Updated Drupal / Security Issues

As most of you probably noticed, the design and structure of my homepage and my blog changed quite a bit a few days ago.
That was me upgrading to Drupal 4.6.1, which makes my life a lot easier, has a bunch of new features (e.g. my blog now has del.icio.us-like tags) and bugfixes, and most importantly fixes a serious security issue.

Two days ago I tried to help a bit with the new Drupal 4.6.2 release, which mainly fixes two major security problems. The first one is an issue with incorrect input validation, resulting in the DRUPAL-SA-2005-002 security advisory. The second one fixes a problem in the XML-RPC library shipped with Drupal (and Wordpress, and PostNuke, and...), resulting in DRUPAL-SA-2005-003.
It was quite a fun experience for me, the release was coordinated and discussed on IRC, we had lots of peer-review of the advisories and release-announcement, testing the patches etc. Thanks to all who participated and made this such a great experience.

Updated Firewall / Iptables Scripts

I have updated my iptables scripts today, mostly minor improvements and documentation updates in fw_laptop. I also added a new script called fw_blockall, which literally blocks everything (incoming, outgoing, and forwarded packets, packet from/to localhost, pings). This might be useful sometimes.

Any comments and suggestions for improvements are highly welcome!

The Underhanded C Contest

You thought that after the International Obfuscated C Code Contest, the Obfuscated Perl Contest, the International Obfuscated Ruby Code Contest and even the Obfuscated V contest nothing could surprise you anymore? Think again.

The goal of the annual Underhanded C Contest is to

write innocent-looking C code implementing malicious behavior. In many ways this is the exact opposite of the Obfuscated C Code Contest: in this contest you must write code that is as readable, clear, innocent and straightforward as possible, and yet it must fail to perform at its apparent function. To be more specific, it should do something subtly evil.

This year's challenge: covert fingerprinting. Write a program that performs some basic image-processing operation, but hides a unique fingerprint in the image it outputs.

The submission deadline is July 10th, 2005.

(via Bruce Schneier)

Ruby Garbage Collector Insights

why the lucky stiff (of Why's (Poignant) Guide to Ruby fame) has some very helpful insights on how the Ruby garbage collector works and when it is invoked. This knowledge will come very handy when you try to optimize your Ruby programs.

Read his article The Fully Upturned Bin for all the gory details.

Updated Crimson Fields Debian Package

Crimson Fields screenshot

I'm currently trying to reduce the backlog regarding my Debian work. Today I packaged the new upstream release of Crimson Fields, a turn-based strategy game in the tradition of Battle Isle (tm).
Expect more updated packages and a few ITPs (Intent To Package) soon.

Syndicate content