Re: /var/lib/dpkg/status strangeness

To: debian-user@lists.debian.org
Subject: Re: /var/lib/dpkg/status strangeness
From: Simon Bell <simon@calmblue.net>
Date: Mon, 29 Dec 2014 17:09:21 +0000
Message-id: <[🔎] 4882998.Z6FHP07u20@dragonfly>
Reply-to: simon@calmblue.net

>> SMART Error Log Version: 1
>> No Errors Logged
>> 
>> SMART Self-test log structure revision number 1
>> Num  Test_Description    Status                  Remaining  LifeTime(hours)  
>> LBA_of_first_error
>> # 1  Short offline       Completed without error       00%     14025 -
>> # 2  Extended offline    Completed without error       00%     14024 -
>
>That all looks good.
>
>> It still seems like a big coincidence that the word airdrawndagger
>> appeared there as this machine never in it's life saw that
>> wifi. Although The smart TV it's connected to via HDMI did...
>
>It is strange.  I don't know what more to suggest.  And apparently no
>one else does either because there are no other comments.
>
>Among the last hints I can provide would be to install mcelog to make
>sure that any machine check exceptions are logged.
>
 > # apt-get install mcelog
>
>It would also be possible to 'grep' through your swap partition just
>to see if there are interesting things there.  For example if you
>found "airdrawndagger" there or other things then that could be a
>useful clue that it came through there.  For example, I am just
>brainstorming, haven't thought about it much:
>
 > # LC_ALL=C grep -a airdrawndagger /dev/mapper/v1-swap
>Or perhaps:
 > # strings /dev/mapper/v1-swap | grep airdrawndagger
>
>But since then it could have been overwritten too.  So even if nothing
>found it doesn't say much.  Again, to me this feels like flaky
>hardware more than anything else.
>
> Is it too paranoid to consider some kind of malware from another
> machine on the network?
>
>Some would say that it is impossible to be too paranoid.  But it is
>all a long gray scale.  It all depends.  If this is simply your
>desktop and it lives on a private home network then I probably
>wouldn't be too paranoid.  If you are running a banking system and it
>is handling credit card data on the hostile Internet then for that I
>would be quite a bit more paranoid.  It all depends.
>
>It doesn't feel like an attack since an attacker would have no
>knowledge of that old wifi ssid either.  So at least not directly
>using that data.  So far too many unknowns.
>
>I still think that somehow the string was still in the swap partition
>of the disk after all of this time and therefore got sucked into
>memory that way somehow.  I think if we knew exactly how it happened
>we would be amazed at the coincidences needed to have it occur.
>
>It feels more like a random machine failure due to the consumer grade
>hardware which we are all using these days.  It isn't required to run
>faster than the bear.  It is only required to run faster than the
>other person who is also running from the bear.  Therefore hardware
>vendors don't make great reliable Unix server quality hardware these
>days.  Instead it is mosly MS quality hardware.  Almost no desktops
>have parity anymore for example.  Because of this the hardware just
>isn't ultimately reliable.  You will drive yourself crazy if you try
>to chase down every odd thing.
>
>Bob

Thanks a lot, I'll defo get mcelog installed

Reply to:

Prev by Date: Re: New Kernel but there is no screen... :(
Next by Date: Re: New Kernel but there is no screen... :(
Previous by thread: Re: /var/lib/dpkg/status strangeness
Next by thread: shell script removing log files.
Index(es):
- Date
- Thread