Email Address Password
Remember Me

Or Create a (Free) Account.
2004JanFebMarAprMayJunJul Aug Sep Oct Nov Dec
2005 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2006 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Oct Oct

Thu 28th Jan 2010 @ 13:31 2010: 301 Moved Permanently

Wow, that happened fast!

$ telnet 80
Connected to
Escape character is '^]'.

HTTP/1.1 301 Moved Permanently
Server: sun-Java-System-Web-Server/7.0
Date: Thu, 28 Jan 2010 14:27:47 GMT
Content-length: 0
Connection: close

Connection closed by foreign host.

1 Comment               

Tue 26th Jan 2010 @ 00:04 2010: Internet Filtering for Children

Russell Coker, an outspoken Australian Linux developer, highly technically skilled, somewhat naive socially at times, has posted an excellent article on internet filtering by Stefano Cosentino from the Western country most strongly in favour of internet filtering.

As parents, we may have grown up in a world where pictures of nudity were relatively easily available, if of a relatively mild nature, and not on-demand. That is not the case today. Anyone - six, sixteen or sixty - with an internet connection has access to a huge wealth of information, largely good quality, informative, empowering stuff. There is also lots of spam, hoaxes, porn, viruses, spyware, trojans.... We can not run away from this, or try to force technology to interpret the difference; we, as parents, have a new responsibility to help the next generation to navigate and interpret the internet. Nobody taught us how to do that, but we must teach the next generation.

I am reminded of a cartoon where a youngster was explaining to his father that these days, we have the web, email, im, p2p, and so on, which his father never had. The father replies, "That's right, son, we never had those things at your age... that's why we had to invent them." We are the creators of this technology, and it is absolutely our responsibility to understand and manage our childrens' experience of it. But the answer is social, not technical. It is not a technology problem which technology has to fix. It is a social issue, which needs new social measures. We need to be with young children when they are online, we need to explain what viruses, keyloggers, ircbots and spam are. I heard recently of a teenage girl, using MS Windows, whose laptop was full of viruses and malware, simply because she was so keen on downloading the latest Unicorn-animated cursors, and so on. It had not occurred to me that the teenage-girl demographic would even be a target, but it is quite obvious in hindsight.

Filtering is not the answer. Filtering something as free-text as the current web is prone to huge amounts of false-positives as well as huge amounts of false-negatives. As Cosentino points out, what kids will actually face is questions like "Why do I get stupid emails with Russian girls wanting to marry me?" - we need to equip them to understand such situations, just as we have to equip them to count change, cross the road, take a bus, and so on. The world is changing exponentially, just as it always has done.

Post a Comment               

Thu 21st Jan 2010 @ 09:59 2010: EC Statement: Mergers - Commission clears Oracle's proposed acquisition of Sun Microsystems

Commission clears Oracle's proposed acquisition of Sun Microsystems

The European Commission has approved under the EU Merger Regulation the proposed acquisition of US hardware and software vendor Sun Microsystems Inc. by Oracle Corporation, a US enterprise software company. After an in-depth examination, launched in September 2009 (see IP/09/1271), the Commission concluded that the transaction would not significantly impede effective competition in the European Economic Area (EEA) or any substantial part of it.

Competition Commissioner Neelie Kroes said: "I am now satisfied that competition and innovation will be preserved on all the markets concerned. Oracle's acquisition of Sun has the potential to revitalise important assets and create new and innovative products."

Oracle is a supplier of business software, including middleware (i.e. software that connects software components applications), database software, enterprise application software and related services.

Sun provides network computing infrastructure solutions that include computer systems, software, storage and services. In 2008, Sun acquired the open source database, MySQL.

The Commission's in-depth investigation, opened on 3 September 2009 assessed whether the acquisition of the world's leading open source database MySQL by Oracle, the leading proprietary database vendor, would lead to a significant impediment of effective competition within the EEA. The database market is highly concentrated with the three main proprietary database vendors Oracle, IBM and Microsoft accounting for approximately 85% of the market in terms of revenue.

Although Sun's share of the database market in terms of revenue is low, as users of MySQL can download and use the database for free, given its open source nature, the Commission's investigation confirmed MySQL's position as the leading open source database. The Commission's investigation therefore focussed on the nature and extent of the competitive constraint that MySQL currently exerts on Oracle and whether this would be affected by the proposed transaction.

The Commission's in-depth investigation showed that although MySQL and Oracle compete in certain parts of the database market, they are not close competitors in others, such as the high-end segment.

Given the open source nature of MySQL, the Commission also assessed Oracle's ability and incentive to remove the constraint exerted by MySQL after the merger and the extent to which this constraint could, if necessary, be replaced by other actors on the database market.

The Commission's investigation showed that another open source database, PostgreSQL, is considered by many database users to be a credible alternative to MySQL and could be expected to replace to some extent the competitive force currently exerted by MySQL on the database market. In addition, the Commission found that 'forks' (branches of the MySQL code base), which are legally possible given MySQL's open source nature, might also develop in future to exercise a competitive constraint on Oracle in a sufficient and timely manner. Given the specificities of the open source software industry, the Commission also took into account Oracle's public announcement of 14 December 2009 of a series of pledges to customers, users and developers of MySQL concerning issues such as the continued release of future versions of MySQL under the GPL (General Public Licence) open source licence. Oracle has already taken action to implement some of its pledges by making binding offers to third parties who currently have a licensing contract for MySQL with Sun to amend contracts. This is likely to allow third parties to continue to develop storage engines to be integrated with MySQL and to extend the functionality of MySQL.

The Commission also examined the potential impact of Oracle's acquisition of the intellectual property (IP) rights connected to the Java development platform in the context of the proposed transaction.

It found that Oracle's ability to deny its competitors access to important IP rights would be limited by the functioning of the Java Community Process (JCP) which is a participative process for developing and revising Java technology specifications involving numerous other important players in the IT industry, including Oracle's competitors.

The Commission also found that Oracle would not have the incentives to restrict its competitors' access to the Java IP rights as this would jeopardise the gains derived from broad adoption of the Java platform and therefore the proposed transaction would raise no competition concerns in respect of the licensing of IP rights connected with Java.

The Commission also examined the potential effects arising from the proposed transaction on the market for middleware and in the 'IT stack', where the merger would strengthen Oracle's presence. It concluded that no competition concerns would arise in these areas in the light of the merged entity's market shares and prevailing competition in the markets.

Post a Comment               

Wed 20th Jan 2010 @ 21:30 2010: RHCE Study Guide

RHCE Study GuideThis is not a review, just a rant. I may get around to a review later, but from what I have seen so far, it would be a waste of time. There is not much actually wrong in this book, it is just lazily written, in such a way that if you already understand what is being communicated, then you can excuse it, but that is not much help in a book which calls itself a Study Guide.

There have been a few small niggles already:

  • Page 46: "DHCP servers can lease IP addresses on different LANs using the BOOTP protocol"
  • Page 47: "Several less frequently use networking services do not use their own daemons but are configured as part of [xinetd]"
  • "Use the "cp -ar /source/. /inst" command... Don't forget the Dot (.),; it copies hidden files, including the .discinfo file"

Chapter 3 covers the Grub bootloader. I think that the key to understanding this particular error is the fact that the RHEL symlinks /etc/grub.conf -> /boot/grub/grub.conf and /boot/grub/menu.lst -> grub.conf have already been mentioned in the chapter. Discussing a separate /boot partition, Jang says:
The first line suggests that this file was created by Anaconda, the RHEL installation program. The next line notes that changes do not have to be written to the MBR; this file is automatically linked to the GRUB pointer that is probably already installed in the MBR.

Now this is really weird - there are two definitions for the word root in this file. First, the /boot directory in the GRUB configuration file is associated with roo, in this case, root(hd0,4). But the actual Linux top-level root directory is associated with a different partition, as defined by this comment:

This "linked to the GRUB pointer" stuff is absolute gibberish. Grub reads grub.conf from the filesystem, no links or pointers are involved at all. Then, what is he saying about sdb2? The quoted grub.conf file makes no mention of sdb2. I suspect that he wrote this text when looking at a line with "root=/dev/sdb2", not "root=LABEL=/"; a reader who did not already know what the root= parameter does, and what LABEL= means, would be thoroughly confused at this point:
# grub.conf generated by anaconda
# Note that you do not have to rerun grub after making changes to this file
# boot=/dev/sda
title Red Hat Enterprise Linux (2.6.17-1.EL)
root (hd0,4)
kernel /vmlinuz-26.17-1.EL ro root=LABEL=/ rhgb quiet
initrd /initrd-2.6.17-1.EL.img
(some lines omitted for brevity)

There are also a number of points made within the book which deny the claim that it is "Updated for RHEL5". This book got great reviews on Amazon, but so far is a disappointing waste of money. The RHCE Prep Guide tells you all that you need to revise; I would prefer to spare the 20 and spend time revising from more reliable sources. It is probably handy to have a single book covering all the topics, but I would not be too inclined to take any of the content at face value.

With a little more careful editing, Michael Jang's reputation could be significantly higher than it currently is.

For example, Page 169 says:
When you configure or repair a service, use chkconfig (or a related utility such as ntsysv or system-config-services) to make sure that the service is activated at the appropriate runlevels. Otherwise, you may not get full credit for your work.

Does Jang know something here, or is this more flannel? I know that if I run "chkconfig --level 3 sendmail off", that sendmail is disabled for run-level 3. I don't need to run "chkconfig --list sendmail" and see "sendmail 0:off 1:off 2:on 3:off 4:on 5:on 6:off" to know that it worked. What else? Should "rm /foo" be followed with "ls /foo" just in case the command failed? The Unix way is that if the command succeeds, it returns no output, but if it fails, it complains to stderr and returns a non-zero exit code.


Sun 17th Jan 2010 @ 22:55 2010: ATM Skimmers

Remember, under UK law, if your PIN becomes known by anyone else, it is you who are responsible, not the bank... Would you have spotted this? I couldn't... Courtesy of Mikko Hypponen from F-Secure:


Post a Comment               

Fri 15th Jan 2010 @ 00:59 2010: Linux Audio

I am pretty much a CLI, interactive-shell kind of person, not paying much attention to GUIs, Audio/Video processing, Games, and the like. So I was surprised to see this list of Linux Audio software updates from the end of last year, 2009.

It is not my field at all, but the screenshots and descriptions sound miles ahead of anything I would have expected for the GNU/Linux platform.

Post a Comment               

Thu 14th Jan 2010 @ 14:04 2010: OpenSolaris findroot rootfs in grub

This is really another one of those "note to self" posts, with the hope that somebody might find it useful.

I have just reinstalled OpenSolaris (b130) onto my laptop, which also runs Linux. The internal disk is laid out in four primary partitions:

1Linux root (0x83)
2Linux swap (0x82)
3Linux /home (0x83)
4Solaris (0xbf)

The OpenSolaris installed configured Grub to boot with a command:
findroot (rootfs0,1,a)

Which points it at partition 2 (grub offsets start at zero, so 0,0 is partition 1, 0,1 is partition 2, 0,2 is partition 3, and 0,3 is partition 4.

Until a few years ago, Solaris x86 used to use partition label 0x82, which is also used by Linux for a swap partition. It seems that the installer is still configuring Grub to boot from an 0x82 partition if it finds one.

So the fix is to change /boot/grub/menu.lst to read:
findroot (rootfs0,3,a)
Where 0,3 points at partition 4, which is where my OpenSolaris installation is.

Post a Comment               

Mon 11th Jan 2010 @ 23:40 2010: Humility

Inspired by a sermon at SMFC last Sunday...

Humility - how I achieved it

Humility - how I did it

Post a Comment               

Sun 10th Jan 2010 @ 01:16 2010: permissions when creating files

RedHat bug 542926 is a shocker. From the first comment on the bug:

Checking the differences between 1.0.3 and 1.0.4, 1.0.3 does this
in the open_logs() function:

doh 413 nullfd = open("/dev/null", O_RDONLY, 0640);
414 if (nullfd < 0) {
418 }
419 logfd = open(logfile, O_WRONLY|O_CREAT|O_APPEND);

While 1.0.4 no longer passes mode to the first open call (where it's ignore[d], but it also causes second open to see that mode too):

429 nullfd = open("/dev/null", O_RDONLY);
430 if (nullfd < 0) {
434 }
435 logfd = open(logfile, O_WRONLY|O_CREAT|O_APPEND);

It turns out that RHBA-2009:0091-3 fixed a bug with leaking file descriptors, but introduced this bug. RHSA-2009-1642 fixes the bug introduced by the fix.

What happened before is explained somewhat at; the result of "open(logfile, O_WRONLY|O_CREAT|O_APPEND);" is undefined. Apparently in this instance, it had been using the previous (0640) parameter.

When opening /dev/null read-only, the permissions did not matter - the file was being opened read-only, and the permissions on the file were not changed.

When creating /var/log/acpid, as the first call of acpid would do, the result was that the log file was created with unpredictable permissions, and owned by root.

If a local user finds a root-owned file, with the SUID bit set, as well as the world-writeable bit set, they can put whatever commands they want into that file, and execute it as the root user. This could be a huge problem. Calculating the set of vulnerable permissions, and the possibility of a given system being vulnerable, is left as an exercise for the reader.

Post a Comment               

Thu 7th Jan 2010 @ 22:31 2010: Prettyifying the Code

I have updated the shell scripting tutorial to use "pretty-printing" for the scripts. This uses some pretty minimalistic Javascript courtesy of It was missing a good few keywords which I use, and it wanted to mark quite a few words as SGML Attributes, but overall it seems to have worked pretty well. There is one errant "do" which is marked as a keyword, but other than that, it all looks to be acceptable. That's a sure-fire way of finding dozens of problems already that I have missed!

1 Comment               

Wed 6th Jan 2010 @ 23:46 2010: Security from the past decade

Helpful "help" option... I'm no Windows expert, is this Win9x (which allowed you to press "ESCape" to bypass the login screen anyway) or Windows NT?


Post a Comment               

Wed 6th Jan 2010 @ 22:26 2010: Burning issue of the day decade century

This truly is the burning issue of the day decade century.

Is it two thousand and ten, or twenty-ten?

2010A case pretty well-made for the twenty-ten approach, is that for everything apart from the past decade, it has been easier to split the four-digit year into a pair of two-digit numbers: 1810 is eighteen ten; 1945 is nineteen forty five - not one thousand, eight hundred and ten, or one thousand, nine hundred and forty five, so why should it be two thousand and ten? Will 2057 be two thousand and fifty seven? Will 2283 be called two thousand, two hundred and eighty three, or twenty two-eighty three?

I think I'll go with twenty-ten for now...

Post a Comment               

Steve's urandom blog
Share on Twitter Share on Facebook Share on LinkedIn Share on Share on StumbleUpon
My Shell Scripting Book:
    Shell Scripting, Expert Recipes for Linux, Bash and more
is available online and from all good booksellers: