Well, it seems a major bug has been discoverd in Openssl 1.0.1 through 1.0.1f (inclusive). This bug would allow an attacker to gain access to any information sent via an SSL encrypted connection, such as usernames, passwords, e-mails and so forth. Full details can be found at heartbleed.com. In general, from what I have found, if you are running RHEL/CentOS 5.x with stock Openssl packages you are OK. If you are running RHEL/CentOS 6.x with stock packages, you ARE vulerable to this issue. Updated RHEL/CentOS packages have been released for this so update now. Many other distributions have updated packages also so check for them.
My comments are no substitute for checking your servers. You can visit https://www.ssllabs.com/ssltest/ to test your servers. It will give you helpful information including if your server is vulnerable to heartbleed.
NOTE: Just installing the updates does not fix it. You must reload the httpd process to complete the fix. Good luck, everyone!
Change any and all passwords that you can. When was the last time you changed your password anyway? It’s probably about time. 😉
So… I rolled my ankle and broke my fibula as well as plenty of soft tissue damage. Thankfully, no surgery is needed, at least not yet. Have the cast on for nearly two more weeks.
I’ve let my yoga practice slide, for obvious reasons, but it’s time to figure out some kind of home practice that allows for my current limitations. I did some research and found the video below. His practice is great. Based on his modifications, I think I can come up with something.
Being new to yoga, I still had not developed a home practice before my accident, so I’ll probably work more on meditation and pranayama. Seeing this guy pursuing his practice gives me great ideas to keep something going, even if it is not the power vinyasa I had been doing before. I just need to take it in stride and accept my current state. I’ll heal and be able to pursue my vinyasa practice another day.
If you want to find all files on a system or particular path and output the information with each files size and the total size of all the files you can issue the following commands:
All files less than 100MB:
find . -type f -size -100M -print0 | xargs -0 du -chs
All files equal to 100MB:
find . -type f -size 100M -print0 | xargs -0 du -chs
All files more than 100MB:
find . -type f -size +100M -print0 | xargs -0 du -chs
In “find”, using the “-type f” isolates the output for files only and will not include directories. If directories are included, you will get incorrect numbers when looking for the files smaller than your desired size, as directories themselves are just small files and will show up without specifying the search if for files only. Give this a try:
find . -size -100M -print0 | xargs -0 du -chs
and you will notice that the total size will be different, because it includes directory names.
The reasons that “find” is piped to “xargs” is that the file listing will be too long if searching an entire system and if there are spaces in files names, the “-print0” option to “find” will supply information to “xargs” so that it can pass the file names to “du” in a manner that it can use to determie file sizes.
After looking for a way to dynamically allocate memory in Virtualbox, I discovered it’s not technically possible. With that being said, there is a method that Virtualbox calls memory ballooning, due to the way memory is handled, that can serve basically the same purpose. In the documentation, there is a section just for Memory Ballooning. Hope this helps someone.