Jeff Lightner | 1 Sep 03:34 2008

Re: Recent events with RH/Fedora servers.

I'd think so.

Remember however that the "download" issue is only if you're NOT getting
your downloads via RedHat Network (RHN) subscriptions.  If you are
getting them via subscriptions then what you got was never compromised.
If you've been getting your "downloads" via yum from official
repositories then they weren't compromised based on my read of the
official alert issued by RedHat.

-----Original Message-----
From: ale-bounces@...
[mailto:ale-bounces@...] On Behalf Of
Scott Castaline
Sent: Sunday, August 31, 2008 5:18 PM
To: Atlanta Linux Enthusiasts
Subject: [ale] Recent events with RH/Fedora servers.

With the recent events happening with theses servers would a downloaded 
image file that was downloaded during the time frame involved and again 
on 8/29/08 share the same SHA1 hash could I consider the first one as 
safe to use?
_______________________________________________
Ale mailing list
Ale@...
http://mail.ale.org/mailman/listinfo/ale
----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the
sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying,
distribution, or use of the contents of this information is prohibited and may be unlawful. If you have
received this electronic transmission in error, please reply immediately to the sender that you have
(Continue reading)

Courtney Thomas | 1 Sep 14:35 2008
Picon

AFTER new battery install, No Touchpad or Optical Mouse on portable PC

Greetings !

I replaced the battery on a Dell Latitude C810 portable and now have no
Touchpad and the USB optical wireless mouse won't initialize even though
it's USB receiver is recognized.

The mouse itself won't initialize even though new mouse batteries tested at
1.5V and the receiver is recognized.

Both these items previously worked.

I should also add that an external USB hard drive works fine.

I am forced to use a wired PS/2 mouse for the time being.

Suggestions appreciated,

Courtney
Jim Kinney | 2 Sep 02:48 2008
Picon

Re: Recent events with RH/Fedora servers.

I'll add to this as I read (between the lines) and understand:

Bad versions of ssh binaries were made available for subscriber use from RedHat servers. This did not involve a compromise of their key system. My "between the lines" part suggests that their internal source repository was compromised and the bad code was then compiled through normal channels which dodged needing to break into their hardware-keyed signing process.

As RedHat does NOT distribute binaries by means other than RHN subscription, this suggests that because the trojaned code was compiled through their normal channels it was released through the RHN process. I have seen one machine in the field running the code that matched their md5sum on the binariy and I know that machine was pulling from a sattelite server (which pulls from RHN).

RedHat does not curently use yum for their repositories. Yum is used by Fedora.

On Sun, Aug 31, 2008 at 9:34 PM, Jeff Lightner <jlightner-brerBYBDEKgAvxtiuMwx3w@public.gmane.org> wrote:
I'd think so.

Remember however that the "download" issue is only if you're NOT getting
your downloads via RedHat Network (RHN) subscriptions.  If you are
getting them via subscriptions then what you got was never compromised.
If you've been getting your "downloads" via yum from official
repositories then they weren't compromised based on my read of the
official alert issued by RedHat.

-----Original Message-----
From: ale-bounces-S6NtOCTnm14@public.gmane.org [mailto:ale-bounces-S6NtOCTnm14@public.gmane.org] On Behalf Of
Scott Castaline
Sent: Sunday, August 31, 2008 5:18 PM
To: Atlanta Linux Enthusiasts
Subject: [ale] Recent events with RH/Fedora servers.

With the recent events happening with theses servers would a downloaded
image file that was downloaded during the time frame involved and again
on 8/29/08 share the same SHA1 hash could I consider the first one as
safe to use?
_______________________________________________
Ale mailing list
Ale-S6NtOCTnm14@public.gmane.org
http://mail.ale.org/mailman/listinfo/ale
----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------

_______________________________________________
Ale mailing list
Ale-S6NtOCTnm14@public.gmane.org
http://mail.ale.org/mailman/listinfo/ale



--
--
James P. Kinney III

_______________________________________________
Ale mailing list
Ale@...
http://mail.ale.org/mailman/listinfo/ale
Jim Kinney | 2 Sep 03:03 2008
Picon

Re: AFTER new battery install, No Touchpad or Optical Mouse on portable PC

Once the battery is out, the bios will likely reset to some default bozo mode. Dig through and see if the settings are wonky. It may have reset to PS2 mouse only and not both PS2 and USB.

On Mon, Sep 1, 2008 at 8:35 AM, Courtney Thomas <courtneycthomas-Bdlq13kUjeyLZ21kGMrzwg@public.gmane.org> wrote:
Greetings !

I replaced the battery on a Dell Latitude C810 portable and now have no
Touchpad and the USB optical wireless mouse won't initialize even though
it's USB receiver is recognized.

The mouse itself won't initialize even though new mouse batteries tested at
1.5V and the receiver is recognized.

Both these items previously worked.

I should also add that an external USB hard drive works fine.

I am forced to use a wired PS/2 mouse for the time being.

Suggestions appreciated,

Courtney



_______________________________________________
Ale mailing list
Ale-S6NtOCTnm14@public.gmane.org
http://mail.ale.org/mailman/listinfo/ale



--
--
James P. Kinney III

_______________________________________________
Ale mailing list
Ale@...
http://mail.ale.org/mailman/listinfo/ale
Courtney Thomas | 2 Sep 14:26 2008
Picon

significance of -> 802.11/a/b/g connectivity

What is the significance of connectivity a/b/g as opposed to not having all
three [e.g. only, say b, instead of a,b & g] for a wireless card, please ?

Thanks once more,
Courtney
Stephen Benjamin | 2 Sep 14:40 2008
Picon

Re: significance of -> 802.11/a/b/g connectivity

802.11b and g both run around the 2.4GHz radio spectrum, b is limited to speeds of up to 11mbps whereas G can get up to 54mbps.  Lower frequencies can penetrate walls better and travel further.  a is also 54mbps but runs at 5GHz. 

b is rare nowadays, with g being the most common.  a is rare, but there's a few random 802.11a access points out there.

HTH

- Steve

On Tue, Sep 2, 2008 at 8:26 AM, Courtney Thomas <courtneycthomas-Bdlq13kUjeyLZ21kGMrzwg@public.gmane.org> wrote:
What is the significance of connectivity a/b/g as opposed to not having all
three [e.g. only, say b, instead of a,b & g] for a wireless card, please ?

Thanks once more,
Courtney

_______________________________________________
Ale mailing list
Ale-S6NtOCTnm14@public.gmane.org
http://mail.ale.org/mailman/listinfo/ale




_______________________________________________
Ale mailing list
Ale@...
http://mail.ale.org/mailman/listinfo/ale
Brian Pitts | 2 Sep 14:48 2008

Re: significance of -> 802.11/a/b/g connectivity

Courtney Thomas wrote:
> What is the significance of connectivity a/b/g as opposed to not having all
> three [e.g. only, say b, instead of a,b & g] for a wireless card, please ?

http://en.wikipedia.org/wiki/802.11#Protocols
Jeff Lightner | 2 Sep 14:55 2008

Re: Recent events with RH/Fedora servers.

Incorrect on several counts:

 

RedHat does distribute binaries.   It does also OFFER source RPMs but I’d be willing to bet most Fedora/RedHat folks install from the standard RPMs.

 

RedHat explicitly states in their notification that users who get their packages via normal subscription channels are NOT affected and it is only because some people don’t do it that way that they issued notice at all.  My read is that up2date and yum hitting official repositories (the “normal” way to do it) were not affected.  The folks I could think that might be would be those who go get one off downloads from their web site.

 

RedHat as of RHEL5 does in fact use yum instead of up2date.

 

 

From: ale-bounces-S6NtOCTnm14@public.gmane.org [mailto:ale-bounces-S6NtOCTnm14@public.gmane.org] On Behalf Of Jim Kinney
Sent: Monday, September 01, 2008 8:49 PM
To: ale-S6NtOCTnm14@public.gmane.org
Subject: Re: [ale] Recent events with RH/Fedora servers.

 

I'll add to this as I read (between the lines) and understand:

Bad versions of ssh binaries were made available for subscriber use from RedHat servers. This did not involve a compromise of their key system. My "between the lines" part suggests that their internal source repository was compromised and the bad code was then compiled through normal channels which dodged needing to break into their hardware-keyed signing process.

As RedHat does NOT distribute binaries by means other than RHN subscription, this suggests that because the trojaned code was compiled through their normal channels it was released through the RHN process. I have seen one machine in the field running the code that matched their md5sum on the binariy and I know that machine was pulling from a sattelite server (which pulls from RHN).

RedHat does not curently use yum for their repositories. Yum is used by Fedora.

On Sun, Aug 31, 2008 at 9:34 PM, Jeff Lightner <jlightner-brerBYBDEKgAvxtiuMwx3w@public.gmane.org> wrote:

I'd think so.

Remember however that the "download" issue is only if you're NOT getting
your downloads via RedHat Network (RHN) subscriptions.  If you are
getting them via subscriptions then what you got was never compromised.
If you've been getting your "downloads" via yum from official
repositories then they weren't compromised based on my read of the
official alert issued by RedHat.


-----Original Message-----
From: ale-bounces-S6NtOCTnm14@public.gmane.org [mailto:ale-bounces-S6NtOCTnm14@public.gmane.org] On Behalf Of
Scott Castaline
Sent: Sunday, August 31, 2008 5:18 PM
To: Atlanta Linux Enthusiasts
Subject: [ale] Recent events with RH/Fedora servers.

With the recent events happening with theses servers would a downloaded
image file that was downloaded during the time frame involved and again
on 8/29/08 share the same SHA1 hash could I consider the first one as
safe to use?
_______________________________________________
Ale mailing list
Ale-S6NtOCTnm14@public.gmane.org
http://mail.ale.org/mailman/listinfo/ale

----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------


_______________________________________________
Ale mailing list
Ale-S6NtOCTnm14@public.gmane.org
http://mail.ale.org/mailman/listinfo/ale




--
--
James P. Kinney III

_______________________________________________
Ale mailing list
Ale@...
http://mail.ale.org/mailman/listinfo/ale
Jim Popovitch | 2 Sep 17:19 2008

Re: significance of -> 802.11/a/b/g connectivity

2008/9/2 Stephen Benjamin <skbenja@...>:
> 802.11b and g both run around the 2.4GHz radio spectrum, b is limited to
> speeds of up to 11mbps whereas G can get up to 54mbps.  Lower frequencies
> can penetrate walls better and travel further.  a is also 54mbps but runs at
> 5GHz.
>
> b is rare nowadays, with g being the most common.  a is rare, but there's a
> few random 802.11a access points out there.

I run nothing but b, 90% of the time.   g is great in perfect worlds,
but b is much more likely to work across varied hardware and software
drivers.

-Jim P.
Courtney Thomas | 2 Sep 17:28 2008
Picon

Re: 802.11/a/b/g, thanx 2 all, but what do you recommend & why ?


----- Original Message ----- 
From: "Brian Pitts" <brian@...>
To: <ale@...>
Sent: Tuesday, September 02, 2008 8:48 AM
Subject: Re: [ale] significance of -> 802.11/a/b/g connectivity

> Courtney Thomas wrote:
> > What is the significance of connectivity a/b/g as opposed to not having
all
> > three [e.g. only, say b, instead of a,b & g] for a wireless card, please
?
>
> http://en.wikipedia.org/wiki/802.11#Protocols
> _______________________________________________
> Ale mailing list
> Ale@...
> http://mail.ale.org/mailman/listinfo/ale

Gmane