Topa: My Way
Saturday, September 24, 2005
Friday, September 23, 2005
Mozilla Bug 307259
The Firefox 1.0.6 Web browser was hit by a nasty buffer overflow bug in the past week. The Bugzilla bug report can be found here. It was reported on Full Disclosure and Mozilla's Bugzilla on Sep 6 by Tom Ferris of http://security-protocols.com and has since been a hot topic of discussion on the FD mailing lists. A little knowledge about the bug. The problem lies in the way Firefox/Mozilla handle IDN URI's.IDN is International Domain Nomenclature, a naming system which is used for non-english Domain names like russian,chinese etc. Basically a URI like http: //---------------------------------------- can trigger this bug to cause the buffer overflow.No exploit code is present so at the most your browser will shut donw.Note that the "-" 's in the URI are soft hyphens encoded in UTF-8(Unicode). Currently, there is no patch/fix available for this bug, the best alternative is to disable IDN in Firefox through the about:config settings interface. A little not about Tom Ferris, Tom is well known among security circles and highly respected but of late he was under a lot of flak for the way the Firefox bug was handled. Usually, a bug is reported to the upstream developers and then the dev's are given some time to whip up a patch/update for the vulnerability. IN this case,Ferris filed a bug report,announced it on FD,published POCC (Proof of Concept Code) all at the same time without giving the Firefox dev's enough time to even come out with a Security Advisory. This is not the right way to go about handling a critical vulnerability tike #307259. Compare this to Ferris' way of handling IE bugs. Ferris reported 2 bugs in IE which were not made public and are still not fixed.Moreover, the Advisory came a week later and no POCC was published.
Wednesday, September 21, 2005
How to kill a LUG ?
A LUG is a Linux Users Group.It's a meeting place for FOSS developers/users etc.(FOSS stands for Free/Open Source Software). I have a IRC pal called Hobbes(John Kingsley) who belongs(read belonged) to the Bangalore Linux Users Group. He recently published an article on how his city's LUG the Bangalore Linux Users Group died a slow painful death. You can read it here. Thank god ILUG-Chennai,India's oldest LUG will never die thanks to its great members.
Tuesday, September 13, 2005
Canon EOS 5D
Canon has released the Canon EOS 5D.I have been waiting for this digital SLR to come into the market so that I can start oogling at it.It was first covered at Engadget though many suspected the images to be photoshopped.Well it's real this time around and the features look great. Some of them include: * 12.8 Megapixel cam * Max resolution of 4,368 x 2,912 pixels * 2.5" LCD * 6 different presets * Better Noise Reduction * Wireless File Transfer!! and USB 2.0 This camera is not for novices and it comes in at a whooping $3,200. So guys now you know what to get for my birthday. :) All pictures were taken using my Sony Ericsson k750i mobilephone cam so don't expect great picture quality.It's a 2 Megapixel cam but has pathetic shutter speed as is evident in all mobile cams.
Google yesterday released Google Talk ,their Instant Messaging(IM) service. It has been received with some mixed response by the community.Here's my take.. First off, the technology powering Google Talk is nothing new, they use the open source IM server called Jabber. InfyLUG folks and a few people who follow InfyLUG activities would remember that we already had a Jabber server running on Infosys network during the whole Microsoft Messenger downtime.So in a way Infosys came out with Jabber usage before even Google.YAY to Infy! Next what google has done is use it's Google Mail service as the backbone for it's IM services.Well that's nothing new, Yahoo! and MSN have been doing that for years now.Well, so what is different in Google Talk ? The best thing is the open spec's on which Jabber stands.This is a big plus for indie developers who want to create services which interoperate between other IM services.Some time back Y! made a major change in their IM protocol and this affected all the third party clients like GAIM and Trillian.This problem will never exist with GTalk.Second is the integration with VOIP and SIP based voice protocols.Again the open ended nature will mean that VOIP based communication can be integrated into web services and other products.Just imagine what would happen if GTalk-VOIP can be embedded into a webpage and basically anybody can hold a conference by just signing into a webpage using their Google ID and start talking.This is possible now with GTalk,earlier thanks to MSN and Y! this was impossible. Next is the support for third party clients.You can now use GTalk on Linux(GAIM),Mac OS(iChat) and a lost of clients for Windows(Trillian,Adium etc) With Google's own talk you get the feature of searching through your mail right from your IM client. However, as of now, GTalk's features are pretty "prehistoric",it's where Yahoo Messenger was 4 years back.No customizations/skinning on it's chat client.File transfer is still missing.Group Chat is still in a very nascent stage.So basically it's at the lowest rung of popular IM services available for the community.However all this will change as more people start using their Google mail Id's on GTalk because everyone now has a GMail account.Another problem is no Chat history logs.All chat transcripts are URL encoded, meaning they cannot be parsed and searched for,also this a cause of worry as chat transcripts are being sent back to Google HQ for archival. :O Integration with Skype;Oh! this is the biggie, if Google can manage to pull this off then it's Game-Set-Match Google.With over $4 bn in it's cofers this is quite possible.All industry pundits are hinting at this in one way or another, either they will acquire Skype or integrate with the Skype userbase.Either way it's a win-win for Google. Well, it looks like it's good times ahead in the IM battle and a few battlelines will have to be redrawn. What really impressed me was the "no bloat" attitude of GTalk.Basically just install,configure and your good to go.Y! and MSN of late have been packing more and more stuff into their IM client and this really made me take a break from IM, thanks to Google I think I can get back with my lost love. All said I would give 3/5 for GTalk featurewise and a Special 5/5 for "what can be done with GTalk".Let's just give it some time and till then get back to our IM roots, a world of plain text and no ImEnvironments and crappy ads flowing into our desktop.