Archive for October, 2006

Doing things the hard way

October 22nd, 2006 by Sjan Evardsson

After much fighting with XMail, and repeated failure I fell back on the MTA I know best (), and the local delivery and authentication I know least (mostly because prior to installing XMail on the old server I never had to bother with it.)

So, after checking around I found a fairly well-documented Postfix + Courier-IMAP + SASL + MySQL How-To for Gentoo. While it is specefic in some regards to Gentoo, the majority of the instructions should be fairly straightfoward to transfer to other *nixes.

Anyway, mail is working again, at least mostly. I still need to replace some aliases and a distribution list, but that’s all pretty simple normally, and with the MySQL db added in the mix it gets even easier, since Postfix is looking to the db for virtual domains, users, aliases, relocated mappings, everything. How much simpler can it get?

Now, if there were just one package that combined all the mail functions (kind of like XMail) and integrated with MySQL and came with decent documentation and installed from one package … Maybe Courier will move beyond version 0.53 someday and become more of a player.

New Server, Xmail pains

October 21st, 2006 by Sjan Evardsson

Replacing the old PIII 733MHz server with a slightly less old PIII 1GHz server was mostly very straightforward. That in and of itself doesn’t seem like much, until you consider that the old server was running a stripped out Vector with a chrooted lampp, and the replacement is running Gentoo with the traditional-one-tool-at-a-time type installation.

It was mostly simple, since every single tool I use has a Gentoo ebuild. Everything seemed to be going just fine, until I discovered the hard way that the Gentoo ebuild for XMail is b0rked. :-/

Well, since it is way past my bedtime I am going to put it down for the night and try to tackle it tomorrow. But, until I get it working all mail to evardsson.com and talkingfox.com will bounce. Sorry.

Interview with some of the biggest

October 10th, 2006 by Sjan Evardsson

In an article titled “Stiff asks, great programmers answer,” blogger Jarosaw “sztywny” Rzesz√≥tko gets answers from some of the most influential programmers of the day. Includes responses from Linus Torvalds (Linux), Bjarne Stroustrup (C++), James Gosling (Java), Tim Bray (XML, Atom), Guido Van Rossum (Python), Dave Thomas (Pragmatic Programmer), David Heinemeier Hansson (Rails Framework), and Googlers Steve Yegge and Peter Norvig.

While there are a good deal of serious answers about tools, platforms, methods, skills and so forth, the gem that made me chuckle was the response from Guido Van Rossum to the question “What do you think is the most important skill every programmer should posses?”:

I guess being able to cook an egg for breakfast is invaluable.

Zero-Day Exploit Alert: WebViewFolderIcon setSlice Vulnerability

October 4th, 2006 by Sjan Evardsson

This is a Critical exploit, capable of executing code as the user running Internet Explorer. Reports of this in the wild as well as a temporary patch can be found at the Internet Storm Center.
From the eEye Digital Security Alert:

The PoC is an integer overflow-based heap overflow, in the DSA_SetItem function in COMCTL32.DLL. An arithmetic overflow can occur during multiplication to calculate the desired size for a call to ReAlloc, that isn’t reproduced during a subsequent call to memmove, so the allocated size can be smaller than the copy size and result in a heap buffer overflow. …

This vulnerability can result in remote code execution in the context of the logged in user. In order to exploit this an attacker must create a malicious website or leverage a site that allows for custom user content.

While the vulnerability was posted on the Browser Fun Blog on July 18th, the exploit first appeared over the weekend. The Microsoft Security Advisory has details on how to patch manually and how to apply the manual change to group policy.

Affects:

  • Windows 2000 Service Pack 4
  • Windows XP Service Pack 1
  • Windows XP Service Pack 2
  • Windows Server 2003
  • Windows Server 2003 Service Pack 1
  • Windows XP Professional x64 Edition
  • Windows Server 2003 for Itanium-based Systems
  • Windows Server 2003 with SP1 for Itanium-based Systems
  • Windows Server 2003 x64 Edition

Surf carefully

October 3rd, 2006 by Sjan Evardsson

Although it has been said many, many times, be careful how you surf. Make sure your machine is patched, you have anti-virus and spy ware blockers, blah blah blah.

Well, if a picture is worth a thousand words, then maybe this video will shed some light on the subject (sorry – it is an ad for McAfee, which I neither use nor recommend – just my personal preference) .