Justin.MadIrish.net

TrueCrypt is a great encryption utility that is available for several operating systems and uses. TrueCrypt will let you create encrypted volumes, encrypted devices, or even do whole disk encryption. I use TrueCrypt on Windows and Linux, and it's handy to be able to move encrypted volume files from one operating system to another and be able to mount them. Unfortunately, due to some disputes over licensing, Mandriva has re-branded TrueCrypt as RealCrypt and distributes it with Mandriva. I've had some problems getting the RealCrypt RPM's to work, and for this reason I decided to go ahead and install TrueCrypt 6.0 on my Mandriva 2008.1 system.

This week Google entered the web browser wars with a vengeance, releasing their own web browser, dubbed Chrome, as a free beta. Chrome sports some impressive features and is being released as entirely free, open source software. Of particular interest are the new security features that are built in to chrome. Two extremely interesting security features are the browser privacy mode and the tabs in Chrome.

On September 1, OSSEC announced the release of the latest version of the OSSEC-HIDS tool (version 1.6). This release includes many notable new features including:

• Support for Microsoft Vista/Server 2008
• Performance and stability enhancements on Windows
• Active response on windows
• Upgraded rootkit checking
• Added support for more log formats

For a full list of upgrades and enhancements check out the change log. OSSEC can be downloaded from http://www.ossec.net/main/downloads.

Recently I decided to install Wine so that I could run some old Windows games that I had purchased for next to nothing. After a couple of years it seems that game values plummet. I took a look at the Mandriva RPM's but they were a little older than the current Wine distribution and I know a lot of active development goes into Wine so I decided to download and compile the source myself to get the latest version. There are quite a few snafus in the install, so be sure to watch errors carefully. You'll need a few libraries installed beforehand to make sure things go smoothly. In any case remember 'urpmq -f' is your friend for finding packages. The first thing to do is download the distribution .tar.gz from Wine. Next unpack the archive using:

$ tar -xvzf wine-0.9.42.tar.gz

I've hit upon a real need for software recently that isn't addressed by anything I can find right now. What I want is a simple task tracking system that I can search, take notes in and write memos for. I also want this system to be accessible anywhere (web enabled). Furthermore I want the system to be secure enough that I can store sensitive information in it.

Ah yes, you know you've arrived when http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3058. Turns out my oldest open source project, MadIrish Webmail (also at http://webmail.madirish.net), suffered from a PHP remote file inclusion vulnerability. Sort of embarrasing since I like to think of myself as a security professional. I'll chalk this one up to old code though and keep on plugging. I was able to respond to the vulnerability report in a fairly timely fasion even though for some reason SourceForge didn't actually send me an email. The official release notes for MadIrish Webmail version 2.01 is as follows:

Recently I recommended that my employer, the University of Pennsylvania School of Arts and Sciences, begin pushing Drupal as a CMS solution for departmental websites. There were a lot of factors to consider when evaluating the various CMS solutions available, especially for an institution of higher education. We took a look at a number of CMS solutions and based our evaluation on a wide breadth of criteria. Ultimately we scored each of the CMS solutions based on a common set of benchmarks. Typo3 was actually our first choice for deployment. Typo3 has a strongly tiered, but central deployment that allows you to set up test, staging and production servers but also maintain a single central deployment from which a multitude of sites can be run.

So I just got back from PHP Quebec, and although the trip home was horrendous the conference itself was a lot of fun. It is held in the amazing Sofitel Hotel along the 'Golden Mile' in Montreal, just at the base of Parc du Mont-Royal. The conference space was sparse, but attendance was probably under 200 so it worked out well. There were three lecture rooms with lectures in both English and French. There were five lectures a day, over the course of two days, and only two lecture slots where there wasn't a talk in French. I went to as many French talks as I could. Unfortunately the Quebecois accent is a little difficult to understand, and after the very first lecture I almost threw in the towel.