Category Archives: Tech

Theo doesn’t like PAM either…

Leave a reply

I haven’t checked my bugtraq folder for a long long time, today while waiting for a long compilation and simulation I looked and I liked Theo’s comment on PAM:

Cc: bugtraq@securityfocus.com
Subject: Re: Strengthen OpenSSH security?
Date: Thu, 20 Apr 2006 19:15:30 -0600
From: Theo de Raadt

> > It seems to me that sshd should not tip its hand by returning different
> > responses when a user ID can be used for logins than when it can’t —
> > allowing an attacker to focus password guessing attacks on user IDs with
> > which it would have a chance of gaining access. For those folks out there
> > who are more familiar with OpenSSH than I am: How hard would it be to
> > make the responses indistinguishable?
>
> Are you running the latest version of portable OpenSSH? If not, you need to
> upgrade. As far as I know, there should be no more leaks of this sort in
> the current code. If there are, please notify the openssh developers (and
> include your authentication configuration – your PAM modules may be leaking
> the info, and there’s nothing OpenSSH can do about that).

He’s right. If there are still problems with leakage, it is due to PAM.

And we can’t do anything about it.

I will try to be as nice as anyone has ever seen me be:

PAM is completely and utterly broken and cannot be fixed.

VZW re-enabled OBEX on RAZR v3c’s

Leave a reply

They didn’t disable it at first, and then they did, and then they re-enabled it, WTF… but as long as they keep it this way, it’s all good… Now we need to get Sherry’s phone reflashed to .04 firmware.

Verizon enables RAZR V3c pic transfers over USB and Bluetooth – Engadget Mobile

In what seems like a complete 180 for a company fond of disabling dial-up networking and simultaneous WiFi and voice usage on their handsets, Verizon has apparently enabled the OBEX Bluetooth profile in the recently-released 0.1.15.04 RAZR V3c firmware update. As RAZR owners are well aware, the previous two firmware updates had disabled and then completely removed OBEX, which gives customers a free way to transfer their files to a PC, most importantly their pictures. The new firmware not only enables OBEX, say HowardForums users, but actually allows pic transfers over a wired USB connection as well using the Motorola Phone Tools software. Having seen Verizon has take such a shocking step following their change of heart on DUN, we’re expecting reports anytime of Apple opening up the iPod, Sony dumping the MemoryStick, and the HD-DVD and Blu-ray camps coming to a super-last-minute compromise.

Goog Calendar

Leave a reply

blah, no Safari support…

with buying writey, developing gmail, hacking gtalk over jabber, and now calendar, looks like goog is slowly bringing the M$ desktop applications into their website, this is great, I hate Outlook, would be nice if Goog calendar can integrate with iCal, Outlook, Notes, MeetingMaker, Scalix, and what not, so we can finally have a public calendaring server… is numsum gonna be next? 😉

(yes, I know there are services that can already do that, but they are either not as big as goog, which means it’d be impossible to get all my friends to use them, or they are lame, like Yahoo! calendar)…

Technorati Tags: ,

Adobe engineer explained why no universal binary for PS

2 Replies

Scott Byer wrote in his blog the reasoning behind the decision to hold off a Universal Binary release of PS until 2007. So the main problems, he said, were their f’ked-up legacy 68k codes and using CW when they should’ve migrated to Xcode when they were advised to. I believe Apple told developers to do that 5 years ago. Mathematica probably has as many if not more customized assembly routines yet they released 5.2 as a Universal Binary apps back in February. Same thing goes to Apple’s very own Aperture.

Living Photoshop: Macintosh and the Intel switch.

This comment by coreen is right on the money:

So what your saying is that the last transition was the one where you slacked off and gave the customer a second rate set of tools. I am not trying to be mean or anything but it just sounds like you should have been working on eliminating the old 68k code completely so you would not have to rely on emulators and plug-ins. AND if i remeber last time Adobe was one of the last ones out of the gate to go native…or pseudo-native as it were(besides ..the ahem “other company” but at least they got it right the first time). Then during that time you managed to really concentrate of windows version and its performance. If I were your boss… you’d have been fired for lack of forthought in an ever changing business. Adobe has had enough time and resources to be prepared for something like this. Steve admitted to working on intel processors years back in a keynote. I am so glad i never bought CS2. I will stick with CS1 for now i guess. I appreciate your explanation but it really didn’t garner any sympathy. If I misunderstood anything please correct me.

and this one by Andy:

As a professional software developer I have worked on small private and very large commercial projects, using Codewarrior, VS and XCode on multiple platforms. Not keeping your codebase up-to-date and easily switchable from one tool set to another is lack of foresight and planning.

Yes, maybe your codebase is old and complex. Time for a rewrite, buddy. If you don’t do it, your competitors might just overtake you.

Only big companies like Adobe can afford to ignore that and survive. And the users suffer.

And this by Claudio:

Apple herself is aware of the complexity of this port, so the
guidelines suggest to first compile your project as Mach-O in your
actual development tool, and then port the project to Xcode.

Technorati Tags: , ,

China buys Google China buys Google | The Register

Leave a reply

China buys Google | The Register :

The People’s Republic of China has acquired a controlling stake in the United States’ fastest growing technology company, Google.

Google announced the transfer of 140m shares of Class B stock to a new entity owned by the Chinese Ministry of Information in typically forthright style. The news was disclosed in a Captcha graphic on its Google Canteen Menu weblog; investors had to click a hidden link to see the announcement, and then decode a stenographically-hidden message watermarked into the JPG file. Once decrypted, the message read:

gee it’s raining here in mountain view and my cats hungry so we thought we’d better update you on our corporate finances. we’ve sold out to china. have a great weekend boo-yah!! lol

No other details were forthcoming.

:lol:, Happy April Fool!