18 February 2008

overnight at the lake

I'm writing this from my friends' lakehouse. I've been here since yesterday afternoon, and it's been a nice break from routine. I took a few pictures which I think came out pretty well.

There was a brief snowstorm yesterday afternoon with wonderfully large snowflakes:

lake snowstorm 12 of 15

This morning I took a picture from a similar angle. The lake was so still this morning--like looking at glass:

lake sunrise 2 of 7

16 February 2008

password wallet update

Yesterday I discovered an interesting (and somewhat alarming) problem with my password wallet.

I use vim for my text editor (I have export VISUAL="/usr/bin/vim" in my ~/.bashrc). Yesterday I used the wallet script to update my password list, and then later I was using vim to edit a totally unrelated text file. I fat-fingered what I was doing and typed some magical set of keystrokes (still not sure just how I did that), and suddenly I was looking at several lines from my password file. I recognized those lines as lines that I had highlighted, deleted, and then pasted to a new location when editing the password file when I was using wallet. I then had a forehead-slapping moment when I realized that such edits are saved for posterity in the ~/.viminfo file.

Oops. That's a potential information leakage vulnerability.

But it is easily remedied by adding the following line to ~/.walletrc:
VISUAL="/usr/bin/vim -i NONE"

The -i option tells vim to use some file other than ~/.viminfo for its state information. In this case, it tells vim not to store state information at all. The trick of putting it in ~/.walletrc (rather than in ~/.bashrc) means that vim only skips storing state information when running wallet--vim will keep state information in ~.viminfo any other time you run vim.

So if you're using wallet with vim, I urge you to make the above change to your ~/.walletrc file.

06 February 2008

securing WordPress with blogsecurity.net

I needed to set up a WordPress blog at work this week, and I decided to try following the WordPress Security Whitepaper at blogsecurity.net. It was pretty easy, and (hopefully) has made that WordPress installation a bit more secure.

blogsecurity.net is a blog about security issues relating to blogging. It's pretty interesting and has lots of good information and resources.

02 February 2008

Python 3.0 To Be Backwards Incompatible

According to a Slashdot post, just about all python code will require at least some changes when python 3.0 comes out in early 2008. I've never learned python, and news like this makes me glad that I've never bothered. (Besides, a syntax predicated on whitespace just seems weird to me.)

I wonder how Red Hat feels about this, considering that a lot of the RHEL system scripts are in python. They'll probably have a lot of rewriting to do for RHEL6.

I suppose that similar criticism could be leveled at Perl6 v. Perl5 (although there is talk of some sort of compatibility mode as well as a Perl5-to-Perl6 translater). But it's probably a moot point: as far as I can tell, Perl6 will never, ever be released.

01 February 2008

Microsoft buying Yahoo?

So I started going through my RSS feeds this morning, and I saw that a big news item was Microsoft's $44.6 billion offer to buy Yahoo.

I'm not sure how I feel about this. If the purchase goes through, I hope MS won't screw up flickr.

I think Yahoo uses open source technology for a lot of their services. I'd hate to see that change, too.

Someone posted an interesting comment at Linux Journal. The commenter pointed out that Yahoo owns Zimbra, a potential Exchange competitor. I wonder how much that contributed to Microsoft's offer.