PAM bug hit Debian and others

It has been years since PAM was hit by a serious bug in PAM, but people who upgrade to libpam-systemd version 44-1 can find that sudo stops working. Reading the bugreport on Debian and FreeDesktop.org it doesn’t look promising as it also effects other distributions. For now it may be wise put systemd on hold in case the package transfers from unstable to testing.

A goodbye to Java

In the past I already removed Flash and Mono from my systems due to security concerns, but since CVE-2011-3544 it was the final call for Java. It took some dependency checking as Debian was replacing OpenJDK with GCJ or vice versa in most cases, but the command below finished that on a lot of systems. I said farewell to NetBeans a long time ago since it was to slow on my system and the only thing left was LibreOffice Base that needed to be removed as well.

$ sudo apt-get remove --purge libgcj12 libgcj-common gcj-4.6-jre-headless \
    libgcj12-awt default-jre-headless

This action also made me wonder about the state of LibreOffice as it is mainly a big blob of code on the system like Firefox is as well btw. I read on there website somewhere that making Java an option is a long term goal, but will it be enough? For now it should be, as I prefer my documents in OpenDocument-format. When the next GTK3 based version of Abiword and Gnumeric are released I need to do some testing again to see if they support OpenDocument now better.

Blocking the piratebay

In a previous post it became clear that censorship in The Netherlands has started. Due to the nature of the Internet and how it has been implemented in most lands, it means there is no central point of control to stop all to an IP-address. This means every network owner needs to take action, but how do they do it?

In the case of thepiratebay.org it looks like it has been done by manipulating DNS-answers. The first attempt is just using the DNS-resolver from the internet access provider and the second is an attempt using Google public resolvers.

$ dig thepiratebay.org

; < <>> DiG 9.8.1 < <>> thepiratebay.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 6811
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;thepiratebay.org.		IN	A

;; ANSWER SECTION:
thepiratebay.org.	10	IN	A	194.109.6.92

;; ADDITIONAL SECTION:
thepiratebay.org.	10	IN	TXT	"Forged by XS4ALL for Stichting B.R.E.I.N."

;; Query time: 19 msec
;; SERVER: 192.168.178.1#53(192.168.178.1)
;; WHEN: Sat Feb  4 08:15:35 2012
;; MSG SIZE  rcvd: 104

$ dig thepiratebay.org @8.8.8.8

; <<>> DiG 9.8.1 < <>> thepiratebay.org @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 4847
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;thepiratebay.org.		IN	A

;; ANSWER SECTION:
thepiratebay.org.	2596	IN	A	194.71.107.50

;; Query time: 26 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Feb  4 08:16:16 2012
;; MSG SIZE  rcvd: 50

By just changing DNS resolvers on the client or internet router the censorship can be bypassed for now. The question remaining is how long this is going to stand when the first article is published by a big computer magazine on how to bypass it. Or when sites also get an .onion to bypass DNS completely.

Censorship in China^WThe Netherlands

A picture says more than a thousand words, but censorship in The Netherlands has started thanks to Stichting Brein.

As from now all my DVD’s are for sale on Bol.com and yes in March I’ll join the month of not spending a penny on the entertainment industry which was proposed for SOPA and PIPA. It only make me wonder how ACTA is going to influence the Internet when it gets approved.