Archive | Microsoft

Subversion new version, SourceSafe conversion

By Ted Roche on September 12, 2006 in Microsoft, OpenSource, Python, SourceSafe, Technology

OSNews reports Subversion 1.4.0 Released. “This is a feature release of Subversion [Updated link], featuring BDB 4.4 and repository auto-recovery support, a new tool for synchronizing repositories (svnsync), major speed enhancements in the versioned filesystem and the working copy, and of course the usual host of bugfixes and minor enhancements. Additionally, check this article on how to Set up Subversion and websvn on Debian.”

Good timing! I've been using subversion for the past year on a web development project with another (remote) developer, and have enjoyed the power and flexibility of the tool, as well as some of the cool add-ons, clients and scriptability.

Now, it's time to consider moving existing projects out of Visual SourceSafe and into subversion. The folks at Pumacode offer an vss2svn tool that runs as a native Windows executable, written in Perl and C, with the source available under an open license. Pumacode tried an interesting tactic to convert the VSS repositories: rather than interogate the VSS binary to retrieve files, it reads the repository files directly and interprets the results from there. There are some advantages where older versions might be corrupted, or to retrieve files flagged as deleted, which they say VSS will not allow.

On a 2 Ghz Pentium-M with a gig of RAM, it took about 2 hours to process my current VSS repository, which consists of forty thousand files and around 1.4 Gb of disk space. (The authors of vss2svn caution that it's better to convert the entire repository than to risk further corruption by pruning it first; leave that task to subversion post conversion.) This generated a dump file of 850+ Mb. Transferring that to the Linux box with a new repository took a few minutes, and loading the data about 20 minutes. Using RapidSVN from the Windows box, I was able to browse the subversion repository and confirm that files and folders and log history comments look about right. I'll confirm by checking out projects of interest and diff'ing them against the current development copies.

I had anticipated a different tack, using COM Automation to drive VSS, as I described in Essential SourceSafe. As a learning project, I had proposed using Python to browse the repository via COM Automation and use the excellent Python-svn bindings to migrate portions of a VSS repository to subversion. I still plan to try that, and to compare-and-contrast the results between the two techniques, while I learn a little more Python.

Rick finds the Fox at Microsoft

By Ted Roche on September 10, 2006 in Microsoft

Over at fiat volpes, Rick Borup points out a remarkable Fox Sighting: the second most recommended download at Microsoft? Surely the least-promoted!

Word 2000 Zero Day Exploit.

By Ted Roche on September 6, 2006 in Microsoft, Security

eWEEK.com Messaging and Collaboration is reporting Microsoft Confirms New Word Zero-Day Attack. “Malicious attackers are exploiting a new, undocumented flaw in Word 2000 to load back-door Trojans on Windows machines.” … “Security alerts aggregator Secunia rates the flaw as “extremely critical” and urged Word users to avoid opening Word documents from untrusted sources.”

Internet Explorer a Monster No More? I don't think so.

By Ted Roche on August 28, 2006 in Microsoft, Security

Thom Holward posts this article on OSNews, linking to the this ZDNet blog post where Richard MacManus interviews Microsoft's Chris Wilson. I've read the article and I can't see where Thom's conclusion comes from. Chris says…

“…IE7 is going to be an important update in the automatic updates feature. This means it'll actually show up for everyone's [Windows] computer. It won't automatically install behind the scenes or anything, because it is going to change your user experience of the Internet quite a bit.”

I really can't see that anything has changed.

Microsoft won't play High-Definition content on 32-bit CPUs – or will it?

By Ted Roche on August 24, 2006 in Microsoft

Slashdot post: No Full HD Playback for 32-bit Vista. snafu109 writes “Pity the Vista user with a 32-bit CPU. Senior Program Manager Steve Riley announced today at Tech.Ed Australia that full HD content shall only be played at the full resolution where only signed drivers are used — only in the 64-bit version of Vista.” And you thought that there were no features left to remove!

UPDATE: Today, OSNews reports Microsoft: 32Bit Vista Will Play Protected HD Video. The web exploded yesterday with the news that Microsoft would cripple 32bit versions of Vista so they would not play protected high-definition content. However, Microsoft was quick to respond, stating: “The community is buzzing with reactions to APC Magazine's article regarding playback of protected High Definition content in 32-bit versions of Windows Vista. However, the information shared was incorrect and the reactions pervading the community are thus (understandably) ill-informed. The real deal is that no version of Windows Vista will make a determination as to whether any given piece of content should play back or not.” Well, that certainly clears things up!

Why are computers so hard to use?

By Ted Roche on August 20, 2006 in Apple Macintosh OS X, Linux, Microsoft

David Berlind's recent blog post pointing to Tim Bray's trials and tribulations on switching from a Powerbook to a Sun Ultra 20 running Ubuntu (!) has some interesting reflections on how hard all desktop switching is. David says,

[Tim] “used two words — “wrangling” and “gyrations” — in his last post that leap off the page as having long been (in my mind) desktop Linux's key stumbling blocks.”

I've got a half-dozen machines in the office I work at regularly: Dells, HPs, ThinkPads, Macs, running Win98 through XP, OS X, CentOS, Ubuntu, Fedora, Xubuntu and probably a couple of others. I am constantly wrestling with getting a PDF file just right on this one, or wrangling an icon to do what I want on the desktop of that one. They are all hard!

I got tired of using the supplied Apple keyboard with my iMac and thought I'd try a Microsoft Natural Keyboard I had spare around the office. It worked well, just plug it in and It Worked ™. However, the key labels and assignments had me stumped. On Windows and Linux, the control key is the lower, outer left key and I spend all day issuing ^X, ^V, ^F, ^T to cut, paste, fine and create a new FireFox tab. On the Mac, it's not the outer key, it's the option key, the middle of the three keys outboard the spacebar. Except when it's not. Subconsciously, I had gotten myself into the groove of using the different keyboard layout on the (different) Apple keyboard. When I swapped out the keyboard for the one I use on another machine, I lost the ability to touch type those characters on both keyboards.

In the above-cited blog post, Tim was annoyed when Ubuntu didn't follow the hand-patterns he had memorized on the PowerBook; I feel the same way when I use the Mac.

Windows su or sudo?

By Ted Roche on August 20, 2006 in Microsoft, Security

Garrett followed up on my recent post about creating a root shell by point to Aaron Margosis' post with a “MakeMeAdmin.cmd” batch file. My one-liner solution created a shell as an admin user. Aaron's is more extensive and adds the current user temporarily to the administrators group (requiring the admin password), then requires the current logged-in user to log in again for the shell session.

I'm not sure of the security implications of each, or whether one is better than the other. In a sense, my script is similar to “su” where the shell is in the context of another administrator, where Aaron's is closer to “sudo” in the sense that the current user can temporarily execute super user commands. It sure would be nice if the script could go one step further and persist a list of users with sudo capabilities, so you only had to do one login. In either case, it seems that the security context doesn't “leak” outside of the shell in which it is executed.

Run a root shell in Windows while LPU

By Ted Roche on August 17, 2006 in Microsoft, Security

When running Windows, you should always run as the “Least Priviledged User” to do the tasks you need. If your user context doesn’t have the rights to mess with most of the system settings, some evildoing script in the compromised javascript, jpeg, word doc, html page, worm, virus, trojan or other Windows nastie won’t have those rights either.

However, sometimes you need to run a simple command that requires system priviledges. Logging in and out or switching users is too much hassle. For this, I created a shortcut on the desktop and labeled it “RootShell.” (Bear in mind when you run commands from this shell that you have nearly complete control of the machine. With great power comes great responsibility.) The shortcut links to a batch file with the command:


runas /noprofile /env /user:MyMachine/MyAdmin cmd

UPDATE: There ought to be a backslash between MyMachine and MyAdmin. My blogging software helpfully deleted it. Grrr.

This batch file runs the command interpreter (cmd) as user “MyAdmin.” (Supply your own settings for ‘MyMachine’ and ‘MyAdmin’. In domain- and ActiveDirectory-controlled networks, the syntax will be slightly different for specifying the user. Type HELP RUNAS at a command shell for guidance.)

Double-clicking the icon opens a command shell and prompts for the administrator’s password. Get it correct, and the shell runs yet another shell in which you can type the commands you need to run. Get it wrong and it closes.

Handy and quick.

Trouble starting XAMPP's Apache on Windows

By Ted Roche on August 15, 2006 in LAMP, Microsoft

In attempting to set up XAMPP on a Windows XP Pro workstation, I couldn't get Apache to start. Attempting a command-line start gave me an error message that port 80 was in use. The netstat command showed nothing listening on that port. As a work-around, I edited the config file for Apache to work on http port 8888 and https port 8443 and confirmed that Apache was installed correctly and working fine. Finally, digging around in the Services applet showed that the IISAdmin was running. Dredging around on Google yielded this blog entry that recommends disabling the service and rebooting to detect which app is launching IISAdmin. That cured the problem; Apache's up and running. XAMPP rocks.

MS06-040 exploited, a few days

By Ted Roche on August 14, 2006 in Microsoft, Security

Slashdot post: Botnet Herders Attack MS06-040 Worm Hole. “Laljeetji writes “eweek reports that the first wave of malicious attacks against the MS06-040 vulnerability is underway, using malware that hijacks unpatched Windows machines for use in IRC-controlled botnets. The attacks, which started late Aug. 12, use a variant of a backdoor Trojan that installs itself on a system, modifies security settings, connects to a remote IRC (Internet Relay Chat) server and starts listening for commands from a remote hacker. On the MSRC blog, Microsoft is calling it a very small, targeted attack that does not (yet?) have an auto-spreading mechanism. LURHQ has a detailed analysis of the backdoor.”

Sounds nasty. An auto-spreading mechanism will turn this one into an epidemic. Patch now, if you haven't already.

Older posts Newer posts

S	M	T	W	T	F	S
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30

Navigation