Little Snitch - Reverse Firewall for Mac OS X - take a look when I have time
sysadmin - 1.4.2004 - 25.5.2004
The Worst of All Susens
Every time I read upgrade stories like this, I wonder what the actual advantage of Suse over Debian is supposed to be. What good is a distribution that looks nice and colorful during installation but can't be upgraded properly? And don't tell me this is an isolated case with Suse 9.1 - I've read similar horror stories about pretty much every Suse upgrade.
At Die wunderbare Welt von Isotopp you can find the original article.
Rubicode - RCDefaultApp
Very handy: setting the various default handlers for various file types, URL types, MIME types, etc. Exactly the panel that Apple left out of System Preferences...
WordPress 1.2
The final is out. However, trackbacking still doesn't work quite right - at least not when the target is a topic at TopicExchange. At WordPress WordBlog there's the original article.
WordPress Tinkering
Since I'm currently playing around with blog utilities and CMSes, my current WordPress installation has already gotten some content and layout improvements. Of all the alternatives for small sites, I still like it the best. For Drupal (my current favorite for larger sites), I might also find a use case.
Do I have too many domains and sites? Oh well.
Update: since I'm now running this blog with WordPress and the other one had become outdated, I simply shut it down. One less site to maintain...
drupal.org
I'm currently playing around with Drupal a bit. First impression: wow! Extremely powerful, extremely many features. Though possibly too many features. But what I like right away is the very clean interface with quite logical menu structure, and how all extensions automatically hook into these menus. I also like the solution with templates and themes: themes can be divided into templates or stylesheets. This allows you to change the general system, but also just choose variants of a system. The default theme is table-based, but there's another CSS-based one to choose from. I can't really say yet how XHTML compatibility looks. Also good is the support for MySQL and PostgreSQL - I normally prefer the latter. You can also make weblogs with it, as well as static articles, entire books, stories with discussion forums similar to Slashdot or Kuro5hin and much more. However, what stands out right away is that the tools in the individual content areas are somewhat sparse - tools that specifically target weblogs often seem more complete. Specifically things like Trackback, Pingback, update pings or similar have to be installed afterwards or at least reconfigured - the standard only pings drupal.org itself for the distributed login mechanism. Also such elementary things as simple categories (more complex categories - even hierarchical - do exist, but elsewhere) for blog entries require some searching. RSS feeds are automatically created, but on some pages (for example the homepage) they first have to be linked (in user blogs the link is automatic though). Otherwise they are only contained as alternate links, but not necessarily visible to users. Overall, the whole system clearly aims to design and build entire websites with entire groups of users. However, the distributed login mechanism is really cool: users from participating systems can log into other participating systems with user@host and the login is automatically passed to the home system. Login with always the same password, but with distributed authorization. Very nice! Overall, a lot of value is placed on user management - it almost has Zope dimensions with its permission groups and the ability to create symbolic permission groups for individual activities. Less cool are the many missing metadata. There's actually hardly any metadata on content. Author, date, status - but that's more or less it (of course besides title and text, those are self-evident). Content organization is also left to the user - though there are helper tools that make creating navigation easier. However, many metadata topics (such as categories) can apparently be solved using taxonomies - these are groupings of content. The description of this is somewhat unintuitive, the topic is quite complex. Taxonomies are groupings of keywords on a topic. So I don't assign posts to categories, but rather assign keywords to posts and then organize the keywords into categories. While this provides mountains of metadata, it's far more complex than the normal blog categories you're used to.
Great again are all the content status and content versioning functionalities. All changes are logged. All changes to content are versioned. You can go back to older content and thus, for example, fix errors (or remove garbage from rogue users).
The whole system is extensible, but I suspect (haven't checked it yet, but given the range of functionality it's a likely guess) that creating plugins and filters is more involved than with small solutions like WordPress. But that's in the nature of things.
Another potential disadvantage is the unavailability of a ready-made German translation. While there are other sites working with Drupal in German, apparently no one releases the complete translation tables for download - at least I haven't found anything, neither at drupal.org itself nor on Google.
Where would I classify Drupal? Clearly in the CMS category - that's where systems like Typo3, Mambo Open Source, Plone and similar systems shine. However, it beats discussion-oriented CMSs like Scoop or Squishdot by a mile - as well as simple blog CMSs. For a simple blog system it's clearly overkill. For a complete site it seems very usable.
Releases | drupal.org - Download page for Drupal modules
Exchange loses emails
Mail loss is not a standard feature of mail servers? You'd think someone would have to explain that to Microsoft – they won't figure it out on their own ...
At heise online news you can find the original article.
Open Source release of Frontier?
Interesting for people still working with Frontier: the kernel is likely to become open source. As a result, this could mean that some of the uglier problems (e.g. the terribly poor performance under OS X) could be solved. After all, Frontier is still pretty cool in many corners even today (the OO database with outliner basis, for example, is something that doesn't exist in this form elsewhere - even if some people grumble that you don't actually need this particular combination).
At Second p0st you'll find the original article.
Freedom 0 [dive into mark]
I don't often agree with Mark Pilgrim, but here - it's about free software in the broader sense and Moveable Type's price changes in the narrower sense - he hits the nail on the head.
Longhorn goes to pieces | CNET News.com
Advanced search features that Gates has termed the "Holy Grail" of Longhorn, the next major version of Windows, won't be fully in place until 2009, Bob Muglia, the senior vice president in charge of Windows server development, told CNET News.com. - I find that frankly embarrassing what Microsoft is currently doing. Who cares about an operating system whose interesting features are supposed to come sometime in 2009 or so? In IT, that's an eternity. The whole thing Microsoft is pulling off really reminds me strongly of Apple before they bought NeXT.
Beware Mac OS X Trojan AppleScript applet
Cool. An AppleScript applet that has an icon that looks like a Microsoft installer. Absolutely horrifyingly terrible trojan. That's so trojan-like. I get genuinely scary anxiety thinking that I might accidentally deliberately download that thing, and despite having no Microsoft applications, feel immediately compelled by the icon to double-click it, only to be completely taken aback when my home directory gets deleted. People, if I hit myself on the head with a hammer, it hurts. That's pretty stupid of me, but the hammer still isn't a trojan. Even if someone writes chocolate on it... And no, completely doesn't fit well here either. I just wanted to use it once... At welcome to macscripter.net | applescript and script resource you can find the original article.
Unsafe Browsing with Safari
The apple seems to be a bit rotten on the inside...
At heise online news you can find the original article.
News: »Debian GNU/Linux« is back
YES!! No, I don't need the manual anymore. But I can use it to shut people up who bug me with questions
OpenBSD Chef de Raadt criticizes patented TCP fix
Great. Cisco wants to get a technique into TCP/IP that is patented and licensed by Cisco. I hope the IETF doesn't accept this nonsense. As Theo de Raadt correctly noted, there are better solutions. And what Cisco has so proudly patented is so trivial that you have to wonder why on earth anyone granted a patent for it...
That's all we needed, patent madness and patent absurdities in the basic internet protocol
At heise online news there's the original article.
Firewalls and Complexity
Ouch. =F6 reports on a rather silly article in Computerwoche that dreams of magical web validation firewalls ...
At The Wonderful World of Isotopp you can find the original article.
More Bluetooth Phones Vulnerable to Hacker Attacks
Now I've got the S55 and what's this? It's also vulnerable to Bluetooth attacks. But at least only Denial-of-Service and not Bluesnarf. The latter would be rather annoying - after all, I use the phone and Bluetooth for remote administration of servers ...
At heise online news there's the original article.
Rsync Vault Manager - Backup system based on rsync
Sven J has messed up...
What bothers me about this, though: now they've caught the stupid guy who produced Sasser. Ok, he's getting what he deserves - rightly so. But who's finally going to do something about Microsoft and their criminal neglect of security? Who's going to hold the real culprit responsible - the one whose crappy software makes all these worm waves possible in the first place?
At Die wunderbare Welt von Isotopp you'll find the original article.
Suse Live CD open to network attacks
Suse seems to have interpreted the "open" in OpenSSH a bit differently
At heise online news you can find the original article.
A.L.Digital : The Bunker : Press - More info about the Bluetooth hack
«Longhorn» only for super-PCs
Well, then Microsoft will just have to hope that the 4-6 GHz processors they're envisioning come soon. Or they could finally start learning how to program decently. New OS X releases, meanwhile, got faster rather than slower from release to release.
At NETZEITUNG.DE Internet you can find the original article.
Security Corporation - Nokia 6310i
And now guess which phone I have ...
What becomes of formerly interesting websites
Previously the source for Security Exploits. Today you can find information about warts and how to have them removed ... Here's the original article.
I'm back
After an unintended break thanks to a disk crash on my Hetzner server, I'm back now. And looking back, I have to say that Hetzner's support went well. I only have standard support, so support is only available during the specified service hours. Both days (on Monday because of the system setup on a new disk and on Tuesday because of the server restart due to a hang) they responded immediately in the morning. When I pointed out further disk errors (or rather CRC errors), they also responded immediately and rebuilt the system - apparently their disks are usually in swap frames, which also explains how they were able to install a new disk for me so quickly.
Well, let's see how long it lasts this time. In any case, I was able to test my crash recovery and have to say it works surprisingly well. Okay, there were a few minor issues of course, but it's all manageable. Only http://muensterland.org/ suffered, as the server's database file had to be rolled back one day since the most recent file didn't work. Well, manageable problems...
Accessfs: permission filesystem for linux - virtual filesystem for managing capabilities and port bindings
rssh - restricted shell for scp/sftp - Another shell for ssh that only allows certain commands
scponly homepage - Shell for ssh use that allows only specific commands
Debian: Free, but Delayed
That's just how it is with Debian. Philosophy is important - sometimes just as important or even more important than the releases. I like it anyway - or precisely because of this? Because no other distribution really puts so much value on the ideas of Free Software - and is really consistent in what it does.
Sure, it's annoying sometimes when releases take years to come out. On the other hand, that's exactly what the Testing and Unstable distributions are for. Although as a user, I really only use Testing, or Stable on production servers.
Backports are relatively simple and allow you to update individual packages - but of course you're then responsible for the updates yourself. Sure, for pure users that's certainly not an option - they just want to install and not compile. On the other hand, you should always keep in mind that Linux is just a Unix - and being afraid of the compiler when using Unix is pretty out of place.
One thing is certain: I've played around with many distributions and also experimented more seriously. Except for Gentoo, none really impressed me, and Gentoo is too heavy for me for smaller machines and servers - I don't really want to fire up the compiler for every package when the machine's main load is for something else (server) or it's simply too small to convert some monster packages.
At heise online news there's the original article.
heise Security - News - Microsoft wanted to prevent publication of exploit against IIS
Well, Microsoft will probably never learn ...
This must be fake.
Really. That can't be real. Here's the original article.
UNIX History - Unix History Chart
Apple Xsan: an Overview
Yummy! Do I have a chance to motivate my employer to switch everything to XServes? Probably not. Too bad, actually.
At Industrial Technology & Witchcraft you can find the original article.
MS Explorer 'Patch': Either 14 Holes or No SSL
It's kind of funny how this software monstrosity is falling apart these days. Not really high-quality software, that sort of thing.
At Industrial Technology & Witchcraft you can find the original article.
DarwinPorts Home
I was actually a Fink fan until recently (if only because it's based on Debian utilities). But since Fink has been behaving very strangely for me lately (for example, the Fink mirrors weren't all reachable because their nameserver apparently was misconfigured or because their SVN port simply didn't work, or because support for 10.2 is a bit strange), I decided to try DarwinPorts. And I have to say, I really like the system.
However, what I don't like so much is the fact that not every program works out-of-the-box. mtr, for example, complains about raw packets that it can't generate because it's not suid-root. True - it wasn't. I don't simply install ports as root - I use a normal user for the build. That all works fine because the user has the necessary permissions. But an mtr that is suid-gb can't generate raw packets anymore, even when used by root...
However, the normal user will probably rarely stumble over this, and normal applications should work pretty much right away.
What really puzzled me, however, was my attempt to install Subversion. Okay, I can understand that Subversion needs a web server - after all, it's essential for the server (although personally I would prefer a separation into a Subversion server and a Subversion client). But that Apache2 should be fetched just so a local installation of it runs on the machine, just because you might need the Subversion client - I think that's rather awkward. Especially since there are Port variants for exactly that purpose - but Subversion only offers a mod_dav_svn and a Python variant. In the mod_dav_svn variant, Apache is a prerequisite - but I actually just wanted normal Subversion. Strange. Okay, well, I admit - if you know what APR is, it also becomes clear where Apache2 comes in. Here's the original article.
GROKLAW - Linux as Security Risk and the Answers to It
At groklaw there is a summary of reactions to the nonsense that was spouted by the head of Green Hills Software.
Linux 2.6 and mISDN HowTo - HowTo for ISDN over CAPI with Linux 2.6
Embedded Systems Developer: "Linux is a Security Risk"
Oh man, there's someone who, in a desperate attempt to hold onto his slipping furs, shot way over the mark and made a fool of himself.
At heise online news there's the original article.
Wiki Software at Webware
An interesting wiki software in Python that works with restructured Text instead of any wiki markup language. Very interesting because ReST is very powerful and also very pleasant for web-based editing - no markup, but mainly just formatted ASCII text. Unfortunately currently only available via Subversion.
Zope.org - Readme file for ZopeEditManager 0.9.3 - Integrate External Editor in Zope under OS X
Sun discontinues development of UltraSparc V
Ouch. Ok, it was foreseeable - the new chips were announced repeatedly, but never appeared. Still - that's quite a debacle. SUN simply doesn't have enough resources to abandon a chip line in the sand without it having an impact on the company ...
At heise online news you can find the original article.
Spyware manufacturer wants to go public
Audacious. Data protection violations without end, fraudulent software installation (because nowhere does this garbage warn that data is being spied on and forwarded), and the whole thing packaged in a form that's more reminiscent of viruses and worms than proper software (namely piggybacking on other programs). And something like this wants to go public.
At heise online news there's the original article.
Dnsmasq - a DNS forwarder for NAT firewalls. - DNS proxy for small systems - Alternative to PDNSD
Fastpath and faster upstream for T-DSL without setup fee
The faster upstream would be nice...
At heise online news there's the original article.
ICANN Defends Ban on VeriSign's Sitefinder
ICANN does something useful.
At heise online news you'll find the original article.
Idiotic Mail Server Configurations Again
Found in the log file:
554- (RTR:DU) The IP address you are using to connect to AOL is a dynamic 554- (residential) IP address. AOL will not accept future e-mail transactions 554- from this IP address until your ISP removes this IP address from its list 554- of dynamic (residential) IP addresses. For additional information, 554- please visit http://postmaster.info.aol.com. 554 Connecting IP: 62.226.72.29
No, I don't want to deliver any mail at all. I just want to check the validity of email addresses. But AOL is already preventing me from doing that in advance - instead of waiting until a DATA command comes, which would actually initiate a real mail. As a result, I can't use the callback because AOL won't let me verify and I end up rejecting all mail from AOL users. That's ridiculous.
With their very strange actions against spam, such providers only make it harder for other people to protect themselves against spam too. Because I get the rejection before the first command - so I can't even do a VRFY or anything like that. I can't even establish a connection to the AOL mail server.
To explain what I do: when mail comes in, I check whether the technical sender (i.e., where bounces go) is a valid mailbox. This way I reject all mail that can't be bounced. If I can't send an error report for it, I don't want the mail. To do this, my mail server attempts mail delivery. However, only the first two commands are sent - MAIL FROM and RCPT TO. No DATA and especially no mail.
This is a common procedure to ensure that only real mail arrives at a server. But since AOL now prevents every connection to the mail server, I can't use this approach anymore - I can no longer verify AOL addresses the same way I can with other addresses. Which, given the fact that AOL addresses in particular are faked for spam, is quite audacious of AOL.
Index of /~erich/bricolage - Debian packages for Bricolage
Solution for previous problem
So, I've now simply moved my email validation to an external server, which I query via XML-RPC. It then performs the email validation - and since it runs on a static IP, it's also accepted by AOL.
Anyone who wants to play around with this, the service is accessible via SOAP or XMLRPC. The address for XMLRPC: http://simon.bofh.ms:1111/RPC2 and then call the method mailcheck.validateEmail(adr) there. The address for SOAP: http://simon.bofh.ms:1111/SOAP/mailcheck and then call validateEmail(adr) there. Documentation of the method for this module can be found at http://simon.bofh.ms:1111/API/mailcheck. A WSDL for .NET people and others who need that sort of thing can be found at http://simon.bofh.ms:1111/WSDL/mailcheck. By the way, the web service was created using TooFPy. The corresponding tool is included in the source package - or can be viewed directly in CVS.
The Mason Book - Bricolage Guide
Debian GNU/Linux -- apt-build
Debian's Answer to Gentoo Linux
(and if you use Xine or Ogle for example, you should definitely consider it - with those, optimized compilation makes quite a bit of difference in performance)