Older blog entries for mjcox (starting at number 78)

Where did that month go? Well actually I know exactly where it went since I started managing my time using the Franklin Covey system. Security work keeps me busy and in spare time I've been finishing off our CVE mapping. I had a mad moment one evening and got our 2000 mapping nearly complete, so only a handful of issues left until we've got a 100% mapping.

In home life I now have the ability to assemble flat pack kitchen units with Italian instructions and make them defy gravity by fixing them to the garage walls using my new scary hammer action drill.

What a busy couple of days. It all started last month with a seemingly innocent DOS being reported to the Apache security team. jorton and I spent some time analysing it and found that although it wasn't exploitable on 32 bit until platforms it may well be exploitable on some 64 bit machines. Then started the co- ordination work with CERT.

Then, suddenly, the ISS team announced the same issue publically causing us to go into firefighting mode and release the advisory (which I'd fortunately already drafted and got positive feedback on), followed by seemingly hundreds of press calls, lots of additional analysis, and reading ISS say I was untrustworthy in some Chicago newspaper ;-)

Now for some sleep

  • Got interviewed for redhat.com
  • I was initiated into the need to carry around more paper
  • had a few days of fun with Bryce and other US folks. Looking in the US for magazines on how to do interior US home design, although all I found was imported magazines showing how to make your US home look English. Grass, greener, etc.
  • Went through far too many security points at airports and found that it's really important to make sure your laptop is charged when they want to inspect it
  • spent some time with the Mitre CVE people

Did an interesting interview last week for Red Hat about what I do and why I do it with some very American questions like "Justify your existance". Anyway that should be on the web site next week sometime and explains all about how I got involved with Apache and why I think buying a house is like coding software.

The cute Erricson phone works over here in the USA and for the first time I've been able to hold working SMS conversations with the UK - saves me a buck or two.

Replaced my outdated paper log book with my todo list and notes with a system from Franklin Covey. Replaced it with even more paper - but according to the seminar this system will sort out my entire life and make me a better person.

Rest of my time has been dealing with various security advisories for Red Hat and investigating new issues. I'm off to see the Mitre CVE folks in a couple of days in Boston.

Tip of the month: When travelling don't let your batteries completely run out so when you are asked to turn on your laptop at airport security there isn't even enough power to light the 'your batteries are low' light.

So I've had my Nokia 8210 for a couple of years and it is getting old and battered. Everytime I go to the US I have to swap to a very horrible Motorolla (with such a confusing interface I can't use it). I wanted to replace it with one of these cute Erricson Bluetooth GPRS tri-band t68's. To upgrade the phone costs 170 pounds and ties you into another 12 months contract. To get the phone on a new contract costs 70 pounds, but you can't keep your number. So I rang and cancelled my service and was going to switch networks (if I switch networks I can keep my number; so Orange are the only losers). They didn't bother trying to keep me.

Just before ordering my new phone I gave Orange Customer Services a call; not only were they then willing to upgrade my phone for just 97 pounds, but they'd give me 60 back for my old phone, no matter what the condition.

So I now have a 9 foot deep hole in my front driveway.

House: Finally taking stock of all the outstanding house stuff. Called the council to look at the vibration problems (they came out within 3 hours, amazing!), keeping a better log of the high voltages so I can complain (it keeps going about 253volts, it's meant to be 230volts), some bits fell off my roof, missing some tiles, they still can't find the water pipe.

X10: problems with X10 codes not being received between floors, have to spend some time to experiment as they all are the same phase (although there is a lot of cable, ring lighting circuit passes through each switch)

CVE: Finally finished the 2001 and 2002 CVE mapping.

7 May 2002 (updated 7 May 2002 at 14:19 UTC) »

Las Vegas (well eventually after a very long trip). Got a view of the strip after reading how to get a view of the strip on some site, and was amazed how many people were on the casino floor at 5am this morning when I went for a coffee. During airport security screening thought of a witty answer to the security guard who asked "have you anything in your bag that could be used as a weapon" ('well I could club you to death with my laptop' or 'i have some three-day-old socks') but thought better of it.

Anyone here remember a UK Web product called Focus? Well I spent a bit of the trip cleaning up the code and getting it ready for re-release. Wow, coding is fun, I've been missing it these last few months.

Several hours later and I manage to find out the extended commands for the LW11G dimmer unit. Can't find these anywhere else mentioned on the web, so for future generations:

# Extended X10 control of LW11G dimmer
#
# Unlike other L*11* modules the LW11G
# seems to only respond to code 53.  Set the data to
#
# 0 = immediate off
# 255 = immediate on
# 1-254 = slowly dim or bright to that level, turns on if
not already
work Off to N+I in Las Vegas in May to talk about Apache in the Enterprise, Stronghold and other good stuff. Have to stay for a week though to make the air fare cheap.

home Fell down the stairs and broke a bone in my hand, reducing me to one-handed typing which is slow and very very annoying. Got some X10 gear from laser.com to play with, but failed to find *good* Linux drivers that would directly set the light switch to a specified level (requires X10 professional codes). Bought a 3 foot high Pingu in Edinburgh.

work found myself giving a webcast about Stronghold which brought back memories of actually coding Stronghold back in 1995 or 1996. For the last 6 months or so I've been trying to resist coding on Stronghold, and for the most part I've managed it, although its tempting to dive in - it's so much easier to measure productivity when you're actually coding. After a couple of years in production it will be great to see it finally released. I'm probably off to N+I in Las Vegas in May which should be fun.

house nothing new from the builder or lawyers, so the house continues to have problems that don't get fixed. All the home automation stuff is working now, except the cute timer and dimmer touch-switches in the bathrooms which have a habit of dropping back to turning themselves off after one minute (which is quite annoying if you've just stepped into the shower). Found a cute wireless RF temperature sensor and timer for my heating system, contemplating getting that (US$150) or alternatively just hooking up a relay and temperature sensors in some rooms and having the PC do it.

69 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!