Saturday, January 07, 2006

Interview: Ilfak Guilfanov

Here's an interesting interview with the developer of the "hexblog" WMF vunerability patch. You know, the patch before the official patch. If you wondered what it was and how it worked, here ya go.

Want To Try An Honest-to-Goodness Web App?

Writely is a web-based word processor and collaboration application. I"ve been using it all day with another author to collaborate on a magazine piece. It works excellently in Firefox on Windows and with just a bit of clunkiness in either FF or Konqueror on Linux, though it is certainly usable on the alternative platform.

If the pundits are to be believed, and I don't see why they shouldn't be, web-based apps are the shape of things to come. Here's a chance to dip your toe into the water, albeit in a small way.

I am not yet ready to give up my Open Office installations. OO 2.0 is my preferred office suite now and I have not yet missed MS Office.

On a related note, there is a portable version of Open Office that can be carried around on a USB pen drive. You can see it here.

Jack

Google Pack

In blog synergy , I have a post to Google's latest software offering, to complement Jack's and Peter's post on Google hardware,

Very interesting, here's a link to the beta (of course) Google Pack.
CES: Google Pack: Live Now [by rafat] : The Google keynote is in 15 minutes, but the Google software package bundle called Google Pack is live now, for dowloading here. More info on Google Pack here on About page...
The package has:
Google Earth; Google Toolbar for IE; Ad-Aware SE Personal; Google Desktop; Google Pack Screensaver; Norton AntiVirus 2005 SE; Picasa; Mozilla Firefox with Google Toolbar; Adobe Reader 7; Google Video Player ; GalleryPlayer HD Images; RealPlayer; and Trillian. hat tip to paidcontent.org


--MissM

Oh Yeah, I'd also like to wish the blog HAPPY 2nd BIRTHDAY! Gail and Jack are right on the bleeding edge of tech, and got us (and I use that term liberally ;) ) a weblog 2 years ago, which in internet time is, decades? Well Done Y'all!

Friday, January 06, 2006

Google Selling PCs is a Bad Idea

The idea that Google would start selling PCs is a non-starter for this analyst. The margins on PCs are too low (ask HP). The business is constantly changing (ask Dell). And even the once-great manufacturing company, IBM, sold off its PC division to Levovo last year.

Google software on Google hardware is not synergy. It is less than the sum of the parts.

Could I be wrong? Of course, as I am not privy to GOOG insider strategy secrets. But is it happens, Ill be one of the first ones yelling "short".

Will Your PC Run Windows Vista Graphics?

Yes, your PC will run Vista graphics. However, there are four levels of Vista graphics capability that demand increasing -- maybe even cutting edge -- graphics cards. What you want may not be a level that your PC can deliver.

The attached article on WindowsBlinds 5 suggests the opportunity to try out this windowing-intensive graphics shell for Windows XP. If your PC does not choke, I suspect it will do adequately or better with the Avalon wizz-bang GUI in Vista.

And as a side benefit, WindowsBlinds 5 will make your PC look as close to a Mac running OS X as it is ever likely to get. Enjoy.

xBox 360 Watch

On eBay, xBox 360 Premium today is going for about $520 + shipping for the $399 MSRP product.

There has been no significant downturn in auction pricing after Christmas as crudely measured by me. (Hey, there's no pay in this job so quality is what it is!)

Supply is expected to improve later in January, so local merchants say. I would not bet on that.

Dell shows 20 inch notebook at CES

Dell is showing a "concept" notebook with a 20.1 inch display at The Consumer Electronics Show. It is armed with very good speakers and microphones and seems aimed at multimedia applications, including teleconferencing. No plans for shipping were given, though a representative did say "soon".

There is a reason no other member of the cast disagreed with my prediction that by the end of this new year notebooks (of all sizes and including tablets) would account for 62 to 65% of all PC sales. As this develops, two trends are evident. One is to smaller, lighter, thinner notebooks and the other toward what can only be described as true desktop replacement machines. While these are portable, they are heavy and large. The extremes in size form the two poles in terms of sales. Notebooks in between the poles, while selling well, are unlikely to have the appeal and sales of the largest or smallest units.

I'm sure this Dell is but one of a new wave of true desktop replacement notebooks. It sure looks attractive.

Jack

Phone Companies Set Off Battle Over Internet Fees

Large phone companies, setting the stage for a big battle ahead, hope to start charging Google Inc., Vonage Holdings Corp. and other Internet content providers for high-quality delivery of music, movies and the like over their telecommunications networks.

Historically, network providers have agreed to deliver Internet traffic on a "best efforts" basis without guaranteeing various levels of quality of service. That hasn't been a problem for the most popular Internet services, like email and Web surfing, because they aren't dependent on uninterrupted streams of data. Real-time videogames, phone service and video, however, demand more reliable quality, and network operators are trying to prioritize Internet traffic to meet increasing demand for those services.

Under a two-tier Internet system, the phone companies would be under pressure to provide an even higher-quality of service because paying for premium access would demand more than a "best efforts" guarantee. Cable and phone companies have already started offering multitiered pricing of broadband for consumers. And some cable companies have looked into ways of curtailing individual broadband customers from using too much bandwidth.

What surprises me is the immediate and loud complaints about the telco ISPs "locking out" small or new Internet services. Not so. Internet 1 -- the 'Net since inception to date -- has absolutley no quality of service built in. That's one reason why Internet realtime video, even with broadband, has been problematic -- the packets don't flow one after the other like data does on a dedicated phone line. Internet 2, as implemented in IP SEC v2, supports the ability of network providers to offer quality of service that will quickly drive video, teleconferencing, and other realtime demands over the 'Net.

You'll pay for that superior service if you want it. Hey, standard FedEx is two days. You pay extra to have it there tomorrow before 10am. Right? Why shouldn't the ISPs get paid for providing higher service levels at the buyer's option? Akamai, for instance, has built an entire business around this premise. If you don't want the better services, you don;t have to pay for it -- although the "free" Internet is apt to get slower and more choked over time.

So, I take the griping from those who want something for nothing with a grain of salt. If you want a better, high-bandwidth Internet experience, let me be the first to say "it's gonna cost you."

Microsoft Security Bulletin MS06-001: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)

Here is a web site from Microsoft with all of the downloads for the WMF fixes. This web site had a fix for each OS.
Joe

Gadgets � Network your electric wires

This is our first CES report!! So.... here's a compendium of links about CES, to make up for the shortage ;)
The link in the title goes to a "Panasonic BL-PA100 HD-PLC Ethernet you can instantly create a high bandwidth network in your home. The adapter simply uses your existing electric wires to transfer data at up to 190MBps."
Technorati tag: CES
Techmemorandum: Google link to tech.memeorandum, cause google's blog search AT tech.memeorandum doesn't show any results....( As usual)
IceRocket: Today's Links for CES. Past week result didn't show anything, on Thursday
Engadget is doing a wonderful job, too!
Gizmodo has lots of pictures!
Digg.com links here [Digg spy is cool,too, it scrolls everything as its entered, and can be filtered by comments or front page]

ENJOY!

--MissM
P.S. As I was editing the posts, I went to the web pages, but, as I scroll through my voluminous RSS list, the content seems enhanced, pictures in engadgets feed, to be specific. I say BRAVO to this!! Any website that addresses those of us, who use RSS 75% of the time to read websites, gets my subscription ;) And if the content is better, woohoooooo! A necessary requirement, of course, is that the title goes to the home page of the feed (which may be wrong in almost 25% of my feeds)!!

Thursday, January 05, 2006

WMF Official Microsoft Patch

It arrived via automatic download sometime this afternoon. I was away from my computer and when I returned there was the little yellow shield icon in my system tray telling me that an update from Microsoft had arrived. The information I have says that it was released at 2 pm EST. It looks like I got it automatically about three hours after that -- about 2 pm PST. If you haven't yet, uninstall the hexblog WMF vunerability patch if you installed it. Everyone needs to install the official patch from Microsoft. I just did that and it went smoothly.

Microsoft's WMF Patch Leaks Out

Things just keep getting flakier and flakier with the WMF vulnerability.

The reason for posting this one is not that the patch leaked out, but that it confirms the patch as it exists now works seamlessly with the unofficial patch.

Jack

Wednesday, January 04, 2006

Got one of these for Christmas

It's a USB powered "Lava" lamp. Thought it was to say the least interesting. LOL

Tuesday, January 03, 2006

Click Here to Save on Dell

This nice site tracks Dell's everchanging list of deals, and gives you the super-secret coupon codes that save you big dollars at checkout.

If you are buying a Dell, I would certainly check out the site.

Apocalypse Near: U.S. Outsources Pleasure

Hey, we can have a long discussion on the relevant merits or demerits of outsourcing manufacturing to China. But what caught my eye is this International Herald Tribune article. Seems U.S. gamers are outsourcing pleasure. Call it gamers skipping the foreplay, if you will.

By allowing Chinese gamers to play endless hours at lower game levels, rich, time-challenged players can buy with real cash the accumulated wealth and power of the Chinese-made game avatars.

The obvious outcome in this capitalistic world is simple to deduce: game companies will split their products into multiple skill levels, at dramatically increasing prices. That locks out the Chinese-slave game labor and moves the profits to the IP producers. Want to jump in at level 50? That will be $500 plus the $50 normal game price.

The obvious question is whatever happened to hard work and perseverance?

Sony coughs up for rootkit disaster

The title is misleading, to say the least.

Sony is getting off here without any real compensation to those who have had to scrape and reinstall machines ro rid themselves of this scourge!

Businesses I know of who were infected were left with no choice but the "nuclear option" in order to make sure their customer's, client's or patient's information was safe. They could not wait for patche. They certainly will not be compensated by $7.50 payments and freebie downloads.

I'll wager the lawyers got their fees while selling us out.

Jack

NOD32 Stops WMF Malware

AV-Test, which tests anti-malware products, has been tracking the situation closely and has, so far, analyzed 73 variants of malicious WMF files. NOD32, the anti-virus software recommended by and sold by the OnComputers.info team that produces this blog, passes the WMF tests for all 73 variants, and is one of several AV products that you can trust with the WMF problem.

'Nuf said.

Sunbelt BLOG: Workarounds for the WMF exploit

I received this link from the president of SunBelt software Alex Eckelberry. Alex points out that the temporary fix does NOT work on Windows 9X, their only workaround is probably to unregister shimgvw.dll, it's in their blog.
This is very important so please if you are the family geek, tell your family to do this workaround until Microsoft comes out with a patch.
Remember this fix must be uninstalled before you apply the Microsoft patch.

Comments, Please

I really don't know how to take Microsoft's response(s) to the recent .WMF vulnerability flap. I'm soliciting comments from everyone on this.

While Microsoft readily acknowledged the existence of the vulnerability, they steadfastly clung to the position that user interaction was necessary to exploit them long after it was known that is not true.

Today, 3 January, they announced they have a patch completed, but will not release it until 10 January, which is their regularly scheduled "patch day". While I realize that they have to test any patch thoroughly, it seems to me they should be expediting this at any and all costs and release it sooner, if humanly possible.

After all; millions upon millions of PCs are at risk, here. The distribution of the exploits related to this vulnerability are widely spread. It's not just dodgy web sites. They're arriving in emails and have been slipped onto more reputable sites that have been compromised. In my opinion, Microsoft simply cannot continue to treat this casually and act as if users will be at fault because of their surfing habits.

What do you think?
Jack

Microsoft to Release Patch for .WMF Vulnerabilities 10 January

You'll have to decide whether or not you want to wait for the official patch or install the unofficial one. Personally, I've gone with the unofficial one on all the machines I can reach, at the same time disabling automatic updates until the official patch is available. That way, I can uninstall the unofficial one before it has a chance to conflict with the official one.

Jack

The Google PC?

Okay. I haven't yet found anything even resembling confirmation for this. However, if it is true, battle is joined for real between Google and Microsoft.

Jack

Microsoft's Advisory on the .WMF Vulnerability

I thought you might want to see this. It's MS' take on the WMF vulnerability.

Either this was published before the full extent of the problem was known or Microsoft is intent on minimizing the impression of danger. (The former is more likely than the latter.) They are insistent that user interaction is a requirement for an exploit to be successful. This is now known to be untrue. An indexing program, such as a desktop search utility (ala Google's) can trigger the exploit. In my own tests, here, I triggered two of the known exploits by using a third-party thumnail generator, as well.

The Internet Storm Center at SANS has an FAQ on the problem. Note that IE users are at more risk than FireFox users, but only just. Almost everyone is vulnerable.

All we can do is to install the unofficial patch and wait for Microsoft to act decisively.

Jack

Monday, January 02, 2006

Stores hope tech advice will mean fewer returns - The Boston Globe

This seems like a great idea.

I'd be more concerned that if someone needs training on how to use a mp3 player, maybe thats the wrong gift to get?

Sunday, January 01, 2006

New Year's Superstitions

Here is a little fun from Snopes.com. It is my favorite site where myst is de-mystified and bunk is debunked. Happy New Year everyone!

OnComputers Radio show Podcast 01-01-06

This is the On Computers Radio show podcast for 01-01-06. If you prefer, you can download the same file here via ftp.

An E-mail to send your friends today about the WMF 0 Day Exploit

You can cut-n-paste this and send it to your friends and relatives that may need your help.

***

Dear Friends,

You know that I don't often send warnings like this, but there is a serious problem on the Internet that impacts versions of Windows -- everything 98 and newer including a fully updated Windows XP with Service Pack 2. Your computer can get infected with this bad stuff just by looking at a picture on the Internet or in e-mail. I know this almost sounds like so many hoaxes in the past, but I can assure you it is not.

This was fully discussed in the first hour of the January 1, 2006, On Computers show which is podcast on http://oncomputerstips.blogspot.com

You can also download the show at http://www.oncomputers.info/archivehome.shtml

Please download and run this patch from Sans (a very reputable Internet site):

http://handlers.sans.org/tliston/wmffix_hexblog13.exe

It installs like a normal Windows program. You will need to restart your computer after you install it.

When the official Microsoft fix arrives you can uninstall this patch as a normal program and install the official Microsoft patch.

If you need more help, please contact me. I'm here if you need additional help.

Your Friend,

P.S. If you are up to some techincal reading, here is a complete FAQ. at the Sans Internet storm center

http://isc.sans.org/diary.php?storyid=994

Right now, I consider isc.sans.org to be the best source of information on this exploit.

(this story was edited and updated at 22:26 UTC)

I'm curious about this....







If you can post to the blog, do you actually READ it?
Yes
No
Read, what's that???
I promise to check it before I post.


  

Free polls from Pollhost.com

SANS- 2nd generation WMF 0day exploit Spammed

As the WMF saga continues, SANS is really on top of it, they worked with a programmer to come up with a patch to protect you from the WMF exploit. In addition to the info in Joe's post below, they recommend you install the (a direct link to the exe file that contains the patch AND unregister the dll. There is also a discussion about how to protect your company from the WMF exploits, from most extreme (not use windows!?!?!?! to Disallow email, or strip all attachments from the more secure email server they get access to.)

Is this a precursor of Security threats in 2006????
Be Safe!

--MissM

Happy New Year!!

Happy New Year! Oh yeah, if you are a bit hungover this morning, you might wanna make sure your volume is down, before you countdown ;)

May 2006 be a WONDERFUL year for everybody!!
(Link taken from Ponzi's blog (She's engaged to Chris Pirillo of Lockergnome.com fame, amother others)

--MissM