Search Results: "Andres Salomon"
21 December 2005
I don’t think I’ve been really, truly happy for the past 4 or so months. Funny how a book like American Psycho reminds me of this fact.
I need to do something about this.
18 December 2005
Last week at some point, I was looking for things that allowed usage of jabber with voip and/or video conferencing. I couldn’t find anything in the JEPs, or any of the other jabber-related specs, so I ended up researching SIP and H.323.
Jose’s blog entry
caught my eye; it looks like these were published a few days after I was looking for them. Very cool. I’ll definitely have to spend some time next week reading through them.
15 December 2005
h01ger thought that maybe I should clarify a few points in my blog. Well sure, I can do that.
First of all, I think Joey does great security work. I am not attacking him for this.
Second, I think Joey does a great job with Debian in general.
However, I think he’s seriously harming Debian by not opening up and organizing the security infrastructure, and this is where my problem lies. I hope I’m getting this point across. There have been a number of attempts to revise the infrastructure and organization; a meeting in Oldenburg, where the testing-security crew attempted to get Joey to use their work; proposal(s?) by the DPL; AJ is now working on security queue stuff. I really do hope that Joey decides to work w/ AJ (or any of the other people who’ve suggested different ways to handle Debian security), for the sake of Debian.
Joey keeps looking for additional manpower, and gets frustrated when people don’t contribute. Well, as someone who has attempted to contribute, and has seen others attempt to contribute, we get frustrated when our contributions are ignored (in the case of the kernel security update, the i386 and source packages apparently sat around for 4 months). Maybe if all this happened in the open, instead of amongst private emails (that often times go unanswered because Joey is busy), people might not get discouraged, and will continue contributing.
I personally don’t think anything has been solved, and unless Joey is actively working w/ Branden or AJ in private, I don’t see any progress towards solving a problem that will require openness, organization, and trust. Manpower can follow after that.
14 December 2005
Hopefully it doesn’t take another 6 months to see the next update. Congrats to Horms, Dannf, and others who had the patience that I didn’t to see this through.
Maybe someday we’ll even see a security team revamp…
[edit: impressive changelog:
* Build against kernel-tree-2.4.27-10sarge1. (Simon Horman)
— Simon Horman <firstname.lastname@example.org> Wed, 17 Aug 2005 17:13:01 +0900
Is this really the same exact kernel that the kernel team released in august?]
11 December 2005
It amuses me that people are arguing with others about whether Debian “delivers” what it promises its users. Sarge was released on June 6, 2005. Since then, there have been exactly 0 kernel security updates for it. Meanwhile, Ubuntu has managed to release 7 kernel security updates in that timeframe (USN-137-1, USN-143-1, USN-169-1, USN-178-1, USN-187-1, USN-199-1, and USN-219-1). Each one of those fixes at least two or more real vulnerabilities (some fixing as many as ten!).
So here we are, 6 months after the release of Sarge, and we’re not fulfilling our promise of a distribution that lacks known security holes. Furthermore, talks with our Security Team (which is, as far as anyone can tell, one active person) have gotten us nowhere; the DPL himself has attempted to do so, and was told that a kernel update is “in progress”. The sad part of this is the fact that the Security Team thinks there is no problem; once a kernel update is complete, everything will be OK.
The lack of a kernel updates is merely a symptom of larger problems within Debian; key people do not scale, work in a closed manner, and are not willing to delegate responsibility. Meanwhile, the Testing-Security Team has managed to provide a wonderful example of how a security team could work, in many instances beating the stable Security Team to release fixes.
I could go into how much fun it was for me to wait 10 months to get DAM approval in the NM queue, how I’m being forced to run Ubuntu on a server because Debian still hasn’t gotten its act together with respect to AMD64, and other such things, but it all comes down to the same core problem.
4 December 2005
29 November 2005
If you’re going to bitch about a stupid internetism, using another stupid internetism to do so (I refer to the plzdiekthx
bit here) does not help matters any.
Thank you, please drive through.
And while googling for more information, I happened upon this page
. My favorite quote is, “The encryption algorithm used in the TI DST tags is an unpublished, proprietary cipher that uses a 40-bit key.” Ah yes, 2005 and we still haven’t learned what makes for good crypto.
I received a new Debit/ATM card in the mail the other day. I didn’t think anything of it, until I looked at my old card; it wasn’t due to expire for another 2 years. Ok, that’s odd. I looked closely at the new card, and it said “PayPass” on it. I looked closer at the packaging that arrived with it, and discovered what this PayPass thing was.
“…Debit MasterCard Card with PayPass has built-in chip and antenna technology, as well as a standard magnetic stripe. The card and specially-equipped PayPass terminals communicate payment card details using very short range radio waves.”
At this point (and at the risk of being compared w/ RMS), I started to feel uneasy. So this new card has an RFID chip? That means I don’t actually need to swipe it, I can “pay” by just being in range of a reader? Wait a minute, this is a Debit card; that means I’m not afforded the protections that a normal credit card offers. If someone manages to swipe $200 from me simply by walking close to me, that comes right out of my bank account; I can’t just do a chargeback. That’s money that gets stuck in limbo while I argue w/ the bank about my lost funds. As a matter of fact, I don’t even *need* a Debit card; all I really use this for is an ATM card, I have credit cards for actually paying for things.
Some googling turned up the actual range:
“The PayPass card’s embedded tag operates at 13.56 MHz and has a short read range of 2 to 3 centimeters.”
So, it looks like someone would have to be very close to read it, but it certainly seems to be a real possibility.
Grr. I doubt there’s any way to turn this off. This is actually kind of scary. I had planned to cancel this bank account soon anyways, but this is simply more motivation to do so. Hopefully my new bank doesn’t consider this a good idea.
26 November 2005
cracked me up; specifically, two lines of it.
“‘The agreement signed today will defend Somalia’s territorial waters, defeat the pirates and put an end to the illegal fishing and poaching of our precious natural marine resources,’ Prime Minister Mohamed Ali Gedi said.”
“Defeat the pirates” sounds like something out of a video game or cartoon. That could’ve just as easily been about killing Shredder
, defeating the Foot Clan, and saving April O’Neil
“‘We will end the piracy very quickly, there is no question about that,’ said Mr Casini.”
is clearly the answer that the RIAA
have been looking for!
25 November 2005
When you log into WordPress, it brings you to the Dashboard by default, which begins with a WordPress Development Blog.
The latest entry header is:
“Don?t Panic! WordPress Is Secure 17 days ago”
Yeah, I feel safe; php code especially makes me feel warm and fuzzy. Where did that apostrophe go, anyways?
<Clint> you just wait until you’re infested with mp3s
<dilinger> i wear my mp3 collar
<dilinger> it has my name and phone number engraved on it, too. in case i get lost.
<Clint> have you had your shots?
<dilinger> yes. i’ve been spayed and/or neutered, too. i highly recommend it; it was an enlightening experience
<Clint> you should blog about that
24 November 2005
For those of you who aren’t familiar w/ U.S. holidays, Thanksgiving is a one where people get together to celebrate the destruction of the Native Americans (much like Columbus Day), and to give “thanks” (in the form of prayer, typically) for the things we’ve been given. Realistically, it means families get together for a large turkey dinner, sometimes offer some form of gratitude to the deity (or deities) they believe in, and then go back to their privileged lives.
Last year for Thanksgiving, I spent it alone. It was the best Thanksgiving I’ve ever had. My mom was working and my roommates were off with their families, so I just hung out at home. I woke up early in the afternoon, went to the store, bought a small turkey and misc other ingredients. Upon returning home, I proceeded to cook myself a small feast, eat, and then watched some cartoons. No stress, no planning, my dinner turned out very nicely (I prefer to cook food myself, that way I can control the taste), and no awkward family conversations with people that you haven’t seen in a year, and have no desire to see for another year.
Yeah, I sure missed that this year.
23 November 2005
From what I’ve seen, they’re neat little machines.
22 November 2005
According to this page
, my blog
is worth $2,822.70
. Now, I have no idea what metric they use to determine that, but that’s not really important.
What is important is that you freeloaders start paying up.
For far too long, I’ve put my blood and sweat into producing this fine verbiage, without any sort of compensation for my labor. As we all know, if humans aren’t compensated for their art (and trust me, this blog is pure art), they have absolutely no incentive to continue creating it
. So, I demand payment in return for my hard work, or Toby gets it
I hereby announce that this blog is for sale. Once purchased, you may claim ownership over any past and future ideas, anecdotes, and pictures presented on here. I will entertain the best offer.
I am such a whore.
For the humor impaired: yes, this is a joke.
20 November 2005
Oh man, this
is soooo cool! I wonder if there’s enough space for a proper hard drive in there?
I missed a bus to Boston by about 5 minutes on thursday (I seem to be doing that a lot lately), so I went up to 8th Ave to find some internet access. The coffee shop I entered was packed, so I sat down at an already occupied table. The guy sitting across from me was in a wheelchair, reading the newspaper.
After a few minutes of me typing away at my computer, and him reading his newspaper, he started up a conversation with me.
“So, I was just reading that they’re going to have a feature in DVRs that has a video camera that watches over your home.”
I have no idea why he thought I might know what a DVR is, or why he chose that topic. Maybe I just exude geek pheromones or something.
“Yeah, they want to be able to have you be able to see watch it over your cell phone. How’s that for security? Being able to monitor your home through your cell phone?”
“Ok, I guess…”
“I’d want that, it seems like an excellent idea.”
“Sure, but who else might be able to look into your home?”
“What do you mean?”
He seemed genuinely confused by my remark. I thought maybe he hadn’t heard me; I tend to mumble.
“Who else might have access to see your home?”
“Oh, I see. So if someone else gets access to your cell phone, they can watch?”
At this point he went off about cell phone IDs and PIN numbers. I cut in, “Well, yea, there’s that. But what about people with direct access to the video feed? People who work for the DVR company, and people who work for the cell phone companies. They’ll be able to watch the video. Not to mention people who manage to access the networks of these companies. If it’s in a DVR, is there a way to turn it off, or is it a video of your living room, 24 hours a day, 7 days a week?”
He pondered that for a minute, and responded with, “Yeah, I guess it’s a double edged-sword..”
He made a few more comments about the DVR and how he had never thought about it that way, but I had already started tuning him out. My work there was done; another happy citizen infected with my special brand of distrust and cynicism. Big Brother is unnecessary in a world where all the high-tech consumer garbage you buy comes equipped with built-in security flaws.
I’m hoping the next time I go there, I see him wearing a tin foil hat.
18 November 2005
Go to http://print.google.com
. Seach for Calvin & Hobbes.
Not only is it a little creepy just how much Bill Watterson influenced people, but the range of people which have read his work is astounding; the books listed are on quite random topics.
17 November 2005
. That second patch would fix an incredible amount of pain.
15 November 2005
The rattlesnake looked up at him and grinned, “You knew what I was when you picked me up.”