XOrg 6.9 and later come with a new evdev driver. Configurations using the old evdev protocol hack no longer work. So here’s an updated version of my old MX1000 configuration:
- Build a udev rule to give the mouse device a static name: I’m using
ACTION=="add", \ KERNEL=="event*", \ SUBSYSTEM=="input", \ SYSFS{manufacturer}=="Logitech", \ SYSFS{product}=="USB Receiver", \ NAME="input/mx1000"in
/etc/udev/rules.d/010_local.rules.
After restartingudevand replugging the mouse, you should see a device named/dev/input/mx1000. -
/etc/X11/xorg.conf:Section "InputDevice" Identifier "MX1000" Driver "evdev" Option "CorePointer" Option "Device" "/dev/input/mx1000" EndSection
-
~/.xbindkeysrc:
(You have to installxbindkeysandxvkbdfor this; I’m startingxbindkeysin~/.gnomerc)# Backward and Forward buttons "xvkbd -text "\[Alt_L]\[Left]"" m:0x10 + b:8 "xvkbd -text "\[Alt_L]\[Right]"" m:0x10 + b:9 # "Cruise Control" disabled: #"xvkbd -text "\[Page_Up]"" # m:0x10 + b:11 #"xvkbd -text "\[Page_Down]"" # m:0x10 + b:12 # "Cruise Control" enabled: # Work-around extra events "~/bin/click 4" m:0x10 + b:11 "~/bin/click 5" m:0x10 + b:12 # Application-Switch button # A-Tab doesn't work # Use it as another Forward for now "xvkbd -text "\[Alt_L]\[Right]"" m:0x10 + b:10
Using the Application-Switch button for switching windows in GNOME doesn’t work because it would require holding down the Alt key while pressing Tab several times, xvkbd can’t do that. I’m using the button as another Forward now, it’s easier to reach than the real Forward button.
Defining actions for the Cruise Control buttons only makes sense when Cruise Control is disabled (you can disable it with lmctl or the Logitech Mouse Applet). If it is disabled, the buttons generate 11 and 12. When it is enabled, they generate a single button 11 or 12 event and then a series of button 4 or 5 events just like scrolling the wheel does.
I have no idea why the mouse generates 11 or 12 before starting normal scrolling in Cruise Control mode. I’m mapping 11 and 12 to a little utility (click by Jeremy Nickurak) which replaces these bogus events with normal scroll events. - At this point the Backward and Forward buttons should work in GNOME, KDE, and Mozilla-based browsers. Horizontal scrolling should work in GNOME and KDE.
Mozilla-based browser like Firefox need two additional changes to get horizontal scrolling working with the tilt wheel: Openabout:configand setmousewheel.horizscroll.withnokey.action = 0 mousewheel.horizscroll.withnokey.sysnumlines = true
January 18th, 2006: The evdev driver in XOrg 6.9 is broken on big-endian machines like powerpc. Here’s a fix.
I’ve released Blackdown’s J2SE 1.4.2-03 for Linux on x86 and AMD64/EM64T yesterday. The release fixes three security issues with the Reflection API (JRE May Allow Untrusted Applet to Elevate Privileges), so make sure you upgrade.
The issue isn’t Blackdown-specific. Sun released an advisory too.
Thanks to Matthias Klose, Debian packages for 1.4.2-03 are available too. Just add something like
deb ftp://ftp.tux.org/java/debian/ sarge non-free
to your /etc/apt/sources.list.
The Release files are signed with the Blackdown Java-Linux Package Signing Key. If you have recent apt version you can use this key to authenticate our Debian packages. Just import the key with apt-key:
$ wget http://www.blackdown.org/java-linux/java2-status/gpg.asc $ apt-key add gpg.asc
The Debian Testing Security Team just announced the beginning of full security support for Debian’s “testing” distribution!
The lack of security support was one of the main problems with “testing”. You had to pull security fixes from “unstable” or even build your own packages to keep it secure.
I hope they have the manpower to keep up with security issues. Debian’s main security team, which only provides updates for the “stable” distribution, had some problems over the last months.
As if the unprofessional handling of WordPress security announcements (see Another WordPress Security Update and More on Security Announcements) wouldn’t be bad enough, the WordPress developers also seem to have problems with organizing releases.
Stefan Esser reports that there are two WordPress 1.5.2 versions. The first one, which didn’t fix the problem it was supposed to fix, was available for download for several hours before it silently was replaced by the fixed second version.
It’s hard to understand why the version number wasn’t bumped for the second release and why the WordPress developers didn’t inform users about the mistake.
The comments from the WordPress crowd are a bit weak in my opinion. If there’s FUD about WordPress’ security it’s the sole fault of the WordPress developers!
Some people seem to misunderstand what I said about the latest WordPress update.
I, myself, am perfectly able to figure out what was broken and how it was fixed. That’s not the point. I was commenting on the handling of security announcements by the WordPress developers.
I expect to get information about security issues from a central, easy-findable place from any project or product that has public exposure and more than a handful of users. (Yes, I expect that from open source projects too. Look around the net to see how good others handle it.)
Expecting your users to gather information about a problem from forums, blogs, foreign sites, or the source code is simply unprofessional.
The often used argument that more specific information only helps hackers is just plain naïve: WordPress is open source, its code and even nicely formatted svn changesets are freely available on the web. Hackers are not stupid, they’ll find the issues.
Note, I’m not saying you should post sample exploits publicly. Just give enough information that administrators can determine whether their systems are vulnerable and how severe the problem is. Again, go around the net and look how other projects handle security announcements.