SCADA and X.25 security stuff (PDF) courtesy of Security-Assessment.com.
Reminds me of the old JANET joke:
If you have a free PSS account please dial 999 and ask to be arrested.
Category Archives: Computers
Linux ulimit memory enforcement oddity
Found an interesting wrinkle in the Linux handling of ulimits for maximum memory size and data segment size – they are not enforced by current glibc / kernel configurations in certain conditions.
I tracked this down to the fact that somewhere around glibc 2.3 the malloc() implementation was ripped out and replaced with one that uses mmap() for allocations of 128KB or more. The kicker is that the kernel mmap() implementation only cares about the virtual memory ulimit (RLIMIT_AS) for enforcement, the others are just ignored!
So currently an application which uses small allocations (<128KB) will find malloc() failing when they hit their max mem / data seg size ulimit whereas an application that grabs RAM in larger chunks will sail happily past that without a care in the world..
Bug, feature or undefined behaviour ? You decide.. 🙂
Installing Lacie 4L Lightscribe software on AMD64 Ubuntu/Debian systems (Updated x3)
Caveat: Whilst the below works for me for those particular applications you may find that other 32-bit only applications require a fuller 32-bit environment, which you can get using a separate install of a 32-bit Ubuntu (often called a “chrooted environment”) – please see the corresponding Ubuntu Wiki page for more information.
I have a new AMD64 compatible system (an Intel quad core box) which comes with an ASUS DRW-1814BLT Lightscribe DVD burner. Problem is that I’m running a 64-bit version of KUbuntu Linux (as it’ll have 8GB RAM once the final sticks arrive) and the closed source Lightscribe software is 32-bit only and won’t install without a bit of prodding.
So, to help others, this is the hack that I did to install it successfully.
First I had previously installed the 32-bit compatibility libraries for AMD64 thus:
$ sudo apt-get install ia32-libs
Then I downloaded the Lightscribe System Software as a 32-bit .deb and the Lacie 4L package (which has a nice GUI) as the x586 RPM.
Then I installed fakeroot and alien and converted both of them to TAR files thus:
$ fakeroot alien -t lightscribe-1.10.19.1-linux-2.6-intel.deb
$ fakeroot alien -t 4L-1.0-r6.i586.rpm
Then I converted the two tar files straight back into .deb’s:
$ fakeroot alien lightscribe-1.10.19.1.tgz
$ fakeroot alien 4L-1.0.tgz
Then it’s the usual installation procedure of:
$ sudo dpkg -i ./lightscribe_1.10.19.1-2_all.deb
$ sudo dpkg -i 4l_1.0-2_all.deb
and it seems to work (though I have no Lightscribe media to test with yet!):
$ 4L-cli enumerate
Using /etc/lightscribe.rc
Drive path: /dev/sr0
Usable: 1
Full name: ASUS DRW-1814BLT 1.13 132
Model: DRW-1814BLT
Manufacturer: ASUS
Capabilities: monochrome
Drive inner radius: 21700
Drive outer radius: 58700
Update: I’ve since spotted that dpkg has a –force-architecture option, this may avoid the need for converting the lightscribe package.
Update 2: It works! I’ve successfully used the GUI to label a CD as a test.
Update 3: Paul Bailey has distilled the above into a simple recipe.
A fatal exception has occurred
A Texas judge today faced a widespread rebuke from her fellow lawyers for refusing to keep her courthouse open after 5pm to hear a last-minute death row appeal. The prisoner was executed hours later. […] His lawyers had suffered a computer breakdown and were unable to file the appeal within regular working hours, and had begged Judge Keller for more time. Ms Keller refused.
They wanted an extra 20 minutes..
BSD UNIX history heaven
Marshall Kirk McKusick and the “Unix Heritage Society” have released a 4 CD set that contains, amongst other treasures, a complete set of the various BSD UNIX releases ever done, from 1BSD through to 4.4BSD (both regular and “lite” (sic) versions).
The whole set costs just under USD $100..
South Africa adopts ODF as government standard
The government of the Republic of South Africa has published (( on the RSA Open Source Software in Government website )) the latest version (4.1) of its Minimum Interoperability Standards (MIOS) for Information Systems in Government, which now includes ODF as their document format:
The main thrust of the framework (in line with international best practice), is the adoption of a structured approach with regard to information systems. To achieve this approach, and to ensure the enhancement of interoperability across Government, a minimum set of standards are included in this document as a required Government-wide standard. To this end, this updated version of MIOS contains an explicit definition of Open Standards as well as the inclusion of the ISO (International Standards Organisation) Open Document Format.
It also says that they will consider open source software favourably for their IT systems:
In developing open information systems, open source based solutions are to be considered before proprietary ones
This is expanded upon in their new Policy on Free and Open Source Software use for South African Government, which codifies it as:
1) The South African Government will implement FOSS unless proprietary software is demonstrated to be significantly superior. Whenever the advantages of FOSS and proprietary software are comparable FOSS will be implemented when choosing a software solution for a new project. Whenever FOSS is not implemented, then reasons must be provided in order to justify the implementation of proprietary software.
2) The South African Government will migrate current proprietary software to FOSS whenever comparable software exists.
3) All new software developed for or by the South African Government will be based on open standards, adherent to FOSS principles, and licensed using a FOSS license where possible.
4) The South African Government will ensure all Government content and content developed using Government resources is made Open Content, unless analysis on specific content shows that proprietary licensing or confidentiality is substantially beneficial.
5) The South African Government will encourage the use of Open Content and Open Standards within South Africa.
They are also being reassuringly pragmatic about it, rather than dogmatic, as the justification says:
This is not to say that FOSS/OC solutions are currently available or appropriate in every situation or for every user, a reality accommodated in the revised policy.
So, all in all, quite a positive outcome!
Tracking Ubuntu changes via RSS
Props to Dennis Kaarsemaker for creating RSS feeds for changes to Ubuntu releases, such as the ones for Gutsy and the forthcoming Hardy Heron 07.10 LTS release!
Microsoft’s tactics are killing the standards process..
After the previous reports of Microsoft stacking standards bodies, Andy Updegrove points out that there is now a far more insidious problem facing the ISO/IEC Standards Committee 34 as a result of its suddenly inflated membership.
The rules of the committee require at least 50% of the ‘P’ status members (not the observing members) return a vote in response to every ballot request (even an ‘abstain’ vote counts).
At the end of 2006 the committee had 23 members, having gained 5 over the previous 2 years.
By the time of the OOXML vote in September the number had more than doubled – and 22 new countries joined between April and the end of August, plus there were 11 new ‘P’ members.
The problem now is that none of the new ‘P’ members are bothering to vote – the last 3 ballots have failed because that 50% figure has not been hit. As Andy writes:
While I’m told that 90% of committee votes have achieved the necessary 50% return in the past, the current numbers tell a far different story: the three most recent (SC 34 N 870, SC 34 872 and SC 34 N 874) have all failed because of P member apathy. As I read the tallies at those links, only one recent P member responded to a single ballot, even after some ballots had been reissued for a second or even a third time. Had it not been necessary to include the new P members in the calculations, the second two votes would have passed (the first related to establishing a liaison relationship with another organization, and not a standard).
They haven’t even bothered to return an ‘abstain’ vote. This pretty much confirms that the only reason they could have joined the committee for was to vote “Yes (without comments)” on Microsofts OOXML proposal. 🙁
Andy then goes on to quote from the weekly memos of Secretariat Manager, Ken Holman, as in increasing desperation he tries to coax the new members into meeting their obligations and voting on ballots that are dieing from lack of interest. Here is the penultimate quote in the series to give you a flavour..
9/30/2007
You will see at that link that (as of Sunday evening) only 7 member bodies of our 38 participating members have actually submitted a ballot response….Since the recent influx of new P-members to SC 34, not a single ballot has been able to be processed…
It is critically important that P-members remember their obligations: if we do not get 20 responses per ballot, the work of SC 34 will grind to a halt….If you do not plan to participate in the work of SC 34, please consider changing your membership to Observer status. For those national bodies that joined in the interests of DIS 29500 Ecma 376 OOXML, remember that P-member/O-member status in SC 34 has no effect on attendance and voting at the Ballot Resolution Meeting being held in February. If this is your only interest, it would serve SC 34 well to change your membership status to O-member.
One wonders if they will suddenly spring back into life when Microsofts XPS standard arrives there.
Microsoft – put up or shut up
for the appropriate fee Novell customers also get essentially the right to use our patented intellectual property. And I think it’s great the way Novell stepped up to kind of say intellectual property matters. People use Red hat, at least with respect to *our* intellectual property in a sense have an obligation to eventually compensate us.
Now, Mr Balmer, precisely what “patented intellectual property” are you talking about here ? Please be specific, patent numbers would be very handy..
Or are you just trying on a shakedown with vague threats to see what easy protection money may come your way now that Vista and Office 2007 aren’t selling so well ?
Thanks Novell, for nothing..
Emerging Linux Filesystems talk – LUV October meeting – 2nd October 2007
Recently LinuxWorld commissioned me to write an article on Emerging Linux Filesystems (the formatting is a bit different from the original I sent, but the slideshow of graphs now works) and have kindly given me permission to present a talk based on my work at the October Linux Users of Victoria (LUV) meeting.
So if you can make it you can hear about my experiences with ChunkFS, btrfs, NILFS, ext4, Reiser4 and ZFS/FUSE, as well as with ZFS under OpenSolaris (in this case Nexenta).
I’d also like to thank Dragan at Xenon Systems for the loan of a shiny, Linux friendly, test system!