Tracking The Shellshock BASH Vulnerability – News, Tools and Links

shellshockWith all the attention today to the Shellshock vulnerability, I need a place to keep track of it for my own purposes.  If this page or list helps anyone else, that’s great, but this is primarily a tool for me to capture what’s going on.  I intend to be updating it regularly while this is all happening.  Suggestions are of course welcome in comments.

Note that I have links here to discussion threads on Hacker News.  The comment threads are often fully of incredibly useful information.

Security Advisories

Testing Tools

News about actual exploits

News about the Shellshock vulnerability in general

Can You Please Help The Ottawa Linux Symposium?

Ols logoIf you have ever used the Linux operating system, could you please help out the Ottawa Linux Symposium (OLS)? For many years OLS has been one of the key events that has helped bring together people from all across the Linux community, and the connections made at OLS have helped to make the Linux operating system that much more powerful and useful. But… as organizer Andrew Hutton recounts on the OLS Indiegogo page, the event has fallen in a bit of a financial crunch and it is now not clear if there will be an OLS in 2015… or ever again.

Could you spare $10? $25? or even $50 or $100? (Or more?)

If so, please help fund OLS on the IndieGogo page!

I first attended OLS back in the early 2000s when I was living right there in Ottawa and working for first a startup called e-smith and then subsequently Mitel Networks. In looking at my list of presentations I can see that I spoke there several times… and the topics I covered take me back to a much different time:

  • 2004 OLS – Tutorial: Introduction to OpenPGP, GnuPG and the Web of Trust
  • 2002 OLS – Tutorial – Single Source Publishing Using DocBook XML
  • 2001 OLS – Maximizing Your Use of CVS

I still remember OLS as the incredibly passionate place where people connected…. and where I made so many connections and learned an amazing amount about Linux.

If OLS was ever important to you… or if Linux has been important to you… please consider donating to help the OLS organization get out of its financial hole and get moving ahead in future years. Organizer Andrew Hutton has poured his heart and soul – and personal money – into making OLS the incredible event it has been… now it would be great if we all can help him! Please consider donating!

Here are a few other viewpoints on the importance of OLS:

Please do donate if you can! THANK YOU!

Code.DanYork.Com Now Back Available Over IPv6

worldIPv6launch-256pxAfter a Reddit thread started up that briefly referenced a 2011 post I wrote about adding IPv6 to Node.js apps, I was contacted by a Redditor who was surprised that my site wasn’t available over IPv6!

HUH???

I was surprised, too, because this site is hosted on a dual-stack server at Hurricane Electric and has been accessible over IPv6 since June 7, 2011, right before the World IPv6 Day event.

But in checking into it… there was no AAAA record in DNS for “code.danyork.com” that would point to the server, so the report was indeed accurate. For regular users this site was not available over IPv6.

It turned out to be one of those system administration issues that can bite you.  A month or two ago, TypePad, the provider I still use for my personal DanYork.com site, experienced a severe DDoS attack that took many sites offline.  They recovered but in doing so changed the way that sites were referenced a bit.  I had to switch to using a CNAME instead of an IP address as I had been doing.  The problem there is that due to the “no CNAME at zone apex” rule of DNS, I could no longer use just “http://danyork.com” – I would have to switch to using “http://www.danyork.com/”.

The episode highlighted to me, though, the need to be sure I have “Test over IPv6” in my list of things to check after making any major changes to any of my sites!

I didn’t want to switch and so I moved the DNS for “danyork.com” over to CloudFlare to make use of their “CNAME Flattening” so that I could still use “danyork.com”.

However, in moving the DNS info from my previous DNS hosting provider to CloudFlare, I messed up.  I didn’t bring across the AAAA record for code.danyork.com.  Also, very bizarrely, I didn’t have the “Automatic IPv6” setting enabled for danyork.com – even though it is now supposed to be on by default for all new domains.

So the fix was simple – I added the AAAA record for code.danyork.com, and I also flipped the switch on the Automatic IPv6 gateway.  Now both code.danyork.com and danyork.com are fully available over IPv6.

ACM: Python Now The Most Popular Intro Language At Top US Universities

pythonlogo.jpgAs a long-time fan of the python language, I was intrigued by this post on the ACM’s blog: “Python is Now the Most Popular Introductory Teaching Language at Top U.S. Universities“. The post begins with a summary:

At the time of writing (July 2014), Python is currently the most popular language for teaching introductory computer science courses at top-ranked U.S. departments.

Specifically, eight of the top 10 CS departments (80%), and 27 of the top 39 (69%), teach Python in introductory CS0 or CS1 courses.

… and then goes into greater detail.  Of course, the moment you publish one of these “XXXXXX language is the most popular programming language” type of posts, you immediately get reflexive reactions from programmers who favor all the other languages out there…  and this Hacker News thread with 357 comments (so far) shows exactly that, with people either supporting the idea or ripping apart the article’s methodology and explaining why the author is wrong, wrong, wrong… 🙂

The programming language wars will always continue.  In the meantime, though, as someone who likes the python language, I’m pleased to see the uptake at universities around the U.S.  (and, as noted in the HN thread, by other universities around the world, too).

The Intersection of Github… and Babylon 5?

Lurkers guide to Babylon 5Back in the 1990’s I was a huge fan of the show “Babylon 5” for a great number of reasons. It remains, to this day, one of the best series I’ve ever watched on TV and I greatly admire the creator/writer, J. Michael Straczynski, for the narrative arc he used over the five year run of the series as well as the overall “universe” he created.

One of the web sites that those of us who enjoyed Babylon 5 frequently used was “The Lurker’s Guide to Babylon 5“. The pages there helped in the understanding of how all the pieces fit together and frequently offered glimpses of what was coming ahead. It was a great tool and reference source.

Today a Google search brought me back to that site although I hadn’t been there in years. And in visiting I learned that as of this past December the entire source for the website is now available on Github at:

https://github.com/sgrimm/lurkers-guide

It’s very cool that site creator Steven Grimm has made his site publicly available via Github. As he notes, others can now fork the code, send him updates via pull requests, etc.

It is also a great example of how I’ve told people that Github, and git in general, can be used for so much more than simply “source code” and that you don’t need to be a programmer to use it.

Plus… if you wander through some of the pages, like this one, it’s kind of fun to see references to how we used to get our information: “Stay caught up with the Usenet B5 discussions, which are often a great source of material.” 🙂

Cool stuff!

Fun Tool To Learn More About Git Branching And Merging

Want to learn more about how to work with branches in git? Confused about what “git rebase” does? By way of a post on Google+ I learned about this great tutorial site at: http://pcottle.github.io/learnGitBranching/

Learn git branching

You can step through a whole series of guided lessons (type “levels”) that walk you through all different aspects of using git – or you can type “sandbox” and go into a private area to play. All from the comfort of your own web browser.

More information (and the source code) can be found on Github at https://github.com/pcottle/learnGitBranching. There is a neat aspect of this where people can (and I guess have) contribute additional tutorial levels.

Very cool tool!

Use Google+? Join the Github and Git Communities

Github community on Google+Are you a Google+ use who is also interested in the git version control system and the Github hosting service?  If so, there are two of the new “communities” in Google+ that you may find of interest:

In the short time communities have been around on Google+, I’ve already found both of these communities to have very useful information and links in them related to Git and Github.  Well worth checking out and joining if you are a regular Google+ user.

And if you are a Google+ user, why not connect with me there?

P.S. We can also connect on Github.

SourceForge Redesigns Itself To Compete With Github

sourceforgeWhen I received an email today telling me that one of my ancient projects was being “upgraded” to the “new” SourceForge developer platform, I had to admit that I had no clue that SourceForge was even launching a new platform.

But sure enough, “The Next SourceForge” is out with a host of redesigned features that do look nice… and do remind me of everything that I currently use over on Github!

Of course, the project being “upgraded” is a small python app called “viewportfolio” that I wrote back in 2000 during the height of the .COM insanity when Red Hat’s stock had exploded and the tech bubble was all around us.

I last touched the code over 12 years ago!

I have no clue if it actually still works – and to be quite honest if I were to do anything with that app today, even to test it and make any fixes, I’d probably move it first to my Github account where I do all my work today.

But back twelve years, SourceForge was THE place where you hosted your project.  Everyone was using “SF” and it was where we all interacted for code.

Then, over time, it became a site so hideously overwhelmed with advertising that it was close to useless to interact with the site. And, well, more and more people started using the git version control system and for quite some time SourceForge seemed to still be wedded to SVN.

So I moved any new projects over to Github, as did many others that I knew, and I left SourceForge behind, only occasionally going in there when I needed to find older projects.  Even today, I’m working with someone who has a project on SF, but he’s moving that to Github in the next few weeks where I can work on it with him and where we’ll publicize it.

I applaud the folks behind SourceForge for launching “The Next SourceForge,” if for no other reason than that I do believe it is healthy to have competition around – and having another competitor for Github (there are several already) is a good thing in that it will continue to encourage innovation among the platforms providing project hosting services.

It’s also great to see the visual redesign of SF – a much cleaner interface and thankfully all the ads that were slathered all over the site seem to be gone.  And these new features do seem to be great improvements for projects hosted on SF.

Will “The Next SourceForge” prompt me to launch new projects on SF?  Or to stop migrating projects away?

Probably NOT.

The reality is that I’m now comfortably ensconced over on Github and I rather like it there. I guess I also trust the people/company behind Github more than I do Dice Holdings, the latest corporate overlord of SourceForge, in terms of being responsive to users and to continuing to improve the user experience.  Now this may be unfair… the folks behind SourceForge may be as equally committed as the folks behind Github… but one is a passionate startup and the other is part of a large publicly-traded company that is ultimately focused on helping connect employers and professionals with each other.

What about you?  Will “The Next SourceForge” get you to open new projects there? (Or to not migrate away?)

Github’s “Command Bar” Makes Site Navigation So Much Faster

Recently Github introduced a new “Command Bar” into the site that I simply have to comment on because I find it so useful. It’s sitting right up there at the top of the site looking like your garden-variety “search” box:

Github command bar blank

But in truth it is so much more than just a search box. As explained in the Github blog post, this “Command Bar” lets you perform tasks such as:

  • View a user’s profile
  • Go to a repository
  • List a user’s repositories
  • List issues
  • Search open issues
  • Jump to the wiki associated with a repo
  • See the graphs associated with a repo

As an example, I started typing in the name of one of the repos with which I work (a WordPress theme). You can see in the screenshot below the available commands that I can add to jump to various parts of the repo:

Github command bar

You can also enter a user’s name with the “@” sign before it to jump to that user’s profile. For example, I am “@danyork“.

All in all it’s a very cool way to quickly navigate through the Github site. Thanks to the Github team for adding this functionality… if you are on Github, give it a try!

Hell Hath Truly Frozen Over: Microsoft WindowsAzure Supports Linux

In the category of “Things I Never Thought I’d See In My Lifetime“, given all of Microsoft’s intense animosity toward anything related to Linux (ex. Steve Ballmer’s infamous “Linux is a cancer” quote), I was shocked – but pleased – to see that Microsoft’s WindowsAzure cloud platform is now supporting Linux virtual machines:

Linux virtual machines in Windows Azure

Now, it’s no surprise, on the one hand. If Microsoft wants to see WindowsAzure remain competitive as a cloud platform with Amazon Web Services (AWS), Rackspace Cloud and a hundred other vendors they need to support both Windows and Linux.

Still, given all the anti-Linux venom coming from Microsoft in those early years of Linux, I never thought I’d see this kind of change!