I have a ’87 GMC Sierra pickup truck, a 3/4 ton with a 454 engine, so it’s not surprising that I don’t get very good gas mileage with it. Well, recently I learned how to overhaul an engine by using the truck as the guinea pig. My brother-in-law is really good at this, so I it was a neat opportunity to learn. I was hoping that after the engine work was done, not only would my oil leak be gone, but I thought it might perform better and get better gas mileage. Well, I figured it out the other day and I am still getting 10 miles to the gallon. Not very good! :( However, everytime I get out of my truck I smell gas, which is also not good. I had looked under the truck a couple times when the smell seemed pretty strong and I could tell one of the connections on the fuel filter appeared to be leaking. So I bought a new fuel filter and installed it tonight. The truck has two fuel tanks and I had also noticed some dripping by the switch that decides what tank gives the engine gas. So I took the cover off of that and looked at all of the connections. Everything looked about the same (old and worn hoses), so I started the truck up. The new fuel filter worked like a charm, with no leaking, but one of the hoses that connects to the switch was leaking pretty bad. I shut the truck back off and found the crack in the hose. The crack was close enough to the end and the hose was long enough that I was able to cut the end off and still put it back on. Now that is no longer leaking either. Unfortunately, I still have one leak left. There is a pin size hole in the bottom of the passenger side tank, that has a very slow leak in it. It makes me mad that it is there because I just had the tanks replaced a few years ago. I need to find out what kind of warranty I got on it and see what it takes to fix something like that. Either way, I’m going to use the gas out of that tank first! So after fixing all of these leaks, I can’t help but wonder, was I only getting 10 miles to the gallon because a bunch of it was leaking on to the ground? I will have to run some more mileage checks to be sure.
So I recently found out about a vulnerability in the popular system administration web interface program, webmin. I personally don’t use webmin, nor do I like it, since I think if you are going to have a linux server, you or someone you pay to administer it for you should have the skills necessary to set it up correctly. So anyway, at work there were several customers that had this installed and some used it and some didn’t. Either way, most of them don’t know anything about linux or keeping their system up to date (hence the need for Webmin) and had never updated webmin since it was first installed. So this vulnerability is pretty bad, it allows malicious people to view any file on your server. These hackers, download the /etc/shadow file to their own computers and let their computers spend their idle cpu time attempting to crack the passwords. Once a system user’s password has been cracked, they simply log in to the server as an authorized user and setup camp. What a nuisance these hackers cause, especially when they decide to launch a denial of service attack and fill up the network with a UDP packet flood. Nice. Well, now that we know about it, it’s no longer a problem, but man, I hate hackers!
So, how do you know if they have stolen your passwords through webmin? Check /var/webmin/miniserve.log and see if there is a line in there getting your /etc/shadow file. I’m not going to post the actual line, that’s the last thing I want – to give someone who doesn’t know where to find it elsewhere the code they need to steal someone else’s passwords. If the file has already been downloaded, then shutdown Webmin and change your passwords immediately. Then check to see if there are any extra files in /tmp, /var/tmp, and in user’s home directories. Really they can be anywhere a normal user can write to. Often they will be hidden directories, so make sure you use `ls -la` when listing the directories. On trick is to use the name “. ” where the name is first a period followed by a space. To enter that directory you would have to type `cd ./. /`and then othertimes they will call them … or .,. or ,,, stuff like that. If you know how to clean up after a hacker, you may be able to clean it up, if you have no idea, it would be best to get someone else to work on it. Then if you have to have it installed, upgrade to the latest version!
So I just finished reading the book, “Patriot Games”, by Tom Clancy. I’ve been reading it for a couple of weeks now, I haven’t been able to sit down and read a book straight through for many years now, but as I got closer to the end, I just had to read it to the end. Sunday afternoon was the perfect time. Although the book is obviously fiction, it reminded me of the freedoms and safety that I take for granted living in the United States. It also made me think about how rewarding it must be to work for a government organization like the CIA or FBI, actively trying to fight for good.
So I am building a new website now for my family to use, so I’m trying out Mambo, an open source content management system. So far I have installed it once with the sample content and once without. I wish there was something in between. The site without any sample data, should still have the links that are common in the different menus, like being able to edit your profile should be in the user menu automatically. Oh well, so now I am comparing the one with sample data and the one without, adding those links that I want.
So yesterday I cleaned out the swamp cooler and prepared it for Winter. I realized that this is something that is pretty specific to Utah and the surrounding states. I don’t remember ever seeing them anywhere else that I have lived. So when you winterize a swamp cooler, you remove all the water from the inside and the water supply line so that nothing freezes when it gets cold outside. Then you cover it with a canvas cover and close off the inside as well.