WordPress 2.0.5 is out

WordPress have just announced the release of WordPress 2.0.5, you can see the changes at the Trac page for the release.

It’s new release time. The latest in our venerable 2.0 series, which now counts over 1.2 million downloads, is available for download immediately, and we suggest everyone upgrade as this includes security fixes.

Congratulations to Ryan Boren on his new baby, Ronan, after whom this release is named!

Update: The upgrade here was painless, nice work folks!. There’s also some more details in this blog post.

Update 2: Brian Layman has asked me to point out that this fixes some serious security problems.

Ubuntu 6.10 “Edgy Eft” Released

Yay, the latest version (( 6.10, codenamed Edgy Eft )) of Ubuntu (( using the Gnome desktop )), Kubuntu (( using the KDE desktop )), Xubuntu (( using the XFCE desktop )) and Edubuntu (( with support for educational institutions via thin client deployments and educational software )) has landed!

See the release notes for details of where to get it, what’s new, how to update an existing system and a required firmware update for Sun Niagra boxes to fix a Sun hypervisor bug that it can tickle.

Vegemite and the US FDA

There’s been a fair bit of discussion around the web about the US FDA banning the import of Vegemite (( Alec Muffett – US govt bans Vegemite )) (( Andrew Pollock – Egad. They’ve banned Vegemite! )) (( BoingBoing – US govt bans Vegemite )) ((News.com.au – US bans Vegemite )).

Well I went digging around because this sounded a little too odd and because the only source was a tiny news story that gave no details. Wikipedia’s Vegemite entry mentions the ban but is equivocal about the veracity of the reports and if you check the history and the discussion page there’s quite a debate about whether or not its real.

So I went to the horses mouth – I left a feedback message on the Vegemite website asking about whether this was real or not and (to my suprise) got a rapid response from Kraft Foods, which I’m waiting to see if they’ll give me permission to quote.

The summary is that the news story is pretty much accurate, if a little old, Kraft Foods haven’t been exporting Vegemite to the US for 12 months now because of the US FDA’s regulations on what foods are allowed to have folate fortification.

Caller ID on your Television

Andrew’s done a neat trick and now has caller ID appearing on his television courtesy of combining Asterisk and MythTV. He’s got interesting plans..

Next I need to see if I can pause the TV, and resume it when the call ends.

Be nice if you could mark a program as “do not disturb” and get Asterisk to silently divert them to its voicemail system until it’s over, or phone up and tell it to record something you forgot (when you’ve not got Internet access).

Todays Prize

Today’s prize is for excessive political hyperbole and goes to John Cobb of the National Party.

He criticised the Australia Institute’s statement that perhaps assuming that being able to farm anywhere in a naturally drought stricken country isn’t such a bright idea by describing their attitude as:

agrarian genocide

I’m not quite sure how reconsidering our attitudes to farming in this country equates with mass murder.

Root exploit in binary nVidia drivers

LWN is reporting the release of information about and a proof of concept exploit for a root exploit bug in the binary nVidia drivers.

There are two NVIDIA graphics drivers for Linux: a closed-source binary blob driver provided by NVIDIA (which provides acceleration) and an open-source driver (which lacks acceleration). NVIDIA’s binary blob driver contains an error in its accelerated rendering of glyphs (text character data) that can be exploited to write arbitrary data to anywhere in memory. The open-source driver is not vulnerable.

1. Affected system(s):

    KNOWN VULNERABLE:
     o NVIDIA Driver For Linux v8774
     o NVIDIA Driver For Linux v8762

    PROBABLY VULNERABLE:
     o NVIDIA Driver for FreeBSD
     o NVIDIA Driver for Solaris
     o Earlier versions

    KNOWN FIXED:
     o None

nVidia have been somewhat tardy in addressing the issue:

There have been multiple public reports of this NVIDIA bug on the NVNews forum [1,2] and elsewhere, dating back to 2004 [3]. NVIDIA’s first public acknowledgement of this bug was on July 7th, 2006. In a public posting [1] on the NVNews forum, an NVIDIA employee reported having reproduced the problem, assigned it bug ID 239065, and promised a fix would be forthcoming.

That was July – there is still no fix.

Edgy Eft Glibc/Pthread Dependency Problem

As ever, when you are playing with a development version of a distro things can, occasionally ((OK, I must have been lucky)), break. I’ve just got bitten with the following error:

Matching libraries: /usr/lib/libpthread.so.20 /lib/ld-linux.so.2

A copy of glibc was found in an unexpected directory.
It is not safe to upgrade the C library in this situation;
please remove that copy of the C library and try again.

As you might guess, this blocks apt-get dist-upgrade because it is (not unreasonably) being paranoid about not leaving your system in an completely stuffed state. So I went and consulted the Oracle and found a rather nice page on debugging dpkg dependency problems by Dan Shearer, an ex-Aussie now in Edinburgh.

I’m going to give this a try and see what happens, if you don’t hear from me for a few days then you know I messed something up. 🙂

Update: It worked, all that was needed was:

sudo mkdir /usr/lib/temp
sudo mv /usr/lib/libpthread* /usr/lib/temp/
sudo apt-get install -f
sudo mv /usr/lib/temp/* /usr/lib

Boosting SpamAssassin Usefulness

Found this posting to the spamassassin-users list on my quest to make life a bit harder for the image spammers, looks like it’s working already.. 🙂

Yes, hits=5.433 tag=-100 tag2=5 kill=5 tests=BAYES_00, DK_POLICY_SIGNSOME, FORGED_RCVD_HELO, HELO_DYNAMIC_SPLIT_IP, HTML_10_20, HTML_IMAGE_ONLY_32, HTML_MESSAGE, MIME_HTML_ONLY, RCVD_NUMERIC_HELO, TVD_FW_GRAPHIC_NAME_LONG

The important part there to note is that the Bayesian spam value was very little, but the rest of the tests correctly flagged it as spam.

How Big Was North Korea’s Bomb ?

My good friend Alec wrote on hearing about the DPRK nuclear test:

One presumes that there is a small chance it’ll have been staged with conventionals;

That got me thinking – how large a bomb was it ? We know the USGS detected a mag 4.2 shock so I went hunting around to see if there was an algorithm for converting magnitudes on the Richter Scale into energy, and, hopefully, into kilotons or megatons. It turns out J.C. Lahr wrote up a method for the “Comparison of earthquake energy to nuclear explosion energy” and helpfully included a piece of Fortran code to create a table of comparisons.

A quick “apt-get install gfortran” and a bit of mucking around with the code and I had an approximate answer:

Mag.   Energy      Energy      TNT         TNT         TNT         Hiroshima
       Joules      ft-lbs      tons        megatons   equiv. tons  bombs
4.2   0.126E+12   0.929E+11   0.301E+02   0.301E-04   0.201E+04   0.134E+00

So a magnitude 4.2 earthquake is (roughly) equivalent to a 2 kiloton device, less than one fifth of the size of Hiroshima bomb. This means it’s probably unlikely to have been a conventional device.

So what North Korea tested was fairly small in these days of megaton devices but certainly nothing you’d want to be anywhere near..

USGS Reports Mag 4.2 Quake in North Korea

Here’s possible confirmation of the nuclear test in North Korea, the USGS has a report of a magnitude 4.2 quake near Chongjin, North Korea. Capture of the map is below.

North Korean

Update 2014-09-30: Please note that the above links no longer work, thanks to Sharon Thornton (Research Coordinator at The International Union of Geodesy and Geophysics) for pointing that out. Instead here is an alternative URL with information about the quake and also a PDF report on it from the Center for Nonproliferation Studies and the Monterey Institute of International Studies.