The days of my last running Woody are numbered… //at 23:05 //by abe

As many of the Planet Debian readers know, I bemoan Galeon 1.2 and therefore Woody. For a long time I haven’t found an appropriate browser replacement for Galeon 1.2 in Sarge, so I never switched my home workstation called “gsa” (Pentium II, 400 MHz, 572 MB RAM) to Sarge, since Woody was rockstable and just worked.

Though, after a few Galeon 1.3/2.0 rants, someone pointed me to Kazehakase, which indeed is a fine Galeon 1.2 replacement. But I noticed that Kazehakase in Sarge was in an early stage and the Kazehakase from testing (now Etch) were already much more matured.

So in comparison to Sarge with Etch I won’t have the problem of not having a mature and sage web browser in main. And due to security support for Woody ceased a few months ago and Etch is now declared stable, it’s time to reinstall my last Woody box with Etch.

For that, a repartioning of it’s two hard disks (8 GB and 40 GB) sounds like a good idea and so I had look, what’s on all those partitions where I once had a shot on quite a few Linux distributions and other unix-like operating systems. (Although I was already a big fan of Debian at that time, I wanted to look over my own nose and ordered a few CDs of free operating system at LinISO.de.)

So here’s what I found, never really used and will throw away quite soon:

• RedHat 9
• Mandrake 9.2beta2
• FreeBSD 4.8
• OpenBSD 3.3
• one more, not yet identified (or perhaps even never formatted) Linux partition

That should give enough space for an Etch installation without touching the Woody installation first. Thanks to Venty, I’ve got a DVD drive for that box, so I can install from DVD.

And for toying around with all those other neat and free operating systems nowadays, I’ve got my MicroClient Jr. named “c2”.

Mailing lists made my day //at 13:58 //by abe

Today actually two mailing lists made my day:

First Theo de Raadt’s mail to the FreeBSD security mailing list:

Date:       Mon, 02 Oct 2006 14:00:11 -0600
From:       Theo de Raadt <deraadt@cvs.openbsd.org>
To:         freebsd-security@freebsd.org
Subject:    Re: FreeBSD Security Advisory FreeBSD-SA-06:22.openssh 
Message-ID: <200610022000.k92K0B5P009759@cvs.openbsd.org>

> The OpenSSH project believe that the race condition can lead to a Denial
> of Service or potentially remote code execution
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Bullshit.  Where did anyone say this?

Why don't you put people in charge who can READ CODE, and SEE THAT
THIS IS ABSOLUTE BULLSHIT.

and Colin Percival’s dry reply pointing out who made the “ABSOLUTE BULLSHIT”:

Date:       Mon, 02 Oct 2006 14:25:05 -0700
From:       Colin Percival <cperciva@freebsd.org>
To:         Theo de Raadt <deraadt@cvs.openbsd.org>
Cc:         freebsd-security@freebsd.org
Subject:    Re: FreeBSD Security Advisory FreeBSD-SA-06:22.openssh
Message-ID: <452183B1.7000306@freebsd.org>

Theo de Raadt wrote:
>> The OpenSSH project believe that the race condition can lead to a Denial
>> of Service or potentially remote code execution
>                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> Bullshit.  Where did anyone say this?

The OpenSSH 4.4 release announcement says that, actually:

 * Fix an unsafe signal hander reported by Mark Dowd. The signal
   handler was vulnerable to a race condition that could be exploited
   to perform a pre-authentication denial of service. On portable
   OpenSSH, this vulnerability could theoretically lead to
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   pre-authentication remote code execution if GSSAPI authentication
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   is enabled, but the likelihood of successful exploitation appears
   remote.

Colin Percival

Well, looks like an exquisite own goal. (Found by Squeeeez.)

Then, _rene_ cited a mail from the current Debian Project Leader Anthony Towns on debian-devel in #debian.de, who thought that »Switzerland was some foreign word meaning “snowy place”«:

Date:       Tue, 3 Oct 2006 15:52:38 +1000
Subject:    Re: Bits from the DPL: Looking forward
From:	    Anthony Towns <aj@azure.humbug.org.au>
Message-ID: <20061003055238.GA4841@azure.humbug.org.au>

On Tue, Oct 03, 2006 at 03:39:20PM +1000, Anthony Towns wrote:
> BSPs in Vienna (Switzerland) [3], 

I was assuming, of course, that "Switzerland" was some foreign word
meaning "snowy place", but apparently it's actually a country all of
its own, entirely separate to Austria...

On Tue, Oct 03, 2006 at 03:43:52PM +1000, Anthony Towns wrote:
> (b) Firmware vote
> proposal, as amended by Manon Srivastava (Message-id:

And while _Manon des sources_ might've been a neat French film, I don't
think it's actually got all that much to do with Manoj...

Cheers,
aj

And contrary to the usual biases, this geographic unawareness comes from Australia (which is unequal to Austria ;-) and not from the US. :-)

Guys, you all made my day. Kind regards from a currently not so snowy snowy place. :-)

Supporting Free Software via vendors //at 02:25 //by abe

Steve wrote in his blog:

I’ve seen this argument before “Buy distribution of GNU/Linux and support free software programmers”. The only problem I have with it is that it is incorrect. Buying GNU/Linux distributions helps the vendors who created it, certainly, and may indirectly help pay for some free software in the sense that the vendors might ship free software they wrote (e.g. SuSEs Yast{2]). However plonking down real cash-money for a boxed set of SuSE gives no money to the people who created MySQL, no money to the people who created Firefox, no money to the people who created Emacs, Vim, Bash, and Catan/Pioneers, etc.

I think, in general you’re right. And if you — as you did :-) — take SuSE, it usually works. And you’re probably also right for most people who just know the big, commercial distributions. But what if you take a free distribution like Debian or some of the BSDs, e.g. OpenBSD? How much truth is in there then?

Especially in the case of OpenBSD your view doesn’t seem work, because if you buy an (official) OpenBSD box, you pay the developers — or at least a few of them — of the operating system core and some mission-critical applications.

But what if you take community based distributions like Debian? You distinguished between distributor and authors of free software. In my eyes especially Debian, but also some other community based distributions are both at same time. So IMHO you can put them on the author side of your view.

And since many Debian vendors (at least those I saw) donate a part of the profit they make from selling Debian CDs or DVD to the Debian Project. Or they offer additional shopping cart items “Donation to Debian” if you order a Debian item. (Example: LinISO.de)

Another question in this context would be, how the FOSS world would look like if there are or were no commercial distributors. It probably would be much smaller because some marketing and some lobbying would be missing. Although that’s the only implication which comes to my mind, I’m sure, there are many more possible views on this subject.

But as I said, IMHO you’re right for most cases.