Browser vulnerabilities get stealthy

Over at DDJ.com, they're reporting that “New Hacker Toolkit Cloaks Browser Exploits” No real surprise there – polymorphic browser exploits can avoid primitive signature detection techniques that just look for “DO BadCode()” in the payload. Code that runs in a browser has to run in a safer environment, like the “security sandbox” design of Java. ActiveX controls are just Windows executables that run with the permissions of the user. That won't work, no matter how many “digital signatures” or “Are you sure” dialogs MS layers on top of their insecure design. JavaScript isn't much better with the potential for downloadable JavaScript network scanners implying that every device on the network must be firewalled from every other.

There are no easy solutions in sight. Run with the least privileges practical. Firewall off unneeded services. Scan for unacceptable activity in memory and on disk. Turn off runtime capability in the browser except when needed – Flash, ActiveX, JavaScript and Java should only run with permission of the user.

Switching… to a less proprietary solution

Following my email implosion, I'm seriously considering dropping the native Mac Mail.app and using Thunderbird instead. Apples decision to go with a proprietary mail formal (emlx) rather than the standard mbox format (as an optimization for Spotlight searching) makes me a bit uncomfortable, and the serious Mail.app failure, hiding half my mail for two weeks, leaves me less confident that I can switch when I have to without losing information. Mail and its history is precious stuff.

MacOSXHints points to a converter to generate mbox files from the Apple emlx format.

Paul McNett's Samba-as-a-PDC recipe

In response to recent question on the ProLinux list, Paul McNett pointed to his blog entry outlining how to configure Samba to act as a PDC, ideal for a small group of Windows workstations that need roaming profiles, personal and shared storage and centralized applications. Great post, Paul!

SQLAlchemy 0,30 released

Over at O'Reilly's ONLamp site, Jeremy Jones noted last week the release of SQLAlchemy 0.30. Lloyd Kvam had mentioned in his TurboGears presentation last month that TurboGears was going to be expanding their current support for Object-Relational Mapping (ORM) tools to include SQLAlchemy. I'm looking forward to playing around with this and trying to grok the difference beween ORMs and cursors and views. So much to learn…

SQLAlchemy 0.30 released

Over at O'Reilly's ONLamp site, Jeremy Jones noted last week the release of SQLAlchemy 0.30. Lloyd Kvam had mentioned in his TurboGears presentation last month that TurboGears was going to be expanding their current support for Object-Relational Mapping (ORM) tools to include SQLAlchemy. I'm looking forward to playing around with this and trying to grok the difference beween ORMs and cursors and views. So much to learn…

DLSLUG, 2 Nov-2006: FOSS in Schools

Bill McGonigle announces the November 2nd meeting of the Dartmouth-lake Sunapee Linux User Group meeting, at a different location than usual:

The next regular monthly meeting of the DLSLUG will be held Thursday, November 2nd, 7-9PM at Dartmouth College, Silsby Hall, Room 312. All are welcome, free of charge.

“Open Source in Schools” presented by Dave Clifton

Dave will be talking about the use of Free / Open Source Software in schools and will chronicle the growth of the infrastructure at the Plainfield Elementary School (NH SAU 32) since 2002. There will be an emphasis on choosing appropriate software, the real costs of going down the F/OSS path, and some potentially surprising stories about what the Plainfield School is doing today.

Dave is currently a Senior Systems Administrator for
Ansys (formerly Fluent) in Lebanon, NH. He holds a Master’s degree in Applied Mathematics from Johns Hopkins and spent ten years doing consulting work for various government agencies and Bell Atlantic before escaping from DC to the Upper Valley in 1998. He got his start as a sysadmin in the mid-1980s running Masscomp Real-Time Unix and SunOS 4.0.3 and has subsequently worked on more operating systems than he wants to remember.

SLUG 13-Nov-2006: Google Earth

Ben Scott announces a presentation on Google Earth by Rob Anderson at the upcoming Seacoast Linux User Group:

  • What : Google Earth
  • Who : Rob Anderson
  • Day : Mon 13 Nov 2006
  • Time : 7:00 PM
  • Where: Room 301, Morse Hall, UNH, Durham, NH

This November's SLUG meeting will be on Google Earth, with Rob Anderson leading the discussion. We're hoping everyone will get involved for a group learning session.

What is Google Earth?

“It's a globe that sits inside your PC. You point and zoom to anyplace on the planet that you want to explore. Satellite images and local facts zoom into view. Tap into Google search to show local points of interest and facts. Zoom to a specific address to check out an apartment or hotel. View driving directions and even fly along your route.”

— from http://earth.google.com/

Google Earth is free for personal use, and is available for Linux,
Mac OS X, and something called “Windows”.

About SLUG

SLUG is the Seacoast Linux User Group, and is a chapter of GNHLUG, the Greater NH Linux User Group. Rob Anderson is the SLUG coordinator. SLUG meets the second Monday of every month, same time, same place. You can find out more about SLUG and GNHLUG at the http://slug.gnhlug.org/ and http://www.gnhlug.org/ websites.

Meetings take place starting at 7:00 PM. Meetings are open to all. The meeting proper ends around 9ish, but it's not uncommon to find hangers-on there until 10 or later. They take place in Room 301 (the third floor conference room), of Morse Hall, at the University of New Hampshire, in Durham.

Apple may have a fix for random shutdowns

Over at Scripting News, Dave Winer says, “A bunch of people say that this Mac update may fix the random shutdown problems. I have installed it on my MacBook, of course, but I had already had my computer repaired. Apple hasn't said anything that this relates this fix to the problems widely reported on the net. If it does fix the problem, Apple still gets an failing grade for communication with customers.” Good to hear they may have a fix.

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.