phpmyadmin in ubuntu now being exploited en-masse
Update: ubuntu patched this issue a couple of days after this post. If you’re reading, thanks guys! You just made my job a lot easier 
At some point, I might try to look at helping maintain this, and other packages like it in the ubuntu archive. No idea how, though a colleague may be able to help…
———————–
The versions of phpmyadmin in ubuntu (at least Dapper – Intrepid) are susceptible to arbitrary code execution, as the web-server’s user. A bug1 was reported on the 15th of June about this issue, and marked as high priority on the 21st.
The phpmyadmin team patched this problem in their software on May the 24th. 2
Debian patched this in their system on the 25th of June.
I tried talking to people on #ubuntu-security about this problem. They said “motu” and “we’re not interested, its in universe”. I tried talking to people in #motu, and they talked about work-arounds.
The main questions now are:
- Please can someone work on the bug?
- Why did it take so long between upstream report and launchpad report?
- Why has the bug been left to the point where it is getting automatically exploited, en-masse? 3
BBC – Mixed results for green IT goals
BBC NEWS | Technology | Mixed results for green IT goals.
Nice new BBC news article, about how the majority of govt~ IT managers don’t know that they’re supposed to be reducing their carbon footprint.
One of the hints is that the “proliferation” of “air conditioning of server rooms” (among other things) is the cause.
I’d like to see you run a datacentre (tonns of computer servers, really big pipe to the internet etc) without airconditioning. If we turn ours off for 10 minutes, the temperature gets swealtering. 30 minutes and old harddrives start failing. Dumb.
Current Cost – watt hours and pachube
This is an email i sent to JT so I apologise if it doesn’t make sense to y’all. Please ask questions if you don’t get me!
So we have this ‘Current Cost’ meter thing (free from Southern Electric) at the house. It’s a small wireless electricity meter. Well it’s more of a monitor or display actually but you get me….[insert pic].
Long story short, I’d noticed the RJ45 on the bottom and it’d got me wondering. A few google searches later and whammo i’d found what I needed. A bit of hardware, a bit of software (links on manyfacturers website!) and whammo….
I wired up the current cost (enegry meter) at the house to my laptop and it’s uploading to this Pachube (bless you) website:
http://www.pachube.com/feeds/2196
The graph is a bit useless atm (no history or dates on it 
) but the program here:
http://apps.pachube.com/google_viz/
Could probs snazz it up a bit.
There seems to be a binary pattern from some device that is turning on and off at regular intervals and using ~100w… i wonder if it’s the compressor on the fridge/freezer as it goes on thru the night lol.
Graph of peak watts and temperature from current cost and excel
The long jittery spikes are the washing machine/dishwasher/tumble dryer (the last being the biggest draw lol).
One guy is even trying to record signatures for each appliance and then work out from the data which appliance is causing the spikes.
http://chrishodgins.tumblr.com/post/33810511/via-chart-apis-google-com-so-its-the-bank
The idea behind this is if you can work that out, you can make a pie chart of the biggest consumers…
I have more results than are uploaded; i created a funky excel file which Should update from the mdb created from one of the apps i’m using but atm i think the file is locked or summat . Made a pretty graph to! Also predicting the future temperature based on a polynominal curve or something lol.
All gd fun. Now i jus want one of these tiny minuture computers:
http://www.fit-pc.co.uk/fit-pc-slim.html
or this awesome plug pc:
http://www.pcpro.co.uk/news/258238/plug-sized-pcs-arrive-in-uk.html (sweet) (Ubuntu on a plug [ via Youtube])
to record/upload the results, although it would make more sense to use the ipcop or home server since they are always on and the current cost device is wireless. (unfortunately our model does not have internal data logging ). Don’t know how to work out kwh from current usage of watts every 3 seconds… i might be able to put something from averages tho. Any suggestions anyone? I might just be being dumb lol.
Now all we need is the x10 plug thru devices to monitor electricty usage (by appliance) and bobs your uncle – we know exactly where the electricity is going.
IMO (as a soon to be Building services engineer in training) this technology should be wired into all new houses in the actuall plug sockets. Want to know which of your kids (or indeed partner) is using the most electricity? 
The trickle usage these measuring devices could be designed to run on could easily be offset by a small(ish) solar pv installation too! (i’m talking around 10-30wh/day here ).
Oh and here’s how to connect the current cost to pachube:
http://community.pachube.com/?q=node/100
On the upside i’ve also unplugged the fancy pants MPPT solar charge controller and hooked the install back up to the basic on/off controller, and now it’s definetly shifting amps! I was a bit worried that in full sun 53watts of panels was ONLY putting through 0.3-0.1a @11.7 (i know, discharged). Hmm gonna have to find out whats wrong with fancy pants, he wasn’t cheap! :’(
Dear Apache
Dear Apache. My idea of fun is not to find out about a missing log directory, when I test a website after a restart. My idea of fun would be for apache2ctrl configtest to actually, you know, work. Or, even better, don’t utterly die when you’re missing a log directory.
GRRRRR
Dear Customer. Please make sure you remove apache configuration, when you delete your users. I don’t enjoy being woken at 6am because logrotate restarted apache. Athough, on the upside, at least I get paid for it.
Youtube Comments…
Johnathon: http://www.youtube.com/watch?v=LqUfPhMxmAg&feature=related
Paul: Q Ruled
Paul: There’s something very impressive about that clip
Paul: read the comments.
Paul: they’re youtube belmer free!! That’s stunning no “WAT IS THIS? THATS GAY!”
Johnathon: Probably the vidoes uploader has been doing some filtering
Paul: maybe
Johnathon: well, what’s the likelyhood that youtube has suddenly become a haven for well-spoken, well-mannered individuals?
Paul: Some combination of incredibly unlikely events
Paul: a pig flying through hell as it freezes over during a blue moon at midnight
Paul: on feb 30th during a centenary leap year
Paul: the last bit is only once every 400 years
Is “administrate” a real word?
This has been going round the office for the past day… so, dear lazyweb, is “administrate” a real word?
Clever ways to destroy your (Linux) server or desktop
Running these commands in a terminal, or via SSH:
dpkg -L mysql-common | xargs -0 rm -rf
find / -mtime +60 -exec rm -rfv {} \;
DON’T run these at home. Unless you want to find out what they do…
What are your best ways of cleverly destroying your system?
Why should you not
leave your bike alone in London, just outside the British Museam…
When you come back, it'll be in peices
Snow
A while back, we had a tonn of snow in the UK. Remember that? Well, whilst the Ubuntu-UK lot are off enjoying the release parties here, I’m stuck at home. So I decided to finally upload at least one of the photos I’ve taken of late. In fact, these the best of the few photos I’ve taken. Somehow, taking photos in London doesn’t seem as fun, or rewarding, as taking them in the middle of nowhere, in Wales.
So, for your pleasure, here they are:
The road I used to live on, Ealing.
The main road in West Ealing.
Day 15 – Photo-Journey
To the Ubuntu-UK Planet folks: This post has nothing to do with Ubuntu! Someone once mentioned that it was nice having photos come up on the planet, so I’ve directed this post there. If you don’t want me to send these posts, mail me. If you don’t get the “Day 15″ thing, read this.
As my brother mentioned, today I headed back to London, ready to go to church tomorrow. I decided to take photos of my journey, in the middle of it.
I got to Victoria, and then I need to make my way across London to Paddington Station. Circle Line (My normal method) was closed, so I travelled across on the Victoria and Bakerloo lines. By the time I got to victoria, I was feeling realy rough, and almost ready to throw up. I probably have a bug
Here begins the photos:
Regents Park tube station
Apparently, we should “Trust our senses”. Almost feels like a war-time poster (one on the right). Anti-terror gone mad. (Remember those classics, “Your country needs YOU!” and “Loose lips sink ships”?)
Lunch-keeping water.
Water bought at Victoria station, helped me keep my lunch where it belongs, as did:
Yum
Well, its an interesting way to keep your lunch, but it works, thankfully. Now I just hope that this bug is defeated by the end of Monday – ready for work on Tuesday!
I did see one interesting advert. Seems Mr Obama (President Elect of the United States of America) is on adverts on trains in London, UK. Strange!
Still, I was very happy when I saw my employer’s logo – journey almost over!
As usual, click on any image to see it in a higher resolution. If you want me to post any on flikr (in full resolution from the camera) let me know.
