|
Ted's Radio Weblog
 |
Wednesday, November 30, 2005 |
Computerworld News: "Attackers targeting unpatched IE bug, Microsoft warns. Microsoft today warned that attackers could exploit a critical unpatched bug in Internet Explorer, first reported in May, and take over a user's computer."
"Microsoft Corp. is warning Internet Explorer users to be careful where they browse because attackers are now targeting a critical unpatched bug in the software. If successful, these attackers could possibly use this bug to seize control of a user's system, the company said."
"Be careful?" With clever phishing schemes, unicode obfuscation of URIs, DNS poisoning and adware injection, it's not possible to "be careful." Just don't use IE.
7:00:04 PM 
|
|
[SANS Internet Storm Center, InfoCON: green] notes "Published: 2005-11-30,
Last Updated: 2005-11-30 01:45:17 UTC by Bojan Zdrnja (Version: 1) Apple has released a new Security Update, 2005-009. A number of products have been patched, including Apache2, apache_mod_ssl, CoreFoundation, curl, iodbcadmintool, OpenSSL, passwordserver, Safari, sudo and syslog. Security Update 2005-009 may be obtained from the Software Update pane in System Preferences, or from Apple's Software Downloads web site: http://www.apple.com/support/downloads/."
Get patching!
11:52:01 AM
|
|
Bill McGonigle posts: "The next regular monthly meeting of the DLSLUG will be held: Thursday, December 1st, 7-9 PM at:Dartmouth College, Carson Hall Room L01. All are welcome, free of charge." Bill Stearns will present LVM - Logical Volume Management.
"Bill Stearns has trained folks on LVM professionally for a nationally-renowned training organization and packages some LVM utilities. He'll give us the 1.5-hour overview version of what LVM is and how to make it work."
I noted on a recent install that Fedora Core 4 uses LVM by default. This is a session well worth attending. Bill's a great presenter and I've never failed to pick up some new tips.
10:16:53 AM
|
|
|
Tuesday, November 29, 2005 |
InfoWorld: Top News reports Mozilla releases Firefox 1.5 on schedule. (InfoWorld) - "The wait is over for the Firefox faithful, as the Mozilla Foundation released the new version of the browser as planned Tuesday."
The 1.5 release improves performance, smoother updating, support for SVG, JavaScript 1.6, better security and pop-up blocking. I've been working with the release candidates and FireFox looks solid and reliable. Check it out!
8:43:39 PM
|
|
Please note the change in location: we will be meeting in Little Hall Room 230, a lab with computers. On the NHTI map located at http://www.nhti.edu/welcome/nhtimap.pdf (warning: 1 Mb+ PDF), the building is marked "K"
The monthly meeting of CentraLUG, the Concord/Central New Hampshire chapter of the Greater New Hampshire Linux Users Group, occurs on the first Monday of each month on the New Hampshire Institute Campus starting at 7 PM. Open to the public. Free admission. Tell your friends.
This month's meeting will feature James Fogg discussing Windows-Linux interoperability. James Fogg is a principal with JDFogg Technology Consulting, where he is a network engineer specializing in delivering IT, Telecommunications and Computer Services, Systems, Sales and Consulting to the Fortune 500.
Many companies now operate mixed environments and managers expect their technical staff to be able to "make it work." James will provide some ideas on how to do it. He'll be covering interoperability methods between Microsoft Windows products and Linux/Unix systems. File Sharing, Application Sharing, network Services (DNS, DHCP, NTP, etc.), Mail and Printing. Also included will be the basics of Linux, Unix and Active Directory authentication, authorization and auditing.
I was pleased to learn that in the most recent editions of Microsoft's Services for Unix, Microsoft is including an NFS client. SFU is a downloadable component for the currently supported versions of Windows and Microsoft has committed to including some of the functionality future OS releases. Interoperability is Good. SFU is one of several things James plans to cover.
Hope to see you there!
10:06:31 AM
|
|
|
Tuesday, November 22, 2005 |
Computerworld News and eWeek point to an interesting SANS report. Computerworld: "SANS: Cyberattackers found green fields in 2005. After years of writing viruses and worms for operating systems and Internet server software, hackers found new areas to target in 2005, according to a report on security trends released today."
It's interesting to see malicious crackers moving "up the stack." One encouraging aspect is that network stacks are becoming more resistant to attack. However, applications are reaching further down into the stack, with user-space apps poking at ports and taking on more risky behaviors. We want to avoid repeating the mistakes of the past...
7:16:30 PM
|
|
Ken "Caesar" Fisher over at Ars Technica reports "Xbox 360: shortages no joke. Today I ventured out into the wilderness of North Boston to gauge Xbox mania. Initial reports on the ground paint a pretty grim picture for pre-Christmas Xbox shipments."
There's two possible explanations. Many, many, many rumor-mongers insist that Microsoft is staging this shortage, coordinating press releases with the stores, to announce a record sell-out on the opening day and start a panic that Junior won't get his new machine for Christmas. The other is that Microsoft is incapable of planning around all the challenges of shipping a product on time. Which seems more likely?
5:21:02 PM
|
|
Over at Scripting News, Dave Winer posts Sharing at so many levels!. "Microsoft has unveiled a new proposal called SSE, which stands for Simple Sharing Extensions for RSS and OPML. "... "Now, in 2005, almost ten years later, we may be grown-up enough to actually work this way."
Tigers and their stripes. I'm skeptical, of course. There's only so many times you can have formats and features embraced, enhanced, extended and extinguished (E^4) before you look at a gift from Microsoft very carefully. On the plus side, though, the spec is released under a Creative Commons license. Interesting.
3:04:45 PM
|
|
InfoWorld: Top News reports "Update: Microsoft to open Office document format. (InfoWorld) - Microsoft on Monday said it will offer its Word, Excel, and PowerPoint document formats as open standards, a move that could spark a war with technology rivals over standard document formats."
Interesting. I wonder if ISO standardization will really change the basic positioning. Will use of Microsoft's mis-named "Open XML" be free from RAND licensing fees, patent encumberances, or the onerous licensing terms that made it inaccessible from GPL software?
1:11:30 PM
|
|
|
Monday, November 21, 2005 |
InfoWorld: Top News: Hackers publish code for critical IE bug. InfoWorld) - Security experts are warning Internet users to be careful where they click, thanks to a nasty unpatched bug in the way Microsoft Corp.'s Internet Explorer browser handles the JavaScript computer language. The bug is of particular concern because security researchers in the U.K. have now published "proof of concept" code showing how hackers could exploit the problem and possibly take over a Windows system.By Robert_McMillan@idg.com (Robert McMillan).
Just to review: never browse with an untrustworthy browser.
UPDATE: Details at the Internet Storm Center, raising their InfoCon level from green to yellow. ISC is labeling it a zero-day exploit. It's certainly the potential for one.
4:13:47 PM
|
|
|
Sunday, November 20, 2005 |
Cringely, on the other hand, posting at I, Cringely @ PBS.org, posits a different future, with a Google brand internet-on-top-of-the-internet emulating a disturbing model: "Sam Walton Taught Google More About How to Dominate the Internet Than Microsoft Ever Did" Time will tell.
5:48:47 PM
|
|
Over at Scripting News, Dave Winer points to Adam Green's blog. Yes, dBASE fans, that Adam Green, Check out Adam's blog and bio link for an update on what he's been up to. Dave says "Adam Green says that 2006 is the year the web will explode. Interesting theory, hope it's not true, because when Google tries to host my content, how much you want to bet they'll also change what I say by adding links to things they like (for example ads) and removing unnecssary links (for example, the ones I put there). And maybe if I write a post that talks about Eric Schmidt's hometown (I think it's Atherton) that somehow magically that post won't appear. Or, perhaps my site won't be included at all, by some mysterious algorithm (like Google News) not deemed worthy of inclusion. Hey it's just one guy writing it, after all. This would be a very bad development, so bad it should be made illegal, quickly, before they actually do it."
5:40:57 PM
|
|
Slashdot post: Laser Etching a Laptop. ptorrone writes "I didn't really plan using a $20,000 laser cutter on my 17" Powerbook to etch a 19th-century engraving of a tarsier, a nocturnal mammal related to the lemur (also the vi book cover), but it seemed like it had to done. The results are stunning..."
Very cool hack. Personalizing a PowerBook like this makes it a lot easier to identify, too...
5:14:36 PM
|
|
|
Wednesday, November 16, 2005 |
OSNews posts an exclusive article, *Why Browsers Should Be Able to Display OpenDocument*. "OpenDocument got a lot of publicity lately. StarOffice 8 and OpenOffice.org 2.0 finally arrived, and all the other makers of office suites (with the notable exception of Microsoft) have started implementing the new standard into their programs. Massachusetts recently decided to use OpenDocument as the standard file format, effectively locking out MS Office as soon as January 1st, 2007. Other countries are on their way to do the same. Also, OpenDocument recently got submitted to become an ISO standard."
An interesting tidbit I picked up from the article: you can view OpenDocument files in FireFox! If you have both FireFox and OpenOffice.org 2 installed on your machine, start OpenOffice.org and navigate the usual menu/dialog/treeview to Tools | Options, Internet, Mozilla Plug-In, and check the Enable checkbox. Shut down and restart Firefox. Now, you can open OpenDocument documents for viewing in the browser! A toolbar appears that allows editing (opening the doc in OpenOffice.org), direct printing, direct export to PDF, searching and more. Pretty cool stuff.
5:32:36 PM
|
|
Doc's at it again. Years ago, he pointed out that the ClueTrain was leaving the station, this time he posts a call to arms in Saving the Net. Required Reading.
Saving the Net from the pipeholders. I've spent much of the last two weeks writing an essay that just went up at Linux Journal: Saving the Net: How to Keep the Carriers from Flushing the Net Down the Tubes. It's probably the longest post I've ever put up on the Web. It's certainly the most important. And not just to me. I started writing it after a recent surprise visit by David Isenberg to Santa Barbara. He's the one who got me [~] and, I hope, us [~] going. I finished writing it yesterday after David Berlind published three excellent pieces, which I highly recommend reading, and acting upon. For guidance during the rest of this thing (whether they knew it or not), I also want to thank David Weinberger, Dave Winer, Steve Gillmor, Kevin Werbach, Cory Doctorow, Don Marti, Richard M. Stallman, Eric S. Raymond, Susan Crawford, Larry Lessig, John Palfrey, Chris Nolan, Jeff Jarvis, Craig Burton, Andrew Sullivan, Dean Landsman, Matt Welch, George Lakoff, Om Malik, J.D. Lasica, Virginia Postrel, Esther Dyson, Micah Sifry, John Perry Barlow, The EFF, the Berkman Center, the Personal Democracy Forum and others I'm overlooking but will fill in later when I have the time. [The Doc Searls Weblog]
3:35:33 PM
|
|
Andrew MacNeill - AKSEL Solutions posts "Just saw this over on zdNet but then wanted to try it out.
I think David may be right when he talks about the potential of what this could do.
Wikis aren't just for group blogging or information - now you've got a live application for it as well."
Wikis are a great way for collaborative effort at building up knowledge online. Witness the mother-of-all wikis at WikiPedia. But each of the hundreds of wiki software packages out there has its own markup language, or worse, no language at all. With Dan Bricklin's WikiCalc, we have a demonstration of a rich client app that can lock, read, edit and write formatted material and then publish it to a web site. The software is at version zero-point-one alpha stage, but the concepts are cool. Check it out.
10:57:55 AM
|
|
The ever calm, fair and balanced Slashdot reports Google Base Launches. An anonymous reader writes "As announced on the Google Blog, Google Base has finally launched. According to Google, Google Base enables content owners to easily make their information searchable online. Anyone, from large companies to website owners and individuals, can use it to submit their content in the form of data items. We'll host the items and make them searchable for free."
10:34:38 AM
|
|
|
Sunday, November 13, 2005 |
Daring Fireball posts a brief review of the 15-inch Powerbook: "I have, for several years, subscribed to the theory that those who are mostly desk-bound should buy the cheapest laptop they can get by with and the most expensive desktop system they can afford... As of two weeks ago, I officially unsubscribed from this theory,..."
5:28:15 PM
|
|
|
Friday, November 11, 2005 |
A few months ago, I was chatting with a buddy about my military service. Out of the blue, "Thanks," he said. "Thanks for serving." I'd never heard it put so well. Thank a veteran today.
3:17:33 PM
|
|
Scripting News points out "Press release announces new NPR podcasts." Way cool! There's enough online content now that you can mix their streaming headlines with their podcasts and create your own lineup!
3:11:23 PM
|
|
|
Thursday, November 10, 2005 |
Listening to the Gilmor Gang podcast yesterday (great discussions on Windows Live, conversation with Robert Scoble, and Doc Searls nails it once again), one of the panelists mentioned Eric Von Hippel's work on "user-driven innovation" that had been featured in a podcast of Michael Tiemann's presentation at the last MySQL conference. Michael also mentions Von Hippel's work and his HBR article (May 2002, if memory serves) in his presentation on "The Open Source Triple Play."
It's a vast simplification to summarize Von Hippel's work as "give the users the tools and they will solve the problem" but much of the work on Von Hippel's site (including video tutorials, two books under the Creative Commons license, and articles - bravo!) points towards that theme. Well worth a look.
FoxPro developers can recognize similar patterns in our ability to embed tools such as Stonefield Query and FireFox! inside our applications, allowing the users to develop the complex reports that lets them run their business and extend the reach of the application. Gilmor Gang members were speaking more of Web Services and AJAX and extending services such as Google Search, Maps, Yahoo! and Microsoft offerings. The scale changes when you move from offering tools in a proprietary application to exposing these tools to the entire World-Wide Web.
Provide users with easy-to-use tools and they will build the solutions they need. Isn't that what fired up the PC Revolution in the 80s? Isn't that what real innovation has always been about?
"Man is a tool-using Animal. Nowhere do you find him without tools;
without tools he is nothing, with tools he is all." -- Thomas Carlyle
"A small group of thoughtful people could change the world. Indeed,
it's the only thing that ever has." -- Margaret Mead
Exciting times.
9:46:18 AM
|
|
|
Wednesday, November 9, 2005 |
John Batelle posts Gates, Microsoft Ponder the Future of ... Microsoft with great links to a recent Bill Gates memo on Web 2.0 and a related CNet article. John's reaction: "Microsoft truly does face the second coming of the Web, and this time it's not conveniently packaged as one killable company a la Netscape (Google notwithstanding)."
8:09:45 PM
|
|
|
Tuesday, November 8, 2005 |
Ten-time Microsoft MVP Ed Leafe and Fox/Wine/Python guru Paul McNett have been working on a Free (price and license) framework in Python to create data-intensive rich client applications that will run on all major platforms (thanks to Python) and support all major databases.
On his ProFox mailing list, Ed Leafe announces Dabo reaches another milestone:
If you had to give one reason why Fox rocks, what would it be? The UI and reporting tools are good, but there are other products out there that do those things as well or better. The language is OO and can be quite elegant, but it is also procedural and can be quite ugly. And DBFs are not exactly the ultimate data store around.
No, if I had to name the killer feature, it would be this: an internal data engine. With this, you can do things that other languages simply cannot. You can pull a data set from SQL Server or Postgres, and then manipulate that data quickly and powerfully, using Fox's SQL engine as well as its Xbase commands. You can select a subset from that cursor, and then join that subset to another cursor. All in Fox, and all natively.
This was the piece that Dabo lacked, and that I felt would take it from a second-rate data framework to a first-class product. Well, I'm thrilled to announce that Dabo now has such an internal data engine! Data in Dabo is held in objects called DataSets, but which are very much like Fox cursors. These DataSet objects now understand SQL, allowing you to send it any valid SQL statement and get back the results in another DataSet object.
http://dabodev.com/wiki/DataSet
Congratulations, Ed! This is a really exciting step! Fox Rocks because it has a rich development environment, a powerful means of iterative development using the command window, and a very capable local data engine for cursor manipulation. With the integration of SQLite (via pySQLite) into the data layer, Dabo developers can still use the backend data of their choice and have a powerful local engine for manipulation, the best of both worlds.
1:18:24 PM
|
|
OSNews links to an Apple Insider article that can't have been well thought through: Over 1 Million Windows to Mac Converts So Far in 2005?. "The momentum generated by Apple's iPod digital music players and related products continues to translate into new Macintosh sales according to one Wall Street analyst who estimates that over one million Windows users have purchased a Mac in the first three quarters of 2005."
Great news! I'm a switcher, though in 2004. But, digging into the article,
"If we assume that all of the growth in Mac shipments during the past three quarters resulted from Windows users purchasing a Mac, then purchases by Windows users exceeded one million," the analyst said.
Well, that's silly. No current Mac user bought a new Mac in the past three quarters? If so, Apple is doomed. Apple users often keep their machines running for years, as they don't have the rapid decline-to-obsolesence of WinTel boxes, but I'd guesstimate a 4-year-lifecycle on average and so a rough estimate of 20% of sales to current Apple users still yields a respectable 800,000 switchers this year and projects around a million by the end of the calendar year. There are lies, damned lies and statistics. Let's leave the exaggeration to the other guys.
9:35:23 AM
|
|
|
Monday, November 7, 2005 |
What a great meeting last week! Forty-three attendees made this the most attended Greater New Hampshire Linux User Groupquarterly meeting of the year.
Thanks to Doug McIlroy for a fascinating presentation on his memories of growing up with the computer industry. Doug ran the department at Bell Labs where Kernighan and Ritchie came up with C, studied at MIT with WhirlWind, and had many fascinating adventures along the way. Doug put on a great show featuring significant and memorable milestones and wonderful anecdotes. Several people took notes, audio and video recordings. We hope to see something on the Dartmouth - Lake Sunapee LUG site soon!
Thanks also to Bill McGonigle for arranging and emceeing the meeting. Bill started with the usual announcements about the group, thanking PTR/Addison Wesley for providing some books to raffle as well as paying for the delicious refreshments. Bill had been contacted by a survey firm claiming to be looking for cases of Linux cost of ownership situations other than those that have been popularly reported. Bill expressed some scepticism on the legitimacy of this information and asked to contact him if you want to look into it. A raffle after Doug's presentation gave away a couple of Addison-Wesley books and some RedHat promotional DVDs.
Bill Stearns announced the results of the project to bring some networking gear to Pass Christian schools following Hurricane Katrina's destruction of their schools, and pointed to a link with pictures. Great job, Bill!
At the end, I spoke for a few minutes on the on-going effort to gather feedback for the development of by-laws and the registration of GNHLUG as a non-profit organization. Reception was generally positive. Several attendees offered to send along by-laws for their organizations, so we can examine what others have done.
Finally, we announced the next quarterly meeting. We'll be joining with the New Hampshire Chapters of the ACM and IEEE for a presentation by Rik van Riel showing off spamikaze, an automated spam block system. The meeting will take place at Robert Frost Hall in the Walker Auditorium at Southern New Hampshire University. Note the unusual time: the main presentation is 5 Pm to 6 Pm, to allow evening graduate school students to attend. Hope to see you there! Thanks to all who attended!
11:52:00 AM
|
|
|
Friday, November 4, 2005 |
|
Thursday, November 3, 2005 |
It would be funnier if it were not so painfully true: Working for Dilbert's boss.
The problem springs up all of the time, when a well-meaning good-faith estimate of the level of work is taken as the opening gambit of a one-sided negotiation.
12:57:40 PM
|
|
Last night, I booted my Windows XP notebook after it spent the day traveling in its padded bag - never touched, dropped, struck by lightening, etc. I had left a CD in the tray and it may have tried to boot from that -- oops. Removing the disk and rebooting resulted in "NTFS.SYS is missing or corrupted." Since the machine didn't come with a rescue CD, I used Knoppix to boot the machine to examine the partition. Looking through the partition, the C:WINDOWSsystem32drivers directory is empty. That's pretty unlikely a failure on Windows part - WinXP usually keeps several of these files open, and "Windows File Protection" prevents their deletion. Ran fine until I shut it down yesterday morning. Running S.M.A.R.T. utilities shows no errors on the drive. Running SpinRite right now to confirm there's not a drive problem, then I'll be restoring from a Ghost backup.
Reminder: don't leave your computer configured to boot from devices you don't want to boot from! UPDATE: Scanned the disk on a trustworthy computer with an up-to-date NAV, and it indicates no malware. Curiouser and curioser...
11:34:42 AM
|
|
|
Wednesday, November 2, 2005 |
It seems Microsoft was a day late with their Halloween horror story called Microsoft Live! and Microsoft Office Live! Whether these are truly "a Microsoft bet" (boy, is that line getting tired) or just a tired rebranding of next-gen Hotmail, MSN and bCentral services to respond to all the good press Google, Yahoo! and other rich AJAX apps are getting remains to be seen.
Dave Winer attended and called it "the worst demo ever." Mini-Microsoft links to dozens of links. Mary Jo Foley has thorough coverage. Dan Farber questions what's live - that it's on the web? Niall Kennedy has some intriguing photographs.
Maybe Microsoft Live 3.0 will be better...
5:28:25 PM
|
|
|
Tuesday, November 1, 2005 |
Yet another reason to avoid Digital Restriction Management: SysInternals is reporting that certain Sony music CDs install rootkits and that removing the rootkit disables the ability to play music CDs on your (Windows) computer.
These feeble restrictions surely won't deter any serious piracy of the music, but only infringe on the abilities of consumers to rip their favorite music to their own music players.
Thanks to Ed Leafe of the ProFox mailing list for the pointer.
12:07:58 PM
|
|
The SANS Internet Storm Center notes that Apple has issued their monthly security update, a whopping 97 megabytes that, according the the Apple site, includes:
- AFP, SMB/CIFS, NFS and FTP network and file services
- AirPort and Bluetooth wireless access
- Core Graphics, Core Audio, Core Image, and RAW camera support
- disc recording when creating and burning media
- .Mac sync services
- Spotlight indexing and searching
- Dashboard widgets: Dictionary, Flight Tracker, Stickies, and Unit Converter
- Address Book, AppleScript, Automator, Dictionary, Font Book, iCal, iSync, Mail, and Safari applications
- Disk Utility, Keychain Access, Migration Assistant, and Software Update
- compatibility with third party applications and devices
- previous standalone security updates
Get patching!
11:15:21 AM
|
|
|
