Security Department Trying to Fault Us for Not Using the Latest Version of Winston

15 views
Skip to first unread message

jona...@ntu.edu.sg

unread,
Sep 22, 2022, 4:38:10 AM (7 days ago) Sep 22
to Earthworm Community Forum
Hi fellow earthworms!

My observatory has Earthworm 7.9 with Winston 1.2.12 running on CentOS7. Our seismologists had worked long and hard to calibrate our seismic and infrasound instruments to work well with this installation and everything is just fine and dandy.

We recently had to undergo a mandatory commercial security penetration test. Although these external security people were unable to hack into our server, they decided to fault us on our software versions. They said that we are running an obsolete web application named Winston Wave Server version 1.2.12. Even though they acknowledge that there are no common vulnerabilities and exploits (CVEs) associated with this software version, they recommend that we upgrade to the latest version of Winston.

But our seismic department had already expanded lots of time and effort to get all our seismic and infrasound instruments (different types, different brands, and different models) configured properly with this installation. If we could, we would rather leave this configuration running forever, or at least until the end of life for CentOS7.

We are worried that upgrading the Earthworm/Winston version may destabilize and break our instrument streams, particularly those being used for infrasound (those were the ones that gave us the most problems a few years ago).

I don't really know what I'm asking, but I guess my question is, will upgrading from Earthworm 7.9 (Winston 1.2.12) to Earthworm 7.10 (Winston 1.3.13) cause any stability or configuration problems with our existing instruments and seismic streams that are all currently working just fine?

Thanks for any wisdom, insights, or advice you can provide,
Jonah


Victor Preatoni

unread,
Sep 22, 2022, 7:30:36 AM (7 days ago) Sep 22
to Earthworm Community Forum
Hi Jonah,

latest Winston release is 1.6.2

I have upgraded from 1.3.13 to 1.6.2 without problems. You can keep both versions installed on different directories, and just change the directory on your startup script. That way, you can easily rollback in case of any problem.

Regards,
Victor

jona...@ntu.edu.sg

unread,
Sep 22, 2022, 10:04:41 PM (7 days ago) Sep 22
to Earthworm Community Forum
Thank you, Victor, for the amazingly useful tip about keeping both versions installed in different directories. What a brilliant idea!

Let me go ahead and try out the idea you had recommended.

I had always thought that Earthworm and Winston came packaged together and that both were from ISTI, with Winston being named after somebody's cat.
I did not previously know that USGS maintained a Winston version that is so many revisions ahead of ISTI's. Did the Winston developer move from ISTI to USGS?

Thanks,
Jonah

Stefan Lisowski

unread,
Sep 22, 2022, 10:26:52 PM (7 days ago) Sep 22
to earthwo...@googlegroups.com
Whenever ISTI releases Earthworm, the latest snapshot of AVO/USGS' Swarm
and Winston are bundled with Earthworm. The last Earthworm was a few
years ago though, and happily development on Winston and Swarm are
moving forward. I'd recommend moving to the latest Winston, rather than
the one that's bundled with 7.10.

On 9/22/22 10:04 PM, 'jona...@ntu.edu.sg' via Earthworm Community Forum
wrote:
> --
> --
> You received this message because you are subscribed to the Google
> Groups "Earthworm Community Forum" group.
>
> To post to this group, send an email to earthwo...@googlegroups.com
>
> To unsubscribe from this group, send an email to
> earthworm_for...@googlegroups.com
>
> For more options, visit this group at
> http://groups.google.com/group/earthworm_forum?hl=en
> <http://groups.google.com/group/earthworm_forum?hl=en>
>
> ---
> You received this message because you are subscribed to the Google
> Groups "Earthworm Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to earthworm_for...@googlegroups.com
> <mailto:earthworm_for...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/earthworm_forum/40ec78b9-bdee-4a5c-8006-9742cff5ea74n%40googlegroups.com <https://groups.google.com/d/msgid/earthworm_forum/40ec78b9-bdee-4a5c-8006-9742cff5ea74n%40googlegroups.com?utm_medium=email&utm_source=footer>.

--








*To follow ISTI news and updates please subscribe to our newsletter
"the isti letter" at  https://www.isti.com/newsletter-sign-up
<https://www.isti.com/newsletter-sign-up>.*





Reply all
Reply to author
Forward
0 new messages