Dave Brooks of the Nashua Telegraph reports on the recent Northeast Linux Symposium held at Gould Academy in Maine. NLS is focused on bringing Free and Open Source software into the schools, something that is increasing in popularity around here. I thought Dave's reaction to FOSS and its zealots was promising: FOSS is no panacea, but an alternative worthy of consideration.
How Google Works
Baseline Magazine has an interesting article entitled, “How Google Works,” containing some history, interesting links, rumors and speculation.
Microsoft Monthly Patch: 7 Patches, 5 Critical, Remote Code Execution – patch now!
OSNews also notes Microsoft Patches Seven Vulnerabilities. “Microsoft alerted us this time about seven vulnerabilities of which five were rated critical and two important. There are vulnerabilities in the Server service, the DHCP Client service, Excel and Office that could allow remote code execution.”
Seven patches, 5 Critical with Remote Code Execution possibilities, 2 Important, which includes Remote Code Execution within IIS. Bulletins MS06-033 through MS06-039 issued on the 28th week of the year. It looks like this kind of velocity, more than one per week, has been steady at Microsoft for nearly three years now. I would have expected the more secure IIS6 and Windows Server 2003 to stem the flow a bit. But these product continue to be listed in the affected systems list. Hmm.
MS06-033: Vulnerability in ASP.NET Could Allow Information Disclosure (917283)
MS06-035: Vulnerability in Server Service Could Allow Remote Code Execution (917159)
MS06-036: Vulnerability in DHCP Client Service Could Allow Remote Code Execution (914388)
MS06-037: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (917285)
MS06-038: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284)
MS06-039: Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (915384)
Security is not a feature, it's a process. Patch now to avoid more problems later.
Parallels virtualization software for Macs reviewed
OSNews points out that “Ars reviews Parallels Desktop for MacOS X, and concludes: “People pondering the switch to a MacBook can rest assured that with the exception of USB device support and hardware accelerated 3-D applications, their needs will be well met by this little workhorse of a program. Between the networking that just works, the impressive speed and the inability of the client operating systems to know they are running within a 'virtual machine', I think you'll be hard-pressed to find software for any x86 OS that doesn't work within a Parallels VM.”
It's hard to imagine a more desirable machine than a laptop or desktop with dual-core processors and the ability to run Windows, OS X and Linux in separate virtual machines.
ODF gains a new member: Google
Computerworld Breaking News reports Google backs OpenDocument Format. “The ODF Alliance, which backs the expanded use of the OpenDocument file format, gained a new member over the weekend: search engine company Google Inc.” Cool! The more the merrier!
New front-end tool to manage SELinux
OSNews reports SELinux Policy Editor 2.0 Released. “In the past, SELinux has been critized for being too dificult to configure. To solve this, the SELinux policy editor was created: A GUI-oriented editor with a simplified policy description language (ala Apparmor). According to the announcement, this new version includes a much improved user interface and some improvements to the “Policy description language”.
Very cool. Security-Enhanced Linux is the next-generation security implementation beyond UNIX users and groups, individual file permissions and general security policies of firewalling unwanted traffic and requiring logins. However, I've found it difficult to grasp at first, and surely difficult to master. A friendly front-end GUI tool to manage SELinux is welcomed.
Sophos says you should Switch
Jeremy Reimer at Ars Technica notes that Antivirus company suggests home users switch to Macs. “The Antivirus firm Sophos has done an about-face, suggesting in their latest report on the state of malware threats that many home users should consider switching to the Macintosh platform. Are they serious?”
Making RSS Pretty
Sean Burke has some great notes and code on “Making RSS Pretty,” a nice solution to the problem of people clicking on the XML link and getting an ugly page of XML.
OpenOffice.org 1.1.x and 2.0.x vulnerabilities – get patching!
InfoWorld: Application development reports OpenOffice.org warns of three vulnerabilities. “OpenOffice.org is warning users of security vulnerabilities that can crash the OpenOffice.org productivity software and give malicious hackers access to full system resources.”
“The company is urging OpenOffice.org 2.0.x users to upgrade to version 2.0.3, released last week. A patch for OpenOffice.org 1.1.x will be available soon, the company said.”
Hardware upgrades at TR&A…
I upgraded Laura's laptop's hard drive capacity from 30 Gb to 80 Gb in an overnight operation using FOSS. I used the System Rescue CD to boot into a LiveCD version of Linux, amazingly quickly. (Hint: use the framebuffer options when working on laptops.) Using an external Western Digital 250 Gb hard drive we picked up on sale at Staples, I made a mount point and mounted the external drive there:
mkdir /mnt/external
mount -w /dev/sda1 /mnt/external
I copied the hard drive contents (with compression) from the internal to external hard drive using partimage, following the onscreen prompts. Before removing the old hard drive, I copied the Master Boot Record from the internal drive to a file on the external drive using a tip I picked up from Knoppix Hacks, using the 'dd' command to copy the sector. Removing the old hard drive and installing the new was easy: one screw hold the hard drive carriage in place, and four screws the hard drive to the carriage. Booting into System Rescue CD again, I used QtParted to create a partition matching the old one in size. (Yes, real men can partition the drive using the command-line parted, but since I had the GUI available, I took advantage of it.) Then, I ran partimage again to copy the external image back to the new hard drive, the dd command to restore the MBR and qtparted to activate and resize the partition to the full capacity of the drive. When the machine rebooted, Windows 2000 forced a CHKDSK as the partition size wasn't what it last saw, and it completed without error. Whew! Up and running! About six hours clock time elapsed, but only ten minutes of keyboarding or so.
I wish all the hardware upgrades went this smoothly!