Security vulnerability in Python 2.3 and above - definitely not just Ubuntu, but also Debian. Ubuntu is only linked because there is no security advisory from Debian yet. Is someone sleeping?
sysadmin - 1.4.2006 - 9.10.2006
Novell will SCO an die Kriegskasse - and wants to relieve SCO of 25 million from license sales. Nice move by Novell ...
ATI-Graphics Chips Fold Proteins Faster - of course. Just a matter of time until the GPUs become more powerful than the CPUs.
Vmware how to - OSx86 - a guide on how to run Mac OS X under VMWare on a regular PC.
The GPL is not a compromise - a point that is missing in the current discussion about GPLv3: the GPL is a community license. It's not about the rights of the producer, the central core is the right of the user. The excitement of Linus and some others is therefore quite amusing: because Linus is a producer here. Producers have always been upset about the GPL. The question is: do users need protection against DRM? Yes, otherwise the GPL will only be waste paper in the DRM-infested future that threatens us.
SpamCop as incompetent as SORBS
In my popular series about idiotic blocklists, this time a particularly brilliant stupid idea from SpamCop.net. They now list a server if it routes emails to downstream systems and then routes error messages back out. Short, our company scenario: our customers are served via our central mail server, but usually have their own mail systems (Exchange or Linux systems). For this reason, we have to accept emails for some of the customers, regardless of what the local part is - we have no control over who is all configured in the Exchange. Furthermore, these systems are dynamically connected, which is why a live check is also out of the question. Of course, the mail systems generate bounces for these incorrect addresses - and of course, bounces also occur on virus spam. However, our customers have a legitimate interest in these bounces, as only then do their partners find out about typos in addresses.
Spamcop, on the other hand, now believes that bounces should not be forwarded, that one must absolutely check at the SMTP level at the very front. Or one must route bounces via a separate IP, which is then blocked by Spamcop, which would be no problem (huh? but the legitimate bounces do not reach the recipient if they are behind someone who uses this incompetently administered list).
Technically, this means that Spamcop arrogates to itself the decision that a mail server may not forward bounces if it has accepted a mail. According to Spamcop's opinion, bounces may only pass as a rejection at the SMTP level, the classic bounce mails are in their opinion a reason to enter someone in a blocklist. They even go so far as to say that any form of autoresponders is forbidden and leads to an entry in their blocklist.
A blocklist, by the way, whose alleged goal is to reject spam. Which is clearly refuted here once again - SpamCop has just as much of its own agenda as any other blocklist operator, and as usual (see SORBS with the entries as a hacked server, for example, if FTP is running on an unusual port) it shines through incompetence.
By the way, we have activated Sender-Verify on our mail servers, which means that only emails get through whose technical sender is certified as valid by their own MX. Therefore, we only bounce on addresses that are at least considered valid by their own MX. These are no "misdirected bounces" on invalid addresses, unless the MX of these addresses lies (then it is their own problem).
Mail operators who use such blocklists to reject mail server connections are acting irresponsibly. One of them is at Microsoft ...
Microsoft's Masterpiece of FUD - analyzed and interpreted. Worth reading.
Government wants to "close the last gaps" in computer criminal law - surely there will be plenty of gaps again, through which our freedoms will be further restricted. For example, what hacker tools are - farewell to practical helpers like nmap and co? With the "craftsmanship" quality of the Berlin bunglers (some call them government), I don't expect anything useful anyway ...
Spam opponents should pay 11 million dollars - I don't usually hold much of blacklist operators, but in this case I'm still on the side of spamhaus - because I hold even less of spammers and stupid US judges ...
OFF - Owner Free Filesystem. An interesting idea where only XOR-diffs between files are stored in a distributed manner and are designed so that each block of numbers can be combined with others to create various original files - which, according to the authors, makes the individual blocks of numbers not copyrightable, as they belong to different originals at the same time.
Merlin XU870 3G HSDPA 7.2 ExpressCard - Direct UMTS in the MacBook Pro?
AMD talks about ATI - possible open-sourcing of the drivers?
An AOL Searcher No. 4417749 Is Identified - it's one thing to say that the search queries published by AOL can be traced back to names. Another thing is to actually do it - the NY Times can not only fake photos, but sometimes also be investigative ...
O'Reilly's list of the most popular programming languages - absurd, how a publisher, who has long been facing competition in its core area from others (e.g. apress and manning), still acts as if they could provide some definitions. And not just trying to boost their own sales and define the market by selecting the topics published.
Hackers Clone RFID Passports - oh, great, the blackhats have demonstrated how easy it is to clone a German passport with RFID (i.e. the RFID part of it). Result? A blank piece of paper with an RFID chip that looks like the original ID to the electronic reader.
SCO is Distributing ELF Under the GPL Still. Yes. Now. Today. - strange. One would think that SCO would have already taken down all downloads that allegedly violate their rights. Wrong guess ...
How to Bypass Most Firewall Restrictions and Access the Internet Privately - system administrators and firewall operators should take a look at this.
Living with Errors - the Key to Scaleout - good article about system scalability.
Intershop continues to write losses - and Microsoft Word has bugs and in China a sack of rice fell over.
The Computer Club is back - Revival of the Wolf-Gang. But if this is a podcast - how are we supposed to notice when the fat one breaks everything again?
Metasploit: Internet Drive-By Shootings - interesting article about the possibilities of exploiting browser bugs.
Woe betide my Dell - quality tech support by Dell.
Debian-Hack: Intruder exploited known vulnerability - quick reaction and resolution, that's good. Kernel on a several-hundred-user system not updated in time, that's rather bad.
Galileo encryption cracked - and thus the door is open for free decoders.
heise online - Google convicted for links to counterfeit products
Google sentenced for links to counterfeiters
Filtering out the pages of counterfeiters would have been possible, explained the Paris Court of Appeal. This has shown the filtering of politically undesirable pages in China.
Well, exactly what could be expected. One's own fault - if on the one hand you preach free opinion and how great everything is that you do and how un-evil, then on the other hand you should keep your fingers off state censorship ...
Wells Grants in Part IBM's Motion to Limit SCO's Claims! In Large Part. - wow. SCO has been heavily rejected here.
Freenode hacked - Operator account compromised. If you have passwords there, better change them and make sure the passwords used there are not used elsewhere ...
Microsoft buries WinFS - which turns the hopelessly delayed Vista into a pure farce.
Microsoft's Calling Home Problem - about the latest approaches with which Microsoft spies on legal users.
US House of Representatives votes against "net neutrality" - we can probably assume that the worst possible variant will prevail ...
Caller ID Spoofing - what is worse than a broken authorization system? One that millions of people and machines trust.
The source code for UCSD-Pascal is free - for fans of old languages and old operating systems. Oh man, that was the first Pascal environment I hacked on at school almost 24 years ago ...
New MacBooks - sorry, but a notebook with chipset graphics instead of mobile ATI and then still 5 cm wider and 1 cm deeper - something like that is no replacement for a 12" PowerBook. I hope Apple comes to their senses ...
Debunking Linus's Latest - Shapiro also has a few thoughts to share about Linus's latest misstep.
Tanenbaum-Torvalds debate, Part II - Tanenbaum's counterarguments to Linus' Microkernel-stupid claim ...
Schneier on Security: Major Vulnerability Found in Diebold Election Machines - is this finally the end for this dreadful Diebold disaster? Or will they try to wriggle out of it again and suppress the reports?
Bluetooth SIG - Idiots at the Helm
Whoever wonders which Bluetooth hardware works with BlueZ (Bluetooth stack for Linux) will come across the following statement from the Bluetooth SIG on the compatibility list:
Whether or not you're selling them makes no difference. The problem is due to the distribution of them from your Web site. Please note that the use and distribution of non-qualified products is a violation of the Bluetooth License Agreement. As neither of these products have been qualified using Linux it is illegal to make them available for public use.
Due to this idiotic attitude, it is no longer possible to refer to the compatibility of Bluetooth products with Linux on holtmann.org. Can it get any more stupid?
Rotten Effort - how Microsoft tries to pressure consultants in companies with almost extortionate tactics ...
This was the Roots: How the Internet came to Germany - and not a word about the IN e.V. at Heise either - which was also significantly involved in private internet activity.
Network Games
Well, that's the thing with games or virtual worlds that are operated somewhere on the internet. You have access, your own access is running smoothly. And the operator's servers are also working fine. Only some stupid backbone provider in between has a faulty router in the route, with around 30 percent packet loss over longer periods of time. Which of course makes playing significantly more difficult.
But: where do you complain now? I mean, he's taking away my evening entertainment, that damn place
AOL.de Zugang - WiFi Hotspots. And yes, that's the devil. But what can you do when network withdrawal threatens ...
Critical security vulnerabilities in Mac OS X - yuck. Please people at Apple - get your act together and use current and fixed versions of the various libraries. Otherwise, I might as well install Windows in the long run ...
Metasploit: Exploit Development: GroupWise Messenger Server - those who still convince themselves that the time from the discovery of a software vulnerability to an exploit is correspondingly long: forget it. Here someone shows an example development of a complete exploit one day after a hole in the GroupWise Messenger Server became known ...
Open Letter to D-Link about their NTP vandalism - why you should simply avoid D-Link products.
Virtual Worlds and Attack Scenarios
What do you get when you have virtual worlds with scriptable objects? Cracker attacks, of course. In this case, a user in Second Life built objects that, via script, produce further objects. This is a classic attack scenario in such worlds - overloading servers through high load, i.e., a classic DOS from within. What was interesting about this attack was that these objects catapulted every avatar a few million meters into the air - possibly to hinder cleanup efforts.
Cleanup efforts? Yes. The system of Second Life is a virtual world with many scripted objects - so you can't just throw everything away, as this would destroy the users' content. Instead, all regions (in principle, a region is a server in a large server farm) that were attacked had to be cleaned of exactly the affected objects. To do this, the Lindens (the employees of the operator) first approached these objects inworld (i.e., within the simulation environment) to examine them. Presumably, the operator will have tools for mass cleanup of malicious objects, but nevertheless, the entire work took several hours!
Well, one might say that this is trivial - after all, it's just a virtual world on a server cluster, nothing more. But Second Life is more - among other things, it is a micropayment system. And a lot of money is transacted there - thousands of US dollars per hour (and not just to the operator, but also among the users themselves!). There is therefore direct economic damage from the downtime. Not to mention the interactions of users in the system and events taking place - for example, on that evening, there were two major openings of new clubs with live music. The musicians were completely disconnected from the system by the events, as they no longer received any feedback, they did not know whether they were still live or not (although the streams usually continued to run) and of course, a lot of people's party was ruined. And the club owners certainly had a different idea of their opening party.
All in all, of course, predictable - because any system with influence possibilities will be misused by people, even if it is out of sheer malice - but nevertheless extremely annoying.
Apple Converts Xserves from PowerPC to AMD
Wow, I didn't realize that Apple is transitioning the XServe to AMD processors. I wonder if Intel agrees with their assessment of server performance?
Deutsche Bahn becomes a DSL provider - ok, this is definitely one of them. For the WDR, this is damn good.