podcast

Tagesschau Video Podcast Archive?

Does anybody know about any archive of the Tagesschau Video Podcast (German TV news)? I'm collecting the videos, and I missed the shows from November 8th and November 13th, and they only provide 7 days of "backlog", after a week they seem to remove the videos (which sucks!)...

Thanks in advance!

Democracy Player 0.9.0 - one step closer to world do... a very cool Internet video/podcast application

Democracy Player 0.9 screenshot

Democracy Player 0.9.0 has been released yesterday, which has been announced in quite a number of places already, e.g. Boing Boing.

It's available for Mac, Windows, and Linux; if you're on Debian unstable the installation is as simple as apt-get install democracyplayer (I uploaded the new packages yesterday, they should have reached all mirrors by now).

If you want to know what this is all about, but you're reluctant to install yet another program, check out this screencast (MOV, 37MB) which shows the basic functionality and user interface and discusses some of the new features... I think you'll like it.

You can use it for all kinds of video blogs and podcasts, it'll download and play almost anything with an RSS feed.

Stuff V

  • I have started looking into SELinux on Debian recently. SELinux provides mandatory access control for Linux, which gives you great control over which process may do what with which files, other processes, network connections etc. I've still got a lot to learn and read (more posts will probably follow), but if you're inclined to try it yourself here are a few tips:
    • First, read the SELinux and especially the SELinuxSetup pages in the Debian wiki. Also checkout the SELinuxStatus page.
    • There are currently a few bugs I noticed, which cause some trouble: bug #369852 prevents a correct install of the selinux-policy-default package, but the work-around mentioned in the bug report works fine. I reported bug #372543 yesterday, but there's an easy work-around for that, too.
    • I had to change "SELINUX=enforcing" to "SELINUX=permissive" in /etc/selinux/config (at least for now), otherwise my system won't boot up anymore because of SELinux denied permissions (I think). I'm pretty sure this is either a bug or me doing something wrong, but I haven't figured out yet what that is.
  • Robert Nunnally (a.k.a Gurdonark) has created a photo collage video (YouTube, requires Flash) for Marco Raaphorst's "Blowing Snow" song. He used some of the Creative Commons licensed photos from my photoblog for the video.
  • Wow! Today the number of people subscribed to my music podcast (via RSS) exceeded 200 for the first time! Thanks everyone for listening!
  • GNU/Hurd 1.0.0 has been released. Finally! And they've built it on top of an interesting "middleware"...

Podsploiting

The RedTeam, a penetration testing group, has released two security advisories which explain security holes in two podcast clients (podcatchers).

Both exploits are possible because the input of the programs is not properly (or at all) sanitized. Basically, they call system($wget_cmd) where $wget_cmd is shell (/bin/sh) code which shall download a file via wget. As the $wget_cmd string contains contents from an untrusted source (HTML/XML on some random server), this results in an "arbitrary code execution" vulnerability, the worst-case scenario you could imagine.

If someone is naive enough to even run such a podcatcher as root, this means a remote root exploit!

Anyways, the RedTeam is definately correct in saying that more and more people start listening to podcasts, and more and more podcatchers are written. But few of them are written with security in mind, which leaves many listeners at risk... I wonder how popular closed-source podcatchers such as iTunes are affected here. Are there any published audits/audit-results (black-box auditing, obviously, as you don't have the source code) for iTunes?

As for Free Software implementations... consider this a call for reviews and audits! If you know/use one of the many podcatchers (or an RSS feed aggregator, which are affected by similar issues), and have some knowledge on secure programming, get the source and review the application. Make the software you use, and the world at large, a little safer.

I'll definately have a look at the programs I'm using soonish...

kitty, a Qt/KDE based RSS podcast and video aggregator, is now in unstable

kitty screenshot

As mentioned earlier, I wanted to package the KDE videoblog client kitty for Debian. I finally found the time to really do it, and the package has entered Debian unstable a few days ago. The first bug has already been reported (sigh), but I'm working on it.

kitty got even mentioned in Debian Weekly News (w00t!)

Syndicate content