I made a new blog post! In this one I found a privilege escalation vulnerability in gVisor, an interesting container sandboxing technology created by Google:

justi.cz/security/2018/11/14/g

Added to the list of things you shouldn't have on your fingers when rubbing an eye:

❌ peppermint oil

SGMII stands for “Serial Gigabit Media Independent Interface.”

SGMII is a mode of
communication between the MAC and PHY to allow for 10/100/1000BASE-T
operation. In 100BASE-TX mode, the MAC still transmits to the PHY at 1.25 Gb/sec,
but each byte is repeated 10 times. The PHY then converts this repeated data to
100BASE-TX format. The process is the same in 10BASE-T mode but each byte is
repeated 100 times.

#hardware #madness

Aaaaaaagh.

Someone in the parent company has found out about Movember, and unlike previous years, we have an internal social network.

Oh, another low budget spam campagin phishing for 1&1 account credentials...

Maybe I should have a look at my word filters?

... ... ...

Nah.

@jjg
basicengine.org/

"The BASIC Engine is a very low-cost single-board home computer with advanced 2D color graphics and sound capabilities, roughly comparable to late-1980s or early-1990s computers and video game consoles. It can be built at home without special skills or tools and using readily available components for under 10 Euros in parts, or mass-produced for even less."

At the doctors, recently: "From experience, with that particular kind of eczema, you should start by trying to remove everything that's a nut from your diet for about two months, and see if it makes a difference. This includes things like almond, pumpkin, poppy seed, and strawberries, and all snacks labeled accordingly. We can then go on and try to find out which of those triggers the allergy in particular."
(Looks at my face...)
"Ok, you can also wait with that until after christmas..."

Me, moments ago: Why the hell is it so cold in here?

After looking up from the screen: Oh.

Oh hey, it's Iceland Airwaves time again...

: Black Midi (Live on KEXP)

Glorious noise.

youtube.com/watch?v=HwN1WoS3m5

Hey, it's been a year (and two days) since the first post. Drove just over 3600km in 12 months, mostly to work on weekdays, with just some minor hitches. It's been a relatively uneventful year in that regard.
Just recently, I had to replace the horn. New rear tire thanks to a puncture. Earlier this year, battery contacts burned black due to a bad connection.
None of the problems that seem common though, from following the forums (broken mirror mount and front axle), so I'm happy.

It seems 2GB of RAM definitely doesn't cut it anymore for even a single-user Mastodon instance (with elasticsearch). My system looks much happier after I allocated 4GB to the VM...

With 2GB, the system usually was using 800MB swap after just a day of operation - see munin memory graph below (the bump each night is xfsdump using up cache while traversing the media filesystem for incremental backups).

I've probably asked this before, but... Did anyone ever implement the S3 server-side API in PHP?
I still pay for this currently mostly unused hosting thing that comes with a bunch of storage...

A rndc stats appends current data to the named.stats file?

I only just noticed because that was the biggest file in /var on a vm that runs bind and the munin bind9_rndc module that calls rndc stats every five minutes...

Ugh. Do not want (as someone running this platform, and much less on a Friday afternoon) - hypervisor escape on ESXi because of bugs in vmxnet3:

"VMware ESXi, Fusion and Workstation contain uninitialized stack memory usage in the vmxnet3 virtual network adapter. This issue may allow a guest to execute code on the host. The issue is present if vmxnet3 is enabled."

vmware.com/security/advisories

CVE-2018-6981, CVE-2018-6982

...redis, when Mastodon sidekiq jobs are being held up over a couple of days...

Wasn't aware the job queue is stored in redis?

Also from last weekend, since @goetz had bought one of those: A WiModem232...

Connects to wireless, with an own TCP/IP stack that can be configured with AT commands from the serial port. Can do inbound and outbound telnet (inbound produces a RING on the serial port, like dialin on a modem).

cbmstuff.com/proddetail.php?pr

Agh. Looks like my instance is slowly catching up on missed posts from when things where broken... Just had a whole bunch of entries from five days ago in by timeline.

Another undocumented backdoor account in Cisco network gear - this time in the small business switches, and it's active as long as no local admin account with privilege level 15 has been defined: tools.cisco.com/security/cente

(There's also two other authentication bypass vulnerabilities in their patch day overview today.)

Show more
INFRa Mastodon

This Mastodon instance is not open for public registration. Site administrator is Alexander Bochmann.

Contact email: ab+mastodon@infra.de