Microsoft Patches ASP.Net Problem in Record Time. Two days after it acknowledged a potential security problem with its ASP.Net Web-development platform, Microsoft quietly posted to its Web site for download a fix for the problem. [Microsoft Watch from Mary Jo Foley]
Bravo.
Millions of Dell power adapters recalled. The Taiwan-made AC adapters sold with Dell notebooks can overheat, posing risk of fire and electrical shock. [CNET News.com]
Hot stuff. Mine says “Made in Thailand” but by Delta Electronics and with the correct part number. When I went to visit http://www.delladapterprogram.com/ to check if my machine was affected, I got a “Server not available” and “Server Application Unavailable” Perhap Windows 2000 wasn’t a good choice of OS for the inevitable SlashDotting
Doc Searls asks “Did the air traffic control center really have a “Microsoft server crash”?. This looks like an incredible use of a 32-bit counter of milliseconds that overflows every 49.7 days, without a built-in feature to reset it. The “neglected maintenance” is likely a reboot of the system. Now ask yourself: Do you really want to be at 35,000 feet when they reboot the air traffic control system?
The list of Microsoft Knowledge base articles that refer to various (or the same) incarnation of this bug are scary:
SNMP SysUpTime Counter Resets After 49.7 Days
Computer Hangs After 49.7 Days
“PING -T” Stops Timing Out After 50 Days
Print Spooler Stops Scheduling Print Jobs
The Rpcss.exe process consumes 60 percent of CPU time and performance is affected
X-Duration Values Are Larger Than Expected in Windows Media Server Log
Windows 2000 Terminal Services Time-Out Setting Limits
Contents of the Microsoft Windows 98 System Update
List of Bugs Fixed in Windows NT 4.0 and Terminal Server Edition Service Pack 4 (Part 1)
You might be able to spot Microsoft the Windows 95 and 98 systems; who would have ever expected 50-day reliability out of those systems? NT 4.0 is a little more worrisome, as the bug had been documented for some time before the release of NT 4.0, I think. But for Windows 2000? The RPCSS and print spooler bugs are not documented as fixed in a later service pack, but only a hot fix, although this may be a documentation issue. That is truly disturbing if such a known issue is still sitting around to bite programmers.
I’d really like to know how and why Harris Corporation was allowed to replace UNIX machines that did not have these problems with Windows machines where this was a known issue, and roll them out into the FAA’s production systems, no less. That this was a documented issue is not an acceptable excuse, as the incident last month demonstrated, fortunately without the loss of life.
[CNET News.com]
is reporting Flaw found in older Office versions.
“A security company warned Thursday that a flaw in Microsoft Office could allow a denial-of-service attack to be executed on systems running somewhat older versions of the popular productivity suite.
Secunia issued an advisory saying a buffer overrun flaw has been found in Office 2000, and potentially also in Office XP, that could allow hackers to take over a user’s system. The company rated the flaw as “highly critical.”
The security firm said that vulnerability is caused by an error in the way Microsoft Word manages input when parsing document files. It said the flaw could be exploited through a specially-crafted document and recommends that, until a fix is found, users only open trusted Word documents. “
Reminder: only open trusted attachments. Reminder 2: there are no trusted attachments.
Never open a document you are not expecting. Confirm all unexpected documents with the sender before opening.
Better yet, send documents as text or RTF if the recipient really doesn’t need all the features of a word processing document.
I wonder how OpenOffice.org would work with one of these broken documents…
Great blog entry here demonstrating how the London bus ticket machines were designed to thwart anyone from using them.
Link from Lance Knobel’s Davos Newbies from Dave Winer’s Scripting News
‘iPod users are music thieves’ says Ballmer according to this article. What a charming man.
And speaking of FireFox, if you are running the latest 1.0 Preview Release, make sure to update with the latest security bug fix. Read the instructions carefully: the fix takes but a second: http://www.mozilla.org/press/mozilla-2004-10-01-02.html
Dan Bricklin’s updated his free ListGarden product to version 1.02, adding a couple of nice features and fixing a bug with the latest version of FireFox hanging. ListGarden is a cool little tool for generating an RSS feed using a simple web-based interface, ideal for a site with low volume and complexity.
LinkSys manufactures a router-switch-wireless access point that’s a spiffy little computer on top of being a cute computer peripheral. The machine sports a 200 MHz ARM processor, 4 Mb of Flash RAM and 8 Mb or RAM. (Their new GS models doubles both of these). It is managed via a web interface. Not surprisingly, the device runs Linux. Since they base their code on Linux, the GNU Public License requires them to publish the source code as well. Naturally, this leads to third parties offering enhancements and replacements. Cool stuff includes:
So, why would you hack a working appliance just to put your own custom software on it? 1) It’s cool. 2) Bug fixes 3) More features 4) Why not?
Why I dumped Internet Explorer. “CNET News.com’s Charles Cooper confesses that he’s a Firefox convert and not at all nostalgic for the old days.” From CNET News.com. Great quotes from the article:
“After months waiting for Microsoft to give me a reason to remain loyal, I finally dumped Internet Explorer for the Firefox Web browser last week.”
“There is one major change you can ascribe to Internet Explorer: The PC browser world is in much worse shape. Because management took so long to tackle Internet Explorer’s security woes, Microsoft allowed virus writers to exploit vulnerabilities in the browser and wreak untold havoc on unsuspecting computer users.”
