Here is a little status report, for those who wonder where I went off to. I have worked at Secunia for a year and two months so far, and I have done tasks that hopefully were helpful to my beloved open source community:
Recently I have visited The 24th Chaos Communication Congress (24C3) in Berlin, I have seen other things in Berlin for a few days, I have read non-fiction books about astronomy and the history of ideas, and listened to popular music performed by Friday Bridge and Evert Taube (which is nice to indulge in, since those fields of endeavour basically are my interests with some room for variation). After returning from Berlin, I have a really horrible cold (which is not one of my bigger interests).
"Hell is other people." -- Jean-Paul Sartre
</blog>
two requests from Debian
zabbix -
streamripper
misc.
old job => new
job
general elections 2006 - voted for these guys
Ulf's YouTube top 6 music video countdown, week
41 (lots of italodisco)
1. Digital Emotion - Go Go Yellow
Screen
2. Lucia - Marinero
3. Squash Gang - I Want An Illusion
4. Plastic Bertrand - Ca Plane Pour Moi
5. Via
Verdi - Diamond
6. Wish Key - Orient Express
Tokyo
highlights:
(I'm not going to write any descriptions, because I'm really
not a travel writer,
but these places and activities are heartily recommended)
Tokyo Metropolitan Government Office and nearby buildings -
Fuji Television Japan Broadcast Center observatory (great
architecture) -
eating very fresh sushi in a restaurant next to Tsukiji
Central Fish Market -
Golden Gai -
Ueno-koen with its various museums and a zoo -
a live show in Roppongi with Piana
and other artists (found here) -
a live show in Shibuya with YMCK
and other bands (found there as well) -
Senso-ji and Asakusa-jinja -
Love Hotel Hill -
Takeshita st. and Harajuku st. -
Design Festa -
Roppongi Hills -
Shibuya -
Yoyogi-koen -
National Museum of Emerging Science and Innovation -
Imperial Palace East Garden -
Yasukuni-jinja -
Sony Building -
Piss Alley -
Akihabara (somewhat overrated) -
and much more.
Kyoto:
Nanzen-ji -
Nijo-jo -
Kyoto train station (huge and modern).
[CENSORSHIP] x2 :: (Re: Raf Coney. imtiredofsingingtroublelordhowlonghowlongmustwesingthissong. DECONSTRUCT.ME)
Buffer overflow in ClamAV's freshclam client (Securityfocus || ClamAV || Heise)
Not security related overflows in RRDtool (1, 2) and SoX (again)
Securiteam and OSVDB :: readable blogs about computer security
I've been playing around with ancient version control programs like SCCS (in the form of GNU CSSC) and RCS, and it's interesting to note how many of the not-so-obvious but still important features were present that early on. Do the current version control systems suffer slightly from creeping featurism? Discuss among yourselves. Rhetorical question - answer within.
The song "Laughter" by The Fine Arts Showcase is really, really beautiful.
Apart from that, I've mostly been carrying my briefcase to the office.
I haven't done very much free software work since last time either. I did find some buffer overflow bugs in webalizer, but they are only bugs - no vulnerabilities.
There was a new announcement about the architectures in Debian etch. It will be interesting to see how things finally turn out.
I forgot to write about it earlier, but the US-CERT published a vulnerability note about my old bugs in unace, after the same guy at Secunia Research found about six other products that were affected by the bugs as they incorporated the unace code. The Secunia guy is obviously my biggest fan, and I'll send him a signed photo real soon..
I've almost finished reading Beijing Doll, which I bought in Minneapolis last summer. It's OK but nothing special. I suppose being a punk rock rebel is more of a new idea in China than here in Europe. She'll probably write something better later on, though.
Apart from that, I've mostly been working and celebrating Christmas.
I'm getting very bored of writing here, so I probably won't update this diary very often in the future. Many thanks to those who rated, voted for and e-mailed me about it! It's nice to know that some people appreciate my work for the free/open source software community.
Happy new year,
Ulf
I haven't worked on any big Linux project recently. However, I submitted some bugs and patches to spamassassin, and I've found a buffer overflow vulnerability in unalz when it extracts ALZ archives. I haven't seen many of those archives, but I like being thorough and check all programs in a category and not just the most popular ones. The unalz bug got average grades from the security reviewing office workers (none of whom could write a simple C program to save their lives).
In more exciting news, Drupal has started using an HTML filtering library based on my kses library.
I've mostly been busy with my day job. I really like it, as I get to code networking applications which I find much more exciting than web publishing systems and as the tasks are more challenging than in other companies.
That don't impress me much
As I'm now gainfully employed, you can't write to me at my @student.uu.se e-mail address anymore. You have to use the one at my person page here at Advogato.
"You keep hangin' 'round me / And I'm not so glad you found me / You're still doing things that I gave up years ago"
-- Lou Reed
The new Ladytron record was a disappointment! They have changed their style quite a bit and started playing overblown alternative rock with bad melodies and a slick production that may or may not have anything to do with having signed to a big record label recently. It's OK and everything but it's much worse than the other two albums.
The new alternative comic album by the Swede Mats Jonsson is also a departure - much darker, less humour, different subject matter, less stuff that I could relate to - but I quite liked it, especially the "being scared out in the woods" part.
Computer security for laymen
A race condition is what occurs when you leave the washing room, enter the pitch black corridor, and the monsters manage to catch you before you reach the light button (which of course destroys all monsters just milliseconds before turning on the light).
New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.
Keep up with the latest Advogato features by reading the Advogato status blog.
If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!