I installed the IWPhone plugin from here. I haven’t tried to make the other content work in the plugin yet, just the Blog for now. Seems to be working just fine after some tweaks to my site-wide include files to special case the User-Agents. If you need to do something similar just add:


<?php
$container = $_SERVER['HTTP_USER_AGENT'];
$useragents = array (
       “iPhone”,”iPod”);
$iphone = false;
foreach ( $useragents as $useragent ) {
       if (eregi($useragent,$container)){
             $iphone = true;
             break;
       }
}
if (!$iphone)
{ ?>
       #insert conditional HTML here
<?php
} ?>


So for example, I have a site-wide header.php and footer.php that are not from wordpress. So I added this conditional to prevent my standard graphic header and footer from appearing on iPhones.
Read the complete article »

I’m doing a major upgrade of WordPress and was doing it in a sandbox. Unfortunately it needed to upgrade the database table structure. I really didn’t feel like copying and renaming tables and shit so I upgraded the main table structure and made my sandbox active. Sorry for the horrific interface hopefully it will be fixed soon.

Update: Fixed the final annoying bug. It was a problem on the single post view wherein the quicktag.js scripts were referencing a broken quicktagsL10n variable. The variable is now defined in script-loader.php but the manner in which it is being referenced no longer appears valid. The end result was early termination of a DIV tag and it was very painful to track down. I just commented all references to that internationalization variable out of quicktags.js.

I, like every other red-blooded human, hate red light & speed cameras. I’ve never been hit by one personally but I do consider them revenue generating machines. In Maryland tickets from a red light camera don’t even count as a moving violation so how can you claim otherwise? I was very interested to see the new Dutch “indestructible” speed camera:

Road Rage is Futile at Gizmodo

Two interesting things, note the $100,000 dollar camera. Thats a lot of tickets at $25 a pop to pay for that thing. Second, as indestructible as it is a simple can of paint can render it useless. Not that I’m encouraging this type of activity, I’m just suggesting we all drive around with cans of paint in our trunks until the government understands how we feel.

I don’t usually post crap I receive in email but being in the security industry I found this pretty damn funny. Also I think that all this threat level stuff is a crock of shit:

EUROPEANS HEIGHTEN THREAT LEVELS

The English are feeling the pinch in relation to recent terrorist threats and have raised their security level from “Miffed” to “Peeved”.
Soon, though, security levels may be raised yet again to “Irritated” or even “A Bit Cross”. Londoners have not been “A Bit Cross” since the blitz began in 1940 and tea supplies all but ran out. Terrorists have been re-categorized from “Tiresome” to “A Bloody Nuisance”. The last time the British issued “A Bloody Nuisance” warning level was during the great fire of 1666.

Also, the French government announced yesterday that it has raised its terror alert l evel from “Run” to “Hide”. The only two higher levels in France are “Collaborate” and “Surrender.” The rise was precipitated by a recent fire that destroyed France’s white flag factory, effectively paralyzing the country’s military capability.

It’s not only the English and French who are on a heightened level of alert. Italy has increased the alert level from “Shout Loudly and Excitedly” to “Elaborate Military Posturing.” Two more levels remain: “Ineffective Combat Operations” and “Change Sides.”

The Germans also increased their alert state from “Disdainful Arrogance” to “Dress in Uniform and Sing Marching Songs.” They also have two higher levels: “Invade a Neighbour” and “Lose”.

Belgians, on the other hand, are all on holiday as usual, and the only threat they are worried about is NATO pulling out of Brussels.

And on a lighter note-
The Spanish are all excited to see their new submarines ready to deploy. These beautifully designed subs have glass bottoms so the new Spanish navy can get a really good look at the old Spanish navy….

For those other bandwagoneers jumping on the iPhone: if you’re using Cyrus IMAP and trying to figure out the correct folder prefix for the iPhone use just “INBOX”. No slashes, no period.

This entire idea that descendants of those who made a mistake are somehow responsible has got to end NOW! To my knowledge, it probably began with war reparations immediately following conflicts. But now it has turned into a circus. Look, I’m sure someone in my past was hurt by someone else but I’m not pissed about it. Reparations in the US have long been out of control and un-called for… nobody alive today can/should be held responsible for the actions of those several generations before us.

The same goes for the recent debacle over the supposed use of American women as sex slaves This might be more recent, there are still people living that experienced it, but how the fuck can you fault an entire country for the actions of a few?

While I feel sorrow for the actions which took place, I feel no sense of responsibility for those for which people are asking for reparations in the US. I have enough problems managing the things that I have done and may perhaps do wrong in the future to apologize for something in which I wasn’t involved. Additionally, I have never harbored any mal-content for anyone that is a descendent from those that may have hurt my ancestors. We don’t prosecute children of criminals for the crimes perpetrated by their fathers, so why are we penalizing their children now?

I reckon about three people a day enter the #selinux channel on freenode, ask a question, and than leave a few minutes later without giving anyone a chance to respond. Since no question askers read the topics or have the time to idle I figured I’d start posting their questions here. There is a good chance I won’t be able to answer them without more detail, but hell, its gotta be better than nothing (maybe). This quote is from the IRC channel so forgive the formatting.

how can i give a user read access to the /etc/mail (etc_mail_t) sendmail.cf?
when i try to connect to sendmail: NOQUEUE: SYSERR(rattler):
/etc/mail/sendmail.cf: line 0: cannot open: Permission denied


On a targeted system a “user”, as in the traditional Unix sense, is not confined in any manner. On a default FC6 install I can read /etc/mail/sendmail.cf with no denials in enforcing mode with any user logged in at the local console or via SSH.

So given the fact that any user can read the file I can only assume you mean the daemon itself. Well, once again on a default system, the sendmail daemon can read the file you specified. On my system the file has the type:

[spencer@sshimko-fc6 ~]$ ls -Z /etc/mail/sendmail.cf
-rw-r–r– root root system_u:object_r:etc_mail_t:s0 /etc/mail/sendmail.cf


Make sure your file is labeled similarly. If not, run “restorecon /etc/mail/sendmail.cf” and restart the mail service. If this still doesn’t work could you please give more details?

OK I’m going to go ahead and post this in the hopes it forces me to finish the series. Check back for updates. Not going to be this weekend, but by next weekend I promise. I’ve had the thoughts saved since I started part 1, but things kinda went awry (marriage, and then things just went downhill from there ). Regardless here is a teaser of the final segment of the series. BTW, if you guys actually cared you woulda hounded me to finish. Still, I promise I’ll finish up this segment this week.

Now back into the role of glibc. The role of glibc was defined well before mature mandatory access controls like SELinux came into the Linux picture. It was defined in a general fashion that allowed it to be extended by a few userland modifications and of course the kernel support discussed in the last article.

__libc_enable_secure in rtld.c (responsible for most of the runtime linking environment cleansing)

-How does SELinux solve this problem?
-I will delve into the details… security_bprm_secureexec in binfmt_elf.c
-AT_SECURE actually enforced by glibc elf/dl-support.c and elf/dl-sysdep.c
-Static apps have no problems (aside from the usual problems)
-The linker is the only _real_ threat for dynamically linked apps.
-OK so the people that implemented SELinux were smart so we’re safe right?
-Delve into problems with shell scripts, interpreted code, etc

Fedora 7 has been officially released. Hurry and get yours while they last. I expect Brickwall support (read -> free SELinux tools) to be out momentarily. Hmm…. I’ll go ahead and change this to FC 8 just to keep ahead of the trend

Anyways the Fedora Core 7 (FC7) release of Brickwall can be found here when available.

I’m not one for blogging needlessly. Just look at my distinct lack of posts as evidence. But I just got back from AusCERT, yup Aus as in Australia and CERT as in Computer Emergency Response Team. I/We had an absolute blast and met some great people (waving to all you Aussies). I gotta say, it’s been 5 days and my sleep schedule still just ain’t right. I slept late yesterday, but woke up at 3:30 just now and can’t get back to sleep.

On the plus side Josh and I went to The Bank for the first time in a long ass time. We discussed some work going on and I felt intellectually challenged for the first time awhile. Nothing like a good debate about security to make you feel young again Also we talked with a friend who might be considering Tresys as their next stop off point in life. I would say more but… something about lakes and eating the fish we pull…

Anyways Tresys is a great place to work, I promise you won’t have to go to Australia