I’m leaving myself some room for bug fixes. It works for us in house. I would love to help others to give it a try. especially those who could benefit from making nearly immediately answered queries to the NIST’s NVD database.

The code in this release cannot by itself track the feed from the feds in real time. The nvd entry loader needs a little bit of love in the area of record merging before this starts working. It’s on my TODO list.

I’m sorry for the outage of git.colliertech.org. I’ll get that back up here shortly. In the meantime, feel free to grab it from this location while the CPAN indexes and processes my submission.

http://www.colliertech.org/federal/NIST/NIST-NVD-1.00.00.tar.bz2

don’t forget to check the cryptographic signature:

…

For a work project, I wrote a library in perl that can be used to query the NVD feed that NIST publishes here:

http://nvd.nist.gov/download.cfm

Here’s a snippit from the perldoc:

use NIST::NVD::Query;
 
# use convert_nvdcve to generate these files from the XML dumps at
# http://nvd.nist.gov/download.cfm
 
my( $path_to_db, $path_to_idx_cpe ) = @ARGV;
 
my $q = NIST::NVD::Query->new( database => $path_to_db,
                               idx_cpe  => $path_to_idx_cpe,
                              );
 
# Given a Common Platform Enumeration urn, returns a list of known
# CVE IDs
 
my $cve_id_list = $q->cve_for_cpe( cpe => 'cpe:/a:zaal:tgt:1.0.6' );
 
my @entry;
 
foreach my $cve_id ( @$cve_id_list ){
 
  # Given a CVE ID, returns a CVE entry
 
  my $entry = $q->cve( cve_id => …

Everybody working on Unix or in the database world stumbles over Oracle Berkeley DB every now and then. DB is an Open Source embedded database used by applications like OpenLDAP or Postfix. Traditionally it followed mostly a key-value access pattern. Now what caught my attention was the fact that the recently released DB 5.0 provides an SQLite-like C API with the promise of providing better concurrency and performance than regular SQLite. Time to give it a shot.

So I grabbed the source distribution, checked the documentation and saw that I shall use the …

Objectional statements on Oracle-Sun-MySQL. How Google uses Linux. And more.

Follow 451 CAOS Links live @caostheory on Twitter and Identi.ca
“Tracking the open source news wires, so you don’t have to.”

Objectional statements
The European Commission communicated its Statement of Objections to Oracle’s proposed acquisition of Sun Microsystems to those involved, prompting Oracle to claim the EC has a profound misunderstanding of database competition and open source, the US DoJ to reiterate its position that Oracle’s acquisition of Sun is unlikely to be anticompetitive and an EC spokesperson to explain that concern over …

The big news to kick off this week was Oracle’s announced acquisition of Sun Microsystems. There is already a lot of discussion of the integration challenges, how Oracle is getting into hardware (or as Matt Asay describes it, having an ‘iPod moment’) and of course, the implications for open source software. What stands out to me is the fact that the world’s biggest proprietary database player — one of few software giants that still sells and supports primarily proprietary software — will own the world’s most popular open source database, MySQL. It is unclear how significantly MySQL figures into the deal, but given Sun spent $1b acquiring it and further invested in its enterprise readiness and use, …

Back in October last year a corporate accountability group called As You Sow attempted to persuade Oracle to detail its commitment to open source by publishing an Open Source Social Responsibility Report.

Oracle resisted the proposal but did promise to share more details on its use of open source in the next version of its Oracle’s Commitment social responsibility report. I just noticed that the renamed Oracle Corporate Citizenship Report (Pdf) was recently published (in late November as far as I can make out) and does indeed include a section on Oracle’s commitment to open source.

In the section “Open Source and Accessibility” Oracle notes that …