Yesterday, a storm came through. Knocked some trees down and knocked out power at my parents’ house for 27 hours. Luckily they got a whole-house generator a couple years back, and it worked like a champ.
Continue reading post "#4418"problem posts
Weird commute home tonight. Thunder, no: fireworks. Car flashing brights. Tree down across the road, had to clear a path. Skunk by the driveway.
Continue reading post "#4368"I haven’t been able to upgrade composer with homebrew to version 2.7.7 (on Intel Mac).
Continue reading post "#4355"xz backdoor
Reading this weekend about a backdoor introduced to the open source xz project. It doesn’t appear to affect my Ubuntu servers, so I had assumed it wasn’t relevant to me. However, the homebrew version on my Mac was “vulnerable”. It sounds like the exploit would only work on some versions of Linux, but if it does work on Macs, that could be bad. I do a lot of stuff on this computer, including banking, email, coding, etc. They know about it backdooring ssh, but if there’s something they don’t yet know about, it might be a problem.
I have a Fedora install as well. I haven’t checked it yet, but Fedora is usually on the bleeding edge, so if it’s on there, I’ll probably wipe and reinstall. I’ve been considering anyway. Luckily, I don’t do anything important on there.
Even if it didn’t actually do anything bad on the Mac, it may have done something. I had noticed some weeks or months ago (I can’t remember when) that running PHP on the command line was going slow. Running anything would take a minimum of about five seconds, including something simple like php -r 'echo "hello\n";'. I know when I had been making scripts in the past they hadn’t been taking long at all. I did some searches on the web for anybody mentioning something like that and couldn’t find anything. So I kinda just figured maybe it had something to do with the new opcode / whatever cacheing newer versions do or something, like it takes some initial setup that the server can reuse but not the command line. I assumed I was stuck with it and even started moving some scripts to bash partly because of it. When I downgraded xz via homebrew though, I decided to test it. time says the simple php -r line took 0.092 seconds. Nice and snappy. So maybe xz was doing some checks to see if the device was exploitable. It was in the dependency graph of PHP through curl and gd. Can’t say for sure that it just sped up though and if the xz change was what caused it.
I’m glad my scripts finally run quickly again, but hope that nothing was exploited here. I’ll keep an eye on the web to see if anything comes up about Macs being exploitable, and if so I’ll probably reinstall the OS to be safe.
Note: If you have used homewbrew to install PHP, curl, or anything else that might depend on xz, run brew update; brew upgrade to be safe. The dangers of being on the bleeding edge I guess.
My Moto X phone, a stand-in for my non-functioning Pixel 3a, scared me by force shutting down and then getting stuck in a reboot loop for a bit. That’s too similar to the behavior of the Pixel. Luckily, plugging it into a different USB charger and giving it time, the problem resolved itself and it has been running fine for almost a full day. Hopefully, that keeps up, as I still haven’t gotten the Pixel going or figured out what I want for a new phone.
Pixel phone may be dead?
My “current” phone (4.5 year old Pixel 3a) may be dead. I now can’t get it past the login screen and have moved to my previous phone, my Moto X. That buys me some time until I can figure out what to do. It started late Friday night and has been my weekend project.
Continue reading post "Pixel phone may be dead?"I went to send a private message on Twitter for the first time in probably 6+ years, and was made to do some human verification thing through a third party service.
Continue reading post "#4268"Furnace went out again. Had to clean out the trap.
Continue reading post "#4251"Updating to MacOS 14.2 also meant I had to update to the latest VirtualBox version, apparently.
Continue reading post "#4196"Apache PHP FPM and “Primary Script Unknown”
A while back, I wrote about dealing with the Apache / FastCGI error ‘Primary script unknown’ when trying to access non-existent PHP files. Bots often do this trying to test for vulnerabilities, and it can fill up error logs and be annoying to look through. In that post, I fixed the problem through mod_rewrite and a RewriteCond. For PHP 2.4+, there is a more broad and likely more efficient solution using the <If> directive. It will work for all virtual hosts on a server.