## September 29, 2006

### Security

As I was was about to leave work on Thursday, I got an email from the Department’s Computer Administrator. The ITS people had noticed a bandwidth issue with golem, which I would have to attend to. But, at the bottom of the email, he wrote

Also [ITS person] stated that your machine was used to attack some other machine off campus and that person wasn’t very happy.

I went home rather shaken. Had my computer been hacked? I’d noticed nothing amiss. But, if others were seeing attacks emanating from my machine …

So I spent the evening poring over system logs and searching for clues as to what might have taken place. Finally, the next morning, I managed to get ahold of the aforementioned ITS person and he had a somewhat different take on the story:

The person who called us just stated that he ran a web site and saw what he thought was an attack against his web server originating from the golem.ph server. I tried to refer him to the security office, but he was adamant about not taking the issue to them. He also was not interested in leaving contact information so we could call him back after investigating.

The way I figure it, if the web admin didn’t think it was important enough to provide details on the attack or contact information, then I wouldn’t worry too much about this supposed “attack”.

Whew! I guess I dodged a bullet on that one. But it did prompt me to finally get Tripwire up and running on MacOSX.

In other security news, the previous day, I hastily upgraded to Movable Type 3.3, in response to their, rather dire, security announcement. Looking at the changes, it appears that there were some rather serious flaws in the way MT handled some user input. If you’re running an old version, it might be time to upgrade …

[Hmmm… Seems there’s something wonky about the XML-RPC interface after the upgrade.]

Finally, just because I could, I also upgraded to the latest version of OpenSSH. I was rather disconcerted to find that, for once, it didn’t compile cleanly. Instead, I needed

--- auth.h.orig 2006-08-18 09:32:46.000000000 -0500
+++ auth.h      2006-09-28 00:49:38.000000000 -0500
@@ -28,6 +28,8 @@
#ifndef AUTH_H
#define AUTH_H

+#include "key.h"
+# include "hostfile.h"
#include <signal.h>

#include <openssl/rsa.h>

Oh, and I suppose I could mention the various security fixes in MacOSX 10.4.8, but I won’t.

## September 8, 2006

### Venus

As the eagle-eyed among you may already have noticed, Planet Musings is now powered by Sam Ruby’s Venus. What Sam achieved with Planet was nothing short of amazing. One could take a dog’s breakfast1 of syndication feeds as input and produce unfailingly well-formed XHTML(+MathML) output.

Venus is a rewrite (the second planet …), with better performance and a host of new features, like themes and filters (which can be applied on a per feed basis).

I’ve already started to use some of these new features to clean up Planet Musings. More will follow as the Venus code stabilizes. [As of this writing, there’s a nasty bug, which is leaving Planet Musings in a rather ugly state. Fixed.]

Perhaps one of the coolest things is Sam’s determination to make this a community effort. After I emailed him a few patches and suggestions, he cajoled me into setting up my own branch of Venus, where I could commit whatever changes I wanted, and he could pick them up at his leisure.

1 And I do mean a dog’s breakfast. Why, oh why can’t WordPress produce a decent Atom feed?

Posted by distler at 3:22 AM | Permalink | Followups (1)

## September 4, 2006

### Crikey!

Too busy with other stuff to finish the several half-written blog posts on my computer. So, instead, I’ll point you to some interesting discussions at The String Coffee Table.

Thomas Thiemann wrote a rejoinder to Hellings and Policastro and the papers by Nicolai et al (I, II). Anyone who’s spent any time looking at the literature on LQG quantization comes away with a a lot of serious questions. Theimann’s paper is billed as an attempt to respond to those questions. So it seems like a salutory time to reach out and start a serious dialogue on the issues raised.

Aaron Bergman has two posts, in which he poses a series of questions about selected points in Thiemann’s paper. The first is about the LQG quantization of the harmonic oscillator (one of the examples tackled by Hellings and Policastro). See also Robert Hellings’ response to Thiemann.

Aaron’s second post is about the so-called Master Constraint Programme, the subject of a series of five papers by Dittrich and Thiemann (I, II, III, IV, V).

Even in the simplest possible case: a finite-dimensional phase space, with first-class constraints, their proposal doesn’t seem to work.

On a completely different note, I was sad to wake up this morning to learn of the death of Steve Irwin. My kids loved his show (as did I). He brought a infectious enthusiasm to the somewhat tired genre of the “nature documentary.” He died, as he lived, getting as close as humanly possible to the wildlife he was filming.

Danger, danger, danger!

Posted by distler at 11:59 AM | Permalink | Followups (2)