Ben Hutchings

Firstly, I'm not dead, in hiding, or fallen off the Internet.

Trying to summarise the period since my last update would be pointless, but I have just got around to organising my photos for approximately that period so I can show you them:

This year's Nebula short story nominees are all available in audio form from Starship Sofa.

Nationality Identity Scheme - Options Analysis - Outcome (more copies) gives an overview of government plans to develop and "market" the ID register and ID cards; this version has been marked up with comments by NO2ID.

Some key quotes:
"you carry the card because you need it every day"
"Various forms of coercion...are an option"
"The register for the scheme...should be based on...the Department of Work and Pensions' Customer Information System"

The Golden Condor	Argentavis magnificens

At work, three summer interns joined the test group. I met them today and promptly forgot their names. I remember people's names if I have conversations with them after being introduced, but these were really very quiet. I think they may have been suffering information overload. Maybe another test group dinner is in order just so we can get to know each other a bit better. I think I probably made a fool of myself by having trouble running a test script I wrote last month, or indeed the Windows laptop connected to the projector (I normally use my own desktop running Linux and Ion3, and control Windows systems through rdesktop).

Was busy at DebConf for two weeks. What did I miss?

( Green memeCollapse )

Hot Fuzz, Cambridge Vue, Tuesday, 20:00. Would anyone like to join us?

I created a new blog for technical/geeky/Debian stuff. I'm keeping my LiveJournal for social and private matters and syndicating this one to Planet Debian.

I hope this separation will make me less afraid of boring LiveJournal readers with technical minutiae and Debian politics or boring Planet Debian readers with local social stuff, so I actually write more. Don't get too hopeful though.

There is a potential buffer overflow in logging of CAPI messages in libcapi20 (part of isdnutils; bug 408530). The same broken code from libcapi20 is present in the Linux kernel (bug 411294). Also, the affected functions are not thread-safe and are unlikely to be made so without API changes; multithreaded programs calling them must use a mutex to avoid another security flaw; (such as asterisk-chan-capi; bug 411293).

I have prepared updates of asterisk-chan-capi and isdnutils for sarge and sid but I have no ISDN hardware to test them with. I would appreciate it if users of these packages would test the updates and report their results to the associated bugs.

The patches can be found attached to the bug reports. Updated packages are at:

deb http://womble.decadent.org.uk/debian/ distribution/
deb-src http://womble.decadent.org.uk/debian/ distribution/

(the repository is signed with my personal GPG key).