Posed on Wed, 13 Aug 2008 :: /geek/debian/debconf :: link
I'm currently sat in the formal dinner for DebConf8 in Argentina. As part of the presentations, our glorious leader, the forever DPL
Sledge announced that we'd recently won an award for... wait for it... MOST EPIC FAIL!
In recognition of this, I present to you the following:
Posed on Wed, 05 Mar 2008 :: /geek/debian/security :: link
As some people may know, I'm a member of the Debian
testing security team. As well as tracking
all CVE IDs with which packages they affect, we also keep a list of known
embedded code copies. Embedded code copies are a
bad thing, as they cause no end of problems for the security teams.
One of the problems we've had to find a solution for is:
How do we know what statically compiles against a library, or even worse, ships it's own copy?
So, we're looking for something that looks a particular set of bytes in arbitary executeables; a signature of the library if you will. And we do have a rather good tool that can be used to scanning for binary signatures: clamav :)
Step 1
Create a clamav signature
Clamav have a nice
guide on how to create signatures on their site. The method I use is fairly simple: find a unique binary string and pass it to
sigtool --hex-dump and place it in a nbd file.
Step 2
Scan the archive
for I in `find /mirror/debian/pool/ -name *all.deb`; do
clamscan -i -d smarty.ndb --deb --tempdir=/home/maulkin --no-summary \
--max-space=1024m --stdout $I >> /home/maulkin/smarty.log;
done;
Step 3
???
Step 4
PROFIT!!!
While I'm talking about testing security, we're all rather busy at the moment in the team, so we could do with some help! If you fancy helping, have a quick read of the
intro and come onto #debian-security on irc.debian.org and say hi!
Posed on Wed, 18 Apr 2007 :: /geek/debian/debconf :: link
As some people may know, there's a
group of us getting some official Debian Tartan (thanks to Phil at
hands.com) kits made up for
DebConf 7.
Moray got back from the weavers today, with a nice photo of the tartan being weaved :)
Posed on Sat, 16 Dec 2006 :: /geek/debian/security :: link
aba recently
announced
the freeze of Debian Etch, which is great news. However, it now means that
a lot of work is now important for the secure testing team. So, if you have
time, please help us out and look through the
list of vulnerable
packages in the testing suite, and provide patches/upload fixes :) I'd like
as many of these fixed as possible before we hand over to the stable security
team.
I've also been actively recruiting recently. Luk has joined the team, and
should also be helping to issue updates in the near future. Please come find me
on IRC (Maulkin) if you want to help us produce a nice secure operating system
:P
As this seems to be a post about testing security, I'll put a bit of a status
update too:
- Updates now go through newklecker (aka: security.debian.org)
- The embargoed/unembargoed queues seem to work (mostly), whcih means that there should be a greater number of people who can do updates for stable
- We're working through all the outstanding issues which don't have CVE-IDs yet, and requesting them
- I'm working on various clamav signatures to find embedded code copies in other packages
Posed on Wed, 01 Nov 2006 :: /geek/debian :: link
Care of XKCD
Posed on Wed, 18 Oct 2006 :: /geek/debian/security :: link
Posed on Tue, 25 Jul 2006 :: /geek/debian :: link
After the
annoucement of a pending release of etch, I feel it's vital that
Neil Fraser's
software must included with it.
Posed on Tue, 13 Jun 2006 :: /geek/debian :: link
I've finally got annoyed at how much ram Gnome was using up, and decided to have a look at various other light weight systems, including:
- ion3
- blackbox
- icewm
- metacity
- twm
- ratpoison
I generally got the feeling I'd popped back to 1994 and was using Slackware or something. This laptop doesn't have a lot of ram, but it's got enough to be able to run something that looks nice. As this is the computer I use most of the time, it does need to look nice.
However, I finally install xfce4. I do have to say, I'm very impressed. It looks nice, has all the functionality I'm looking for, and just works
TM. There's a couple of panels that don't seem to be installable at the moment, but this seems to be being worked on at the moment. It also has the advantage of huggie being one of the maintainers, so I have someone to prod if I get stuck. Sorry in advance huggie :)
Posed on Tue, 06 Jun 2006 :: /geek/debian/security :: link
Extract from the secure testing team list of doom changelog:
maulkin@cheddar:/home/repos/secure-testing$ svn log -r4160 data/CVE/list
------------------------------------------------------------------------
r4160 | stef-guest | 2006-06-07 00:20:30 +0100 (Wed, 07 Jun 2006) | 7 lines
some bug reports have been closed, but were missed:
fftw fixed
moodle fixed
gnumach fixed
linux fixed
------------------------------------------------------------------------
Finally! Linux has been fixed!
Posed on Fri, 26 May 2006 :: /geek/debian/debconf :: link
I've
popped my photos up of DebConf6 for those who want to see them :)
Posed on Wed, 24 May 2006 :: /geek/debian/debconf :: link
Well, I've finally got back from
DebConf6 and am quite nackered, especially considering I've just done a full day at work.
I could amuse you with the usual 'lists-of-memorable-dc6-events', or a 'review-of-each-day', or even a 'bits-from-the-orga-team', but there's pleanty of other posts on
planet.d.o about that, so instead, I'll recount my experiences of the return trip, starting in Oaxtepec.
I'm also putting up all my photos, but it'll take a while. They'll be appearing over the next few days at
my Fotopic site.
I wake up fairly early-ish (10am. It's early for me, ok? I'm not German :P) and pack my suitcase. I take the padlock keys out of the case and lock it. Except I got the wrong keys. So, the keys are now inside the locked case. Fortunately, I'd already taken everything out of the case I'd needed and put it in my rucksack.
Next, it comes to time to check out. I find out that we need out room checking to ensure that we haven't stolen a wall or ceiling or something. One of the cleaners has a look around and spots a missing lampshade. We (me + Fil Hands) try to explain in broken Spanish that it was missing when we arrived in the room, but she doesn't seem to be having any of it. Mind you, there is the
vague possibility that "Si","Fruta","Cafe" and "Hola" isn't quite enough knowledge to explain the situation. Feh.
So, we manage to accost the lovely Amaya to do some translation for us. The cleaner lady calls her boss, who tells us it'll cost 860 pesos (£43). We politely decline. So, she then calls
her boss. This all takes some time. Eventually, she opens a huge book, looks inside and sees that the shade was taken away by maintainance. Why this wasn't done before, I don't know.
Anyway, our bus was leaving at 2:00pm, so we had to rush to the reception. The journey was quite pleasent, and we eventually arrived at the airport at 4:20pm. There was a small altercation with the Taxi driver over the tip, as it was already included in the fair, and he said it wasn't. We then pointed out that tolls were also included in the fair, and the driver didn't take a toll road. At this point, he seemed to dissapear quite satified.
I approached the Air France desk, and was told I coudn't check in until 7:30pm (my flight dind't leave until 11:30pm). Bugger. So after waiting around quite a while, and getting something to eat, I went to check in. There was a huge queue, but it didn't really matter, as I was flying under a Flying Blue - Silver level card, so I could use the express queue. They did, however, want to check my luggage. Broken Spanish did work this time, as I wildly gestated towards my suitcase, making key symbols.
So, after another long wait, we (me and Daniel Baumann, we're on the same flight, and indeed sitting next to each other by some freak coincidence) wander off through to the gate. I manage to find some free wireless (ESSID: co_admeralty_club) and surf for a bit. Flight ends up being delayed for 30 mins, but it didn't matter too much.
Then, I hear an annoucement over the intercom, that a group of passengers should contact the gate staff, and my name is mentioned. A little worried, I approach.
"Hello, I'm Mr McGovern. My name was called on the intercom."
"Can I have your boarding pass please?"
"Sure..." *worry*
"Thank you.... ok, we'd like to invite you to fly business class with us today sir."
"Thank you very much"
I then proceed to whistle the 'Kill Bill' tune, as for some reason, it's following me everywhere I go in the airport, be it a cleaner, or another passenger. I think it's like some sort of virus, infecting one person and moving on to the next host.
We still had a little while, so we popped back to the waiting area to, well, wait. We saw some of the Brixen gang, and one of them had his laptop stolen :| That's the second laptop down then. The first was run over by a car in Oaxtepec.
So, I board the plane, and am immediately offered lots of alcohol and other free thingstm. Which was nice. Unfortunately, the plane was further delayed. This means that on arriving in CDG, my connecting flight was already boarding. It was at this point that I had dounts about my luggage arriving in MAN at the same time as me.
So, I board the plane in Paris, and it's a straightforward flight. But lo and behold, at the other end, no baggage. No suprises there then.
Today, my luggage arrived at 8:00pm, just after I've got home from work. I'd also got a nice letter from the Inland Revenue, with a £215.67 tax rebate \o/
As my subject: S^HWings and Roundabouts.
Posed on Mon, 01 May 2006 :: /geek/debian :: link
Womble2 (Ben Hutchings) as one of your newest DDs! Quite a few people know him in the UK, and some of you may have met him over at DC5.
I'm not sure if I've got the subject of this post right, but it is
meant to be Spanish, as we're so near DC6 :)
Posed on Thu, 27 Apr 2006 :: /geek/debian :: link
of people who have flooded
Planet Debian.
I think
I should be proud.
To join this highly exclusive^W^Wnot very exclusive^W^W^Wrather common club, simply fix some broken <link> tags in your RSS feed. Or, if using
Blosxom, add/edit the config line $url.
Posed on Sat, 08 Apr 2006 :: /geek/debian :: link
A new Debian Developer, eriks! I got the notification through from the DAM today that he's got his account. Welcome to the conspiricy :)
As a side note, he's also my first NM to get an account, so I'm especially proud :)
Posed on Mon, 03 Apr 2006 :: /geek/debian/debconf :: link
You
MUST reconfirm your attendance, or you won't get free lodgings and food.
The clock is ticking, you have about 2 hours left, ie: until 2006-04-03 23:59:59UTC.
