The Haus

Wednesday, October 18, 2000

Qbe Root: GenX Speaks Back

Our very own J.t.Qbe updated his Qbe Root column with a dandy entitled GenerationX Speaks Back. If you didn't catch Lisa Ling's manifesto in USA Weekend, read that first. Then come back and read J.t.'s well-reasoned rebuttal. I hate it when celebrities decide to take it upon themselves to speak for an entire generation. J.t. cares--you should too. Read and learn.


IPCHAINS turned out to be easier than I expected, thanks to a handy utility called PMFirewall. The installation script asks a few simple questions about your setup and then configures IPCHAINS rules for you! It's much easier than setting up a zillion rules all by yourself. Now my Linux box is as secure as I can reasonably hope it to be. If you want to setup a firewall and/or I.P. masquerading in Linux, it doesn't get a whole lot easier than using PMFirewall.


Heh-since complaining is news today :-)

I signed up with RoadRunner two and 1/2 weeks ago. I've gotten MAYBE 4 good days of connectivity from it. A lot of this appears to be problems in Chicago, but that's no excuse for an ISP that claims 1.5 mbps download speeds (which is complete and utter BS if you know anything about networking-don't chuckle too loud Skippy). The only thing keeping me going in this disaster is knowing that my online bill is gonna be mighty small this month, small consolation that may be . . .

Pondering the Imponderable

A subway series. Somebody shoot me. Good thing the NHL season is in full gear.

Tuesday, October 17, 2000

Linux Half-Life Server Vulnerability

Security Focus is reporting that there is a rather serious buffer overflow bug that IS being exploited in the Linux Half-Life dedicated server and earlier. Here's the scoop:
A buffer overflow vulnerability was discovered in a Half-Life dedicated server during a routine security audit. A user shell was found running on the ingreslock port of the server which lead to an investigation into how this had been achieved. - From the logs left on the server, it was ascertained that a predefined exploit script was used and that the perpetrator failed to further compromise the server due to the Half-Life software running as a non-priveledged user.

The vulnerability appears to exist in the changelevel rcon command and does not require a valid rcon password.
. . .
Valve Software promised a patch which has yet to appear. Interim measures would include:-

A) Consider not running the HalfLife software at all!
B) Remove the world execute bit from inetd to 'break' the exploit code - this would only stop the script kiddies
C) Ensure sane ipfwadm/ipchains filters are inplace
Linux H-L server admins would probably be best served to bring down their servers until a patch is released . . . and check your logs. Thanks Linux Games.

Speaking of Linux security, I spent the better part of this evening applying bug fixes and security fixes to my Red Hat 6.2 install so I can be relatively secure online. Now I need to figure out IPCHAINS. Not looking forward to that one.

Unreal Tournament 434 Info

Unreal Universe got their hands on some of the fixes for the Unreal Tournament 434 patch, which will mainly fix things broken in the previous patch *cough*. Thanks Blue.

Linux Help

I found a couple of websites that have helpful information on Linux, especially geared toward newbies trying to get a system set up of their own. They are:

An eclectic compendium for Linux newbies and

Silverglass Tech.

Some of that information is geared specifically for users of Xmission's Internet access, but the majority of it applies to most everyone.

This is Spinal Tap

I just dropped a little over $20 at Best Buy buying the This is Spinal Tap in VHS and getting the soundtrack CD. Tap is one of my all-time favorite movies--one I never get sick of watching. The sad thing about watching it on cable was that they always edited out my favorite line (hint: it's the two-word review for their album Shark Sandwich). No problems with that now! Time to pop the disc in and turn it up to 11.

Oddly enough, &numl; is not a legitimate HTML code.

Past Two Days' News

Recent Headlines

January 5, 2015: It Returns!
August 10, 2007: SCO SUCKS IT DOWN!
July 5, 2007: Slackware 12.0 Released
May 20, 2007: PhpBB 3.0 RC 1 Released
February 2, 2007: DOOM3 1.31 Patch

January 27, 2007: Join the World Community Grid
January 17, 2007: Flash Player 9 for Linux
December 30, 2006: Darkness over Daggerford 1.2
December 19, 2006: Pocket Tunes 4.0 Released
December 9, 2006: WRT54G 1.01.1 Firmware OK with Linux/Mac

All original information on this website is copyright © TheHaus.Net, 1999-2005. The use of original images, text, and/or code from this website without expressed written consent is prohibited. The authors of this site cannot be held responsible for any damage, real or imagined, which comes from the use of information presented on this site. All trademarks used are the properties of their respective owners. This site is not to be used as a floatation device (but if you try, I want a video tape of it).