[ANN][DASH] Dash (dash.org) | First Self-Funding Self-Governing Crypto Currency - page 3962.

TanteStefana2

legendary

Activity: 1260

Merit: 1001

Quote from: _evolution_ on September 25, 2014, 04:54:50 PM

No, that's wrong. Finally check:

Quote

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

It should return

Quote

bash: warning: x: ignoring function definition attempt

if everything is okay.

Bourne parser is fucked up, for how long?! 20 years?!

nope, it's not echoing, LOL

Quote

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test

coins101

legendary

Activity: 1456

Merit: 1000

Monday.

reflexmk

sr. member

Activity: 289

Merit: 250

node count 777 per http://drk.poolhash.org/mnode.html

TanteStefana2

legendary

Activity: 1260

Merit: 1001

Quote from: thefrog on September 25, 2014, 01:38:00 PM

Quote from: Propulsion on September 25, 2014, 01:14:41 PM

Quote from: TanteStefana2 on September 25, 2014, 01:12:02 PM

Also, for some reason, the instance I did not reboot, I was able to update bash with sudo apt-get install bash and I now have the latest, but the instance I rebooted won't update. It says I already have the latest, even after sudo apt-get updates. So... maybe they pulled the repository (probably working on it still) I guess we'll all just have to keep checking to be sure we get the latest updates!?!

do update and then upgrade.

Finally check it with bash --version. If it says 4.3+ you're golden.

Code:

sudo apt-get update
sudo apt-get upgrade
bash --version

apt-get update
aptitude install bash

just bash, no ned to upgrade the whole system.

Geepers, I tried changing my sources list to another one (west 1 to west 2) but still no joy! Is nobody else having this trouble? I opened all my ports to make sure nothing is being blocked, no joy.... can't think of anything else??

splawik21

legendary

Activity: 1372

Merit: 1005

DASH is the future of crypto payments!

Quote from: UdjinM6 on September 25, 2014, 04:48:23 PM

Quote from: splawik21 on September 25, 2014, 04:45:22 PM

Quote from: Propulsion on September 25, 2014, 01:14:41 PM

Quote from: TanteStefana2 on September 25, 2014, 01:12:02 PM

Also, for some reason, the instance I did not reboot, I was able to update bash with sudo apt-get install bash and I now have the latest, but the instance I rebooted won't update. It says I already have the latest, even after sudo apt-get updates. So... maybe they pulled the repository (probably working on it still) I guess we'll all just have to keep checking to be sure we get the latest updates!?!

do update and then upgrade.

Finally check it with bash --version. If it says 4.3+ you're golden.

Code:

sudo apt-get update
sudo apt-get upgrade
bash --version

Do I have to stop my masternode befored update/upgrade???

No, it's safe to do it live

thnx
and i do it from the ubuntu user lvl right? I'm noob too Wink

_evolution_

full member

Activity: 140

Merit: 100

Quote from: Propulsion on September 25, 2014, 01:14:41 PM

Quote from: TanteStefana2 on September 25, 2014, 01:12:02 PM

Also, for some reason, the instance I did not reboot, I was able to update bash with sudo apt-get install bash and I now have the latest, but the instance I rebooted won't update. It says I already have the latest, even after sudo apt-get updates. So... maybe they pulled the repository (probably working on it still) I guess we'll all just have to keep checking to be sure we get the latest updates!?!

do update and then upgrade.

Finally check it with bash --version. If it says 4.3+ you're golden.

Code:

sudo apt-get update
sudo apt-get upgrade
bash --version

No, that's wrong. Finally check:

Quote

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

It should return

Quote

bash: warning: x: ignoring function definition attempt

if everything is okay.

Bourne parser is fucked up, for how long?! 20 years?!

TaoOfSaatoshi

legendary

Activity: 2156

Merit: 1014

Dash Nation Founder | CATV Host

This is a BIG thank you to @TaoOfSatoshi who has sent me $10 worth of Darkcoin. #darkcoin #bitcoin #cryptocurrency #charity

Maybe you could try giving away some DRK. It's fun! Just make sure they say "I got into the Dark!"

#getintothedark
#buildthedarkness
#DarkcoinChameleon

Join us on Twitter!

@TaoOfSatoshi

UdjinM6

legendary

Activity: 1318

Merit: 1040

Quote from: splawik21 on September 25, 2014, 04:45:22 PM

Quote from: Propulsion on September 25, 2014, 01:14:41 PM

Quote from: TanteStefana2 on September 25, 2014, 01:12:02 PM

Also, for some reason, the instance I did not reboot, I was able to update bash with sudo apt-get install bash and I now have the latest, but the instance I rebooted won't update. It says I already have the latest, even after sudo apt-get updates. So... maybe they pulled the repository (probably working on it still) I guess we'll all just have to keep checking to be sure we get the latest updates!?!

do update and then upgrade.

Finally check it with bash --version. If it says 4.3+ you're golden.

Code:

sudo apt-get update
sudo apt-get upgrade
bash --version

Do I have to stop my masternode befored update/upgrade???

No, it's safe to do it live

splawik21

legendary

Activity: 1372

Merit: 1005

DASH is the future of crypto payments!

Quote from: Propulsion on September 25, 2014, 01:14:41 PM

Quote from: TanteStefana2 on September 25, 2014, 01:12:02 PM

Also, for some reason, the instance I did not reboot, I was able to update bash with sudo apt-get install bash and I now have the latest, but the instance I rebooted won't update. It says I already have the latest, even after sudo apt-get updates. So... maybe they pulled the repository (probably working on it still) I guess we'll all just have to keep checking to be sure we get the latest updates!?!

do update and then upgrade.

Finally check it with bash --version. If it says 4.3+ you're golden.

Code:

sudo apt-get update
sudo apt-get upgrade
bash --version

Do I have to stop my masternode befored update/upgrade???

_evolution_

full member

Activity: 140

Merit: 100

Are MN instances safe, given the BASH secure hole?

TanteStefana2

legendary

Activity: 1260

Merit: 1001

Quote from: TaoOfSaatoshi on September 25, 2014, 01:20:30 PM

Quote from: TanteStefana2 on September 25, 2014, 01:12:02 PM

funny, I finally got around to setting up a cron job for my masternodes, 'cause my brain is totally dead... anyway, it was so easy I didn't think it would work, so I rebooted, and guess what? It worked! Wow!

If you don't have a cron job set up to restart your masternodes in case of reboot, just do this:

cd /etc/cron.d

crontab -e
2 (for nano)
at bottom of newly created file, insert:

@reboot /usr/bin/darkcoind to start masternode (or wherever you have your executable Wink

Also, for some reason, the instance I did not reboot, I was able to update bash with sudo apt-get install bash and I now have the latest, but the instance I rebooted won't update. It says I already have the latest, even after sudo apt-get updates. So... maybe they pulled the repository (probably working on it still) I guess we'll all just have to keep checking to be sure we get the latest updates!?!

Thanks for the info, Tante.

No problem. In the past few days, both my instances were restarted (and masternodes stopped) I knew it was only a matter of time, LOL, but I just wouldn't look it up to take care of it. It really was easy!

TanteStefana2

legendary

Activity: 1260

Merit: 1001

Quote from: Propulsion on September 25, 2014, 01:14:41 PM

Quote from: TanteStefana2 on September 25, 2014, 01:12:02 PM

Also, for some reason, the instance I did not reboot, I was able to update bash with sudo apt-get install bash and I now have the latest, but the instance I rebooted won't update. It says I already have the latest, even after sudo apt-get updates. So... maybe they pulled the repository (probably working on it still) I guess we'll all just have to keep checking to be sure we get the latest updates!?!

do update and then upgrade.

Finally check it with bash --version. If it says 4.3+ you're golden.

Code:

sudo apt-get update
sudo apt-get upgrade
bash --version

It's weird, but it still won't install 4.3.etc.... The other instance gave me no trouble! Time for a spank'in! How do you spank a virtual machine?

vertoe

hero member

Activity: 518

Merit: 505

Quote from: BrainShutdown on September 25, 2014, 04:08:07 PM

Quote from: camosoul on September 25, 2014, 03:03:27 PM

Quote from: strix on September 25, 2014, 01:32:38 PM

I doubt anyone here is more of a newbie than I am with Arch Linux. I have been playing with it for less than a week. This morning heard about the bash bug, ran the test, and yes I was vulnerable. Hmm... heard how easy Arch is to update so for the first time ran "sudo pacman -Syu"

BOOM--vulnerability gone. Way to go Arch. I'm starting to like this...

I played with Arch, never could get used to it. I'm still do "emerge world -uND" [take a nap]

That sure brings back some good memories! Stage 1 FTW!
Thanks Grin

+1 good to see people still using gentoo. too bad their best times are over. for now I'll stick with arch, too.

TaoOfSaatoshi

legendary

Activity: 2156

Merit: 1014

Dash Nation Founder | CATV Host

So much tech talk, my head is spinning! I feel like I'm at school. Very valuable information though....

BrainShutdown

legendary

Activity: 1052

Merit: 1004

Quote from: camosoul on September 25, 2014, 03:03:27 PM

Quote from: strix on September 25, 2014, 01:32:38 PM

I doubt anyone here is more of a newbie than I am with Arch Linux. I have been playing with it for less than a week. This morning heard about the bash bug, ran the test, and yes I was vulnerable. Hmm... heard how easy Arch is to update so for the first time ran "sudo pacman -Syu"

BOOM--vulnerability gone. Way to go Arch. I'm starting to like this...

I played with Arch, never could get used to it. I'm still do "emerge world -uND" [take a nap]

That sure brings back some good memories! Stage 1 FTW!
Thanks Grin

Lebubar

legendary

Activity: 1288

Merit: 1000

Quote from: Propulsion on September 25, 2014, 03:22:40 PM

Quote from: camosoul on September 25, 2014, 03:07:20 PM

Quote from: AlexMomo on September 25, 2014, 01:56:51 PM

Quote from: Drobek on September 25, 2014, 01:46:30 PM

Quote from: strix on September 25, 2014, 01:23:18 PM

Quote from: Drobek on September 25, 2014, 12:54:59 PM

Another of my stupid questions:
All manuals on masternodes are saying how ports should be closed and how root account should not be used.. Personally I use root login with 15 chars long password and cold wallet set-up and did not bother closing the ports - can ANYTHING really happen to me?
My guess is 99.9% not but still would like to get a second opinion. Everyone is saying how root should not be used but I do not see the danger with the cold wallet & decent pw.

My dear drobek, we were all once newbies at everything, and will always be newbies at somethings. Once you understand something, you can often profit by going against the stream, but in an area where you are a newbie, statements like this are dangerous if not foolhardy: "Everyone is saying how root should not be used but I do not see the danger with the cold wallet & decent pw. "

Your cold wallet may be safe, but if your machine is compromised you may be subject to all sorts of future grief... not to mention the possible eventual loss of any funds/information that pass through or are produced by it. IMHO.

Thank you for your reply strix. While the statement indeed sounds naive I still wonder how anyone can guess/force a decent password. Have talked to a few people who were hacked and almost all of them had either simple pw or pw they reused on multiple occasions. At this point I think that a combo of decent PW and frequent apt-get update/upgrade may be adequate for cold wallet set up but still preferred to get a second opinion to running everything as a root.

I'm a sys/net admin with 15+ years of experience and I can tell you that the biggest threat is YOURSELF! Just make a typo as root and kiss your system goodbye! Happened to me twice, I have learned the hard way... You don't have to Wink

Some examples (do not try this on your masternode):
rm -rf .*
mv / /dev/null
find -type f -mtime +30 -exec mv {} /dev/null \;
whatever > /dev/sda

Play it safe, log in as a regular user and use sudo!

So much of this.

Don't forget the times you've copied a huge pile of data into a folder, but you forgot to mount the block device to that folder first... And even better, the whole reason you were doing it was because you had to save some data that a user copied into a folder that is actually a mount point, but the block device wasn't mounted to it, so... Oh, did I mention; it's a tape. Good to be paid by the hour, eh?

cp != mv

cp's like testnet. The fun is using mv like mainnet.

The worse that happen to me is :
rm * .log
(The tipo : with a space between * and . ) nothing anymore in the / directory

janos666

hero member

Activity: 588

Merit: 500

Quote from: AlexMomo on September 25, 2014, 01:56:51 PM

Quote from: Drobek on September 25, 2014, 01:46:30 PM

Quote from: strix on September 25, 2014, 01:23:18 PM

Quote from: Drobek on September 25, 2014, 12:54:59 PM

Another of my stupid questions:
All manuals on masternodes are saying how ports should be closed and how root account should not be used.. Personally I use root login with 15 chars long password and cold wallet set-up and did not bother closing the ports - can ANYTHING really happen to me?
My guess is 99.9% not but still would like to get a second opinion. Everyone is saying how root should not be used but I do not see the danger with the cold wallet & decent pw.

My dear drobek, we were all once newbies at everything, and will always be newbies at somethings. Once you understand something, you can often profit by going against the stream, but in an area where you are a newbie, statements like this are dangerous if not foolhardy: "Everyone is saying how root should not be used but I do not see the danger with the cold wallet & decent pw. "

Your cold wallet may be safe, but if your machine is compromised you may be subject to all sorts of future grief... not to mention the possible eventual loss of any funds/information that pass through or are produced by it. IMHO.

Thank you for your reply strix. While the statement indeed sounds naive I still wonder how anyone can guess/force a decent password. Have talked to a few people who were hacked and almost all of them had either simple pw or pw they reused on multiple occasions. At this point I think that a combo of decent PW and frequent apt-get update/upgrade may be adequate for cold wallet set up but still preferred to get a second opinion to running everything as a root.

I'm a sys/net admin with 15+ years of experience and I can tell you that the biggest threat is YOURSELF! Just make a typo as root and kiss your system goodbye! Happened to me twice, I have learned the hard way... You don't have to Wink

Some examples (do not try this on your masternode):
rm -rf .*
mv / /dev/null
find -type f -mtime +30 -exec mv {} /dev/null \;
whatever > /dev/sda

Play it safe, log in as a regular user and use sudo!

While I agree that logging in as a user is somewhat safer in general than logging in as root but I don't think this is the reason.
The ENTER is the key here. If you hit the ENTER without double (or triple) checking the whole line, you can just as easily end up with a devastating mistake whether you are logged in as root or as a user who is using sudo. These commands you listed as examples have the exact same effect when issued with sudo and you can just as easily make typos in lines starting sudo as you would without sudo but logged in as root. Sudo doesn't save you from typos and similar accidents when you think you are about to issue a command with root privileges anyway. When you think you need superuser rights you will automatically start the line with sudo and everything after that can still be a mistake (and have the same effect as issuing the same command as the real root).

So, I personally use an account without superuser rights (can't even use sudo) and I log in as root (in a different terminal) when I want to do something which requires root privileges (but I log out when I am done).

Propulsion

hero member

Activity: 658

Merit: 500

The Buck Stops Here.

Quote from: camosoul on September 25, 2014, 03:07:20 PM

Quote from: AlexMomo on September 25, 2014, 01:56:51 PM

Quote from: Drobek on September 25, 2014, 01:46:30 PM

Quote from: strix on September 25, 2014, 01:23:18 PM

Quote from: Drobek on September 25, 2014, 12:54:59 PM

Another of my stupid questions:
All manuals on masternodes are saying how ports should be closed and how root account should not be used.. Personally I use root login with 15 chars long password and cold wallet set-up and did not bother closing the ports - can ANYTHING really happen to me?
My guess is 99.9% not but still would like to get a second opinion. Everyone is saying how root should not be used but I do not see the danger with the cold wallet & decent pw.

My dear drobek, we were all once newbies at everything, and will always be newbies at somethings. Once you understand something, you can often profit by going against the stream, but in an area where you are a newbie, statements like this are dangerous if not foolhardy: "Everyone is saying how root should not be used but I do not see the danger with the cold wallet & decent pw. "

Your cold wallet may be safe, but if your machine is compromised you may be subject to all sorts of future grief... not to mention the possible eventual loss of any funds/information that pass through or are produced by it. IMHO.

Thank you for your reply strix. While the statement indeed sounds naive I still wonder how anyone can guess/force a decent password. Have talked to a few people who were hacked and almost all of them had either simple pw or pw they reused on multiple occasions. At this point I think that a combo of decent PW and frequent apt-get update/upgrade may be adequate for cold wallet set up but still preferred to get a second opinion to running everything as a root.

I'm a sys/net admin with 15+ years of experience and I can tell you that the biggest threat is YOURSELF! Just make a typo as root and kiss your system goodbye! Happened to me twice, I have learned the hard way... You don't have to Wink

Some examples (do not try this on your masternode):
rm -rf .*
mv / /dev/null
find -type f -mtime +30 -exec mv {} /dev/null \;
whatever > /dev/sda

Play it safe, log in as a regular user and use sudo!

So much of this.

Don't forget the times you've copied a huge pile of data into a folder, but you forgot to mount the block device to that folder first... And even better, the whole reason you were doing it was because you had to save some data that a user copied into a folder that is actually a mount point, but the block device wasn't mounted to it, so... Oh, did I mention; it's a tape. Good to be paid by the hour, eh?

cp != mv

cp's like testnet. The fun is using mv like mainnet.

camosoul

hero member

Activity: 560

Merit: 500

www.OroCoin.co

Quote from: AlexMomo on September 25, 2014, 01:56:51 PM

Quote from: Drobek on September 25, 2014, 01:46:30 PM

Quote from: strix on September 25, 2014, 01:23:18 PM

Quote from: Drobek on September 25, 2014, 12:54:59 PM

Another of my stupid questions:
All manuals on masternodes are saying how ports should be closed and how root account should not be used.. Personally I use root login with 15 chars long password and cold wallet set-up and did not bother closing the ports - can ANYTHING really happen to me?
My guess is 99.9% not but still would like to get a second opinion. Everyone is saying how root should not be used but I do not see the danger with the cold wallet & decent pw.

My dear drobek, we were all once newbies at everything, and will always be newbies at somethings. Once you understand something, you can often profit by going against the stream, but in an area where you are a newbie, statements like this are dangerous if not foolhardy: "Everyone is saying how root should not be used but I do not see the danger with the cold wallet & decent pw. "

Your cold wallet may be safe, but if your machine is compromised you may be subject to all sorts of future grief... not to mention the possible eventual loss of any funds/information that pass through or are produced by it. IMHO.

Thank you for your reply strix. While the statement indeed sounds naive I still wonder how anyone can guess/force a decent password. Have talked to a few people who were hacked and almost all of them had either simple pw or pw they reused on multiple occasions. At this point I think that a combo of decent PW and frequent apt-get update/upgrade may be adequate for cold wallet set up but still preferred to get a second opinion to running everything as a root.

I'm a sys/net admin with 15+ years of experience and I can tell you that the biggest threat is YOURSELF! Just make a typo as root and kiss your system goodbye! Happened to me twice, I have learned the hard way... You don't have to Wink

Some examples (do not try this on your masternode):
rm -rf .*
mv / /dev/null
find -type f -mtime +30 -exec mv {} /dev/null \;
whatever > /dev/sda

Play it safe, log in as a regular user and use sudo!

So much of this.

Don't forget the times you've copied a huge pile of data into a folder, but you forgot to mount the block device to that folder first... And even better, the whole reason you were doing it was because you had to save some data that a user copied into a folder that is actually a mount point, but the block device wasn't mounted to it, so... Oh, did I mention; it's a tape. Good to be paid by the hour, eh?

cp != mv

camosoul

hero member

Activity: 560

Merit: 500

www.OroCoin.co

Quote from: strix on September 25, 2014, 01:32:38 PM

I doubt anyone here is more of a newbie than I am with Arch Linux. I have been playing with it for less than a week. This morning heard about the bash bug, ran the test, and yes I was vulnerable. Hmm... heard how easy Arch is to update so for the first time ran "sudo pacman -Syu"

BOOM--vulnerability gone. Way to go Arch. I'm starting to like this...

I played with Arch, never could get used to it. I'm still do "emerge world -uND" [take a nap]

Topic: [ANN][DASH] Dash (dash.org) | First Self-Funding Self-Governing Crypto Currency - page 3962. (Read 9723803 times)