In overnight news, I’m now on both the softmac bcm43xx drivers. Thanks to Rene Engelhard for letting me at his upload-ready builds while they idle in the Debian NEW queue. They worked OK in the unicol lounge, but I’ve not yet had them in the real world (“lecture theatres”) so I still have the dscape drivers lying around as backup.
I also (as of 2am) have now upgrade to the new, 9base-based wmii 2.5.1 and already hit my first 9base bug. (Date doesn’t handle “NZDT”, unclear if it’s 9base’s fault yet). It’s close enough to the 2.2 I was using before that I don’t envision too many issues. ^_^ The main problem apps (rdesktop and mplayer) appear to be working fine. I had to build both from source, as wmii’s not been uploaded from the autobuilder, and 9base appears to have had three from three buildd failures although not on major architectures (ie PPC) yet. The main improvement is that it no longer warps my mouse to the top-left corner on frame change… Now if I could get the bottom-bar to show the multiple windows open in a frame, I could dispense with that line entirely and get an extra line visible on my xterms. ^_^
More Debian miniconf today. Like all really good technical people, it didn’t start until 10am. On the other hand I was here at 8:45 to give myself time to sort out any bcm43xx issues. (Apart from having to manually put either the channel or AP address into iwconfig sometimes… I think it doesn’t failover properly.) So I spent an hour on email, and IRC discussions of the awfulness of MS Exchange and the wonders of Japanese schoolgirl porn DVDs.
First up, Matthew Palmer presented a delve into the mechanics of the .deb format and dpkg’s handling of it. This was quite interesting, and faster than reading all the docs (Policy, dpkg manual, lord knows what else!) and I hope sets the tone for today to “technical”.
Next, Russel Coker presents SE Linux, and where Debian stands with it. It seems that Debian was his initial target, but it proved too resistant at the time and he’s gotten it into Fedora Core instead. As I recall, SE Linux support has been slowly working its way into Debian, so we might be seeing the “targetted” policy, which is what FC installs by default, working its way into Debian installs sooner or later.
Targetted policy is a policy designed to lock-down and affect only daemons that are either large and complex, or have a history of security issues (former eg. Apache, latter eg. bind, dhcp-server). This way it doesn’t interfere with normal usage or workflows, although it therefore doesn’t protect user login sessions.
SE Linux is hard… I think I get it, and at the same time I think I don’t. I maybe ought to do the hands-on tutorial on Thursday, but it clashes with too many things I want to attend.
Oh, MLS is both fairly clear and interesting. Basically, on top of the DT model, this allows levels (eg Top Secret, Secret, Classified and Unclassified, but it’s arbitrary) to be assigned to both programs and objects. Apart from certain exceptions (specially authorised users/programs) this means that a less-secure program cannot read a more-secure object, but can write to it, and a more-secure program cannot write to a less-secure object but can read it. This prevents accidentally declassifying information, and is something the military already does, apparently.
It’s slightly more complicated, because programs have more than one level at once… If a program has only a level matching an object then it’s read-write. If a program has a matching level and a higher level than the object, it’s read-only, preventing “write-down”. If the program has no levels greater than or equal to the object’s level, then it’s not readable, preventing “read-up”. I presume at no point does it become write-only, because that’s kinda daft… *flicks hair* — Security Barbie
And now, lunch… Well, I just took a penicilin capsule, so I’ve gotta wait half an hour… Just got bdale to explain his method of doing keysignings without needing a trusted printout of the list. ^_^ While I’m bumming around, might see if I can get any joy out of this atheros card with the driver from http://ath-driver.org
Edit: That’s perpetuating, not pepetuating. WordPress needs a spellchecker.