Udooz!

Two security issues really surprised me. One is with Linux and another one is Adobe Flash.

Linux Kernals and NULL Pointers

To handle unavailable operations for some protocols, Linux kernal has methods that are not doing any NULL pointer check before deferencing those methods.  An attacker can put his code that will get executed with kernel privileges.  For more details, visit: http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html.

Flash’s Vulnerability Pitch

Flash is one of the premium vechile for web sites with extravaganza contents.  A critical vulnerability allows attackers can compromise the system with Flash 9.x and 10.x for all platforms.  Visit: http://www.adobe.com/support/security/bulletins/apsb09-10.html to download the patch for the pitch.

Finally, one good news about IE 8.

IE8 – Highly Secured Browser in the Universe (Google’s promo style!)

NSS Lab is one of the leading product security testing and certification independent body has published comparative browser security testing in IE 8, Firefox 3, Safari 4, Chrome 2 and Opera 10.  The report said that IE 8 (83%) followed by FF 3 (80%) are most consistent in the high level of protection from phishing URL block rate.  Chrome and Safari score 26% and 2% respectively.

The  socially engineered malware block rate for IE8 is 81% which surpassed all the other browsers in the earth (again Google’s promo style!).  FF3 scores 27% and Chrome2 7%.

Read the complete report at http://www.nsslabs.com/browser-security.

Okey, now let me brief the reason for this post’s title.  Always, people from OS (open source) said that they are more stronger in skills than the engineers at Microsoft and other CS (closed source) No.1s.  Now, they have to understand that skill is not at all related to open source.  It is a myth. 

PS: I am not against OS.

This is part 2 of Event Watch: Moblin – Intel’s Mobile Flavour Part 3.

After getting all the components, I could start Xephyr on the MIC device target terminal window. But, it did not keep me smile. The Xephyr window was broken immediately and I got the following error

(T: HelloMoblinApp)root@sheik-laptop:/#  ...
Xlib: connection to ":0.0" refused by server

It was my mistake that I forgot to install LibOSSO library. Then I installed it on the target terminal.

(T: HelloMoblinApp)root@sheik-laptop:/# apt-get install libosso-dev

After that I started Xephyr, this time it throws

(T: HelloMoblinApp)root@sheik-laptop:/# ume-xephyr-start
Setting screen resolution to 1024x600
DISPLAY already set to  :0.0
Starting dbus
 * system message bus already started; not starting.
Starting UI in Xephyr

Extended Input Devices not yet supported. Impelement it at line 625 in ../../../../hw/kdrive/src/kinput.c
Could not init font path element /usr/share/fonts/X11/cyrillic, removing from list!
Could not init font path element /var/lib/defoma/x-ttcidfont-conf.d/dirs/TrueType, removing from list!
X connection to :0.0 broken (explicit kill or server shutdown).
xinit:  connection to X server lost.

Then I’ve gone thorugh some mail-list and I found a workaround at http://www.moblin.org/archives/html/dev/2008-04/msg00101.html. It said that use

# pkill gconfd

It kills parent’s gconfd and uses target environment’s gconfd. After that Xephyr started successfully but it throws same warning message, just skip that.

After that I was trying to compile and execute the given hello-world-1.-c at Moblin.org site. However, I am not able to compile, it says

(T: HelloMoblinApp)root@sheik-laptop:/usr/src/hello# gcc -o hello-world-1 hello-world-1.c `pkg-config --cflags --libs gtk+-2.0`
Package gtk+-2.0 was not found in the pkg-config search path.
Perhaps you should add the directory containing `gtk+-2.0.pc'
to the PKG_CONFIG_PATH environment variable
No package 'gtk+-2.0' found
-su: gcc: command not found

Ha ha interesting, I was not in the situation whether gtk+-2.0 is already there in my Ubuntu or not. I just given

(T: HelloMoblinApp)root@sheik-laptop:/# sudo apt-get install libgtk2.0-dev

After that you have to install gcc on the target terminal

(T: HelloMoblinApp)root@sheik-laptop:/# sudo apt-get install gcc

After that I have successfully executed the hello world app.

Thank God.

One good thing is that the packages “gcc” and “libgtk2.0-dev” are got from host app only. It is nice thing about Moblin.

Let us see with more code on Moblin.

After attending Intel Developer Network meeting regarding their Moblin community, I was really liked to install Ubuntu on my machine.

After a month, I got a Live DVD of Ubuntu 8.04 LTS. I was really stunned the way Ubuntu organize the installation steps. Wit 7 smart steps, you can install Ubuntu without any technical challenges. But I’ve faced issues in disk allocation in Live CD mode. The guided option is not soo smart. It tried to swallow my Windows partition. The manual option throws error. After that I came into installation mode and used manual disk allocation. This time Ubuntu installed successfully.

Once completed the installation, I have configured my Internet connection through my Wifi without any issues.

One thing I hate with major Linux distros is that they have installed most of the softwares under a same category. For example, for Programming, KDevelop, QtDesigner, etc have been installed. But Ubuntu is very clear on this. If you want then install.

Ofcourse, one thing I still feel bad is the unhealthy fonts.