Writing

Software, technology, sysadmin war stories, and more. Feed
Saturday, June 25, 2011

Some old workstations may never die

I used to be the sole admin of several dozen Slackware boxes. This started back in the days before it was based on things like glibc, to give some idea of how long ago this was. I remember the whole whole jump from version 4 to version 7 just because "well, everyone else is doing it, so why not?", poking fun at Red Hat and the like.

For some time, you'd basically install from whatever version was the newest, and then you'd just layer your own gunk on top to add features or fix security holes. There was no such thing as "upgradepkg". I wound up writing something which would track all of my files by checksum to figure out which versions had been installed, sort of like tripwire.

This actually uncovered a fun little problem where my sendmail binary changed by exactly one bit one fine day. Byte 739308 changed from 0x6d to 0x2d, dropping bit 6. Running md5sum again and again kept turning up the same value. Later, after blowing away the disk cache by reading in a bunch of data, running md5sum got the right value. There's a reason I called that machine "burden". It was cursed.

Eventually, Slackware picked up the notion of upgrading packages, so my system evolved. It started tracking things by their package names as well, and it had a pair of lists. Every morning, my machines would dutifully phone home, pick up a fresh set of lists, and would then check to see if everything was okay. If something seemed amiss, like a package marked "obsolete" or "security issue", then I'd get a mail. Bliss!

Here in 2011, I no longer run a huge fleet of such machines, but the story isn't done yet. I recently took back one of my domain names from being hosted on Google Sites, and look what happened.

aa.bb.cc.dd - - [25/Jun/2011:00:00:01 -0700] "GET /pkgchk/sums/pkgchk.list.base HTTP/1.0" 404 308 "-" "pkgchk/0.4.2-20031002"
aa.bb.cc.dd - - [25/Jun/2011:00:00:01 -0700] "GET /pkgchk/sums/pkgchk.list.site HTTP/1.0" 404 308 "-" "pkgchk/0.4.2-20031002"

My old workstation at a previous job, mentioned in another story regarding ticket search, is still alive and it's still trying to phone home. I even told some folks there to kill that thing ages ago, before it went onto the Google hosting and I would not be able to see the 404s any more.

Now, here it is, still chugging away, trying to check things. If I felt a bit more evil, I guess I could try to find an overflow exploit in my own code and get it to open an xterm back to me, but what's the point? Clearly, nobody is taking care of the barn back there.

20031022. That build is nearly 8 years old. Sheesh.