Tag Archives | Microsoft

Microsoft Patch Tuesday, May 2007

It’s the nineteeth week of the year, and Microsoft issues fixes #23 through #27, running a bit ahead of the pace from the last couple of years. And “Remote Code Execution” is obviously the goal of the bad guys. Here’s the list:

  1. MS07-023 – Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233)
  2. MS07-024 – Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232)
  3. MS07-025 – Vulnerability in Microsoft Office Could Allow Remote Code Execution (934873)
  4. MS07-026 – Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832)
  5. MS07-027 – Cumulative Security Update for Internet Explorer (931768)
  6. MS07-028 – Vulnerability in CAPICOM Could Allow Remote Code Execution (931906)
  7. MS07-029 – Vulnerability in RPC on Windows DNS Server Could Allow

Here’s the Microsoft summary, with links for more details. The Internet Storm Center at the SANS Institute is rating most of these as “Patch Now!” with few contraindications. As usual, make backups, and get patching!

0

OReilly Radar > Better Gmail

At O’Reilly Radar, Tim O’Reilly points to Paul Kedrosky pointing to Lifehacker’s Better Gmail. The FireFox extension looks like it brings some real power and extensibility to already powerful GMail platform. Tim notes:

A really interesting side note: as Better Gmail is a firefox extension, its not available for IE users. Its an interesting twist on the browser wars. In the old days, Microsoft and Netscape fought to lock in users with incompatible extensions. Here we see the same thing happening simply because that one platform is open and the other is not. The users themselves are evolving the browser.

I agree with Tim’s observation, but cringe at the term “users.” Many years ago I attended a session in Redmond where I heard two ‘Softies talking about the product they were shipping and referring to us as “users.” The product was Visual Studio. We’re not users, I thought, we’re developers! We’re producers. So, “users” aren’t evolving the browser. We need to get out of this “us – them” mentality. We are the users. We are the producers. We make the world we choose to live in, by action or inaction. There are no “users.” Only us.

Okay, enough ranting. GMail extensions look pretty cool. Check them out!

0

Hugh MacLeod and the Open Source Billionaires

Hugh MacLeod writes a fascinating blog and illustrates it with killer drawings over at gapingvoid.com. I think he’s got a wicked wit and is a sharp observer of some of the hypocricy surrounding us. More than once I’ve been tempted to order sets of his business cards, even though they might be too edgy to share with all but a few. I note he’s recently taken on a gig working for Microsoft. Good luck with that.

A recent post really caught me by surprise: in “how well does open source currently meet the needs of shareholders and ceo’s?,” Hugh points out Open Source can’t be as good as proprietary software; otherwise “… there’d be a lot more famous Open Source billionaires out there, being written up in Forbes Magazine …” Wow! What a strange question. I think Hugh’s fallen into the common mistake of mistaking business models and software development models as related. I fumed over his proposition for some time, composing and discarding a couple responses on his site. I knew this was a “have you stopped beating your wife?” question, but I couldn’t get a handle on the right way to respond. Giles Bowkett nails it with this post. Read the whole thing, but here’s a pull quote: “Asking where the open source billionaries are is like pointing to the French Revolution and saying, “If democracy is such a good idea, how come France doesn’t have any more kings?” Because the kings were the problem.” Ouch. But read the rest of the post, too.

0

Garrett Fitzgerald: Mas FoxPro

Garrett Fitzgerald blogs Mas FoxPro: “In view of Microsoft’s decision to abandon future development of Visual FoxPro, there is a movement afoot to ask MS to open-source the product, so the community can take it forward. If you’d like to see this happen, one thing you can do is sign the petition that PortalFox is running.”

It’s an admirable notion, but just because Microsoft doesn’t want to continue development, doesn’t mean they are willing to turn their tools over to a potential competitor. That would be altruistic.

There’s no doubt the software contains all sorts of embarrassing comments, perhaps undocumented calls to APIs Microsoft doesn’t want others to know about or use and probably some ugly work-arounds. It would be very educational to read the source and understand some of the obscure behaviors of FoxPro: where the phantom record really hides, how “Workarea Zero” works and why Error 14 reports Error while reporting Error 14, but I’m afraid the final journey of Visual FoxPro code will resemble the final scene in Indiana Jones, with the crate of source code wheeled back into the misty distances…

UPDATE… ComputerWorld covers the petition with an article that covers the history of FoxPro better than any other I’ve ever read in the trade press. This is the best press FoxPro has gotten since PC Magazine gave it the Editor’s Choice award, and that was some time ago.

2

Life After VFP

Robert Jennings posts Yet “Another Life After VFP Thread.” For those not following VFP closely, MS recently announced a confirmation of earlier news that there were no plans for a VFP version 10, and that the VFP scripts in the project known as Sedna would be released under some sort of public license. Poor communications lead to media and Slashdot reports that VFP was to be Open Sourced, sadly not the case.

Robert does a good job of outlining the huge cost in moving a vertical-niche application into another development environment, language and runtime. Most sophisticated specialty applications have person-years of investment built into them, knowledge not easily extracted, transferred or translated to any new environment. Regardless of whether that new environment is Dot Net, Dabo, LAMP, Python or Visual Fred, there will be a huge cost and risk with any enterprise making this switch.

Unlike the Open Source world, when a vendor choses to discontinue a product, developers have little choice but to move along. While many folks point out the upside that the product will likely run for years to come, and a lack of Microsoft official support doesn’t instantly obsolete a product (DOS apps can still be found, after all), there is an immediate slowdown in the custom software market, and a longer-term turning away from the product by customers. Large-scale vertical products have to be operating with 5- and 10-year plans for reinvestment and changes in direction, to ensure they can fund “The Next Big Thing” while continuing to deliver good value to their customers today and tomorrow.

This is not a death knell for the product. The writing has been on the wall for years. But developers with large applications have to be looking around for a new platform.

FoxPro developers always viewed themselves with a bit of “Battlestar Galactica” mythology: a rag-tag crew of self-taught developers from the PC Revolution, they survived the dBASE wars and the implosion of Ashton-Tate. Working under a cruel master who never promoted their product, they persevered. MS’ internal team developing VFP did amazing things on a shoestring budget, introducing a fairly smooth transition from procedural to object-oriented, from developer-guided to event-driven interfaces, from characters to pixels, from local ISAM to RDBMS. The VFP IDE was a remarkable environment in which to develop rich-client, component-based, web-driven or even server-based applications. I will miss it, and look forward to becoming as skilled at my next platform.

0

PySIG, 22-March-2007: Project Night

An even dozen people showed up for the Python Special Interest Groups March meeting, held as usual at the Amoskeag Business Incubator in Manchester, NH.

Bill Sconce called us to order promptly at 7 PM and we proceeded through the printed agenda. It was duly noted the Ben Scott deserved heckling despite his absence. We ran through announcements of a couple of upcoming meetings, plugging the MythTV installfest beta and pointing out Jarod’s book. We mentioned meetings upcoming for the LUGs, including ZFS at DLSLUG, LVM at CentraLUG and the new Ruby group.

Kent’s Korner: Kent S. Johnson presented his month talk, this month on list comprehensions. Kent had a great handout, and has collected his past couple of handouts in one place. Starting with simple examples and building in complexity, Kent lead us through what can be an intimidating topic in a way most couple follow. Some great discussions, on-topic and off-, regarding assignment and Python idioms, always make this a fun part of the meeting.

There was some discussion of Python 3000 and its expected schedule. Bill Sconce had a video of Guido practicing his Py3K presentation in front of an audience at Google, which he went on to present at PyCon.

For the Gotcha of the month, Bill Freeman offered up an “Un-Gotcha:” a=b=4 works, but not for the reason you might think. Assignments of this style in C have a different underlying meaning, and perhaps in some circumstances, different side effects. A key to understanding the single = assignment in Python is to understand that it is a STATEMENT. There is no value associated with the statement and “chained” assignments in Python like the above are specially-coded as an exception case. This lead to yet another great discussion.

Ric Werme showed off the web pages that result from his Python software that collects and forwards weather data from his weather station. His current conditions page, http://home.comcast.net/~ewerme/wx/current.html has links to everything else. Ric bought the weather station in part to have an excuse to write more Python code, and his current code runs the gamut from implementing the weather station protocol through pyserial.py and the serial port to CGI scripts that take data requests, fetches the data from MySQL, creates gnuplot data files that create .gif files, and returns a HTML page to display the results. His description of the software is at http://werme.8m.net/wx/vantage_software.html .

Ric also demonstrated a Python cgi script for collecting data for a weather observers group that Todd Gross created while he was WHDH. It’s customizable, so people can create a form preloaded with their location that offer just the data they collect, and the submission code adds it to a MySQL database and recreates a web page of members reports over the previous day.

Shawn O’Shea showed off Python running in the Win32 and COM environments. Shawn does a lot of work administering and automating Windows configurations, and the COM set of interfaces can allow a lot of internal manipulation of the major applications, a big step up from the VBScripts supplied by Microsoft with some of the tools. Shawn demonstrated the canonical Hello, World with Microsoft Word, but then dug into a couple more concrete and practical examples with querying the Registry and spelunking in the IIS metabase.

Lots of interesting stuff coming up at future meetings: Martin Ledoux offered to show something on the work he’s done with amateur book-binding with pytut/pyref books. Kent has promised an update soon on his real-life experiences with Django. Ray Côté may be able to show off the new web site he used as an excuse to miss the meeting. And I’ll bet Bill will wheedle some more cookies from Janet.

Thanks to Bill Sconce for organizing, Alex Hewitt for getting the networking working, the Amoskeag Business Incubator for providing the great facilities, Janet for the awesome cookies, Kent for his great Korner, Bill Freeman for the csv module and those strange blinking white blocks, Ric Werme for demoing his weather projects, Shawn for the Win32-COM-Automation and everyone for attending and participating.

P.S. Anyone got python running on a WRT54G?

P.P.S. Tom Mosco mentioned to me that the Chicago Python group had a very long presentation on Django by the creators and also a Ruby on Rails presentation by its author. Videos can be found at here and here

0

Microsoft’s Tuesday the 13th Security Bulletin

********************************************************************
Title: Microsoft Security Bulletin Summary for March 2007
Issued: March 13, 2007
Version Number: 1.0
Bulletin Summary: http://go.microsoft.com/fwlink/?LinkId=85543
********************************************************************

Summary:
========

Microsoft has not released any security bulletins on March 13, 2007.

Wow. Imagine that. Division by zero.

0

Preserving our documentation for posterity

Recently, I received a diagram created in Microsoft Visio I wanted to examine and possibly edit. It turns out that OpenOffice.org Draw does not have an import module for the proprietary (and apparantly undocumented) .vsd format, nor can I find another FOSS product that does. This is one of the reasons to keep a Windows machine around – to read the proprietary format files. Or it should be. My version of Visio is a version or two old, and it wouldn’t read it either. I asked my co-worker to send the diagram in another format I could use. We tried a number of them. SVG (Structured Vector Graphics) is a standard format and OpenOffice.org has a filter for it. However, it turns out that Microsoft uses proprietary extensions to the format for items like word wrap and the filter won’t read them (Neither will Gnome image viewer nor FireFox nor Dia). EPS, EWF and WMF are more standard and were readable, but the graphics are reduced to primatives at that point with no larger structure. Drawing Exchange Format (.DXF), which might have come from AutoCAD, is equally illegible.

The .VDX format is XML, so I had some hopes for that. It looks like the Dia diagramming tool will work with .VDX files with a plugin. [Update: irony of ironies: the VDX plugin link is now dead. Good news: VDX is now a built-in import/export filter.]

What a disappointment. While we are not writing anything particularly profound that needs to be preserved for posterity, it would be nice to know we could read the files in a few months on our platforms of choice. Vendors need to get more serious about interoperable, open formats.

1

EC rebuffs Microsoft over open-source report – ZDNet UK

EC rebuffs Microsoft over open-source report – ZDNet UK“The European Commission has resisted efforts by Microsoft to make it abandon its report into open-source software, it was revealed this week. But the Commission was swayed into allowing a 10-day period for feedback before completing the report.”

“Harnessing the opportunity to provide feedback, Microsoft produced 20 pages of arguments as to why the report — which quantified the benefits of open source to European organisations — should be shelved. The software giant also commissioned a respected university academic to back its case and enlisted the help of a trade association, CompTIA. The academic produced 44 pages of evidence supporting Microsofts case, while CompTIA wrote a five-page submission.”

A direct link to the 287-page, 1.7Mb PDF report here. A tip of the fedora to Harish Pillay for blogging this.

It is reprehensible that the CompTIA-backed mis-named “Initiative for Software Choice” can be opposed to a discussion about choice. (CompTIA, in turn, is partially Microsoft-funded.) Both FOSS and proprietary software may have a place in the market, but it is the free market’s job to determine that. Who asked us to “Get The Facts?” The study, clearly marked as “not the opinion of the EU” offers information worthy of study. We have been living in a world of 90% proprietary and 10% free software; I suspect those proportions may invert soon, and a new balance be achieved. This is progress.

0

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.