Older blog entries for mjcox (starting at number 84)

Suddenly realised that in the next month I have to write and prepare for 5 different presentations. I'm talking at ApacheCon in November and want to make the talk extra special, so I'll take a couple of days off in the next week or two to make sure it has some interesting content. "Apache Security Secrets Revealed" although I've no intention of hiding behind a mask until the end :)

I can't believe Bryce is leaving the US, he was one true friend who I really enjoyed spending time with when I was over in Raleigh - we'd always spend my spare weekends going shopping, driving around, or eating.

We were expecting someone to write an exploit for the OpenSSL issues (the problem is fairly straightforward to exploit as exploits go), well it started appearing with vengence in the wild on Friday 13th. Now everyone who didn't patch OpenSSL needs to run around like a headless chicken patching and making sure they didn't get exploited. Of course the only way to be certain you are not 0wn3d is to reinstall from scratch since loadable kernel module rootkits are pretty comprehensive these days. Quite a few folks were confused because they'd updated their Apache (but not their OpenSSL) and some others got exploited who upgraded but didn't reboot (or restart OpenSSL-based services) so never picked up the new OpenSSL shared libraries.

I put the baln S/PDIF idea on hold as it's getting cold now in Scotland; instead I spent a couple of evenings finishing off a heating controller. A PIC chip controlling a relay sit next to the central heating system connected across the thermostat inputs I wasn't using. The PIC is connected via the CAT5 network to my home automation PC. The PIC is designed to stop silly things happening if the computer dies in a bad state (heating on for 24 hours is bad) or if hackers get into the HA system. It makes sure you can't cycle between on and off too often and other stuff. Anyway now I need to write something to actually control it, and get some temperature sensors. Yeah, I could have gone and bought a $30 thermostat and wired that in instead, but it isn't as much fun and being able to turn on your heating whilst sitting in the living room on the wireless network.

Just say no to macerator pumps They place a large number of restrictions on what you can do with them (toilet paper only in the pan, no hairs down the sink, no cleaners), and then even when obeying all the instructions they fail to work, and when they fail to work you end up with a ton of waste soaking into your floor. This time spectacularly flooding (and ruining) the bathroom and hall floors and coming within inches of flooding the cupboard where my large UPS sits (stupidly) on the floor. A very large wet battery and invertor - that would have been a spectacular bang. So that put an end to the balun and S/PDIF (I got the acronym right this time) through CAT5 idea needing 3-400 pounds to fix the damages, and tommorrow a trip to the DIY store to buy some wood to raise the UPS by four inches or so and maybe some water sensor alarms, and possibly a bucket - low tech toilet, but at least it would work.

Who needs impossible-to-find-baluns anyway? I started looking back through my notes from years ago about using opamps to drive differential circuits, then had a quick google search which came up with this gem: http://www.elantec.com/pages/apppdf/d40968.pdf So for about $15 of components (RS Components even have them in stock) I can run SP/DIF through CAT5. Whee.

Spent a good few hours over the weekend trying to find misc bits and pieces to make my home automation more complete. I want to be able to play my music collection in the main room which has the nice 5.1 amp and speaker setup. I thought about buying an Audiotron or the cute spimmp3 devices, but they're about $300+VAT+duty+blah. So here is the alernative cunning plan:

  • Find a cheap soundcard that will output SP/DIF (coax) that works okay with Linux. SP/DIF input too would be nice but not essential. Not yet investigated.
  • Get a pair of 75 ohm to 110 ohm baluns. Then I can feed the SP/DIF output through the balun into the cat5 network, and up to the front room, converted again to SP/DIF and fed into the amp. How hard is it to find a UK source of these things, they should only be about $10-$20 each - it's only a transformer after all.
  • Find my awful IRDA keyboard that I bought in the USA for about $20 a couple of years ago instead of getting a IRDA receiver for the Linux machine.
Ideally I'd have a 2nd balun on the same cat5 cable passing composite video back from the machine through the AV amp to the TV, but that would mean sourcing a replacement video card that has composite out and works with Linux.

Backups, backups, backups. I do! I backup everything off-site! Well, okay, apart from my TiVo which I've not backed up for a while, since January in fact. So when the disk died yesterday and I was unable to salvage it enough to get a working backup off it and ended up with this really old backup, and having to do all the pain of resetting season passes, losing stored programs, losing tivoweb etc etc. Argh.

Still working on the technical review of this firewall book - going well but taking so long I wonder if I'd have time to write a book myself.

Nothing much changed on the house situation, I've brought in my legal insurance to take care of it now, they can have the hassle. A local company, Multipump services, are also becoming annoying as they refuse to return a repaired saniflow pump that I paid for them to repair back in April. Threatening legal action didn't help so I'll have to follow up and start small claims proceedings next week - they're messing me around on purpose and this thing is worth over 200 quid so I can't just ignore it.

More Apache fun last week with an advisory for security issues in 2.0.40 (fortunately which don't affect Unix machines).

Where did that month go? Well actually I know exactly where it went since I started managing my time using the Franklin Covey system. Security work keeps me busy and in spare time I've been finishing off our CVE mapping. I had a mad moment one evening and got our 2000 mapping nearly complete, so only a handful of issues left until we've got a 100% mapping.

In home life I now have the ability to assemble flat pack kitchen units with Italian instructions and make them defy gravity by fixing them to the garage walls using my new scary hammer action drill.

What a busy couple of days. It all started last month with a seemingly innocent DOS being reported to the Apache security team. jorton and I spent some time analysing it and found that although it wasn't exploitable on 32 bit until platforms it may well be exploitable on some 64 bit machines. Then started the co- ordination work with CERT.

Then, suddenly, the ISS team announced the same issue publically causing us to go into firefighting mode and release the advisory (which I'd fortunately already drafted and got positive feedback on), followed by seemingly hundreds of press calls, lots of additional analysis, and reading ISS say I was untrustworthy in some Chicago newspaper ;-)

Now for some sleep

  • Got interviewed for redhat.com
  • I was initiated into the need to carry around more paper
  • had a few days of fun with Bryce and other US folks. Looking in the US for magazines on how to do interior US home design, although all I found was imported magazines showing how to make your US home look English. Grass, greener, etc.
  • Went through far too many security points at airports and found that it's really important to make sure your laptop is charged when they want to inspect it
  • spent some time with the Mitre CVE people

Did an interesting interview last week for Red Hat about what I do and why I do it with some very American questions like "Justify your existance". Anyway that should be on the web site next week sometime and explains all about how I got involved with Apache and why I think buying a house is like coding software.

The cute Erricson phone works over here in the USA and for the first time I've been able to hold working SMS conversations with the UK - saves me a buck or two.

Replaced my outdated paper log book with my todo list and notes with a system from Franklin Covey. Replaced it with even more paper - but according to the seminar this system will sort out my entire life and make me a better person.

Rest of my time has been dealing with various security advisories for Red Hat and investigating new issues. I'm off to see the Mitre CVE folks in a couple of days in Boston.

Tip of the month: When travelling don't let your batteries completely run out so when you are asked to turn on your laptop at airport security there isn't even enough power to light the 'your batteries are low' light.

75 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!