we just wait for next time…

/me sighs

that’s life on the Intarweb.

Another… Dog?? Part Two!

Calgary Animal Services didn’t bother calling us back again, I guess lost dogs aren’t that important to them. It’s a good thing they don’t run the office of lost babies…

Anyway, I digress.

jhb (she’s such a smart girl!) managed to read the name of the vet clinic on the rabis tag and called them. She found out the dogs name is Kahlua and that they have the owners (Brian) phone number on file. Kahlua was picked up this after noon and jhb took me out to dinner with the more then generous and not really needed reward!

Kahlua was a beautiful dog too have around last night and this morning (he slept on the floor by my feet while I had breakfast and coffee this morning) and we will miss him. Thank you Brian if you read this for the excellent dinner care of the old spagetti factory!

Another… Dog??

wtf? Well it’s like this.

We took Miss Puppy Fantastico (aka Missy) to Southland Off leash park and after ball chasing, swimming, and ball chasing and swimming after the ball we’re all ready to pack up and go home. On our way back to the car there’s this dog that doesn’t seem to have an owner running towards the water. We though, ok dog is stopped now waiting for its owner and they’ll come.

So we get to the parking lot, and there’s that dog again almost getting run over by a mini-van!

So we watch this dog and think, oh that guy he’s the owner. Nope, maybe that one… uhuh.

At the same time a lady that walk up with us (she had a husky) is doing the same thing. jhb and her tried to catch the dog but it almost ran out onto the street in front of the parking lot (I was thinking more of deerfoot trail, yikes!). In the end the dog turned around and came back into the parking lot. jhb caught it with Missy’s leash and now we have a clean (*he* had to have a bath) and tired lost temporary backup dog sleeping on our couch while I type this….

I’m so glad that he’s safe, and he seems happy (wag wag) and we found out that he may be from Dewinton. jhb may take a trip down and see what she can see. I hope that he finds his home again and if not…

I’m such a sucker…

Usual 20k around the resevoir

Was a beautiful morning for a ride. The usual 20k around the resevoir past the college and home. Thought about adding the 15 to 20k on and going downtown but I thought I’m doing really well with a long one once a week. Maybe the next long one will be to Nose Hill park or something like that.

This ride though was great. I cut 5 minutes from my previous time and increased my average speed by 2km/h.

Total Time 0:44:49
Total Distance 20.55 km
Average Cadence 88 rpm
Average Speed 27.5 km/h
Odo 805 km (from 785)
Max Cadence 129 rpm
Max Speed 50 km/h

BTW, I must say. I ROCK!