Sat, 12 Nov 2005
London Web Frameworks Night - Location Change!
It's a little late in the day to change any of the details but I've had to
move the venue from Morgan Stanley in Cabot Square to the New Cavendish
Street campus of Westminster University (Streetmap). Some of you may
recognise the venue, we hold a lot of GLLUGs there.
The reason for the move is a great one, the demand for seats has far surpassed my expectations. The original venue had room for 100 people, 120 at a push. We've just had person number 200 sign up. Wow. I know not everyone is going to actually make it on the night but double the rooms capacity was too much for me to risk it. It also means you can sign up again. Until we have to reclose it anyway!
The change of venue will be announced in reminders for the event I'm planning on sending out over the weekend. I'll also mail shot everyone who registered as soon as I can get the list of addresses. This is an ideal chance to thank Ben Evans, who was extremely helpful with arrangements at MSDW and Sean Tohill, who once more pulled a rabbit from his hat to get the room at Westminster on very short notice.
PS: We may even get a first look at one of the BBC's little projects...
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2005/11/12 20:37 | /events | Permanent link to this entry | This entry + same date
Sudo Article Promoted Bad Behaviour
I like sudo, it allows you to
give people (and automated jobs) more privileges without having to hand
out the root password. One of the more important aspects of its use is
restricting the commands a user can run. After all, limiting peoples
access to rootly powers doesn't help much if they can just shell out to
bash or edit the shadow file (or other important files) and locally
escalate their privileges.
Unfortunately a Linux.com sudo article shows new users a number of ways of doing this without explaining why it's a really bad idea. I understand that a lot of people just give themselves full root powers using sudo (hell I do on my own machines) but in an article pointed at beginners, especially one that has examples of using an interactive editor with sudo, the concepts need to be explained and some good practices presented. More why with the how please.
The highlight of the article for me was introducing new users to the 'sudoedit' and '-e' options: "but it uses the editor in your $EDITOR environment string". How often do you check the value in $EDITOR? Neither do I. And you're expected to blindly trust, with full root powers, whichever command it points to?
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2005/11/12 16:33 | /security | Permanent link to this entry | This entry + same date
OpenCON 2005 OpenBSD Slides
The OpenCON
2005 OpenBSD Slides are now available and linked to from undeadly.org. When ever the OpenBSD people
get together and present on security it's worth ten minutes of the admins
day to have a look for the new ideas, after all they'll often appear ever
where else over the next year.
The highlights of this batch include an overview of how the congestion indicator works and allows you to log in even when getting DoSed, the changes to the ports and package tools (which are moving to Perl!) and the whole of Theos Exploit Mitigation Techniques slides. Especially the Stackgap slide.
PS: MagicPoint needs to output HTML with access-keys defined. It'd make the slides a lot easier to read...
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2005/11/12 15:53 | /security | Permanent link to this entry | This entry + same date
Being Sick Sucks
I've been out of action for the last week and a bit due to illness, this
may have something to do with all the windows where I live being removed
and left out overnight by incompetent, unprepared builders. Nothing like
trying to sleep through a minor gale. In WINTER. When it's raining. And you
have NO WINDOWS!
On the plus side I know my email system's working fine, I've got a big enough backlog to prove that. I've also got an announcement about the frameworks evening to send out shortly, I'm just waiting for a final confirmation.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2005/11/12 12:38 | /meta | Permanent link to this entry | This entry + same date
Copyright © 2000-2005 Dean Wilson
