Archive | July, 2005

Google Maps Moon

Slashdot posts: Google Moon Debuts. Ian writes “From the FAQ: ‘One small step for Google… On July 20, 1969, man first landed on the Moon. A few decades later, we’re pleased to cut you in on the action. Google Moon is an extension of Google Maps and Google Earth that, courtesy of NASA imagery (thanks, guys!), enables you to surf the Moon’s surface and check out the exact spots that the Apollo astronauts made their landings.'”

Very cool. I have the fondest memories of Dad waking me up around 2 AM and propping me up before a snowy black-and-white TV in the summer cottage we rented to watch a couple of astronauts in bulky suits bounce around, falling impossibly slowly, on the surface of the moon. Mankind had stepped upon another world.

FireFox fixes last fix

Get Firefox!Slashdot notes Firefox and Thunderbird 1.0.6 Released. micpp writes “Only a short time after the release of version 1.0.5, Mozilla has released version 1.0.6 of both Firefox and Thunderbird . This update fixes a bug in the browser and email program which prevented some extensions from working.”

Oops. Sometimes the cure is almost as bad as the disease. The developers jumped a bit too fast on this one, patching 1.0.4 with a buggy 1.0.5. All sorts of flap resulted, international releases were frozen, feelings were hurt, nasty things posted to forums.

Bugs patched. Get your new release.

GreaseMonkey security exploit

Despite Microsoft’s attempt to, er, monopolize the security news…

Alex Feldstein posts Attention Greasemonkey Users. “There’s a serious security issue for Greasemonkey. Until I can study this in more detail, and as my use of GreaseMonkey is very minimal, I have chosen to disable it. (Via J-Walk)”

As best I’ve been able to ascertain, the problem occurs in versions before 0.34 and possibly also in the 0.4 alpha, but 0.35 is okay. The GreaseMoney add-in shows a little monkey face on the bottom of the browser. Click to toggle whether it is disabled, and only turn it on when you need it and trust the underlying page. You may also want to consider adding the NOSCRIPT add-on, which lets you specify which sites ought to be allowed to run JavaScript at all.

More on the RDP Exploit

Microsoft Watch from Mary Jo Foley reports Microsoft Suggests Workarounds to Block SP2 Flaw. “Microsoft released a security advisory and some suggested workarounds for a new potential denial-of-service flaw in Windows XP SP2.”

It’s a good idea to double-check systems that ought to have RDP disabled. As part of chasing down a different problem, I was reviewing the Services tab of a WinXP workstations’s Adminstration interface, and noted all the Terminal Services items running. Disable Remote access on an individual box by right-clicking “My Computer” and selecting “Properties.” On the “Remote” tab, ensure the “Allow users to connect remotely to this computer” is off.

Remote Desktop Protocol flaw can lead to DOS and crashed servers

Computerworld News notes Microsoft warns of remote access protocol flaw. “Microsoft is warning users that a flaw in the software used to remotely access computers running the Windows OS could leave them vulnerable to a denial-of-service attack.”

This is the RDP flaw I blogged last week. Affected machine include Win2K as well. It appears that scanning for the affected port is on the increase, too, according to the Internet Storm Center. I’m advising clients to turn off port 3389 at the firewall, and only enable it (via ssh, for example) when needed.

Whither .NET – additional ramblings

Andy Kramek posts a follow-up to his well-received essay: “Well, my little article on “Whither .NET” certainly prompted a variety of responses! I suppose it was to be expected that most of my regular readers are fellow FoxPro travelers and are probably pre-disposed to agree with my point of view. However what I found revealing was the comments from some people who obviously read something into my article that simply was not there.”

USA Patriot Act renewal controversy

Compare and contrast:

Amendment IV: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Patriot Act Section 213: With respect to the issuance of any warrant or court order under this section, or any other rule of law, to search for and seize any property or material that constitutes evidence of a criminal offense in violation of the laws of the United States, any notice required, or that may be required, to be given may be delayed if–

(1) the court finds reasonable cause to believe that providing immediate notification of the execution of the warrant may have an adverse result (as defined in section 2705);

(2) the warrant prohibits the seizure of any tangible property, any wire or electronic communication (as defined in section 2510), or, except as expressly provided in chapter 121, any stored wire or electronic information, except where the court finds reasonable necessity for the seizure; and

(3) the warrant provides for the giving of such notice within a reasonable period of its execution, which period may thereafter be extended by the court for good cause shown.’.

— Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT ACT)

There’s loads more good info at the ACLU’s Reform the Patriot Act website. Read, heed, and contact your Senators.

“He who would give up Liberty in exchange for temporary security, deserves neither
Liberty nor security” — Benjamin Franklin.

Too Many Choices! I can’t decide!

Slashdot carries a discussion that starts Time for a Linux Consolidation?. An anonymous reader writes “Are there too many Linux distributions currently available?” As always, with Slashdot, there’s a tradeoff between how long you want to read the answers and how much you trust their system of peer ratings. I like a threshold of 4, myself.

This is an interesting syndrome I’ve seen happen a number of times. Folks who perceive themselves to be trapped in the “One Microsoft Way” choice of operating systems, office products, PIMs and development tools long for the “freedom” of choosing other packages, ignoring the fact that they are implicitly choosing Microsoft over WordPerfect, SmartSuite, Delphi, BASIC, PostgreSQL and dozens of other choices. But when faced with the actual choice — Red Hat Enterprise or SuSE? Mandrake? Connectiva? Debian or Ubuntu? — they complain that there are “too many choices.” Utter nonsense. People chose to create yet another PIM for a reason. They may not have liked the options available, they may not have gotten along with the developers, they may wanted one specific feature or they may just have been ignorant of what was available. It’s up to the discerning consumer to figure out their optimal choice. Me, I think there’s too much shelf space devoted to high-frutose corn syrup and colored water, but bottlers seem to keep “innovating.”

Windows RDP Exploit Discovered

OSNews notes Windows RDP Exploit Discovered. “A denial of service vulnerability reportedly affects the Windows Remote Desktop Protocol.” OS News goes on to advise, “Either disable RDP or make sure you have a firewall enabled for port 3389 until a fix is available.” This is nonsensical advice. First, if you have “a firewall enabled for port 3389,” does that mean the process can’t go through the port. If so, what’s the point of running Remote Access?

The report does not identify the problem as something that could allow a malicious attacker to take over your machine, only inconvenience you with a denial of service issue, or possibly shutting down your machine. Obviously, you should turn off Remote Desktop access if you don’t need it.

There’s a stunning note on the Microsoft Security Advisory linked from the OSNews article: “Remote Desktop is enabled by default on Windows XP Media Center Edition.” What on earth were they thinking, by enabling a remote access interface on a OS designed to be used as standalone home media appliances? Is this Trustworthy Computing? Not even close.

RSS, Bloglines, GreaseMonkey, GreaseMap and AJAX.

Alex Feldstein blogs Securing RSS with Bloglines & GreaseMonkey. “What can you do if you wanted to syndicate data securely? Say you wanted to distribute company information but only the intended recipients could read it. Securing RSS Syndication, an article in O’Reilly’s XML.com  explains that it is possible, in a way, to do just that today using Bloglines and GreaseMonkey, an extension to the Firefox browser. (Via IO Error)”

GreaseMonkey script inserts location ap atop web site

Map appears displaying location of web page


AJAX (Asynchronous JavaScript And XML) provides a runtime environment within the browser that lets you use some of the power of the local workstation. I’ve been using GreaseMonkey and a GreaseMap Javascript add-on to FireFox to show Google maps in a banner when I navigate to a site that includes location metadata. Very cool.

AJAX isn’t new. Google uses something similar to provide a rich client experience in their mail client. The components have been around for a while. Leading-edge columnists like Jon Udell have been talking this stuff up for a while. Note that the Fox wiki has some good links too.

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.