|
Ted's Radio Weblog
 |
Tuesday, January 31, 2006 |
InfoWorld: Top News reports Microsoft warns of file-trashing worm. (InfoWorld) - "Microsoft has published a security advisory warning Windows users of a file-trashing worm that has been circulating via e-mail for several weeks. The worm, which is programmed to destroy a wide variety of files on the third day of every month, has been circulating since mid-January, and is estimated to have infected between 250,000 and 300,000 systems worldwide."
Almost missed the monthly warning: DO NOT open files or click links from untrusted sources. THERE ARE NO TRUSTED SOURCES. Verify the sender really sent you the file. Scan it with a virus checker. Don't use it if you don't trust it.
8:50:10 PM 
|
|
"Credit and bank card numbers of many as 240,000 Boston Globe and Worcester Telegram & Gazette subscribers were inadvertently distributed with bundles of T&G newspapers on Sunday, officials of the newspapers said today."
Follow the link to read how clever they were...
8:01:32 PM
|
|
Over at Resigned to the Bittersweet Truth, Bill McGonigle posts Call To Action - Upgrading. "I spoke to Tim Burke, Director Emerging Technologies (including the Linux kernel and Fedora) at RedHat about the state of upgrading this past Tuesday at the GNHLUG meeting in Manchester..."
"So, I issue a challenge to all package maintainers out there who have their projects integrated into distributions like Fedora - give upgrades a chance."
It's a tough challenge, but a necessary one. Upgrading is inevitable, and the costs of updating/upgrading are becoming an increasingly important factor in calculating the total costs of owning a system.
11:14:09 AM
|
|
|
Saturday, January 28, 2006 |
Joho the Blog blogs Isenseuss. Here's the talk David Isenberg gave at O'Reill eTel. It is, rather amazingly, a disquisition about freedom to connect, done in the style of dr. Seuss.' ..."
Here's the first stanza, to encourage you to read on...
When Ed Whitacre, the head of AT&T, says,
"They're not going to use my pipes for free"
he's not talking about Them, he's talking about Me.
He's talking about Us, it should be plain to see.
11:38:05 AM
|
|
|
Thursday, January 26, 2006 |
Slashdot post: A Statistical Review of 1 Billion Web Pages. chrisd writes "As part of a recent examination of the most popular html authoring techniques, my colleague Ian Hickson parsed through a billion web pages from the Google repository to find out what are the most popular class names, elements, attributes, and related metadata. We decided that to publish this would be of significant utility to developers. It's also a fascinating look into how people create web pages. For instance one thing that surprised me was that the < title > is more popular than ..." "The graphs in the report require a browser with SVG and CSS support (like Firefox 1.5!). Enjoy!"
The study by Google has some interesting conclusions, like this one from the page on the body tag:
One conclusion one can draw from the spread of attributes used on the body element is that authors don't care about what the specifications say. Of these top twenty attributes, nine are completely invalid, and five have been deprecated for nearly eight years, half the lifetime of the Web so far.
Where does all this bad code come from? Are individual authors writing junk in Notepad and vim, or are large commercial sites using bad HTML, augmented with lots of Javascript and CSS tricks to try to render some cross-browser effect they can't do through the standards? A few answers are on their page on Editors, but this is mostly a survey that indicates there's need for more study.
9:19:27 AM
|
|
|
Tuesday, January 24, 2006 |
|
Saturday, January 21, 2006 |
New Hampshire House Representatives Sam A. Cataldo and Roy D. Maxfield have sponsored a bill to establish a study committee to determine if state agencies should have to consider Open Source alternatives when obtaining software. Should choice be mandatory? I think so. No business case should be presented claiming that alternatives have been considered if they haven't.
9:15:55 AM
|
|
|
Friday, January 20, 2006 |
|
Thursday, January 19, 2006 |
Now here's a silly headline: OSNews purports that Linux Users May Be Violating Sarbanes-Oxley. A brief read of the article will tell you that a corporation is likely violating its obligations to its shareholders if it is failing to audit, track, monitor and closely examine the copyright, license and patent requirements of ALL of the products they use. There may be just as much liability from the shareware, freeware, postcardware and every-ware installed willy-nilly inside a company. Developers, consultants, IT personnel and users are notorious for bringing in a little utility from home on floppy, USB tab or download and spreading it around the office. It may be that the Fortune 500 is liable for thousands of postcards for EditPad as well.
The solution is to follow the law, even one as obnoxious as SOX (and complain to your legislator if this is burdensome), with an audit and a compliance plan. The inflamatory headline that "Linux users are bringing chaos to the world" is just insulting. Any company using software needs to do their best to ensure they are not violating copyright, patents or licenses. No news here, move along.
12:08:00 PM
|
|
|
Wednesday, January 18, 2006 |
Cool at the MacBook is, Bill says he'll be waiting a while before he buys his: Free Software for Intel-based Macs. "I've been considering getting a new MacBook Pro - the specs are very nice, it's a real desktop replacement, and even though there are some weird things like a slower DVD drive and a lower-res screen it would be a good computer... But there's one thing that's ruled it out..."
[Resigned to the Bittersweet Truth]
7:27:00 PM
|
|
|
Tuesday, January 17, 2006 |
|
Monday, January 16, 2006 |
New mac patches today: my iMac greeted me with a slew of patches today: QuickTime, iTunes, iPod and Mac OS X. The security patch readme includes:
The 10.4.4 Update delivers overall improved reliability and compatibility for Mac OS X v10.4 and is recommended for all users.
It includes fixes for:
- SMB/CIFS and NFS network file services
- Bluetooth wireless access
- Core Graphics, Core Audio, Core Image, RAW camera support, including updated ATI and NVIDIA graphics drivers
- Spotlight indexing and searching
- AppleScript, iChat, DVD Player, and Safari applications
- Dashboard widgets: Calendar and Stocks
- Software Update and Sync Services
- compatibility with USB and FireWire devices and third party applications
- previous standalone security updates
"For detailed information on this Update, please visit this website: http://www.info.apple.com/kbnum/n302810 ... For detailed information on Security Updates, please visit this website: http://www.info.apple.com/kbnum/n61798. "
Get patching!
2:00:10 PM
|
|
|
Friday, January 13, 2006 |
On Dan Bricklin's Log, Dan posts New wikiCalc release with AJAX and more. "I've finally released a new version of wikiCalc, my mashup of a wiki and a spreadsheet. This version, Alpha 0.2, adds a lot of different features and capabilities in many areas. The two most interesting to many people are (1) cell editing is now much more interactive using AJAX techniques, and (2) full source is provided along with other changes so that it can be run more than just client-side on a Windows machine."
10:07:02 AM
|
|
|
Thursday, January 12, 2006 |
... as I mentioned GNHLUG's next quarterly meeting, DLSLUG organizer Bill McGonigle posts the audio, slides and video from the last quarterly presentation, featuring Doug McIlroy, an instructor at Dartmouth and a retired manager from AT&T Bell Labs where he worked with Kernighan, Ritchie and other lights of the era. Thanks to Bill for the hard work of taking sub-optimal audio and video and preserving this very special presentation!
Slides are in OpenOffice format. Audio is a 64 Mb MP3 file, Video is a 348 Mb MP4 file suitable for playing with VLC or QuickTime. Thanks to the Internet Archive for hosting the video!
5:40:22 PM
|
|
|
Wednesday, January 11, 2006 |
Despite releasing it last week, MS06-001, the WMF flaw, was also released as one of three Critical, Remote Code Execution possible patches that comprised the January 2006 Microsoft security bulletin. As is typical, the patches seem to affect every supported version from Windows 2000 on up. However, earlier versions of Windows are provided with a link which seems to say "you're on your own." Here are the patches:
MS06-001 - Vulnerability in Graphics Rendering Engine Could Allow
Remote Code Execution (912919)
MS06-002 - Vulnerability in Embedded Web Fonts Could Allow Remote
Code Execution (908519)
MS06-003 - Vulnerability in TNEF Decoding in Microsoft Outlook and
Microsoft Exchange Could Allow Remote Code Execution (902412)
So, Microsoft graphics, Microsoft Fonts, Microsoft Office and Microsoft Outlook all have serious flaws. Get patching!
It is the second week of 2006.
4:56:52 PM
|
|
Garrett Fitzgerald's Blogs Apples and Oranges. "In a recent post, Craig Berntson trumpets about a recent CERT report that "proves" that Windows is more secure than Linux. What he doesn't mention is that the "Linux/Unix" list lumps together the Linux kernel, Mac OSX, HPUX, SCO Unixware, and others. So, when comparing 1 OS against 6 or more OSs, the 1 OS comes out ahead. What a surprise."
Over at Groklaw, the poster does a fine job of pointing out the problems with just quoting the gross numbers from this survey. It would be far better to identify how many security flaws led to major exploits and the costs of the cleanup. Trivial items are counted one-for-one with items that cost millions to clean up, exploits are listed multiple times (on both Windows and non-Windows platforms).
Bottom line: security is a process, not a feature. Millions more computers were turned into spam-sending zombies, and not just because they are running a more commonly-available operating system. They were exploited because the OS runs as an administrator with the rights to alter anything on the machine. Only one OS manufacturer shipped software that has that fatal flaw.
4:48:47 PM
|
|
|
Monday, January 9, 2006 |
Ars Technica post: Microsoft study finds Linux to have no advantage on older hardware. "Microsoft has published a new study that attempts to refute the claims that Linux runs better than Windows on older hardware. Do they have a point, or are they just blowing smoke?" By jeremy@arstechnica.com (Jeremy Reimer).
"Curiously, if you look at these results closely, they seem to confirm the idea that Linux will run on older hardware, at least if you are talking about Slackware and Knoppix specifically. However, overall the two operating systems ended up about the same. While this does tend to discredit the idea that "Linux runs faster on older hardware," at the very least, it runs no worse."
"The other point that the study brings up is that some distributions fared significantly better than others. This leads into the third major benefit that Linux fans like to tout, the diversity and customization available with Linux that is not available with Windows."
It's good to hear that Microsoft is working to make their software work on existing hardware, rather than expecting customers to buy new. But the comparison still misses the choice factor: you're more likely to want to run a 5-year-old machine as a file server in the back room, or a utility kiosk with very limited functionality. With Linux, you can run the machine without a GUI only (just text-mode) or with a minimal window manager. With WinXP, you're pretty much stuck with what Microsoft provides you.
8:14:48 PM
|
|
|
Sunday, January 8, 2006 |
What : Open Source Development and Productization
Who : Tim Burke, Director of Fedora Project and Kernel Development at Red Hat
When : Tue, 24 Jan 2006, at 5:00 PM
Where: Walker Auditorium, Robert Frost Hall, SNHU
GNHLUG, NH IEEE/ACM, and SwANH are privileged to host a joint presentation: Tim Burke, Director of Kernel Development for Red Hat Software, and Director of the Fedora Linux Project. He will be speaking on how Red Hat balances its role as community steward and purveyor of enterprise products. The event will take place at 5:00 PM, on Tuesday, January 24th, 2006. It will be in the Walker Auditorium, in Robert Frost Hall, at Southern New Hampshire University.
GETTING THERE
Campus Map: http://www.snhu.edu/212.asp
Robert Frost Hall is #2 on the map.
Directions: http://www.snhu.edu/209.asp
ABOUT THE PRESENTATION
Open source development is rapidly gaining momentum due to developer interest as well as empowerment to end users. This presentation will describe Red Hat's approach to balancing the interests of community, customers, and business partners. We will see how open source projects are integrated to form our distribution and how Red Hat fosters and contributes to the community development process. This approach can serve as a model to others who are trying to understand the intersection of free open source software and business.
ABOUT THE SPEAKER
Tim Burke is the Director of Kernel Development at Red Hat, the world's leading provider of open source solutions to the enterprise. The Kernel Development team is responsible for the core kernel portion of Red Hat Enterprise Linux. Burke is also the Director of the Fedora Project, an open source project sponsored by Red Hat and supported by the Fedora community. In his role as Fedora Director, Tim leads both internal and external community projects with the ultimate goal of product incorporation. Prior to becoming a manager, Tim earned an honest living developing Linux high available cluster solutions and Unix kernel technology. When not juggling bugs, features and schedules, he enjoys running, rock climbing, bicycling, and paintball.
ABOUT GNHLUG
GNHLUG, the Greater New Hampshire Linux User Group, is a not-for-profit organization committed to furthering the cause of Linux and Free/Open Source Software in and around the Granite State. GNHLUG has chapters and regular meetings in Nashua, Durham/UNH, Concord, Peterborough/Monadnock, Dartmouth/Lake Sunapee, and Manchester, as well as a state-wide online community. http://www.gnhlug.org
ABOUT NH IEEE/ACM
The IEEE (Institute of Electrical and Electronics Engineers) promotes the engineering process of creating, developing, integrating, sharing, and applying knowledge about electro and information technologies and sciences for the benefit of humanity and the profession. The New Hampshire Section of the IEEE hosts periodic technical and professional talks, and provides professional networking for technology professionals. http://acadweb.snhu.edu/Isaak_James/ITseminars/
The ACM (Association for Computing Machinery) is a non-profit educational and scientific society dedicated to advancing the arts, sciences, and applications of information technology. The Greater Boston Chapter of the ACM (GBC/ACM) is a sponsor of monthly meetings, full-day professional development seminars, and publisher of The Real Times. http://www.gbcacm.org/
ABOUT SwANH
The Software Association of New Hampshire (SwANH) promotes and supports the software and information technology industries throughout the State. SwANH sponsors networking events, educational programs through its SIGs and affiliates, and discount programs that provide members with opportunities to gain information, connect with resources, grow their businesses, and succeed. http://www.swanh.org
4:53:56 PM
|
|
|
Friday, January 6, 2006 |
Bravo to Microsoft for shipping the WMF patch early, rather than waiting an additional five days to ship on their regularly scheduled Patch Tuesday. Many security experts were very concerned about this flaw.
Users of Windows 2000, XP and 2003 should update immediately. Users of previous versions of Windows should stop using IE until Microsoft ships a patch.
The actual MS06-001 Security Bulletin is a bit confusing. It lists "Maximum Severity Rating: Critical" but in the FAQ seems to indicate that they are not shipping a version for Win9x/ME:
"Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) -- Review the FAQ section of this bulletin for details about these operating systems...."
In the FAQ... "How does the extended support for Windows 98, Windows 98 Second Edition, and Windows Millennium Edition affect the release of security updates for these operating systems?"
"For these versions of Windows, Microsoft will only release security updates for critical security issues. "
Okay, I'm confused. Critical or not? Supported or not?
1:24:43 PM
|
|
NYT > Technology: David Pogue: A Marriage Not Made in Heaven. "Some features of Palm's new Treo 700W cellphone-organizer are so well executed, you can't help grinning, while others are so clumsy, you smack your forehead." By DAVID POGUE. "The Treo 700W ($400 with a two-year Verizon commitment) is a Frankensteinian mishmash."
Over at the Wall Street Journal, Walter Mossberg concludes "The Treo 700w will appeal to some Windows Mobile fans, and to some corporate IT staffs. But for everyone else, I advise sticking with the Palm-based Treos."
Too bad. A friend had told me to keep an eye on the Treo line as he felt the Treo 650 needed one more version to be the category-killer PDA-Phone. Looks like the 700w was not the right one. Palm promises a PalmOS-based version is on the way. I'll wait.
1:16:35 PM
|
|
|
Thursday, January 5, 2006 |
Computerworld News catalogs A Sober Primer: The worm from A to Z. "With the Sober worm set to launch new attacks at midnight tonight, here's an A-to-Z guide to identifying the worm's many iterations for the past two years." The linked article talks about the latest incarnation, due to launch at midnight tonight. You may want to turn your Windows PC off tonight, just in case. Check to make sure your virus scanner is up to date, that your firewall is enabled (both incoming and outgoing, not the Windows one-way XP firewall), that your malware detectors are up to date and have scanned your machine recently.
It probably won't affect anything more than usual, but you ought to check to make sure you've got charged batteries for the cellphone, the PDA, the flashlight. A full tank of gas in case you need to drive off to a client first thing, and the Windows ATM isn't working. Filling the bathtub with water will let you flush the toilet if the water pressure goes. Perhaps you should review your Emergency Preparedness Checklist, just in case. Sleep tight. Don't let the bedbugs bite.
Trustworthy Computing. Ain't it grand?
5:47:20 PM
|
|
Slashdot post: Wisconsin Requires Open Source, Verifiable Voting. AdamBLang writes "Previously covered on Slashdot, Wisconsin Governor Jim Doyle today signed legislation that "will require the software of touch-screen voting machines used in elections to be open-source. Municipalities that use electronic voting machines are responsible for providing to the public, on request, the code used." Madison's Capital Times reports "the bill requires that if a municipality uses an electronic voting system that consists of a voting machine, the machine must generate a complete paper ballot showing all votes cast by each elector that is visually verifiable by the elector before he or she leaves the machine.""
Bravo! Kudos to Wisconsin! The electronic voting industry has been asking "Trust Us!" for much too long. Voting is far too important to trust a black-box, unverifiable, unauditable system. Full transparency is not an option, it's required.
9:57:17 AM
|
|
|
Wednesday, January 4, 2006 |
Ars Technica notes "A CD insert to make Sony blush. CD disclaimers are becoming more common now that DRM routinely renders discs unplayable for consumers, but the disclaimer accompanying a Coldplay CD takes the cake. Then smashes it. Then points and laughs." By caesar@arstechnica.com (Ken "Caesar" Fisher).
What an astoundingly bad idea. Let's punish the 98% of music fans to prevent (badly, poorly and ineffectively) a small number of pirates. This is so clueless. Copying and sharing (and legitimate Fair Use, time-, place- and device-shifting) is always going to happen. The winners in the music industry will be the ones who learn how to turn that sharing into revenue. Lots of musicians and music sites are learning how to do that. Patronize them, and not the clueless.
8:14:14 AM
|
|
|
Monday, January 2, 2006 |
The Internet Storm Center has set their InfoCon alert to Yellow and is full of information on the recent WMF exploit. They are even promoting a private patch, due to Microsoft's weak response on this issue. Microsoft has plans to ship a patch with their next regular Tuesday (the 10th) patch. Many of the media are a bit agitated to get a patch out sooner. Let's see how Microsoft's evaluation of the threat plays out. If they're wrong, their customers could spend millions cleaning up the mess. If they're right, no one will notice. Any change to the bottom line for Microsoft? Time will tell.
7:17:23 PM
|
|
|
