Mara's weblog

Bloggin is forbidden is one of American school. It's not that you can't blog when you're at school. No. You can't blog at all.

The principal said it's "an open invitation to predators". The thing is that the new rules are not about posting at all: they're against posting about the school. It means that the children are not allowed to express their opinions about it. It looks that that was the reason of the ban, nothing more.

As I have written many times before, such bans don't work. You can post what you want when you're careful. Using anonymization software it's rather safe. Just another example of absurd regulations.

Security for the paranoid is a nice essay about IT security. BTW I don't think the author is paranoid.

Open Office.org version 2 is ready for download. Mirrors seem to work correctly, so it's possible to get it and test.

Big warning for users of Debian and Debian-based distros: the archive has a big number of RPMs. One .deb only (menus). It means you need to convert RPMs to DEBs and it requires effort and time. That's why I don't have it installed yet.

I have written recently about Oracle security problems. Paches are now released.

The thing is that one Bugtraq post suggests that the patches may not fix what they should. It requires some time to make sure.

As a sidenote: there's no clear link to the paches on the Oracle site.

There's a short comparision of Solaris, FreeBSD and Linux kernels: scheduling, memory management and file systems.

It's quite short, so if you want details, you need to dig deeper. As an overiview -- very good.

It's easy to see that the author prefers Solaris and knows it best, but it doesn't have much influence on the text.

There are awards given to initiatives etc violating privacy, called Big Brother Awards. New edition is comming shortly. Look at the list of nominees from different countries (unfortunately, not all translated to English). Many are just funny but if you realize that there are people who really want to implement such things and are taking it seriously, it looks different. Scary.

KDE 3.4.3 has been just released. There are not many changes: mostly bug fixes (Quanta, kpdf, JuK, kdeedu programs).

If you're using 3.4.2, you won't find many changes in the new version. If you have older (3.3.x or older), it's worth an upgrade.

There's an interesting discussion on Bugrtaq about the time it takes Oracle to fix bugs. One of security researchers has list of bugs not fixed for more than 700 days...

It's not a new problem, there were articles about the same subject in July and September. The time they release security fixes is comming, it'll be interesting to see what they decide to release.

New version of Nessus (3.0) will not be released under GPL. The code will be closed. It looks that it's because other companies selling the product without paying for development and/or patches and lack of developers.

Version 2 stays GPL and there's a possibility (probably only a theoretical one) that someone will make a fork and include new functionality.

Groklaw writes about the High Court of Australia about modchips removing regional codes from Sony PS2 consoles and in this way, allowing games coded for a different region. The court decided that modchip is doesn't break copyright protection. It means it's legal.

SpreadFirefox site is off till Oct 15 because of a security problem. The early reports suggest that an attacker got into using a bug in Drupal CMS. At the time of attack, patched version was already available.

NaNoWriMo has started its registration period this year and got such a number of queries that I can call it a DDoS. Registration is now off. The server couldn't handle the load.

It's interesting when it happens to someone else. With a dynamic site 1000 people at the same time is too much, so DDoS for a small (or medium-size) site is not that hard. Sometimes just because it's too popular.

Bugs in Thunderbird are (maybe it's just how I see it) found less often than in Firefox (or maybe there are just fewer places where programmers can make a bug). This time, we have something rated by Secunia as 'extremaly critical'. The bug is rather standard: wrong method of parsing user input.

There's an updated version, 1.0.7. Download recommended.