Wandering Thoughts archives


More on the Solaris ssh stuff (part 3)

As an update on the Solaris ssh stuff and to sort of answer a question left in comments on here:

I brought another Solaris machine up to the current patchlevels today, which let me see what the current state of affairs is. The best answer is that it's confusing and not fixed yet.

  • patch 112908-24 and 112908-25, the apparently bad versions of the 'krb5 shared obj' patch, have been very thoroughly removed.
  • 112908-23 remains available on the patches.sun.com website, but it is not mentioned in patchdiag.xref. In fact, according to patchdiag.xref there is no currently valid version of 112908 (and -24 and -25 are not explicitly in there marked as bad and withdrawn, either; instead they've just been Stalinized).
  • 113273-11 (sshd) and 114356-08 (ssh) remain in patchdiag.xref as the only live versions. They are recommended patches, and 113273-11 is marked as a security patch as well.
  • However, both 113273-11 and 114356-08 specifically require 112908-24, the unavailable krb5 patch; they will fail to install on a system with 112908-23.

Thus, Sun has quietly removed 112908-24 and 112908-25 as buggy but failed to withdraw or fix patches that depend on it. The result is that you cannot install a recommended Sun security patch, and of course the situation is not fixed in the least. (The only true fix for the situation is for Sun to release new, non-buggy versions of the patches. For some reason they haven't yet gotten around to this.)

The best workaround for now is to manually install the last good versions of the bad patches; you want 113273-10 and 114356-06. Pca will handily do this for you.

solaris/MoreSolarisSshIII written at 17:51:40; Add Comment

How not to get our business

From email sent to the University of Toronto's InterNIC WHOIS contact email address recently, from one vals@capris.com:

Good evening,

Our site monitoring software has alerted us that someone from your organization was doing a search on Google.ca for "Toronto collocation" and you visited our site, [deleted].

I was just wondering if your search was successful and if we can help you with your current or future hosting or collocation needs?


Val Slastnikov
Director, Strategic Alliances

The Capris Group

Yes, certainly, the best way to persuade people at the University of Toronto to do business with you is to spam them. And it definitely looks clueful to ask the InterNIC WHOIS contact for an organization with, oh, 60,000 people or so using its network if some random search was successful. And finally there is the chutzpah of offering hosting and colocation services to one of Canada's largest universities.

(I am assuming, generously, that there was a real search. I am an optimist. Also, I'm sure that this is more or less automated spam, so that no thinking human being ever looked at who it was being sent to. Which is yet another way to impress us with your attention to detail, or lack thereof.)

Unfortunately they have their own ASN and /22 (, AS 33162, which is also where the email came from), so I suspect that my request to their upstream route to do something about this is going to be ignored. (But then, this is nothing new.)

spam/HowNotToGetOurBusiness written at 10:59:46; Add Comment

Page tools: See As Normal.
Login: Password:
Atom Syndication: Recent Pages, Recent Comments.

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.