Archive | 2006

RealVNC Server exploit

By Ted Roche on June 23, 2006 in Security

eWeek reports: Highly Critical RealVNC Flaw Fixed “A “highly critical” flaw in RealVNC's virtual network computing software could allow malicious hackers to access a remote system without a password, according to a published advisory.”

It's last month's news, but I didn't notice it when it went by. An associate told me of witnessing a machine being taken over by it. If you have RealVNC up and running as a server, make sure to update from the older 4.1.1 or earlier to the new 4.1.2 patched version

New web site to bookmark: CMSMatrix

By Ted Roche on June 21, 2006 in LAMP, Linux, MySQL, OpenSource, Python, Technology

I never fail to pick up at least one great tip or idea from every meeting I attend, and the Upper Valley Computer Industry Association was no exception. This tip: CMS Matrix, a site comparing the features of a huge number of competing content management systems out there. Like that other Matrix, the problem with Open Source is … choice. Not too many choices, but many. This site helps narrow it down.

Accompanying me on the trip: an audiocast of Doc Searls' wrap-up at the Syndicate 05 conference. Good stuff!

Jon Udell gets takedown request from This American Life

By Ted Roche on June 20, 2006 in Technology

On his blog, Jon reports on a disturbing idea: that a producer of copyright content could demand you take down links pointing to their content. This is not duplication (strictly speaking, the “copy” part of copyright), just a link in the form of an RSS feed. There's no easy answer here. WBEZ and This American Life want you to download their MP3s, but from their site where they can nag you with NPR pledges (have your sent in that check yet?) and a chance to buy a TAL T-shirt of coffee mug. Fair enough. “Deep linking” is a discredited concept that your license to use a site (embodied in their Terms of Service or Copyright notice) could limit your use of their site. Is this infringement on fair use, or a legitimate restriction for folks producing media?

I like and support This American Life and NPR. I also see Jon is providing them a service by publishing a notification mechanism that new content is available for download. Does Jon cross a line by including links to that content in an enclosure tag? I don't think so. While he's not actually copying the content, he's redirecting the original source from the WBEZ web site to the consumer's aggregator without them “benefitting” from the commercial advertising on the site. Are users “stealing” the content by failing to read the ads? Not. Are listeners benefitting from the downloaded enclosures? Yes. Is WBEZ losing revenue? Maybe.

What WBEZ should be doing is asking Jon to show them how to set up an RSS feed on their site, so that they can include their enclosures and add enticements to visit the sites (“Enter our contests! Win a T-shirt! Read about TAR history! Visit our archives!”) in the feed as well. WBEZ: Join the audiocasting revolution. It's the new radio. Add a plug to your audio to send you money, sure. Get yourself listed everywhere. Listeners time-shifting and place-shifting and device-shifting your show means more listeners. Don't cut yourself off from the audience.

Aggregation and linkage is the point of the web. Don't fight it.

Contents may have settled during production…

By Ted Roche on June 20, 2006 in Technology

Scripting News points out “Jon Udell picks “user generated content” as the most offensive buzzword.” There are only two industries that refer to the their customers as “users” and we don't want to be emulating the other one.

Doc Searls has pointed out the oxymoron “consumer-generated content” as pretty dumb, too. Despite what Big Media wants you to think, generating sound, video and text makes you a producer, not a consumer. Doc has been on a tear lately about the terrible business model Big Media (and the Internet Provider – Telephone – Cable Oligopoly) is trying to shove down everyone's throat: Big Media produces, end-user-consumers feed from the trough, large pipes down, tiny upload capabilities in an unbalanced asymmetry. That's not the world, it's the world as Big Media wants it. That's not the internet, that's television, that's broadcast, that's last century.

Microsoft: Block Excel Attachments

By Ted Roche on June 20, 2006 in Microsoft, Security

eWEEK.com Messaging and Collaboration reports Microsoft Posts Excel 'Zero-Day' Flaw Workarounds. “Redmond's security response center is recommending that businesses block Excel spreadsheet attachments at the e-mail gateway to avoid targeted zero-day attacks.”

FoxPro developers recall that Microsoft Outlook security patches block attached Visual FoxPro programs because “they could contain malicious code” — provided the recipient downloads the code to disk, runs Visual FoxPro to compile the program file and then runs the resultant file. Outlook, however, will allow through Excel or Word documents containing malicious code with no objection.

People need to get over the binary view of “documents” versus “executables.” Web “pages” contain executable Javascript, ActiveX controls, Java and more. PDF files can run code – they are made out of Postscript, a programming language. HTML Help files include executable features. Screensavers are programs, not pictures. Some people like to send around “slideshows” of pictures, oftentimes a PPS (PowerPointShow) file that could run VBA scripts.

1. Don't open attachments from untrusted sources.

2. There are no trusted sources.

Time to Switch?

By Ted Roche on June 18, 2006 in Apple Macintosh OS X, OpenSource

Over at ongoing, Tim Bray asks Time to Switch? and cites Mark “Diving into” Pilgrim's recent series of blogs where Mark has chosen to walk away from decades of Apple development and move to an Open Source platform. Full disclosure: Tim works for Sun MicroSystems but his voice is his own, as is Mark's, who's an IBM employee, and I own both a ThinkPad and an iMac, invest in all of these companies, and am divided if my next laptop should be a ThinkPad or MacBookPro. If you're considering replacing your current machine, there's lots of food for thought in these articles even if you aren't considering an Apple machine. Some of the most insightful comments were in Marks second post where he expresses legitimate concerns about being able to access documents over a long period of time, when the hardware is long gone, the DRM may not be supported, the applications that wrote the original data are nowhere to be found. Long Now Thinking is worth considering.

Tim's post follows:

Early this month, Mark Pilgrim made waves when he went shopping for a new Mac, but decided not to buy one, and, in When the bough breaks, wrote at length about switching to Ubuntu. I’ve been thinking about this a lot recently, and now John Gruber’s written And Oranges, a fine excursus on Mark’s piece. I’m pondering the switch away myself, too, and maybe sharing my thoughts will be helpful. [Update: Lots of feedback on the state of the Ubuntu art.] [Update: More from Mark. I feel sick, physically nauseated, that Apple has hidden my email—the record of my life—away in a proprietary undocumented format. I’ve had this happen once before (the culprit was Eudora); fool me twice, shame on me. Hear a funny sound? That’s a camel’s back, breaking.] …

When is a Notebook not a Laptop

By Ted Roche on June 18, 2006 in Apple Macintosh OS X

OSNews posts Apple Hypocrisy: “MacBook NOT a Laptop”. “Many people who have called Apple to complain about excessive heat coming from their newly purchased computers have been told that the MacBook and the MacBook Pro are in fact Notebook computers and not Laptop computers. This article details why they are totally full of it.” Well, details is a bit generous. Rants is more like it. Apple pictures people with MacBooks on their laps. But reports seem to indicate the MacBooks are too hot to leave there for long. That's not a good thing.

It is no longer safe to start your computer…

By Ted Roche on June 16, 2006 in Microsoft, Security

Vulnerability found in Microsoft Excel.

(InfoWorld) – “A new vulnerability has been found in Microsoft's Excel spreadsheet program, just a few days after the company fixed problems with several of its applications in its monthly patch distribution.”

“One customer reported an attack using the vulnerability, which comes from an e-mail with a malicious Excel document attached, wrote Mike Reavey, Microsoft Security Program Manager, on the company's security blog.”

1. Do not open attachments from untrusted sources.

2. There are no trusted sources.

Chris Schmidt shines at Where 2.0

By Ted Roche on June 16, 2006 in OpenSource

I recently mentioned that Chris Schmidt was going to give a brief talk at O'Reilly's Where 2.0 conference. He was a featured character in the Wired News article on the conference, too. Congrats, Chris!

Brian Livingston: Genuine Advantage is Microsoft spyware

By Ted Roche on June 16, 2006 in Microsoft, Security

Brian Livingston minces no words in his weekly Windows Secrets newsletter lead article, “Genuine Advantage is Microsoft spyware .” He goes on to say:

No PC-using company that values security and reliability can allow a program like WGA to send data to a distant server, download additional software, morph its behavior, or remotely change the functionality of Windows (as I describe below). I don't believe individuals should put up with this, either.”

This isn't a frothing-at-the-mouth, I-hate-Bill, Anything-But-Microsoft lunatic writing these words, rather it's someone who makes his living supporting Microsoft software.

Older posts Newer posts

S	M	T	W	T	F	S
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30

Navigation