Older blog entries for metaur (starting at number 63)

5 Apr 2011 (updated 13 Dec 2011 at 13:07 UTC) »
yeah!
nr: ola wikander - i döda språks sällskap
there is no open-source equivalent of powermta, so someone should write one
</blog>
5 Jan 2008 (updated 7 Jan 2008 at 02:16 UTC) »

Here is a little status report, for those who wonder where I went off to. I have worked at Secunia for a year and two months so far, and I have done tasks that hopefully were helpful to my beloved open source community:

  • wrote hundreds of security advisories (many of them for open-source applications)
  • performed my own security research and found vulnerabilities in evolution, sylpheed/sylpheed-claws/claws mail, vim and others

Recently I have visited The 24th Chaos Communication Congress (24C3) in Berlin, I have seen other things in Berlin for a few days, I have read non-fiction books about astronomy and the history of ideas, and listened to popular music performed by Friday Bridge and Evert Taube (which is nice to indulge in, since those fields of endeavour basically are my interests with some room for variation). After returning from Berlin, I have a really horrible cold (which is not one of my bigger interests).

Ulf kan läsa

"Hell is other people." -- Jean-Paul Sartre

ELOG Multiple Vulnerabilities (my last security audit for Debian)
two new GnuPG vulns (found by other people), so make sure that you upgrade
$NEWJOB is good but takes most of my energy, some edits for Wikitravel though
Malmö is nice because it's different from Stockholm or Linköping
Hesse's "Steppenwolf" seems like a good and true novel so far

</blog>

15 Oct 2006 (updated 22 Oct 2006 at 07:36 UTC) »
7 Aug 2006 (updated 20 Jul 2008 at 21:41 UTC) »
osiris format string bugs ( s + f + nvd ) remote vulnerabilities in security-improving server, popular enough to have half a book written about it
old freshclam bug updated in Mac OS X + there is a US-CERT Vulnerability Note about it
Browser Fun (by HD Moore), Microsoft Excel fun (by lots of people) -- isn't it great how the security of really critical programs used by many millions of people world-wide daily suck horribly?
gimme gimme gimme the style police

Tokyo highlights: (I'm not going to write any descriptions, because I'm really not a travel writer, but these places and activities are heartily recommended)
Tokyo Metropolitan Government Office and nearby buildings - Fuji Television Japan Broadcast Center observatory (great architecture) - eating very fresh sushi in a restaurant next to Tsukiji Central Fish Market - Golden Gai - Ueno-koen with its various museums and a zoo - a live show in Roppongi with Piana and other artists (found here) - a live show in Shibuya with YMCK and other bands (found there as well) - Senso-ji and Asakusa-jinja - Love Hotel Hill - Takeshita st. and Harajuku st. - Design Festa - Roppongi Hills - Shibuya - Yoyogi-koen - National Museum of Emerging Science and Innovation - Imperial Palace East Garden - Yasukuni-jinja - Sony Building - Piss Alley - Akihabara (somewhat overrated) - and much more.
Kyoto: Nanzen-ji - Nijo-jo - Kyoto train station (huge and modern).

[CENSORSHIP] x2 :: (Re: Raf Coney. imtiredofsingingtroublelordhowlonghowlongmustwesingthissong. DECONSTRUCT.ME)

8 May 2006 (updated 10 May 2006 at 18:54 UTC) »

Buffer overflow in ClamAV's freshclam client (Securityfocus || ClamAV || Heise)
Not security related overflows in RRDtool (1, 2) and SoX (again)
Securiteam and OSVDB :: readable blogs about computer security

I've been playing around with ancient version control programs like SCCS (in the form of GNU CSSC) and RCS, and it's interesting to note how many of the not-so-obvious but still important features were present that early on. Do the current version control systems suffer slightly from creeping featurism? Discuss among yourselves. Rhetorical question - answer within.

The song "Laughter" by The Fine Arts Showcase is really, really beautiful.

Apart from that, I've mostly been carrying my briefcase to the office.

cURL 7.15.0, 7.15.1, 7.15.2 (SSAG#001) s + f
Helsinki ( Kiasma - Fazer Café - Stockmann - Tavastia/Semifinal - architecture - design ) -- might sound shallow but that's part of who I am
metamail again and again
Johnny Cash - Astrud Gilberto - The Ramones (taken over someone's record collection) - italodisco
full sentences = evil

I haven't done very much free software work since last time either. I did find some buffer overflow bugs in webalizer, but they are only bugs - no vulnerabilities.

There was a new announcement about the architectures in Debian etch. It will be interesting to see how things finally turn out.

I forgot to write about it earlier, but the US-CERT published a vulnerability note about my old bugs in unace, after the same guy at Secunia Research found about six other products that were affected by the bugs as they incorporated the unace code. The Secunia guy is obviously my biggest fan, and I'll send him a signed photo real soon..

I've almost finished reading Beijing Doll, which I bought in Minneapolis last summer. It's OK but nothing special. I suppose being a punk rock rebel is more of a new idea in China than here in Europe. She'll probably write something better later on, though.

Apart from that, I've mostly been working and celebrating Christmas.

I'm getting very bored of writing here, so I probably won't update this diary very often in the future. Many thanks to those who rated, voted for and e-mailed me about it! It's nice to know that some people appreciate my work for the free/open source software community.

Happy new year,
Ulf

OK, so you're a rocket scientist

I haven't worked on any big Linux project recently. However, I submitted some bugs and patches to spamassassin, and I've found a buffer overflow vulnerability in unalz when it extracts ALZ archives. I haven't seen many of those archives, but I like being thorough and check all programs in a category and not just the most popular ones. The unalz bug got average grades from the security reviewing office workers (none of whom could write a simple C program to save their lives).

In more exciting news, Drupal has started using an HTML filtering library based on my kses library.

I've mostly been busy with my day job. I really like it, as I get to code networking applications which I find much more exciting than web publishing systems and as the tasks are more challenging than in other companies.

That don't impress me much

As I'm now gainfully employed, you can't write to me at my @student.uu.se e-mail address anymore. You have to use the one at my person page here at Advogato.

"You keep hangin' 'round me / And I'm not so glad you found me / You're still doing things that I gave up years ago"
-- Lou Reed

The new Ladytron record was a disappointment! They have changed their style quite a bit and started playing overblown alternative rock with bad melodies and a slick production that may or may not have anything to do with having signed to a big record label recently. It's OK and everything but it's much worse than the other two albums.

The new alternative comic album by the Swede Mats Jonsson is also a departure - much darker, less humour, different subject matter, less stuff that I could relate to - but I quite liked it, especially the "being scared out in the woods" part.

Computer security for laymen

A race condition is what occurs when you leave the washing room, enter the pitch black corridor, and the monsters manage to catch you before you reach the light button (which of course destroys all monsters just milliseconds before turning on the light).

54 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!