By which I mean scary

The Internet Storm Center writes about a new variant on malware that messes with your DNS: it installs a rogue DHCP server.

While not too sophisticated, the whole attack is very
interesting. First, it's about a race between the rogue DHCP server
and the legitimate one. Second, once a machine has been poisoned it is
impossible to detect how it actually got poisoned in the first place -
you will have to analyze network traffic to see the MAC address of
thoese DHCP Offer packets to find out where the infected machine
actually is.

In other news...all $job_2's new machines are set up and running. Kickstart is very nice…I really wish Debian had something similar; FAI is lovely, but Kickstart has the lovely feature of taking a hand-done installation you've just finished and turning that into a config file for a hands-off version. That saves a huge amount of time.

Next up: turn nscd back on (forgot I'd left it off for debugging LDAP 'til a simple find -exec chown was taking 10 minutes to finish); relabel the machines with their new names; commit the documentation I've been piecing together on my laptop; open up to others in the group; look at either moving the LDAP server over to the server room, or setting up a slave over there.