![[SJF Logo]](../../images/sjflogo.gif)
Today SCO issued a Security Advisory: OpenLinux: util-linux could leak sensitive data.
The technical details are only of passing interest - I don't run OpenLinux - but one part of the advisory caught my eye:
You gotta wonder what kind of conversation went on when building this advisory to get them to say that in public.8. Acknowledgements
SCO would like to thank Red Hat
I ran across this reference to criminals stealing ATM cards and PINs from legitimate ATMs.
some clever criminals (U. Texas at Austin PD)
Wow.
On the BIND 9 mailing list, somebody noticed that ISC had deployed a new F root server in Toronto (F.ROOT-SERVERS.NET), and wondered if/how he could update his root cache to favor the new server in his "neighborhood". This seemed like a reasonable request to me.
The answer was just Über-geek-cool, (emphasis mine):
said by Mark Andrews, ISCAin't this cool?
All instances of F have the same IP address. Which instance you use depends on which route gets advertised to you. named doesn't get to pick which instance of F it talks too. The same is true for K and some other root servers. In general the routing system will provide the closest instance providing the peering agreements are in place to allow the route to reach you.See the following for details: ISC-TN-2003-1
Also see: http://www.isc.org/ops/f-root/
named uses RTT [Round-Trip Times -SJF] estimates to pick between nameservers for a zone. This happens at all levels of the DNS.
I got a postal mail advertisement from eMachineShop.com, and this looks like a great idea. You can download their design software, draw up the doodad, gizmo, or thingamajig that you need, submit it, and receive a quote. Then they'll manufacture the thing in their fully-equipped machine shop.
There have been all kinds of times when I had an idea for a doodad of some kind, but I simply don't have much beyond "a drill and a hammer" in my garage, and there is no way I'm ever going to own a lathe or bandsaw. But now I can control one by proxy.
I haven't used the service yet, but knowing that getting that doodad made is just a few web clicks away means that ideas can bubble.
I think this is a great idea - I hope it's successful for them.
For a Windows printing system development project, I recently had an occasion to reconcile the differences between to parallel directories of source code, and this was looking to be a daunting tasks. Hundreds of C++ files, makefiles, config files, and the like had to be gone through, with each change potentially being important.
Thankfully, I owned a license to Araxis Merge, and it made the job a breeze. This is a GUI-based visual diff tool, and it goes far beyond the other tools I've seen that will do this (VMerge, for instance). It can show two (or three!) equivalent source files side by side, highlighting what was inserted, deleted, or changed. Each diff can be independently incorporated into the "other" file.
They also can start at the top of an entire directory tree and show the diffs all the way to the bottom, drilling down to any individual file diff. Files of certain types (.obj, .exe, etc.) can be excluded automatically.
It knows how to ignore revision-control $Id$ strings (you can add your own regular expressions to the list).
This software is just fantastic: clean look, very fast, incredibly functional. They have a "standard" and "professional", the latter providing the three-way features (which I have not yet used). I can't believe now much time this saved me and how glad I found it several years ago. This is an example of a company that does one thing, and does it really well.
Highly recommended.
Microsoft has been in extended beta testing of Windows XP Service Pack 2 for some months now, and until recently I had not really looked into it. Most "service packs" just fix large collections of bugs, but this one is certainly not in that category.
This Service Pack has an enormous security component, and it's much more than just diddling a few default settings. I've never seen such a comprehensive set of security improvements from Microsoft, ever (though they have certainly talked about it for a long time).
I have written a Tech Tip that analyzes and summarizes this from a security point of view, and I see very little not to like. Perhaps you'll agree.
Unixwiz.net Tech Tip: Analysis of Microsoft XP Service Pack 2