So it appears that KDE 4.3 has been tagged in SVN and the directory has appeared in stable on the master KDE FTP server (though currently inaccessible, presumably whilst its populated and propagated to the mirrors). W00t! ๐
Category Archives: Computers
A New TTY Maintainer for Linux
After the recent orphaning of the Linux TTY code there was speculation about who, if anyone, would be mad enough to take it up next. Well just merged in Linus’s git repository is the answer:
commit 57d7f282271a83fe4ca4bd15eee79be577210210 Author: Greg Kroah-HartmanDate: Fri Jul 31 21:28:16 2009 -0700 TTY: Maintainer change Clearly, I am a glutton for punishment. I'll see if I can see Alan's changes through to the end, otherwise I'll be fending off a lot of bug reports for usb-serial devices. Cc: Alan Cox Signed-off-by: Greg Kroah-Hartman Signed-off-by: Linus Torvalds
So the self-described “Maintainer of Crap” has added some more dodgy code to his collection.. ๐
So a big round of applause to Alan Cox for starting this dirty nasty work off and another big vote of thanks to Greg for picking it up. A raspberry to Linus for annoying Alan enough to make him give up on a really really tough job. ๐
VPAC is looking for an Operations Manager
Don’t panic, this isn’t about me.. ๐ No agencies please!
The Victorian Partnership for Advanced Computing (VPAC) is looking for an Operations Manager:
We are looking for a dynamic leader with excellent IT knowledge to lead and manage our High Performance Computing (HPC) team based at VPAC (housed at RMIT University in Carlton).
Your ideal background would include management of similar teams and the provision of strong hands-on experience, coupled with full responsibility for technical infrastructure. The Operations Manager will build and maintain strategic relationships with key stakeholders such as Victorian Universities and national initiatives such as ARCS, NCI and ANDS.
Reporting to the Chief Executive Officer you will be a key member of the VPAC Management Team and lead a growing team of around 15 Systems Administrators and Developers. As VPAC is aiming for industry best practice and holds ISO accreditation it will be expected that you will have worked in similar environments that provide a process based approach to IT service management.
A senior level remuneration package will be negotiated with the successful applicant. To obtain a copy of the position description and/or to apply for this exciting opportunity please email recruitment@vpac.org
There is also a copy of the PD on the VPAC employment positions web page.
As ever please contact VPAC recruitment, not me, about this position..
CSamuel.org Now IPv6 Enabled
Well thanks to those nice people at Rimuhosting for migrating this Xen host to a 2.6.27.x kernel and pointing my at the Hurricane Electric IPv6 TunnelBroker.net service this blog is now IPv6 enabled (as is Donna’s site, blog and podcast)! Slowly updating DNS for all the other sites hosted here but I’ll finish that off tomorrow night.
Congrats to Brian for being the first person to hit the site by IPv6! ๐
Firefox 3.5.1 Vulnerability
Various analysts and sites have recently confirmed a vulnerability is present in FireFox 3.5.1 that has had exploit PoC released. When exploited, the vulnerability can lead to system compromise or induce a DOS. No Patch is available.
Interestingly the SecurityFocus BID for this says it’s FF 3.5, but the ISC SANS post above does say 3.5.1 (and they do know what they’re talking about). There is also a CVE number allocated to it, but I’m having problems reaching that at present to check what it says. One possible explanation is that Mozilla pushed out 3.5.1 to fix the 3.5 0day that appeared recently, but this bug was found beforehand and Mozilla weren’t aware of it prior to releasing 3.5.1 (or they thought it was more important to get the other fix out whilst they worked on this).
Firefox 3.5 0day Vulnerability
Oh joy, within 24 hours of the MS IE/ActiveX exploit we have a remote vulnerability against Firefox 3.5.
The vulnerability is caused due to an error when processing JavaScript code handling e.g. “font” HTML tags and can be exploited to cause a memory corruption. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 3.5. Other versions may also be affected.
Currently Mozilla have no “known vulnerability” page for Firefox 3.5 security issues, I presume once it’s created it’ll be here.
There is a sample exploit available already, so it’ll be in the wild soon if not already. ๐
Yet Another ActiveX/Internet Explorer Exploit Being Exploited
For those people who have to care about Windows systems SANS ISC has info on a scary new ActiveX remote exploit doing the rounds that allows an attacker to run code on a Windows box rendering HTML via Internet Exploder or (presumably) Outlook, etc if you have virtually any version of MS Office installed..
This vulnerability exists in the ActiveX control used by IE to display Excel spreadsheets. The CVE entry for the vulnerability is CVE-2009-1136. Microsoft mentions that they are aware of active exploits against this vulnerability
There is no fix at present, though a workaround is available to disable those ActiveX controls. Attackers are actively targeting people with this too:
A highly targeted attack against an organization earlier today who received a Microsoft Office document with embedded HTML. This one was particularly nasty, it was specifically crafted for the target – with the document being tailored with appropriate contact information and subject matter that were specific to the targeted recipient. Analysis of the document and secondary payload found the attacker used a firewall on the malicious server so that all IP traffic outside of the targeted victim’s domain/IP range would not reach with the server.
Remember Microsoft isn’t the answer, Microsoft is the question. “No” is the answer.
Linux Based Open-PC Project Launched
The KDE News website has the announcement of a new Open-PC project to create a PC shipped with Linux and other FOSS software. Why another ? Well, as they say:
The project was initiated in response to the lack of quality in the Free Software-based hardware solutions currently on the market. As many reviewers and end-users have stated, the pre-installed software used by hardware vendors generated a bad image for Free Software with potentially interested end-users. Much of the software was buggy and not widely tested and device drivers were often unstable, non-free or not available at all.
There’s a lot of questions to answer yet – what form factor, what software, etc – so they are running a survey to try and gauge peoples thoughts. The site says there is a second survey planned for a later date, presumably focusing in on options once they’ve got general ideas. The other interesting thing is that they’ve apparently already got a major PC manufacturer lined up and they are aiming to be shipping by late 2009 with part of the profits going to funding FOSS projects.
There is more information in Frank Karlitschek’s presentation (PDF) from the Desktop Summit in Gran Canaria.
Upgraded to WordPress 2.8.1
Just upgrade to 2.8.1 and managed to make the SVN version work with judicious use of svn revert and svn switch.
Let me know if anything is broken (email chris at csamuel.org or send me a message on Twitter)!
Google Chrome OS
I suspect that the world and its dog will have heard about this by now, but in case you’ve somehow missed the announcement from Google..
Google Chrome OS will run on both x86 as well as ARM chips and we are working with multiple OEMs to bring a number of netbooks to market next year. The software architecture is simple รขโฌโ Google Chrome running within a new windowing system on top of a Linux kernel. For application developers, the web is the platform. All web-based applications will automatically work and new applications can be written using your favorite web technologies. And of course, these apps will run not only on Google Chrome OS, but on any standards-based browser on Windows, Mac and Linux thereby giving developers the largest user base of any platform.
If (and I emphasis if) this takes off then MS might be in for something of a rough ride in the Netbook market. The Netbook vendors have been unable to stand up to the MS monopoly with Linux on Netbooks until now, perhaps Google can start to rebalance the marked a little ?