The latest version of Pidgin (used to be gaim) was released. I haven’t found any nice rpm’s for Fedora Core 6 yet (that would install) so I went ahead and made my own. No warranty whatsoever on anything about them. They work on my FC6 box, and that’s about all I know.
UPDATE: Ok as many are well aware of Fedora Core has now switched over to Pidgin and the pidgin group now has a YUM repo setup and working for Fedora. So my rpm’s aren’t needed, just go to pidgin.im and use their YUM repo.
Here is a good article on what SELinux in RHEL 5 has brought to the table. Some cool new features and a lot more protection:
http://www.redhatmagazine.com/2007/05/04/whats-new-in-selinux-for-red-hat-enterprise-linux-5/
There is also some interesting points in the comment section. Basically, a reminder that NO security mechanism is 100% safe, but it’s better than nothing and should always be considered when looking at what you need for your deployment.
Not my normal posting (Ok, so I don’t realy have a normal posting), but this really bugs me.
I ran across this article today:
“I’ve got some sawdust: can I call it chocolate?”
http://www.theregister.co.uk/2007/04/24/chocolate_terror/
The generalist idea is that the Chocolate Manufactures Association and
Grocers Associations are asking the FDA to change the rules so that a mixture of vegetable oil, whey protein, and artrificial flavorings can be called “Real Chocolate” even though they don’t have any real cocoa (chocolate) or dairy in them. I personally don’t like the idea of being sold chocolate (and saying for it) when it isn’t actually chocolate. Not to mention the few (and very few) benefits of eating chocolate will be gone, replaced with increased Trans Fats instead. And it would be perfectly legal for them to advertise these as real chocolate if it’s passed. If this bugs you too, then you can go here:
http://dontmesswithourchocolate.guittard.com/
(This is a website of a chocolate manufacture who doesn’t want to have this happen)
On that site you can click on the “How To Help” link that will take you to FDA where you can register your concerns with this rule change. Only catch is that the comment period end the end of day April 25th (tomorrow).
They’ve done it again in Basketball, National Champions two years running, and simultaneous champions in Basketball and Football at the same time. Love my Gators!!
— @page { size: 8.5in 11in; margin: 0.79in } P { margin-bottom: 0.08in } –>
Ok, been a busy busy couple of months, two conferences down, two scheduled.
In February, I helped with the new LinuxWorld/OpenSolutions World Summit in NY. The show did pretty well, but the weather really messed it up (warning to others, don’t schedule a conference during a massive snow/ice storm, really messes things up LOL). I missed most of the first day when my 4 hour drive turned into around 8 hours, and I didn’t get to leave until 4 hours later than planned. The show’s presentation are are being pod casted here:
http://www.linuxworld.com/events/
Next on the list was the FOSE 2007 show where I helped organize the Tux.org non-profit booth. We handed out over 1,000 issues of Linux Journal with an intro to Linux flier, over 1000 CD/DVD Linux Distros, a couple dozen live FreeBSD CDs, and numerous other giveaways. We had some generally interested people talk to us and it’s nice to see more and more people actually know what Linux is and what OpenSource really means. Here’s some information on what we were doing:
http://www.cyberigor.com/fose/
Well, that takes care of what’s been happening, Now coming up this week is the ShmooCon conference:
I love this conference, has some great speakers, Bruce Potter and the rest of the Shmoo Group do an amazing job with it. Starts in about 3 hours, going to be a fun weekend!
Finally LinuxWorld/OpenSolutions World San Francisco 2007 is starting up. Hoping to get some real good speakers lined up for the Security track (which I’m track chair for). Anyways, not much to see, but here’s the site for that:
http://www.linuxworldexpo.com/live/12/events/12SFO07A
I recently worked on two grid management articles for IBM’s developers center that were just published:
Managing a Grid, Part 3: Monitoring and Scheduling
Managing a Grid, Part 4: Day-to-day tasks for a grid admin
I’m pretty happy with how both of them turned out. They were on a real quick schedule so wasn’t sure how well they would come out. After going back and reading them, I feel they are a decent job. Hope people find them useful.
Oh, and I ran across this:
So at least one person liked it 🙂
Ok, just a quick post but GO GATORS!!!
My school has another National Championship!!!!
I was attending school at UF when they won the 1996 National Championship. It took 10 years, but it’s such a good feeling!!!
Well, once again, I seem to be sparse on the posts. Maybe it’s because I’ve been busy with LinuxWorld Summit NY, or trying to get a new software project at work finished, or maybe cause I’m devoting my free time to my new Nintendo Wii. Well truthfully it’s a little of all the above (and a lot of getting my new software project working), but I did run across this little interesting tidbit:
http://www.nintendoworldreport.com/newsArt.cfm?artid=12687
I hadn’t seen this published broadly, but it appears that the version of opera currently under beta testing to Wii users (any Wii owner can download and play with Opera 9 on their Wii for free) has a vulnerability that can at minimum cause the Wii to hard lock. Currently there is no reported exploit that can run code on the Wii, which would normally be a threat from this exploit, and not clear if it ever will given that Game Consoles are usually pretty strict in what code is or isn’t allowed to run.
Anyways, interesting to see how the age of the desktop vulnerability has come to the game consoles world, even Nintendo. Wonder how long it takes them to issue a fix?
Wow, it’s been a very long time since I last posted something. Well, I do have somewhat of an excuse, I’ve been busy and traveling.
On the busy side, I’ve been trying to get several projects at work moving or finished including: Updates to www.gridswatch.com, Developming some web-based database applications, Working on content and sessions for the upcoming LinuxWorld Summit in New York, and most recently co-authoring some articles on working with Grid computing networks (I’ll post something when they are published).
On the travel/vacation side, I took a long overdue and just plain long vacation. We left for Europe (Barcelona, Spain) late October, spent a day in Barcelona, then a couple of days in France, then a few days in Italy, then back to Barcelona where we spent a few more days before heading to Madrid and Toledo, Spain. Had some great food, met some nice people, and came back with a sword which I purchased at the blacksmith’s shop after spending an hour talking about swords with the man who made my sword. Needless to say I had a great time, and it had been 7 years since the wife and I took a real vacation together. We didn’t get back till mid Novemeber just to give you an idea of how long a vacation this was (we had just a few vacation hours saved up…).
Of course about a week after our return we then had an extended Thanksgiving day weekend (5 days for me), so Novemember has been a light month on work. This translates into me being behind in what I want to have done before the end of the year. I’m going to be busy.
I’ll have a few more updates in December (hopefully articles going live, and some info on the LinuxWorld Summit that is coming). Not to mention gripes about stupid security I’m sure I’ll see.
Ok, been meaning to write a little about this, just couldn’t find the time.
To ALL those in charge of taking private information via secure webforms (credit cards, SSN, etc..) PLEASE READ THIS.
Yes, you must use an SSL encrypted webpage, yes you must only give that information collected to those who are directly responsible for billing the transaction. But DO NOT EMAIL all the information to anyone, and certainly don’t include it in the confirmation email!
I say this because I recently registered for a workshop I plan on attending. I’m not going to name the institution that is running it, nor am I going to mention the name of the course (though I must admit if I was presenting at the workshop I would be very pissed to learn that this was how they were sending confirmation emails). My company is paying for the workshop so they used the company credit card and the administrative assistant took care of the registration for me. Shortly after they registered me, I received the confirmation email. What did I find in that email that they sent to me (and to one other email address that we didn’t recognize), my contact information, all the contact information for the person holding our company card, the full credit card number, the Expiration date, and the CCV Code!
They emailed out everything you could possibly need to use the credit card at any online vendor in a plain text email over the unencrypted PUBLIC INTERNET!!!!
The fact that they had a nice SSL encrypted website to take this information just made the situation worse. Through their actions they have violated the trust relation they setup by presenting what appeared to be a secure internet transaction. By emailing the information they collected back over the internet, they placed that information at even more risk than if it was not emailed, but didn’t use an SSL cert. Now our credit information is being cached unencrypted on at least 2 email servers (most likely 4 or more) for who knows how long. If those machines are compromised or someone was having fun watching that traffic, they could now be purchasing a couple of big screen HDTV’s maybe a laptop or 4, subscribing to every porn site they want, etc..
People have got to remember that your responsibility for the secure transaction on the web doesn’t end at the SSL encrypted webform. It continues for as long as you hold and maintain that private information. End-to-end, review your policies, before it comes back to bite you.
I’ve been nice and I’m trying to work with these people to make sure they get this corrected. So far they seem to be listening (though action is a little slower). Hopefully they will get it, time will tell. If I had been someone less friendly, this could have been a much bigger headache for them.
