10.31.07
How To Cope With Death
Rock on, Granny!
Do not let any unwholesome talk come out of your mouths, but only what is helpful for building others up according to their needs, that it may benefit those who listen.
Ephesians 4:29 (NIV)
10.25.07
Did you know?
Albus Dumbledore is a homosexual. Guess that pretty much nails the coffin shut as far as fundamentalist Christians are concerned… Plus, all the many people who apparently can’t distinguish between homosexuality and pedophilia are going to raise all sorts of questions about what Dumbledore’s real interests in Harry Potter might have been.
Note that this information isn’t revealed in the Harry Potter books themselves, though it sheds a new light on some information in the final book. It’s simply one of those factoids that the author kept tucked away in her brain, and used to keep her world consistent. The article notes that when she found a reference in one of the movie scripts to a past, female love interest of Dumbledore’s, she sent a note to the director to set things straight.
10.22.07
OpenBSD, the “Secure” OS
Was playing around with OpenBSD a little bit to test configuring and building of GNU Wget on non-GNU Unixy systems. In particular, I was interested in ensuring that things work properly when various GNU library components (notably, the gettext internationalization package) are not available. OpenBSD was chosen because it’s relatively small, and places a strong emphasis on correctness.
My first attempt involved compiling GNU m4, automake and autoconf by hand. This did not work out too well, and resulted in generating some bizarrely broken configure scripts for Wget. When I instead used the official packages for OpenBSD for automake and autoconf, everything went much more smoothly, and Wget configured and installed fine without NLS (native language support). I’ll go back when I have time to try to understand what went wrong with the manual builds of those GNU tools, as there are some systems where you can’t obtain “official” binaries for them, and I want to be able to help people address problems with configuring Wget that are really problems with their autoconf/automake setup.
OpenBSD is famous for being the “secure by default” operating system, priding themselves in having had only two remotely exploitable security vulnerabilities throughout their entire history. I am not convinced that this reputation is earned, however. Judging by what Core Security had to go through to get OpenBSD to acknowledge a security vulnerability, it appears OpenBSD manages to claim so few security vulnerabilities, mainly by using their own definition for what a “security vulnerability” is. For instance, they will not acknowledge a remote denial-of-service attack as a security vulnerability, reserving the term for exploits that can execute arbitrary code. While the latter is certainly a greater concern, I’m not sure how you can view bringing a system to a grinding, screeching halt, potentially costing big money while your mission-critical system gets brought back up, and a defense erected against the DoS to prevent it from recurring, as “not a security vulnerability.”
Now that I’ve had a chance to play with it, I was dismayed to discover that non-root users get a dot [.] appended to their PATH environment variable (which tells the command shell where to look for programs whose names you type in). This has long been considered to be a security vulnerability in the Unix world, as a sneaky user who places malicious scripts in his home or in /tmp, whose names are mistyped versions of common commands, could trick other users, including those with administrative access, into giving them greater access to the system. Apparently the OpenBSD developers’ reasoning is that it’s not as bad as prepending the dot (which wouldn’t even require lurking for typos: you could put the properly-spelled scripts in various locations), and that it’s better than letting inexperienced users prepend the dot (a decent refutation of this, of course, is providing a simple comment showing people the correct way to set the PATH). Update 2008-02-10: Reasoning for why dot is in the PATH. Part of a longish thread.
I found it annoying that anytime you link a program that uses the C strcpy() or strcat() library functions, it warns you that those are “almost always abused”, and you should use (non-portable) strlcpy()/strlcat() instead. IME, while misuse of strcpy() and the like are certainly common, “almost always” is a gross exaggeration, and there are many instances (mainly, when you know exactly what the lengths of the source string and destination buffer are) when it is a better choice than strlcpy()point of Free Software is the freedom to modify software to suit your needs.
Of course, the OpenBSD developers have also given us OpenSSL (internet encryption library), and OpenSSH (secure remote shell access), which are [is] probably among the very most useful and pervasive pieces of software for Unixen, for which I am very grateful (Wget uses OpenSSL to handle encrypted web downloads and the like).