Older blog entries for mjcox (starting at number 123)

USB Power

I recently picked up a USB "charge anywhere" kit for the iPAQ; it's got a mains adapter with multiple plugs for UK/US/etc with a single little USB socket, and a USB charger lead. It also came with a car ligher adapter which gives a nice regulated 5v to a USB socket. I've already got a USB charger lead for my phone, and I just built one for my bluetooth GPS and it really cuts down on the number of chargers and leads to lug around when travelling. I wonder how long it will be before cars come with little USB sockets to charge and power goodies instead of ligher sockets? Of course all these gadgets violate the USB spec which says that you should only get 100mA unless you've negotiated with the hub for more (500mA). I guess adding the components to regulate and switch power to USB sockets isn't worth the expense or space to most designers, so all those USB lights and fans will probably keep working.

TomTom Navigator vs Mapopolis

I've been using TomTom Navigator 3 with a bluetooth GPS receiver around Scotland and it's been doing a pretty impressive job. Except it once wanted to take me off a motorway by using the private service exits for a service station. And today it sent us the wrong way up a wrong way street. Travelling to the US next week but couldn't get the TomTom add-on maps in the UK, so I ended up buying Mapopolis for about $99 that I could download online, and as well as the US maps downloaded Scotland too for comparison. Mapopolis isn't as polished a product as TomTom by far but it's technically more superiour - it knows the names of the roads and attempts to speak them

TomTom: After 300 yards turn right
Mapopolis: In 300 yards turn right into Cathedral Street. Cathedral Street is next on your right

If you want to drive and not look down, Mapopolis wins as it tells you exit numbers, road names, and so on. But for clarity TomTom wins as they supply really high quality audio for the small selection of possible words; Mapopolis has a primitive speech engine. Anyway I'm going to be driving in Boston with Mapopolis so it'll be interesting to see how it deals with all the buildings and new road layouts. I suspect i'll get used to it telling me to "turn around when possible".

Bling Blong

I'm fed up of keep missing the postman when he rings the doorbell and we don't hear it as we're in the kitchen or have the music on. It's one of those HA things I've never got around to - in my first student house 10 years ago the first thing we did was to hook the doorbell up to our shared-house Novell server (called Malawi since it lived inside a wood box with that label) so that it popped up on everyones computer when someone was at the door (and being students we'd just all just sit there and ignore it, perhaps sending popup messages to each other to find someone who would go answer it).

I use one of these RF doorbells (Friedland Libra) and picked up a identical spare unit from Ebay for 8 pounds. I made sure to get a battery one not one that plugs directly into the mains as they don't bother using a transformer to step down the voltage, so interfacing to it is more risky. Inside is a RF circuit and a PIC microprocessor and, fortunately, one of the output pins acts as a mute for the sound circuit. So one pin is high around 3v and is pulled low for a couple of seconds as the doorbell rings). I hooked this to a 3-pin DS2406, a one-wire device from Maxim that can monitor a single IO pin (a high is 2.2v or greater) and report on the status (and if there have been any transitions since you last spoke to it). These things are mad, a tiny package the size of a transistor with internal processor, 1Kb of EEPROM and an unique id. Pretty reliable too, one has been monitoring the heating system for the last couple of years. So one device, four wires, and now a Jabber bot announces within about a second when there is someone at the door. All for about 10 pounds of parts and an hours work.

Looking in all the wrong places

I went Geocaching again this weekend. One of the things I love about Geocaching is that it takes us to places we never knew existed, but are well worth exploring. An amazing short walk up past some waterfalls near Ayr took us to a rock, behind which, stuffed into a crevice, was the usual black bag containing the plastic box of swaps. The place wasn't deserted, near the cache were several discarded beer cans, but yet this box has sat in the hole for over a year without being disturbed by any of the thousands of visitors. No one has found it because no one was looking for it. Knowing there is a hidden box within a 10 or 20 metre radius it's then quite easy to find. You have an idea what you're looking for, and you have the knowledge that something is there to find.

As I thought about this on the walk back to the car, I was reminded of a conversation I had with a security researcher on Friday. We were discussing an upcoming serious vulnerability that he found this week in a common library. This issue is under embargo, to give the vendors and upstream authors a few days to prepare updates. But not only is the actual flaw confidential, but the fact that there is a flaw in this library is also confidential. Just like the cache which is hidden under your nose, if you know that there is a security flaw in some named library, even if you don't really know what it is or where it is, you know that if you search hard enough it has to be there somewhere.

So continuing the dual-head experiment I went and bought a USB mouse from PCWorld today. My new Microsoft USB mouse works better with Fedora Core 2 than Windows XP, which I find quite amusing. So now I can use the keyboard and mouse under the second display as well as the first, just by switching a single USB cable. I wanted to buy a KVM but no local shops had any USB versions. Anyway, the mouse that felt the nicest was this optical Microsoft USB mouse, and for under 20 pounds. Plugged the mouse into the hub built into the USB keyboard which was plugged into my Fedora 2 laptop. Immediately it was recognised, configured, and "just worked" at the same time as all the other pointing devices (the laptop has two and my USB keyboard has a mouse stick thing too). Time to make sure that the new mouse worked when I switched the keyboard over to my Windows XP machine. Well, I plugged it in and waited a bit, and waited. After a while Windows seemed to decide it was going to try and configure this new device, popped up a little window, copied some files around, and then the mouse worked. Amazingly when booting XP I can't move the pointer until some point when XP decides to configure the mouse. XP has a similar problem with my USB keyboard, refusing to let me push a key to abort a disk check if the system needs one at startup.

19 Jul 2004 (updated 19 Jul 2004 at 18:19 UTC) »

The last couple of months have been quite busy and any spare time I've been using to go Geocaching. Only up to 8 finds so far, but I'm picking locations that sound interesting and worth visiting. Scottish Geocaches have some pretty amazing scenery and they've taken me to all sorts of places I'd never think of visting. So it took until today to finally getting around to configuring the T41 laptop the way I wanted to. It's running Fedora Core 2 and I figured it was time to use a dual-head so I'm not stuck at 1024x768 forever when theres a perfectly good 22" CRT next to me. "system-config-xfree86" had it working immediately; with just a manual tweak needed to XF86Config so the second screen was at 1280x1024. To complete the setup I plugged the USB IBM Trackpoint keypad into the laptop and it configured itself, set itself up, and now moving any of the trackerpoint mice moves the pointer, typing on any keyboard just works. What I've been putting off for the last two months took less time than typing this entry, I love it when that happens. Meanwhile, trying to get a bluetooth USB dongle working so I can just simply send and receive SMS via Fedora Core 2 is one of those more impossible missions that just sucks up time.

I was away for a few days to go to Red Hat HQ - the whole thing felt like an episode of 24, trying to fill every minute with some activity or other. Only Jack Bauer doesn't have to wait for an hour for an Airport shuttle to the hotel; or a five minute queue for the gents toilets. Those would be pretty unexciting episodes. Fortunately everything went to plan and on the last day was able to fit in exchanging my laptop (from an old Dell to a new IBM T41), doing two interviews, attending various sessions, receiving a long-service award, packing, and making it to the airport with time to spare.

Anyway, I normally put on a ton of weight when I visit the US so I weighed myself before and after my trip. I actually ended up losing 5 lbs because the food was dreadful and we didn't have time to go get alternatives. Fortunately I'd taken a gift of English chocolate for a friend and ended up keeping one of the bars for emergencies.

Super Caffienated

I bought a Gaggia Titanium super automatic coffee machine yesterday. Interestingly the software and menu system looks just like the Solis Master 5000 Digital. In fact the brewunit is identical too. The Gaggia seems to have improved some of the flaws in the original though; it's got twin boilers, a better air-tight seal on the bean hopper, nice metal bits, and a timer so it can turn itself on in the morning. My plan is to replace the morning can of Coke with a coffee.

You know that you've had too much coffee in a day when you've run out of all clean cups that will fit under the machine.

Apache Critical Flaw!

So according to a Secunia advisory I just read there is a new flaw in Apache that allows attackers to "compromise a vulnerable system". [source]

They got that information from a Connectiva security advisory. That advisory actually says "trigger the execution of arbitrary commands" but if you read the context you'll find that in fact what it means is that a cunning attacker could use a minor flaw in Apache that allows it to log escape characters in order to exploit possible flaws in terminal emulators to execure arbitrary commands if you view the log file. [source].

So we've magically turned an issue which is of quite minor risk and minor severity into one classed as "Moderately Critical". Using the same logic you could then use publicised (but fixed) flaws in the Linux kernel to gain root privileges and we've got a remote root exploit in Apache folks! It's Chinese Whisper Security Advisories at their best.

7 Apr 2004 (updated 7 Apr 2004 at 08:11 UTC) »
95% of statistics....

So our joint statement in response to the Forrester Study is now available and it got to slashdot and other places. It should be an identical statement from each vendors site - although I think the European -ise's got replaced with -ize's in some of the statements. It's quite an event to have four competing Linux distributions giving a joint statement on an issue - but behind the scenes this goes on all the time. Every day we work with our competitors in the other Linux vendor security teams to make sure that Linux users get quality, peer-reviewed, security fixes in a timely fashion.

114 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!