Rubenerd

It includes fixes and mitigations for six CVEs, rated from low to moderate. From the security advisory:

1. The Logjam man-in-the-middle attack
2. Malformed ECParameters causes infinite loop (CVE-2015-1788)
3. Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
4. PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
5. CMS verify infinite loop with unknown hash function (CVE-2015-1792)
6. Race condition handling NewSessionTicket (CVE-2015-1791)
7. Invalid free in DTLS (CVE-2014-8176)

All are rated moderate or low. Therefore, none worthy of their own website (well, maybe other than Logjam?). As usual, patch and so on.

Or, you could take your chances (as so many have told me to) and use a fork. If this software continues to have issues despite being entrenched and a de facto standard, I'm sure your offshoot with huge swaths of code changes and far less testing will be more secure.

(Update: freebsd-update now fetches the newer openssl and libssl packages).

Yeah, I know, top posting.

For those of us without a choice, Thunderbird and SeaMonkey let us top post above an original email, but it will still append your signature to the bottom. I dislike this, because it looks rude. If your signature contains your thanks and salutations, chances are people won't see it.

Fortunately, we can change it.

1. Go to Account Settings
2. Choose your email account from the sidebar
3. Choose Composition & Addre... (truncation is bad because it...)
4. Choose "below my reply (above the quote) from "place my signature"

The great thing is this can be defined for different accounts. For example, my newsgroup accounts use bottom posting with signatures in the right place.

Under an Ars Technica article on EU copyright law, edwald commented:

Another reason to use proxies or VPN in Europe is the legislation that forces the dubbing of foreign films and tv material to the local language. This heinous practice, which one suspects is primarily an employment program for talentless actors, completely ruins most such material. So, for instance, even if a US-made TV series is nominally available and broadcast in European countries -Austria, say- the material is unwatchable and one must find it by other methods, to enjoy the unadulterated original.

Bluster aside, this is a solid point. I can't say how many times I've sat down to watch a Cantonese movie with Clara, only to hear Mandarin instead. Singapore does this routinely with Chinese–but–not-Mandarin material.

As with anime and other foreign (to me) movies and shows, I'd much rather read subtitles and have the series as originally voiced. There will always be subtleties that won't carry over. It's also just not as fun.

After a bit of an Overnightscape sabbatical, I've been listening to Frank Nora's podcast again. He was a defining voice of my late teens and early twenties, from my first full time job to my earliest years at university. It's like meeting with a dear friend I haven't seen for a while.

(I discussed this in more detail in Rubenerd Show 275).

A few things have changed about The Overnightscape, most notably the inclusion of a regular Other Side segment where he blasts from the past, interspercing everything from 80s television commercials to current Creative Commons tunes. It's almost scary how our interests intersect.

Of note was this glorious song, which Frank featured on episode #1177. It's as though Tears for Fears started getting silly, then resumed recording songs in 2013 with all their 80s synth effects and drums.

You can call me khaki,
Because those are the pants I wear...
I don't mean to be rude,
But I think you're mad.
And looking real stupid tonight!

Smooth jazz will forever be my first love, but I also harbour a deep passion for 80s sound. It goes beyond simple nostalgia into something I can't quite explain. It moves me. I like to think it was because my dear late mum insisted on blasting the radio while I was being born, in 1986 naturally :').

This song captures that essential sound, with a silly sense of humour to boot. Now look at my pants! ♫

Update 2019: The original audio is gone, so I've linked to it on YouTube instead.

A project I'm working on requires the addition of custom http headers. As with so much of nginx's (refreshingly simple) syntax, this is trivial to achieve with the NginxHttpHeadersMoreModule:

http {
  add_header X-Backend-Server 'Windows for Workgroups 3.11';
  add_header X-Content-Type-Options 'nosniff';
}

Problem was, I'd reboot nginx as below, then even tried restarting, but the headers wouldn't appear.

# /usr/local/etc/rc.d/nginx reload
# /usr/local/etc/rc.d/nginx restart

The first thing to check is whether our nginx has the aforementioned module. If a test of our configs returns clean with the above directives, we do.

# nginx -t

Despite the configs being reported clean, the headers still didn't appear. I was about ready to start hitting my own head–er against the wall–er.

Not to get all Malcolm Gladwell on you again, but turns out nginx only processes the deepest directives. Because I'd defined a header in a lower block, the higher ones weren't appearing. An example illustrates this:

http { 
  add_header X-Wont-Appear 'sadface';
  server {
    add_header X-Will-Appear 'yay!';
  }
}

I heard you like logic errors, so I put a directive in your directive so the original is discarded. It would be useful if nginx reported this; maybe NGINX Plus does ;).

Podcast: Play in new window · Download

49:04 – Topics include Hornsby, Singapore, New York City, the northern suburbs of Sydney, BBEdit, small business “startups”, commutes, Sydney Trains, Singapore MRT, scary parking, air suspension on Range Rovers, Australian Aboriginal names, Malaysia, Kuala Lumpur, New names, the VW Beetle, COEs, wanderlust, living out of boxes, The Overnightscape, the alleged Podcast Renaissance, discovering parks, and choosing alternate diverging time travel paths.

Recorded in Sydney, Australia. Licence for this track: Creative Commons Attribution-ShareAlike 3.0. Attribution: Ruben Schade.

Subscribe with iTunes, Pocket Casts, Overcast or add this feed to your podcast client.

On Debian, the debian_version shows the recipe for a pretty amazing cinnamon banana smoothie. On Ubuntu, it shows the Debian release the current release of Ubuntu was based on.

For example on Ubuntu 14.04 LTS:

$ cat /etc/debian_version
==> jessie/sid

I raise this, because at work we were attempting to detect the OS and version based on this file. Suffice to say, for this end you're better using lsb_release.

$ lsb_release -d
==> Description: Ubuntu 14.04.2 LTS

John Gruber recently blogged about the departure of Brent Simmons from Q Branch, the company that built his Vesper notes application.

For Q Branch and Vesper, life goes on. We don’t have anything to announce today, other than that this is not the end.

The title of this post was derived from The Talk Show 91.

I've now been subscribed to Wrike's email newsletters, whick I never asked for. Here was the first subject line:

Time-saving Updates to Start Your Summer

They have my address, they know I'm in the southern hemisphere. I'm going to assume they were sending me this six months early, rather than they didn't bother to check.

Wrike is a project management site we trialled for work. It's okay.

While cleaning some virtual space, I found this old photo taken in Balmoral Park. A few months later, we'd moved back to Sydney from Singapore.

All those machines are with me and still work, albeit in more limited capacities. I'm still a K-On! fan. And I still lament having to live out of boxes, now that I'm moving again.

One day I'll have permanency, you wait and see!