|
Ted's Radio Weblog
 |
Wednesday, November 29, 2006 |
Over at InfoWorld, Robert McMillan is reporting that Apple patches AirPort wireless bug. "Apple Computer Inc. has fixed a number of flaws in the software that ships with its personal computers, including a bug in its AirPort wireless drivers that was disclosed earlier this month... Apple's Tuesday update also fixes several issues in products that ship with OS X, including flaws in the ClamAV antivirus software, Perl, PHP (PHP Hypertext Preprocessor) and Samba... In total, 22 patches were released in this update, named 2007-007 by Apple." Double-oh-seven, eh? Get patching!
10:20:33 AM 
|
|
|
Tuesday, November 28, 2006 |
The monthly meeting of CentraLUG, the Concord/Central NH GNHLUG chapter, happens the first Monday of most months on the New Hampshire Institute Campus starting at 7 PM.
Directions and maps are available on the NHTI site at http://www.nhti.edu/welcome/directions.htm. This month, we'll be meeting in the Library/Learning Center/Bookstore, room 146, marked as "I" on that map. The main meeting starts at 7 PM, and we finish by 9 PM. Open to the public. Tell your friends.
For December's meeting, Tim Lind of Computerborough will present TrixBox, the CentOS-based distribution for running the Asterisk PBX software, formerly known as "Asterisk @ Home." Trixbox (http://www.trixbox.org) is an open source PBX product that allows one to setup a full featured telephone system with extensions, personal voice mail, auto attendant and many, many more features within their home or office. Tim Lind of Computerborough (http://www.computerborough.com) has installed it many times and is using it on a daily basis within his company. Tim will show us around the configuration, and show some of the nifty things that can be done with it. Tim is a Red Hat Certified Engineer, A+ Certified Technician, Microsoft Certified Professional and is also Network+ certified. Tim has been using Linux since 1997 when he got bored with Windows and runs his business almost exclusively on open source products."
January's meeting falls on the first, so we'll likely skip the month's meeting. However, stay tuned for some exciting meetings coming up in 2007! Tentatively, we hope to have Andy Bair present Digital File Carving Forensics and Matt Brodeur talk about PGP and help us with a key-signing early in the year.
More details on the group and directions to the meeting at http://www.gnhlug.org.
10:11:28 AM
|
|
|
Sunday, November 26, 2006 |
Columbus Day holiday gave me the chance to set up a MythTV back end. It was a good chance to see how complicated it was to set it up (not hard). But sitting around the office to watch TV was no fun. So, the trick was to cobble together another machine to run the front end in the entertainment center in the living room. Thanksgiving Day weekend gave me the time to work on it.
A ThinkPad A31p served as the front-end machine. "Lucky" is over four years old and has fried USB connections, a dead wireless card and a dead backlight -- perfect for repurposing. The display was a Samsung 23" LCD via a VGA connection. A remote control made by Phillips and a USB-based IR receiver was included with the WinTV PCR-150mce thats in the backend digitizing the videos. Like the back end, I followed Jarod Wilson's Fedora Core MythTV HOWTO. only installing mythfrontend rather than the entire mythtv-suite. Installation was a piece of cake.
The gotcha (and the good reason this was saved for a weekend) was configuring the video. The ThinkPad A31p has a built-in ATI Radeon FireGL Mobility 7800 M7 with VGA, S-Video-In and TV-Out. While ATI supplies proprietary drivers, there are several Open Source projects that support many of the features. The trick was working out the combination of them that produced the optimal video. Laura and I watched "Gentlemen Prefer Blondes" last night, it was a bit like a stop-action flick, probably about 10 frames per second. Today's hacking involved learning more than I wanted about xorg.conf, the radeon driver, X, DRI, DRM, Xv
Some other neat links that helped me along: unlike many Open Source (and proprietary!) underdocumented applications, MythTV has a remarkable User Manual
The remote control has good pointers for configuring here
here, and here.
Things still left to do: configuring ACPI to leave the laptop running while closed.
7:41:58 PM
|
|
|
Friday, November 24, 2006 |
A review of the MythTV-enabled distribution KnoppMyth in the article "Linux as a Media Centre:"
"First impressions... Wow... I have played with Windows Media Centre before, concluding that it was an overpriced clunky frontend for Windows Media Player aimed at no market in particular and ultimately doomed for failure. This was another kettle of fish altogether."
4:35:16 PM
|
|
|
Wednesday, November 22, 2006 |
SANS Internet Storm Center, InfoCON: green is reporting "Mac OS X Apple UDIF Disk Image Kernel Memory Corruption, (Wed, Nov 22nd). A vulnerability has been reported in the way OS X handles corrupt DMG images...(more)"
Apple did pretty well with their proprietary apps on top of OS X, but one real bozo bit flipped was have the option to open 'safe' files enabled by default in Safari. That ASSuMEs that 'safe' files can't have a flaw that leads to... well, exactly what this exploit does. Remember, never open an untrusted attachment, whether on a web page or an email. And there are no trustworthy attachments. Test, confirm, verify, then install or run. If using Safari, turn off 'safe' files, because they are not.
11:43:21 AM
|
|
|
Tuesday, November 21, 2006 |
In "A Costly Addiction, " Lawrence Lessig says the debate over Net Neutrality is a lot deeper than whether the telecoms/videocoms/internetcoms get to deliver whatever kind of service they choose by arbitrarily limiting competition to their monopolized wires:
"Of all the things that have not gone according to the framers' plan, perhaps this is the most significant. Practically everyone in Washington, DC, is now dependent in precisely the way our founders feared. All but a few members of Congress devote the majority of their time to raising money for reelection. Doing the job we've hired them to do - governing - takes a distant second place."
10:06:12 AM
|
|
|
Sunday, November 19, 2006 |
The GNHLUG-discuss mailing list has been abuzz for the last month with disucssions about MythTV. I've learned a lot I had not yet gleaned from the documentation:
I hadn't realized that it was possible to receive and record HDTV-level broadcasts from the analog cable feed for those "broadcast" channels in the local area.
One GNHLUG member posted his How-To on building a MythTV front-end with no noisy fans or hot hard drives. This little box would work well in the entertainment center.
A link to a great discussion of the Architecture of MythTV.
At the MerriLUG meeting on Thursday, the January topic was announced: we'll be meeting Jarod Wilson, author of the Fedora Core MythTV HowTo. That's a meeting not to miss!
10:52:31 AM
|
|
There was an great session at the Merrimack Valley Linux User Group meeting on Thursday night. Shawn K. Shea presented VMWare and he had a lot of great pointers -- hope to have a link to his slides soon. One that really caught my attention was a trick to run a dual-boot partition as a VMWare session, a great feature if you just need to run a transient app, so you can avoid the overhead of rebooting. The howto is here, but it's not for the faint of heart:
http://news.u32.net/articles/2006/07/18/running-vmware-on-a-physical-partition
Read the instructions carefully. There are several "this could destroy your parition if you're not careful" cautions along the way -- I'd make a good Ghost / partimage backup before trying this.
9:06:12 AM
|
|
|
Tuesday, November 14, 2006 |
The SANS Internet Storm Center lists 6 patches released by Microsoft today, with two earning the "PATCH NOW" status: one for multiple exploits of Internet Explorer and the second an exploit of XML Core Services with exploits known to be out in public. Get patching!
4:15:23 PM
|
|
|
Monday, November 13, 2006 |
On his blog, Sun CEO Jonathan Schwartz confirms it's true:
"Few folks, at least outside of Sun, understand how pervasively successful the Java platform, and the community supporting it, have been over the past decade. But Java runs on more devices than Microsoft Windows, Linux, Solaris, Symbian and the Mac combined..."
"And in closing, I want to put one nagging item to rest... By admitting that one of the strongest motivations to select the GPL was the announcement made last week by Novell and Microsoft, suggesting that free and open source software wasn't safe unless a royalty was being paid. As an executive from one of those companies said, "free has to have a price." ... That's nonsense."
Read the entire post here
3:27:40 PM
|
|
InfoWorld: Top News comments Sun open sources Java under GPL. "It's no surprise that Sun Microsystems is making its core Java platform freely available; what is somewhat unexpected is the vendor's choice of open-source license."
Cool. Not just free, but very free. Java is the glue holding together lots of enterprise-level projects, and removing the barrier of uncertain licensing from Java will only help it spread. Bravo, Sun!
11:57:09 AM
|
|
|
Saturday, November 11, 2006 |
Veteran's Day, 2006: Thanks to all who served, in peacetime and in war, declared and undeclared. Thanks to those who volunteered, and to those who answered the draft. Thanks for fighting to keep us free, a battle we continue at home as well as abroad. Thanks for risking your lives. And thanks to far too many for giving up their lives. Rest in peace and be remembered.
2:36:32 PM
|
|
Dana Blankenhorn opines, "The war is over and Linux won." Ah, if it were only that simple. I think we've seen a turning point, but unlike wars with surrenders and treaties and armistices, commercial and non-commercial software will always live with some dynamic tension, and plots by one to eradicate the other will continue. There has been a sea-change though: vendors are learning to accomodate Linux as an alternative choice of their customers.
2:32:59 PM
|
|
|
Friday, November 10, 2006 |
Jim Kuzdrall announces that Shawn K. O'Shea will present "VMware tips: features, advantages, installation, quirks, demo" at the November 16th meeting of the Merrimack Valley Linux User Group chapter of the Greater New Hampshire Linux User Group. Should be a great show!
5:50:01 PM
|
|
InfoWorld: Top News is reporting Florida e-voting: 18,000 'missing' votes in close race. "Government watchdog group Common Cause has called for an investigation of electronic voting machines used in Florida's 13th congressional district because of 18,000 missing votes.... About 18,000 people who cast votes in other races in Tuesday's election failed to record a vote for either candidate for the U.S. House of Representatives. At last count, Republican candidate Vern Buchanan led Democratic candidate Christine Jennings by less than 400 votes in the race to succeed Republican Katherine Harris, who ran unsuccessfully for U.S. Senate."
... But her spirit lives on.
"This is part of the reason we've been calling for a paper trail," Wilcox said... Ironically, Sarasota County voters on Tuesday approved a ballot measure requiring paper trail ballots to be used as a backup to the e-voting machines."
Whether by programmer error (certainly possible), operator error (easy enough), configuration problem, or tin-foil-hat-conspiracy, electronic voting is not an improvement on paper ballots. Unless and until we can make a system than makes voting more accurate, we ought to just wait until the paper ballots get counted.
5:39:04 PM
|
|
|
Wednesday, November 8, 2006 |
The election results were amazing here. New Hampshire was thought of as the flinty, practical, down-to-earth Yankee Republican bastion of "Live Free or Die." However, yesterday's election was a landslide for Democrats: Governor Lynch was re-elected by the largest margin ever, the state Senate went Democrat for only the second time since the nineteenth century, the state House of Representatives went blue from red by a huge margin - a first since 1922! - and even the Executive Council, the inner cabal that rules the governor, went Democratic. Both U.S. Reps, incumbent Republicans both, were turned out. It was a tsunami. Best wishes.
3:44:29 PM
|
|
Steven J. Vaughan-Nichols responds, Novell is not SCO. Novell is accepting around $350 million dollars from Microsoft to allow Microsoft to indemnify Novell customers from patent infringement claims, which Novell insists is not a problem. Steven, who admins he is not a lawyer, believes he understands the way they thread that needle without violating the GPL. SJV-N notes, "In the long run, Microsoft will shaft Novell. Just ask Stac, Lotus, WordPerfect... oh, wait. Novell is still suing Microsoft for that last one! Could it be that Novell already knows that they're supping with the devil? Why, yes I think they do."
So, they're taking money for desparate short-term gain, despite knowing long-term liabilities? Aiding Microsoft in spreading the chilling effects of bogeyman legal threats that will damage its Linux business as well as everyone elses? A dangerous game they are playing.
1:46:03 PM
|
|
|
Tuesday, November 7, 2006 |
OSNews links to a Register story: Perens: 'Novell Is the New SCO'. "Often cast as the peacemaker in free software disputes, Bruce Perens is on the warpath. When we caught up with him, he wasn't in a mood to be charitable to Novell."
"Novell is violating the GPL," he tells us. "It's up to the Free Software Foundation, which owns the copyright, to pursue this. But the FSF owns the C library and the compiler outright. There isn't much Novell can do without either."
9:26:54 PM
|
|
|
Saturday, November 4, 2006 |
|
Friday, November 3, 2006 |
Meanwhile, the Linux Journal staff have selected their Editor's Choice products. A great range of software, some of which I'll have, and some I'll now have to make time to try out.
1:16:50 PM
|
|
Anticipate every press outlet will have a lot to say about this:
GrokLaw: "I've collected for you a representative sampling of reactions to the unfortunate Novell-MS alliance. First, my own: this is apparently some kind of a covenant not to sue, not a true cross licensing deal. I think that's how they plan to step over and around the GPL."
Novell FAQ: "Because open source software is developed in a cooperative environment, some have expressed concerns that intellectual property protections could be compromised more easily in open source. Today's agreement between Novell and Microsoft provides confidence on intellectual property for Novell and Microsoft customers."
InfoWorld
MaryJo Foley: "Reality check: Microsoft isn't waving the white flag"
Bruce Perens: "The timing of this agreement is significant. Microsoft and Novell are said to have been working on this agreement for some time, and sped up its announcement to take attention away from Oracle's recent announcement and to further depress Red Hat in the stock market... This entire agreement hinges around software patenting - monopolies on ideas that are burying the software industry in litigation - rather than innovation. If we've learned one thing from the rapid rise of Open Source, it's that intellectual property protection - the thing that Open Source dispenses with - actually impedes innovation. And the Novell-Microsoft agremeent stands as an additional impediment."
11:53:15 AM
|
|
Wow. There'll be lots more to say about this: Microsoft and Novell made announcements this morning that seem to be a mutual exchange of licenses and patents that means that Novell will pay Microsoft to keep Microsoft from suing them for patent infringment. Microsoft will pay one-millionth of one percent of a loose change account for some support licenses to resell to its customers. Novell can use the money they're owed by SCO that SCO got from Sun and... Microsoft. Novell is playing a very dangerous game. And Oracle's threatening RedHat. Next players to make a move? Watch Sun and IBM.
11:26:03 AM
|
|
The Guardian features yet another Google article. Can't get too many of these. Fascinating stuff they're doing. "Giving Google a licence to code: Google's open source chief talks about the joys of Linux, the cost of Windows and his concerns about the new version of the GPL"
11:15:49 AM
|
|
|
Thursday, November 2, 2006 |
Over at Shedding Some Light, Rick Schummer blogs IE7 Breaks Older QuickBooks: "I use FireFox as my primary Web browser and really like it... A couple of weeks ago at Southwest Fox I learned a bunch of things about IE7 from Rick Borup. His session got me excited about some of the changes and new features. So I have been looking forward to the automatic update about to hit my machine. Then I accidentally ran across a blog from one of my technical partners about how IE7 breaks QuickBooks Pro. No email from Intuit (they hit me up with lots of offers to upgrade, but I guess this little detail was not that important, or I seriously overlooked it)... I use QuickBooks Pro to manage the accounting books here at White Light Computing. I have used this product for years to keep track of the hours I bill, invoicing, tracking accounts receivables, printing checks to my vendors and subcontractors, and reporting the financials to my wife and our accountant. I use this program all the time. It is almost as important to me on the administrative side of the business as Visual FoxPro is to the technical side of the business."
Rick goes on to point out some work-arounds to prevent IE from "upgrading" itself and making your accounting system inoperable. Thanks for the tip, Rick!!!
2:38:15 PM
|
|
Over at DDJ.com, they're reporting that "New Hacker Toolkit Cloaks Browser Exploits" No real surprise there - polymorphic browser exploits can avoid primitive signature detection techniques that just look for "DO BadCode()" in the payload. Code that runs in a browser has to run in a safer environment, like the "security sandbox" design of Java. ActiveX controls are just Windows executables that run with the permissions of the user. That won't work, no matter how many "digital signatures" or "Are you sure" dialogs MS layers on top of their insecure design. JavaScript isn't much better with the potential for downloadable JavaScript network scanners implying that every device on the network must be firewalled from every other.
There are no easy solutions in sight. Run with the least privileges practical. Firewall off unneeded services. Scan for unacceptable activity in memory and on disk. Turn off runtime capability in the browser except when needed - Flash, ActiveX, JavaScript and Java should only run with permission of the user.
9:19:38 AM
|
|
|
