Re: how to help end-users to increase the life-time of their SSDs

06.06.2010 02:13, Christoph Anton Mitterer wrote: Hi folks. I recently got my first SSD payed by my university and, even though modern SSDs seem to have smart wear leveling algorithms and more and more parts of kernel/userspace support TRIM, I was thinking about what one can do to improve its li

Re: A Look In the Mirror: Attacks on Package Managers

Russ Allbery writes: > There was some discussion of periodically resigning the security archive > even if there are no updates so that package managers could warn if more > than X days had gone by without an update to the security archive > signatures. I don't know if anyone has concrete plans t

Re: A Look In the Mirror: Attacks on Package Managers

On Sun, Jun 6, 2010 at 1:37 AM, Michael Gilbert wrote: > All of the issues raised in this paper can be mitigated by a "proactive" > user.  Malicious mirror activity can be detected by paying attention to > debsecan and the security tracker [0].  debsecan displays all known > vulnerable packages on

Re: A Look In the Mirror: Attacks on Package Managers

Erik de Castro Lopo writes: > Michael Gilbert wrote: >> Of course the major flaw with this statement is that there aren't a >> whole these "proactive" users. However, if there are enough, some will >> spot the activity, and raise concern, which will ultimately protect >> others when the evil mir

Bug#584729: ITP: libpackage-stash-perl -- Perl module providing routines for manipulating stashes

Package: wnpp Severity: wishlist Owner: Ansgar Burchardt * Package name: libpackage-stash-perl Version : 0.03 Upstream Author : Jesse Luehrs * URL : http://search.cpan.org/dist/Package-Stash/ * License : Artistic or GPL-1+ Programming Lang: Perl Descriptio

Re: A Look In the Mirror: Attacks on Package Managers

Michael Gilbert wrote: > Of course the major flaw with this statement is that there aren't a > whole these "proactive" users. However, if there are enough, some will > spot the activity, and raise concern, which will ultimately protect > others when the evil mirror is shut down. Ok, my concerns

Re: A Look In the Mirror: Attacks on Package Managers

On Sun, 6 Jun 2010 12:28:27 +1000 Erik de Castro Lopo wrote: > Hi All, > > Did anyone see this paper: > > A Look In the Mirror: Attacks on Package Managers > http://www.cs.arizona.edu/~jhh/papers/ccs08.pdf > > It suggests that anyone who has control of a mirror can cause client > machin

Bug#584727: ITP: scim-googlepinyin -- Google Pinyin IM engine module for SCIM

Package: wnpp Severity: wishlist Owner: Thomas Goirand * Package name: scim-googlepinyin Version : 20100606 Upstream Author : Kov Chai * URL : http://code.google.com/p/scim-googlepinyin/ * License : Apache 2.0 Programming Lang: C Description : Google P

Re: A Look In the Mirror: Attacks on Package Managers

James Vega wrote: > On Sun, Jun 06, 2010 at 12:28:27PM +1000, Erik de Castro Lopo wrote: > > Did anyone see this paper: > > > > A Look In the Mirror: Attacks on Package Managers > > http://www.cs.arizona.edu/~jhh/papers/ccs08.pdf > > See the previous discussion that already happend on th

Re: A Look In the Mirror: Attacks on Package Managers

On Sun, Jun 06, 2010 at 12:28:27PM +1000, Erik de Castro Lopo wrote: > Did anyone see this paper: > > A Look In the Mirror: Attacks on Package Managers > http://www.cs.arizona.edu/~jhh/papers/ccs08.pdf See the previous discussion that already happend on this list: http://lists.debian.org/

Possible Mass Bug Filing: String Exceptions Removed in Python 2.6

As was recently discussed on debian-python: http://lists.debian.org/debian-python/2010/05/msg00111.html String exceptions are no longer supported at all in Python 2.6. Since this is the Python version planned to be the default in Squeeze, packages still using them should be fixed. String exce

A Look In the Mirror: Attacks on Package Managers

Hi All, Did anyone see this paper: A Look In the Mirror: Attacks on Package Managers http://www.cs.arizona.edu/~jhh/papers/ccs08.pdf It suggests that anyone who has control of a mirror can cause client machines to install software created by the attacker or install an outdated version of

Bug#584723: ITP: libhdhomerun -- Configuration utility for Silicon Dust HD HomeRun

Package: wnpp Severity: wishlist Owner: Francois Marier * Package name: libhdhomerun Version : 20100213 Upstream Author : Silicondust Engineering Ltd. * URL : http://www.silicondust.com/downloads/linux * License : GPL Programming Lang: C Description :

Bug#584718: ITP: nesc -- A Programming Language for Deeply Networked Systems

Package: wnpp Severity: wishlist Owner: "Razvan Musaloiu-E." * Package name: nesc Version : 1.3.1 Upstream Author : David Gay * URL : http://http://nescc.sourceforge.net * License : GPL Programming Lang: C Description : A Programming Language for Deepl

how to help end-users to increase the life-time of their SSDs

Hi folks. I recently got my first SSD payed by my university and, even though modern SSDs seem to have smart wear leveling algorithms and more and more parts of kernel/userspace support TRIM, I was thinking about what one can do to improve its lifetime. The most obvious things I found were: - /tm

Re: pid file security

On Sat, Jun 5, 2010 at 7:59 AM, Luke Kenneth Casson Leighton wrote: >  okaaay, riight.  so.  ah ha.  it makes things quicker... by avoiding > starting the services _entirely_ :) It goes beyond that. Instead of program A depending on B being done initializing so that it can connect to B's socket,

Bug#584689: ITP: justniffer -- TCP packet sniffer

Package: wnpp Severity: wishlist Owner: Andrea Colangelo * Package name: justniffer Version : 0.5.7 Upstream Author : Oreste Notelli * URL : http://justniffer.sourceforge.net/ * License : GPL Programming Lang: C++ Description : TCP packet sniffer jus

Re: Re (2): lilo removal in squeeze (or, "please test grub2")

On Wed, 26 May 2010, Stephen Powell wrote: > You're missing the point. The main selling point to management > is that Linux is free. If they have to buy new backup software > in order to accommodate Linux' backup requirements, that will > kill it on the spot. Whatever boot loader I use must not

Re: pid file security

]] Luke Kenneth Casson Leighton | > Does a program that uses inotify to wait for log file changes on disk | > experience any delay of note? | | ... no - you're right: it wouldn't. so that would be a solution | but again, it would require an application that had that capability | [to use no

Re: pid file security

On Sat, Jun 5, 2010 at 2:26 AM, Russell Coker wrote: > On Sat, 5 Jun 2010, Luke Kenneth Casson Leighton > wrote: >> apologies for butting-in without being able to continue the thread, >> but i've just seen this: >> http://advogato.org/person/etbe/diary/779.html >> which links to this: >> http://l

Bug#584650: ITP: openlayers -- JavaScript library for map applications on the web.

Package: wnpp Severity: wishlist Owner: Thomas Bechtold * Package name: openlayers Version : 2.9.1 Upstream Author : MetaCarta * URL : http://openlayers.org/ * License : BSD style License Programming Lang: Javascript Description : JavaScript library fo

Bug#584637: ITP: cdat -- Climate Data Analysis Tools

Package: wnpp Severity: wishlist Owner: Alastair McKinstry * Package name: cdat Version : 5.2 Upstream Author : Dean Williams (william...@llnl.gov) * URL : http://www2-pcmdi.llnl.gov/cdat * License : BSD Programming Lang: python, c, fortran Description

Bug#584636: ITP: cmor -- Climate Model Ouput Rewriter

Package: wnpp Severity: wishlist Owner: Alastair McKinstry * Package name: cmor Version : 2.0 Upstream Author : Charles Doutriaux * URL : http://www2-pcmdi.llnl.gov/cmor * License : "Unrestricted" (BSD-like ?) Programming Lang: C, python, fortran Descripti