Over at Shedding Some Light, Rick Schummer blogs Breaking another rule costs me “Here is another one of those rules I have learned the hard way:
Never test install your application installer on your development machine.
Archive | January, 2006
Free Software support for the MacBook lags…
Cool at the MacBook is, Bill says he’ll be waiting a while before he buys his: Free Software for Intel-based Macs. “I’ve been considering getting a new MacBook Pro – the specs are very nice, it’s a real desktop replacement, and even though there are some weird things like a slower DVD drive and a lower-res screen it would be a good computer… But there’s one thing that’s ruled it out…”
[Resigned to the Bittersweet Truth]
Mac updates today
InfoWorld: Top News: Oracle releases quarterly security patches. Imagine only having to release patches four times a year!
Mac updates today
New mac patches today: my iMac greeted me with a slew of patches today: QuickTime, iTunes, iPod and Mac OS X. The security patch readme includes:
The 10.4.4 Update delivers overall improved reliability and compatibility for Mac OS X v10.4 and is recommended for all users.
It includes fixes for:
- SMB/CIFS and NFS network file services
- Bluetooth wireless access
- Core Graphics, Core Audio, Core Image, RAW camera support, including updated ATI and NVIDIA graphics drivers
- Spotlight indexing and searching
- AppleScript, iChat, DVD Player, and Safari applications
- Dashboard widgets: Calendar and Stocks
- Software Update and Sync Services
- compatibility with USB and FireWire devices and third party applications
- previous standalone security updates
“For detailed information on this Update, please visit this website: http://www.info.apple.com/kbnum/n302810 … For detailed information on Security Updates, please visit this website: http://www.info.apple.com/kbnum/n61798. ”
Get patching!
Chandler releases public 0.6 preview
Ars Technica posts: Chandler, an open-source personal information manager, hits its first public release. “Chandler, the brainchild of the first Macintosh programmer, Andy Hertzfeld, has hit its first “usable” public release milestone. Is this an application worth watching?”
YES! An open-source, secure PIM written in Python, runs cross-platform, backed by Mitch Kapor, partly written by Andy Hertzfeld. What’s not to like?
wikiCalc alpha 0.2
On Dan Bricklin’s Log, Dan posts New wikiCalc release with AJAX and more. “I’ve finally released a new version of wikiCalc, my mashup of a wiki and a spreadsheet. This version, Alpha 0.2, adds a lot of different features and capabilities in many areas. The two most interesting to many people are (1) cell editing is now much more interactive using AJAX techniques, and (2) full source is provided along with other changes so that it can be run more than just client-side on a Windows machine.”
Speaking of great GNHLUG meetings….
… as I mentioned GNHLUG’s next quarterly meeting, DLSLUG organizer Bill McGonigle posts the audio, slides and video from the last quarterly presentation, featuring Doug McIlroy, an instructor at Dartmouth and a retired manager from AT&T Bell Labs where he worked with Kernighan, Ritchie and other lights of the era. Thanks to Bill for the hard work of taking sub-optimal audio and video and preserving this very special presentation!
Slides are in OpenOffice format. Audio is a 64 Mb MP3 file, Video is a 348 Mb MP4 file suitable for playing with VLC or QuickTime. Thanks to the Internet Archive for hosting the video!
Microsoft Patch Tuesday, January 2006
Despite releasing it last week, MS06-001, the WMF flaw, was also released as one of three Critical, Remote Code Execution possible patches that comprised the January 2006 Microsoft security bulletin. As is typical, the patches seem to affect every supported version from Windows 2000 on up. However, earlier versions of Windows are provided with a link which seems to say “you’re on your own.” Here are the patches:
MS06-001 – Vulnerability in Graphics Rendering Engine Could Allow
Remote Code Execution (912919)
MS06-002 – Vulnerability in Embedded Web Fonts Could Allow Remote
Code Execution (908519)
MS06-003 – Vulnerability in TNEF Decoding in Microsoft Outlook and
Microsoft Exchange Could Allow Remote Code Execution (902412)
So, Microsoft graphics, Microsoft Fonts, Microsoft Office and Microsoft Outlook all have serious flaws. Get patching!
It is the second week of 2006.
‘Numbers of flaws’ is a flawed measure of security
Garrett Fitzgerald’s Blogs Apples and Oranges. “In a recent post, Craig Berntson trumpets about a recent CERT report that “proves” that Windows is more secure than Linux. What he doesn’t mention is that the “Linux/Unix” list lumps together the Linux kernel, Mac OSX, HPUX, SCO Unixware, and others. So, when comparing 1 OS against 6 or more OSs, the 1 OS comes out ahead. What a surprise.”
Over at Groklaw, the poster does a fine job of pointing out the problems with just quoting the gross numbers from this survey. It would be far better to identify how many security flaws led to major exploits and the costs of the cleanup. Trivial items are counted one-for-one with items that cost millions to clean up, exploits are listed multiple times (on both Windows and non-Windows platforms).
Bottom line: security is a process, not a feature. Millions more computers were turned into spam-sending zombies, and not just because they are running a more commonly-available operating system. They were exploited because the OS runs as an administrator with the rights to alter anything on the machine. Only one OS manufacturer shipped software that has that fatal flaw.
Windows XP ‘runs’ as well as new Linux distros on old hardware
Ars Technica post: Microsoft study finds Linux to have no advantage on older hardware. “Microsoft has published a new study that attempts to refute the claims that Linux runs better than Windows on older hardware. Do they have a point, or are they just blowing smoke?” By jeremy@arstechnica.com (Jeremy Reimer).
“Curiously, if you look at these results closely, they seem to confirm the idea that Linux will run on older hardware, at least if you are talking about Slackware and Knoppix specifically. However, overall the two operating systems ended up about the same. While this does tend to discredit the idea that “Linux runs faster on older hardware,” at the very least, it runs no worse.”
“The other point that the study brings up is that some distributions fared significantly better than others. This leads into the third major benefit that Linux fans like to tout, the diversity and customization available with Linux that is not available with Windows.”
It’s good to hear that Microsoft is working to make their software work on existing hardware, rather than expecting customers to buy new. But the comparison still misses the choice factor: you’re more likely to want to run a 5-year-old machine as a file server in the back room, or a utility kiosk with very limited functionality. With Linux, you can run the machine without a GUI only (just text-mode) or with a minimal window manager. With WinXP, you’re pretty much stuck with what Microsoft provides you.