Send Fed-talk mailing list submissions to
email@hidden
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.apple.com/mailman/listinfo/fed-talk
or, via email, send a message with subject or body 'help' to
email@hidden
You can reach the person managing the list at
email@hidden
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Fed-talk digest..."
Today's Topics:
1. Re: A Flame - Was: Re: [Fed-Talk] Security Update Broke my
ftp service (Very important) (Michael Pike)
2. Re: Security Update Broke my ftp service (Very important)
(Roy Mendelssohn)
3. Re: OS X Server FTP Fix (Michael Pike)
4. Re: A Flame - Was: Re: [Fed-Talk] Security Update Broke my
ftp service (Very important) (Dave Schroeder)
5. Re: Security Update Broke my ftp service (Very important)
(Michael Pike)
6. Re: Security Update Broke my ftp service (Very important)
(Dave Schroeder)
----------------------------------------------------------------------
Message: 1
Date: Wed, 25 Apr 2007 17:12:01 -0600
From: "Michael Pike" <email@hidden>
Subject: Re: A Flame - Was: Re: [Fed-Talk] Security Update Broke my
ftp service (Very important)
To: "Dave Schroeder" <email@hidden>
Cc: Apple Fed Talk <email@hidden>
Message-ID:
<email@hidden>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
David:
No offense, but that is not an anonymous website... and that package
was written by me.. so I know it's not malicious.. that website is
linked to my personal account. I wouldn't hand out an anonymous
installer.
1) it's not a random installer, it was written by me and works fine on
all of our X SERVERS
2) it's not an anonymous site, it's a personal site of mine.
Thanks,
Mike
On 4/25/07, Dave Schroeder <email@hidden> wrote:
Um, yeah...
Even if this is perfectly legitimate, please do NOT run non-vetted
random installers from anonymous download sites on your systems.
You'd have to be an absolute fool to do this.
And anyone who is administering Mac OS X Server systems
professionally who doesn't know how to edit a plist file (in numerous
ways) should probably not be administering Mac OS X Server systems...
- Dave
On Apr 25, 2007, at 3:29 PM, Michael Pike wrote:
Link to file (ftp server fix, quick and dirty, don't run on client
only server):
http://www.onlinefilefolder.com/index.php?
action=getshare&type=0&user_num=46969&share_id=131326&hash=6dd0d83bf
7b
95a3e31e516deb6a8a45d
On 4/25/07, Paul Nelson <email@hidden> wrote:
Who at Apple are you expecting a response from? Is it the
AppleCare people
that are not responding?
Paul Nelson
Thursby Software Systems, Inc.
on 4/25/07 1:08 PM, Roy Mendelssohn at email@hidden
wrote:
It is not that Apple made a mistake - that happens - it is the
total
silence from anyone at Apple about this and the zero lack of
response
from Apple. If you expect people to run operational shops using
your
hardware/software - you had better do a better job than this.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40gmail.com
This email sent to email@hidden
--
Michael Pike
iChat/AIM: email@hidden
Jabber / GoogleTalk: email@hidden
Windows Live Messenger: email@hidden
Yahoo Messenger: email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
--
Michael Pike
iChat/AIM: email@hidden
Jabber / GoogleTalk: email@hidden
Windows Live Messenger: email@hidden
Yahoo Messenger: email@hidden
------------------------------
Message: 2
Date: Wed, 25 Apr 2007 16:17:35 -0700
From: Roy Mendelssohn <email@hidden>
Subject: Re: [Fed-Talk] Security Update Broke my ftp service (Very
important)
To: Dave Schroeder <email@hidden>
Cc: Fedtalk List <email@hidden>
Message-ID: <email@hidden>
Content-Type: text/plain; charset=WINDOWS-1252; delsp=yes;
format=flowed
Some of the Mac plist are stored in binary, This one is not - I
didn't check it first to see if I it was text of binary. I know
perfectly well how to do the things you mentioned. In fact, I know
perfectly well how to waste hours of 3 very long days writing kludges
to keep our data flows going because all the scripts people used to
send or get data to/from us were broken. This included the ftp
server not recognizing the alternative ftproot we had set up, to
changing where logins went to by default to changing whether there
were links in home directories to the correct ftproot to setting
permissions incorrectly for files put in the outgoing directory for
people to upload. The server was essentially ignoring information in
the ftpaccess file, so no matter how that was edited there were no
changes in the problems. Command line changes also didn't help.
When you are dealing with 1000's of files during a day and 20-30
providers/users all of whom are seeing what had been working break in
different ways and I am trying to solve them all on several servers,
I can only apologize that I didn't check to see if the plist was a
binary or a text file.
I purposely waited several day's before applying the security update
- there was nothing posted that there was a problem. It pretty much
totally fried our FTP services. I was here 14 hours per day trying
to fix it. I am still working on trying to recover the data we lost.
The quality control on this release must have been close to zero,
because if they had applied their own installer to a system running
any kind of ftp service they would have noted the problem immediately.
I am sorry - you can put down my capabilities all you want but I
still find Apple's response to all of this unacceptable.
My $0.02.
-Roy M.
On Apr 25, 2007, at 3:44 PM, Dave Schroeder wrote:
People who "aren't familiar" with how to navigate to a simple path
on a UNIX system, and edit a file, should not be running servers...
- Dave
On Apr 25, 2007, at 1:18 PM, Michael Pike wrote:
Good ol' Macintouch! Anyhow, I wrote an installer / patcher that
will fix this on OS X Server if anyone wants it. It will not
allow me
to attach here, email off list if you need it. Click once, enter
admin PW, reboot, fixed.
A lot easier than navigating and finding the .plist file if you
aren't
familar with where they are.
mike
On 4/25/07, Roy Mendelssohn <email@hidden> wrote:
Ok - I am dumb - how do I put that into a plist file. And why
hasn't
anyone from Apple responded. I have wasted 3 full days dealing
with
the fact that our ftp servers were toasted. The silence was
deafening. Would one of the Apple people on this list please have
the gumption to give an actual response.
-Roy M.
On Apr 25, 2007, at 10:44 AM, Rich Trouton wrote:
It looks like Macintouch has the explanation for this in its
latest
reader reports: http://www.macintouch.com/readerreports/security/
index.html#apr25
See Guillaume Gete's entry.
Thanks,
Rich
On Apr 24, 2007, at 12:09 PM, Roy Mendelssohn wrote:
The security update has broken most of my ftp services. A system
that was working fine is now broken. It does not automatically
recognize where the new FTPRoot is, anonymous can nor
download from
directories where they use to be able to (permission denied) and
when I change settings using the GUI, no new settings occur.
Something has been severely broken in this change. Can someone
knowledgeable from Apple please give me a call. We provide
data to a
lot of people and this has broken ftp on 3 different servers
with 3
different configurations.
Thanks,
-Roy M,
**********************
"The contents of this message do not reflect any position of
the U.S.
Government or NOAA."
**********************
Roy Mendelssohn
Supervisory Operations Research Analyst
NOAA/NMFS
Environmental Research Division
Southwest Fisheries Science Center
1352 Lighthouse Avenue
Pacific Grove, CA 93950-2097
e-mail: email@hidden (Note new e-mail address)
voice: (831)-648-9029
fax: (831)-648-8440
www: http://www.pfeg.noaa.gov/
"Old age and treachery will overcome youth and skill."
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40mail.nih.gov
This email sent to email@hidden
---
Rich Trouton (Contractor)
LAN Support
email@hidden
-----------------------------------------------------------
National Human Genome Research Institute
National Institutes of Health — Bethesda, MD
Office number:
(240) 643-7816
NHGRI LAN Support number:
(301) 402-7408
The best way to get in touch with me is through email.
**********************
"The contents of this message do not reflect any position of the
U.S.
Government or NOAA."
**********************
Roy Mendelssohn
Supervisory Operations Research Analyst
NOAA/NMFS
Environmental Research Division
Southwest Fisheries Science Center
1352 Lighthouse Avenue
Pacific Grove, CA 93950-2097
e-mail: email@hidden (Note new e-mail address)
voice: (831)-648-9029
fax: (831)-648-8440
www: http://www.pfeg.noaa.gov/
"Old age and treachery will overcome youth and skill."
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40gmail.com
This email sent to email@hidden
--
Michael Pike
iChat/AIM: email@hidden
Jabber / GoogleTalk: email@hidden
Windows Live Messenger: email@hidden
Yahoo Messenger: email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40noaa.gov
This email sent to email@hidden
**********************
"The contents of this message do not reflect any position of the U.S.
Government or NOAA."
**********************
Roy Mendelssohn
Supervisory Operations Research Analyst
NOAA/NMFS
Environmental Research Division
Southwest Fisheries Science Center
1352 Lighthouse Avenue
Pacific Grove, CA 93950-2097
e-mail: email@hidden (Note new e-mail address)
voice: (831)-648-9029
fax: (831)-648-8440
www: http://www.pfeg.noaa.gov/
"Old age and treachery will overcome youth and skill."
------------------------------
Message: 3
Date: Wed, 25 Apr 2007 17:26:28 -0600
From: "Michael Pike" <email@hidden>
Subject: Re: [Fed-Talk] OS X Server FTP Fix
To: "Dave Schroeder" <email@hidden>
Cc: "email@hidden" <email@hidden>
Message-ID:
<email@hidden>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Well, I could put it on .mac, but my bandwidth limit is already used
up... but as an FYI, the website I shared it on is not anonymous.
It's owned by GoDaddy, the largest Registrar in the world (bigger than
Network Solutions)... you also must pay with a valid credit card a
yearly fee ($20 for 2 gigs of space), thereby eliminating any
anonynoymity (sp?). Online File Folder is no more anonymous than
.Mac... in fact, it's less anonymous because you cannot get a free
trial with the Online File Folder... anyone can make a free .mac
account.
I don't expect anyone to run it... it's there if they want to use it.
I simply wrote a quick and dirty fix to eliminate a problem.
Unlike Windows downtime (which happens all the time), Macs are already
in an uphill battle... something like this that knocks down a critical
IT process can spell a "no more Mac" ruling... The poor guy had gigs
of data being lost and was probably hearing "You had to have those
f'in macs!", so I did what I could to help him and anyone else who
might have needed it.
And no offense to AppleCare, but we've had to call them several times
to get case numbers on failed hardware, and I think I learned more in
my first two hours with a Mac than those guys know overall. They go
down a checklist of things with no inner thought (at least that's what
it seems to me).. so asking them to get into a plist file and edit
properties is like trusting Windows with critical healthcare data.
(couldn't resist the windows shot, sorry).
even though the higher tiers of applecare might handle it, as the
person stated, he didn't have hours to wait on hold.
mike
On 4/25/07, Dave Schroeder <email@hidden> wrote:
It's fine to do this, but do you really have no other place to post
this than a random online web file sharing site?
Expecting people to run installers from such locations sets a
terrible precedent...
- Dave
On Apr 25, 2007, at 3:14 PM, Michael Pike wrote:
I am getting too many requests for the file to keep emailing them...
the OS X server patch I whipped up can be downloaded from here:
http://www.onlinefilefolder.com/index.php?
action=getshare&type=0&user_num=46969&share_id=131326&hash=6dd0d83bf
7b
95a3e31e516deb6a8a45d
Link is good for 7 days, hopefully apple will have something by
then.
mike
--
Michael Pike
iChat/AIM: email@hidden
Jabber / GoogleTalk: email@hidden
Windows Live Messenger: email@hidden
Yahoo Messenger: email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
--
Michael Pike
iChat/AIM: email@hidden
Jabber / GoogleTalk: email@hidden
Windows Live Messenger: email@hidden
Yahoo Messenger: email@hidden
------------------------------
Message: 4
Date: Wed, 25 Apr 2007 18:34:24 -0500
From: Dave Schroeder <email@hidden>
Subject: Re: A Flame - Was: Re: [Fed-Talk] Security Update Broke my
ftp service (Very important)
To: Michael Pike <email@hidden>
Cc: Apple Fed Talk <email@hidden>
Message-ID: <email@hidden>
Content-Type: text/plain; charset="us-ascii"
Michael,
No offense intended or taken, but you're missing the point. I
understand you created this package. But file sharing sites, even
ones you have an account with on GoDaddy, are very, very different
from, say, a departmental or personal web site within a university,
governmental, or institutional organization, to say nothing of having
people download a package they don't understand, that requires
administrative privileges to boot, from a post on a mailing list.
Also, anyone who doesn't know enough to need this installer in the
first place doesn't know enough to examine its contents and ensure
that it isn't doing anything malicious. The fact that we all know you
wrote this installer is irrelevant. The biggest in-the-wild infection
of Mac OS X systems to date has occurred by someone posting a zip
file purporting to be "Leopard screen shots" on a forum from a web
file sharing service.
There are several points here:
Something like editing a plist is an extremely, extremely basic
aspect of Mac OS X Server administration. If a person whose job
duties include running such servers, especially servers that are
purportedly "critical", don't have this capability, then they
absolutely need to have support contracts with Apple for Mac OS X
Server, any of which would have solved this problem:
http://www.apple.com/support/products/macosxserver_sw_supt.html
Preferably, you would have such knowledge AND an current Mac OS X
Server software support service contract.
Finally, even with best intentions, using third party tools that
alter system components that isn't from a known vendor, especially if
you don't know what they're doing, is a Very Bad Idea. This is
exactly the vector that most Mac malware will use to spread, and
already has. Desensitizing people to this truth, which isn't in
dispute, is why I posted my initial responses. There are current,
outstanding local root and browser exploits that don't require
anything more than downloading a zip file. I realize your GoDaddy
file sharing site is "yours", etc., but frankly, no one knows that
but you.
Granted, there's a lot of nuance, here, and the bottom line is that
an Apple update had some bad QA and broke peoples' services. But this
is the nature of IT administration, and people need to be equipped to
deal with such problems.
Ironically, folks complaining that Apple didn't offer support for
this issue on discussion forums or lists (which I'm frankly surprised
anyone even expects), the PURPOSE of the discussion forums and lists
actually was served: you got an interim solution from the community.
If you want a support solution from Apple, it will only come via
AppleCare (or, possibly your Apple channel), not via a random Apple
list or discussion board. That's simply not what they're for, at all.
I understand you're just trying to help, but the fact is, this is an
installer that the people who are installing have zero idea what it
does, hosted on a completely unaccountable web file sharing service.
Even if YOUR file is legitimate, that's a recipe for disaster. A much
better option would be, at a minimum, to host it on a company/
institutional web site (and I understand that's simply not an option
for some people), or, preferably, providing step by step instructions
about how people can edit the plist, which they should absolutely be
able to do. And that's not an advanced task, that's an incredibly
basic task that anyone claiming any responsibility for running Mac OS
X Server systems should either, 1.) already be able to do, or 2.)
learn.
Yes, Apple broke this, but it's a very simple problem and a very
simple fix, and anyone who contacted the *appropriate* channels at
AppleCare would already have had this solution. Apple's not going to
issue press releases and post hot news items because FTP got broken
in Mac OS X Server by a security update. You're going to get your
support via AppleCare, period. And, sometime in the next few days or
week or so, we'll either see a "1.1" version of the Security Update
or another patcher that fixes this issue for persons who have not yet
updated or been affected.
- Dave
On Apr 25, 2007, at 6:12 PM, Michael Pike wrote:
David:
No offense, but that is not an anonymous website... and that package
was written by me.. so I know it's not malicious.. that website is
linked to my personal account. I wouldn't hand out an anonymous
installer.
1) it's not a random installer, it was written by me and works
fine on
all of our X SERVERS
2) it's not an anonymous site, it's a personal site of mine.
Thanks,
Mike
On 4/25/07, Dave Schroeder <email@hidden> wrote:
Um, yeah...
Even if this is perfectly legitimate, please do NOT run non-vetted
random installers from anonymous download sites on your systems.
You'd have to be an absolute fool to do this.
And anyone who is administering Mac OS X Server systems
professionally who doesn't know how to edit a plist file (in
numerous
ways) should probably not be administering Mac OS X Server
systems...
- Dave
On Apr 25, 2007, at 3:29 PM, Michael Pike wrote:
Link to file (ftp server fix, quick and dirty, don't run on client
only server):
http://www.onlinefilefolder.com/index.php?
action=getshare&type=0&user_num=46969&share_id=131326&hash=6dd0d83bf
7
b
95a3e31e516deb6a8a45d
On 4/25/07, Paul Nelson <email@hidden> wrote:
Who at Apple are you expecting a response from? Is it the
AppleCare people
that are not responding?
Paul Nelson
Thursby Software Systems, Inc.
on 4/25/07 1:08 PM, Roy Mendelssohn at email@hidden
wrote:
It is not that Apple made a mistake - that happens - it is the
total
silence from anyone at Apple about this and the zero lack of
response
from Apple. If you expect people to run operational shops using
your
hardware/software - you had better do a better job than this.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40gmail.com
This email sent to email@hidden
--
Michael Pike
iChat/AIM: email@hidden
Jabber / GoogleTalk: email@hidden
Windows Live Messenger: email@hidden
Yahoo Messenger: email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
--
Michael Pike
iChat/AIM: email@hidden
Jabber / GoogleTalk: email@hidden
Windows Live Messenger: email@hidden
Yahoo Messenger: email@hidden
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2380 bytes
Desc: not available
Url : http://lists.apple.com/mailman/private/fed-talk/attachments/
20070425/0e8d160f/smime-0001.bin
------------------------------
Message: 5
Date: Wed, 25 Apr 2007 17:36:30 -0600
From: "Michael Pike" <email@hidden>
Subject: Re: [Fed-Talk] Security Update Broke my ftp service (Very
important)
To: "Dave Schroeder" <email@hidden>
Cc: Roy Mendelssohn <email@hidden>, Fedtalk List
<email@hidden>
Message-ID:
<email@hidden>
Content-Type: text/plain; charset=WINDOWS-1252; format=flowed
I bet every MCSE on here took offense to that! :)
In Roy's defense, Apple has changed a lot of the standard items..
plist files being one of them. Normally all of this is handled out of
the /etc directory with various .conf files.
I had to search for the plist because it was not where a standard Unix
conf file would be.
The only reason I know what I do is because I came from Linux before
OS X... most Mac users are used to things just working.
If you want to be technical nothing in OS X is "standard" as compared
to it's Unix counter parts... "php.ini.default"???...
/Library/WebServer/Documents/ for Apache?
I love Apple don't get me wrong, but the mistake that was made with
this update should not have happened... it's plain to see they
modified the ftp daemon processes - they should have tested it (on
both platforms) before releasing it. Or maybe it was just an
oversight.
With that being said, I truly love OS X Server, more so than linux,
but, there is nothing in the world more powerful than a terminal
window, and to this day I still have to tweak settings in every OS X
server we set up from the terminal because the GUI utils don't work
right.
Mike
On 4/25/07, Dave Schroeder <email@hidden> wrote:
People who "aren't familiar" with how to navigate to a simple path on
a UNIX system, and edit a file, should not be running servers...
- Dave
On Apr 25, 2007, at 1:18 PM, Michael Pike wrote:
Good ol' Macintouch! Anyhow, I wrote an installer / patcher that
will fix this on OS X Server if anyone wants it. It will not
allow me
to attach here, email off list if you need it. Click once, enter
admin PW, reboot, fixed.
A lot easier than navigating and finding the .plist file if you
aren't
familar with where they are.
mike
On 4/25/07, Roy Mendelssohn <email@hidden> wrote:
Ok - I am dumb - how do I put that into a plist file. And why
hasn't
anyone from Apple responded. I have wasted 3 full days dealing
with
the fact that our ftp servers were toasted. The silence was
deafening. Would one of the Apple people on this list please have
the gumption to give an actual response.
-Roy M.
On Apr 25, 2007, at 10:44 AM, Rich Trouton wrote:
It looks like Macintouch has the explanation for this in its
latest
reader reports: http://www.macintouch.com/readerreports/security/
index.html#apr25
See Guillaume Gete's entry.
Thanks,
Rich
On Apr 24, 2007, at 12:09 PM, Roy Mendelssohn wrote:
The security update has broken most of my ftp services. A system
that was working fine is now broken. It does not automatically
recognize where the new FTPRoot is, anonymous can nor download
from
directories where they use to be able to (permission denied) and
when I change settings using the GUI, no new settings occur.
Something has been severely broken in this change. Can someone
knowledgeable from Apple please give me a call. We provide
data to a
lot of people and this has broken ftp on 3 different servers
with 3
different configurations.
Thanks,
-Roy M,
**********************
"The contents of this message do not reflect any position of
the U.S.
Government or NOAA."
**********************
Roy Mendelssohn
Supervisory Operations Research Analyst
NOAA/NMFS
Environmental Research Division
Southwest Fisheries Science Center
1352 Lighthouse Avenue
Pacific Grove, CA 93950-2097
e-mail: email@hidden (Note new e-mail address)
voice: (831)-648-9029
fax: (831)-648-8440
www: http://www.pfeg.noaa.gov/
"Old age and treachery will overcome youth and skill."
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40mail.nih.gov
This email sent to email@hidden
---
Rich Trouton (Contractor)
LAN Support
email@hidden
-----------------------------------------------------------
National Human Genome Research Institute
National Institutes of Health — Bethesda, MD
Office number:
(240) 643-7816
NHGRI LAN Support number:
(301) 402-7408
The best way to get in touch with me is through email.
**********************
"The contents of this message do not reflect any position of the
U.S.
Government or NOAA."
**********************
Roy Mendelssohn
Supervisory Operations Research Analyst
NOAA/NMFS
Environmental Research Division
Southwest Fisheries Science Center
1352 Lighthouse Avenue
Pacific Grove, CA 93950-2097
e-mail: email@hidden (Note new e-mail address)
voice: (831)-648-9029
fax: (831)-648-8440
www: http://www.pfeg.noaa.gov/
"Old age and treachery will overcome youth and skill."
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40gmail.com
This email sent to email@hidden
--
Michael Pike
iChat/AIM: email@hidden
Jabber / GoogleTalk: email@hidden
Windows Live Messenger: email@hidden
Yahoo Messenger: email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
--
Michael Pike
iChat/AIM: email@hidden
Jabber / GoogleTalk: email@hidden
Windows Live Messenger: email@hidden
Yahoo Messenger: email@hidden
------------------------------
Message: 6
Date: Wed, 25 Apr 2007 18:40:43 -0500
From: Dave Schroeder <email@hidden>
Subject: Re: [Fed-Talk] Security Update Broke my ftp service (Very
important)
To: Roy Mendelssohn <email@hidden>
Cc: Fedtalk List <email@hidden>
Message-ID: <email@hidden>
Content-Type: text/plain; charset="windows-1252"
Roy,
If you know how to do this, fine. I was only basing my response on
your query of "how do I put this into a plist". Whether it is ascii
or binary, that is a basic task on Mac OS X. If you do in fact know
how to do these things, great, because that's a prerequisite for
running Mac OS X Server systems.
As to the security update breaking FTP, I completely agree. That was
a big QA miss, plain and simple. I don't know, though, how you spent
all this time laboring to fix it. This list and Apple's discussion
forums are not a support channel in any respect whatsoever.
The only channel is AppleCare, and not front-line AppleCare, but
Apple's server and enterprise support channels. Or, possibly your
account's SE. Had you tried either channel? If you did, unless you
had horribly bad luck, this problem already would have been solved,
as Apple was internally aware of the issue almost immediately.
For what it's worth, further, this issue doesn't affect all Mac OS X
Server systems. For instance, I have two servers running the Mac OS X
Server ftp services that were not affected, because of the way they
were configured. So it wasn't a guarantee that the service would
break, either. Again, this isn't an excuse for the QA lapse on the
installer. But these things happen, and, to be truthful, FTP is
definitely not the most used or the highest testing priority service
for Apple on Mac OS X Server. That, again, does not excuse the lapse
or diminish your problem; I'm simply stating a fact.
I think the takeaway for people from this situation, hopefully, is
that AppleCare (again, AppleCare support specific to Mac OS X Server)
is the proper support channel for such problems, because problems and
mistakes WILL happen. Apple is not immune any more than Sun, IBM, Red
Hat, or Microsoft, and they've all had doozies.
- Dave
On Apr 25, 2007, at 6:17 PM, Roy Mendelssohn wrote:
Some of the Mac plist are stored in binary, This one is not - I
didn't check it first to see if I it was text of binary. I know
perfectly well how to do the things you mentioned. In fact, I know
perfectly well how to waste hours of 3 very long days writing
kludges to keep our data flows going because all the scripts people
used to send or get data to/from us were broken. This included the
ftp server not recognizing the alternative ftproot we had set up,
to changing where logins went to by default to changing whether
there were links in home directories to the correct ftproot to
setting permissions incorrectly for files put in the outgoing
directory for people to upload. The server was essentially
ignoring information in the ftpaccess file, so no matter how that
was edited there were no changes in the problems. Command line
changes also didn't help.
When you are dealing with 1000's of files during a day and 20-30
providers/users all of whom are seeing what had been working break
in different ways and I am trying to solve them all on several
servers, I can only apologize that I didn't check to see if the
plist was a binary or a text file.
I purposely waited several day's before applying the security
update - there was nothing posted that there was a problem. It
pretty much totally fried our FTP services. I was here 14 hours
per day trying to fix it. I am still working on trying to recover
the data we lost.
The quality control on this release must have been close to zero,
because if they had applied their own installer to a system running
any kind of ftp service they would have noted the problem
immediately.
I am sorry - you can put down my capabilities all you want but I
still find Apple's response to all of this unacceptable.
My $0.02.
-Roy M.
On Apr 25, 2007, at 3:44 PM, Dave Schroeder wrote:
People who "aren't familiar" with how to navigate to a simple path
on a UNIX system, and edit a file, should not be running servers...
- Dave
On Apr 25, 2007, at 1:18 PM, Michael Pike wrote:
Good ol' Macintouch! Anyhow, I wrote an installer / patcher that
will fix this on OS X Server if anyone wants it. It will not
allow me
to attach here, email off list if you need it. Click once, enter
admin PW, reboot, fixed.
A lot easier than navigating and finding the .plist file if you
aren't
familar with where they are.
mike
On 4/25/07, Roy Mendelssohn <email@hidden> wrote:
Ok - I am dumb - how do I put that into a plist file. And why
hasn't
anyone from Apple responded. I have wasted 3 full days dealing
with
the fact that our ftp servers were toasted. The silence was
deafening. Would one of the Apple people on this list please have
the gumption to give an actual response.
-Roy M.
On Apr 25, 2007, at 10:44 AM, Rich Trouton wrote:
It looks like Macintouch has the explanation for this in its
latest
reader reports: http://www.macintouch.com/readerreports/security/
index.html#apr25
See Guillaume Gete's entry.
Thanks,
Rich
On Apr 24, 2007, at 12:09 PM, Roy Mendelssohn wrote:
The security update has broken most of my ftp services. A
system
that was working fine is now broken. It does not automatically
recognize where the new FTPRoot is, anonymous can nor
download from
directories where they use to be able to (permission denied)
and
when I change settings using the GUI, no new settings occur.
Something has been severely broken in this change. Can someone
knowledgeable from Apple please give me a call. We provide
data to a
lot of people and this has broken ftp on 3 different servers
with 3
different configurations.
Thanks,
-Roy M,
**********************
"The contents of this message do not reflect any position of
the U.S.
Government or NOAA."
**********************
Roy Mendelssohn
Supervisory Operations Research Analyst
NOAA/NMFS
Environmental Research Division
Southwest Fisheries Science Center
1352 Lighthouse Avenue
Pacific Grove, CA 93950-2097
e-mail: email@hidden (Note new e-mail address)
voice: (831)-648-9029
fax: (831)-648-8440
www: http://www.pfeg.noaa.gov/
"Old age and treachery will overcome youth and skill."
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40mail.nih.gov
This email sent to email@hidden
---
Rich Trouton (Contractor)
LAN Support
email@hidden
-----------------------------------------------------------
National Human Genome Research Institute
National Institutes of Health — Bethesda, MD
Office number:
(240) 643-7816
NHGRI LAN Support number:
(301) 402-7408
The best way to get in touch with me is through email.
**********************
"The contents of this message do not reflect any position of the
U.S.
Government or NOAA."
**********************
Roy Mendelssohn
Supervisory Operations Research Analyst
NOAA/NMFS
Environmental Research Division
Southwest Fisheries Science Center
1352 Lighthouse Avenue
Pacific Grove, CA 93950-2097
e-mail: email@hidden (Note new e-mail address)
voice: (831)-648-9029
fax: (831)-648-8440
www: http://www.pfeg.noaa.gov/
"Old age and treachery will overcome youth and skill."
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40gmail.com
This email sent to email@hidden
--
Michael Pike
iChat/AIM: email@hidden
Jabber / GoogleTalk: email@hidden
Windows Live Messenger: email@hidden
Yahoo Messenger: email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40noaa.gov
This email sent to email@hidden
**********************
"The contents of this message do not reflect any position of the
U.S. Government or NOAA."
**********************
Roy Mendelssohn
Supervisory Operations Research Analyst
NOAA/NMFS
Environmental Research Division
Southwest Fisheries Science Center
1352 Lighthouse Avenue
Pacific Grove, CA 93950-2097
e-mail: email@hidden (Note new e-mail address)
voice: (831)-648-9029
fax: (831)-648-8440
www: http://www.pfeg.noaa.gov/
"Old age and treachery will overcome youth and skill."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2380 bytes
Desc: not available
Url : http://lists.apple.com/mailman/private/fed-talk/attachments/
20070425/cff3b424/smime.bin
------------------------------
_______________________________________________
Fed-talk mailing list
email@hidden
http://lists.apple.com/mailman/listinfo/fed-talk
End of Fed-talk Digest, Vol 4, Issue 104
****************************************