Capital Area Central Texas UNIX Society
CACTUS Newsletter

Volume 23, Number 7 - July 2007

Next Meeting
Customer Support Appreciation Month
The General Membership
Thursday, July 19, 7:00 PM

Contents:

The CACTUS Newsletter is a monthly publication, distributed to our members and other interested people. Visit the CACTUS Newsletter on the web at http://www.cactus.org/CACTUS/Newsletter/. There you will find archives of back issues, as well as instructions on how to subscribe to the e-mail distribution. We welcome newsletter submissions by our members. Please contact newsletter [at] cactus <dot> org for more information.

July Meeting Program

We shall celebrate customer service appreciation month by regaling each other with recent success stories. This shouldn't take too long, so we'll then rant about the miserable failures, denial, deceit, and the eternal phone system inferno (where your call is very important, to someone, somewhere ... ), And we'll have the usual scuttlebutt.

The next CACTUS meeting will be held on Thursday, July 19, 2007 at 7:00 PM (doors open at 6:30 PM for pizza and informal discussion), at Mangia Pizza at the corner of Burnet Rd./Mopac service road and Gracy Farms Ln. (See end of newsletter for directions to the facility).

System News

by Randy Zagar

On August 15th, the MX records for CACTUS.ORG will be changed so that Outserv.cactus.org handles all incoming mail for the domain. Outserv.cactus.org will also be the new POP and IMAP server for the domain. If you use POP or IMAP to read your CACTUS mail, please update your settings to point to the new server as the services on Linux.cactus.org and Bubba.cactus.org will be turned off at that time.

Here are some technical details:

If you've got questions, suggestions, or just have rants you need to share... come to the next meeting and be heard!!!

June Meeting Report

by Ron Roberts

President Randy Zagar graciously welcomed everyone to our June solstace meeting. He noted that there are a couple of problems with linux.cactus.org. The /var partition is not big enough and /home is near 90% full. Mail on linux.cactus.org was backed up, and not delivered until Sunday, June 19th.

Randy reported that he'd been contacted by a group seeking help from CACTUS. Less Network[s,ing] [?] are looking for help with clustered sql services, high availablity, offsite backup and configuration management for a BSD enviroment. Randy wanted to introduce a proposition for CACTUS helping with a company needing services. Brad Knowles was interested.

Gil pointed out that we have a difficult time managing our own systems. There followed a discussion of kickstart and BSD's lack ot it. MH arrived, but Randy Zagar temporarily barred the door.

Sunset on the summer solstace was dramatic, but interfered with the projection screen. After some discussion of high availablitlity, program chair Brad Knowles introduced the speaker from Metasploit, HD Moore.

HD began by asking who had actually used the Metasploit Framework: only person raised a hand. Serveral have used something similar. HD Moore is the core developer and project lead of Metasploit. His day job is with Breaking Point systems as Director of security research. He described Metasploit as a great tool, one you can use today. It uses the BSD-licensed Rex library and is the latest in exploit technology. It's an exploit development platform. It allows you do use the same exploit on different ports, or environments that are defined at runtime.

HD remarked that perl is a write only language. He's rewriting Meatsploit now. The new version is 2.7 2003-2006. 45,000 lines of perl becamee 100,000 lines of ruby. It also includes 53,00 lines of c/c++ and 10,000 lines of assembly language.

Why ruby? Because it's clean easy and fun. It has an awesume OO [object oriented] model, green threading and rich platform support. HD remarked that bash has obscure network features that they take advantage of.

After mentioning the notorias PHP security bug, Lindsay Haisley noted that Earthlink [tm] sent a customer to Lindsay after not locking down their PHP server.

Someone remarked, "The FEDS must live at your office."

HD replied, "We know them."

Lindsay said, "You are obviously a dangerous man." Several members proclaimed, "My IP addr is 127.0.0.1, I'm not scared."

Someone asked if he had ever hacked squirrel mail? Yep. HD discussed several other security portals, then he brought up the interpreter:

msf> use exploit/linux/multi/php/...

He proceeded with a lengthy demonstration of the command line shell interpreter.

He next demonstated the WEB and GUI versions. His second exploit crashed a win2k server. He was using his own victims, not innocent systems.

http://www.metasploit.com

Thanks to Mangia Pizza for the hospitality, and H D Moore and the Metasploit Project. for the excellent presentation.

Membership Report

by Mark Scarborough

CACTUS would love to put your name here as our newest member. Please come join us!

To renew your membership, please send check or money order payable to CACTUS ($30/yr for regular membership and $100/yr for corporate sponsorship):

CACTUS
PO BOX 9786
Austin, TX 78766-9786

You can also pay in person at the general meetings. Please direct any inquiries or address changes to membership [at] cactus <dot> org.

CACTUS Officers

President:
Randy Zagar (jrzagar [at] cactus <dot> org)
Treasurer:
Johnny Long (longjy [at] cactus <dot> org)
Programs Chair:
Brad Knowles (knowles [at] cactus <dot> org)
Membership:
Mark Scarborough (mscar-cactus [at] cactus <dot> org)
Publicity & Webmaster:
Lindsay Haisley (fmouse [at] fmp <dot> com)
Newsletter:
Ron Roberts (ronr [at] cactus <dot> org)
Scribe:
Don Kassebaum (dak [at] cactus <dot> org)
Members at Large:
Gil Kloepfer ( kloepfer [at] cactus <dot> org)
Larry Rosenman (ler [at] cactus <dot> org)

CACTUS Sponsors

Significant Contributing Sponsors

Applied Research Laboratories/University of Texas at Austin
(Gil Kloepfer, Computer Science Division (CSD), 835-3771, gilc [at] arlut <dot> utexas <dot> edu)
CoreNAP, L.P.
(Kenneth Smith, (512) 685-0010, kenneth [at] corenap <dot> com)
Provides server colocation and high-speed Internet access to businesses in the Austin and central Texas area
Newisys, Inc.
(Tim Wood, (512) 340-9050, tim <dot> wood [at] newisys <dot> com)
Development of enterprise-class servers
Onramp
(Chad Kissinger, president, 322-9200, info [at] onr <dot> com)
Broadband Internet access, web design and colocation
Outserv.net, Inc.
(David Maynard, dpm [at] outserv <dot> net)
e-Business Operations Service Provider

Sponsors

Dresser - Wayne
(Steve Cox, (512) 338-8444, steve <dot> cox [at] dresser <dot> com)
Provides instrumentation and services to the oil and energy
Flowing Circles Engineering
(Johnny Long, (512) 293-7894, longjy [at] fcei <dot> com)
Taking advantage of grid computing to solve matrix engineering and energy conversion problems.
IBM Corporation
(George Kraft IV, (512)838-2688, gk4 [at] austin <dot> ibm <dot> com)
Journyx, Inc.
(John Madollozzo, (512)833-3274, john [at] journyx <dot> com)
Web-based products to track time, expenses, and attendance, for project management and billing.
Ray Solanik, Technical Consultant
(Ray Solanik, solanik [at] cactus <dot> org)
Starflight Corp.
(Jon Roland, jon <dot> roland [at] the-spa <dot> com)
Computer consulting, management solutions, documentation, and technical writing.
TEKsystems, Inc.
(Russell Labay, (512) 249-4912, (888) 598-5877, rlabay [at] teksystems <dot> com)
A leading provider of strategic staffing and managed services for the Information Technology and Communications (IT&C) community.
Veraci Inc.
(Michael Shrivathsan, michael [at] veraci <dot> com)
VoIPing, LLC
(Lenny Tropiano, 512-698-VOIP (8647) or Brian Sinclair 512-698-8031, info [at] voiping <dot> com)
IT Consulting and Services, converged networks, Unix, and Voice over IP

Friends of CACTUS

Applied Formal Methods, Inc.
(Susan Gerhart, 794-9732, gerhart [at] cactus <dot> org)
Auspex Systems
(Paul Levine, plevine [at] auspex <dot> com)
Fastest reliable network fileservers
Austin Code Works
(Scott Guthery, 258-0785, info [at] acw <dot> com)
BestRegistrar.com
((800) 977-3475, registrar [at] bestregistrar <dot> com)
A top-level domain name registrar, CORE member
Covad/Laserlink
(Chip Rosenthal)
CTG
(Maurine Mecer, 502-0190 (FAX 502-0287))
Professional recruiting
Compaq Computer Corporation (now HP)
(Ron Boerger, 432-8000)
Provider of scalable, high availbility systems
EDP Contract Services
(Mark Grabenhorst, 346-1040)
Professional recruiting
Hewlett Packard
(Bill Sumrall, 338-7221)
Hounix
(Marilyn Harper)
Houston's Unix Users Group
Network Appliance Corporation
(Frank Mozina, fmozina [at] netapp <dot> com)
O'Keefe Search
(John O'Keefe, john [at] okeefesearch <dot> com, 512-658-9224 or 888-446-2137)
Professional recuiting
Rocksteady Networks, Inc.
(Eric White, 512-427-1319, ewhite [at] rocksteady <dot> com)
Sailaway System Design
(Chris J Johnson, 447-5243)
Schlumberger
(Kathy O'Brien, obrien [at] asc <dot> slb <dot> com)
Technical services and products in over 100 countries
Silicon Graphics
(Don Williams, 346-9342)
Solid Systems
(Pete Farrell, 442-2222)
Sterling Infomation Group
(Darrell Hanshaw, 344-1005)
Sun Microsystems
(Rick Taylor)
Supplier of Unix client-server computing solutions
Texas Internet Consulting
(Smoot Carl-Mitchell, 451-6176, smoot [at] tic <dot> com)
TCP/IP networking, Unix, and open systems standards
Technow
A Sun Authorized Training Center and a Hardware Reseller
Unison Software
(Shelley St. John, 478-0611)
Supplier of networked systems management solutions
UT Computer Science Department
(Patti Spencer)
UT Computation Center
(Mike Cerda, 471-3241, cerda [at] uts <dot> cc <dot> utexas <dot> edu)

Directions to Meeting Location

CACTUS meets on the third Thursday of each month at the Mangia Pizza (Gracy Farms location):

Mangia Pizza - Gracy Farms
12,001 Burnet Road at Gracy Farms Ln.
Austin, TX 78758
(512) 832-5550
http://www.mangiapizza.com/33/Gracy_Farms.html

This location is approximately 2 miles north of our previous meeting location at ARL. Note that the Mapquest map on Mangia's web site is slightly wrong.

Mangia pizza is on the north-east corner of the Mopac service road and Gracy Farms Ln.

From 183 north of Duval Rd.:
Take the Duval Rd. exit on 183 and turn left onto Duval Rd. When you get to the intersection of Mopac (Loop 1) and Duval Rd., make the left turn as though you were going to get onto Mopac North (this is Gracy Farms Ln.). You will see Mangia Pizza in front of you to the left at the traffic light. Turn left and then make an immediate right turn into the little store cluster.
From 183 south:
Take the Burnet Rd. exit on 183 and head toward UT Applied Research Labs (ARL) as you would normally. Instead of going to ARL, continue on Burnet Rd. In approximately 2 miles, Burnet Rd. will fork - to the left will be Duval Rd. continuing straight will bring you to a traffic light (at Gracy Farms Ln.). You should see Mangia Pizza on your right. Continue through the traffic light and make a right turn into the store cluster.
From Mopac:
Exit at Duval Rd./Burnet Rd. From the south, continue on the service road. Continue straight at the traffic light to the next traffic light just a little bit further up. You will see Mangia Pizza in front of you to the left at the traffic light. Turn left and then make an immediate right turn into the little store cluster.

From the north, make a left turn onto Duval Rd./Burnet Rd. and then an immediate left turn (as though you were going to make a U-turn back onto Mopac) and there will be another traffic light where you will see Mangia Pizza in front of you to the left. Turn left and then make an immediate right turn into the little store cluster.

Note: If you pass Mangia Pizza, there is a U-turn on the left just a little past the store cluster. Follow the directions for Mopac coming from the north.

Valid HTML 4.01!