Courtesy of this stackoverflow answer (and that via http://bloggernitin.blogspot.com/2007/12/regex-for-doesnt-contain.html), how to match for string not containing another string:

^((?!my string).)*$

DigiNotar issued a fraudulent certificate for Google, probably to Iran. Rumours that it could be more than Google – effectively they are toast as trusted authority I would think. Discussion:

• Google follow-up
• Hacker News original comments
• Hacker News follow-up comments

Something similar happened with Comodo a few months back. Probably browser vendors and operating systems will soon remove DigiNotar’s trusted root certificate. In the meantime there is a “How do we remove these?” discussion on Hacker News. To summarise:

I prefer to disable rather than remove in case policy changes or more details emerge. I am not an expert, please point out any problems if you read this.

Browser level

• Chrome

  1. Check for updates

  Chrome mitigates the attack by using certificate pinning (not a total solution, but helps here), and manages certificates using whatever the operating system provides.

• Firefox

  1. remove the certificate
  2. • Linux
       • Edit->Preferences
     • Windows
       • Firefox->Options
  3. Advanced->Security->View Certificates->Authorities
  4. Find DigiNotar
  5. 1. Probably you can just click Edit Trust and deselect everything, but…
     2. because there was an implication that distrust was different to unticking everything, I used both this and the “Delete or Distrust” button.
  6. Check for updates.

• Internet Explorer

  1. Tools->Internet Options->Content->Certificates->Trusted Root Certification Authorities
  2. Find DigiNotar
  3. Advanced->Untick everything
  4. Check for updates

• Safari

  1. check for updates

  Uses the operating system-provided method.

Operating System level

• Windows (XP, not sure about others)

  1. Start->Run->certmgr.msc
  2. Trusted Root Certification Authorities->Certificates->Right-click DigiNotar->Properties
  3. Use “Disable all purposes for this certificate”

• Mac OS X

  1. Run Keychain Access
  2. Use the padlock in the upper left to unlock the system keychain with an admin account
  3. select System Roots from the list of available Keychains in the upper left
  4. Find and select DigiNotar Root CA
  5. Get info (Command-I or hit the “i” in the bottom area of this window)
  6. Open the Trust section
  7. For “When using this certificate” select Never Trust.

• Linux

  • Maybe using certutil, which probably needs installing:
  • Maybe using update-ca-certificates
  • Maybe hand-edit /etc/pki/ files

  Not clear to me.

  • Check for updates

• Blackberry

  1. Options->Security Options->Advanced Security Options->Certificates
  2. Look for DigiNotar (not there for me)
  3. Option button->Distrust

• iPad/iPhone

  ?? check for updates?

It’s probably easier just to install the (up-to-date) package from Ubuntu. To get it to work with pip, you need to install (for me) these packages:

sudo aptitude install libmikmod2 libportmidi0 libportmidi-dev libsdl1.2-dev libsdl-image1.2 libsdl-image1.2-dev libsdl-mixer1.2 libsdl-mixer1.2-dev libsdl-ttf2.0-0 libsdl-ttf2.0-dev libsmpeg0 libsmpeg-dev libv4l-dev python-dev

Make pygame-pip.diff look like this patch:

diff -ur pygame-1.9.1release/config_unix.py pygame-1.9.1release-patched/config_unix.py
--- pygame-1.9.1release/config_unix.py  2011-07-03 21:34:58.291201138 +0200
+++ pygame-1.9.1release-patched/config_unix.py  2011-07-03 21:49:20.035474295 +0200
@@ -17,7 +17,7 @@
 #these get prefixes with '/usr' and '/usr/local' or the $LOCALBASE
 origincdirs = ['/include', '/include/SDL', '/include/SDL',
                '/include/smpeg' ]
-origlibdirs = ['/lib','/lib64','/X11R6/lib']
+origlibdirs = ['/lib','/lib64','/X11R6/lib','/lib/i386-linux-gnu']

 def confirm(message):
     "ask a yes/no question, return result"
Only in pygame-1.9.1release-patched: config_unix.py~
diff -ur pygame-1.9.1release/src/camera.h pygame-1.9.1release-patched/src/camera.h
--- pygame-1.9.1release/src/camera.h    2011-07-03 21:34:58.291201138 +0200
+++ pygame-1.9.1release-patched/src/camera.h    2011-07-03 21:02:01.453398517 +0200
@@ -39,7 +39,7 @@

     #include           /* for videodev2.h */

-    #include 
+    #include 
     #include 
 #endif

Then download, patch and install:

wget http://www.pygame.org/ftp/pygame-1.9.1release.tar.gz
tar -zxf pygame-1.9.1release.tar.gz
patch -p0 < pygame-pip.diff
pip install pygame-1.9.1release.tar.gz/ # note slash is important

Several places suggest that NumPy is required too, but I didn’t need it (yet).

This is on Ubuntu, designed to get the basics installed system-wide and ready to use in virtualenvs, with minimum mess left behind:

# modern distributions already have (old) pip, use the first two lines if you don't
# sudo aptitude install python-setuptools
# sudo easy_install pip
pip install -U --user pip virtualenv virtualenvwrapper ipython ipdb
# optional
pip completion --bash >> ~/.bash_completion

Also, add the following lines to .bashrc:

source ~/.local/bin/virtualenvwrapper.sh
export PROJECT_HOME=~/dev
export PATH=~/.local/bin:$PATH

Then you can use pip,  mkproject and workon etc. conveniently. I think there may still be an issue with ipython inside virtualenvs, but I’ll get to that when I encounter it (again).

EDIT: virtualenvwrapper.project has been merged into virtualenvwrapper so installing it now causes conflicts. Removed from the list.

EDIT: PIP_RESPECT_VIRTUALENV is removed since pip 1.1 because pip is installed in every virtualenv.

EDIT: tidy up commands for more recent distributions.

• Download, unpack run python setup.py install (may need to be reinstalled if Python is upgraded)
• May need to copy the *-dist files to non-dist suffixed ones as per README.txt, and likely change the paths of the lock file (to the Debian one for Cygwin) and the sshd log file (/var/log/sshd.log for me on Cygwin).
• May need to rebase Cygwin libraries
• Enter registry keys for the service (and sshd) to be able to create Custom Views in Event Viewer (creates event source, executable still lacks the messages though).
• cygrunsrv -I denyhosts -p /usr/share/denyhosts/daemon-control -a start -d "CYGWIN denyhosts" -f "Blocks IP addresses that attempt to brute-force SSH logins." -y sshd -x /var/run/denyhosts -o
• If not running, check no old PID file and examine /var/log/denyhosts*
• Having another Python in the path (e.g. ActiveState) appears to cause problems with Unix-style paths.