This should be the infamous diff:
--- openssl-0.9.8c.orig/crypto/rand/md_rand.c
+++ openssl-0.9.8c/crypto/rand/md_rand.c
@@ -271,7 +271,10 @@

...

+/*
+ * Don't add uninitialised data.
MD_Update(&m,buf,j);
+*/

...

+#if 0 /* Don't add uninitialised data. */
MD_Update(&m,buf,j); /* purify complains */
#endif
+#endif

And our comments:
(11:46:34 PM) bonzo: non so se mettermi a ridere o a piangere dai commenti
(11:47:01 PM) bonzo: perchè quel "Don't add uninitialised data." significa che:
(11:47:13 PM) bonzo: 1) il sec team non ha capito una mazza
(11:47:38 PM) bonzo: 2) i dati erano effettivamente randomizzati proprio bene da venir scambiati per roba non inizializzata :)
(11:47:49 PM) Gandalf: LOL

Sorry for the lack of updates: I'm overwhelmed with work, Slackintosh porting (Adrian is enjoying some vacation over in japan and I'm slowly integrating stuff all alone as you can see from the changelogs) and the rest of the real life.
Anyway, here's the good new: I'll be at e-privacy 2008 talking (again!) about Tor on behalf of LUG Piacenza, all this olympic stuff just comes down at the right moment for the talk :-P
And here's the bad one: I'm deadly late for the slides deadline =_=
I've also started taking lessons for contract bridge at one of our bridge circles, I can say I'm really enjoying this game so far (no serious game too, however) and yesterday I finished 10th at the Shadowmoor Magic prerelease tournament, just at the end of the prize zone. Cards are flipping out nicely lately :D

And last, but not least, my girlfriend just gave me a Mozilla Thunderbird pin: I'm the geekiest Mozilla fanboy out there now, thanks Ce! <3

From the man behind linux.it (and GNU whois)
last block:
> Any ideas?
Don't care about IDS, they bring only troubles

gbenson committed his work. go enjoy it :)

WHOIS(1) Debian GNU/Linux WHOIS(1)
ok, this is gross. especially when read on a Slackware 12.0 ;-)

are you surprised?

don't be upset, most of Linux distributions run Marco D'Itri version of whois which has been mainly built on Debian, so the whois.1 man page reflect this.
Ok, Debian's own orig.tar.gz and diff.gz exist on purpose but sometimes developers are just too proud of their own choices about distibutions holy war :D

By the way, even Slackware "bin" package contains some Debian love: this package mainly consist of debianutils and some other programs like fbset, banners and todos/fromdos (and many many more in 11.0, before 12.0 splits). In this case we've a significant difference, though. The run-parts Debian c program has been swapped out in favor of a faster bash script written by Volkerding himself, which I modify for Slackintosh in order to allow the --run-parts option, required for pbbuttonsd daemon.

Interesting, isn't it?
I recall of rumors and announcements of ubuntu heading forward the mobile market, but this is the first time I see a repo folder, sounds like something is moving!

Sometimes I can't resist.
It's simple: my home computer switched from Dapper to Edgy during Edgy beta pre-release month and from Edgy to Feisty during Feisty pre-release month. That's what I enjoy about every linux distribution: you can upgrade your whole system without spending so much time formatting the whole disk and then reinstalling all over again.
Unfortunately going all hype and pre-release is not that simple: there was, there're and there always be bugs and problems affecting the distribution: they're pre-release for a good reason, afterall ;-)
So, this time I decided to forcely wait until official Gutsy release date (btw: two days from today), unfortunately yesterday night I can't resist the pulse and I did the switch to Gutsy: at least this time I entered the release-candidate week :-P
I also spend some times cleaning up the whole system: after month of experiments, I was glad to prune out unneeded software and -dev packages.

Switching to Gutsy release candidate is quite simple, my setup was running main, non-free, universe and multiverse of the four official and community mantained repositories (feisty, feisty-updates, feisty-proposed, feisty-backports) with medibuntu, miro, tor and wine repositories inside sources.list.d. The update-manager (you've to run it with -d switch or wait until official release) did its work very efficiently. Of all the extra repositories I'm now only using medibuntu which is already ready for Gutsy. Wine was dumped for the ubuntu version which is now quite interesting and Tor is waiting for the no-reply packages providing Gutsy support (ubuntu tor is at 0.1.2.17 which is the last good security-aware version, even with upcoming 0.1.2.18 maintenance release). I'm still in doubt about Miro: I haven't really use it, but I like the idea behind the project, so I'll probably keep it, waiting for Gutsy support also.

Upon reboot, however, I had no sound. Digging around launchpad and google was a bit misleading (they suggest you to ./configure && make && make install latest ALSA package O_o), being this bug not sound-card model specific I was really doubtful about the proposed solution, so I take a look at installed packages and I've found two kernel meta-packages: linux-generic (upgraded from feisty) and a new linux-386 one, described as "alternate". The latter was the booted one, so I just installed the metapackages linux and linux-image to keep the system consistent and removed the linux-386 tree. Rebooting with linux-generic made everything work again.

Finally I spent some time configuring the desktop effects: compiz-fusion is really nice, especially the desktop pager during transition, but I'm missing the rotating cube :-P does anyone know how to enable it?
EDIT: "sudo apt-get install compizconfig-settings-manager" it will add an extra "custom" desktop effects setting with the right customize button, the cube is back again :D

And here's my interview :)
English translations will be posted tomorrow.

Storie di Apple interviewed us some months ago. They're publishing today the interview to Adrian, tomorrow will be my turn and wednesday there'll be complete english translations.

I've updated the howto again.
According to this italian Fon Blog entry and the great Hacking La Fonera page, udp:1937 and tcp:1937 ports need to be forwarded in order to allow heartbeat connections (tcp:1937 to download.fon.com was already taken by tor, I've just added udp:1937).

The Instituto Superior Técnico of Universidade Técnica de Lisboa has mirrored us.
It's a pretty damn fast mirror, enjoy!
(not to mention their slackware love, have you seen the machine name? ;-) )

The EFIKA board successfully boots slackintosh, joy!
EDIT: instructions here, thanks a lot Ben Hjelt!

Hi there!
Looks like I was aggregated into www.tuxfeed.it, a really nice site :)
Thanks to il Fornaio for his blog post, I'll post some interesting linux related updates ASAP.

I'm a big tor fan and I've just bought a new la fonera social router so, as I mentioned some posts ago, I'm not going to have this nice social router making direct connections via my ip, that's why I tried hard to "jail" it into tor. Before starting a small note: most of this howto has been taken from the offical wiki instructions on how to transparent proxy via tor, so take a look at that link if you need more informations.

If you're interested and want to reproduce this setup, you need a fonera (obviously!), an extra spare ethernet interface and some software:
+ a working installation of tor. A plain tor client will suffice, however take into consideration the possibility to run at least a middleman tor server (rejecting all connections not directed inside the tor network): the more the overall avalaible bandwidth, the better for every users :)
+ a copy of the dns-proxy-tor perl script, only anonimously avalaible via this hidden service: http://p56soo2ibjkx23xo.onion/
+ iptables firewall for linux, however you can adapt the rules for any other firewalling software

So, here we go! First of all install and configure your second ethernet interface, assuming eth0 is connected to internet (either directly or via a router), add another interface (like eth1) setting it up with a static IP address.
Next configure la fonera with a static ip too, in the same subnet of eth1. Use eth1 ip address as both gateway and dns server for your wifi ap.

Now, setup the dns-proxy: the perl script has no dependency except for perl base system, I wrote a simply /etc/init.d/dns-proxy-tor script to start it at system startup;

#!/bin/sh

DAEMON=/usr/local/sbin/dns-proxy-tor
IP=192.168.1.42
CHROOT=/var/chroots/empty
USER=nobody
GROUP=nogroup
PROXYPID=/var/run/dns-proxy-tor.pid

start() {
	echo -n "Starting dns-proxy-tor: "
	$DAEMON -b $IP:53 -t 127.0.0.1:9051 -s 127.0.0.1:9050 \
	-c $CHROOT -u $USER:$GROUP -p $PROXYPID
}

stop() {
        echo -n "Stopping dns-proxy-tor: "
        pid=`cat $PROXYPID 2>/dev/null` || true

        if test ! -f $PROXYPID -o -z "$pid"; then
                echo "not running (there is no $PROXYPID)."
                exit 0
        fi

	kill -15 $pid &> /dev/null
	rm -f $PROXYPID
	echo "done"
}

restart() {
  stop
  sleep 1
  start
}

case "$1" in
'start')
  start
  ;;
'stop')
  stop
  ;;
'restart')
  restart
  ;;
*)
  echo "usage $0 start|stop|restart"
  ;;
esac

where 192.168.1.1 is your eth1 ip address and /var/chroots/empty is an empty folder used by dns-proxy-tor as chroot jail.

Next, setup tor for listening for clients request, edit your torrc and add those lines:

VirtualAddrNetwork 10.192.0.0/10
TransPort 9040
TransListenAddress 192.168.1.1
#TrackHostExits .fon.com

all of these lines are well documented in the tor documentation, first one is used to instruct tor to accept connections from external address and not only from localhost. Second one defines tor transparent proxying port and third one define on which ip should tor listen for external incoming connections. Last one is optional, setting it will have the effect to route all connections made in the default time lap of 30 minutes to the specified site or domain, via the same exit node, in order to better support some sites which use ip-based authentication. I don't think it's strictly needed as it can turn out to be a real PITA logging onto fon in the unlucky event of receiving a slow exit node.

And now the final part: glueing everything together using iptables. Those are just core rules, feel free to expand them to suite your needs, convention used here call internet connected eth0 as $EXT and fon connected eth1 as $INT, while $TRANS_PORT is tor transparent proxy port, defined early. Again I wrap everything up in a /etc/init.d/firewall script, fell free to suit it to your needs:

#!/bin/sh

IPT="/sbin/iptables"
EXT="eth0"
EXTIP="192.168.0.42"
INT="eth1"
TRANS_PORT="9040"
NTP_SERVERS="ntp.kamino.fr ntp2.altarisoluzione.com ntp2.sandvika.net \
ntp1.tpg.com.au ntp.xland.ru ntp.ourconcord.net ntp0.sjbcom.com \
ntp1.belbone.be ntp2c.mcc.ac.uk time.flygplats.net \
ticker.cis.sac.accd.edu ntp.vik.bg ntp-1.cso.uiuc.edu reva.sixgirls.org \
ntp1.linuxmedialabs.com blade.avnf.com luie.udel.edu"
RADIUS_SERVERS="radius01.fon.com radius02.fon.com"
HEARTBEAT_SERVERS="download.fon.com"

start() {
  echo "Bringing up the firewall"

  echo 1 > /proc/sys/net/ipv4/ip_forward

  # Cleanup
  $IPT -t nat -F
  $IPT -F
  $IPT -P FORWARD DROP

  # Ensure local dns
  $IPT -t nat -A PREROUTING -i $INT -p udp --dport 53 -j REDIRECT --to-ports 53

  # Transparent proxy tcp connections through tor
  $IPT -t nat -A PREROUTING -i $INT -p tcp --syn -j REDIRECT --to-ports $TRANS_PORT

  # Forwarding ntp (udp:123) and radius (udp:1812)
  $IPT -A FORWARD -i $EXT -o $INT -p udp -m state --state ESTABLISHED,RELATED -j ACCEPT

  for DEST in $NTP_SERVERS; do
    $IPT -A FORWARD -i $INT -o $EXT -p udp -d $DEST --dport 123 -j ACCEPT
  done

  for DEST in $RADIUS_SERVERS; do
    $IPT -A FORWARD -i $INT -o $EXT -p udp -d $DEST --dport 1812 -j ACCEPT
  done

  # Forwarding La Fonera heartbeat service (udp:1937, tcp:1937 is proxied)
  #for DEST in $HEARTBEAT_SERVERS; do
  #  $IPT -A FORWARD -i $INT -o $EXT -p udp -d $DEST --dport 1937 -j ACCEPT
  #done

  $IPT -t nat -A POSTROUTING -o $EXT -p udp -j SNAT --to $EXTIP
}

stop() {
  echo "Bringing down the firewall"

  echo 0 > /proc/sys/net/ipv4/ip_forward

  # Cleanup
  $IPT -t nat -F
  $IPT -F
  $IPT -P FORWARD ACCEPT
}

restart() {
  stop
  sleep 1
  start
}

case "$1" in
'start')
  start
  ;;
'stop')
  stop
  ;;
'restart')
  restart
  ;;
*)
  echo "usage $0 start|stop|restart"
  ;;
esac

The ntp and radius servers lists have been taken from the fonera config files.

And that's all! Please consider that this setup doesn't assure you strong anonymity as udp radius connections are still directly natted (not to mention that tor doesn't do udp) however dns requests and tcp connections are routed inside the tor network without further user work.
Unfortunately looks like it's still not possible to use a default configured privoxy, as it breaks the fon.com authentication mechanism. Maybe I could try whitelisting that domain :)

For now, enjoy your transparent torified fonera.

--

Changelog
20080110: Fourth revision, commented out the udp heartbeat service forwarding. It should be tcp only.
20070904: Third revision, added LaFonera heartbeat to forwarded services
20070805: Second revision, some major cleanup and init scripts added
20070716: First revision

Woot! thanks to our president (the guy with firefox shirt) here are: ( the photos! )

Woot! Today it's linux day again! and it's snowing!
This morning we took interesting talks (more news will follow) and right now I'm at the install party, fighting against a toshiba m40x recovery dvd (it doesn't like linux at all :( ) but we've found a way to install ubuntu on it.

open source 1 - toshiba 0
;-)

Read here, an inetersting discussion about my favourite distro.

Ok, I don't remember how I stumble upon DVD Jon wikipedia page, but from there I reached his blog and this post is really amazing as I never read 'till now that WMV9 playback is successfull under linux.