Content here is by:
Michael Still
mikal@stillhq.com
All my Open Source projects
Online CVS server
Extracted view of CVS
Home
Site map
|
| May 2008 |
|---|
| Sun |
Mon |
Tue |
Wed |
Thu |
Fri |
Sat |
| |
|
|
|
01 |
02 |
3 |
| 04 |
5 |
06 |
07 |
08 |
9 |
10 |
| 11 |
12 |
13 |
14 |
15 |
16 |
17 |
| 18 |
19 |
20 |
21 |
22 |
23 |
24 |
| 25 |
26 |
27 |
28 |
29 |
30 |
31 |
|
ImageMagick book
MythTV book
|
 |
|
 |
|
Sun, 08 Apr 2007
|
|
|
|
|
 |
|
 |
|
gtalkbot 1.3
The next version of gtalkbot is out. New things in this release:
- Optionally turn off authentication of clients
- Status messages suck a bit less now
- New sensors and mdstat commands for the system plugin
Get it here.
Tags for this post: gtalkbot( )
posted at: 14:56 | path: /gtalkbot | permanent link to this entry
There are no comments on this post which have survived moderation. 5 posts have been culled and 0 blocked. Be the first to make a non-spam comment here, please!
|
|
|
|
|
|
|
|
|
Thu, 01 Feb 2007
|
|
|
|
|
|
|
|
|
Hey look, Secunia reads FreshMeat!
I hope no one is paying Secunia for their security advisories. I release gtalkbot 1.0 (where you had to pass the GTalk user name and password on the command line), and then changed that behaviour in 1.1. The Secunia rocket scientists figured out all by themselves that this was bad. Bad enough for a security advisory?
A security issue has been reported in gtalkbot, which can be exploited by malicious, local users to disclose sensitive information.
The problem is that certain user credentials are passed to the application as arguments on the command line. This can be exploited to gain knowledge of usernames and passwords of other services via the process list.
The security issue is reported in versions prior to 1.1.
Ummm, the GTalk account is created for the purpose, and so it's not uber secure anyways. In fact, it's only visible to local users, who are presumably trusted anyways given that gtalkbot also needs the unauthenticated telnet interface to MythTV enabled to work. Wow. I assume that Secunia just reads every FreshMeat security release, and makes an announcement about it. Oh, and those three nearly paragraphs took over two weeks!
Update: but wait, there's more! I made it into the US Federal Government's vulnerability database too, complete with an incorrect "Authentication: Not required to exploit". I guess the Feds can't read python code?
Update: perhaps Secunia is just reprinting this lame advisory? Do these people just reprint each other's work all the time? Again with the hoping people aren't earning money by making suckers think they're helping...
The fun continues: yay for SecWatch and systembodyguard!
Tags for this post: gtalkbot()
posted at: 16:08 | path: /gtalkbot | permanent link to this entry
There are 2 comments on this post, and 1 comments which didn't survive moderation. 1 were blocked by trained gerbils. Click here to see them.
|
|
|
|
|
|
|
|
|
Mon, 15 Jan 2007
|
|
|
|
|
|
|
|
|
gtalkbot 1.2
Yet another version. This one also has the path to the password file in the config file, and fixes a bug with the "query location" command in the MythTV plugin. Download it here.
Tags for this post: gtalkbot()
posted at: 15:14 | path: /gtalkbot | permanent link to this entry
There are no comments on this post yet. Be the first to make one.
|
|
|
|
|
|
|
|
|
Sat, 13 Jan 2007
|
|
|
|
|
|
|
|
|
gtalkbot 1.1
This version now has a config file with the username and password to connect to stored in it, along with the path to the plugins directory. This is much more secure... Download it here.
Tags for this post: gtalkbot()
posted at: 14:33 | path: /gtalkbot | permanent link to this entry
There are 1 comments on this post, and 0 comments which didn't survive moderation. 0 were blocked by trained gerbils. Click here to see them.
|
|
|
|
|
|
|
|
|
Sat, 30 Dec 2006
|
|
|
|
|
|
|
|
|
Renaming mbot to gtalkbot
I'm renaming my mbot to gtalkbot to stop if clashing with mbot.
Source for 1.0 is now here.
Tags for this post: gtalkbot()
posted at: 13:39 | path: /gtalkbot | permanent link to this entry
There are no comments on this post which have survived moderation. 116 posts have been culled and 164 blocked. Be the first to make a non-spam comment here, please!
|
|
|
|
|
|
|
|
|
Mon, 20 Nov 2006
|
|
|
|
|
|
|
|
|
mbot: new hotness in Google Talk bots
I've been meaning to release this for a while, but haven't had a chance in the last month or so. Therefore, instead of writing it up fully I'm just going to put it online and document it better when I get the chance.
mbot is a Google Talk / Jabber bot engine, which works by loading plug ins (it calls them modules) which register verbs. These verbs are the first word on an instant message line, and are handed to the module when a registered verb appears (along with the rest of the line).
The source download includes a sample module, which implements instant messaging access to the MythTV network control interface and on screen display functionality. mbot is in fact a refactoring of a bot which originally did just the MythTV bits without pretending to be modular.
Mad props to PyXMPP for making the Google Talk / Jabber bits easy, the BZR folks for their excellent sample of how to do plug ins, Jaq for telling me my code sucks, and the Sydney office for giving me somewhere with quiet evenings to write code.
Anyway, better documentation later when I get a chance.
Tags for this post: gtalkbot()
posted at: 10:56 | path: /gtalkbot | permanent link to this entry
There are no comments on this post yet. Be the first to make one.
|
|
|
|
|
|
|
|
