mark :: blog

<< prev [ 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 ]


So I've been spending some time trying to work out what to do with the home automation components - they're a mess of C and Perl that have no real way of communicating with each other. I found this thing called xAP which is designed for home automation components to talk to each other, but it's based mainly on UDP broadcast datagrams - not something I'd trust to make sure things happened when my alarm was triggered. Plus some of the components already written are under a non-GPL, non-BSD license that prohibits commercial use, yuk.

Anyway the idea was to look for something that would use standard components, where frameworks existed in Perl and C for me to write simple code, and to work on the principle of messaging - the UPS for example would respond to status requests and give you things like the temperature and voltage; with a heartbeat notification with the status included every minute; but with urgent alarms to anyone who registers an interest in getting them. Whats the solution? Jabber! In about an hour I had a jabber server running and a test Perl client doing just that; this thing will rock :)


What a busy couple of days. It all started last month with a seemingly innocent DOS being reported to the Apache security team. jorton and I spent some time analysing it and found that although it wasn't exploitable on 32 bit until platforms it may well be exploitable on some 64 bit machines. Then started the co- ordination work with CERT.

Then, suddenly, the ISS team announced the same issue publically causing us to go into firefighting mode and release the advisory (which I'd fortunately already drafted and got positive feedback on), followed by seemingly hundreds of press calls, lots of additional analysis, and reading ISS say I was untrustworthy in some Chicago newspaper ;-)

Now for some sleep


Several hours later and I manage to find out the extended commands for the LW11G dimmer unit. Can't find these anywhere else mentioned on the web, so for future generations:

# Extended X10 control of LW11G dimmer
#
# Unlike other L*11* modules the LW11G
# seems to only respond to code 53.  Set the data to
#
# 0 = immediate off
# 255 = immediate on
# 1-254 = slowly dim or bright to that level, turns on if
not already


Ploughed through the cvs commits and created a plausible Announcement file for Apache 1.3.22. Held off releasing Apache Week until the mirrors caught up, but /. found the tarballs so released it a little early. Took some time to write some scripts to tidy up the past 265 issues for bad tags, all modules and directives are marked as such

CVE Worked with the Mitre guys so that the Apache vulnerabilities in 1.3.20 get described correctly, all went rather smoothly.


A discussion about XML status output in Apache came up this week and so I pointed out a mod_status_xml I wrote a month or two ago. It would be great to get something like this module (or a patch to mod_status) into the core as once you can get XML status output you can do all sorts of cool things like historic graphs, real time graphs, and so on. Kind of like the stuff from 1995 that graphed server status but now using SVG.


History is fun, I just finished off screenshots and the history of ModPlay. Yes, I really did share a house with Bryce in 1991!


So I keep finding web logs mentioning Douglas Adams who died at the weekend aged only 49. I'll add my story:

I'm a huge fan of Douglas Adams (was in the fanclub ZZ9-plural-Z-alpha as a teenager) and at ApacheCon in London last October got into line to get my book signed by him (photo). The second time around when things had become more quiet I approached him again to get a book signed for Apache Week to give away. Instead of idle chit-chat I asked him about the film. This peaked his interest and he launched into telling me all about it and the problems and was really animated. He seemed pleased that someone was interested in it and was happy to talk to me for a few minutes until I thought I'd held up the line long enough. Or maybe he'd realised that the more he talked to me the less books he had to sign.

The signature in the two books were far from identical, but it read "Bop Ad" just like I expected.


I can't believe I wrote the first issue of Apache Week five years ago today. Happy Birthday! It's interesting looking through the past issues to see when we expected a 2.0 beta release; one year ago we were expecting it "inside a month". We're currently expecting it "inside a month".


I've got to present "the state of Apache SSL solutions" at Linux World next week so need to start working out what the state is. Basically, Apache 2.0 needs to be beta before we'll start working on the SSL layer and then Red Hat, Covalent, Ralf, Ben and others will jointly work on a built-in SSL module. I've been following the Linux World press announcements and there are some interesting releases, it should be a great show.

<< prev [ 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 ]

Hi! I'm Mark Cox. This blog gives my thoughts and opinions on my security work, open source, fedora, home automation, and other topics.