Archive | February 10, 2004

Microsoft Security Bulletins

Microsoft issued four today, and you should evaluate them carefully to ensure your systems are secure:

  • MS04-004: Cumulative Security Update for Internet Explorer(832894)
  • MS04-005: Vulnerability in Virtual PC for Mac could lead to privilege elevation (835150)
  • MS04-006: Vulnerability in the Windows Internet Naming Service (WINS) Could Allow Code Execution (830352)
  • MS04-007: ASN .1 Vulnerability Could Allow Code Execution (828028)

Code Execution means that someone else can run code on your machine, perhaps taking it over. Serious stuff. It’s the seventh week of the year. Trustworthy computing continues.

UPDATE:Wired News picks up on the story here: Microsoft: Oops! We Did It Again. “Six months after researchers warned Microsoft about critical security flaws in Windows, the software company alerts users to the problem and offers a patch on its website. One researcher calls the delay ‘just totally unacceptable.'” and the New York Times: Technology page features it:Microsoft Warns Software Users of ‘Critical’ Flaw. “Users of Microsofts operating system software have to patch their systems again, or their computers will be vulnerable to attacks.” NYT story by John Schwartz.

Murphy kicks in

Down but not out. Successfully installed Python and have it running, but wxPython is eluding me. On the last step on the installation instructions, my luck ran out, with error messages:

[root@localhost wxPython]# python setup.py \
WX_CONFIG=$WXPREF/bin.wx-config \
build install
Preparing CORE...
Preparing GLCANVAS...
Preparing OGL...
Preparing STC...
Preparing XRC...
Preparing GIZMOS...
Preparing DLLWIDGET...
usage: setup.py [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]
   or: setup.py --help [cmd1 cmd2 ...]
   or: setup.py --help-commands
   or: setup.py cmd --help
 
error: invalid command 'python' (no module named 'distutils.command.python')

Ooof. A quick Google for the bottom error (the cause of the rest, if I read it correctly) points to problems in the distutil package. Attempting to reinstall that from the source brings no joy, with more obscure errors:

[root@localhost Distutils-1.0.2]# python setup.py install
Traceback (most recent call last):
  File "setup.py", line 30, in ?
    packages = ['distutils', 'distutils.command'],
  File "/root/Distutils-1.0.2/distutils/core.py", line 101, in setup
    _setup_distribution = dist = klass(attrs)
  File "/root/Distutils-1.0.2/distutils/dist.py", line 130, in __init__
    setattr(self, method_name, getattr(self.metadata, method_name))
AttributeError: DistributionMetadata instance has no attribute 'get___doc__'

So, at the end of the day, the score is tied: I won the Python install, Murphy the wxPython install. Tomorrow’s another day.

Installations on Linux, still a challenge

Slashdot readers debate the pros and cons of Building A Better Package Manager. As a newbie, I can say I’m certainly frustrated with the experience of trying to install packages on my Linux machines.

I spent some time today installing Python 2.3.3 and wxPython on my development workstation. First, because I’m still afraid of breaking something, I tried downloading the precompiled binarys in RPM (RedHat Package Manager) format, and clicking on them in the Nautilus graphical shell to install them. Dialogs cheerfully appeared and disappeared, progress bars filled, and then,… nothing. Presuming that no news was good news, I try running, and no, version 2.2 is still installed. Grrr. Many fumbles later, the RPM command informs me the package is not installed. I knew that. I wish I had been told, however.

So, I attempt the dreaded “building from source.” This involves downloading the source code for the package (typically C code) and running through a series of steps to properly configure it for your system and compile it. Python turned out to be a piece of cake: 3 commands (./configure, make, make install) fill the terminal window with inscrutable stuff, but eventually seem to complete successfully. Bravo to the team that put that together!

wxPython was a little more challenging. The readme file was a bit more intimidating, as the ethusiastic author wanted to make sure I understood more options than I was comfortable with. I’m about halfway through that process now, and while the stuff flying by in the window looks okay to me, we’ll see how the process comes out…

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.