What a bass-ackwards article title! ComputerWorld reports that open
source development projects are very successful, but commercial
companies are having a hard time adapting their techniques because the
commercial developers… don’t use the software they develop! Hmmm….
Open source development models fall flat. Study finds that commercial software developed at disparate locations takes twice as long to complete. [Computerworld News]
The sad thing is the people who don’t code web pages seem to thing that
there is some cool and powerful way to generate web pages. The sad
thing is that it is just as funky and idiosyncratic and maddening as
any do-it-yourself project involving duct tape.
Bug fix.
IE5/Mac users, rejoice. How a single carriage return fixed 47 display
errors on this site. It might help your CSS layout work better in
IE5/Mac, too. [Jeffrey Zeldman Presents: The Daily Report]
Ed Leafe and Paul McNett tooks the covers off of Dabo 0.1, a project
they’ve been working on for some time: an n-tier, cross-platform,
data-aware application development framework written in Python. I’ve
been toying with the framework for some time, and I think this could be
a great framework for deploying apps on Windows, Mac and Linux. See
more details at http://dabodev.com/
Just had the little Microsoft Update critter in the tray pop up to tell
me that there was a new update. The text was incredibly generic:
A security issue has been identified that could allow
an attacker to compromise a computer running Windows and gain complete
control over it. You can help protect your computer by installing this
update from Microsoft. After you install this item, you may have to
restart your computer.
Well, we certainly wouldn’t
want that, now would we? With caution from the Sasser worm patch that
rendered machines unbootable, I thought I’d investigate a bit more. A
visit to the Microsoft KnowledgeBase did not show the article mentioned – 840374. A visit to the Microsoft Security site didn’t show anything about this article, either, but the Microsoft Technet Security site
does – a link on the right to “MS04-015: Vulnerability in Help and
Support Center Could Allow Remote Code Execution (840374),” which leads
to the wrong article – MS04-014 instead of -015. Changing the address
in the address bar leads, finally, to the correct article: “MS04-015: Vulnerability in Help and Support Center Could Allow Remote Code Execution (840374)“
This vulnerability affects WinXP and 2003 only. While Microsoft only rates this update as “Important” they do indicate
that a malicious web site using the flaw in Microsoft’s HCP protocol
means that “An attacker could take any action on the system, including
installing programs, viewing data, changing data, deleting data, or
creating new accounts that have full privileges.” I wonder what they
save the “Critical” rating for! Mitigating factors are many, and
suggested ways to minimize the dangers include not using Outlook, or
using Outlook in text-only mode, and unregistering the HCP protocol,
which might break local help links as well. Details are in the article
linked above.
It’s the 20th week of 2004, and this is Microsoft’s 15th security bulletin.
Nicholas G. Carr, author of the controversion Harvard Business Review
article “IT Doesn’t Matter” last year, follows up in Wired magazine
with some intriguing examples: Intel’s Centrino, Sun’s OpenOffice.org
and Microsoft’s IE.
Nicholas Carr:
“In public, industry CEOs may continue to exercise their Peter Pan
complexes, pretending that the IT business will never grow up. But
behind the scenes they’re dismantling Neverland piece by piece.” [Scripting News]
Microsoft drops its Wi-Fi offerings.
Microsoft Corp. has decided to stop producing wireless networking
products and will discontinue its range of gear using the 802.11b
wireless networking standard, also known by the Wi-Fi marketing name,
the company announced Tuesday. [InfoWorld: Top News]
Steve Black sent me a link to Brian Livingston’s column on new and clever phishing techniques,
“phishing” being the slang for tricking people into revealing
information, like credit card numbers and SSNs. The article shows how
Internet Explorer’s address bar and the SSL lock icon can be faked. A
few guidelines might make your online experience safer:
1. Don’t accept HTML emails that can hide the real links you’re being sent.
2. Don’t ever enter personal information unless you’re really, really
sure. Banks aren’t going to ask for your CC number and expiration. If
someone wants your SSN, they better be with the Social Security
Administration.
3. Consider a safer browser. These tricks were all done with IE.
I wonder if they can be reproduced using XUL on Mozilla or in Safari or
Opera or Netscape or…
CNN reports that CDs and DVDs may last a much shorter time, and be much more susceptible to environmental conditions, than the vendors want us to know.
Rick Schummer announces his new business. Good luck, Rick!
White Light Computing – Open for business!.
Announcing White Light Computing, Inc., a new company in the Fox
Community led by Rick Schummer. White Light Computing is offering a
number of services to developers and IT departments including
mentoring, software testing, consulting, and is selling the popular VFP
developer tools HackCX and ViewEditor (with more tools to come). Give
us a call or send an e-mail if you think we can help your organization
in any way. More information is available on our Web site. By White
Light Computing, Inc..
Dave Winer blogs “Sponsors, speakers, panels, audience.”
“Supernova and the recently announced Web 2.0
conference are throwbacks to the priorities of old conferences, of the
eighties and nineties: sponsors, speakers, panels, audience.”
“Execs
from high tech companies, paying sponsorship fees, not disclosed,
guarantee that most of the content is paid advertising and that nothing
real is said on stage. If you don’t pay the sponsorship fee, you don’t
get a speaking slot. If you offend a sponsor, you don’t get invited
back…These conferences are all spin, and empty bluster.”
Read more at