OpenSSL Security Advisory

Submitted by jbreland on Wed, 10/01/2003 - 14:47

A DoS vulnerability exists in all versions of OpenSSL prior to 0.9.6k and 0.9.7c. Upgrading as soon as possible is recommended. Read the full advisory for more information.

Also, on an unrelated note, two recent vulnerabilities in OpenSSH were discovered. This is a couple weeks old now, but definitely important enough to mention here. Short story: upgrade to OpenSSH 3.7.1p2 ASAP. For more information, read the original advisory, as well as the newer portable advisory.

Security Expert Geer Sounds Off on Dismissal

Submitted by jbreland on Wed, 10/01/2003 - 09:17

For those not up to speed on this story, last week Dan Greer (CTO of security consultant @stake) and several others released a report entitled "Cyber Insecurity: The Cost of a Monopoly," in which they discussed the security issues related to Microsoft's market dominance (actual report can be found on the CCIA homepage).

Surprisingly, Greer was fired from his position as CTO of @stake one day after releasing the report. Why? Although @stake denies any involvement, Microsoft is one of their largest customers. Hmm... piss off a client in legitimate research and get fired? Wonderful.

So now, one week later, Greer himself has finally been interviewed about this. You can read the full story here. Although it's nothing earth-shattering, it does sum up the incredulity of the whole situation. Definitely worth a read.

Submitted by jbreland on Tue, 09/30/2003 - 15:52

Here's an interesting new twist on the MS Anti-trust settlement. Basically, MS owes CA customers $1.1 billion dollars as repayment for their uncompetitive practices. Not one to miss an opportunity, CEO Michael Robertson setup MSfreePC.comwhere "eligible consumers who act quickly can receive their share of the $1.1 billion settlement." See the site for additional details.

MS, however, did not take kindly to this, and sent a cease-and-desist letter threatening legal action. Michael Robertson has just replied with his own press release, and while I'm not personally a fan of Lindows, this is a very worthwhile read. It very nicely sums up many of the "issues."

China looks into Windows code

Submitted by jbreland on Tue, 09/30/2003 - 08:24

Yes, I've been lazy about updating the site. Lots going on lately. Got a couple new items for you today, though, beginning with ...

China is about to begin studying the source code for Microsoft Windows. This is part of an effort to verify the security of the platform, as well as ensure that there are no "backdoors" into the OS for any U.S. agencies to exploit.

Now, I'm all for security, but am I the only one that feels this is a bad idea? Considering that Windows (unfortunately) runs ~90% of our nation's computers, do we really want the Chinese government to have full access to the source code? Especially when our own government does not? Especially when during the antitrust trials Microsoft said themselves that the source code cannot be released for the sake of national security?

Hmm... Could it be that maybe they care more about making sales than our own national security? Nooo, not MS. With programs like Microsoft's Government Security Program, which includesmore than 30 "countries, territories, and organizations (though no mention of the U.S.)," how could one even think it?

Read the full story here.

Sharp Zaurus SL-C750 Review

Submitted by jbreland on Fri, 09/05/2003 - 07:56

A new review has been posted for the Zaurus SL-C750. This PDA (as are all C-7xx PDAs) is only available in Japan through Sharp, but the folks at have translated the OS and applications into English, provide lifetime warranty, etc.

This is a detailed and very favorable review of the device (actually, all reviews I've read have been quite favorable, but some others tended to be a bit more reserved), and is well well worth the read if you're currently considering a new PDA.

Here's the full review. Server Status

Submitted by jbreland on Fri, 09/05/2003 - 07:09

The main server is currently down. For various reasons, a complete OS reinstall will be necessary, and it will take a few days to complete this.

In the interim, I've migrated all server duties over to an old laptop. The website and e-mail should remain fully functional through the upgrade, with the exception of the SSH Applet module. If anyone notices a problem I have overlooked, please let me know ASAP.

I expect to have everything migrated back to the main server by no later than Monday, 09/08/03. Thanks for your patience.

The Age of Corporate Open Source Enlightenment

Submitted by jbreland on Thu, 09/04/2003 - 08:52

The Age of Corporate Open Source Enlightenment | 2003-09-04 08:52:54 | This article discusses the steadily growing creep of open source software into corporate America from a religous (Linux-zealot vs. Windows-heretic) viewpoint. It's a fairly long article, but it's very well written, highly accurate, and an entertaining read. Be sure to check it out.

Full story

Rockin' on without Microsoft

Submitted by jbreland on Wed, 08/20/2003 - 09:24

C|Net is carrying an interview with Sterling Ball, CEO of Ernie Ball, one of the leading guitar manufacturers in the world. A couple years ago, Ernia Ball made headlines by being one of the first major companies to completely switch away from Microsoft, focusing mostly on Linux and other free software.

This interview discusses what caused them to switch, how they've faired, and some of his thoughts on the future.

I want to mention that this interview is quite educational (you rarely hear a CEO speak this way), and definitely worth taking the time to read.

Here's the full interview.