I am proud to announce that python-argvalidate has hit Debian unstable yesterday.
This does not only mean that you can install argvalidate on Debian-based systems more easily now, but also that python-argvalidate has met the strict criteria of the Debian Free Software Guidelines, and as such has been confirmed to be Free Software.
Also, I wanted to let you know that I am maintaining the Debian package itself, which means that updates to python-argvalidate itself will be included in Debian as fast as possible, usually within two days.
2009-03-29
How using proprietary software can affect system security
There has been a lot of discussion on whether Free Software is more secure than proprietary software, but I have an additional argument that shows how the use of Free Software can improve system security.
Now you probably expect me to come up with a pure technical reason showing superiority of Free Software, but I am taking another path this time: let's talk about user trust.
Now you probably expect me to come up with a pure technical reason showing superiority of Free Software, but I am taking another path this time: let's talk about user trust.
2009-03-26
A possible attack - what to do about this?
Just as I wanted to start writing an article here and I entered the URL of this blog into my browser I got no response from the webserver, zero, nothing.
First I thought the PHP fastcgi process for this virtual host died, but a quick check on another virtual host suggested that something else was going on.
So I guessed the lighttpd process itself must be experiencing problems of some sort, but after doing a "netstat -nat" I knew what was going on:
tcp6 1 1 83.65.62.72:80 61.135.190.248:12474 LAST_ACK
tcp6 1 1 83.65.62.72:80 61.135.190.234:39671 LAST_ACK
tcp6 1 1 83.65.62.72:80 61.135.190.253:39211 LAST_ACK
tcp6 1 1 83.65.62.72:80 61.135.190.234:55160 LAST_ACK
tcp6 1 1 83.65.62.72:80 61.135.190.230:25836 LAST_ACK
tcp6 1 1 83.65.62.72:80 61.135.190.231:16865 LAST_ACK
tcp6 1 1 83.65.62.72:80 61.135.190.232:24266 LAST_ACK
tcp6 1 1 83.65.62.72:80 61.135.190.240:38441 LAST_ACK
tcp6 1 1 83.65.62.72:80 61.135.190.243:17726 LAST_ACK
tcp6 1 1 83.65.62.72:80 61.135.190.241:38206 LAST_ACK
tcp6 1 1 83.65.62.72:80 61.135.190.251:23892 LAST_ACK
tcp6 1 1 83.65.62.72:80 61.135.190.225:29675 LAST_ACK
Plus "a few" more of those. Now I'm not entirely sure whether it's just some systems misbehaving or actually an attack, but my feelings told me this could have been intentional after all.
I did a quick whois on one of those IP addresses and came up with the 61.135.0.0/16 network which is owned by China Network Communications Group Corporation.
As the connections were made from pretty much every host in that network I had two choices: sit it out or block it.
I came to the conclusion that blocking the entire subnet from connecting to this system, at least temporarily, might be a viable solution and so I did.
However, afterwards I am asking myself whether I really had to block an entire 16-Bit network, so I am asking you: how do you handle such situations usually?
First I thought the PHP fastcgi process for this virtual host died, but a quick check on another virtual host suggested that something else was going on.
So I guessed the lighttpd process itself must be experiencing problems of some sort, but after doing a "netstat -nat" I knew what was going on:
tcp6 1 1 83.65.62.72:80 61.135.190.248:12474 LAST_ACK
tcp6 1 1 83.65.62.72:80 61.135.190.234:39671 LAST_ACK
tcp6 1 1 83.65.62.72:80 61.135.190.253:39211 LAST_ACK
tcp6 1 1 83.65.62.72:80 61.135.190.234:55160 LAST_ACK
tcp6 1 1 83.65.62.72:80 61.135.190.230:25836 LAST_ACK
tcp6 1 1 83.65.62.72:80 61.135.190.231:16865 LAST_ACK
tcp6 1 1 83.65.62.72:80 61.135.190.232:24266 LAST_ACK
tcp6 1 1 83.65.62.72:80 61.135.190.240:38441 LAST_ACK
tcp6 1 1 83.65.62.72:80 61.135.190.243:17726 LAST_ACK
tcp6 1 1 83.65.62.72:80 61.135.190.241:38206 LAST_ACK
tcp6 1 1 83.65.62.72:80 61.135.190.251:23892 LAST_ACK
tcp6 1 1 83.65.62.72:80 61.135.190.225:29675 LAST_ACK
Plus "a few" more of those. Now I'm not entirely sure whether it's just some systems misbehaving or actually an attack, but my feelings told me this could have been intentional after all.
I did a quick whois on one of those IP addresses and came up with the 61.135.0.0/16 network which is owned by China Network Communications Group Corporation.
As the connections were made from pretty much every host in that network I had two choices: sit it out or block it.
I came to the conclusion that blocking the entire subnet from connecting to this system, at least temporarily, might be a viable solution and so I did.
However, afterwards I am asking myself whether I really had to block an entire 16-Bit network, so I am asking you: how do you handle such situations usually?
2009-03-24
python-argvalidate 0.9.0 released
Even though I planned providing a release candidate first, which can be seen in the project's Mercurial changelog I have released python-argvalidate 0.9.0 today. Tarballs can be obtained from the Python Package Index (pypi), as usual.
2009-03-17
Presented in H^H^H^H^HIPv6
I just wanted to let you know that this blog (actually all webpages I am hosting) are now accessiable via IPv6. Additionally, my mail-server now also accepts IPv6 SMTP and IMAP connections, allowing communication with the IPv6-world.
The setup uses SiXXs as tunnelbroker, with AMIS being the SiXXs PoP in use.
If you experience any problems with the services I am providing via IPv6, please let me know, either via a comment to this article or an email to ipv6@sp-its.at.
The setup uses SiXXs as tunnelbroker, with AMIS being the SiXXs PoP in use.
If you experience any problems with the services I am providing via IPv6, please let me know, either via a comment to this article or an email to ipv6@sp-its.at.
Freedom blog reloaded launch
Welcome to my new blog, "freedom blog reloaded".
Now with this first article I would like to elaborate on the name of the blog, the purpose and what you are likely to find here in the future.
Okay, let's start straight ahead with the name of the blog. Freedom in the blog's name refers to Free Software, which is going to be the main topic of the articles you will find here.
I would like to keep you informed about my involvement in the Free Software community and hopefully provide you with some useful information when it comes to configuring and running Free Software.
Now you might still ask what the "reloaded" part in the blog's name is about. Well, I have done some blogging in the past, but due to various reasons didn't have the time to provide my readers with a constant flow of articles, but this should change now. I am planning on regularly keeping you informed.
On to the last thing I wanted to write about: the kind of articles you are likely to find here in the future.
I am planning on writing posts on development in the Free Software community, updates to the Debian GNU/Linux packages I either maintain or co-maintain, the projects I am working on and last but not least some tips and tricks when it comes to day-to-day operation.
Lastly, as this is a blog dedicated to Free Software it's a good idea to let you know that this blog is being run on a Free Software stack completely and I am using Free Software only to write articles.
The setup is as follows: Running on a Debian GNU/Linux system is lighttpd, my webserver of choice, and builds, along with PHP5 and MySQL, the base for running Wordpress, a blogging system written in PHP.
For writing articles I am using, guess what, a browser, namely Iceweasel (also known as Firefox to non-Debian users), running on my Debian GNU/Linux workstation.
I guess that's it for now. As a last note I would like to point out that even though comments have been disabled for this article I will enable them for all posts where discussion makes sense.
-- Stephan
Now with this first article I would like to elaborate on the name of the blog, the purpose and what you are likely to find here in the future.
Okay, let's start straight ahead with the name of the blog. Freedom in the blog's name refers to Free Software, which is going to be the main topic of the articles you will find here.
I would like to keep you informed about my involvement in the Free Software community and hopefully provide you with some useful information when it comes to configuring and running Free Software.
Now you might still ask what the "reloaded" part in the blog's name is about. Well, I have done some blogging in the past, but due to various reasons didn't have the time to provide my readers with a constant flow of articles, but this should change now. I am planning on regularly keeping you informed.
On to the last thing I wanted to write about: the kind of articles you are likely to find here in the future.
I am planning on writing posts on development in the Free Software community, updates to the Debian GNU/Linux packages I either maintain or co-maintain, the projects I am working on and last but not least some tips and tricks when it comes to day-to-day operation.
Lastly, as this is a blog dedicated to Free Software it's a good idea to let you know that this blog is being run on a Free Software stack completely and I am using Free Software only to write articles.
The setup is as follows: Running on a Debian GNU/Linux system is lighttpd, my webserver of choice, and builds, along with PHP5 and MySQL, the base for running Wordpress, a blogging system written in PHP.
For writing articles I am using, guess what, a browser, namely Iceweasel (also known as Firefox to non-Debian users), running on my Debian GNU/Linux workstation.
I guess that's it for now. As a last note I would like to point out that even though comments have been disabled for this article I will enable them for all posts where discussion makes sense.
-- Stephan
2008-10-16
How Email encryption for the broader public could be realized
After reading the Every Email In UK To Be Monitored article and its comments over at Slashdot I once again felt like encrypting each and every Email I send using GPG/PGP. Now for this encryption to work the person I am sending a message to would need to have GPG/PGP set up too. A lot of technical-minded people already have this set up, but I can not expect everyone to be using encryption.
The reason for not everyone using GPG/PGP for encrypting their emails might be that, even though GPG/PGP have become a lot more usable for the end-user in the last few years, these programs are probably still too technical and thus hard to understand for non-technical users.
This is when I thought a little about how people could be made using public key encryption for E-Mails. After a bit of brain-storming an idea came to my mind, an idea I would like to present you with.
Basic idea
What about creating a program acting as both SMTP and POP3/IMAP proxy server that included all the logic to do encryption and would encrypt/decrypt messages transparently?
If this logic was moved out of Email clients we could get a solution working universally for each and every Email client out there.
The reason for not everyone using GPG/PGP for encrypting their emails might be that, even though GPG/PGP have become a lot more usable for the end-user in the last few years, these programs are probably still too technical and thus hard to understand for non-technical users.
This is when I thought a little about how people could be made using public key encryption for E-Mails. After a bit of brain-storming an idea came to my mind, an idea I would like to present you with.
Basic idea
What about creating a program acting as both SMTP and POP3/IMAP proxy server that included all the logic to do encryption and would encrypt/decrypt messages transparently?
If this logic was moved out of Email clients we could get a solution working universally for each and every Email client out there.
Subscribe to:
Comments (Atom)