Mailing lists made my day //at 13:58 //by abe

Today actually two mailing lists made my day:

First Theo de Raadt’s mail to the FreeBSD security mailing list:

Date:       Mon, 02 Oct 2006 14:00:11 -0600
From:       Theo de Raadt <deraadt@cvs.openbsd.org>
To:         freebsd-security@freebsd.org
Subject:    Re: FreeBSD Security Advisory FreeBSD-SA-06:22.openssh 
Message-ID: <200610022000.k92K0B5P009759@cvs.openbsd.org>

> The OpenSSH project believe that the race condition can lead to a Denial
> of Service or potentially remote code execution
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Bullshit.  Where did anyone say this?

Why don't you put people in charge who can READ CODE, and SEE THAT
THIS IS ABSOLUTE BULLSHIT.

and Colin Percival’s dry reply pointing out who made the “ABSOLUTE BULLSHIT”:

Date:       Mon, 02 Oct 2006 14:25:05 -0700
From:       Colin Percival <cperciva@freebsd.org>
To:         Theo de Raadt <deraadt@cvs.openbsd.org>
Cc:         freebsd-security@freebsd.org
Subject:    Re: FreeBSD Security Advisory FreeBSD-SA-06:22.openssh
Message-ID: <452183B1.7000306@freebsd.org>

Theo de Raadt wrote:
>> The OpenSSH project believe that the race condition can lead to a Denial
>> of Service or potentially remote code execution
>                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> Bullshit.  Where did anyone say this?

The OpenSSH 4.4 release announcement says that, actually:

 * Fix an unsafe signal hander reported by Mark Dowd. The signal
   handler was vulnerable to a race condition that could be exploited
   to perform a pre-authentication denial of service. On portable
   OpenSSH, this vulnerability could theoretically lead to
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   pre-authentication remote code execution if GSSAPI authentication
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   is enabled, but the likelihood of successful exploitation appears
   remote.

Colin Percival

Well, looks like an exquisite own goal. (Found by Squeeeez.)

Then, _rene_ cited a mail from the current Debian Project Leader Anthony Towns on debian-devel in #debian.de, who thought that »Switzerland was some foreign word meaning “snowy place”«:

Date:       Tue, 3 Oct 2006 15:52:38 +1000
Subject:    Re: Bits from the DPL: Looking forward
From:	    Anthony Towns <aj@azure.humbug.org.au>
Message-ID: <20061003055238.GA4841@azure.humbug.org.au>

On Tue, Oct 03, 2006 at 03:39:20PM +1000, Anthony Towns wrote:
> BSPs in Vienna (Switzerland) [3], 

I was assuming, of course, that "Switzerland" was some foreign word
meaning "snowy place", but apparently it's actually a country all of
its own, entirely separate to Austria...

On Tue, Oct 03, 2006 at 03:43:52PM +1000, Anthony Towns wrote:
> (b) Firmware vote
> proposal, as amended by Manon Srivastava (Message-id:

And while _Manon des sources_ might've been a neat French film, I don't
think it's actually got all that much to do with Manoj...

Cheers,
aj

And contrary to the usual biases, this geographic unawareness comes from Australia (which is unequal to Austria ;-) and not from the US. :-)

Guys, you all made my day. Kind regards from a currently not so snowy snowy place. :-)

What’s Your Summer Ride? //at 00:41 //by abe

When I was following the links to the What Are The Keys To Your Heart? quiz which was a common meme during the last weeks on Planet Debian, I noticed a quiz which made me much more curious than the above mentioned one or the What Language Should You Learn? quiz meme: What’s Your Summer Ride?

Since I know exactly what my summer ride is, I was curious what will come out. Since there were only a few questions (somehow I expected more), I was through after a quite short time:

Your Summer Ride is a Jeep
For you, summer is all about having no responsibilities. You prefer to hang with old friends - and make some new ones.

Well, although there were a few question where I could have chosen more than one answer, the answer is not so bad. My perfect summer ride would be a white all-wheel drive 2CV, either a original, double-engined 2CV Sahara (Type “AW”) from the 50s or 60s or a “modern” 2CV with Weber 5-speed gearbox and Weber all-wheel drive.

Regarding the first question “If you had a ton of money, how would you spend your summer?”: I probably would take an all-wheel drive 2CV and would drive on small roads through Scandinavia or the Alps. Or along the Panameriacana or through the Yellowstone National Park if I wouldn’t have to travel to the USA for it.

So regarding the second question “Where’s the best place to go for a summer drive?” not only a forest path or a coastal highway are fine, but also a small path winding it way up a mountain which wasn’t mentioned in the quiz.

Regarding music in the car, I usually like the sound of driving and the car itself. But since there is also music which reminds of driving a car or even makes me wanting to take a ride in the car, I sometimes hear e.g. Jean Michel Jarre or Roxette while driving. (Hearing Roxette songs often makes me want to drive around with a CX which defaults to my own CX. :-)

And regarding the best summer smell, nearly nothing reaches the smell after a short but heavy summer thunder storm. Second place is probably a (not mentioned) fresh and salty breeze near the coast.

BTW: Second place (with changing only one answer — the secluded forest to the coastal highway) was the New Beetle Convertible falsely written as only “Beetle Convertible”. Well, since I hate the New Beetle, because it’s neither New (just Golf technic) nor Beetle (it has completely wrong proportions) and it’s plain ugly (ok, the convertible isn’t as ugly as the limousine but still ugly), I can’t agree with this answer. ;-) But I wonder, what are the other car answers are…

Now playing: Roxette — Sleeping In My Car

Visited Countries Meme //at 02:34 //by abe

It’s meme time again on Planet Debian: This is a map with all countries I already visited marked in red.

So I haven’t left Europe yet (except for Tunisia, which is geographically quite close to Europe), but inside Europe I already visited quite a lot of places.

But there are still a lot of countries, I would like to visit once, e.g. the UK (especially Wales and Scotland), Ireland, Iceland, Poland, Canada, Australia and New Zealand. And the islands Sicily, Corsica and Tasmania. The USA I currently do not want to visit, although the Grand Canyon probably would be worth the journey. But unfortunately there is also the list of countries, I want to visit again: Finnland, Norway and Denmark. :-)

I changed my mind. I want a camera mobile phone. //at 02:29 //by abe

Today I read and wrote about Semapedia, a service respective toolset to encode Wikipedia URLs (and also others) as dot-matrix barcode, print them out on leaflets together with mentioning Wikipedia and the URL. Then any visitor with a modern camera cell phone can take an image of the barcode, decode it with the right software on your phone, which passes the decoded URL directly to the phones webbrowser.

This is the first useful application of camera phones I ever heard about. But I see it as so useful that I may consider buying me a camera cell phone with the next contract renewal, although until now, I focused all my search for a worthy successor to my Nokia 6310i on non-camera phones. (Update: And I’m not alone with the wish for a useful mobile phone.)

The 6310i had nearly everything I needed: A big memory, long standby times (1.5 to 2 weeks), WAP incl. WAP browser for reading Symlink on the road, GPRS, GSM 900/1800, T9, Infrared, gnokii support, the same battery bay than my former mobile phones (Nokia 6210 and 6130) and the Nokia typical, very intuïtive and blindly usable user interface. (Siemens mobiles suck!). It also had some things, I didn’t need yet, but sounded useful: Voice dialing and voice recording, Java for playing with own programs, Bluetooth for a cableless headset or so and GSM-1900 because perhaps also other countries than the USA use that frequency band. (I refuse to travel to the USA, so I won’t need the GSM-1900 there.)

It had nothing I didn’t want to have in a mobile phone: Camera, radio, MP3 player, standby time munching color display, e-mail client, MMS, MP3 ring tones or flip covers. The only thing I missed, was a more modern Java VM and even more memory when Opera Mini came out and maybe polyphone ring tones, so I could have the Monkey Island theme as ring tone. ;-)

So what now? Being able to use Opera Mini and Semapedia means to have a mobile phone with camera and — and that’s the drawback — a color display. Anyone knows a Nokia camera phone on which Opera Mini runs but without color display? And with the battery bay from the 6x10 series? No?

Or maybe I should just stay with the 6310i and get me a second one in better condition (no broken case) from eBay or so? There were also (yet unconfirmed) rumours that my GSM provider E-Plus will have the Linux based internet tablet Nokia 770 for a contract renewal plus 80€ to 90€… Difficult decision…

Jesus Christus Sohn des Fliegenden Spaghettimonsters? //at 01:44 //by abe

Nachdem insbesondere der Präsident eines gewissen Staates (United States of Jesus oder so ähnlich), in dem es offiziell genauso wie unserem Staate eine Trennung von Staat und Kirche geben soll, massiv die Lehre vom “Intelligenten Design” des Universums propagiert und dies auch als Zweifel an der Darwinschen Evolutionstheorie im Biologieunterricht lehren läßt, hat sich eine sympatisch-zynische Gegen-Religion gebildet: Die Pastafari, die an das Fliegenede Spaghettimonster als Gott “glauben”. Sie haben sich zum Ziel gesetzt im Schuluntericht in Kansas gleichberechtigt mit der kreationistischen Ansicht von Dubya gelehrt zu werden.

Boing Boing bietet sogar 1 Millionen US-Dollar Belohnung für denjenigen, der empirisch widerlegt, daß Jesus Christus Sohn des Fliegenden Spaghettimonsters ist.

Nette Religion das ist, genauso wie der Jediismus. Aber Darwinisten, Atheïsten und Agnostiker sind mir trotzdem wesentlich sympathischer.

Now playing: Herbert Grönemeyer — Amerika

Read more…