Domain: enyo.de
Stories and comments across the archive that link to enyo.de.
Comments · 6
-
Re:Not a real issue with Debian today
If you use the Debian Security Analyzer, you cannot simply supply vulnerable versions of packages as they will still be listed by debsecan.
-
Re:R Hell
Judging by http://idssi.enyo.de/tracker/status/release/stabl
e , I would say that Debian is handling this the same that most other distributors have, i.e., lagging badly. mozilla.com have to take a lot of the blame for this. -
Re:We're done with TWiki
I also recently had my TWiki-based wiki farm broken into, for the 3rd time in 4 years, despite trying to stay up to date at least with Debian releases.
TWiki is not part of any official Debian release. The current round of bugs was fixed for the twiki package in unstable in March 2005, in version 20040902-2.
Since TWiki's security problems seem intractable (giant Perl codebase that's very difficult to audit and doesn't seem to have been designed to handle security)
Actually, it's not that bad. External processes are only invoked in very few places, and it's more or less straightforward to patch them so that shell command injection is probably impossible (not "provably impossible" of course, but close). See my TWiki robustness patch for the details.
I wouldn't recommend to anyone that they run a publically-viewable TWiki installation at this point.
The alternatives aren't that much better, unfortunately. You might be able to trade shell command injection for SQL injection. The wiki mindset seems to be quite a bit away from a computer security mindset. But this shouldn't come as a surprise because giving permission to random visitors to edit your site needs quite a bit of faith. -
Re:not that complicated
I'm not familiar with dnslog, and searches in google, apt-cache, and sourceforge all came up empty. It looks like a cool tool. Mind telling me where to find it?
Currently, it's unreleased software, but you can find a draft technical report describing it (and some of its applications) on the site of my passive DNS replication project. -
Those crazy Perl users have beaten them to it!
It's more convenient than Web interface and has no arbitrary limits...it's a quantum computing module for Perl! There's also libquantum for C users, and QCF for Matlabbers.
-
Re:Impressive memory crossbar
First of all, the OS doesn't matter for this benchmark. This is a memory-to-memory copying test.
Even the relatively simple uniprocessor x86 architecture offers OS implementors numerous ways to kill performance (shameless plug: a benchmark example). I would be suprised if SGI achieved this result without some tweaking.