Older blog entries for todd (starting at number 3)

Ugh. How broken can dns be?

root servers say:

66.in-addr.arpa. NS *.arin.net.

Arin says:

210.66.in-addr.arpa. NS *.cox.net.

Cox says:

106.210.66.in-addr.arpa. NS *.coxinet.net.

CoxInet says:

106.210.66.in-addr.arpa. NS ns.theshop.net.

TheShop says (per my request):

26.106.210.66.in-addr.arpa. CNAME 66.210.106.26.pt.fries.net.

I say:

66.210.106.26.pt.fries.net. PTR ns0.fries.net.

Everybody sees:

todd:$ host 66.210.106.26

Host 66.106.210.66.in-addr.arpa not found: 2(SERVFAIL)

todd:$

So I have to do this as a workaround:

todd:$ cat bin/seed_dns.sh

for i in 24 25 26 27 28 29 30 31

do

for h in dns{1,2}.coxinet.net ns.{,east.,west.}cox.net

do

host 66.210.106.$i $h

done

done

todd:$

UUUUUUGH!

3 Jul 2002 (updated 3 Jul 2002 at 15:46 UTC) »

Today is a good day to try out OpenCM.

If you have OpenBSD, I've made a port so you can get started.


Wow, I'm in opencm news. I thought I replied about a port fast, but didn't realize it was within 2 hours of the release.

The world does not always, and often does not, appreciate those that do it favors.

Consider sshd and privelege separation. As we are in the time when vendors and developers need to assist in making privelege separation work for all, many critics and nay-sayers are suggesting alternate agendas for the lack of disclosure on the bug that can be kept at bay through privelege separation.

Let us see this for what it is. The reality we face is:

  1. bug is discovered
  2. choice made to delay full disclosure so everyone has an opportunity to be safe
  3. announcement of privelege separation as a safe and recommended upgrade
  4. time delay to allow for security upgrades
  5. full disclosure of the bug, the alert are safe


There are those who are calling for this scenario:
  1. bug is discovered
  2. full disclosure, including bugfix
  3. privelege separation is suggested as a way to avoid future bugs
  4. many people caught off guard, and exploited


I know which scenario I like better. Unfortunately, unhappy people would suggest otherwise. *sigh*.
20 Jun 2002 (updated 20 Jun 2002 at 14:44 UTC) »

Hmm, I wonder how full of control the webserver's maintainers have? Konqueror and Mozilla both support ipv6, perhaps advogato.org could serve it too?

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!