The SeBlog: March 2005

Wednesday, March 30, 2005

Why it pays to find bugs...

It seems good work has paid for Michael Krax. The Mozilla foundation has awarded him $2,500 —he'd have preferred 2,500 euros— for 5 security bugs (fixed in Firefox 1.0.2; have you upgraded yours?). Says Chris Hofmann:

"We developed the bug bounty program to encourage and award community members who identify unknown bugs in the software. This program is one of the many ways the Mozilla Foundation produces safe and secure software for its users."

The Mozilla Security Bug Bounty Program is designed to encourage security research in Mozilla software and to reward those who help us create the safest Internet clients in existence. Reporters of valid critical security bugs will receive a $500 (US) cash reward and a Mozilla T-shirt.
The Bug Bounty program was founded in 2004 with funding from Linspire and Mark Shuttleworth. Since its inception the Mozilla Foundation has awarded bug bounties to five participants. The previous winners were awarded on Sep 14, 2004: Marcel Boesch, Gael Delalleau, Georgi Guninski, and Mats Palmgren.

Tuesday, March 29, 2005

Color depth statistics in Awstats

I'm a big fan of Awstats (a log file analyzer). However one of the miscellaneous statistics missing is color depth (and it seems it's been promised "in the next version" for a long time). If you use the awstats_misc_tracker.js file to track things such as screen size, javascript usage and flash capabilities, you may benefit from the tip below to track screen color depth.
Just add the following lines in your awstats.XXX.conf file, near the part where you configure the extra sections:

ExtraSectionName1="Color depth"  
ExtraSectionCodeFilter1="200 304"  
ExtraSectionCondition1="URL,\/js\/awstats\_misc\_tracker\.js"  
ExtraSectionFirstColumnTitle1="Color depth in bits"  
ExtraSectionFirstColumnValues1="QUERY_STRING,cdi=([^&]+)"  
ExtraSectionFirstColumnFormat1="%s"  
ExtraSectionStatTypes1=P  
ExtraSectionAddAverageRow1=0  
ExtraSectionAddSumRow1=1  
MaxNbOfExtra1=5  
MinHitExtra1=1

In a common-person oriented website I manage (as opposed to techies), 75% have 32 bit depth, 18% have 16 bit, 5% have 24 bit and 2% have just 8 bit (that's 256 colors). I'll have to use my screen in 16 bit mode once, so as to check how things look.

Tuesday, March 8, 2005

Funniest (and Geekiest) Spam Ever

(from expert@linux-mandrake.com)
DEAR SIR/MADAM:

I AM MR DARL MCBRIDE CURRENTLY SERVING AS THE PRESIDENT AND CHIEF EXECUTIVE OFFICER OF THE SCO GROUP, FORMERLY KNOWN AS CALDERA SYSTEMS INTERNATIONAL, IN LINDON, UTAH, UNITED STATES OF AMERICA. I KNOW THIS LETTER MIGHT SURPRISE YOU BECAUSE WE HAVE HAD NO PREVIOUS COMMUNICATIONS OR BUSINESS DEALINGS BEFORE NOW.

MY ASSOCIATES HAVE RECENTLY MADE CLAIM TO COMPUTER SOFTWARES WORTH AN ESTIMATED $1 BILLION U.S. DOLLARS. I AM WRITING TO YOU IN CONFIDENCE BECAUSE WE URGENTLY REQUIRE YOUR ASSISTANCE TO OBTAIN THESE FUNDS.

IN THE EARLY 1970S THE AMERICAN TELEPHONE AND TELEGRAPH CORPORATION DEVELOPED AT GREAT EXPENSE THE COMPUTER OPERATING SYSTEM SOFTWARE KNOWN AS UNIX. UNFORTUNATELY THE LAWS OF MY COUNTRY PROHIBITED THEM FROM SELLING THESE SOFTWARES AND SO THEIR VALUABLE SOURCE CODES REMAINED PRIVATELY HELD. UNDER A SPECIAL ARRANGEMENT SOME PROGRAMMERS FROM THE CALIFORNIA UNIVERSITY OF BERKELEY DID ADD MORE CODES TO THIS OPERATING SYSTEM, INCREASING ITS VALUE, BUT NOT IN ANY WAY TO DILUTE OR DISPARAGE OUR FULL AND RIGHTFUL OWNERSHIP OF THESE CODES, DESPITE ANY AGREEMENT BETWEEN AMERICAN TELEPHONE AND TELEGRAPH AND THE CALIFORNIA UNIVERSITY OF BERKELEY, WHICH AGREEMENT WE DENY AND DISAVOW.

IN THE YEAR 1984 A CHANGE OF REGIME IN MY COUNTRY ALLOWED THE AMERICAN TELEPHONE AND TELEGRAPH CORPORATION TO MAKE PROFITS FROM THESE SOFTWARES. IN THE YEAR 1990 OWNERSHIP OF THESE SOFTWARES WAS TRANSFERRED TO THE CORPORATION UNIX SYSTEM LABORATORIES. IN THE YEAR 1993 THIS CORPORATION WAS SOLD TO THE CORPORATION NOVELL. IN THE YEAR 1994 SOME EMPLOYEES OF NOVELL FORMED THE CORPORATION CALDERA SYSTEMS INTERNATIONAL, WHICH BEGAN TO DISTRIBUTE AN UPSTART OPERATING SYSTEM KNOWN AS LINUX. IN THE YEAR 1995 NOVELL SOLD THE UNIX SOFTWARE CODES TO SCO. IN THE YEAR 2001 OCCURRED A SEPARATION OF SCO, AND THE SCO BRAND NAME AND UNIX CODES WERE ACQUIRED BY THE CALDERA SYSTEMS INTERNATIONAL, AND IN THE FOLLOWING YEAR THE CALDERA SYSTEMS INTERNATIONAL WAS RENAMED SCO GROUP, OF WHICH I CURRENTLY SERVE AS CHIEF EXECUTIVE OFFICER.

MY ASSOCIATES AND I OF THE SCO GROUP ARE THEREFORE THE FULL AND RIGHTFUL OWNERS OF THE OPERATING SYSTEM SOFTWARES KNOWN AS UNIX. OUR ENGINEERS HAVE DISCOVERED THAT NO FEWER THAN SEVENTY (70) LINES OF OUR VALUABLE AND PROPRIETARY SOURCE CODES HAVE APPEARED IN THE UPSTART OPERATING SYSTEM LINUX. AS YOU CAN PLAINLY SEE, THIS GIVES US A CLAIM ON THE MILLIONS OF LINES OF VALUABLE SOFTWARE CODES WHICH COMPRISE THIS LINUX AND WHICH HAS BEEN SOLD AT GREAT PROFIT TO VERY MANY BUSINESS ENTERPRISES. OUR LEGAL EXPERTS HAVE ADVISED US THAT OUR CONTRIBUTION TO THESE CODES IS WORTH AN ESTIMATED ONE (1) BILLION U.S. DOLLARS.

UNFORTUNATELY WE ARE HAVING DIFFICULTY EXTRACTING OUR FUNDS FROM THESE COMPUTER SOFTWARES. TO THIS EFFECT I HAVE BEEN GIVEN THE MANDATE BY MY COLLEAGUES TO CONTACT YOU AND ASK FOR YOUR ASSISTANCE. WE ARE PREPARED TO SELL YOU A SHARE IN THIS ENTERPRISE, WHICH WILL SOON BE VERY PROFITABLE, THAT WILL GRANT YOU THE RIGHTS TO USE THESE VALUABLE SOFTWARES IN YOUR BUSINESS ENTERPRISE. UNFORTUNATELY WE ARE NOT ABLE AT THIS TIME TO SET A PRICE ON THESE RIGHTS. THEREFORE IT IS OUR RESPECTFUL
SUGGESTION, THAT YOU MAY BE IMMEDIATELY A PARTY TO THIS ENTERPRISE, BEFORE OTHERS ACCEPT THESE LUCRATIVE TERMS, THAT YOU SEND US THE NUMBER OF A BANKING ACCOUNT WHERE WE CAN WITHDRAW FUNDS OF A SUITABLE AMOUNT TO GUARANTEE YOUR PARTICIPATION IN THIS ENTERPRISE. AS AN ALTERNATIVE YOU MAY SEND US THE NUMBER AND EXPIRATION DATE OF YOUR MAJOR CREDIT CARD, OR YOU MAY SEND TO US A SIGNED CHECK FROM YOUR BANKING ACCOUNT PAYABLE TO "SCO GROUP" AND WITH THE AMOUNT LEFT BLANK FOR US TO CONVENIENTLY SUPPLY.

KINDLY TREAT THIS REQUEST AS VERY IMPORTANT AND STRICTLY CONFIDENTIAL. I HONESTLY ASSURE YOU THAT THIS TRANSACTION IS 100% LEGAL AND RISK-FREE.

The SeBlog