Linux

Hanno's Blog

Saturday, September 20. 2008

Free software, proprietary maps?

If you didn't know it, today is Software Freedom Day.

Just noticed that, when you surf to http://cgi.softwarefreedomday.org/map.shtml to look if there's something happening around you on SFD, you'll get a proprietary google map.

It seems that the organizers of the SFD can't look beyond one's own nose. I often saw this behaviour in parts of the free software movement (being ignorant about proprietary stuff if it's not software), but found this example especially frightening, as we have a well working alternative.
Posted by Hanno Böck in Computer culture, English, Linux at 07:33 | Comments (3) | Trackbacks (0)
Defined tags for this entry: , , ,

Friday, September 19. 2008

New T61 Laptop (8895WFJ)

T61Today my new IBM/Lenovo Thinkpad T61 8895WFJ laptop arrived. While my P30 did a good job, it really was time to replace it.

I'm currently in the phase of installing Gentoo and getting used to the device, but I think it was a very good choice.

Beside the fact that Lenovos are probably popular for a reason, the 1400x1050-resolution, the well Linux-supported Intel-graphics and a quite acceptable weight (2,4 kg) were reasons for this model. I'm still in favour of 4:3 screens, because if you wanna have a 16:10 one with a decent resolution (e. g. > 1000 pixels height) they become either very expensive or very heavy. I still wonder why no vendor seems to produce 4:3 screens any more (from my research, not a single Montevina laptop has 4:3).

Some time soon you'll probably find some documentation about Linux on the T61 8895WFJ at http://www.int21.de/t61/.
Posted by Hanno Böck in English, Gentoo, Linux at 00:10 | Comments (5) | Trackback (1)
Defined tags for this entry: , , , , , ,

Sunday, September 7. 2008

Fuzzing is easy

I recently played around with the possibilities of fuzzing. It's a simple way to find bugs in applications.

What you do: You have some application that parses some kind of file format. You create lots (thousands) of files which have small errors. The simplest approach is to just change random bits. If the app crashes, you've found a bug, it's quite likely that it's a security relevant one. This is especially crucial for apps like mail scanners (antivirus), but pretty much works for every app that parses foreign input. It works especially well on uncommon file formats, because their code is often not well maintained.

My fuzzing tool of choice is zzuf.

I am impressed and a bit shocked how easy it is to find crashers and potential overflows in common, security relevant applications. My last discovery was a crasher in the chm parser of clamav.
Posted by Hanno Böck in Code, English, Linux, Security at 19:17 | Comments (0) | Trackbacks (0)
Defined tags for this entry: , , ,
(Page 1 of 1, totaling 3 entries)

About

This blog is written by Hanno Böck. Unless noted otherwise, its content is licensed as CC0.

You can find my web page with links to my work as a journalist here.

I am also publishing a newsletter about climate change and decarbonization technologies.

The blog uses the free software Serendipity and is hosted at schokokeks.org.

Hanno on Mastodon | Contact / Imprint | Privacy / Datenschutz