Tuesday, September 18th, 2007
The Chinese government has outlawed the practice of reincarnating for Buddhist monks in Tibet without their permission.
In one of history’s more absurd acts of totalitarianism, China has banned Buddhist monks in Tibet from reincarnating without government permission. According to a statement issued by the State Administration for Religious Affairs, the law, which goes into effect next month and strictly stipulates the procedures by which one is to reincarnate, is “an important move to institutionalize management of reincarnation.” But beyond the irony lies China’s true motive: to cut off the influence of the Dalai Lama, Tibet’s exiled spiritual and political leader, and to quell the region’s Buddhist religious establishment more than 50 years after China invaded the small Himalayan country. By barring any Buddhist monk living outside China from seeking reincarnation, the law effectively gives Chinese authorities the power to choose the next Dalai Lama, whose soul, by tradition, is reborn as a new human to continue the work of relieving suffering.
From Wikipedia’s article on the Dalai Lama:
Despite its officially secular stance, the government of the People’s Republic of China (PRC) has claimed the power to approve the naming of high reincarnations in Tibet. This decision cites a precedent set by the Qianlong Emperor of the Qing Dynasty, who instituted a system of selecting the Dalai Lama and the Panchen Lama by means of a lottery which utilised a golden urn with names wrapped in barley balls. Controversially, this precedent was called upon by the PRC to name their own Panchen Lama. The Dalai Lama and the majority of Tibetan Buddhists in exile do not regard this to be the legitimate Panchen Lama. The Dalai Lama has recognized a different child, Gedhun Choekyi Nyima, as the reincarnated Panchen Lama. This child and his family have been taken into ‘protective custody’ according to the PRC, and all attempts by members of the EU parliament and US government to garner guarantees of the family’s safety have been denied by the PRC. There is some speculation that with the death of the current Dalai Lama, the People’s Republic of China will attempt to direct the selection of a successor, using the authority of their chosen Panchen Lama.
The current Dalai Lama has repeatedly stated that he will never be reborn inside territory controlled by the People’s Republic of China, and has occasionally suggested that he might choose to be the last Dalai Lama by not being reborn at all. However, he has also stated that the purpose of his repeated incarnations is to continue unfinished work and, as such, if the situation in Tibet remains unchanged, it is very likely that he will be reborn to finish his work. Additionally, in the draft constitution of future Tibet, the institution of the Dalai Lama can be revoked at any time by a democratic majority vote of two-thirds of the Assembly. The 14th Dalai Lama has stated, “Personally, I feel the institution of the Dalai Lama has served its purpose.”
Saturday, September 15th, 2007
I finally found a good Bittorrent client for Debian. Freeloader. The original homepage doesn’t appear to be live anymore, so perhaps it is unmaintained. But, it’s written in Python, so if I need some functionality that it doesn’t have, I can just add it myself. Here’s a screenshot:
Things that are missing (which I’ll probably add myself):
- Direct downloading of torrents by retrieving a .torrent URL
- Auto resuming when I’ve closed down the client.
- Auto (or manual) downloading of torrents via RSS
- Automatic seeding upto a certain ratio
Thursday, September 13th, 2007
NU.nl reports about a (English) Report about the safety of the web. In it, CA reports:
Browsers are one of the most commonly used applications today. Many people believe that Mozilla Firefox is more secure than Microsoft Internet Explorer, but their vulnerabilities are on par. In the first half of 2007, NIST reported 52 vulnerabilities in Internet Explorer of which half were medium or high severity. And there were 53 vulnerabilities reported in Firefox of which almost half were medium or high severity.
The numbers are climbing. In 2006, 96 vulnerabilities were reported in Internet Explorer and 103 reported in Firefox.
Even less popular browsers have more security holes. More than double the vulnerabilities have been reported in the Opera browser. NIST reports 14 vulnerabilities this year versus seven last year, and more than half of this year vulnerabilities are medium or high severity.
Apple Safari has 19 newly reported vulnerabilities this year nearly twice the number reported last year, and half of them are medium or high severity.
When will researchers understand that the number of vulnerabilities reported / fixed are not a good way to determine how secure an application is? The problem is either that these people don’t understand software development, or that these people wish to backup their pre-determined claims with hard evidence, so they start looking at reported vulnerabilities. It doesn’t work that way, unfortunately. There are way too many variables not accounted for:
- First off, where are the sources for their data? They only mention NIST, but no criteria they looked at at all. This immediately invalidates their findings.
- They look at ‘reported’ vulnerabilities, but these are third-party reports. Does NIST only reports vulnerabilities listed in the application’s release notes?
- Do these statistics include reported, but unfixed bugs? Firefox maintains an open bug reporting facility where every user can report bugs. Not all of those vulnerabilities may have been fixed. Are those included in the statistics? If so, how can they compare those reports against the reports done on a closed bugtracking system such as IE, Safari and Opera?
- Where is the proper trend analyses? “In 2006, 96 vulnerabilities were reported”. Trend analyses should be done over multiple years, IMHO.
- What were the severities of the reported/fixed vulnerabilities? For all we know, IE had 100 minor problems that were only exploitable when the moon was full and it was friday the 13th, but Firefox had 50 extremely severe vulnerabilities.
- What are the sources for the severities? The vendor? Hardly reliable information, as vendors like to downplay their own vulnerability’s severity.
- The report doesn’t take in account the user-base of the products. Nobody uses Firefox, Safari and Opera, whereas everybody uses Internet Explorer. That makes it a much bigger target for black-hat exploiters. No, it doesn’t say anything about the security of a product from a technical point of view, but it does from a practical point of view.
- The report mentions, briefly, the security of third-party browser plugins such as Flash, Java, etc. But they make no relation to the different browsers. Firefox has a very easy to install and use Flash / Java blocker. It also has a very good Javascript blocker. Javascript is probably the number one source of vulnerabilities in Firefox. Since it’s not installed by default, I can understand they don’t focus on this, but at least the security potential for Firefox is higher because of this.
- No mention is made about ActiveX. ActiveX only works on Internet Explorer and is a HUGE contributor to security vulnerabilities.
- One of the most important things: Reality! People like to ignore it (which I can understand), but that doesn’t mean it doesn’t exist. How many vulnerabilities have actually led to exploits in the wild?
In defence of CA, their report doesn’t specifically say that Internet Explorer, Safari, Firefox or whatever is more secure than the other. They just imply it. As usual, media outlets are twisting the view on reports in order to make for better news and scare-mongering.
Wednesday, September 12th, 2007
Today, I was quite mystified by a very slow running query. There was a table named ‘bar’ with about 3000 rows. I wanted to list all the rows that had a duplicate value for a certain field (‘foo’), and only those rows. The solution was to build a query that selected the rows where the value of the ‘foo’ field was in the results of a subquery that selected ‘foo’ for duplicate values of foo. The query finally looked something like this:
SELECT
foo
FROM bar
WHERE foo IN (
SELECT
foo
FROM bar
GROUP BY foo
HAVING count(foo) > 1
)
The inner query (explained in this post) was very fast, and returned only two rows. The outer query, when I ran it like this:
SELECT foo FROM bar WHERE foo IN (1, 2);
also ran very fast. However the combination of the two was extremely slow. I thought this was weird, since there were only two results in the inner query. A colleague of mine and me took a look at the EXPLAIN of the query, and found out it was actually doing a full join of 3000×3000 rows. The use of HAVING threw me off because it appeared in the inner join. But HAVING is always applied very late in the execution process, just before the results are sent to the client. This means MySQL doesn’t even look at the HAVING to optimize queries. From the manual:
The HAVING clause is applied nearly last, just before items are sent to the client, with no optimization.
Putting an index on the ‘foo’ column solved the speed problem, though it’s still not as fast as it could be because it’s still doing a JOIN on ‘foo’ with itself, only this time only doing 2×3000 rows.
Sunday, September 9th, 2007
A link related to the previous post: The Aluminum Foil Deflector Beanie.
Thanks Aczid.
Sunday, September 9th, 2007
Did you know that, after World War II came to an end, a secret organisation called “Gladio“, funded by the CIA and NATO, was brought to life in Europe in order to (amongst other things) neutralise communistic influences? The organisation spanned almost the whole of West-Europe, including countries such as Belgium, Germany, The Netherlands, France, the Scandinavian countries and more.
The organisation varied widely between countries and remained active (officially) until 1992 in at least the Netherlands. In some countries, the network deteriorated into terrorist organisations. Evidence has been found that in Italy, the organisation was involved in a bombing on the Italian Military Corps. In 1983 the Dutch government was forced to confirm that weapons found in a stash were related to NATO planning for unorthodox warfare. Earlier this year, investigators in the Netherlands found out that weapons had been illegally supplied to the Gladio network long after it had supposedly been dismantled in 1992. The same thing happened in Norway in 1979. Strong evidence was found in Germany that arms caches revealed by the person responsible for the 1980 Octoberfest bombing where related to the Gladio network.
More information on Wikipedia’s English Gladio article. A Dutch article (with more information on Dutch specifics of the network) is also available.
A secret organisation brought to life in order to influence politics in a massive amount of countries… and it goes rogue and commits random acts of terrorism.. Amazing! Who would’ve thought something like that might happen?!
It’s strange how today’s ‘freedom fighting’ groups supplied with arms by western countries always seem to wind up being tomorrow’s terrible terrorists. Maybe.. I dunno, but, you know, maybe we should stop funding these kind of things? Just maybe. Oh, and, also stop bringing secret organisations to life. They have a tendency to not work out very well, it appears.
Good news for the tin-foil hat wearers though: They can’t call you paranoid now anymore. Big bad evil secret organisations really are everywhere! And to top it off, they’re terrorists that are funded by your government, with your money, trying to stop you from exercising your right to democracy! Because, just in case nobody informed you yet: Democracy is great, unless you want to believe in something your government doesn’t approve of, such as communism.
Sunday, September 9th, 2007
Hackers Take Down the Most Wired Country in Europe:
At exactly 11 pm, Estonia was slammed with traffic coming in at more than 4 million packets per second, a 200-fold surge. Globally, nearly 1 million computers suddenly navigated to a multitude of Estonian sites, ranging from the foreign ministry to the major banks. It was a larger-scale version of what had happened to the Postimees, except that the entire country’s bandwidth capacity was being squeezed.
The story is a little over the top, there’s a lot of speculation and I doubt Estonia is ‘the Most Wired Country in Europe’, but it’s still an interesting read. I wonder if the Europian Union has any plans on how to counter such calamities. Basically all that’s needed is a good line of communications via which immediate action can be taken to stop traffic as close to the root as possible, I guess.
Saturday, September 8th, 2007
The dutch consumer-rights organisation ‘Consumentenbond’ has recommended Ubuntu as a possible alternative to Vista after it received 4200 complaints about Vista in four weeks. Translation of the dutch Nu.nl article:
Flood of complaints about Windows Vista
AMSTERDAM – Consumer organisation ‘Consumentenbond’ has collected 4200 complaints about Vista in four weeks. Vista still isn’t a viable replacement for XP, according to the organisation.
More home users are confronted with the new operating system, as Windows Vista comes pre-installed on most new computers. In august the Consumentenbond opened an online report form where customers with problems can report their problems.
Especially non-working software and peripherals have led to problems. For 59% of the complainers some computer programs refused to work. 46% experienced non-working peripherals such as printers and videocards. Slow computers and repeated network failures where also a big source of complaints.
The Consumentenbond remarked: “Obviously, Vista isn’t a viable replacement for XP yet”. In a letter to Microsoft, the consumer organisation has requested that Microsoft allows unsatisfied customers be allowed to downgrade to XP without cost..
Alternatives
The consumentenbond advises consumers to only get Vista if they’re sure that their hard- and software works under the operating system. The consumer organisation also recommends consumers to look into alternatives such as Apple’s Mac OS X or Ubuntu Linux.
Disappointed
Microsoft is disappointed about the investigation. “Microsoft had hoped to learn more about the user’s experience with Vista. The complains however only focus on peripheral compatibility. The conclusion that Windows Vista wouldn’t be a viable replacement for Windows XP cannot be determined from the investigation.”
A spokesman is surprised that the consumer organisation now sought contact with Microsoft in order to discuss the outcome of the investigation. “The whole summer we’ve tried to get into contact with the Consumentenbond, but they have not responded”.
According to Microsoft, there are now close to a million Vista users in the Netherlands. “The Consumentenbond does not mention how many users are content with Vista”. Microsoft points users with problems to their support website.
— NU.nl: Klachtenregen over Windows Vista; 7 september 2007 14:53
Wednesday, September 5th, 2007
I used to never get spam, until I made a little mistake in my mail client and sent mail to a mailinglist under my real email address. My address wound up on the big bad public internet, and a few hours later the first spam emails started to come in. I installed a quite sophisticated spamfilter to get rid of them, but it doesn’t work at all.
One of the most frequent spam mails I get is the following:
From: Euro VIP Casino
Subject: ontvang 400 Euro GRATIS als u lid wordt
Voel de unieke opwinding van het spelen bij Europa's beste on-line
casino... en ontvang EUR 400 GRATIS als u lid wordt
...
(Translation of subject: “Receive 400 Euro’s for FREE if you join now“)
The sender and the subject are always the same. Always. The body is also almost the same all the time. Only a single word is needed to identify this as spam 100% of the time: Casino. In total, there are five words that would always mark this as spam without any false-positives: Euro, VIP, Casino, 400 and GRATIS.
Yet the spamfilter, which is really quite sophisticated, still lets one through every now and then!
I’m not sure how the spamfilter works exactelly, but I do know it involves at least a bayesian filtering technique and some other clever tricks. But all I basically need is manual control over a blacklist and whitelist of words. I simply want to say: “Mark word Casino as spam” and I’ll be done with it.
I guess I’ll have to write my own additional filter.
Sunday, September 2nd, 2007
From the Apache2 configuration file for host example.com:
php_admin_value upload_tmp_dir "/var/www/example.com/tmp/"
From the file /var/www/example.com/htdocs/test.php:
var_dump(ini_get("upload_tmp_dir"));
Output:
string(29) "/var/www/example.com/tmp/"
Then, after trying to upload a file, from the /var/www/example.com/logs/error.log:
[Sun Sep 02 18:09:05 2007] [error] [client 88.211.179.104] PHP Warning: Unknown: open_basedir restriction in effect. File(/tmp) is not within the allowed path(s): (/var/www/example.com/) in Unknown on line 0, referer: http://example.com/test.php
[Sun Sep 02 18:09:05 2007] [error] [client 88.211.179.104] PHP Warning: File upload error - unable to create a temporary file in Unknown on line 0, referer: http://example.com/test.php
I’ll highlight the important part for you: open_basedir restriction in effect. File(/tmp) is not within the allowed path(s):.
The lesson?? PHP needs to STOP silently ignoring errors and stop just using the default value when errors are encountered! The problem was that I specified the wrong upload_tmp_dir. It should have been /var/www/example.com/htdocs/tmp/. PHP should have thrown an error because this directory doesn’t exist (it has detected this, because it falls back to the default of /tmp) and not just continue.
PHP’s configuration implementation is one of the worst I’ve ever seen, and whoever’s responsible for these kinds of problems should feel ashamed. PHP, like MySQL, is way to lenient when it comes to errors; silently trying to ‘recover’ from them. And people wonder why they’re considered such bad projects?
A tip for PHP’s developers: Fail early and fail loudly.
The text of all posts on this blog, unless specificly mentioned otherwise, are licensed under this license.
