Security never stops, now does it?

Fixes include:

It was possible for users in the Group Admin and User Admin groups to become a member of the Root group (reported by Samuel M. Stone, bug #135).

Being admin for a certain area (e.g. Story Admin for stories) made it possible to delete all objects in that area (e.g. stories) even if the user was not supposed to have access to them, provided the id of the object was known.

It was possible to delete other people’s personal events if you knew the event ID.

It was possible to browse through the comments of a story even if the user did not have access to the actual story (reported by Peter Roozemaal).

Due to an XSS issue, it was possible to change someone’s account settings (including the password) if you got them to click on a specially crafted link (reported by Jelmer, fix suggested by Vincent Furia).
The comment display suffered from the possibility of an SQL injection (reported by Jelmer).

It was possible to inject Javascript code in the calendar (reported by Jelmer).

It was possible to execute (but not save) Javascript code in the comment preview (reported by Jelmer).

-david macias

A bit of a dark song, with some hard rifs. To me the song talks about having someone you need help from and they not being able to do so. Perhaps the truth of their futility causes the singer to ask for that person to stay in shadow and be away from the light. Maybe by being in shadow the truth will not be as painful.

-david maciasStay In Shadow

So cold that you cannot cope
With a frozen heart
I guess we blow apart
I guessed it from the start

Stay in shadow
I?ll run this world out
Stay in shadow
It?s running out of time
Stay in shadow
I want to watch it drown
Stay in this now

Don?t say because you can?t
Say what we should have been
Don?t show what I resent
Don?t know cause I forget

So cruel to be so blind
Darkness was on my side
Now that you?ve come and gone
I know where I belong

Light is leaving as I watch you go
Light is leaving inside of my soul

Attended the MLK march conclusion to hear the main speaker (the President of Prairie View A&M) He was good as well as the speech by the congreman for that area. Best part was a quote which I will try to paraphrase:



“Do not fear the actions of the bigot, but the inactions of the good people.”

I took this picture at a Pittsburgh museum, the model actually moved. Definetly a fun trip and the amazing detail was great. Took around 2 years to build the whole model.

Like there is not enough sendmail information on the net here is a quick and dirty tip for you.

Synopsis:

Want to send one email to multiple receipients/users using sendmail here is how.Edit the virtusertable file and add the user and the alias where the email will go to. The alias is a group name.

vi /etc/mail/virtusertable
user1@dmacias.org   DM-group

Save and close the file, and now make the file

cd /etc/mail
make

Now it is time to add your aliases, but before you do that make sure that you sendmail.mc file has the correct location for the aliases file.

vi /etc/mail/sendmail.mc

If you made any changes to the sendmail.mc file then you must change the cf file. You do that with the following command.

m4 sendmail.mc > sendmail.cf

Now make or edit the aliases file in whatever location you specified in the sendmail.mc file. I use the /etc/mail/ folder for all my sendmail files.

vi /etc/mailaliases
DM-group: user1@domain.com, user2@domain.com

I added two recepients in my DM-group, now you have to map the aliases.

newaliases

And presto all you need to do is restart sendmail

/etc/rc.d/init.d/sendmail stop
/etc/rc.d/init.d/sendmail start

In case you missed it there was a story in the Today show about blogs and bloggers.

Note: I refuse to link to MSNBC since they do not display properly using Opera but their website works using IE. Lazy webmasters.The story talked about mainly teens and what is a blog. They had a guest who talked about blogs being a close community of usually people who knew each other and mostly blogs were about things that talked about their everyday lives. However, what struck me the most was the fact that bloggers are willing to really share their true feelings in public yet they are not likely to share their feelins with their parents. Really strikes me as odd, or perhaps I am growing up.

-david macias