Older blog entries for ib (starting at number 5)

As sad and scary as those Sniper attacks in DC are, twice as many people die every day in the streets of Boston, LA or Detroid. Nobody gives a crap anymore. Why? Because they're poor? Because it's not a sniper-gun but a saturday night special drop-piece?


How can _anyone_ release software that is known to have security flaws. I'm not talking about the 'everything is insecure' paradigm, I am speaking about tangible, known, reported, fixable, exploits. Oracle and Microsoft seem to be prime candidates for a "truth in advertising" suit - but then, who'd want to argue the meaning of "secure" with their $1k/h lawyers.

I went over to Cupertino to meet an (here unnamed) friend of mine who spends his days being a security minion for a major DDM/data mining company. According to him, his company has found and communicated no less than nineteen root-level exploits in one of those huge database thingies, and not a single one has been fixed, despite active release cycles.

What's even worse - the company has communicated the flaws internally to its SEs and asked them to NOT discuss security other than by pointing at the official documentation, which a) claims 100% security, b) disclaims any responsibilities if a) is to be found incorrect.

Luckily enough, at least I am surrounded by Open Source. Not that there are less flaws and holes to be found here, but at least nobody will be able to lie about it for an extended period of time.

Which reminds me, I need to get back to that Oracle dude we had over here last week - he even had the guts to claim 9i was still unbreakable and there are no known exploits ever since the initial release.


Despite my aversion towards Paypal and its practices, I tried to pay my bucks for RubyConf and be done with it. Looks like I am banned from using it, but other than "we can't tell you why, but there's some block in the system" no information from Paypal itself. I guess it has something to do with me "slandering" them at SecCon last year...


Rodent comes alon nicely. rodent.pl now supports scanning for certifications, recentlog entries from people on a watch list, some standalone webserver functionality (coutesy of webrick) and the usual stuff.


Is good.


Will be back on Friday. Against my hopes, it's not totaled, so I'll have to drive it a few more years :)

19 Oct 2002 (updated 20 Oct 2002 at 01:11 UTC) »

Yesterday night, while Jill and I were moving boxes from the old to our new house, a guy on a bike rode spast, came to a screeching halt and started eyeing our garage, the house and us. Later we saw him again, some blocks down, surrounded by cop-cars and cops. Guess we won't get broken in tonight :)


First stab at rodent, an Advogato-XMLRPC method for Ruby.

  1: #!/usr/bin/env ruby
  3: require 'rodent'
  5: advog = Advogato.new
  7: advog.connect
  8: advog.my_uname = "ib"
 10: entries = advog.get_my_numentries.to_i
 12: 0.upto(entries-1) do | number |
 13:   entry = advog.get_my_entry(number)
 14:   printf( "\n-------------------[ entry #%i ] -----------------\n", number+1)
 15:   printf("%s\n\n", entry)
 16: end

Bill has posted an extensive and pretty informative list of things, Ruby newbies should know.

Why the f****, does that guy certify himself as master? Well, I don't really think I am one, but others seem to, and since I switched my account from jLoki to ib, I might as well carry that over.

I know, it's XAB to do this, but jLoki is some period in my past, I'd rather not deal with any more than I have to, and since I use ib everywhere but here, I decided to switch.

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!