This is interesting. I stumbled across an old wired.com article dating back to May 24. I'm somewhat surprised I hadn't heard about it earlier -- Max was (and still is) a respected member of the security community; the ArachNIDS database of network attack signatures at www.whitehats.com is the best publicly available signature database on the web, and is better and more current than many commercial products. It's true that he's done much to help keep computers secure.

Shortly after the site upgrade to PHP-Nuke 5.1, version 5.2 was released. There's not much new with 5.2, mostly bug fixes and (again) administration changes. I didn't like the included AvantGo module, so I have kept my own home-grown version. (which is next on the list of improvements)

The official 5.2 announcement can be found here, and the source is also available for download.

On a somewhat related note, Radio Technomagik has been upgraded to icecast-1.3.11 and ices-0.2.2, which no longer crashes, and is usually reliable enough to listen from most broadband connections. I wouldn't try from a modem connection, though -- the stream is 128k+

Finally, although speed doesn't seem to be much of a problem, I'm looking into using APC to cache and accelerate the PHP code.

Another site upgrade was completed this evening, along with a few minor changes and enhancements. I have completed the move from PHP-Nuke 5.0 beta 4 to 5.1. Most of the feature changes only affect administration, so the site should look pretty much the same. The most notable end-user changes are: Items can be submitted in the Downloads section, and the Kaput theme finally works properly!

I also took some time and added a few additional topics, and changed the topic for a few of the older items. All available themes have been cleaned up and tweaked for technomagik.net, and several were removed since they're not quite up to spec for 5.1. Finally, now that banners are working for all themes, I'm setting up a poll to see if people want them or not.

The official 5.1 announcement can be found here, and the source is also available for download.

OK, so I was having some issues with Internet Explorer stability, so I decided to go check Windows Update as I regularly do, and found that IE 5.5 SP2 had been released! Since this looked like a promising solution to my problems with IE, I went ahead and downloaded & installed SP2. Reboot.

I noticed the first annoying problem when connecting to my SSL-encrypted (OpenBSD) IMAP server with Outlook Express. I kept getting this very unhelpful error message related to the certificate trust. After poking around on the net for a while, I figured out that what OEwas trying to tell me was that the IMAP SSL certificate was invalid because the root certificate was not trusted. I use a self-signed certificate, which worked fine with OE 5.5 SP1, even though it wasn't trusted. Apparently Microsoft had fixed this bug. Easy enough, I simply installed the IMAP cert into the trusted root.

Then there was the second problem...

Partly to satisfy some people who have been asking for new content on my site, but mostly to shed some light on the whole CodeRed debacle, I am posting Bruce Schneier's commentary on CodeRed.

To serve as counterpoint, I'm also linking to Steve Gibson's "analysis" of CodeRed. The technical analysis of CodeRedII is surprisingly quite good -- but that's not surprising since it was totally lifted without clear citation from SANS' intrusions@incidents.org mailing list. As you all know, just as Steve predicted, this CLEARLY WAS the biggest news of the first week in August, and "all hell broke loose" when the worm RE-ACTIVATED and BROUGHT DOWN THE ENTIRE INTERNET !! OK, he never actually claimed that the worm would bring down the net, but he did imply serious problems would result, as well as putting in yet another plug for his war against XP.

As Bruce's commentary points out, however, although CodeRed has serious implications for Internet security, the Internet survived and will continue to survive, worms and all.

By now you've probably heard about the DDoS attacks against grc.com. Hard to miss, since it's plastered all over the techie press. Also there's this guy running around trying to get people's attention about so-called security flaws in Windows XP.

It's hard for me to express how much I hate Steve Gibson. Frankly, I'm getting tired of hearing about the "security expert" who is "exposing" the "serious vulnerability" in Windows XP that will lead to increased DDoS attacks -- properly implemented IP sockets.

His flashy web sites are filled with hyperbole and sound-bite statements designed to scare people into purchasing his snake oil products. And the whole thing with Windows XP I just don't get. On his own website, he links to an article on The Register ("Steve Gibson really is off his rocker") that does an excellent job of explaining just about how I feel about Steve Gibson.

I guess I just don't understand security. Shhh, nobody tell my boss.

That being said, he does actually have a point, and it is interesting reading. Bruce Schneier (who I really like) has a good analysis of the attacks here:

http://www.counterpane.com/crypto-gram-0106.html#6

Do yourself a favor, skip the actual article and read the analysis instead.

Dmitry Sklyarov, a Russian programmer who has some notoriety after publishing software exposing weaknesses in Adobe corporation's eBook product, was arrested Sunday after making a speech about his findings at this year's DefCon conference.

Evidently, the FBI made the arrest after Adobe asserted that Dmitry's research violated the DMCA.

Local Interest:

Read this story in the local pioneer press. It's an op-ed piece written by the mayor of Eagan, responding to complaints about the city's lack of support for affordable housing initiatives.

An excerpt:

The Twin Cities area is a growing, strong, great place to live. Our success is due to our history and values: a strong economy lead by a highly educated work force; old-fashioned work ethics that prize independence; strong civic leadership. Since the beginning, people in Minnesota have been farmers and landowners. We own our homes. We value green and open space.

Translation:

We control our own city council, you can't tell us what to do. Likewise,we can't tell developers what to do. We're all rich so we only want expensive houses, but we do need affordable housing for when we get old and our kids move out. We want government to pay for things we need, like roads, not for expensive apartment buildings that will make us all pay more taxes. It's not fair to make us pay more taxes for social programs we don't want, like restricting growth. Besides, all you want to do is to keep people down by building projects and not helping them buy their own home.

I'm the mayor. I'm just doing what people in Eagan want.

... (Read More) ...

Mail from Mr. Booker:

http://music.yahoo.com/music/news/billboard/short.html?
a=n/music/news/billboard/urban/20010619/4/p1

Will ol' Dirty bastard have a second career as the Biz Markie of the 21st century. Sussudio?

They sure found a lot of people who can't sing for this compilation.

http://www.washingtonpost.com/wp-dyn/articles/A52274-2001Jun11.html

The Supreme Court ruled today that at least some forms of hi-tech police surveillance require a warrant, as they are subject to fourth amendment protection. As the Post article states, this isn't really a "blockbuster" case, but it is an important protection against Big Brother type technologies. What's most important about this ruling is that it covers surveillance technologies that don't yet exist.