I think we made the right decision intervening in 2001 to try and get rid of the Taliban. The Taliban has been a horrible theocratic government which has a history of hideously oppressing women, and based on the fact Afghanistan 25 years before our 2001 invasion was a free country adopting western values, it was reasonable to think we could do that again.
Additionally, the government in Afghanistan was supporting a militant group who flew planes in to buildings, causing massive destruction and the deaths of thousands of Americans. So we needed a toe hold in Afghanistan to ensure that those kinds of attacks would not happen again. Once we eliminated the mastermind of that 9/11 attack, that is when we should had left Afghanistan. Nation building works a lot better when the nation in question has had a long history of being a free and prosperous nation (e.g. Germany and Japan).
MaraDNS 3.5.0021 is a security update for MaraDNS. This issue only affects the relatively new coLunacyDNS server (and actually may not affect it); it does not affect MaraDNS and it does not affect Deadwood. The coLunacyDNS server is a separate server from MaraDNS that uses Lua for its configuration; the majority of MaraDNS users are not using this relatively new program, and there is no way to use coLunacyDNS just by using the MaraDNS authoritative or Deadwood recursive services.
In other words, unless you know that you are using coLunacyDNS, this security issue does not affect you.
I looked at the CVE database to see if there were any security issues with my fork of Lua (named “Lunacy”) that I use in coLunacyDNS; after some research, I determined that only one issue affects the version of Luancy in question. So, I applied a one-line patch to fix that issue, then made new releases of Lunacy and MaraDNS to update the relevant code.
As it turns out, the Lunacy code is compiled such that the exploit scripts which are supposed to crash the unpatched Lua code actually do not crash Lunacy. So, there is a significant chance this security issue could never be exploited. But since this issue does have a CVE number, and since there is a patch to fix the issue, I have made the update.
Download MaraDNS 3.5.0021 here:
Comments for blog entries can be seen in the forum.