The SSH/SSL vulnerability: what you should know

I wasn't going to post about this, but it seems that, for my own sanity, I must. As you might know by now, a Debian Security Advisory came out, talking about a problem that affected the OpenSSL package, not only for Debian but for its derivatives too, like Ubuntu.

My first two remarks, and probably the most important ones for my thoughts about this issue:

• If what you know about this issue is what you read on Slashdot, YOU'RE WRONG. Even the news itself is wrong, and the comments are clueless, written by people that don't know shit about what are they talking about. Worse than useless, that story on /. is disinformative.
  
• If you think that this issue only affects users of Debian and Debian-derivatives, think twice. Any Linux/Unix/*BSD system is vulnerable that grants access to a key that was generated on an affected Debian or Ubuntu system. Erich has a simple yet good explanation on why.

Now, my stand on the issue: if you really feel the need to mock, criticize or otherwise comment about this issue, make yourself and me a favour, and avoid making a fool of yourself. In other words, find out what really happened, what is this all about and make your own oppinion based on facts, instead of just falling into the absurdity that spreaded over, saying silly stuff like "Debian does not contribute to upstream" (what a joke, did you ever read the Debian Social Contract?), or "Debian shouldn't make security fixes". As a matter of fact, John Goerzen wrote an interesting article about some of those things and why they are wrong.

So, to help you a little, here's a small list of articles you might want to read about the issue:

• Zak


• Daniel


• Erich


• Aigars


• Goerzen


• Zak (again)


• Steve

Yes, it was an unfortunate thing to happen. So, go fix your stuff and leave me alone.

Tidbits

Whom rights?

If you're an interested in the developments of the music industry like I am, you'll bump into the sentence "rights of content owners" countless times. 10,200 is the number given by Google if you search for that term. Which doesn't cease to scare me, because people are really serious about talking about it. Shouldn't they be talking about authors rights instead?

Merankorii's new CD

Talking about music, I just announced in Merankorii's blog that Merankorii's 6th release is getting out tomorrow. This is going to be a limited edition CD split with two other bands: Ancestral and Njiqahdda. A new track from the album can already be downloaded from <Merankorii's MySpace, following Merankorii's one free track per month inniciative.

NIN, Radiohead, ColdPlay...

And this leads me to another thing I was planning to blog about for quite a long time. Some people ask me, knowing my thoughts about music 2.0, the fact that I have a musical project and a micro-label, why don't I "go free". Well, going free is great. I'm a heavy supporter of free music. I have lots of music freely available, all my tracks are licensed with Creative Commons but one - that is in Public Domain. Yet, there are things you can do and things you can't. See, some people sometimes tell me that "it's hard to have a band" or that "it's hard to have a label". No - I think that they're wrong. Having one of those has never been easier. But when you say that "my band drains all my money" I have to argue that, well, probably you aren't managing it the right way. See, NIN (above all, Radiohead and ColdPlay experiments can't measure against Nine Inch Nails in terms of concept exploration and free music money making) have the means (number of "true fans", number of listeners, awareness, carreer, investment budget,...) to do what they do, the way they do. I don't take Trent Reznor any credit for being so: I'm convinced that if he hadn't those means he would manage to do what he wanted to anyway. But doing things "the NIN way" works if you're NIN, won't probably work if you're not. So, each Noori Records release works its own way, and the same thing applies to Merankorii. Surely: I could give all Merankorii music for free, earn from ads and tips. But then I couldn't manage to have profit (which gives me increasing financing budget for both the band and the label) while making physical releases, and both me and some of Merankorii's fans wouldn't be happy without those. For those that think that music must be free, that want Merankorii's tracks but not pay for them, well, they'll have'em anyway, but one track per month. Also, when you have "pay as you want" albums and you can buy the music for a price from $1 to $20 USD, you'll only have to spend a couple of dollars if you're really in a hurry.

Free Software

To end this blog post, and keeping the talk on "Free", I'll end leaving you with a great letter that I'll resume as "Free Software - making the world a better place".

Debian Barcamp-style event to happen in Portugal

At the 16th of August 2008, in Aveiro (Portugal), an event called DebianDayPT 2008 will happen, in comemoration of the 15th Aniversaty of the Debian Distribution.

This meeting aims to gather all those interested in Debian GNU/Linux distribution or in the Debian Project. Yet, it is a meeting open to all, including those not familiar with Debian or Linux.

It aims to:

• create awareness of Linux, and Debian in particular
• Celebrate Debian's 15th Anniversary
• exchanging knowledge, thoughts and ideas about Debian GNU/Linux
  

They're going to be Presentations, Workshops and networking opportunities. It will start at 10am and end by 17:45.

Know more about this event at http://www.debianpt.org/debiandaypt.

Underneath It All (Nine Inch Nails Tribute)

I'm not really into Nine Inch Nails, but since I know quite a few readers of this blog are fans of NIN, and since I think this compilation is going under the radar, here's some pub:

Underneath It All (Nine Inch Nails Tribute) is a free 2CD's compilation in digital format, a tribute with 31 NIN covers. It was released today, and can be freely downloaded here.

The artwork, where the track listing is, can be viewed and downloaded here.

Lest we Forget

While with silence in this blog, the last two days were spent in rememberance.

In the 25th, here in Portugal, is a day to celebrate Freedom, since it was in the 25th of April that Portugal got rid of an oppressive regime. I could write countless words about the importance of this event, but instead I'll just leave you with a post about the 25th of April and Freedom.

In the 26th, time to mourn and manifest. The 22nd anniversary of Chernobyl Nuclear Disaster. Anti-Nuclear Artists from all over the world decided to mark this day by releasing the (free, creative commons) "Anti-Nuclear Music Compilation". I participated with an unreleased Merankorii track. Know more about this compilation here.