Archive | March 2, 2007

Updated FireFoxes 1.5.0.10 and 2.0.0.2

Updated versions of FireFox attempt to deal with some of the problems that onUnload() Javascript functions introduce. On SANS Internet Storm Center, Swa Frantzen observes:

“Best course of action: disable scripting, but most of you can’t or don’t want to do that. The second best alternative might be to use extensions such as NoScript in Firefox that allows more selective control of who gets to do remote code execution in your browser.”

Remote code execution in your browser. Think about that. You have an antivirus solution scanning your files. You block email attachments, or you know better than to click on an attachment in email, or to run a .exe or .scr sent from strangers. But how comfortable are you that the web writers of all of the sites you visit (and the software they run, and the ads they host, and the feeds that supply their sites, and…) are running ‘safe’ code. Sadly, this is the whole assumption that AJAX can take over as the next-gen interface: trust of code that is not inspected in advance. Browser vendors will attempt to fix the problem by curtailing the functions the language can perform, but that only leads to reduced functionality. A general purpose language is like any tool: it can be used for good or evil. Putting a language in a “sandbox” where it can’t do things unsafe might just lead us back to Java, after a 10 year wander.

DLSLUG 1-March-2007: Bill Stearns on “50 Ways to Run Your Programs”

Fourteen attendees managed to find the monthly meeting of the Dartmouth – Lake Sunapee Linux User Group, despite being held one floor up from the regular meeting room. (A reminder from yours truly that you can save yourself a trip down and up the stairs if you just Read The Fine Announcement Bill McGonigle prepares each month. I needed the exercise anyway.)

Bill Stearns presented “50 Ways to Run Your Programs,” He had tremendous handouts: a vinyl 3-ring notebook binder with 61 pages. He asked us all to skim the materials and pick out the couple of techniques we wanted to drill down into. He covered in some depth (though each could get its own book): passing commands through ssh, combining screen with ssh, using wget as part of a pipe, how wget can work with caching, using tee to redirect output through the pipe as well as to a file simultaneously, the precedence of && in sequencing commands on the command line, some of the implications of subshells and environment variables, gotchas with cron, using eval and netcat. Bill is knowledgeable and rolled well with the punches, like his new HP widescreen battleship of a laptop refusing to run X on the projector. (Bill had an aside about the joys of Open Source providing the means of fixing some bad interrupt logic in the BIOs with a kernel switch – yay, Open Source!) Bill hardly broke a sweat despite the attendance of Professor McIlroy, who is credited with having invented the pipes and filters architecture of Unix. A good time was had by all, with lots of time for questions (from novices “What does that do?” to some pretty advanced questions on piping and subshells and so forth.)

Next meeting is 5 April when Todd Underwood will present ZFS. Thanks to Bill McGonigle for organizing the meeting, Bill Stearns for the great presentation, and all for participating.

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.