Archive | Microsoft

What’s on your network?

This article in ZDNet points to flaws in Microsoft’s SMB file sharing systems (“Windows networking”) that are, unfortunately, faithfully reproduced in Samba:

http://www.zdnet.com/article/its-not-just-windows-anymore-samba-has-a-major-smb-bug/

See also:

https://access.redhat.com/security/cve/CVE-2017-7494

This means that an old Samba server you have could be be misused as a vector for malware to get a foothold on systems where local Windows machines could get infected. Over the weekend, I went through and cleaned out, updated, reconfigured, or blocked access at some of my client sites.

I also took a long look at our in-house dev network for stuff that could be a problem and found a couple of issues:

– An old Western Digital NAS device was running an *ancient* version of Linux and Samba, and unfortunately is no longer being supported by the manufacturer (last update, 2012). In addition to basic SMB file serving, it supplied media streaming over various protocols and offered ftp (turned off). Despite being in fine shape, mechanically and electronically, I had to turn it off, because, even though the source code is available (yeah, GPL), cross-compiling and rebuilding an ARM 2.6 kernel and utilities into a modern version, and getting it to work on an unsupported device is more effort than I have time for.

– A couple of our networked printers shipped from the factory with all their protocols turned on, even if not configured nor active: SNMP, Web server,  SMB, FTP, tftp, LPD, Raw port, IPP, AirPrint, Web Services, Google Cloud Print, SMTP, mDNS and LLMNR, several of which I had to look up. Surely, there could be no flaws there! And, to boot, two of them were running older versions of firmware, also worth updating.

I am a strong skeptic of the IOT marketing that drops devices into your home/office network that communicate with “the cloud” and can be run from your cellphones, or likely anyone else’s. Unlike PCs with firewalls, intrusion detection, malware scanners and intentionally secure devices like routers, IOT devices are trying to “Just Work” and security might not be in mind.

I knew this was the case for things like “Smart” TVs and voice-recognition devices, but it hadn’t dawned on me that printers would also be in that category.

Be careful out there.

Managing broken links

My WordPress site has thousands of links to other web servers. Inevitably, these links grow old and many get lost. I use the excellent and highly recommended Broken Link Checker for WordPress to scan all the blog posts, and flag the links that aren’t working. It sends me an email each morning. There are many reasons why a link wouldn’t work, and a variety of error messages that can result: the request could time out because the web server is down, the network is having a bad day, or the site is no longer available. The request for the link could be rejected, redirected, of forbidden with a variety of error results, some transient and some permanent. If I think the link is down permanently, I can try to find an archive.org archive of the page (which the plugin helps to find) or remove the links as irretrievably gone.

A broken link displayed visually.

Broken Link

When the plugin discovers a broken link, it wraps the link in an HTML element that allows you to highlight the error in a variety of ways. I’ve chosen a red wavy underline to highlight the broken link, and automatically added the text “(Broken link)” to the link. For links that I’ve reviewed and decided they are not only broken, but gone forever, I use a different highlight: an orange dotted underline followed by “(link removed)”. If the reader floats their mouse over the removed link, it will display a caption showing where the link used to go.

All this magic is performed thanks to the plugin, and a little bit of styling. The plugin allows the author to specify their own styles, and I’ve chosen to use the following CSS to create the effect:

.broken_link, a.broken_link {
    -webkit-text-decoration-line: underline;
    -webkit-text-decoration-color:red;
    -webkit-text-decoration-style: wavy;
    text-decoration-line: underline;
    text-decoration-color:red;
    text-decoration-style: wavy;
}
.broken_link::after, a.broken_link::after {content: ' (link broken)';}

How do you learn to type such gobbledegook? Search the web, view other sites whose styles you like, and do your research. In this case, the text-decoration advanced styles (line, color and style) are fairly recent additions to most browsers. You can check on the appropriateness of using new styles at sites like caniuse.com, which can tell you which browsers and browser versions support the styles you’d like to apply. At the link above, you’ll s

Removed Link

Removed Link

ee the style won’t work in Microsoft’s Internet Explorer and Edge, which are another good reason not to use them. The style is supported in the most recent version of FireFox and Chrome, which is good enough for me. I also recommend looking at the “Usage relative” link on caniuse.com, as that shows what version people are actually using, rather than the latest cutting edge version. In this case, caniuse tells me that Google Chrome and IOS’ Safari work better with the -webkit- prefix, so that’s why the style is repeated with and without the prefix.

(Yes, the text-decoration has a shortened form which combines the color, line and effect in a single shortcut line:

.broken_link, a.broken_link {-webkit-text-decoration: red wavy underline;}

but I prefer the longer form, at least until I’m more familiar with the new styles, and the browser compatibility issues.)

Ancient Fox Manuscripts Unearthed

Ancient Scrool

Ancient Fox Documents Unearthed

The Boston Computer News Network was an email newsletter sent out by the Xbase Special Interest Group of the Boston Computer Society. Les Pinter, the organizer of that group, commissioned a group of local volunteers to come out with a FoxPro-specific version of the newsletters. The timing was great; MS had just bought Fox, VFP 3 was coming, DevCons were awesome. Here are the first few newsletters, recovered from an old dusty cave in the frozen northeast, scraped off an old 3½″ floppy.

http://www.tedroche.com/papers.php#1994

Some classic stuff out there for old geezers: Arnold Bilansky facing down Bill Gates, the first demo of VFP3 beta in Boston, Arnold and Ted’s excellent adventures in San Diego, and more. Contributors include Brad Shulz, Whil Hentzen, Dale Gilstrap Leopold, Ken Levy, Harold Chattaway, Stephen Sawyer, and more!

The Web is about People, if we let it be

I was recently contacted by a company interested in having me consult on their development efforts. As I usually do, I did some background research to figure out who they are and what they do. I was appalled: their web site is one of tens of thousands of generic business sites, pretty but empty. All the buzzterms were there, the generic stock photos of the properly demographically-disparate team meetings, leaning over shiny laptops not wired to anything and pointing to pie charts with no labels. The ‘About Us’ page is filled with slogans and buzz words on how awesome “the team” was, without the single mention of who the team is.  The “Contact Us” page is a generic web-based form, with direct links to “sales@example.com” or “info@example.com.” Want a job? Jobs@example.com or hr@example.com.

What is it “About Us” you don’t understand? If you have a link saying “Who We Are,” you had better be ready to name names. Who are these people and what are they hiding? There’s no excuse for a web site like this. Are these people in the witness protection program? Do these people stand behind what they build? There’s no reputation to worry about losing because they never tell you who they are.

You can have the stiff corporate “Who We Are” of black and white pictures of the “Leadership Team” in suits, “Our Advisors” to name-drop your VCs or Directors, or a more playful site of caricatures and off-beat bios. Kudos go to the sites that include your Twitter and Github accounts, and let folks share their passion for mountain biking, marathons or matchbook collecting. But denying there are people behind your web storefront tells me you’re not proud of who you are, you’re uncomfortable putting yourself out there, or you’ve got something to hide.

And that’s the real problem with a “Who We Are” site like this: the publishers are telling us much more about themselves than they intend. In a customer-facing industry where personal service and attention is a key determinant in the success of the project, they’re stating they are not comfortable with that level of contact.

Food for thought.

[OT] Hitler, Apple, Gates and Godwin’s Law

Perhaps there is a corollary (if not, let’s coin Roche’s Rule) to Godwin’s Law — briefly, that any discussion is practically over when it degenerates to metaphors of Naziism — that those who call off Godwin are in turn berated as thread police, censors, infringers on some divine human right to drag threads off topic and, yes, with all the irony involved, Nazis. In this response, I make the foolish mistake of not ignoring the troll bait. I am as guilty of overreacting as the hyperbole used by the original poster to compare Apple with Hitler.

Hitler burned, gassed, tortured, shot seven million Jews in concentration camps. Millions more, of all faiths, died defeating him.

The late Steve Jobs charged premium dollars (and sometimes outrageous fees!) to keep his company out there and competing in the tough markets of computers and software. Apple makes beautiful industrial design, often as impractical as Lamborghinis. They sell DRM-crippled music. They have pushed the envelope of consumer computing, much as Microsoft “innovated” back in the days when they had competition. Apple has sold a billion songs. I admire and respect Jobs, as an empire builder, like Gates and Olsen and Carnegie before him, but I don’t spend the money to buy many of his products, as I’m cheap. I have philosophical differences with Apple, too, but I’d probably buy an iPhone if I hit the lottery. They’re shiny. But, unlike some, I’m not betting my business on them.

Microsoft’s behavior has often been as outrageous as Apples, having been pulled into court a few times, regularly making their large corporate customers buy computers with Windows pre-installed and then pay again and again for licenses to run their OS, access their machines remotely, or run software on them, switching their license fees and terms and dropping products that are near and dear to all of our hearts. I’m not ABM as much as preferring what works best. Windows DirectX is supposed to be a good gaming platform. I hear XBoxes are great for Netflix. I use a Microsoft keyboard and mouse. I happen to think that Microsoft Windows on the desktop is here to stay, even with the incredible drag it puts on businesses with malware problems, poor performance and high cost. I do not, however, think that “the desktop” is here to stay, as a metaphor for people to do their business, and I look forward to Microsoft’s stranglehold on their clients breaking with some Next Big Thing. Off the desktop, I really don’t see Microsoft having contributed that much to the state of computing through their many (many, many) acquisitions. I prefer other brands for networking, server OSes, database servers, programming languages and technologies, not through some blind hatred as much as hard-earned experience. But that’s off-topic…

[The poster who tripped Godwin’s Law…] ‘s post doesn’t have much to do with the topic of the thread, Linux, and is a really offensive comparison to some of us. Hitler and Naziism was one of the most horrific incidents of modern history and to minimize it by comparing it to shiny overpriced phones dehumanizes us all. Gates is not Idi Amin. The cellphone landscape does not resemble Dafur. Let’s get some perspective here, people.

There’s a difference between policing a thread, trying to manage to stay on topic, and censorship. I invoked Godwin’s Law to point out that the thread has likely run its course. You’re free to say what you want. I’m free to point out you’re off-topic.

So, if you want to keep on-topic on the “Linux Desktop Thread” I have some insight and informed opinions on the matter, having run Linux as my desktop for six years now, supporting a half-dozen clients with LAMP boxes in their offices, and developed some dozen or more LAMP applications. If you want to go off-kilter onto iPhones and Google as “liars and thieves,” why don’t you go start your own thread?

(Full disclosure: as I’ve mentioned before [blog.tedroche.com/disclaimers], I purchased a tiny bit of Apple stock a long time ago. It’s now worth a lot more than I paid for it, through no fault nor skill of mine. I also own tiny bits of Red Hat, HP and Microsoft. They’re still tiny. I don’t think this influences my opinion all that much, but I let my possible biases be known.)

Color vim on CygWin

I’ve had to do some admin work on a Windows 2008 R2 server and found it handy to have a POSIX environment installed on Windows so I have ssh, grep, rsync, git, bash, vim and other functionality available all working within the same shell.

While vim was functional, the terminal was one that vim didn’t recognize as color, and hence the editor was only black and white and a few shades of gray. A little Googling returned this page: http://infrablue.tripod.com/cygwin.html with instructions on using rxvt as the terminal and configuring bash to run within it. A few tweaks, and I’m running vim and editing in color!

[UPDATE] @mintty_cygwin on twitter was kind enough to point out that rxvt development is pretty much stopped, but that the project http://code.google.com/p/mintty/ offered yet another TTY to run on Windows. This one has some pretty cool options, and is easy to install. I’m up and running with it now!

Notes from the Python Special Interest Group, 18-Nov-2010

Four members attended the November meeting of the Python Special Interest Group, held a week early due to the Thanksgiving holiday (anticipate a similar schedule for December). The Amoskeag Business Incubator was kind enough to allow us to use their smaller meeting room, which worked out perfectly for the smaller crowd.

It was an open Q&A evening, and boy, did we have Qs and As! Topics covered included:

  • Getting scanners working on Ubuntu 10.10
  • sharing printers in Ubuntu
  • Why DSL isn’t always at its rated speed
  • what a CO and a DSLAM is
  • Win7 Starter Edition blue-screening on an Asus Aspire One
  • the New Microsoft/Verizon KinONEm KinTWOm
  • the disaster that was the Microsoft-Danger hiptop acquisition
  • Microsoft’s announcement of Java as a “first class citizen” of their Azure cloud
  • Microsoft’s “Embrace, Enhance, Extend, Extinguish” history
  • Maybe they’ll call it IronJava? And, hey, where did IronPython go?
  • Oracle and Java and licensing and FUD
  • Oracle and MySQL and licensing and FUD
  • A public library looking for a Linux-based solution to reserving PC use
  • A great suggestion to consider Gnome Nanny
  • generating PDF Forms out of a LAMP app using pdftk
  • OpenOffice.org and LibreOffice
  • Generating PDF fill-in forums out of OpenOffice.org, courtesy of Solveig Haugland
  • the difference between “business class” and “consumer grade” machines
  • Dell and HP, Linux support, HPLIP Open Source project
  • printing to PDF in Ubuntu only worked when App Armor was removed
  • the ease of hooking up a projector to Fedora 14 with the new video subsystem and Noveau drivers
  • installing NetworkManager on Debian Lenny (there’s python in there!)
  • a quick tour of NetworkManager on Fedora 14
  • a demo of using Elementree to parse and modify an XML file used to manage installs of Atlassian Jira
  • using BeautifulSoup to parse an HTML file and generate an INI file
  • the Venus software for generating an RSS aggregator page
  • hacking WSDLs for SOAP using suds

Those were the Qs. You needed to be there for the As. And the awesome gingerbread cookies and frosted cake.

Thanks to Janet for the desserts, to Bill for organizing the meeting, to the Amoskeag Business Incubator for the facilities, and to all who attended and participated. Look for the December meeting announcement with the date tentatively planned for the 16th.

Notes from Python Special Interest Group, 20-Nov-2009

Eight people attended the Python Special Interest Group, held a week early to avoid the Thanksgiving holiday. Anticipate a reschedule December meeting as well.

Last night’s meeting was a vigorous and far-reaching discussion of MySQL, Oracle, the future of MySQL, Maria DB, OpenOffice.org automation using Python, OpenOffice.org automation using Visual FoxPro, Twisted, IE6, Zope, Plone, Django, MS SQL Server, pyodbc, SQLAlchemy, Cascading Style Sheets, IE6, FireFox and FireBug, User Agents, IE6, how not to insulate a bungalow roof, the (Python!) cssparse module (http://cthedot.de/cssutils/), Fortune’s selection of Steve Jobs as “CEO  of the Decade”, Lenovo netbooks and Ubuntu, the Millennium, why calendar years are one-based and not zero-based, distributed version control systems, master-slave and master-master replication using MySQL and Postgres, svn and git, and more! Whew! You should have been there!

Thanks to Bill for organizing the meeting, to all for attending and participating, and to the Amoskeag Business Incubator for providing the great facilities!

Stay tuned for an announcement of the December meeting, and hope everyone has a good Thanksgiving!

Windows 7 Motto?

I noted on the Lenovo site a note on the page that said, “Windows®. Life without Walls™.” It’s pretty hard to believe that even Microsoft marketing, well known for tone-deafness, thought this was a great motto. I mean, without walls, who needs windows?

The note goes on to say, “Lenovo recommends Windows.” Do they really, or does Microsoft pay them to say that? Or require them to say that in order to get a discount on their OEM licensing, which amounts to the same thing? Where’s their FTC disclaimer? (I posted my disclaimers about 3 years ago here.)

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.