Yearly Archives: 2004

Sweetcorn Festival report

Posted on by

Day by day report:

  • Thursday night – Tractor pull I, not real good, attendence in the park wasn’t all that good either.
  • Friday night – Tractor pull II, a little better, much bigger crowd in the park. I had a deep fried Snickers bar, which was suprisingly good. (“Remember, if you rub it on paper and it turns clear, it’s your window to weight gain!“) After the pull was over, I, umm, had a few beers, went out with the parade route painting crew, and didn’t get home until after 4:30 am.
  • Saturday – After the late night, I was pretty much worthless until 5:30 pm or so. After Demo Derby I, we hung out in the beer tent listening to the tunes of XKrush and people-watching the crowd.
  • Sunday – After the standard brunch with the grandparents, I worked at Corn on the Cob, feeding ears into the husker. After 4 straight hours of doing that, time for Demo Derby II. There was another derby at Earl Park, IN, so the number of entries was down considerably.
  • Monday – Started at corn early in the morning, husking before 11 am to try to stay ahead of the rush when we started serving at noon. We husked , cooked and served the entire 8 tons of corn that was delivered that morning.

I’ll try to get thumbnails of the few pictures I took up soon.

And a parting thought: “Git ‘er dun” is not english.

BlackBox Voting, Dennis Hastert

Posted on by

Wow, I really hope most of this info about the GEMS vote tabulator isn’t true, but it sounds like poor programming and borders on criminal. The best quote:

According to internal Diebold memos, there are 32 combinations of on-off flags. Even the programmers have trouble keeping track of all the changes these flags can produce.

Can you say “spaghetti code” boys and girls?

And I’m ashamed Dennis Hastert is a representative of my state.

Rain, Poker and Work

Posted on by

I traded working opening Sunday for Friday off and spent the day working in Hoopeston. Finally got my linux workstation moved over to new hardware and RedHat Enterprise Linux. It’s also got many other “duties as assigned”, so it needs Enterprise.

Friday night, as it rained, we played 2 “Luxor rules” games of poker: 300 chips and 10 minute blind increases. After a couple of quick all ins, we were down to 3. I proceded to win that game. Then we played a full game, which I also won. And I won the final “Luxor rules” game. And it kept raining almost the entire time. I’m going to have to start calling that Hawaiian shirt my lucky poker shirt.

Saturday, I took Dad’s Dell over to the school to install XPSP2 since I didn’t think downloading 200MB+ over dialup sounded like much fun. This was the first time I’d actually seen the install in person, so I spent some time playing with it. One thing I noticed is that the installer uses file transfer methods that don’t appear to take advantage of web caching systems, squid in particular. That can’t be good. Spent some time working after that and some time removing spyware and viruses from computers at a nonprofit. Saturday night’s poker games weren’t quite as good to me, but I can’t complain. Oh, and it was raining again. So much so that I was worried about being able to get back to my parents house. I didn’t have any problems, but the next morning the water wasn’t much below where it was in June.

And now I’m watching all the Formula 1 that I DVRed over the weekend.

Port 445 worm details revealed

Posted on by

After spending the last few days watching portsentry logs for repeat offenders and moving them off to the quarantine VLAN, I finally got the chance to analyze an infected machine when one of Housing’s seldom used (and even less frequently updated) laptops was connected and got infected.

While installing Windows updates (MS04-011, MS04-012, MS04-014, MS04-016, etc) , the user saw an LSASS.EXE error and a shutdown counter started. The updates finished installing before the restart, but it was still infected. After rebooting and updating the McAfee virus scanner from 4387 to 4388 DATs, it detected c:winntsystem32bling.exe as W32/Sdbot.worm, which is what we’ve assume it to be all along.

The exe name seems to be pretty random, though one of the more common ones we’ve seen is winsmc.exe. Another recent virus that exhibits similar behavior is W32/Sasser.worm.g, so we are probably seeing some of that as well.

I can pretty much narrow down the exploit to using something that is patched in MS04-011, 012, or 014, as I have another laptop that has those patches, but nothing later and has not been infected. Most likely MS04-011, with the LSASS fixes. Since all these patches are from April of this year, the moral of the story is to visit Windows Update on a regular basis, or turn on Automatic Updates if you are on a high speed connection.

Network bad, quarantine good

Posted on by
Reply

Well, as previously mentioned, I’ve been disabling URHnet connections like a fiend and yesterday was no exception: about 60 between 9 am and 4 pm and another 40 or so last night. All of this is due to some piece of malware that none of the anti-virus vendors seem to be catching yet. With the rate of change on the sdbot family, I’m not all that suprised.

One thing that’s different this year is that we’re not really disabling the connections, they are being moved to a network that has no connection to the outside world, called the “quarantine vlan”. There is just one DHCP server/DNS server/web server/ftp server machine, with a few instructions for the residents and some tools for our NetTechs to use. Thanks to some hard work by the fine people at CITES backbone and LAN maintenance groups, NetTechs have the ability to change which network a room is on from a webpage. So, really, no more disabled rooms, unless they are doing something Really Bad.