In a follow up to Using Nagios With OpenBSD Hardware Sensors, Andrew Fresh has updated the Nagios plugin to use the new 2 level sensor output.

http://openbsd.somedomain.net/nagios/check_hw_sensors.html

Andrew Fresh has updated his OpenBSD Nagios plugins for compatibility with the new two-level sensors ouput. If you didn’t check this out the last time we mentioned it, now’s a good time to give it a try.

Andrew wrote to misc@ that he doesn’t have a lot of sensors to try, so testing would be appreciated.

http://undeadly.org/

A few of the more popular Javascript libraries floating around at the minute.

http://berniecode.com/writing/animator.html - BSD licence + Lightweight
http://jquery.com/
http://openrico.org/
http://prototype.conio.net/
http://mootools.net/
http://script.aculo.us/ - requires prototype
http://moofx.mad4milk.net/ - requires prototype or mootools
http://www.bennolan.com/behaviour/
http://dojotoolkit.org/
http://mochikit.com/

Wondering how to keep all your network machines time in sync? Use OpeNTPD and OpenBSD that’s how!

Take some random OpenBSD machine on your network, allow UDP port 123 (namely time) to come and go to that machine. Edit a few lines in /etc/ntpd.conf (for most use uncommenting a few lines is more accurate).

See A 5 minute guide to OpenNTPD for the full article

Good news for you RFID security worriers.

A Platform for RFID Security and Privacy Administration is a paper by Melanie R. Rieback and Georgi N. Gaydadjiev that won the award for Best Paper at the USENIX LISA (Large Installation Systems Administration) conference today.

RFID Firewall PDF

Via Boing Boing: Personal firewall for the RFIDs you carry

A post on Todd Malicoat’s blog - Jim’s Got Some Killer New SEO Tools points out some nice SEO tools from WeBuildPages.com

1. 1. Top Ten Analysis SEO Tool
2. 2. Backlink & Anchor Text Tool
3. 3. C Class Backlink Analyzer Tool
4. 4. Common Backlinks Tool
5. 5. Sitemap Tool
6. 6. Top Competitor Tool
7. 7. Strongest Subpages Tool
8. 8. Forward Link Title Tag Tool
9. 9. Internal Link Title Tag Tool
10. 10. Internal and External Link Title Tag Tool
11. 11. Age of top 100 Websites with Backlinks Tool
12. 12. Deep Link Ratio Analysis
13. 13. Cool Cache Tool
14. 14. Down and Dirty Backlink Check Tool
15. 15. Search Combination Tool
16. 16. Keyword Density Analysis Tool
17. 17. Spider Viewer

Just came to do some xsl transforms on a few rss feeds and was a bit pissed to find that the Firefox developers apparently know better and default to there own stylesheets for rss…. why they don’t check for xml-stylesheet type=”text/xsl” I have no idea. (Haven’t tested IE7).

Luckily there is a work around

The emerging workaround for this problem (which isn’t new to us, since we’re
using the same heuristic that IE7 betas have been using for months) is to put
in a comment ranting about the evils of sniffing web content and overriding the
desires of web developers which is long enough to move “ the first 512 bytes, since that's all we sniff.

More info on Firefox 2’s broken XSL transforms can be found here

• 0xDECAFBAD » Firefox 2.0 breaks client-side XSL for RSS and Atom feeds
• Firefox 2 Violating Net Neutrality?
• Firefox bug report: Feed View overrides XSLT stylesheet defined in XML document

“… and why it is so hard to get” is a talk given by Theo de Raadt at OpenCON last weekend - the slides are now available. The presentation offers insight into issues such as -

* Why vendor drivers are unacceptable
* Why vendors’ reasons and excuses are unacceptable
* The users defending vendors phenomenon

Why hardware documentation matters so much

Other presentations from OpenCon can be found on the OpenBSD Events page

The only reason people want a Wii is because of the controller so why don’t Sony do the unthinkable and actively support the new controller with a nice Sony branded PS3 driver. Its not like it can’t be reversed engineered as it looks like it is already been done http://carl.kenner.googlepages.com/glovepie_download.

Proof that aliens have an internet connection and that they have landed their Firefox space ship.

Google Sightseeing » Post Archive » Firefox Crop Circle

Put your hands up who wants to use a i386 X windows server which has access to your kernel’s memory?… What? no takers? Well its a good thing an OpenBSD developer, Matthieu Herrb (matthieu@) just committed this patch for OpenBSD i386 X Server users.

CVSROOT: /cvs
Module name: xenocara
Changes by: matthieu@cvs.openbsd.org 2006/11/29 13:07:10

Modified files:
driver/xf86-video-wsfb/src: wsfb_driver.c

Log message:
Add support for vesafb to the wsfb driver. This makes it possible to
run an unaccelerated and unprivileged X server
with machdep.allowaperture=0 on i386.

‘CVS: cvs.openbsd.org: xenocara’ - MARC

And from From Theo’s reminder on the X Aperture , March 2006

I would like to educate people of something which many are not aware
of — how X works on a modern machine.

Some of our architectures use a tricky and horrid thing to allow X to
run. This is due to modern PC video card architecture containing a
large quantity of PURE EVIL. To get around this evil the X developers
have done some rather expedient things, such as directly accessing the
cards via IO registers, directly from userland. It is hard to see how
they could have done other — that is how much evil the cards contain.
Most operating systems make accessing these cards trivially easy for X
to do this, but OpenBSD creates a small security barrier through the
use of an “aperture driver”, called xf86(4)

http://www.openbsd.org/cgi-bin/man.cgi?query=xf86

This device exists on i386, amd64, alpha, cats, macppc, and sparc64.
(Other architectures do not need such a thing, since they have less evil).

Please be aware that other operating systems don’t even have an
aperture device, because they simply let root processes talk to the
video cards (via /dev/mem). Their X servers also run entirely as
root, while ours is now privilege seperated and running jailed as user
_x11. Even so, our privilege seperated X server is talking directly
to the IO registers of a video card with much evil in it. And many
newer video cards are very smart, capable, and thus dangerous. So we
have concerns.

> Are these new programable cards capable of reading main memory, which
> OpenBSD would not be able to prevent if machdep.allowaperture were
> set to something other than 0?

Yes, they have DMA engines. If the privilege seperate X server has a
bug, it can still wiggle the IO registers of the card to do DMA to
physical addresses, entirely bypassing system security.

From the xf86 man page mentioned by Theo

in addition to allowing access to pci(4) configuration registers,
the aperture driver allows access to the whole first megabyte of
physical memory, permitting use of the int10 emulation in X.Org
6.8 and later. Note that this can cause some security problems,
since the process that has access to the aperture driver can also
access part of the kernel memory.

So what Matthieu has done is stop a non yet existent exploitable bug in X from compromising the security of the host by not allowing an i386 X server access your kernel’s memory. Yet another reason to choose OpenBSD, possible bugs that may never occur are already protected against.

Great going Matthieu and good luck with the Xenocara port.

Undeadly is reporting the the latest i386 snapshot of OpenBSD includes OpenOffice as a package. Get testing people so this can be included in OpenBSD 4.1.

OpenOffice packages available

Snapshots of OpenBSD can be found here: ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/

Linux 2.6.x NTFS __find_get_block_slow() denial of service

Looks like the Linux NTFS compatibility could lead to a denial of service attack

Kernel Fun: MOKB-19-11-2006: Linux 2.6.x NTFS __find_get_block_slow() denial of service

Wooo there is much rejoicing is to be done…. The wordpress shop by Richard Brown of cregy.net has just been launched… This just hit my inbox

Hi All

I thank you for your patience. It has finally arrived and is now ready
for release. The wpshop is available from this page:

Cregy » Downloads

I have asked that folks give it a good testing. Please email the list
as quickly as possible if there are any problems and I’ll see if I can
sort them.

A word of caution. The developer is going on holiday for a week or so,
so if there are any programming difficulties these might have to wait
for a week. To be honest though I am probably being over-cautious, we
have tested the plugin extensively and it is now working at several
sites.

I will start to list links of sites using the plugin so if you would
like to join the list, email with the url.

Many thanks.
–
Rich

And from the download page: Cregy » Downloads

Welcome to the downloads page for the WPShop plugin.

This plugin has gone through various upgrades and is now released for testing purposes. Please could you install, check that installation works, configure with a Paypal account, add categories, products and give it a good test run.

The css sheet for those that wish to update and style accordingly is version2.css. I have started to style at several sites so if you need some advice email the mailing list. I am sure others will quickly be able to help as well.

I have dated this page and would be pleased if bugs etc could be reported over the next month so that we can sign the plugin as ready by the 1st January 2007.

Many thanks and enjoy.

Download WP Shop as a zip file

Richard Brown
17th November 2006

I have set a mirror to the download in case cregy.net get swamped:
Wordpress Shop - WP Shop Mirror