Saturday, September 19, 2009

Some updates

So I updated my kernel to 2.6.29.1, however the computer failed to boot. Probably there were some changes in the system structure. I guess I'll stick with 2.6.27 for a little more.

On the bright side, I have finally managed to find a way to connect to vpn from my Linux box. At first I went through the trouble of installing the Cisco VPN client for Linux, but no matter how hard I tried it couldn't connect to the gateway. Next I tried OpenVPN, but it didn't seem to be compatible either. In the end I tried vpnc. It was impossible to get it to work using certificate authentication, however group authentication worked fine ;)

Now probably there'll be no big changes until Mandriva Linux 2010 comes out!

Saturday, August 29, 2009

New challenge

So finally, a new challenge! As I mentioned in the previous post, it's about concurrency security. I've been too busy (and lazy :P) to put it all together but Gizmore did the job quite well. You can try the challenge here: http://www.wechall.net/challenge/quangcurrency/index.php

This challenge is just a small demonstration of the problem. In real world systems this could be a tricky bug neglected by most developers so probably you can find it everywhere, and if more people look into it there might be chaos. Maybe more demonstration will be coming soon ;)

Saturday, August 1, 2009

2009.1

So Mandriva 2009 Spring Edition (2009.1) has been out for a few months, but I'm too lazy to update it. To be honest, I was quite satisfied with 2009, until recently when Yahoo changed their protocol and my old version Pidgin couldn't connect to their server anymore. A lame reason I know but that was the thing that helped me defeat my laziness and download the new image.

This time, instead of burning the image to dvd, I have decided to mount it locally and use it as an update media. Here's the command to add it to urpmi database:

$ urpmi.addmedia --distrib cdrom /mnt/2009.1/i586/
adding medium ""Mandriva Linux - 2009 Spring (Free) - main" (cdrom1)" before remote medium "Mandriva Linux - 2009.0 (Free) - Installer"
adding medium ""Mandriva Linux - 2009 Spring (Free) - contrib" (cdrom2)" beforeremote medium "Mandriva Linux - 2009.0 (Free) - Installer"
Then the pidgin update:
$ urpmi pidgin
To satisfy dependencies, the following packages are going to be installed:
Package Version Release Arch
(medium ""Mandriva Linux - 2009 Spring (Free) - main" (cdrom1)")
libpurple0 2.5.5 5mdv2009.1 i586
pidgin 2.5.5 5mdv2009.1 i586
pidgin-i18n 2.5.5 5mdv2009.1 i586
pidgin-plugins 2.5.5 5mdv2009.1 i586
1.2MB of additional disk space will be used.
4.9MB of packages will be retrieved.
Proceed with the installation of the 4 packages? (Y/n) y

installing pidgin-i18n-2.5.5-5mdv2009.1.i586.rpm pidgin-plugins-2.5.5-5mdv2009.1.i586.rpm libpurple0-2.5.5-5mdv2009.1.i586.rpm pidgin-2.5.5-5mdv2009.1.i586.rpmfrom /mnt/2009.1/i586/media/main
Preparing... #############################################
1/4: libpurple0 #############################################
2/4: pidgin-plugins #############################################
3/4: pidgin-i18n #############################################
4/4: pidgin #############################################
Unfortunately, the problem with pidgin was only fixed in version 2.5.7. So in the end I had to grab the latest version 2.5.8 off the Internet to get it done.

Maybe tomorrow I'll try updating the kernel next.

Saturday, May 9, 2009

I'm still around

Hey guys,

There hasn't been any update for a long while. Work has been keeping me busy, and the rest of my free time has been taken away by Forumwarz, a browser-based RPG about Internet culture. As a security specialist, I even helped Evil Trout, the admin of Forumwarz, fix a lot of security vulnerabilities there.

During my time spent on Forumwarz, I got myself acquainted with Greasemonkey, a Firefox plugin that lets you run custom Javascript on websites to achieve certain tasks, and Prototype, an interesting Javascript framework that makes me think traditional Javascript is just a thing of the past :P

Another thing that attracted my interest is concurrency security. Concurrency-related problems could lead to nasty bugs in your system, data inconsistency, and even security breach. This issue has not been given enough consideration by security researchers, but I believe it cannot be underestimated. Maybe I will create a challenge based on it for everyone to enjoy ;)

Monday, April 13, 2009

jQuery calendar

If you use jQuery Calendar in your web page, never use "hasCalendar" as the css class. Because jQuery Calendar itself uses this as the marker to indicate that the textbox already has a calendar associated with it. I used this to automatically add a calendar to all textbox controls in my page, but it didn't work and it took me a while to figure this out.