Tuesday, May 13, 2008

OpenSSL security issue and Ubuntu response

The big news of the day is the openssl security issue with debian based systems.

A bit of an embarrassing story, the code involved in generating keys was patched to stop valgrind complaining about some uninitialised memory.

Unfortunately, this resulted in less entropy feeding into the key generation (as far as I can gather) and so there is an easy attack on the vulnerable keys.

Now whilst this is unfortunate, I think some praise is due to the way Ubuntu has handled the issue. After hearing about the problem this afternoon, I just fired up the update-manager and checked for updates.

Sure enough, there was a full set of openssl and ssh related updates to install.

I installed these and was greeted with a helpful dialogue which explained that the host key on my machine was one of the weak ones and had been regenerated. Further, it pointed me at a new command, ssh-vulnkey which can be used to check for bad keys.

So, whilst it is more than a little unfortunate that this problem has been around 2 years, kudos for getting out the fix so quickly and for the pain free way it has been rolled out.

Saturday, May 3, 2008

Prism apps in Hardy Heron

I've been using the Google Prism apps since moving to Ubuntu Hardy.

This blog has a good summary of how to install these applications in Hardy and what they are good for.

The short version is that prism runs web based applications as standalone applications.

I've found these prism apps a mixed experience. On the plus side, having gmail, google reader and the like separate from the browser is handy:

  • No longer accidentally closing the tab for one of these

  • More real estate for the application

  • Icons in the panel for the individual applications

  • Able to launch the apps from launchers such as gnome-do

The big down side is that you no longer get all the functionality that you get in the browser. For example, keyboard accelerators to increase/decrease font sizes. On the other hand, this can be a good thing if the web application itself is really well designed, since it is no longer restricted to the key and mouse events that the browser doesn't grab.

One other down side I've found is opening links from these apps. Sometimes they open a new prism window, sometimes they open in my browser. I haven't quite figured out how to control all this and it can be annoying not being sure where and how things are going to open.