Bastien mentioned the Chromium OS xorg.conf file, which includes an irritating wart - namely, Option "SHMConfig" "on". This tells the Synaptics touchpad driver to export its configuration data to a shared memory region which is accessible to any user on the system. The reason for this is that in the past, there was no good way for configuration information to be passed to input drivers through the X server at runtime. This got fixed with the advent of X input properties, and synaptics can now be configured sensibly over the X protocol.

But why was it off by default? Because, as I said, the configuration data is exported to a shared memory region which is accessible to any user on the system. And while it contains a bunch of information that's not terribly interesting (an attacker being able to disable my touchpad or turn on two finger emulation may be a DoS of sorts, but...), it also contains some values that are used to scale the input coordinates. Which means that anyone with access to the SHM region can effectively take control of your mouse. The current position is exported too, so they can also track all of your mouse input.

Now, this isn't stunningly bad. The attacker can only do this while you're touching the pad. You'll see everything that happens as a result. There's no way to fake keyboard input. They need to be running code as another user on the system - if they're running as the logged in user then they can already do all of this. And for a device as single-user as Google seem to be looking at, it's obviously not a concern at all.

But there's still plenty of places on the web suggesting that you enable SHMConfig, and various distributions that ship with it turned on (Ubuntu on the Dell mini used to, but got turned off after I contacted them about it). It's absolutely fine to do this as long as you're aware of the security implications of it, but otherwise please use X input properties instead.

Saturday

Arrive at Heathrow. Richard gets to be my special lounge buddy - we later discover Bastien sitting outside looking like a lost puppy. Flight is delayed by a mere hour, so we get to the hotel with little trouble and check in. Dinner with Luis and co on pillows on the street. This becomes a recurring theme. Drinking is involved. This also becomes a recurring theme. People complain about my shortcut finding skills.

Sunday

See beautiful things. Thankful to finally get to see buildings older than my old college. Dinner under some bridge with Red Hat folks where we discover the joys of the "special price". People once more complain about my shortcut finding skills. Suspect pillows are involved, but hazy recollections.

Monday

Arrive at the university by taxi. More to the point, arrive at the university by taxi without taking a 30km detour. Dinner with Canonical people, then a party in some overpriced bar on the top of a very big hill. Discover that taxi drivers in Istanbul either have no fucking clue where anything in the entire world is, or that driving tourists to bizarre locations is a national pastime. Avoid this fate and arrive home at something like 4AM.

Tuesday

Corporate whoring continues with dinner with Collabora people (delayed by two and a half hours because Christian values getting sweaty with other men over eating, or something), followed by more drinks on the pillows. Am vindicated when it turns out that my route back to the hotel would in fact be the shortest possible route back if people didn't keep insisting on making random left turns when we're almost there.

Wednesday

Fascinating (and increasingly drunken) discussion of the neurobiological aspects of colour spaces with Pippin precedes drinks on the roof of the university. Narrowly prevent Luis' attempt to leave the foundation open to flagrant copyright violation suits. More pillows.

Thursday

Wake up with a twisted ankle and a broken laptop. I had a good birthday, it seems. Collabora host a party on a boat. Miraculously, nobody falls off the boat. We head back to the pillows while others trudge up the hill to Taksim. Aaron wins the inaugural Aaron Bockover award for services to the GNOME community.

Friday

Dinner with Novell, demonstrating my even-handedness when it comes to accepting corporate favours. Miguel reveals his true nature as a Microsoft shill by admitting to owning an XBox. I advise him to raise his free software credentials by getting a Freerunner - as a bonus it'll crash whenever anyone tries to call him, preventing Microsoft from whispering more sweet nothings in his ear. A foolproof plan. Party paid for by Google. Ear bleedingly loud. Some drinking involved. Return to bizarro deviant pillows where we are treated to the spectacle of child labour. Spend some time wondering why Planet Fedora is discussing upskirt photos and decide that hating the entire human race is probably the best option.

Saturday

Turns out that while the Grand Bazaar is effectively just a shopping centre, it's a fucking giant shopping centre that sells nothing I can find any excuse to want. Wander over to Asia for dinner. Conversation with Lennart about using cgroups as a mechanism for providing application latency requirements and how the current lack of standardisation of mountpoints and exposure of irritating implementation details makes it almost impossible to use them for anything. Fascinating diversion into how to deal with getting a SIGBUS when your mmap()ed soundcard gets hotswapped, including deciding that the easiest way of getting a reliable indication of your current process maps is by, erm, parsing /proc/self/maps. Final pillows trip. Emotional farewells (by which I mean more drinking)

Sunday

Airport. Plane. Train. Home. Transfer hard drive into laptop with working screen. Discover that productivity not actually enhanced by having more than a 300x200 pixel area of functionality. Decide to write libelous article about previous week instead.

hadess asks:

You are in a mall when zombies attack. You have:

1. One weapon
2. One song blasting on the speakers
3. One famous person to fight along side you.

Rock and roll :

1. A chainsaw babe!
2. Disturbed Get down with the sickness
3. Denise Richards

Everyone knows IRC is a very useful resource. Today, #gnome-hackers had the basic tips to survive GUADEC moment.

16:23 <@davyd> you can then teach us how to order drinks
16:23 <@davyd> because I can't speak spanish
16:23 < miguel> They dont speak spanish in that down Davyd
16:23 < miguel> They speak Catalan
16:24 < miguel> Which is sort of Spanish - arabic words + a little bit of
                french thrown in
16:24 < jdub> estic cercant els meus pantalons!
16:24 < Ankh> I always thought catalan was a network file access thing
16:24 < hadess> davyd: they seem to prefer somebody speaking english than
                somebody speaking castillan ;)
16:24 < miguel> I know how to order coffee
16:24 < miguel> cafe am llet

Upgrading a BIOS in Linux is not usually an easy task, and it is even more difficult if you don't have a floppy drive, as it happens in a modern laptop. Today, I have just read in Bastian Nocera's blog about memdisk, which can be used from grub. Seems a nice tool to test in the next upgrade.