Error: unknown Blosxom flavour "de"

Today actually two mailing lists made my day:

First Theo de Raadt’s mail to the FreeBSD security mailing list:

Date:       Mon, 02 Oct 2006 14:00:11 -0600
From:       Theo de Raadt <deraadt@cvs.openbsd.org>
To:         freebsd-security@freebsd.org
Subject:    Re: FreeBSD Security Advisory FreeBSD-SA-06:22.openssh 
Message-ID: <200610022000.k92K0B5P009759@cvs.openbsd.org>

> The OpenSSH project believe that the race condition can lead to a Denial
> of Service or potentially remote code execution
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Bullshit.  Where did anyone say this?

Why don't you put people in charge who can READ CODE, and SEE THAT
THIS IS ABSOLUTE BULLSHIT.

and Colin Percival’s dry reply pointing out who made the “ABSOLUTE BULLSHIT”:

Date:       Mon, 02 Oct 2006 14:25:05 -0700
From:       Colin Percival <cperciva@freebsd.org>
To:         Theo de Raadt <deraadt@cvs.openbsd.org>
Cc:         freebsd-security@freebsd.org
Subject:    Re: FreeBSD Security Advisory FreeBSD-SA-06:22.openssh
Message-ID: <452183B1.7000306@freebsd.org>

Theo de Raadt wrote:
>> The OpenSSH project believe that the race condition can lead to a Denial
>> of Service or potentially remote code execution
>                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> Bullshit.  Where did anyone say this?

The OpenSSH 4.4 release announcement says that, actually:

 * Fix an unsafe signal hander reported by Mark Dowd. The signal
   handler was vulnerable to a race condition that could be exploited
   to perform a pre-authentication denial of service. On portable
   OpenSSH, this vulnerability could theoretically lead to
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   pre-authentication remote code execution if GSSAPI authentication
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   is enabled, but the likelihood of successful exploitation appears
   remote.

Colin Percival

Well, looks like an exquisite own goal. (Found by Squeeeez.)

Then, _rene_ cited a mail from the current Debian Project Leader Anthony Towns on debian-devel in #debian.de, who thought that »Switzerland was some foreign word meaning “snowy place”«:

Date:       Tue, 3 Oct 2006 15:52:38 +1000
Subject:    Re: Bits from the DPL: Looking forward
From:	    Anthony Towns <aj@azure.humbug.org.au>
Message-ID: <20061003055238.GA4841@azure.humbug.org.au>

On Tue, Oct 03, 2006 at 03:39:20PM +1000, Anthony Towns wrote:
> BSPs in Vienna (Switzerland) [3], 

I was assuming, of course, that "Switzerland" was some foreign word
meaning "snowy place", but apparently it's actually a country all of
its own, entirely separate to Austria...

On Tue, Oct 03, 2006 at 03:43:52PM +1000, Anthony Towns wrote:
> (b) Firmware vote
> proposal, as amended by Manon Srivastava (Message-id:

And while _Manon des sources_ might've been a neat French film, I don't
think it's actually got all that much to do with Manoj...

Cheers,
aj

And contrary to the usual biases, this geographic unawareness comes from Australia (which is unequal to Austria ;-) and not from the US. :-)

Guys, you all made my day. Kind regards from a currently not so snowy snowy place. :-)

After having a nice DVD evening on Friday with a friend (X-Men 2 and Dogma) in Darmstadt, I attended the Debian QA Meeting in Darmstadt for the rest of the weekend. Although I not really that deep in QA, there were interesting talks, discussions and people. Looking though the list of the oldest Debian packages with RC bugs, I even found a package (elvis-tiny, which I have installed on some boxes) with an RC bug and some more bugs I could fix during the QA meeting.

Debian’s newest developer and AM, Myon, NMU’ed the package for me and so elvis-tiny 1.4-18.1 is the first package I build to enter Debian. The package was btw initially built on my Unstable box at home, which is an about 10 years old Pentium 1 with 133 MHz and 64 MB of RAM called m35. I was working there via ssh and screen using my ThinkPad bijou — which is also an Pentium 1 with 133 MHz and therefore in the same performance class as m35.

Later in the afternoon, djpig filed another RC bug against that package because the above mentioned list of old RC bugs hasn’t been updated yet, so this package probably won’t get into testing that fast. On the other hand: The package is really old and seems unmaintained, because the three bugs weren’t that hard to fix. So it’s probably not so bad that this bug report was filed. And as HE wrote in his blog today, it probably saved him work, because he planned to find all such packages and file the appropriate bugs against them…

While doing some keysigning with the people who were sitting beside me (Amaya and h01ger) I also learned how to use caff and directly found a bug and filed it, while Myon just had uploaded a new version shortly before. But late in the night, he seemed to upload the next version where the bug is already fixed… And thanks to Emme installed the missing dependency for using gnupg-agent on the console (pinentry-curses) on Saturday, I’ve now no more excuses for not yet having signed all the keys from the Key Signing Party at Linuxtag in Karlsruhe.

When most of the meeting was over, I drove Ganneff and HE to the train station and — although they seemed skeptical regarding the idea of being driven in a 2CV — they had obviously fun with it and asked a lot of questions while mostly being amused or surprised by my answers. (Yet another reason to drive a 2CV… ;-)

On #debian.de nion pointed me to a new, ingeniously sick project of him: ii or irc improved, an IRC client with a radically new concept: Input is a FIFO, output is directly into the logfiles organised in a irc/$SERVERNAME/$CHANNELNAME directory hierachy. You just irc by reading the logs and piping to some FIFO.

He immediately took my only half serious comment that he could use loco for nick highlighting.

Looking further through his blog, I mentioned, he was experimenting with IRC clients not only since ii. He was trying WeeChat instead of irssi.