Monday, August 27, 2007

Ubuntu security bulletins (USN-503-1 - Thunderbird)

USN-503-1: Thunderbird Javascript flaws
Threat-level (*): Less-than-moderate

Affected Ubuntu versions:
  • Ubuntu 6.06 LTS
  • Ubuntu 6.10
  • Ubuntu 7.04
  • (and the corresponding versions of Kubuntu, Edubuntu, and Xubuntu)
Affected Thunderbird version:
  • mozilla-thunderbird 1.5
It's recommended that you perform (at least) a standard upgrade of your system to avoid possible:
  • Attacks based on malicious-emails (based on Thunderbird Javascript flaws):
    • arbitrary execution of applications placed on the attacked computer with the privileges of the user that opened the malicious mail
    • execution of arbitrary code with the privileges of the user
________
(*) = IMHO = It's just my opinion...

Nicola's resources: 1 - Ad networks


  • OpenAds it's not an ad network, but it provides an updated list of them.

[Click on the post title and scroll down to comment]

Sunday, August 26, 2007

Ubuntu security bulletins (USN-499-1 - Apache)

Today I inaugurate a new service: thanks to the Ubuntu Security Notices, I am able to provide an updated list of the Ubuntu vulnerabilities as they are discovered and posted to the ubuntu-security-announce mailing list.
I won't provide every report submitted to this list, but I think I'll select just the more interesting among them.

The first post is for the Apache-aholik ones:

USN-499-1: Apache vulnerabilities
Threat level (*): MODERATE

Affected Ubuntu versions:

  • Ubuntu 6.06 LTS
  • Ubuntu 6.10
  • Ubuntu 7.04
  • (and the corresponding versions of Kubuntu, Edubuntu, and Xubuntu)
It's recommended that you perform (at least) a standard upgrade of your system to avoid possible:
  • XSS attacks (consequences: data/passwords stealing and other minor threats)
  • Denial-of-service attacks
  • Apache signal handling flaws
________
(*) = IMHO = It's just my opinion...

Lock your kernel version

As most of the kernel "developers" are getting lazier, more selfish and blinder every-day, the result is that new kernel versions are really buggy and full of errors.

SOLUTION: "pin" your kernel version in Synaptic.
1. Select "linux-image-XXX"
2. Select the "Packages > Lock Version" menu item

...and now wait until the new versions that will come get stable...

Sunday, August 19, 2007

xFruits: RSS from/to everything
















xFruits.com is a very interesting service that permits to exploit the potential of your RSS feeds. Their site exposes some very interesting services based on RSS feeds:
  • Feed to PDF
  • Feed to Mobile
  • Feed to Mail
  • Mail to Feed
  • Feed to Voice (!)
  • Feed to OPML
  • OPML to Mobile
  • and, of course, feeds aggregation
But, above all, it permits to "chain" these services by building very useful mashups.
i.e. You can build a chain made of "Mail to Feed" + "Feed to Mobile" that lets you check your mail from your mobile phone.
The most impressive mashup it's probably RSS to Voice (powered by VocalFruits) which lets you create podcasts from blog posts, mail messages ("Mail to feed" + "Feed to Voice") and so on.
Available voices are English, French and Spanish, but you need a (paid) account at VocalFruits. This is a bad news/good news: when you create the account at VocalFruits you will be credited with 100 free vocal credits (I think each credit is equivalent to the conversion of, e.g. , one feed), so you have the possibility of evaluating this service before you invest some money.

Finally, these guys are continuously improving and creating new options for you to use with your feeds.

Saturday, August 18, 2007

Update to "Perderne un'altra"

Il tool in questione non è poi tanto usabile: in effetti non fa che scaricare dalla rete un'immagine dell'installer Debian. Immagine tramite la quale, al successivo riavvio del sistema, viene fatta partire l'installazione.
Sembra che per far ciò vada a scrivere su disco (ma non so dirvi dove) e a modificare l'MBR (Master Boot Record). Ergo: utilizzate un Live CD così, prima di installare, potete anche verificare la compatibilità hardware del vostro computer (inoltre vi risparmiate la scrittura dell'MBR e sul disco).

Friday, August 17, 2007

Perderne un'altra

Ecco un'altra buona cosa riguardante il mondo Linux e che finisce a genziane a causa del solito "Microsoft is the Enemy"...
Il tool proposto è un EXE che si scarica facendo click sull'immagine Debian: sembra veloce e usabile, oltrechè essere windows-friendly (da non sottovalutare quando ci si rivolge a un pubblico di utenti windows: li si rassicura già in partenza)...
MA...
Io direi che sarebbe anche ora di smetterla con i varii "Goodbye Microsoft", "Microsoft is Evil" e "Winzozz". Sembrerebbe proprio che Linux non riesca a vivere se non grazie a una costante (e noiosa) contrapposizione a Windows... Ora, se invece ci si concentrasse sul pubblicizzare le belle cose del mondo Linux (e ce ne sono parecchie!) e si lasciasse perdere Microsoft, allora si che si inizierebbe ad apparire seri, professionali e meritorii di essere presi in considerazione. Leggasi: "se si continua con l'atteggiamento Goodbye-Microsoft si fa pubblicità gratuita a Windows e contro-pubblicità altrettanto gratuita al mondo Linux". Il sito si sarebbe anche potuto chiamare "DebianWindowsInstaller.org" (nome bruttino, vabbè) e credo che avrebbe reso un miglior servizio a Debian e avrebbe attirato molti meno "faziosi" del pinguino (che paradossalmente ce l'hanno già installato) e invece molte più persone veramente interessate a cambiare sistema operativo.

Come dicevo: un'altra occasione persa...

[ UPDATE ]

I wanna be a Z(h)ero!

Spread Firefox


Found at "Spreadfirefox.com"
[This work is not mine: visit its original location]

Thursday, August 16, 2007

Skype is burning?

It seems that Skype.com is a bit overloaded (but it can also be Firefox: these days the fox isn't working very well).
But the worst thing is that the Skype client can't connect at all (however it seems it succesfully logs in. But nothing more than this...).
Any idea? Anyone knows the reasons behind these problems?
[UPDATE] Skype official explanation for the currently undergoing problems.
[UPDATE] Skype is back!

Sembrerebbe che Skype.com sia sovraccarico (però potrebbe essere anche che "Firefox is burning", specie ultimamente). Inoltre, cosa ancor peggiore, il client parrebbe non riuscire a connettersi.
Mumble mumble... si accettano ipotesi.
[UPDATE] Ecco la risposta: qui
[UPDATE] Skype è up sin da ieri notte tardi quando aveva già circa 3-4 milioni di utenti collegati. Stamani siamo a quota 5 milioni.

Blog Action Day

"Blog Action Day is based on the premise that if every blog posted on the same issue on the same day we could effectively change the conversation on the web that day" [found at "northxeast.com"].

This one really seems a really useful and clever idea.
Give it a chance to become a success.

Tuesday, August 14, 2007

Feeling Black - Retina


Original (awesome!) picture from tomooka: see the original.
Thanks to tomooka for his really great work and for distributing it under a CC license!
The "Retina" album also contains the "making of" of the illustration. You can see that lovely GIMP on my UbuntuStudio desktop (the album also contains the original picture I remixed).

Creative Commons License
Feeling Black - Retina is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.

Sunday, August 12, 2007

Ubuntu: Switch from Gnu GCJ and GIJ to Sun JRE

If you experienced (I did, grrrrr...) some problems like Eclipse not running very well (e.g. CPU at 100% all the time) or Java-based apps stopping with errors, well Alec the Geek has a possible solution (a definitive solution won't be born until the guys at the GNU Foundation will decide to stop messing around with "Free as in speach..." or "Free as in beach..." or "Libertè, Egalitè, Penguinitè" and maybe will turn back to writing code and FIX GIGANTIC BUGS).

The idea is simple and useful even for other needs: you point the wrappers to the Java compiler and the Java bytecode interpreter to the official Sun JRE, instead of using the GNU implementation (which is the default Ubuntu behavior).
You do that by using the following command, sudo update-alternatives --config java , and by choosing the Sun JRE from the list (only if you have installed it, of course...).

Guys, repeat with me: "Thaaanks Aleeec"

Wednesday, August 8, 2007

TCS vs TCB

Quando inizi a scrivere TCS (Tiscali Customer Service) al posto di TCB (Task Control Block), considera l'ipotesi di abbandonare le "tue" (!) creature fatte di bits al loro destino (almeno per un pò, sigh!) e di dedicarti a del sano sport... o magari a delle relazioni inter-personali che non abbiano come medium MSN (anche se io uso Pidgin, tiè!).

Al solito, un link per voi, tanto per gradire: Cleversafe Open Source Community

Monday, August 6, 2007

Make two different Thunderbird versions cohabit in the same Ubuntu installation

In my recent post "Make two different Firefox versions cohabit in the same Ubuntu installation" I explained why (and how) I have two different Firefox installations sharing the same settings, bookmarks and add-ons.
This time things get a little more tricky, but don't worry and let's get the party started.
  1. Download Thunderbird
  2. Unzip to your home directory (tar xf thunderbird-2.0.0.6.tar.gz , TAB is your friend, use TAB)
  3. Now you have to make mailboxes, settings and the other stuff be shared between your two Thunderbird installations (the "native" one and the "new" one). NOTE: follow these steps before you start your newly downloaded Thunderbird
    1. Locate in your home directory the folder ".mozilla-thunderbird" (you must select "View > Show hidden files" or press "Ctrl + H" if you are using a file manager)
    2. Look at the files that the folder contains: we are interested at the file "profiles.ini" and at a folder named "XXXXXX.default" or "default.XXXXXX" (where "XXXXXX" can be "whatever-Thunderbird-decided" sequence of letters and numbers)
    3. We must link this folder and "profiles.ini" to the folder "/home/$USERNAME/.thunderbird" (if this folder doesn't exist, create it):
      1. cd
      2. ln -s ./.mozilla-thunderbird/profiles.ini ./.thunderbird/profiles.ini
      3. ln -s ./.mozilla-thunderbird/XXXXXX.default ./.thunderbird/XXXXXX.default
  4. Start Thunderbird: /home/$USERNAME/thunderbird/thunderbird
NOTE: You can use both Thunderbird installations and this HOWTO can be applied to any version of Thunderbird and Firefox. This comes pretty useful especially when testing beta (and/or alpha) versions of the two products.

As previously said: let me know if that works (it seems that my comments aren't accessible from the home-page of the blog: to comment you must open the post in its own window by clicking the post title and scroll the page down until you see the "Comments" box).