|
Grex > Coop12 > #136: I call for _______ to resign! | |
|
| Author |
Message |
polytarp
|
|
I call for _______ to resign!
| 
Oct 4 22:16 UTC 2002 |
To-day, one of your staff was sending huge amounts of 'alarm characters' to
my terminal. I demand and end to this activity, and restitution.
You can even check the logs.
|
| 48 responses total. |
robh
|
|
response 1 of 48:
|
Oct 5 03:26 UTC 2002 |
<robh wonders why the word "today" needs to be hyphenated>
|
gelinas
|
|
response 2 of 48:
|
Oct 5 03:32 UTC 2002 |
(it doesn't, but it can be.
"Worcester's horse came but to-day. --Shak."
|
steve
|
|
response 3 of 48:
|
Oct 5 15:39 UTC 2002 |
You need to explain more about what you say happened. There are many
ways anyone could do something to anyone. Details please.
|
janc
|
|
response 4 of 48:
|
Oct 5 15:47 UTC 2002 |
I doubt it.
I'm prepared to reconsider that opinion if given a reasonable amount of
information about what happened. I'm not aware of any logs kept of what
was sent to whose terminals.
|
janc
|
|
response 5 of 48:
|
Oct 5 15:47 UTC 2002 |
Steve slipped in.
|
steve
|
|
response 6 of 48:
|
Oct 5 16:00 UTC 2002 |
Well, I don't believe it either, but I'm willing to listen to any
intelligent input on this.
I don't think we'll get any.
|
other
|
|
response 7 of 48:
|
Oct 5 17:29 UTC 2002 |
Well, polytarp... We're waiting for your resignation.
YOU demanded it.
|
janc
|
|
response 8 of 48:
|
Oct 5 22:40 UTC 2002 |
Um, he didn't demand that anyone resign, and it's yet to be proven that
he did anything to himself. The only annoying thing he's done here is
to give a problem report that lacks enough detail to be diagnosible.
|
polytarp
|
|
response 9 of 48:
|
Oct 5 23:14 UTC 2002 |
I'm not sure who did it, and I can't access all your logs. However I'm sure
that it was from a Grex system-administrator. This is because as soon as I
killed the SSH process which was connected to Grex -- after my connection had
frozen for ME only, but not the alarmer -- the alarming alarms stopped. This
was while I was in party, which is verifiable by the logs. I know it was one
of the staff.
|
scott
|
|
response 10 of 48:
|
Oct 5 23:28 UTC 2002 |
How do you know it was one of the staff?
|
polytarp
|
|
response 11 of 48:
|
Oct 5 23:44 UTC 2002 |
Who else would be able to do it?!
Try writing to someone else's terminal.
|
gelinas
|
|
response 12 of 48:
|
Oct 6 00:11 UTC 2002 |
I'm curious: what, exactly, were the "alarming alarms"? The only thing I can
find in the party log is ONE 'ESC', apparently entered by polytarp.
|
gull
|
|
response 13 of 48:
|
Oct 6 00:20 UTC 2002 |
I think you can write to anyone's terminal that isn't set 'mesg n'.
|
polytarp
|
|
response 14 of 48:
|
Oct 6 00:33 UTC 2002 |
R. 12: It was someone, a staff member, sending alarm characters to my
terminal. They may have used echo -e, or some other method to generate these.
Me being in party was incidental.
R. 13: I doubt it. I'll try it with yours.
|
gelinas
|
|
response 15 of 48:
|
Oct 6 00:35 UTC 2002 |
So I'm dense. What is an "alarm character"? I know <CTRL>G, which supposedly
rings a bell. Is that what you are talking about?
|
polytarp
|
|
response 16 of 48:
|
Oct 6 00:41 UTC 2002 |
It's sort of like a "a" character or a "-" character or any other character.
However, there's no visual representation for this one. It just says "Hey,
you'd better ring your buzzer", to the computer which views it. It's
associated with ^G; yes.
|
janc
|
|
response 17 of 48:
|
Oct 6 01:38 UTC 2002 |
Oops, polytarp did ask for someone to resign - I'd missed the title.
No, you can't send characters to another user's terminal, even if he
does 'mesg y'. It would take a root to do that.
I decline to believe that any staff member would do so though. We've
all been at this way too long to waste time playing stupid games with
users. And polytarp is only about number 1002 on this week's list of
users who annoy Grex staff. Yes, he spammed a lot of people, but
apparantly he hasn't any idea how many people do that. Most of us have
been doing staff work for decades. If we were going to go off our
rockers, then (A) we'd need a more infuriating target than polytarp, and
(B) we'd do something more interesting to him that send him a few
control-G's.
So apparantly polytarp had an ssh connection open to Grex and was in
party. He started to get a bell ringing (continuously? occasionally?).
His Grex session froze up. He believes other user's Grex sessions
didn't, but doesn't say why he believes so. He apparantly had other
sessions open, but the bell ringing stopped when he disconnected the
Grex session.
Unfortunately, we don't have a log file that monitors everything staff
members do, or every character sent to a tty. An oversite. In fact, I
can't think of any logs that would be particularly useful.
Polytarp entered this item on Oct 4 at 18:16. The "last" command shows
that he was logged on in the following sessions:
polytarp ttypd d226-98-113.home Fri Oct 4 18:13 - 19:09 (00:56)
polytarp ttyp5 d226-98-113.home Fri Oct 4 18:00 - 18:13 (00:12)
Probably it was the 12 minute session on ttyp5 that he was talking
about. It appears that he immediately logged back in again, presumably
to post this item. Apparantly whatever staff member was harassing him
fell into a coma, and didn't harass his new session.
There is some possibility that something was running on his terminal
that might have caused problems. Processes left behind by previous
users are generally killed every 8 minutes by robocop. However, robocop
reports no kills around that time of day. So looking at the logs for
ttyp5, we see:
tod ttyp5 209.196.48.203 Fri Oct 4 18:13 - 19:56 (01:43)
polytarp ttyp5 d226-98-113.home Fri Oct 4 18:00 - 18:13 (00:12)
robi ttyp5 213.233.111.86 Fri Oct 4 17:25 - 17:59 (00:33)
Robi seems harmless. Both he and tod seemed to have stayed logged on
for a long time, so they probably weren't being hit by streams of bells.
So whatever caused this was probably not any process that started before
polytarp logged in or lasted afterwards.
Since this is all uninformative, I look at the party logs.
---- polytarp joining (Oct 4 18:02)
polytarp: NOOOOOOOOOOOOOOOOOOOOOOOO
polytarp: M_NETI"S N^?^?^?DOWN.
polytarp: Now all I have is YOU people WHO won't EVEN talk TO me.
polytarp: See?
---- polytarp leaving (Oct 4 18:03)
---- polytarp joining (Oct 4 18:06)
polytarp: Hey, amstrad, will you talk to mne?
polytarp: I did?
polytarp: amstrad; do you programme in C?
polytarp: ^[
---- polytarp leaving (Oct 4 18:13)
---- polytarp joining (Oct 4 18:16)
polytarp: Why is Grex's staff sending me alarm-characters?
It appears that the bells didn't start until rather late in his session,
because he seems to be having ordinary polytarp conversation up until he
drops out of party at 18:13. He re-enters at 18:16, after leaving and
logging back in and entering this item. I don't know what this proves,
but he asked us to look at the party log for proof, so I did.
So, having found no interesting information here either, I'll try it
from the other end and figure out which staff members where logged on at
the time. The "last" command comes in handy again. Not janc. Not mdw.
Not steve. Not scott. Not valerie. Not remmers. Not dang. Not srw.
Not spooked. Well, that's everyone with root access. Of course, a
staff member could have logged in as someone else, or they could have
editted the log file to cover for their crime. After all, the shear joy
of sending a couple control characters would inspire any of us to go to
such lengths.
Which brings us to another log file, for a change, one that isn't
publicly readable. Here's the sulog for the day:
SU 10/04 08:37 + ttyp6 scott-->noot
SU 10/04 10:14 + ttyp2 janc-->coot
SU 10/04 10:38 + ttyp2 root-->cfadm
SU 10/04 10:38 + ttyp2 root-->cfadm
SU 10/04 10:39 + ttyp2 root-->nobody
SU 10/04 10:48 + ttyp2 root-->nobody
SU 10/04 11:12 + ttyp6 scott-->noot
SU 10/04 18:27 - ttypa scott-->noot
SU 10/04 18:28 + ttypa scott-->noot
SU 10/04 18:39 + ttypa scott-->noot
SU 10/04 19:56 + ttyp4 scott-->noot
So scott became root 7.5 hours before the incident, and 14 minutes
afterwards. Not particularly shocking, since he's our most active root
these days. Not however that nobody other than scott became root, so
the "used a different account" explanation is exploded, and all we are
left with is the "editted the log files to cover his or her tracks"
theory.
So I haven't the faintest idea what caused polytarp's bell to ring.
|
janc
|
|
response 18 of 48:
|
Oct 6 01:41 UTC 2002 |
What kind of internet connection does polytarp have? Getting some
control characters, followed by a connection freezing up, is not
particularly a rare event on some types of connections (though less so
today than once upon a time).
What was polytarp doing at the time? Was he in party?
How cluttered in polytarps desktop?
|
scott
|
|
response 19 of 48:
|
Oct 6 02:05 UTC 2002 |
Jan, I think you need to spend your time on more productive tasks. ;)
|
gelinas
|
|
response 20 of 48:
|
Oct 6 02:16 UTC 2002 |
Well, the "multiple connections" leads me to a guess: the idle-zapper. It
gets upset when someone has two connections open when the "remote users"
number approaches 72. We've been seeing some full telnet queues of late.
I've seen multiple beeps followed by the "you've been idle for fifteen
minutes; five minutes more or else" followed immediately by "goodbye". So
he may have been beeped by the idle-zapper, but the text got lost, and then
he sorta got cut off.
I don't know how to test this hypothesis, though.
|
polytarp
|
|
response 21 of 48:
|
Oct 6 02:55 UTC 2002 |
Re. 17: Thanks for being so helpful. I now think you know the problem.
Re. 18: I have a cable-connection. I was in party. I don't have a desk-top.
|
gelinas
|
|
response 22 of 48:
|
Oct 6 03:06 UTC 2002 |
I think "desktop" in #18 refers to your computer's screen: how many
applications did you have open? What were they doing? Last I heard, Windows
specifically calls that display "the desktop", as does X Windows; the metaphor
is understood in MacOS, too.
|
remmers
|
|
response 23 of 48:
|
Oct 6 03:30 UTC 2002 |
Once in a great while my party session will lock up and my terminal
bell start to ring continuously. It only happens to me in party,
so I think it might be some quirk of the party software. The only
remedy seems to be to disconnect (which stops the bell) and then
reconnect to Grex. This hasn't happened often enough that I've
been able to pin down the circumstances well enough to reproduce
it. In any case, I very much doubt that it's anybody sending
characters to my terminal.
From polytarp's description of the symptoms, sounds like it might
be the same thing.
|
janc
|
|
response 24 of 48:
|
Oct 6 03:45 UTC 2002 |
Re 20: The idle zapper sends messages as well as bells, so polytarp
wouldn't have mistaken that for anything else. Anyway, I checked its
log file, and it wasn't upset about polytarp at the time.
Re 21: I don't know why you think I know the problem. I found no
evidence whatsoever pointing to anything at all.
Re 22: I meant the top of the desk. It was a faint possibility, but
sometimes I've had mysterious bells go off because one of the heaps of
junk stacked next to my keyboard slouched onto the corner of the
keyboard, depressing a key which eventually started making noise.
Re 23: Impossible. I wrote party. It can't have bugs in it. Now,
excuse me while I go figure out why Backtalk 1.2.3 won't display
response 1 to any item.
|