Ars Technica posts: Chandler, an open-source personal information manager, hits its first public release. “Chandler, the brainchild of the first Macintosh programmer, Andy Hertzfeld, has hit its first “usable” public release milestone. Is this an application worth watching?”
YES! An open-source, secure PIM written in Python, runs cross-platform, backed by Mitch Kapor, partly written by Andy Hertzfeld. What’s not to like?
On Dan Bricklin’s Log, Dan posts New wikiCalc release with AJAX and more. “I’ve finally released a new version of wikiCalc, my mashup of a wiki and a spreadsheet. This version, Alpha 0.2, adds a lot of different features and capabilities in many areas. The two most interesting to many people are (1) cell editing is now much more interactive using AJAX techniques, and (2) full source is provided along with other changes so that it can be run more than just client-side on a Windows machine.”
… as I mentioned GNHLUG’s next quarterly meeting, DLSLUG organizer Bill McGonigle posts the audio, slides and video from the last quarterly presentation, featuring Doug McIlroy, an instructor at Dartmouth and a retired manager from AT&T Bell Labs where he worked with Kernighan, Ritchie and other lights of the era. Thanks to Bill for the hard work of taking sub-optimal audio and video and preserving this very special presentation!
Slides are in OpenOffice format. Audio is a 64 Mb MP3 file, Video is a 348 Mb MP4 file suitable for playing with VLC or QuickTime. Thanks to the Internet Archive for hosting the video!
Despite releasing it last week, MS06-001, the WMF flaw, was also released as one of three Critical, Remote Code Execution possible patches that comprised the January 2006 Microsoft security bulletin. As is typical, the patches seem to affect every supported version from Windows 2000 on up. However, earlier versions of Windows are provided with a link which seems to say “you’re on your own.” Here are the patches:
MS06-001 – Vulnerability in Graphics Rendering Engine Could Allow
Remote Code Execution (912919)
MS06-002 – Vulnerability in Embedded Web Fonts Could Allow Remote
Code Execution (908519)
MS06-003 – Vulnerability in TNEF Decoding in Microsoft Outlook and
Microsoft Exchange Could Allow Remote Code Execution (902412)
So, Microsoft graphics, Microsoft Fonts, Microsoft Office and Microsoft Outlook all have serious flaws. Get patching!
It is the second week of 2006.
Garrett Fitzgerald’s Blogs Apples and Oranges. “In a recent post, Craig Berntson trumpets about a recent CERT report that “proves” that Windows is more secure than Linux. What he doesn’t mention is that the “Linux/Unix” list lumps together the Linux kernel, Mac OSX, HPUX, SCO Unixware, and others. So, when comparing 1 OS against 6 or more OSs, the 1 OS comes out ahead. What a surprise.”
Over at Groklaw, the poster does a fine job of pointing out the problems with just quoting the gross numbers from this survey. It would be far better to identify how many security flaws led to major exploits and the costs of the cleanup. Trivial items are counted one-for-one with items that cost millions to clean up, exploits are listed multiple times (on both Windows and non-Windows platforms).
Bottom line: security is a process, not a feature. Millions more computers were turned into spam-sending zombies, and not just because they are running a more commonly-available operating system. They were exploited because the OS runs as an administrator with the rights to alter anything on the machine. Only one OS manufacturer shipped software that has that fatal flaw.
Ars Technica post: Microsoft study finds Linux to have no advantage on older hardware. “Microsoft has published a new study that attempts to refute the claims that Linux runs better than Windows on older hardware. Do they have a point, or are they just blowing smoke?” By jeremy@arstechnica.com (Jeremy Reimer).
“Curiously, if you look at these results closely, they seem to confirm the idea that Linux will run on older hardware, at least if you are talking about Slackware and Knoppix specifically. However, overall the two operating systems ended up about the same. While this does tend to discredit the idea that “Linux runs faster on older hardware,” at the very least, it runs no worse.”
“The other point that the study brings up is that some distributions fared significantly better than others. This leads into the third major benefit that Linux fans like to tout, the diversity and customization available with Linux that is not available with Windows.”
It’s good to hear that Microsoft is working to make their software work on existing hardware, rather than expecting customers to buy new. But the comparison still misses the choice factor: you’re more likely to want to run a 5-year-old machine as a file server in the back room, or a utility kiosk with very limited functionality. With Linux, you can run the machine without a GUI only (just text-mode) or with a minimal window manager. With WinXP, you’re pretty much stuck with what Microsoft provides you.
What : Open Source Development and Productization
Who : Tim Burke, Director of Fedora Project and Kernel Development at Red Hat
When : Tue, 24 Jan 2006, at 5:00 PM
Where: Walker Auditorium, Robert Frost Hall, SNHU
GNHLUG, NH IEEE/ACM, and SwANH are privileged to host a joint presentation: Tim Burke, Director of Kernel Development for Red Hat Software, and Director of the Fedora Linux Project. He will be speaking on how Red Hat balances its role as community steward and purveyor of enterprise products. The event will take place at 5:00 PM, on Tuesday, January 24th, 2006. It will be in the Walker Auditorium, in Robert Frost Hall, at Southern New Hampshire University.
GETTING THERE
Campus Map: http://www.snhu.edu/212.asp
Robert Frost Hall is #2 on the map.
Directions: http://www.snhu.edu/209.asp
ABOUT THE PRESENTATION
Open source development is rapidly gaining momentum due to developer interest as well as empowerment to end users. This presentation will describe Red Hat’s approach to balancing the interests of community, customers, and business partners. We will see how open source projects are integrated to form our distribution and how Red Hat fosters and contributes to the community development process. This approach can serve as a model to others who are trying to understand the intersection of free open source software and business.
ABOUT THE SPEAKER
Tim Burke is the Director of Kernel Development at Red Hat, the world’s leading provider of open source solutions to the enterprise. The Kernel Development team is responsible for the core kernel portion of Red Hat Enterprise Linux. Burke is also the Director of the Fedora Project, an open source project sponsored by Red Hat and supported by the Fedora community. In his role as Fedora Director, Tim leads both internal and external community projects with the ultimate goal of product incorporation. Prior to becoming a manager, Tim earned an honest living developing Linux high available cluster solutions and Unix kernel technology. When not juggling bugs, features and schedules, he enjoys running, rock climbing, bicycling, and paintball.
ABOUT GNHLUG
GNHLUG, the Greater New Hampshire Linux User Group, is a not-for-profit organization committed to furthering the cause of Linux and Free/Open Source Software in and around the Granite State. GNHLUG has chapters and regular meetings in Nashua, Durham/UNH, Concord, Peterborough/Monadnock, Dartmouth/Lake Sunapee, and Manchester, as well as a state-wide online community. http://www.gnhlug.org
ABOUT NH IEEE/ACM
The IEEE (Institute of Electrical and Electronics Engineers) promotes the engineering process of creating, developing, integrating, sharing, and applying knowledge about electro and information technologies and sciences for the benefit of humanity and the profession. The New Hampshire Section of the IEEE hosts periodic technical and professional talks, and provides professional networking for technology professionals. http://acadweb.snhu.edu/Isaak_James/ITseminars/
The ACM (Association for Computing Machinery) is a non-profit educational and scientific society dedicated to advancing the arts, sciences, and applications of information technology. The Greater Boston Chapter of the ACM (GBC/ACM) is a sponsor of monthly meetings, full-day professional development seminars, and publisher of The Real Times. http://www.gbcacm.org/
ABOUT SwANH
The Software Association of New Hampshire (SwANH) promotes and supports the software and information technology industries throughout the State. SwANH sponsors networking events, educational programs through its SIGs and affiliates, and discount programs that provide members with opportunities to gain information, connect with resources, grow their businesses, and succeed. http://www.swanh.org
Recent network problems have had me switching around a couple of Linksys WRT-54g routers. While researching the optimal firmware and feature set, I found this great table comparing WRT-54 firmware on the http://www.linksysinfo.org web site.
Bravo to Microsoft for shipping the WMF patch early, rather than waiting an additional five days to ship on their regularly scheduled Patch Tuesday. Many security experts were very concerned about this flaw.
Users of Windows 2000, XP and 2003 should update immediately. Users of previous versions of Windows should stop using IE until Microsoft ships a patch.
The actual MS06-001 Security Bulletin is a bit confusing. It lists “Maximum Severity Rating: Critical” but in the FAQ seems to indicate that they are not shipping a version for Win9x/ME:
“Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) — Review the FAQ section of this bulletin for details about these operating systems….”
In the FAQ… “How does the extended support for Windows 98, Windows 98 Second Edition, and Windows Millennium Edition affect the release of security updates for these operating systems?”
“For these versions of Windows, Microsoft will only release security updates for critical security issues.
”
Okay, I’m confused. Critical or not? Supported or not?
NYT > Technology: David Pogue: A Marriage Not Made in Heaven. “Some features of Palm’s new Treo 700W cellphone-organizer are so well executed, you can’t help grinning, while others are so clumsy, you smack your forehead.” By DAVID POGUE. “The Treo 700W ($400 with a two-year Verizon commitment) is a Frankensteinian mishmash.”
Over at the Wall Street Journal, Walter Mossberg concludes “The Treo 700w will appeal to some Windows Mobile fans, and to some corporate IT staffs. But for everyone else, I advise sticking with the Palm-based Treos.”
Too bad. A friend had told me to keep an eye on the Treo line as he felt the Treo 650 needed one more version to be the category-killer PDA-Phone. Looks like the 700w was not the right one. Palm promises a PalmOS-based version is on the way. I’ll wait.