NVIDIA Binary Graphics Driver Root Exploit

A security advisory was released today which warns about a severe security issue in the binary-only NVIDIA drivers:

The NVIDIA Binary Graphics Driver for Linux is vulnerable to a
buffer overflow that allows an attacker to run arbitrary code as
root. This bug can be exploited both locally or remotely (via
a remote X client or an X client which visits a malicious web page).
A working proof-of-concept root exploit is included with this

The only possible solution (as NVIDIA still hasn't fixed the issue, although they know about it since 2004):

Disable the binary blob driver and use the open-source "nv" driver that is included by default with X.

Yes, you won't have 3D acceleration any more if you do that. Yes, that sucks. Complain to NVIDIA that they don't provide documentation so that free drivers can be written.

Luckily I stopped using the NVIDIA binary-blob quite a while ago, and I don't intend to ever use it again. This exploit clearly shows me that that's a good decision. For now, I'll have to live with the fact that I must use software-rendering for 3D (which is slow). When I buy my next computer it won't have an NVIDIA card, that's for sure.

But maybe there's hope. Maybe, just maybe, NVIDIA releases proper documentation one day (but don't hold your breath).

Alternatively, I just learned about the nouveau project: a project which aims at producing Open Source 3D drivers for nVidia cards. I don't know what the current status is and whether it's usable already, but this is definately a project which is worth trying out and worth supporting!

(via Kerneltrap)

The Top Ten Unix Shell Commands You Use [Update]

IBM has a nice article called UNIX productivity tips. The article mentions this one-liner, which shows the shell commands you use most often:

$ history|awk '{print $2}'|awk 'BEGIN {FS="|"} {print $1}'|sort|uniq -c|sort -rn|head -10
    471 sl
    222 cd
    217 csl
    155 vi
    140 ..
    112 ls
    106 cls
     70 rm
     64 mv
     58 xpdf

Gee, I didn't know I'm that boring...

Note how I mistype "ls" way more often than I type it correctly. Luckily my .bashrc fixes this for me :)

Update 2006-09-25: When I posted this, I didn't intend to start a meme, but it seems I did: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32

(via Lifehacker)

Linux running German Pfandautomat

Linux seems to run on more and more embedded systems all over the place. Nice example I learned about recently: Linux running an ALDI "Pfandautomat" (German)... Yeah, I have no idea how to translate "Pfandautomat" (container deposit?).

There's a video (Flash) on the site. A screenshot is here.

Manipulating PDFs from the command line - joining, merging, rotating [Update]

One of the single most useful packages when it comes to PDFs in Linux is pdfjam.

From the website:

  • pdfnup, which allows PDF files to be "n-upped" in roughly the way that psnup does for PostScript files.
  • pdfjoin, which concatenates the pages of multiple PDF files together into a single file.
  • pdf90, which rotates the pages of one or more PDF files through 90 degrees (anti-clockwise).

The installation is easy as always: apt-get install pdfjam

PDF is not exactly the most easily editable format out there, but these tools can save you lots of time and trouble. Just recently I needed to merge two PDFs into one (and I didn't have any source format of the files). A simple pdfjoin foo1.pdf foo2.pdf --outfile bar.pdf does the job in a few seconds.

Equally useful when you need to print huge documents is pdfnup --nup 2x2 foo.pdf, which sticks four PDF pages into one (thus drastically reducing the amount of pages you have to print)...

Update 2006-09-20: As was noted by several people, pdftk is very cool, too. It can do some other things such as split PDFs, encrypt/decrypt them, manipulate metadata and more...

Democracy Player 0.9.0 - one step closer to world do... a very cool Internet video/podcast application

Democracy Player 0.9 screenshot

Democracy Player 0.9.0 has been released yesterday, which has been announced in quite a number of places already, e.g. Boing Boing.

It's available for Mac, Windows, and Linux; if you're on Debian unstable the installation is as simple as apt-get install democracyplayer (I uploaded the new packages yesterday, they should have reached all mirrors by now).

If you want to know what this is all about, but you're reluctant to install yet another program, check out this screencast (MOV, 37MB) which shows the basic functionality and user interface and discusses some of the new features... I think you'll like it.

You can use it for all kinds of video blogs and podcasts, it'll download and play almost anything with an RSS feed.

Syndicate content