Category: IT

i thought whitfield diffie would give a presentation packed with cryptography theory. surprisingly (and slightly disappointing) there wasn’t any at all. instead he gave an overview of the emergence of cryptography, finishing with an outlook. the three key challenges in tomorrow’s cryptography research according to diffie (don’t cite this – it’s based on my memory, not speech recordings):

1. configuration control [dm: clear definition of a device’s configuration/state]
2. automated computer-to-computer economy [dm: think of web services, distributed systems, automated negotiation and (sub-)contracting]
3. trusted computing [dm: think of “tcpa” etc.]

and it’s all about “who will control information society” in the future (am i the only one who heard a gentle criticism here?).. not very exciting insights actually (most people probably knew this before already). seeing whitfield diffie (i’d call him a “living crypto legend”) in person (wearing long white hair and a beard – a bit like mage gandalf ;) was an impressing experience however.

openssh < v3.7 is vulnerable. nice to know that this server has buffer-overflow protection ;)

the gentoo devs will soon release an updated openssh ebuild.

hm.. i wonder whether i should upgrade to kernel 2.6.0-test5 to get some better performance as well :)

[update 20030917: the first patch doesn’t fix it yet, thus update openssh to v3.7.1. “once again” also applies to windows. both won’t be the last vulnerabilities of their kinds for sure..]

not new, but only few people seem to know of this useful device:

pegasus pc notetaker

filling the gap between a classic notebook and a tabletpc. the pen movement recognition is amazingly accurate and reliable (i’ve seen a demonstration a while ago).

unfortunately, i don’t know where to buy it (preferably in switzerland). anybody?

[update: it’s available at conrad.ch]

this new microsoft mouse with a cover made of leatherette looks like a very cool device. true “design follows function”, if you want. features:

– tilt-wheel
– no more rattling noise when scrolling :)
– ergonomic leatherette cover
– wireless (though not bluetooth-based)
– 5 buttons

gotta get it :) i just wonder why i can’t find it listed on the ms homepage yet :( it isn’t this one, is it?

linuxtag at the migros klubschule. september 17 is fully booked, but registration is open for another linuxtag held on october 31.

(explanation: the migros klubschule is probably the most mainstream [and also the largest and broadest?] education and further education institute in switzerland)

i’ve set up a “watchdog” to watch http://people.redhat.com/mingo/ using a cron script i’ve written a while ago. it checks ingo’s patch site for changes once per day and notifies me by email about updated patches. like this, i can better follow the changes and keep my kernel current (always using ingo’s latest patches).

actually i could easily further automate the thing. it wouldn’t be difficult to write a script that checks if there are any new patches, if so, automatically downloads them, reverts similar earlier patches (in the right order), applies the new patches (in the right order), configures and compiles the kernel, if successful installs it and reboots the box. hmm.. perhaps i’ll do this later. would need to take special care about potential security issues (ingo doesn’t sign his patches yet).

the current watchdog script would also be suitable to minutely watch and track even minor changes on e.g. blogs (remember recent disputes about dave winer’s blog being tracked closely). of course i’m not big brother, so i won’t do this anyway (i wouldn’t want my blog to be watched that precisely myself as i often publish temp/unfinished entries i might want to remove, correct or finish later).

regarding the script: yes, push would be better than pull, but automated pull is at least better than manual pull. currently, it’s basically a faked push service (change/time-triggered e-mail msg) which could be made almost as accurate as a real push service by decreasing the interval at which the sites are watched. effectively transforming pull to push.. and generating page hits like crazy.. gee, darn numlock.ch-effect ddos’ing ;)

* a premiere: this early morning, i’ve made a linux kernel patch for the first time (not counting mixing/editing others’ kernel patches etc. ;) as ingo asked me to fix the minor devfs issues with his exec-shield patch myself. admittely it’s a very tiny one and i probably couldn’t have done it if ingo didn’t tell me it was a matter of changed field names only. nevertheless it was a very cool experience. dealing with the kernel is just magic :) the funky thing is that i’ve done this all on the box which has just served you this page – i bet nobody noticed anything of me compiling kernels in the background :) currently i’m running 2.4.22-ac1 with exec-shield-2.4.22-ac1-nptl-D4. i will merge in new patches as available.. need to get some more kernel books and stuff.

* i’ve just learned that toshiba is selling now an all-in-one wlan hotspot box built on gentoo. brave move. i wonder how they circumvent gentoo’s rare but still existing and sometimes very annoying quality assurance troubles (critical bugs, blockers and such). a year ago, i’ve been thinking about an all-in-one-barebone with pre-installed gentoo too, but for soho use only (file repository, application server, mail server, dbms, router, fw etc.). later i’ve bought my current lex barebone to do some prototyping. all in all i think gentoo would be suitable for such a thing, if there just weren’t these darn qa issues gentoo struggles with. regarding the hw, i probably wouldn’t use a lex barebone. as an advantage it has a small price tag, but the two fatal hard disk failures (two different brands) i’ve experienced so far (within about 9 months) make me conclude that the lex engineers probably didn’t test their product thoroughly (both hdd died of overheating). for me it’s not that much of a problem (living at the bleeding edge i’m almost used to failures), but for shipping it to customers it’s way too risky and costly.

my main workstation’s “soundblaster live! 5.1 digital” sound card seems to have stopped working a couple of days ago (don’t know why). the “funny” thing about it: whereas linux simply “disables” the sound device, windows (xp prof) “disables” the device but nevertheless freezes after about 5 minutes from boot-up (that’s a reproducible behaviour). there isn’t even a bsod, just “ice age” forever. my wild guess: could be an uncaught kernel counter overflow or sth similar. however, it might just as well be an unrelated problem of course (though i hope it is related in fact). hardware failures are keeping me pretty busy lately.. let’s see what happens if i remove/replace the sound card..

[update: after removing the sound card, windows stability probs disappeared. now i’ve taken a close look at the card and as i couldn’t find any evidence of a short-circuit (braised conducting paths are pretty easy to detect), i’ve reinstalled it. believe it or not: *drum-roll* the card is recognized again and all the woes have gone :) might just have been a loose connection..]

tried to apply ingo molnar’s exec shield patch to 2.4.22 vanilla sources but there were 3 (minor) rejects. i hope ingo is still maintaining his patch as i don’t want to miss it anymore (“put an end to your nightmares, get general buffer overflow protection for your server” ;).

reminds me that i actually should

* update some apps on this box
* eventually migrate all the old log entries and try to regain those i lost due to the hdd breakdown

the second task needs to wait, i guess ;)

meanwhile, .GNU has started teething. i wonder how much ms paid for system.windows.forms ;) most of you probably agree that regarding development costs, oss will always win those battles (note the pun, heh ;)

[update 20030828@02:30am: ingo has just sent me a recent version of his exec shield patch (exec-shield-2.4.21-cambridge-D2) which according to him should apply to most 2.4.22 kernels. of course i’ve instantly tried it with a 2.4.22 vanilla kernel – unfortunately there are 11 rejects. hearing he will do a 2.4.22 port soon is excellent news however.. many thanks to ingo for his efforts and this kind and obliging response!]

unlike google, feedster doesn’t care about robots.txt policy files at all (i’ve forbidden indexing of /news, yet it did). netiquette doesn’t seem to count anymore.

the question that arises is whether this is

a) the result of missing (oldschool) experts in feedster’s dev team(?) or
b) intention

i am close to stop blogging under such conditions. notification of central changelogs such as blo.gs is ok (it happens knowingly and actively), but i don’t want my random thoughts be spilled all over the net.