Wednesday, May 31, 2017

Verbier Running


Behind every great Boxer is a good trainer and a good sparring partner.

And accordingly Agata and Marcus maintain a free to friends, we can take you for a long run or cycle service.  In the process we will try to exhaust you.  It works like this.

We'll make a route for you, in this case the end of the race, onto our GPS smartwatches
You turn up and think, these two, surely I'm going to leave them in the dust
We just keep going
You then think "Must train harder"

And so Heather invited us to Verbier where she will be attempting the Trail Verbier St Bernard.  Now both Marcus and Agata have run this already whereas Heather has not so we had the psychological advantage.


We arrived to Verbier in the Heather Mad Max mobile as I would name it.   It's a Hybrid vehicle, but given the thing is large, as aerodynamic as a brick, has a loud wind dragging roof rack, weighs a lot, well the Hybrid technology can only offset so much right?

(Note to everybody: A small light car will always be more economical.  It's just Physics)



Verbier is very posh and to show you what I mean, this is the toilet in the car park.  Really posh, and of course spotless.


 We begged Heather to come equipped with her Verbier race rucksack.  Marcus and Agata will do a 100Km plus race in England presently.  We came with our preferred Race sacks.   Heather has yet to buy her.   Come on H!  Preparation next time :-)




 It was over 20 degrees.  Whilst there is snow in the background it is disappearing fast.





 The obligatory Marcus and Agata smiling photograph.  Why, because we are of course blissfully happy in each others company.  That is how it should be in a relationship, right?





 We came to a large station.  All the lifts were closed.  Very unusual.  Must be a Half term glitch or something.  Why?  Because don't forget in the summer season all the lifts are open to hikers.  In fact, many resorts earn as much in the Summer season as they do for the Winter Snow.  Today though, all is closed.



 Not too bad a view, eh?



Heather is a good runner, she is going to blitz the run in early July



As ever, Marcus and Agata had a wonderful time, we visited Verbier which is clean, tidy and posh.  We ran in the mountains.   We did not lose Heather or have her fall down a mountain.   We all finished the day smiling, exercised and ready for more.

Life as it should be.

Happy.

Monday, May 29, 2017

Asus: The Edge of Beyond




Subtitle: ASUS endangers the second hand price of your laptop


Marcus and Agata are of course subscribed to the global ASUS YouTube channel and so we viewed the live Computex 2017 feed from chairman Jonney Shih as he presented the latest in an astonishingly competent line of new Laptops.

ASUS Fans

For some years Marcus has been an admirer of this Taiwanese brand, delivering, well extreme bang for the buck.

Going back inhistory it was thought that charitable initiatives like OLPC might deliver portable computing power to the 3rd world or places where disposable incomes are less than modest.


Instead, in 2017 it seems that Global competition and modern manufacturing are pushing down the prices. Indeed, the prices I report below mean that the second hand resale value of your current laptop has just hit the bricks.


I feel that ASUS more than any other manufacturer I can think of (the antithesis being Apple of course) has done more to put affordable technology, with quality build and relevant features into the marketplace.


ASUS VivoBook S S510 UQ15.6" 500+ USD



ASUS VivoBook Pro N580VD 800+ USD


Asus Zenbook Flip S  UX370UA 13.3" 1100+  USD



ASUS Zenbook 3 Deluxe UX490UA 14" 1200+ USD



ASUS Zenbook Pro UX550VD/ VE 15" 1300+ USD




Please check the above links to goto the official Web page for each model.


So, note that the prices above are for the base model in the range, so the higher spec models will cost more. But even so the above represents  disruptionary pricing.


What possible justification can you now have for choosing, well Apple, ever?



The Announcement videos


Asus Press Highlights 8 minutes




Full ASUS press event 41 minutes





In other ASUS news

ASUS X299 STRIX

Living in Privileged Times


Clean Bandit: 2017 BBC Radio 1 Big Weekend

(20170530 Update due to YouTube violations!!)

Who would have thought that in 2017 I and anybody with an Internet connection can watch the entirety of the BBC Radio 1 Big Weekend concert.

In High Video Definition

On demand anytime

Absolutely Free

To Marcus, and many other old-times connected to the Internet since the early 1980's, we have seen some changes.



But such quality, and delivered free.   I still have to pinch myself that it is possible.


http://www.bbc.co.uk/iplayer/group/p053dvr6








We live in Privileged Times 





Zara Larsson: 2017 BBC Radio 1 Big Weekend


Galantis: 2017 BBC Radio 1 Big Weekend

Sunday, May 28, 2017

State of the Artist




The Script: Hall of Fame



From personal experience Marcus and Agata can relate an unusual experience from last week.

We were extravagant!

This post is one regarding Perfection, Being the Best or Owning the Best, something that many of us strive for.  Indeed during our formative years it's quite natural for our parents to encourage us to 

Be the best in your chosen field of endeavor

Actually I feel sorry for any of my peers who were merely encouraged to be mediocre

Not Having but Owning

The main issue with 'Being the Best' is that there is very limited scope for achievement, particularly in this Global world where the Internet makes it so easy to see that you are not the best for example: Mathematician,  Physicist, Footballer or Logician.

Therefore most of us settle for owning something however small and particular that is really the best.

It might be something so small like, drinking the very best tea, or wearing the most exclusive and comfortable business shoes, or something larger like owning the fastest car in town or the biggest house.


We did it too :-)
So yes, Marcus and Agata did it too.   Last week we ordered and this week we received our new GPS Sport Watches!   Yes I know, hardly an earth shattering purchase, but we confidently state that our new, and identical his and hers watches are the very best that planet earth can provide in 2017 to meet our sporting needs being it Triathlon,  Trail Running or in our case Ultra distance activities.

Indeed, after the fact Marcus surmised that this was one of the most economical 'Best in the Planet' purchases, especially after we just watched the Channel 4 programme: World's Most Expensive Cars

Episode 3: Ferrari Spyder & 2 Maseratis



And SO

We openly ask.  What did you buy for yourself or a loved one:  Something that was State of the Art,  something that was perhaps the best that this world could offer you in 2017, given your tastes and preferences.

It might be something that you enjoy privately or exhibit to friends or the world in general to show everybody what kind of person you are.

What was it, and why?

Sunday Sermon: Behold I am coming soon



We believe in one Lord, Jesus Christ,
the only Son of God,
eternally begotten of the Father,
God from God, Light from Light,
true God from true God,
begotten, not made,
of one Being with the Father.
Through him all things were made.
For us and for our salvation
he came down from heaven:
by the power of the Holy Spirit
he became incarnate from the Virgin Mary,
and was made man.
For our sake he was crucified under Pontius Pilate;
he suffered death and was buried.
On the third day he rose again
in accordance with the Scriptures;
he ascended into heaven
and is seated at the right hand of the Father.
He will come again in glory to judge the living and the dead,
and his kingdom will have no end.


Marcus was thoughtfully running around our local running track and got into conversation with somebody about one of my favourite subjects:  Religion

My victim, sorry I mean running partner was disputing the return of Jesus Christ.  She said, he had already appeared to the disciples i.e. the resurrection and that's an end to it.

Since we are just past May 25, 2017 which is Ascension day here in Switzerland and a National Holiday I thought this was a good topic for conversation.

First note the above Nicene Creed  which is a chant that Christians including Marcus the forcefully indoctrinated child was made to repeat in his youth

He will come again in glory to judge the living and the dead,
and his kingdom will have no end.


So I'd state for the record that Christianity is expecting a return of Jesus, to all of us, not just the apostles 2000 years ago.  All we have to decide is when.

Not If but When
The biggest problem with End times predictions is that when they fail it really begins threatens to make turn the faithful into the faithless or certainly lead them into some form of doubt and skepticism.

As such most modern religious interpretations of 'End Times' don't fix a near date on the return of Jesus et al.

Wikipedia retains a pretty good article on 




What does the Bible Say?
Whilst scholars and apologetics  try to weasel out of an imminent second coming it's always instructive to jump right back to biblical verses to see where these opinions are grounded.  So in no particular order:

Matthew 16:28
I tell you the truth, some who are standing here will not taste death before they see the Son of Man coming in his kingdom.


Mark 9:1
And he said to them, "I tell you the truth, some who are standing here will not taste death before they see the kingdom of God come with power.

Luke 9:27
I tell you the truth, some who are standing here will not taste death before they see the kingdom of God

Mark 1:14
The time is fulfilled, and the kingdom of God is at hand: repent ye, and believe the gospel.

Corinthians  15:51
Behold, I shew you a mystery; We shall not all sleep, but we shall all be changed,
In a moment, in the twinkling of an eye, at the last trump: for the trumpet shall sound, and the dead shall be raised incorruptible, and we shall be changed. 1 Corinthians 

James 5:1
Be ye also patient; stablish your hearts: for the coming of the Lord draweth nigh.
Grudge not one against another, brethren, lest ye be condemned: behold, the judge standeth before the door.

Revelation 22:12
"Look, I am coming soon! My reward is with me, and I will give to each person according to what they have done.


I'm only quoting just a few references from the Bible, lets just say the summary is

- Reports of what Jesus actually said by Matthew, Mark and Luke state that the second coming would be in their lifetime

- Following that, the actions of the Apostles clearly showed they expected a return in their lifetime


Marcus Comments
Unfortunately one can never rationalise somebody out of their faith.  But I would say

- Mainstream Christianity via Bible text makes reference to a second coming and the clearest biblical dialogs suggest it would be in or around the time of the Apostles

- The clear problem with Christianity and in fact all other religions is that the story that they tell is one from hundreds and in the case of Christianity Thousands of years ago. Standards of journalism and accuracy  are necessarily lacking and incomplete

- Further, all of this information is now in the form of a one way dialog based on trust on writings written at a time when people had no understanding of even the basics of morality, science or how the world or universe was created.

In the last 100 years the world has suffered mass murder on a scale unimaginable, yet not a single God, and in particular the Christian God and Jesus has seen fit to come back and make things right.

A one way dialog, based on ancient writings,  written decades after the actual events, sometimes contradictory, is just not good enough God.   Bertrand Russell said it more succinctly:

Not enough evidence, God! Not enough evidence!






Bertrand Russell: Christianity




Links
http://kirbyhopper.com/were-jesus-and-apostles-mistaken-about-jesus-soon-return/

https://blacknonbelievers.wordpress.com/jesus-failed-prophecy-about-his-return/

http://www.patheos.com/blogs/markshea/2012/02/did-jesus-say-the-second-coming-would-happen-in-the-apostles-lifetime.html

http://www.revelation.co/2008/09/29/didnt-jesus-say-he-would-return-while-disciples-were-still-alive/

http://www.creation-science-prophecy.com/prophet.htm

http://www.gospel-mysteries.net/second-coming.html

Why I am not a Christian by Bertrand Russell

What kind of God requires faith instead of evidence










Friday, May 26, 2017

Garmin 735XT Athlete Watch Review



Subtitle: More Watch than most Athletes will ever need


Intro
This is a review and overview of the Garmin 735 XT fitness watch. I'm going to point to my experiences with the watch and also give a quick summary overview of the Sports watch marketplace.

Why Garmin?
Most Athletes or sports people will already be using a fitness watch.  So the reason to go Garmin today is usually because you are already embedded into their ecosystem.

In the early days, and I'm talking 20 plus years ago; Garmin was more the choice of the US military and as portable GPS evolved with early mapping in the late 1990's that of the hiker/ explorer  community too.



Today my Garmin 735 XT watch represents the culmination of years of fine tweaking and enhancement of the GPS sports watch. Including

 - A single web interface where you can look at your individual run/cycle/ other statistics, and dive in for a deeper view of each event

- A watch that contains so many functions and can support so many sports, for example Stand Up Paddle (SUP),  Running, Cycling, Hiking, Cross Country Skiing, Triathlon etcetera you will be totally blown away

- It recharges so fast that after an activity, when I of course head to the shower, by the time I'm out, dried and changed, the battery is normally back to 100%.  Simply astonishing

- Totally customisable screens for each activity.  Example: I can decide on my running activity how many screens to show, how many items on each screen, and what they are.

- Support for Routes.  Means I can simply take a .gpx file downloaded for a race route  and drag it onto the filesystem of the watch when connected to my PC.  Then its a route I can use

- Accuracy: This watch actually records things correctly.  See my Apple Watch critique below

- Tough: Generally dustproof, reliable, tough and spare straps are available from Garmin or ebay

- Integrated HRM.  No need for that chest strap and Heart Rate Monitoring is on 24x7 so you can look at your metrics outside of any activity as well as within

- Activity Monitoring: This measures steps and sleeping and the type of sleeping.  Now you don't need to wear a separate fitness tracker

- Light: At 41 grams, this is a Sports watch, with upto a 12 hour activity life, with GPS and Heart Rate Monitoring.  Incredible.


Many Functions

The definitive review is from DC Rainmaker of course and I've extracted some specs for the 735XT below

https://www.dcrainmaker.com/2016/06/garmin-forerunner-735xt-in-depth-review.html





It is really doubtful that you will use even a fraction of these facilities!






DCR 735 XT review


Applications, Data Fields, Watch Faces and Widgets
The 735XT supports the modern, 2017 Garmin Smartwatch infrastructure.


Applications
Running is a builtin Garmin Application.  Garmin has a programming interface so developers can write alternative apps e.g. Find My Car, or Stopwatch


Data Fields


Example: The Running app has screen containing data fields from Garmin like Time, Distance.   You can add a data field from a developer then use it in any application.

Watch Faces
Replacement Watch Faces used when in watch mode.  A watch face is a special example of a Widget in that it runs at the top level of the watch, outside of any specific activity application like running.


Widgets
Top level applications that run concurrently with the main Clock application.  You can scroll thru your installed widgets


Note that the above photos represent a small selection of the available items, click on the links for the full listing.


Some Photos







So it is just a watch, but to me one hell of a watch



Garmin Alternatives

- For lesser money you can choose a more restricted Garmin Forerunner 230  This will allow you to record runs and hikes but you can't customise the screens so well and there is no routing  (so you can't download a race course .gpx file and use this whilst in a trail race for example to stop you getting lost).   So it's a more basic product, looking very similar, with a lower price tag.

- Garmin Fenix 5 in its many variants S, normal and X sizes, is a more capable product.  But at a higher price point and a much larger weight from 67 to 98 grams.  To Marcus a heavy Sports watch is irritating, it does not sit comfortably and the Fenix 5 ranges are also thicker, so if you wear them in the office they might not actually fit under a Business shirt cuff.   I'd really try it out before you buy!

- Garmin 935.  Better than the 735 XT in every way.   But it's slightly fatter and more expensive.   If you don't need the longer battery life for a race that exceeds 12 hours then the business case is not so strong.   However if money is no object then by all means knock yourself out, the 935 is actually superior.


Please not the Apple Watch
If ever you see an athlete competing using an Apple watch, then I suggest it says
a) Apple is paying me to wear this watch
b) I'm really a bit of an amateur or a professional who is basically an idiot

Apple had the opportunity to completely wipe out the professional GPS Smartwatch market.  It could so easily have buried Garmin, Suunto, TomTom but by releasing a product who sports tracking capabilities were less than mediocre it is practically a laughing stock for athletes, well, and not exactly on top of its game in others either.





Apple Watch Series 2 for Athletes


To Summarise
The Garmin 735 XT is one hell of a GPS smartwatch.  For races of less than 10 hours it works fantastically.  It can serve many different functions not just running, swimming, cycling, but so many more.  It's tough and at only 41 grams you won't even notice it on your wrist.  Finally it tracks your steps and sleeping so you don't need a separate activity monitor.

Unravelling SambaCry




Subtitle:  Hold on Smug Linux Users!

Marcus did report on the Windows WannaCry ransomware that became famous just a week or so ago.

We wrote this  (and also this )

https://majzel.blogspot.com/2017/05/wannacry-ransomware.html

At the time the Internet was also awash with many smug Linux users patting themselves of the back saying:  Linux is so secure.  So today it's rather comical that whilst doing some due diligence I noticed  this 

Samba Security Notice CVE-2017-7494

https://www.samba.org/samba/security/CVE-2017-7494.html

Here is the gist of it:

All versions of Samba on Linux from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.



Basically as far as I can see the issue is

a) malicious Windows client uploads a shared library that if executed will damage or compromise  system
b) server executes shared library on Linux via the IPC$ windows share mechanism


In the Windows world the tool that would perform the remote execution magic is called  Sysinternals PSEXEC

Now, using my Linux 16.04 system with Samba 4.3.11 I was totally unable to compromise my system.  I tried from a latest psexec.exe windows driver.   Nope.   All was good.

From Googling apparently the tool that can is a the Metasploit penetration test software where somebody writes a line in their meta language like this


simple.create_pipe("/path/to/target.shared.object")

I don't have Metasploit installed on my testing system so cannot verify but let see what the proposed fixes are anyway



01 Patch your main Linux Samba config file

Patch global section of smb.conf with
nt pipe support = no

# This boolean parameter controls whether smbd(8) will allow Windows NT clients to connect to the NT SMB specific IPC$ pipes.



vi /etc/samba/smb.conf    #make above changes

#restart samba
# ps -ef | grep smb
root     31960     1  0 19:31 ?        00:00:00 /usr/sbin/smbd -D
root     31961 31960  0 19:31 ?        00:00:00 /usr/sbin/smbd -D
root     31965 31960  0 19:31 ?        00:00:00 /usr/sbin/smbd -D
root     32174 27604  0 19:35 pts/1    00:00:00 grep smb
# service smbd restart
# ps -ef | grep smb
root     32214     1  0 19:35 ?        00:00:00 /usr/sbin/smbd -D
root     32215 32214  0 19:35 ?        00:00:00 /usr/sbin/smbd -D
root     32217 32214  0 19:35 ?        00:00:00 /usr/sbin/smbd -D
root     32223 27604  0 19:35 pts/1    00:00:00 grep smb


02 Upgrade the Samba Binaries if a fix is available

My worked example is from one of my trusted servers based on a Ubuntu Linux 16.04 base

# Update the package list database

# apt-get update
Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [102 kB]
Hit:2 http://archive.canonical.com/ubuntu xenial InRelease
Hit:3 http://archive.ubuntu.com/ubuntu xenial InRelease
Get:4 http://archive.ubuntu.com/ubuntu xenial-updates InRelease [102 kB]
Get:5 http://archive.ubuntu.com/ubuntu xenial-backports InRelease [102 kB]
Ign:6 http://packages.linuxmint.com serena InRelease
Hit:7 http://packages.linuxmint.com serena Release
Get:8 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages [544 kB]
Get:9 http://archive.ubuntu.com/ubuntu xenial-updates/main i386 Packages [528 kB]
Get:10 http://archive.ubuntu.com/ubuntu xenial-updates/universe amd64 Packages [469 kB]
Get:11 http://archive.ubuntu.com/ubuntu xenial-updates/universe i386 Packages [454 kB]
Fetched 2'301 kB in 1s (1'443 kB/s)
Reading package lists... Done

# can I upgrade Samba now?

# apt-cache policy samba
samba:
  Installed: 2:4.3.11+dfsg-0ubuntu0.16.04.6
  Candidate: 2:4.3.11+dfsg-0ubuntu0.16.04.7
  Version table:
     2:4.3.11+dfsg-0ubuntu0.16.04.7 500
        500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
 *** 2:4.3.11+dfsg-0ubuntu0.16.04.6 100
        100 /var/lib/dpkg/status
     2:4.3.8+dfsg-0ubuntu1 500
        500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages


# lets check the Web to see if the update might fix this problem



https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7494.html

Well that is lucky then, since  the package database knows about  Candidate: 2:4.3.11+dfsg-0ubuntu0.16.04.7  and that will fix the issue


# Simulate the upgrade, because Marcus is that paranoid

# apt-get --simulate --verbose-versions upgrade samba
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
   gir1.2-nmgtk-1.0 (1.2.6-0ubuntu0.16.04.2 => 1.2.6-0ubuntu0.16.04.3)
   iproute (1:4.3.0-1ubuntu3 => 1:4.3.0-1ubuntu3.16.04.1)
   iproute2 (4.3.0-1ubuntu3 => 4.3.0-1ubuntu3.16.04.1)
   libjasper1 (1.900.1-debian1-2.4ubuntu1 => 1.900.1-debian1-2.4ubuntu1.1)
   libjbig2dec0 (0.12+20150918-1 => 0.12+20150918-1ubuntu0.1)
   libminiupnpc10 (1.9.20140610-2ubuntu2 => 1.9.20140610-2ubuntu2.16.04.1)
   libnm-gtk-common (1.2.6-0ubuntu0.16.04.2 => 1.2.6-0ubuntu0.16.04.3)
   libnm-gtk0 (1.2.6-0ubuntu0.16.04.2 => 1.2.6-0ubuntu0.16.04.3)
   libnma-common (1.2.6-0ubuntu0.16.04.2 => 1.2.6-0ubuntu0.16.04.3)
   libnma0 (1.2.6-0ubuntu0.16.04.2 => 1.2.6-0ubuntu0.16.04.3)
   libservlet3.1-java (8.0.32-1ubuntu1.3 => 8.0.32-1ubuntu1.4)
   libsmbclient (2:4.3.11+dfsg-0ubuntu0.16.04.6 => 2:4.3.11+dfsg-0ubuntu0.16.04.7)
   libwbclient0 (2:4.3.11+dfsg-0ubuntu0.16.04.6 => 2:4.3.11+dfsg-0ubuntu0.16.04.7)
   mint-mirrors (1.1.5 => 1.1.6)
   network-manager-gnome (1.2.6-0ubuntu0.16.04.2 => 1.2.6-0ubuntu0.16.04.3)
   python-samba (2:4.3.11+dfsg-0ubuntu0.16.04.6 => 2:4.3.11+dfsg-0ubuntu0.16.04.7)
   samba (2:4.3.11+dfsg-0ubuntu0.16.04.6 => 2:4.3.11+dfsg-0ubuntu0.16.04.7)
   samba-common (2:4.3.11+dfsg-0ubuntu0.16.04.6 => 2:4.3.11+dfsg-0ubuntu0.16.04.7)
   samba-common-bin (2:4.3.11+dfsg-0ubuntu0.16.04.6 => 2:4.3.11+dfsg-0ubuntu0.16.04.7)
   samba-libs (2:4.3.11+dfsg-0ubuntu0.16.04.6 => 2:4.3.11+dfsg-0ubuntu0.16.04.7)
   smbclient (2:4.3.11+dfsg-0ubuntu0.16.04.6 => 2:4.3.11+dfsg-0ubuntu0.16.04.7)
   vino (3.8.1-0ubuntu9.1 => 3.8.1-0ubuntu9.2)
22 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Inst python-samba [2:4.3.11+dfsg-0ubuntu0.16.04.6] (2:4.3.11+dfsg-0ubuntu0.16.04.7 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64]) []
Inst samba [2:4.3.11+dfsg-0ubuntu0.16.04.6] (2:4.3.11+dfsg-0ubuntu0.16.04.7 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64]) []
Inst samba-common-bin [2:4.3.11+dfsg-0ubuntu0.16.04.6] (2:4.3.11+dfsg-0ubuntu0.16.04.7 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64]) []
Inst smbclient [2:4.3.11+dfsg-0ubuntu0.16.04.6] (2:4.3.11+dfsg-0ubuntu0.16.04.7 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64]) []
Inst samba-libs [2:4.3.11+dfsg-0ubuntu0.16.04.6] (2:4.3.11+dfsg-0ubuntu0.16.04.7 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64]) [libsmbclient:amd64 ]
Inst libwbclient0 [2:4.3.11+dfsg-0ubuntu0.16.04.6] (2:4.3.11+dfsg-0ubuntu0.16.04.7 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64]) [libsmbclient:amd64 ]
Inst libsmbclient [2:4.3.11+dfsg-0ubuntu0.16.04.6] (2:4.3.11+dfsg-0ubuntu0.16.04.7 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64]) []
Inst samba-common [2:4.3.11+dfsg-0ubuntu0.16.04.6] (2:4.3.11+dfsg-0ubuntu0.16.04.7 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [all])
Inst iproute2 [4.3.0-1ubuntu3] (4.3.0-1ubuntu3.16.04.1 Ubuntu:16.04/xenial-updates [amd64])
Inst libnm-gtk0 [1.2.6-0ubuntu0.16.04.2] (1.2.6-0ubuntu0.16.04.3 Ubuntu:16.04/xenial-updates [amd64]) []
Inst libnm-gtk-common [1.2.6-0ubuntu0.16.04.2] (1.2.6-0ubuntu0.16.04.3 Ubuntu:16.04/xenial-updates [all])
Inst gir1.2-nmgtk-1.0 [1.2.6-0ubuntu0.16.04.2] (1.2.6-0ubuntu0.16.04.3 Ubuntu:16.04/xenial-updates [amd64])
Inst iproute [1:4.3.0-1ubuntu3] (1:4.3.0-1ubuntu3.16.04.1 Ubuntu:16.04/xenial-updates [all])
Inst libjasper1 [1.900.1-debian1-2.4ubuntu1] (1.900.1-debian1-2.4ubuntu1.1 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Inst libjbig2dec0 [0.12+20150918-1] (0.12+20150918-1ubuntu0.1 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Inst libminiupnpc10 [1.9.20140610-2ubuntu2] (1.9.20140610-2ubuntu2.16.04.1 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Inst network-manager-gnome [1.2.6-0ubuntu0.16.04.2] (1.2.6-0ubuntu0.16.04.3 Ubuntu:16.04/xenial-updates [amd64]) []
Inst libnma0 [1.2.6-0ubuntu0.16.04.2] (1.2.6-0ubuntu0.16.04.3 Ubuntu:16.04/xenial-updates [amd64]) []
Inst libnma-common [1.2.6-0ubuntu0.16.04.2] (1.2.6-0ubuntu0.16.04.3 Ubuntu:16.04/xenial-updates [all])
Inst libservlet3.1-java [8.0.32-1ubuntu1.3] (8.0.32-1ubuntu1.4 Ubuntu:16.04/xenial-updates [all])
Inst mint-mirrors [1.1.5] (1.1.6 linuxmint:18.1/serena [all])
Inst vino [3.8.1-0ubuntu9.1] (3.8.1-0ubuntu9.2 Ubuntu:16.04/xenial-updates [amd64])
Conf libwbclient0 (2:4.3.11+dfsg-0ubuntu0.16.04.7 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Conf samba-libs (2:4.3.11+dfsg-0ubuntu0.16.04.7 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Conf python-samba (2:4.3.11+dfsg-0ubuntu0.16.04.7 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Conf samba-common (2:4.3.11+dfsg-0ubuntu0.16.04.7 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [all])
Conf samba-common-bin (2:4.3.11+dfsg-0ubuntu0.16.04.7 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Conf samba (2:4.3.11+dfsg-0ubuntu0.16.04.7 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Conf libsmbclient (2:4.3.11+dfsg-0ubuntu0.16.04.7 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Conf smbclient (2:4.3.11+dfsg-0ubuntu0.16.04.7 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Conf iproute2 (4.3.0-1ubuntu3.16.04.1 Ubuntu:16.04/xenial-updates [amd64])
Conf libnm-gtk-common (1.2.6-0ubuntu0.16.04.3 Ubuntu:16.04/xenial-updates [all])
Conf libnm-gtk0 (1.2.6-0ubuntu0.16.04.3 Ubuntu:16.04/xenial-updates [amd64])
Conf gir1.2-nmgtk-1.0 (1.2.6-0ubuntu0.16.04.3 Ubuntu:16.04/xenial-updates [amd64])
Conf iproute (1:4.3.0-1ubuntu3.16.04.1 Ubuntu:16.04/xenial-updates [all])
Conf libjasper1 (1.900.1-debian1-2.4ubuntu1.1 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Conf libjbig2dec0 (0.12+20150918-1ubuntu0.1 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Conf libminiupnpc10 (1.9.20140610-2ubuntu2.16.04.1 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Conf libnma-common (1.2.6-0ubuntu0.16.04.3 Ubuntu:16.04/xenial-updates [all])
Conf libnma0 (1.2.6-0ubuntu0.16.04.3 Ubuntu:16.04/xenial-updates [amd64])
Conf network-manager-gnome (1.2.6-0ubuntu0.16.04.3 Ubuntu:16.04/xenial-updates [amd64])
Conf libservlet3.1-java (8.0.32-1ubuntu1.4 Ubuntu:16.04/xenial-updates [all])
Conf mint-mirrors (1.1.6 linuxmint:18.1/serena [all])
Conf vino (3.8.1-0ubuntu9.2 Ubuntu:16.04/xenial-updates [amd64])

# Looks good, so do the upgrade

apt-get  --verbose-versions upgrade samba
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
   gir1.2-nmgtk-1.0 (1.2.6-0ubuntu0.16.04.2 => 1.2.6-0ubuntu0.16.04.3)
   iproute (1:4.3.0-1ubuntu3 => 1:4.3.0-1ubuntu3.16.04.1)
   iproute2 (4.3.0-1ubuntu3 => 4.3.0-1ubuntu3.16.04.1)
   libjasper1 (1.900.1-debian1-2.4ubuntu1 => 1.900.1-debian1-2.4ubuntu1.1)
   libjbig2dec0 (0.12+20150918-1 => 0.12+20150918-1ubuntu0.1)
   libminiupnpc10 (1.9.20140610-2ubuntu2 => 1.9.20140610-2ubuntu2.16.04.1)
   libnm-gtk-common (1.2.6-0ubuntu0.16.04.2 => 1.2.6-0ubuntu0.16.04.3)
   libnm-gtk0 (1.2.6-0ubuntu0.16.04.2 => 1.2.6-0ubuntu0.16.04.3)
   libnma-common (1.2.6-0ubuntu0.16.04.2 => 1.2.6-0ubuntu0.16.04.3)
   libnma0 (1.2.6-0ubuntu0.16.04.2 => 1.2.6-0ubuntu0.16.04.3)
   libservlet3.1-java (8.0.32-1ubuntu1.3 => 8.0.32-1ubuntu1.4)
   libsmbclient (2:4.3.11+dfsg-0ubuntu0.16.04.6 => 2:4.3.11+dfsg-0ubuntu0.16.04.7)
   libwbclient0 (2:4.3.11+dfsg-0ubuntu0.16.04.6 => 2:4.3.11+dfsg-0ubuntu0.16.04.7)
   mint-mirrors (1.1.5 => 1.1.6)
   network-manager-gnome (1.2.6-0ubuntu0.16.04.2 => 1.2.6-0ubuntu0.16.04.3)
   python-samba (2:4.3.11+dfsg-0ubuntu0.16.04.6 => 2:4.3.11+dfsg-0ubuntu0.16.04.7)
   samba (2:4.3.11+dfsg-0ubuntu0.16.04.6 => 2:4.3.11+dfsg-0ubuntu0.16.04.7)
   samba-common (2:4.3.11+dfsg-0ubuntu0.16.04.6 => 2:4.3.11+dfsg-0ubuntu0.16.04.7)
   samba-common-bin (2:4.3.11+dfsg-0ubuntu0.16.04.6 => 2:4.3.11+dfsg-0ubuntu0.16.04.7)
   samba-libs (2:4.3.11+dfsg-0ubuntu0.16.04.6 => 2:4.3.11+dfsg-0ubuntu0.16.04.7)
   smbclient (2:4.3.11+dfsg-0ubuntu0.16.04.6 => 2:4.3.11+dfsg-0ubuntu0.16.04.7)
   vino (3.8.1-0ubuntu9.1 => 3.8.1-0ubuntu9.2)
22 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 9'833 kB of archives.
After this operation, 1'024 B disk space will be freed.
Do you want to continue? [Y/n] y
Get:1 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 python-samba amd64 2:4.3.11+dfsg-0ubuntu0.16.04.7 [1'062 kB]
Get:2 http://packages.linuxmint.com serena/main amd64 mint-mirrors all 1.1.6 [4'634 B]
Get:3 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 samba amd64 2:4.3.11+dfsg-0ubuntu0.16.04.7 [912 kB]
Get:4 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 samba-common-bin amd64 2:4.3.11+dfsg-0ubuntu0.16.04.7 [506 kB]
Get:5 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 smbclient amd64 2:4.3.11+dfsg-0ubuntu0.16.04.7 [311 kB]
Get:6 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 samba-libs amd64 2:4.3.11+dfsg-0ubuntu0.16.04.7 [5'163 kB]
Get:7 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libwbclient0 amd64 2:4.3.11+dfsg-0ubuntu0.16.04.7 [30.4 kB]
Get:8 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libsmbclient amd64 2:4.3.11+dfsg-0ubuntu0.16.04.7 [53.2 kB]
Get:9 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 samba-common all 2:4.3.11+dfsg-0ubuntu0.16.04.7 [83.6 kB]
Get:10 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 iproute2 amd64 4.3.0-1ubuntu3.16.04.1 [522 kB]
Get:11 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libnm-gtk0 amd64 1.2.6-0ubuntu0.16.04.3 [70.3 kB]
Get:12 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libnm-gtk-common all 1.2.6-0ubuntu0.16.04.3 [5'662 B]
Get:13 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 gir1.2-nmgtk-1.0 amd64 1.2.6-0ubuntu0.16.04.3 [4'862 B]
Get:14 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 iproute all 1:4.3.0-1ubuntu3.16.04.1 [2'432 B]
Get:15 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libjasper1 amd64 1.900.1-debian1-2.4ubuntu1.1 [130 kB]
Get:16 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libjbig2dec0 amd64 0.12+20150918-1ubuntu0.1 [55.3 kB]
Get:17 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libminiupnpc10 amd64 1.9.20140610-2ubuntu2.16.04.1 [23.9 kB]
Get:18 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 network-manager-gnome amd64 1.2.6-0ubuntu0.16.04.3 [290 kB]
Get:19 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libnma0 amd64 1.2.6-0ubuntu0.16.04.3 [66.5 kB]
Get:20 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libnma-common all 1.2.6-0ubuntu0.16.04.3 [5'650 B]
Get:21 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libservlet3.1-java all 8.0.32-1ubuntu1.4 [390 kB]
Get:22 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 vino amd64 3.8.1-0ubuntu9.2 [140 kB]
Fetched 9'833 kB in 1s (7'209 kB/s)
Preconfiguring packages ...
(Reading database ... 274097 files and directories currently installed.)
Preparing to unpack .../python-samba_2%3a4.3.11+dfsg-0ubuntu0.16.04.7_amd64.deb ...
Unpacking python-samba (2:4.3.11+dfsg-0ubuntu0.16.04.7) over (2:4.3.11+dfsg-0ubuntu0.16.04.6) ...
Preparing to unpack .../samba_2%3a4.3.11+dfsg-0ubuntu0.16.04.7_amd64.deb ...
Unpacking samba (2:4.3.11+dfsg-0ubuntu0.16.04.7) over (2:4.3.11+dfsg-0ubuntu0.16.04.6) ...
Preparing to unpack .../samba-common-bin_2%3a4.3.11+dfsg-0ubuntu0.16.04.7_amd64.deb ...
Unpacking samba-common-bin (2:4.3.11+dfsg-0ubuntu0.16.04.7) over (2:4.3.11+dfsg-0ubuntu0.16.04.6) ...
Preparing to unpack .../smbclient_2%3a4.3.11+dfsg-0ubuntu0.16.04.7_amd64.deb ...
Unpacking smbclient (2:4.3.11+dfsg-0ubuntu0.16.04.7) over (2:4.3.11+dfsg-0ubuntu0.16.04.6) ...
Preparing to unpack .../samba-libs_2%3a4.3.11+dfsg-0ubuntu0.16.04.7_amd64.deb ...
Unpacking samba-libs:amd64 (2:4.3.11+dfsg-0ubuntu0.16.04.7) over (2:4.3.11+dfsg-0ubuntu0.16.04.6) ...
Preparing to unpack .../libwbclient0_2%3a4.3.11+dfsg-0ubuntu0.16.04.7_amd64.deb ...
Unpacking libwbclient0:amd64 (2:4.3.11+dfsg-0ubuntu0.16.04.7) over (2:4.3.11+dfsg-0ubuntu0.16.04.6) ...
Preparing to unpack .../libsmbclient_2%3a4.3.11+dfsg-0ubuntu0.16.04.7_amd64.deb ...
Unpacking libsmbclient:amd64 (2:4.3.11+dfsg-0ubuntu0.16.04.7) over (2:4.3.11+dfsg-0ubuntu0.16.04.6) ...
Preparing to unpack .../samba-common_2%3a4.3.11+dfsg-0ubuntu0.16.04.7_all.deb ...
Unpacking samba-common (2:4.3.11+dfsg-0ubuntu0.16.04.7) over (2:4.3.11+dfsg-0ubuntu0.16.04.6) ...
Preparing to unpack .../iproute2_4.3.0-1ubuntu3.16.04.1_amd64.deb ...
Unpacking iproute2 (4.3.0-1ubuntu3.16.04.1) over (4.3.0-1ubuntu3) ...
Preparing to unpack .../libnm-gtk0_1.2.6-0ubuntu0.16.04.3_amd64.deb ...
Unpacking libnm-gtk0:amd64 (1.2.6-0ubuntu0.16.04.3) over (1.2.6-0ubuntu0.16.04.2) ...
Preparing to unpack .../libnm-gtk-common_1.2.6-0ubuntu0.16.04.3_all.deb ...
Unpacking libnm-gtk-common (1.2.6-0ubuntu0.16.04.3) over (1.2.6-0ubuntu0.16.04.2) ...
Preparing to unpack .../gir1.2-nmgtk-1.0_1.2.6-0ubuntu0.16.04.3_amd64.deb ...
Unpacking gir1.2-nmgtk-1.0:amd64 (1.2.6-0ubuntu0.16.04.3) over (1.2.6-0ubuntu0.16.04.2) ...
Preparing to unpack .../iproute_1%3a4.3.0-1ubuntu3.16.04.1_all.deb ...
Unpacking iproute (1:4.3.0-1ubuntu3.16.04.1) over (1:4.3.0-1ubuntu3) ...
Preparing to unpack .../libjasper1_1.900.1-debian1-2.4ubuntu1.1_amd64.deb ...
Unpacking libjasper1:amd64 (1.900.1-debian1-2.4ubuntu1.1) over (1.900.1-debian1-2.4ubuntu1) ...
Preparing to unpack .../libjbig2dec0_0.12+20150918-1ubuntu0.1_amd64.deb ...
Unpacking libjbig2dec0 (0.12+20150918-1ubuntu0.1) over (0.12+20150918-1) ...
Preparing to unpack .../libminiupnpc10_1.9.20140610-2ubuntu2.16.04.1_amd64.deb ...
Unpacking libminiupnpc10:amd64 (1.9.20140610-2ubuntu2.16.04.1) over (1.9.20140610-2ubuntu2) ...
Preparing to unpack .../network-manager-gnome_1.2.6-0ubuntu0.16.04.3_amd64.deb ...
Unpacking network-manager-gnome (1.2.6-0ubuntu0.16.04.3) over (1.2.6-0ubuntu0.16.04.2) ...
Preparing to unpack .../libnma0_1.2.6-0ubuntu0.16.04.3_amd64.deb ...
Unpacking libnma0:amd64 (1.2.6-0ubuntu0.16.04.3) over (1.2.6-0ubuntu0.16.04.2) ...
Preparing to unpack .../libnma-common_1.2.6-0ubuntu0.16.04.3_all.deb ...
Unpacking libnma-common (1.2.6-0ubuntu0.16.04.3) over (1.2.6-0ubuntu0.16.04.2) ...
Preparing to unpack .../libservlet3.1-java_8.0.32-1ubuntu1.4_all.deb ...
Unpacking libservlet3.1-java (8.0.32-1ubuntu1.4) over (8.0.32-1ubuntu1.3) ...
Preparing to unpack .../mint-mirrors_1.1.6_all.deb ...
Unpacking mint-mirrors (1.1.6) over (1.1.5) ...
Preparing to unpack .../vino_3.8.1-0ubuntu9.2_amd64.deb ...
Unpacking vino (3.8.1-0ubuntu9.2) over (3.8.1-0ubuntu9.1) ...
Processing triggers for libc-bin (2.23-0ubuntu7) ...
Processing triggers for man-db (2.7.5-1) ...
Processing triggers for systemd (229-4ubuntu17) ...
Processing triggers for ureadahead (0.100.0-19) ...
ureadahead will be reprofiled on next reboot
Processing triggers for ufw (0.35-0ubuntu2) ...
Rules updated for profile 'Samba'
Skipped reloading firewall
Processing triggers for libglib2.0-0:i386 (2.48.2-0ubuntu1) ...
Processing triggers for libglib2.0-0:amd64 (2.48.2-0ubuntu1) ...
Processing triggers for desktop-file-utils (0.22-1ubuntu5.1) ...
Processing triggers for gnome-menus (3.13.3-6ubuntu3.1) ...
Processing triggers for mime-support (3.59ubuntu1) ...
Processing triggers for hicolor-icon-theme (0.15-0ubuntu1) ...
Processing triggers for gconf2 (3.2.6-3ubuntu6) ...
Processing triggers for mintsystem (8.3.0) ...
Setting up libwbclient0:amd64 (2:4.3.11+dfsg-0ubuntu0.16.04.7) ...
Setting up samba-libs:amd64 (2:4.3.11+dfsg-0ubuntu0.16.04.7) ...
Setting up python-samba (2:4.3.11+dfsg-0ubuntu0.16.04.7) ...
Setting up samba-common (2:4.3.11+dfsg-0ubuntu0.16.04.7) ...
Setting up samba-common-bin (2:4.3.11+dfsg-0ubuntu0.16.04.7) ...
Setting up samba (2:4.3.11+dfsg-0ubuntu0.16.04.7) ...
Setting up libsmbclient:amd64 (2:4.3.11+dfsg-0ubuntu0.16.04.7) ...
Setting up smbclient (2:4.3.11+dfsg-0ubuntu0.16.04.7) ...
Setting up iproute2 (4.3.0-1ubuntu3.16.04.1) ...
Setting up libnm-gtk-common (1.2.6-0ubuntu0.16.04.3) ...
Setting up libnm-gtk0:amd64 (1.2.6-0ubuntu0.16.04.3) ...
Setting up gir1.2-nmgtk-1.0:amd64 (1.2.6-0ubuntu0.16.04.3) ...
Setting up iproute (1:4.3.0-1ubuntu3.16.04.1) ...
Setting up libjasper1:amd64 (1.900.1-debian1-2.4ubuntu1.1) ...
Setting up libjbig2dec0 (0.12+20150918-1ubuntu0.1) ...
Setting up libminiupnpc10:amd64 (1.9.20140610-2ubuntu2.16.04.1) ...
Setting up libnma-common (1.2.6-0ubuntu0.16.04.3) ...
Setting up libnma0:amd64 (1.2.6-0ubuntu0.16.04.3) ...
Setting up network-manager-gnome (1.2.6-0ubuntu0.16.04.3) ...
Setting up libservlet3.1-java (8.0.32-1ubuntu1.4) ...
Setting up mint-mirrors (1.1.6) ...
Setting up vino (3.8.1-0ubuntu9.2) ...
Processing triggers for libc-bin (2.23-0ubuntu7) ...

# Restart samba

service smbd restart
ps -ef | grep smb
root       379     1  0 20:26 ?        00:00:00 /usr/sbin/smbd -D
root       380   379  0 20:26 ?        00:00:00 /usr/sbin/smbd -D
root       382   379  0 20:26 ?        00:00:00 /usr/sbin/smbd -D
root       394 28055  0 20:26 pts/2    00:00:00 grep smb




So: What did I learn?

Yet again there seems to be an element of scare-mongering here.  Since there is no Linux virus called SambaCry that has been developed or deployed

With an unpatched Linux system I was unable to use the proposed IPC$ share vulnerability to compromise my Linux system, at least from a psexec.exe loaded windows Server test rig.

But the good news is that Linux people, patched the vulnerability quickly after it was highlighted.

Today is Friday morning, May 26 2017.  I am off to sleep now.  I will sleep safely knowing both my Linux and Windows systems are safe.



Links