Vista loses another feature

OSNews reports RSA: Microsoft To Shelve Token Support in Vista. “Microsoft has shelved plans to include built-in support for RSA Security’s tokens in Windows Vista, even though the company has been testing out the authentication technology for almost two years. In February 2004, Microsoft Chairman Bill Gates said that Windows would be able to support easy integration with RSA’s popular SecurID tokens. That meant businesses would find it far easier to deploy a two-factor authentication system for logging on to networks and applications. However, almost two years after the SecurID beta-testing program kicked off, RSA’s chief executive, Art Coviello, disclosed that Windows Vista will not natively support the technology.”

So, there were features left in Vista! Good thing Microsoft found them and removed them before shipping!

Microsoft encourages Office alternatives

Microsoft Watch from Mary Jo Foley reports It Didn’t Take Long: Office Validation Program Goes Live. “Just days after announcing its plans to attempt to thwart Office piracy by using the same kind of validation mechanism it has instituted for Windows, Microsoft posted for download the first Office Genuine Advantage (OGA)validated component.”

I can’t think of a better way to get folks to look at the alternatives to Microsoft Office – Corel WordPerfect Office, IBM/Lotus SmartSuite, Sun StarOffice, OpenOffice.org, Apple’s iWork and AppleWorks, and other tools – than to treat them as criminal suspects and to prevent the “extended try-ware” rationalization we’ve all heard once or twice. People need to recognize that MS Office is no big deal and that there are a lot of other packages that can meet their needs with less hassle, less cost, less malware and perhaps even an open and standardized office data interchange format. There’s nothing to lose but the shackles!

Dartmouth / Lake Sunapee Linux User Group Meeting, May 4th, Resara Enterprise Linux

On the DLSLUG mailing list, Bill McGonigle announces: “The next regular monthly meeting of the DLSLUG will be held Thursday, May 4th, 7-9PM, at Dartmouth College, Carson Hall Room L01. All are welcome, free of charge.

Agenda:

7:00 Sign-in, networking

7:15 Introductory remarks

7:20 Resara Enterprise Linux

The guys from Resara Networks will be presenting their product, Resara Enterprise Linux. “Resara Networks is a leader in Linux thin-client technology. Resara Enterprise Linux has bridged the gap between thin clients and PCs by providing centralized administration, but not sacrificing the standard capabilities of PCs. With Plug-and-Play installation, customers do not require prior Linux experience or new training to easily deploy Linux on their network.”

8:30 Roundtable Exchange – where the attendees can make announcements or ask a linux question of the group.

Please see the website for links to directions.

A sign of changing times

Netcraft notes that “Apache has overtaken Microsoft as the leading developer of secure web servers. Apache now runs on 44.0% of secure web sites, compared to 43.8% for Microsoft.” Yet another sign of the tide turning. Interesting article with several trends explaining the shift, and a great graph. Read the entire article here

SMTP Good; MAPI Bad

Microsoft Watch from Mary Jo Foley asks “Is Microsoft Engaging in ‘Borderline Extortion’ with Security Disclosures?” “We have to admit, zero-day Internet Explorer vulnerabilities just don’t shock us any more. But the harsh words of security researcher Michal Zalewski, regarding Microsoft’s policies for dealing with vulnerabilities, did make us stand up and take notice.”

In very related news, eWEEK.com is reporting Microsoft Rocked by New IE Zero-Day Flaw Warning. “Microsoft is scrambling to address the public disclosure of a new zero-day vulnerability that could put Web surfers at risk of code execution attacks.”

SMTP Good; MAPI Bad

For years, I’ve endorsed the idea that using a simple low-level protocol was far easier to troubleshoot and maintain than the high-level, proprietary and hidden-from-view COM interfaces that were all the rage in the Windows world, hence, “SMTP Good, MAPI Bad.”

Laura and I support a vertical-niche application in use around the country. Each of the installations runs Visual FoxPro 7 as a LAN-based application and sends faxes via email using MaxEmail, rather than supporting their own in-house faxing system. On a regular basis, one of our clients will change email providers, so the settings for email are stored in a separate file for easy update.

“Easy,” though, is a relative term. More email providers are requiring authentication before allowing outgoing emails, a reasonable precaution against spam. However, each installation of SMTP AUTH we have run up against has a slightly different variation on how authentication is done, and invariably, email stops until we analyze, debug and modify our code to support the new variation.

I’ve used the free BLAT command-line tool with it’s -debug switch to allow me to witness the actual conversation that takes place between email client and server to determine the details of where the conversation is breaking down and how to fix it. Open Source rocks! BLAT rocks!

In this last case, the new email provider’s SMTP AUTH required a user name (“bob”) and not an email address (“bob@example.com”) as the user name. The previous SMTP AUTH interfaces were comfortable with the same name for email address and user name. Laura tweaked the code and we got the client back up and running.

UPDATE: Thanks to Alex Feldstein for the pointer. In fact, we too are using Rick Strahl’s wwIPStuff, now renamed West Wind Client Tools as the machanism within the application to send SMTP mails. We’ve just used the standalone BLAT for its great low-level debugging facilities and ease of use from the commandline to figure out what to tell wwIPStuff to do.

New Hampshire Python SIG tomorrow night

On the Python announcement list, Bill Sconce posts: “The next meeting of the Greater New Hampshire Python & Milk/ Cookies SIG will be tomorrow night — Thursday, April 27th, at the Amoskeag Business Incubator, 7:00 P.M. (the usual place, the usual time).”

“Also, we have a special program. Paul Koning, who had never used Python until recently, will tell us about his first, “getting to know Python” programming experience. Something just a little bit challenging: rewriting PDP-11 TECO.”

“It should be an interesting evening, especially to hear about what went well (or not) in learning a new language in such an environment. Can you imagine writing TECO as your exercise to learn C++? (And of course, now we have TECO for Linux. And for the Mac. And for everything else wherever Python runs.)”

“We’ll also have our usual Q&A, and Python trivia. Because several people asked us about Python at LinuxWorld last week we’ll include some material for newbies. (Please be thinking about that – should we have a newbies segment EVERY meeting?)”

WHO: New Hampshire Python Special Interest Group

WHERE: Amoskeag Business Incubator, 33 South Commercial Street, Manchester, NH
Travel directions

WHEN: The fourth Thursday of each month at 7 PM, holidays allowing

WHAT: Paul Koning, TECO in Python, General Python Q&A

Hope to see you there!

Microsoft ships v. 2.0 of MS06-015 patch

In a fairly unusual move, Microsoft has re-released MS06-015, Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531). Microsoft sent out an email to let folks know about that. Amazingly, while explaining why they were re-issuing the patch, they never mention what the patch is, nor specifically what went wrong, nor who should apply the new patch:

This bulletin has been re-released to
advise customers that revised versions of the security update
are available for all products listed in the “Affected Software”
section. Customers who have already applied the MS06-015 update
who are not experiencing the problem need take no action.

Here’s the quick scoop: Windows Explorer (the desktop, not the browser) has fundamentally changed the way it launches programs, and some programs that hooked into that behavior, including Hewlett-Packard’s “Share-to-Web”, older NVIDIA graphics drivers, Kerio firewall, and others, would fail to operate properly, lock up, or freeze after files are saved, especially to “My Documents” or other special folders. This patch allegedly fixes the problem.

Get Patching! Good Luck!

End to End

I spent Thursday evening in Nashua, New Hampshire listening to a presentation at the Merrimack Valley Linux User Group (MerriLUG) by Eric Eldred, a Director at Creative Commons and plaintif in the Eldred vs. Ashcroft decision rendered by the Supreme Court. Eric has a very low-key, well thought-out and persuasive presentation on the use of the Creative Commons license (the license used for this blog as well as millions of others). Great presentation! Based on discussions at that meeting, I’ll likely be dropping the “-nc” portion of the license. Paraphrasing what Eric said, “if you can figure out a way to make a million dollars off what I wrote, go to it!”

Friday morning involved a long scenic drive north through Franconia Notch to meet with hostmaster Jason Kern of KernBuilt and confer with a potential new client on an interesting social software application. Jason and I lunched at Miller’s Cafe and Bakery in Littleton, NH.

Accompanying me north via the wonders of podcasts was Doc Searls interviewing Jonathan Schwartz, President and COO of Sun MicroSystems, at the Syndicate 2005 conference. Jonathan had a slew of interesting insights and statistics. Sun has apparently woken from their slumbers of the late nineties, completely revised their product line, “Open Sourced” their OS (devil’s in the details, I’ll need to dig into this one a bit – what license, what terms, etc.) and are offering some pretty interesting machines – very low power, very high performance. Two great tidbits: who’s the number one camera manufacturer? What’s Google’s number two expense (People’s number one)? Very entertaining; made the trip go swiftly.

Microsoft keeping secrets from the good guys

From Microsoft Watch from Mary Jo Foley: Is Microsoft’s Silent Treatment Appropriate for Patches?. “Microsoft says it is withholding certain details on security vulnerabilities to protect customers from bad guys. But critics say Microsoft’s cone of security silence only increases the risk for everyone.”

An interesting article. It claims that Microsoft is keeping its bug count artificially low by silently slipstreaming multiple bug fixes into the patches and, worse, not disclosing the details even to their “trusted partners.” The bad guys know what’s patched. Why shouldn’t we? Shouldn’t “Trustworthy Computing” require more transparency than this?

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.