Local root exploit in Linux kernel 2.6.17 to 2.6.24.1

Pretty scary stuff, even if you trust all of your users:

victor@mercury ~ $ ./exploit
-----------------------------------
 Linux vmsplice Local Root Exploit
 By qaaz
-----------------------------------
[+] mmap: 0x100000000000 .. 0x100000001000
[+] page: 0x100000000000
[+] page: 0x100000000038
[+] mmap: 0x4000 .. 0x5000
[+] page: 0x4000
[+] page: 0x4038
[+] mmap: 0x1000 .. 0x2000
[+] page: 0x1000
[+] mmap: 0x2ac3dee3c000 .. 0x2ac3dee6e000
[+] root
mercury ~ # whoami
root

What’s really amazing is that news of this vulnerability didn’t really hit the mainstream web until today, but yet on Friday there was already a kernel patch. There’s even an in-memory hotfix that you can use (I tried that too - it works) if you prefer to wait until an official kernel makes it downstream. Open source is amazing.

Had this been proprietary software, no one would have known about it except for the all the people exploiting it. Servers all over the world would get owned, and the software company wouldn’t even discover it for a few more weeks. Or worse, they would know about it, but would hope to keep it hush-hush until the next Patch Tuesday.

There are comments.

read more ...

Migrating to Google Apps (and getting everything working)

For the last few years I’ve been using Gmail exclusively and have been forwarding emails to @victortrac.com to my Gmail account. Google’s spam filters are the best I’ve ever seen, and the interface is elegant and fast, and combined with loads of storage and IMAP access, Gmail is nearly the perfect email application. The XMPP integration is just icing on the cake.

Because of these features, I voluntarily gave up having a customized email address on my personal domain to take advantage of Google’s infrastructure and technology. The decision was fairly easy - I was deluged in spam and GMail’s web client was better than any other thin or thick client available. By forwarding my domain’s email to my Gmail account, I was letting Google’s wonderful anti-spam technology work its magic. This allowed me to retain some use of my previous email address, but as I started to use XMPP (aka Jabber or as Google calls it - Google Talk) I became more and more dependent on my Gmail identity. Sure, I had other Jabber IDs, but it was just too convenient having a unified email address and Jabber ID provided by Gmail.

However, let’s say that in five years Google shuts down or, more likely, another company comes along and provides a better service or product. By this time your Gmail identity has evolved into a unified presence, communications, and identification address where anyone can reach you at any time and is also your OpenID login to the majority of sites on the internet. If you’ve spent 10 years building this identity around a Gmail address, you’re not in a great position to easily transition. By using Google Apps on a domain that you own and control, you’ve at least separated the address from the services and would be able to move around as you want. It’s like being able to live all over the world, moving to where the grass is always greener, yet still always having a constant mailing address.

Getting it all to work

So ...

There are comments.

read more ...

Where’s the “Undo” on Google Reader?

There’s been a bunch of press lately about Google Reader’s new features, most notably the “Friends’ shared items” section and Profiles. A handful of people were instantly complaining about the lack of privacy and control, but I don’t really see Google’s implementation as a problem. It seems pretty simple to go to “Manage friends” and hide the contacts you don’t want looking at your shared items, but this really kind of defeats the purpose of using your shared items to begin with. If anything, I think Google’s decision to automatically include your GTalk contacts just makes it that much likelier that I’ll read and see my contacts’ shared items. I wouldn’t spend the time to go through my contacts to subscribe, but having them there automatically is great. It’s giving me the benefits of filtered reading list through a social network I wouldn’t have bothered to use otherwise.

However, I can see this causing some annoyance in the form of repeated posts. If a lot of my contacts are subscribed to the same stuff I’m subscribed to and decide to share it, I’ll see it twice - once on my own feeds and again when I go through their shared items. This has been annoying me on my Techmeme feed enough to want to consider unsubscribing from techmeme, and so I can see this becoming a bigger problem as I get more contacts who read the same stuff I read.

Whenever Google gets around to fixing the duplicate feed problem (and I really hope they do soon), they should also add an “Undo” button in Google Reader. In GMail, anytime you archive, delete, flag as spam, or otherwise move an email from one view to another, GMail gives you the option to undo the operation. This is great because Archive, Report as Spam, and Delete are all right next to each other and easily mis-clicked. Even if Undo wasn’t an option, it would still be possible to manually reverse the change.

What really annoys me with Google Reader ...

There are comments.

read more ...

Technology is Applied Magic

December 08, 2007
tags: travel

A few hours ago, Rebecca and I were walking through the Schwabstrasse S-bahn stop in Stuttgart, and as we reached the escalator to go up, we felt a cold wind coming down from the street level.  I was wearing only a short-sleeve polo shirt and a pair of light pants, and so we stopped to put on warmer clothing.  Only a few hours earlier, we were having paella on a warm Malvarrossa beach in Valencia, Spain.

As we were putting on our jackets and gloves, Rebecca made a comment that reminded me of one of Arthur C. Clarke’s three laws:

Any sufficiently advanced technology is indistinguishable from magic.
She observed that we had not been outside since stepping out of our friends’ car and into the Valencia airport, and had we instead taken the Valencia metro to get to the airport, we would have been able to step underground in downtown Valencia and then return above ground in downtown Stuttgart, having not been outside and exposed to any sort of weather or natural light the entire distance across three countries. We were completely comfortable in the clothing we wore in the warm Valencian weather up until the point of reaching the Stuttgart street level, and that to me is amazing.

So I was pleasantly surprised as I came across this image while catching up on some of my RSS feeds:

Transit Map of the World’s Transit Systems

It’s a great little drawing, based on the London Tube map, that shows all of the worlds metropolitan mass transit systems either currently in existence or in the works.

The culmination of our technology, ranging from efficient metro systems to air travel to client control systems, is indistinguishable from magic for nearly everyone who’s lived before the 20th century (and even for certain people living in the 21st century, for that matter).

Image via strange maps.

There are comments.

read more ...