Navigation

You are here: Home Home Page

Archive | Home Page

Articles to appear on the home page (nearly all)

Microsoft leaves Word zero-day holes unpatched

By on January 10, 2007 in Home Page, Microsoft, Security

CNET News.com is reporting Microsoft leaves Word zero-day holes unpatched. Hmmm… is it still a zero-day hole if it has been around for a while? I’m afraid the term has lost its punch. Nonetheless, Cnet goes on to say,

Microsoft on Tuesday released fixes for vulnerabilities in its Windows and Office software, but left several known Word zero-day flaws without a patch.

As part of its monthly patch cycle, Microsoft published four security bulletins with fixes for 10 vulnerabilities. Three of the bulletins are deemed “critical,” the company’s most serious rating; the fourth is tagged “important,” a notch lower. All bulletins, however, address flaws that could allow an attacker to commandeer a PC.

Nasty stuff. It’s the second week of 2007, and Microsoft patches are already up to MS07-08, although four of the patches were pulled from this release. I wonder if they’ll still be “zero-day” next month?

Hit the Microsoft site at http://www.microsoft.com/security if you need more information on these patches. Get patching!

FoxTalk Death Throes Continue…

By on January 10, 2007 in FoxPro, Home Page

On the FoxPro wiki, Alex Feldstein documents the most recent of many problems with New Hill Services, aka Eli Research, the latest purchasers of the FoxTalk newsletter, originally from Pinnacle Publishing. (Disclosure: FoxTalk published several articles of mine, starting in 1992 and ending in 2004). These people are just incredibly clumsy in the way they have worked with the community that once supported the newsletters. Terminating the editor, dropping or antagonizing their top-notch contributing writers, harassing former subscribers and failing to engage the community have ruined any chances of FoxTalk’s recovery. I wish they would just terminate the paper and spare us all the embarassment.

Just this morning, I received an email announcing “Your latest FoxTalk 2.0 is Available Online!” Curious if they were giving away free online content or offering a trial, I navigated to http://osslogin.com/login/pin, which asked for a login and displayed the Pinnacle (not Eli, not New Hill) logos and no links — no “Who we are,” “Read our other publications,” nothing. Really suspicious. Examining the HTML source, there were no signs of foul play (it does look like a phishing expedition, doesn’t it?), so I tried the “forgot your password” link and supplied my email address (I already get and squash 500 spams a day, so one more wouldn’t hurt). I promptly got an email with my password, and attempted to log in. “Account Expired” it told me, again with no other information or links. How annoying! If it was expired, why send the email notice? And wouldn’t this be a killer opportunity to ask me to re-up? Nothing. Bozos.

Dabo rocks!

By on January 8, 2007 in Home Page, LAMP, MySQL, OpenSource, PostgreSQL, Python, Technology

I’ve mentioned it before, but the dabo project rocks! dabo is intended to be a cross-platform (Mac/Linux/Windows/Everywhere) rich-client application (like FoxPro 2.5 before MS bought it) with the rich-client experience (grids, list boxes, checkboxes, pageframes, menus, multiple forms) in the appropriate widget-set for each OS. It supports a slew of backend data sources (MySQL, PostgreSQL, MSSQL, Oracle, more) and is designed with a similar architecture (UI-BizObjects-Data) to many of the FoxPro frameworks. Best of all, it’s written in Python and available under an Open Source license.

I’ve spent a couple days downloading the source, watching the excellent screencast tutorials, browing the extensive mailing list archives and wiki, running the demos, generating an app with the App Wizard and reading the code. I’ve got an existing LAMP application that would benefit from a rich-client component with reporting capabilities, and dabo looks like a good choice. Hope to blog my progress as I get into it.

SANS – Internet Storm Center – Cooperative Cyber Threat Monitor And Alert System

By on December 31, 2006 in Home Page, Microsoft, Security

In the SANS – Internet Storm Center Handler’s Diary on December 29th 2006 they describe the troubles that can occur when a user innocently chooses a likely search result from a popular search engine in “Pain reliever with serious side effects.” A chilling story. The moral of the story: anti-virus and anti-malware and firewalls aren’t sufficient. You must also stay up to date on all the latest patches. What if the patch isn’t out yet?

In related news, Microsoft will unprotect millions of Windows 2000 users tonight as their version of “Windows Defender” expires, with no update planned for the “unsupported” operating system. If you’ve been a depender on defender, it’s time to be a decider and a finder and find another product. Good luck, and happy new year!

Is giving influencers $3k laptops bribery, PR-as-usual, or both?

By on December 29, 2006 in Home Page, Microsoft, Technology

It’s a slow week in the tech world, nestled between Christmas and New Years, with nothing to read but insipid the-year-that-was technical review rehashes and pundits pontificating their predictions. But wait! A newsflash! Microsoft is trying to influence their unpaid champions, by slipping a couple of loaded laptops out there for “review,” no strings attached. Bribery? PR? Same old thing? In Bribing Bloggers, I think Joel nails it with:

This is the most frustrating thing about the practice of giving bloggers free stuff: it pisses in the well, reducing the credibility of all blogs. I’m upset that people trust me less because of the behavior of other bloggers.

eWeek opines “Microsoft’s Laptop Giveaway Rubs Some the Wrong Way” I think Microsoft’s retreat on this is about the worst thing they could do, nearly admitting some wrongdoing.

esr plans World Domination, sophomore edition

By on December 29, 2006 in Home Page, LAMP, OpenSource, Security, Technology

Eric S. Raymond posts World Domination 201, the second part (here’s the first) of the Free/Open Source Software/GNU/Linux cabal’s plan to take over the world. I don’t find this anywhere near as scary as the Halloween Documents. I would like a set of codecs to legitimately play my legitimately owned/viewed Quicktime, MP3, and DVD collections. I think everyone would. It’s disturbing to consider that this might be the only thing hampering Linux acceptance as a desktop, and that the copyright and patent licenses intended to foster free trade and promote the Arts & Sciences are in fact doing the opposite.

Fedora Core 6 OOBE and Print to PDF

By on December 29, 2006 in Home Page, Linux, OpenSource, Technology

I’m switching my laptop machine from Ubuntu 6.06 to Fedora Core 6, at least temporarily. The two are both eminently usable; differences are more with fit and finish and where they hide things than major functionality issues, imo. Mostly, I suspect it will be a matter of learning my way around and Googling the correct magic phrases to find the functionality I need.

Installing printer drivers was a snap, but I’m not Aunt Tilly. I knew the laser at laser.tedroche.com was LPD and the OfficeJet was a JetDirect at hpoj.tedroche.com port 9100. Picking the model and configuration was straight-forward, but they need to work on that first step of searching for printers that will advertise themselves when asked the right question.

I was pleased to see that SciTE was in the default repositories and installed with ease. However, saving to PDF required a Google to point out that the CUPS-PDF driver was easy to install from the overly-simple package manager interface, but you had to know the location of /etc/cups/cups-pdf.conf configuration file to keep the driver from dumping each PDF on the desktop.

Older posts Newer posts

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.