Vacation 1.2.7.0 beta 3 released

Posted on January 20, 2007 by Chris Samuel

Another quick release, this time changing the address parsing for From: and Reply-To: headers to use Eric Raymonds rfc822.c library from his Unix Cookbook and fetchmail rather than the old homebrew code which couldn’t parse many RFC2822 addresses. You can enable the old behaviour by compiling with the -DOLD compiler option (though you probably won’t want to).

It also fixes the bug that broke the -r option, there was a stray “:” in the getopt(3) call that meant it expected an (unnecessary) argument.

There’s a couple of trivial tweaks too.

Please report successful and unsuccessful uses!

Available here.

Vacation 1.2.7.0 beta 2 released

Posted on January 19, 2007 by Chris Samuel

This new beta may be more on the alpha side of beta as it includes a substantial number of changes to improve security. Rather than using the standard strcpy, strcat, etc it now uses the OpenBSD secure string handling functions strlcat and strlcpy and use of sprintf has been changed to snprintf to try and avoid possible buffer overruns. I’m not actually aware of any attacks but this is quite old code so you never know your luck.

I’ve also changed the implementation of the nsearch() function to use strcasestr() which makes it much simpler.

You can download the release from Sourceforge.

Please test and comment!

Continue reading →

Odd Spam Subject

Posted on January 15, 2007 by Chris Samuel

Today’s winner of the oddest spam subject competition is:

Fruitful Overflow Gods

The plumbing equivalent of animism ?

Intel Development Tools on Debian & Debian Derived Linux Distributions

Posted on January 14, 2007 by Chris Samuel

If you have an interest in being able to run the Intel developer tools (( the C & Fortran compilers, Vtune, etc )) under Debian or a Debian derived distribution such as Ubuntu then please sign up and make your views known on the Intel instigated poll on their forums, please!

At the moment they only support RPM based distributions (mainly RHEL and SLES) and whilst you can get the compilers going through some documented hacks getting Vtune to install is a real pain – the only way I’ve heard so far is this hack that involves having a machine running one of those distros to hand.

Intel make these tools available to people doing development on projects for no recompense (but be sure to read their FAQ on who does and doesn’t qualify).

Microsoft OpenXML – Patent Minefield

Posted on January 14, 2007 by Chris Samuel

Microsoft still don’t get open standards – their new OpenXML office file format is patent encumbered, but not in a way that is obvious. Sam Hiser has an interesting evaluation of the license for OpenXML and it appears that whilst MS do promise not to sue you for any patents that cover anything that is explicitly in the specification they do not do so for anything that you need to implement that specification.

We know of a great deal of Microsoft technology which does in fact contain patents and which lies outside the specification which would need to be implemented by such a 3rd-party for the formats to work. The Microsoft Office Open XML formats are therefore dependent upon a host of patented Microsoft technology.

In effect, this license means that if you are making a well-functioning, complete implementation of the Microsoft Office Open XML specification, then you are not covered by the “promise” in the License. In other words, Microsoft effectively prohibits you legally from making a complete and working implementation of its new formats in your software. If you do, you run the risk of being sued.

In other words, here is an open specification that you can only implement if you either (a) are willing to get sued, or (b) lucky enough not to live in a country that has stupid software patent laws..

The Perils of Writing Popular Software

Posted on January 13, 2007 by Chris Samuel

From the release notes for the (currently experimental) Postfix 2.4 snapshots:

Incompatible changes with Postfix snapshot 20060806
===================================================

Postfix no longer announces its name in delivery status notifications.
Users believe that Wietse provides a free help desk service that
solves all their email problems.

Oh dear, poor Wietse!

Did you know…

Posted on January 13, 2007 by Chris Samuel

…that the GDB debugger has its own song ?

(Via)

Upgraded to WordPress 2.0.6

Posted on January 6, 2007 by Chris Samuel

I’ve just upgraded to WordPress 2.0.6 as it has security fixes in it, so if you spot anything odd with the site please leave a comment and let me know!

If comments don’t work for you then you can always reach me by sending an email to chris at the domain csamuel.org. I’m really bad at replying to email though!

Script to Migrate Postnuke to WordPress 2

Posted on January 6, 2007 by Chris Samuel

Almost a year ago now (Jan 2006) I migrated my blog from PostNuke to WordPress and to do that I used a hacked version of Bryan’s PHP migration script (which I found here thanks to Rich Boakes), but I never got around to publishing my changes. 🙁

Changes applied:

Migrate PostNuke topics to WordPress categories
Update comment counts in the WordPress database
Update category counts in the WordPress database

Just had an email from someone asking about it, so I’ve decided to publish it now, so here is my hacked version of a Postnuke to WordPress Migration PHP Script.

It assumes a blank WordPress 2 install, and I last used it with WordPress 2.0.0 so caveat emptor!

Licensed under the GPLv2 (or later), as per the original.

Internet Explorer 2006 – 9 Months of Vulnerability

Posted on January 5, 2007 by Chris Samuel

If you use Internet Explorer (IE) on Windows it appears that you spent 9 months open to being hacked on your computer.

For a total 284 days in 2006 (or more than nine months out of the year), exploit code for known, unpatched critical flaws in pre-IE7 versions of the browser was publicly available on the Internet. Likewise, there were at least 98 days last year in which no software fixes from Microsoft were available to fix IE flaws that criminals were actively using to steal personal and financial data from users.

On the other side, Firefox had a single 9 day window of vulnerability to an exploit.

The Musings of Chris Samuel

Computers, science, archaeology and other random burblings

Category Archives: Computers