| Proud |
[Feb. 29th, 2008|12:53 am] |
Between Google and San Francisco, I don't know which I'm more proud of that when I search for "sf" I get pictures of zombie attacks:
 |
|
|
| libxml security problem |
[Jan. 11th, 2008|09:48 am] |
I found a security problem in libxml. And by "found" I mean "ran into and debugged a bit".
From http://mail.gnome.org/archives/xml/2008-January/msg00036.html : * From: Daniel Veillard
* Subject: [xml] Security flaw affecting all previous libxml2 releases
* Date: Fri, 11 Jan 2008 07:05:01 -0500
Unfortunately, a security flaw was found (originally by Brad Fitzpatrick
from Google) and affecting all previous releases of libxml2 when parsing
XML. Two specially crafted broken UTF-8 sequences when occuring at the
wrong place lead the parser to go into an infinite loop. Very annoying,
as this lead to a relatively easy Denial of Service attack, the good part
being that this is very unlikely to happen just by error, and to protect
the community we won't release the way to reproduce this.
But all users are strongly invited to upgrade their libxml2 versions to
2.6.31 [1], or apply the patch [2] (or a derivative for 2.5 or 2.4 branches)
to their version. Most OS vendors shipping libxml2 should have updates
by now or very soon, if needed check your update stream, it is referenced
as CVE-2007-6284 .
Sorry for the inconvenience,
Daniel
[1] ftp://xmlsoft.org/libxml/libxml2-2.6.31.tar.gz
[2] http://veillard.com/libxml2.patch
So, yeah... go update your libxml if you process untrusted XML and don't want your CPUs spinning.
(Amusingly, this might be the only publicly visible thing so far that I've worked on at Google...) |
|
|
| Misc |
[Dec. 23rd, 2007|01:31 pm] |
I've been in Moscow for the past week for this Google Code Day [video], giving a talk on social graph / interop stuff ("Открытие Социального Графа"). It was a public talk, so I should be able to post the slides, but I'll wait and confirm before I do.
Went to SUP's holiday party too. [some pics] But I guess those pics don't really highlight the ridiculousness of the venue. All the nightclubs here are pretty extravagantly ridiculous. But there was no George Clooney or Gwenth Paltrow in a cage. (love that article: you don't often see the phrase, "We OWN you, bitches!" in a printed newspaper with your breakfast, hotel restaurant windows looking out to St. Basil's in the Kremlin...)
I just got a call from the hotel receptionist saying that my driver was here. My driver? What? Oh, my flight was originally today, so probably my return taxi to the airport, but I'm returning now instead on Tuesday (yes, flying all day xmas). But even so, a driver at 13:30 would be way too late to get to the airport. I ask the receptionist to point him out or describe him. She's flustered, trying to explain that he's black. (Black people are incredibly rare here.) Went out, found him, and after a confusing conversation, turns out that not only was he going to the wrong airport (Domodedovo, not Sheremetyevo), but he was supposed to be driving Boy George, not me. Wtf? I can only imagine the confusion at the receptionist's desk that she called me down to "my driver" instead of Boy George.
Anyway, Moscow is great, as always. I love this city. One warning, though: when a relatively large Russian guy with the nickname "Wolf" wants to drink whiskey with you, politely decline.
Speaking of wolves, apparently a wolf boy is loose in Moscow. Wtf.
Newly discovered funny blog from article above: Moscow Doesn't Believe in Tears.
Unrelated misc links:
- 2007 OpenID wrapup
- Who mattered in 2007 -- apparently I matter, and I'm an introvert. Several of my friends matter too. Love the insular valley. Reminds me of the directed graph I saw recently with two nodes labeled "Blog" with two edges pointing at each other. Yay! :)
|
|
|