It appears that the rather lax US CAN-SPAM Law can actually land some punches on spammers. As compared to the Australian Spam Act whereby it is illegal to send someone UCE (you have to have had an existing business relationship with the target and the target should be reasonably expecting marketing emails from you) else you'll get a warning then an AU$11,000 fine, the US CAN-SPAM law basically allows anyone and everyone to be able to send you as much UCE as they want until you ask to be removed from their spammer list, and at that point, they must stop sending their spam to you or face prosecution.
Well, it appears that Todd Moeller from New Jersey was sentenced to 27 months jail and a US$180,000 fine for sending spam to AOL subscribers. Todd's partner in crime, Adam Vitale from Brooklyn, faces sentencing on 13 November, 2007 and I hope that he also gets what he's due.
In other anti-spammer news, Jeffrey A Kilbride of Venice, California and James R Schaffer of Paradise Valley, Arizona were sentenced in October 2007 to more than 5 years jail each and were fined US$100,000 and ordered to pay US$77,500 in restitution to AOL. They were also ordered to jointly forfeit US$1.1m - the estimated entire proceeds of their porn spamming efforts. Jennifer Clason, 33, of Raymond, New Hampshire (previously of Tempe, Arizona), Andrew Ellifson, 31, of Scottsdale, Arizona and Kirk Rogers, 43, of Manhattan Beach, California managed to escape punishment by pleading guilty and turning state's evidence - a lucky escape, but let's ensure no-one forgets their names and their part in these crimes.
Out of interest, Jennifer Clason, a 33 year old stay-at-home mother runs a website called http://www.mommyjobs.com/ and even after admitting her guilt in this porn spamming operation, continues to run this website. I wonder how many other stay-at-home parents she's trying to lure into crime?
Jeffrey Brett Goodin of Azusa, California was sentenced in June 2007 to 6 years improzimne t for phishing emails sent to AOL users.
From the above recent cases, as well as a number of older ones, it seems that AOL is the only ISP to actively seek punishment for people spamming its members. While this is a good thing for AOL subscribers, it is simply not enough - all ISPs should be actively seeking compensation from spammers and actively chasing them down and having them prosecuted. Of course, as the number of spams that originate in the AOL network is still far from insignificant, AOL needs to keep an eye on their own users as well.
Regards,
The Outspoken Wookie
Monday, November 05, 2007
Friday, September 21, 2007
Australia - The Land of the Legislated
It seems that lunatic senators still want to make Australia more heavily legislated than China - Senator Helen Coonan has introduced a bill to Parliament to allow the feds to force ISPs Australia-wide to block lists that some crony will deem "offensive". The feds will wield this power on ACMA (our Communications regulation agency) who will then take out their iron rods and beat Australian ISPs into submission.
Yes, that's the same Australian ISPs who are being made responsible for what their clients do with the service they provide. It's ludicrous - if *I* choose to surf porn, download bomb recipies, read some of the already banned (in Australia) newsgroups or communicate with the Taliban using my Internet connection, this should be in no way the responsibility of my ISP.
Helen Coonan seems not to have much of a grasp of the technology behind the Internet. This follows a long trend of Australian Communications Ministers who are clueless about, well, communication. And this is not only an Australian issue, remember the Alaskan Senator, Ted Stevens, who amused the entire civillized world with his blatant misunderstanding of the Internet during an almost totally incoherent speech? He was only the chair of the United States Senate Committee on Commerce, Science and Transportation which was discussing network neutrality (the removing of restrictions on what equipment and modes of communication allowed on the Internet without unreasonably degrading the usability of the Internet by others).
So, do we want a country where free speech is legislated against? Do we want a country where our right as adults to choose what we ourselves partake in and what we allow our children to partake in is determined by the Government and not our own morals? Well, it looks like we're moving at a reasonable pace towards a society that is allowing itself to be legislated into submission. After all, who needs to think for themselves when the government will do all of that work for us?
Regards,
The Outspoken Wookie
Yes, that's the same Australian ISPs who are being made responsible for what their clients do with the service they provide. It's ludicrous - if *I* choose to surf porn, download bomb recipies, read some of the already banned (in Australia) newsgroups or communicate with the Taliban using my Internet connection, this should be in no way the responsibility of my ISP.
Helen Coonan seems not to have much of a grasp of the technology behind the Internet. This follows a long trend of Australian Communications Ministers who are clueless about, well, communication. And this is not only an Australian issue, remember the Alaskan Senator, Ted Stevens, who amused the entire civillized world with his blatant misunderstanding of the Internet during an almost totally incoherent speech? He was only the chair of the United States Senate Committee on Commerce, Science and Transportation which was discussing network neutrality (the removing of restrictions on what equipment and modes of communication allowed on the Internet without unreasonably degrading the usability of the Internet by others).
So, do we want a country where free speech is legislated against? Do we want a country where our right as adults to choose what we ourselves partake in and what we allow our children to partake in is determined by the Government and not our own morals? Well, it looks like we're moving at a reasonable pace towards a society that is allowing itself to be legislated into submission. After all, who needs to think for themselves when the government will do all of that work for us?
Regards,
The Outspoken Wookie
Tuesday, September 18, 2007
SCO Finally File For Chapter 11 Bankruptcy
Well, after years of trying to make a business out of suing basically anyone who uses binary, SCO has finally realised that as they didn't succeed in this venture, they had better file for bankruptcy.
SCO tried to sue IBM because SCO claimed that they owned the copyright to code that IBM was using, the copyright to code that RedHat were using, and the copyright to code that pretty much every Linux distribution was using - not all the code, mind, just some of it. SCO of course could never actually say which code it was, they could only threaten to take your company out if you continued to use this code that they owned but couldn't tell you what it was.
Say what?
Yes. Exactly. SCO didn't actually OWN the copyright that they claimed they did, they therefore couldn't sue anyone for this copyright that they didn't own, yet they managed to garner over US$26m from a number of companies for "royalty fees"by using these threatening tactics. On August 10, 2007, Judge Dale Kimball ruled, basically, that Novell is the owner of the UNIX and UnixWare Copyrights, therefore SCO has no claim to them. (Yes, SCO finally let the court know what copyrights they were laying claim to, and they were found most definitely not to be the owner of what they claimed.)
I'd like to see what happens to SCO's bank accounts when the 95% of these royalty fees that actually belongs to Novell is paid back to them. Actualy, I think that the directors know what will happen, which is why they voluntarily filed for Chapter 11 as well as a petition for reorganization.
(Of course, with that court case scheduled to start in the very near future, this Chapter 11 is going to prove timely - hopefully Novel gets their dues before the Chapter 11 is deemed to have taken effect. It is clear that the timing was chosen to further damage Novell, and this is something that SCO should not be allowed to do. The courts should rule that all proceedings from the outcome of this court case should be taken from SCO's accounts before they filed for Chapter 11, leaving whatever (if anything) remains for them to function under Chapter 11.)
All I can say is that, well, SCO's board deserves to go. They cannot make unsubstantiated claims that they cannot backup, keep threatening companies to cough up their "protection fees" and then eventually tell the courts what they are laying claim to.
When the courts dismissed their claims, SCO's board of directors must have collectively taken the biggest dump in their pants in their lives - they realised long ago that their actual business was gone, so they tried well practiced (not necessarily by them, up until this point) organized crime-style heavyhanded tactics to force people to hand over protection monies. Then when they finally tell the court what they are claiming and have it totally dismissed, they file for Chapter 11 and hope like all hell that there will be something left to save and start again with.
The Board deserves to be totally dismissed without any compensation - they took a floundering company and dragged it totally through the mud. SCO's name is now mud. You can thank their corrupt Board for that. Fire the board, dissolve the company and pay out the creditors and shareholders (and exactly why there still actually are shareholders begs a number of other questions) and let bygones be bygones.
SCO is dead. They died a long time ago, it is just now that they are finally realising it themselves.
Regards,
The Outspoken Wookie
SCO tried to sue IBM because SCO claimed that they owned the copyright to code that IBM was using, the copyright to code that RedHat were using, and the copyright to code that pretty much every Linux distribution was using - not all the code, mind, just some of it. SCO of course could never actually say which code it was, they could only threaten to take your company out if you continued to use this code that they owned but couldn't tell you what it was.
Say what?
Yes. Exactly. SCO didn't actually OWN the copyright that they claimed they did, they therefore couldn't sue anyone for this copyright that they didn't own, yet they managed to garner over US$26m from a number of companies for "royalty fees"by using these threatening tactics. On August 10, 2007, Judge Dale Kimball ruled, basically, that Novell is the owner of the UNIX and UnixWare Copyrights, therefore SCO has no claim to them. (Yes, SCO finally let the court know what copyrights they were laying claim to, and they were found most definitely not to be the owner of what they claimed.)
I'd like to see what happens to SCO's bank accounts when the 95% of these royalty fees that actually belongs to Novell is paid back to them. Actualy, I think that the directors know what will happen, which is why they voluntarily filed for Chapter 11 as well as a petition for reorganization.
(Of course, with that court case scheduled to start in the very near future, this Chapter 11 is going to prove timely - hopefully Novel gets their dues before the Chapter 11 is deemed to have taken effect. It is clear that the timing was chosen to further damage Novell, and this is something that SCO should not be allowed to do. The courts should rule that all proceedings from the outcome of this court case should be taken from SCO's accounts before they filed for Chapter 11, leaving whatever (if anything) remains for them to function under Chapter 11.)
All I can say is that, well, SCO's board deserves to go. They cannot make unsubstantiated claims that they cannot backup, keep threatening companies to cough up their "protection fees" and then eventually tell the courts what they are laying claim to.
When the courts dismissed their claims, SCO's board of directors must have collectively taken the biggest dump in their pants in their lives - they realised long ago that their actual business was gone, so they tried well practiced (not necessarily by them, up until this point) organized crime-style heavyhanded tactics to force people to hand over protection monies. Then when they finally tell the court what they are claiming and have it totally dismissed, they file for Chapter 11 and hope like all hell that there will be something left to save and start again with.
The Board deserves to be totally dismissed without any compensation - they took a floundering company and dragged it totally through the mud. SCO's name is now mud. You can thank their corrupt Board for that. Fire the board, dissolve the company and pay out the creditors and shareholders (and exactly why there still actually are shareholders begs a number of other questions) and let bygones be bygones.
SCO is dead. They died a long time ago, it is just now that they are finally realising it themselves.
Regards,
The Outspoken Wookie
Thursday, September 06, 2007
Sony Rootkit Version 2 - Clarification
I've been reading a bit of the response to this blog post in various places and want to clear one thing up. I stated that Sony had installed a rootkit when that may not have been the best use of the English language - Sony has DEFINITELY done the wrong thing here and have installed software that causes a part of the filesystem to become invisible to many parts of the operating system and other applications, such as some anti-virus and anti-spyware software. This is a really, really bad thing that Sony has done, especially considering they gave no indication to the user that they were doing this.
Now, technically a rootkit is a piece of software designed to avoid detection and to gain root (aka administrator) access to the operating system. So technically this Microvault driver from Sony is not a rootkit. It *DOES* allow other malware to hide, it *DOES* allow other malware to go undetected, it *DOES* install without letting you know of the implications it could bring and it *DOES* leave a sour taste in the mouth of anyone who values security - all of which are things that Sony should have realised people didn't like after their initial foray into **rootkit-like** software back in 2005.
So, whilst this software driver is **rootkit-like** (insofar as it hides files and folders from the OS and various applications, making way for other malware to hide and work relatively undetected), in and of itself it is not a rootkit as it does not attempt to surreptitiously gain root access.
It is a poorly written, poorly thought out, poorly deployed and extremely poorly marketed driver, though. It *does* compromise security, and it *does* still make me boycott and want to encourage others to boycott Sony products until the company has a proved track record of releasing products that don't attempt to weaken the security of your computer, network and data.
Every time I buy an item where a Sony item would have been considered, I'm going to be letting them know that the reason I didn't think further about the Sony was because of this rootkit-like behavior they seem to see as being valid. If they don't know how much this is hurting their bottom line, why would they change their business practices?
Regards,
The Outspoken Wookie
Now, technically a rootkit is a piece of software designed to avoid detection and to gain root (aka administrator) access to the operating system. So technically this Microvault driver from Sony is not a rootkit. It *DOES* allow other malware to hide, it *DOES* allow other malware to go undetected, it *DOES* install without letting you know of the implications it could bring and it *DOES* leave a sour taste in the mouth of anyone who values security - all of which are things that Sony should have realised people didn't like after their initial foray into **rootkit-like** software back in 2005.
So, whilst this software driver is **rootkit-like** (insofar as it hides files and folders from the OS and various applications, making way for other malware to hide and work relatively undetected), in and of itself it is not a rootkit as it does not attempt to surreptitiously gain root access.
It is a poorly written, poorly thought out, poorly deployed and extremely poorly marketed driver, though. It *does* compromise security, and it *does* still make me boycott and want to encourage others to boycott Sony products until the company has a proved track record of releasing products that don't attempt to weaken the security of your computer, network and data.
Every time I buy an item where a Sony item would have been considered, I'm going to be letting them know that the reason I didn't think further about the Sony was because of this rootkit-like behavior they seem to see as being valid. If they don't know how much this is hurting their bottom line, why would they change their business practices?
Regards,
The Outspoken Wookie
Thursday, August 30, 2007
Sony Rootkit Version 2
It appears that Sony is one company that just cannot learn from history. Back in October/November of 2005, Sony employed a DRM scheme based on the Extended Copy Protection (XCP) technology by a company called First 4 Internet Ltd. The uproar that occurred when the public found out that Sony had installed a rootkit in the DRM software that came with a number of their CDs caused Sony to rethink this "we will undermine the security of your computer to protect our own arses" policy that Sony had put in place and they stopped using this rootkit technology. With the number of CD sales that were affected by this unbelievably poor initial decision by Sony to use rootkits (they did, after all, issue a product recall), you'd have thought they'd have learned a very difficult lesson.
Well, not Sony! Most of us even try to learn from the past mistakes made by others, but they seem unable to learn from their own past mistakes.
Scroll forward to August 2007 - not even 2 years after Sony's initial rootkit blunder. Sony has released a range of "Microvault" USB 2.0 sticks with fingerprint security. So what did they decide to do when they wrote the driver for this fingerprint security functionality? That's right - they decided to employ a rootkit to protect it.
Now, I mean, who at Sony needs to get fired for this decision?
The important thing to know about rootkits, for those unfamiliar with them, is that they are used to hide programs and complete directories from the operating system and quite often results in a directory that some AntiVirus software doesn't even know exists and therefore cannot scan. Yup, that's right - the Sony Microvault drivers create a folder on your hard drive - inside the C:\Windows folder - that can be used by all forms of malware to hide from detection.
If you think this is not only a stupid thing for Sony to do, but bordering on criminal, then please send an email using this form and explain your thoughts on Sony's plans to place a rootkit on your computer.
Also, out of interest, on the Microvault site you will find this notice:
An Important Notice for USM-F usersIn case of the notice by Anti-Virus protection found when the Fingerprint Access Software is operated, please download the latest version of the Fingerprint Access Software for your update to avoid this symptom.USM-F : http://www.sony.net/Products/Media/Microvault/usm-f.html
Of course, this software is also going to place a rootkit on your computer. If you want to read more about this new Sony rootkit, have a read of the F-Secure Weblog where they mention how it was found and some more information on rootkits.
This is appalling. A company like Sony, especially since they have done this in the past and been sued for it, should know better.
Regards,
The Outspoken Wookie
Well, not Sony! Most of us even try to learn from the past mistakes made by others, but they seem unable to learn from their own past mistakes.
Scroll forward to August 2007 - not even 2 years after Sony's initial rootkit blunder. Sony has released a range of "Microvault" USB 2.0 sticks with fingerprint security. So what did they decide to do when they wrote the driver for this fingerprint security functionality? That's right - they decided to employ a rootkit to protect it.
Now, I mean, who at Sony needs to get fired for this decision?
The important thing to know about rootkits, for those unfamiliar with them, is that they are used to hide programs and complete directories from the operating system and quite often results in a directory that some AntiVirus software doesn't even know exists and therefore cannot scan. Yup, that's right - the Sony Microvault drivers create a folder on your hard drive - inside the C:\Windows folder - that can be used by all forms of malware to hide from detection.
If you think this is not only a stupid thing for Sony to do, but bordering on criminal, then please send an email using this form and explain your thoughts on Sony's plans to place a rootkit on your computer.
Also, out of interest, on the Microvault site you will find this notice:
An Important Notice for USM-F usersIn case of the notice by Anti-Virus protection found when the Fingerprint Access Software is operated, please download the latest version of the Fingerprint Access Software for your update to avoid this symptom.USM-F : http://www.sony.net/Products/Media/Microvault/usm-f.html
Of course, this software is also going to place a rootkit on your computer. If you want to read more about this new Sony rootkit, have a read of the F-Secure Weblog where they mention how it was found and some more information on rootkits.
This is appalling. A company like Sony, especially since they have done this in the past and been sued for it, should know better.
Regards,
The Outspoken Wookie
Wednesday, August 01, 2007
Microsoft Hell Bent on Advertising; To Hell with Privacy
2007-08-01
I just wish they'd focus on what they used once to be good at - writing desktop operating systems, server operating systems and applications that worked relatively well.
If Steve Ballache (which is sure how Bill must be feeling now he's handed the reins of Microsoft over to Mr Rudderless) doesn't take some maritime navigation courses soon, Microsoft may well steer itself onto a reef and rip the bottom right out of that luxury yacht.
Vista. Enough said. Office 2007. Well, they did a decent job there, except for the instability you had thrown in for free with Outlook 2007 - and Outlook is a business critical application for many businesses and nearly all of our clients.
But the ship is, right now, a rudderless, directionless piece of flotsam. I just hope that someone with a clue either hits Steve Ballmer over the head with a cluestick or kicks him off of the bridge and takes control of this ship, or else they may as well invest heavily in the advertising and privacy invasion markets that Steve wants to get them into as he's going to be taking them out of the software development market!
Regards,
The Outspoken Wookie
I just wish they'd focus on what they used once to be good at - writing desktop operating systems, server operating systems and applications that worked relatively well.
If Steve Ballache (which is sure how Bill must be feeling now he's handed the reins of Microsoft over to Mr Rudderless) doesn't take some maritime navigation courses soon, Microsoft may well steer itself onto a reef and rip the bottom right out of that luxury yacht.
Vista. Enough said. Office 2007. Well, they did a decent job there, except for the instability you had thrown in for free with Outlook 2007 - and Outlook is a business critical application for many businesses and nearly all of our clients.
But the ship is, right now, a rudderless, directionless piece of flotsam. I just hope that someone with a clue either hits Steve Ballmer over the head with a cluestick or kicks him off of the bridge and takes control of this ship, or else they may as well invest heavily in the advertising and privacy invasion markets that Steve wants to get them into as he's going to be taking them out of the software development market!
Regards,
The Outspoken Wookie
Exercise Plus Coffee May Ward Off Skin Cancer
I read this yesterday morning ("But the new research shows that "the combination [of the two] works better," he said, providing a dramatically better anti-cancer result.") and thought I'd put it to the test. I made an espresso and headed straight out for a run. Well, I hope once the burns heal that the skin that is left on my hand and chest won't be susceptible to melanomas. ;)
Regards,
The Outspoken Wookie
Regards,
The Outspoken Wookie
Tuesday, July 03, 2007
Tablet PCs - dunno...
OK. That may be a little misleading.
It isn't that I dunno if the Tablet PC form factor (format, way of life, whatever) is valid. It is - everything (well almost everything) has a place - and I can imagine quite a number of situations where it would be (a big part of) an ideal solution.
It is just that I dunno if the Tablet PC form factor will work for me or for the rest of us here at the Quark Group.
We're getting to the point where we need to deploy a CRM application and some project management software, amongst other things. We also need to keep better records of the work that we do - now, I'm not saying that we're bad at keeping records - we've got loads of info on our client sites and jobs here, it is just that we need a more structured way to keep all of this information and have it readily accessible to us all when and where we need it.
In particular, *I* need to find a way to keep *my* records better - I often use a piece of paper at a client site when we're discussing something to scratch notes, diagrams, serials, phone numbers of cute girls, requests and general information on and then have every intention of transferring all of this information into the relevant documentation here at the office. The problem is that often between this client site and entering this information into the computer, "stuff" happens (another client, the weekend, the paper migrates south on my desk and finds a warm place to hibernate for a week or two) which results in my not entering this information into the computer as quickly as I originally intended.
So, we've started using Outlook and in particular the Notes section of an Appointment to enter this information into - and this is where our Windows Mobile 5 PDAs have found yet another use. However, I still can't get everything in there as easily as I'd like - small keyboard, too small a page for many diagrams, and other excuses I care to make up as I go. WHat information is in there, however, syncs automatically to Exchange and is also relatively easy to pull into other documentation, reports and jobsheets.
I have been thinking for a while now about getting a new laptop and replacing my desktop with it. I have a trusty old Toshiba Satellite Pro 4600 Pentium III/900 laptop that goes most places with me and has done so for quite a few years now. It is easily enough to use onsite and when away from the office for a few days to check emails, run diagnostics on client sites and things like that, but there's no way I could use it as my main PC (screen res is too low and it just isn't fast enough) and no way we can use it to demo much to clients (too slow).
So, looking at a new laptop. Do I get a large, heavy, powerful laptop (17", Core 2 Duo, 4 GB, loads of HDD space, preferably 2 drives) and run my life from this unit? Do I get a smaller, 15" Core 2 Duo, 2 GB with heaps of HDD space to run most things on except serious Virtualization demonstration environments (that the 17" beast could do) and remote into the office to access the demos there? Do I look for a smaller, 12.1" Core 2 Duo laptop with 2 GB and enough HDD space and replace my older laptop with that, still keeping my desktop?
First, the mega gruntmeister. 1920*1200 LCD or nothing. 4 GB RAM. Whatever fast HDD that comes with it used as a secondary and the main HDD will be a Hitachi E7K200 or a Seagate equivalent when they make one. No *need* for a second monitor, but another display sure won't hurt. What *WILL* hurt, however, is my back from lugging this thing around everywhere with me. It will be easily able to handle a full SBS+TS+XP+XP demo to a client (or replace XP with Vista Business, whatever takes my fancy). It won't be fun to pull out at a coffee shop for a quick demo - it will take up most of the table. Not so much fun.
OK, so let's look at replacing my ageing Tosh SatPro with a newer unit. 1600*1050 is probably what I could live with as a minimum widescreen resolution for daily use (out of the office) with another display as a secondary in the office. It still isn't going to be particularly light and with a screen that small it won't be easy to demo much to a client - it'd be better with a small projector or plugged into an LCD of theirs. My back would not need as much physio/chiro which is a bonus. It wouldn't be able to handle a full SBS+TS+VB+VB demo unless I threw more RAM at it. In a coffee shop, it still isn't that great - takes up a more reasonable amount of table space, but the screen is getting a little pokey for 2 or 3 people around a coffee table.
Now we're down to the 12.1" or so notebook that's easy to lug around, running at 1400*1050 or so, which is kinda nearly almost 1600*1050, will definitely require a second desktop display if this were to replace my desktop and can't really be used to demo outside a coffee shop unless there's a projector in my car boot. It takes up less space than a dinner plate at a coffee shop, though! Most likely of all three units to make it to EVERY job I do and still bearable to use on a daily basis when out of the office. Actualy, as to demos, if it had 4 GB, it would likely have as much grunt as the 15" unit above, or extremely close to it.
(OK, I have to admit that I *can* live with a 1024*768 15.4" LCD display as the Satellite Pro 4600 has shown me, but that doesn't mean I enjoy it.)
And this is when I started to look at my options and decided that of all these, the 17" although it would be nice, really isn't something I'd like to lug around all day. The 15.4" is the worst of both worlds (still heavy and with a screen res I could scrape by with, but not really like), leaving the 12.1" being too small to *really* demo on (display-wise) but light enough to lug around all day and grunty enough as well as absolutely requiring a second screen if I were use this as a desktop replacement.
So, now, having decided that in reality, smaller actually IS better, I had a rethink of what I was looking at getting a notebook upgrade for. I wanted one to help me organise my record keeping a little better. And what do I do? I write stuff on paper all the time. How will replacing the SatPro help? It likely won't (although, I could use it to demo things to clients). So really? Waste of money for what I really need.
But, 12.1" brings Tablet PCs into play. Now, there's something that could be well useful as they are basically a big, thick, heavy (compared to a paper pad) digital piece of paper. We have Wi-Fi access at most client sites, so this big, thick piece of digital paper would be able to sync back to the office, and when we don't, we have GPRS/3G/HSDPA access which will also work fine.
Of course, as notebooks get smaller their proces go up, and add Tablet PC capabilities into the unit and it goes up quite a bit again. This makes a Tablet PC approximately the same cost as the big gruntmeister box. Hhmmm... OK. That means we're looking at shelling out somewhere in the vicinity of AU$3500 - AU$4500 on this setup, so we had better know it will deliver what it promises.
For a laugh, I decided to look on eBay for an M200 - the older sibling of the M400 Tablet PC I'd been eyeing off recently - to see what they were going for. They had a Pentium-M CPU and a max of 2 GB RAM as well as a dismal 32MB nVidia onboard video card (poor Aero performance), but they'd also give us an idea of what this form factor could actually achieve. My eBay exercise turned out to not be as silly as I had initially thought - there were a number of M200 units available for prices varying up to AU$1750. Included in this list of items was one that I eventually bought for AU$651.27 (including freight) which was a Pentium-M 1.5 GHz, 512MB RAM, 40 GB HDD unit - all up, well worth the price to see if this would work out for us.
So, including adding some extra RAM to it and swapping the 80 GB PATA from the SatPro into this, it cost a smidge over AU$1000. Well worth it, methinks, to see if this will let us know one way or the other as to the usability of Tablet PCs for both myself and the rest of us.
And then I bought a docking station - making the grant total a smidge under AU$1200. Again, well worth it as we'll also see how useful the docking stations are when it is at home back on the desk in the office.
We've also had a few clients asking us about the usefulness of a Tablet PC in general and in their business more specifically. Well, now we'll have some real world experience to back up our recommendations which is always a better place to come from. Other people's experiences are valuable, but often not as valuable as your own. :)
So, I'll keep posting as I see how this works out for me.
And on that note, sitting here with an empty glass of bourbon and listening to sigur rós, I think I'll "refill and chill" a little more.
Regards,
The Outspoken Wookie
It isn't that I dunno if the Tablet PC form factor (format, way of life, whatever) is valid. It is - everything (well almost everything) has a place - and I can imagine quite a number of situations where it would be (a big part of) an ideal solution.
It is just that I dunno if the Tablet PC form factor will work for me or for the rest of us here at the Quark Group.
We're getting to the point where we need to deploy a CRM application and some project management software, amongst other things. We also need to keep better records of the work that we do - now, I'm not saying that we're bad at keeping records - we've got loads of info on our client sites and jobs here, it is just that we need a more structured way to keep all of this information and have it readily accessible to us all when and where we need it.
In particular, *I* need to find a way to keep *my* records better - I often use a piece of paper at a client site when we're discussing something to scratch notes, diagrams, serials, phone numbers of cute girls, requests and general information on and then have every intention of transferring all of this information into the relevant documentation here at the office. The problem is that often between this client site and entering this information into the computer, "stuff" happens (another client, the weekend, the paper migrates south on my desk and finds a warm place to hibernate for a week or two) which results in my not entering this information into the computer as quickly as I originally intended.
So, we've started using Outlook and in particular the Notes section of an Appointment to enter this information into - and this is where our Windows Mobile 5 PDAs have found yet another use. However, I still can't get everything in there as easily as I'd like - small keyboard, too small a page for many diagrams, and other excuses I care to make up as I go. WHat information is in there, however, syncs automatically to Exchange and is also relatively easy to pull into other documentation, reports and jobsheets.
I have been thinking for a while now about getting a new laptop and replacing my desktop with it. I have a trusty old Toshiba Satellite Pro 4600 Pentium III/900 laptop that goes most places with me and has done so for quite a few years now. It is easily enough to use onsite and when away from the office for a few days to check emails, run diagnostics on client sites and things like that, but there's no way I could use it as my main PC (screen res is too low and it just isn't fast enough) and no way we can use it to demo much to clients (too slow).
So, looking at a new laptop. Do I get a large, heavy, powerful laptop (17", Core 2 Duo, 4 GB, loads of HDD space, preferably 2 drives) and run my life from this unit? Do I get a smaller, 15" Core 2 Duo, 2 GB with heaps of HDD space to run most things on except serious Virtualization demonstration environments (that the 17" beast could do) and remote into the office to access the demos there? Do I look for a smaller, 12.1" Core 2 Duo laptop with 2 GB and enough HDD space and replace my older laptop with that, still keeping my desktop?
First, the mega gruntmeister. 1920*1200 LCD or nothing. 4 GB RAM. Whatever fast HDD that comes with it used as a secondary and the main HDD will be a Hitachi E7K200 or a Seagate equivalent when they make one. No *need* for a second monitor, but another display sure won't hurt. What *WILL* hurt, however, is my back from lugging this thing around everywhere with me. It will be easily able to handle a full SBS+TS+XP+XP demo to a client (or replace XP with Vista Business, whatever takes my fancy). It won't be fun to pull out at a coffee shop for a quick demo - it will take up most of the table. Not so much fun.
OK, so let's look at replacing my ageing Tosh SatPro with a newer unit. 1600*1050 is probably what I could live with as a minimum widescreen resolution for daily use (out of the office) with another display as a secondary in the office. It still isn't going to be particularly light and with a screen that small it won't be easy to demo much to a client - it'd be better with a small projector or plugged into an LCD of theirs. My back would not need as much physio/chiro which is a bonus. It wouldn't be able to handle a full SBS+TS+VB+VB demo unless I threw more RAM at it. In a coffee shop, it still isn't that great - takes up a more reasonable amount of table space, but the screen is getting a little pokey for 2 or 3 people around a coffee table.
Now we're down to the 12.1" or so notebook that's easy to lug around, running at 1400*1050 or so, which is kinda nearly almost 1600*1050, will definitely require a second desktop display if this were to replace my desktop and can't really be used to demo outside a coffee shop unless there's a projector in my car boot. It takes up less space than a dinner plate at a coffee shop, though! Most likely of all three units to make it to EVERY job I do and still bearable to use on a daily basis when out of the office. Actualy, as to demos, if it had 4 GB, it would likely have as much grunt as the 15" unit above, or extremely close to it.
(OK, I have to admit that I *can* live with a 1024*768 15.4" LCD display as the Satellite Pro 4600 has shown me, but that doesn't mean I enjoy it.)
And this is when I started to look at my options and decided that of all these, the 17" although it would be nice, really isn't something I'd like to lug around all day. The 15.4" is the worst of both worlds (still heavy and with a screen res I could scrape by with, but not really like), leaving the 12.1" being too small to *really* demo on (display-wise) but light enough to lug around all day and grunty enough as well as absolutely requiring a second screen if I were use this as a desktop replacement.
So, now, having decided that in reality, smaller actually IS better, I had a rethink of what I was looking at getting a notebook upgrade for. I wanted one to help me organise my record keeping a little better. And what do I do? I write stuff on paper all the time. How will replacing the SatPro help? It likely won't (although, I could use it to demo things to clients). So really? Waste of money for what I really need.
But, 12.1" brings Tablet PCs into play. Now, there's something that could be well useful as they are basically a big, thick, heavy (compared to a paper pad) digital piece of paper. We have Wi-Fi access at most client sites, so this big, thick piece of digital paper would be able to sync back to the office, and when we don't, we have GPRS/3G/HSDPA access which will also work fine.
Of course, as notebooks get smaller their proces go up, and add Tablet PC capabilities into the unit and it goes up quite a bit again. This makes a Tablet PC approximately the same cost as the big gruntmeister box. Hhmmm... OK. That means we're looking at shelling out somewhere in the vicinity of AU$3500 - AU$4500 on this setup, so we had better know it will deliver what it promises.
For a laugh, I decided to look on eBay for an M200 - the older sibling of the M400 Tablet PC I'd been eyeing off recently - to see what they were going for. They had a Pentium-M CPU and a max of 2 GB RAM as well as a dismal 32MB nVidia onboard video card (poor Aero performance), but they'd also give us an idea of what this form factor could actually achieve. My eBay exercise turned out to not be as silly as I had initially thought - there were a number of M200 units available for prices varying up to AU$1750. Included in this list of items was one that I eventually bought for AU$651.27 (including freight) which was a Pentium-M 1.5 GHz, 512MB RAM, 40 GB HDD unit - all up, well worth the price to see if this would work out for us.
So, including adding some extra RAM to it and swapping the 80 GB PATA from the SatPro into this, it cost a smidge over AU$1000. Well worth it, methinks, to see if this will let us know one way or the other as to the usability of Tablet PCs for both myself and the rest of us.
And then I bought a docking station - making the grant total a smidge under AU$1200. Again, well worth it as we'll also see how useful the docking stations are when it is at home back on the desk in the office.
We've also had a few clients asking us about the usefulness of a Tablet PC in general and in their business more specifically. Well, now we'll have some real world experience to back up our recommendations which is always a better place to come from. Other people's experiences are valuable, but often not as valuable as your own. :)
So, I'll keep posting as I see how this works out for me.
And on that note, sitting here with an empty glass of bourbon and listening to sigur rós, I think I'll "refill and chill" a little more.
Regards,
The Outspoken Wookie
Wednesday, May 16, 2007
Reporting bugs in Microsoft code
Some of you may be surprised to know that I recently found a bug in some Microsoft code. I know, I know - they keep saying it is the most secure, most loved, most perfect code in the world, but we all know that not to be the case. Alright, they don't actually say that, but they do imply it. Well, kind of imply it. Whatever...
Anyway, I found a bug with Office 2007 Enterprise running on Vista Ultimate x64. More specifically, it was with Outlook 2007 running on Vista Ultimate x64 when trying to export a Public Folder from Exchange 2003 SP2 to a .pst file. So what would any self respecting person do with this knowledge? That's right - I tried to report it to Microsoft.
Go to www.microsoft.com and look for the "report bug" link or something to that effect. What "report bug" link? Look through the partner site for the same thing. No joy. It isn't worth looking on Connect for this as once the product moves through the Beta and RC stages to Final, all reporting functionality is removed from the Connect site (smart move, eh). Look through the MSDN site. Nothing. Nowhere. Not a schmick!
So, then I did what any self respecting person would do - I used the best search engine on the planet to look for a way to report a bug to Microsoft - I Googled it. Nothing. A lot of people were also doing the same thing, apparently, and having the same luck I was. But nothing.
So, I reduced my expectations and searched on www.live.com and got the same results. Nothing.
By "nothing" I mean to say that I did know about the http://support.microsoft.com/contactus/?WS=Wish site, which is quite useless - it is a "send us suggestions" site. There's a web form and nothing much else. You can't send screen captures of error messages, and this isn't really a bug reporting site, it is - as it is names - a wishlist site. I'm not making a feature request, I'm trying to report a bug.
Nothing.
Nada.
OK. I had even spent a bit of time narrowing down the bug to a Vista Ultimate x64/Office 2007 issue - the same issue doesn't occur when running Outlook 2007 (in Office Enterprise) on Windows XP Pro, nor does it occur in Office Outlook 2003 on XP Pro. I could have spent hours installing Vista Ultimate x86 and Office Enterprise 2007 on that to see if the bug also existed in Vista x86, but imagine my additional frustration if I'd spent the time doing that to find out that Microsoft refuses to provide a method for people to submit bug reports to them!
So, it seems that Microsoft DOES believe their code is beyond reproach - they don't allow people to report issues with it, therefore they must believe that it is perfect. OK, that's probably a bit of a leap, but you must understand my frustration with a company of this size, especially when almost every other software company on the planet has a method for you to report bugs in their code to them.
Does Microsoft care that we find bugs in their software? Apparently not. They at least don't care enough to allow us to report bugs back to them. And why, after all, would we want to report these bugs back to Microsoft?
To help them make better software.
They just don't care about that, apparently.
Regards,
The Outspoken Wookie
Anyway, I found a bug with Office 2007 Enterprise running on Vista Ultimate x64. More specifically, it was with Outlook 2007 running on Vista Ultimate x64 when trying to export a Public Folder from Exchange 2003 SP2 to a .pst file. So what would any self respecting person do with this knowledge? That's right - I tried to report it to Microsoft.
Go to www.microsoft.com and look for the "report bug" link or something to that effect. What "report bug" link? Look through the partner site for the same thing. No joy. It isn't worth looking on Connect for this as once the product moves through the Beta and RC stages to Final, all reporting functionality is removed from the Connect site (smart move, eh). Look through the MSDN site. Nothing. Nowhere. Not a schmick!
So, then I did what any self respecting person would do - I used the best search engine on the planet to look for a way to report a bug to Microsoft - I Googled it. Nothing. A lot of people were also doing the same thing, apparently, and having the same luck I was. But nothing.
So, I reduced my expectations and searched on www.live.com and got the same results. Nothing.
By "nothing" I mean to say that I did know about the http://support.microsoft.com/contactus/?WS=Wish site, which is quite useless - it is a "send us suggestions" site. There's a web form and nothing much else. You can't send screen captures of error messages, and this isn't really a bug reporting site, it is - as it is names - a wishlist site. I'm not making a feature request, I'm trying to report a bug.
Nothing.
Nada.
OK. I had even spent a bit of time narrowing down the bug to a Vista Ultimate x64/Office 2007 issue - the same issue doesn't occur when running Outlook 2007 (in Office Enterprise) on Windows XP Pro, nor does it occur in Office Outlook 2003 on XP Pro. I could have spent hours installing Vista Ultimate x86 and Office Enterprise 2007 on that to see if the bug also existed in Vista x86, but imagine my additional frustration if I'd spent the time doing that to find out that Microsoft refuses to provide a method for people to submit bug reports to them!
So, it seems that Microsoft DOES believe their code is beyond reproach - they don't allow people to report issues with it, therefore they must believe that it is perfect. OK, that's probably a bit of a leap, but you must understand my frustration with a company of this size, especially when almost every other software company on the planet has a method for you to report bugs in their code to them.
Does Microsoft care that we find bugs in their software? Apparently not. They at least don't care enough to allow us to report bugs back to them. And why, after all, would we want to report these bugs back to Microsoft?
To help them make better software.
They just don't care about that, apparently.
Regards,
The Outspoken Wookie
Friday, May 04, 2007
Demythtifying WiFi
Hi All,
As a part of the story around 802.11b and 802.11g WiFi technology, what's real and what's fallacy, I hope that this article is of benefit to some people.
I intend to write more when I get the time, but this is a start.
Also, for those who haven't been to the Quark IT site before, I have written a number of articles that are available on the site, as is a Newsletter (which is currently having a holiday, purely until I get time to start publishing it again).
Newsletter... Yes. I REALLY should get this back on track. I keep meaning to...
Regards,
The Outspoken Wookie
As a part of the story around 802.11b and 802.11g WiFi technology, what's real and what's fallacy, I hope that this article is of benefit to some people.
I intend to write more when I get the time, but this is a start.
Also, for those who haven't been to the Quark IT site before, I have written a number of articles that are available on the site, as is a Newsletter (which is currently having a holiday, purely until I get time to start publishing it again).
Newsletter... Yes. I REALLY should get this back on track. I keep meaning to...
Regards,
The Outspoken Wookie
Sunday, April 29, 2007
World Class Farce
I cannot believe what a complete and utter cock up the umpires and the ICC have made of the World Cup Cricket final between Australia and Sri Lanka.
During the Sri Lankan innings it started raining, this rain then got progressively heavier, yet the umpires didn't make a decision to leave as they could see a clearer patch of sky beyond the clouds. This was a sensible decision - Sri Lanka needed to keep playing to ensure they had a chance to win, had they gone off then, there would have been too many overs lost, along with any chance of Sri Lanka being able to win.
So, as the rain started to ease, the umpires decided to send the teams off the field. Why, I guess, no sane person will ever be able to understand. Aleem Dar and Steve Bucknor had just made the most stupid decision (probably) ever in cricketing history.
Then, when they decided to bring the teams back on, they failed to calculate the new target. Sure, they could work out that 2 overs were lost and correctly subtracted 2 from 38 to get 36, but they couldn't work out how to use the Duckworth Lewis system to calculate the new target and a few balls later, both teams stopped the match to enquire about the new target. Failing to have this corrected, the teams started playing again whilst waiting for the farce to end, which it eventually did.
Or so we thought.
Now, as the light was fading due to the ridiculous waste of time that the umpires caused by the stoppages, the umpires offered the light to the Sri Lankan batsmen on a number of occasions, which they finally took 3 overs before the end of the match. With absolutely no chance of Sri Lanka being able to win and with absolutely no chance of the light improving (as the WCC final ground dows not have lights), everyone had figured - the ground officials included - that Australia had just won the World Cup. Of course, Aleem Dar then chose to point out to Ricky Ponting that this was not the end of the match and that they would need to come back tomorrow to bowl the three remaining overs. The ground staff at this point had already congratulated Australia on the scoreboard and were preparing to set up for the presentations, yet the umpires shooed them off the field, explaining that the match wasn't over.
Mahela Jayawardene then came onto the ground and discussed the options with Ricky Ponting and, instead of making the most obvious decision there was - conceding defeat - he chose to send his batsmen back out to face the final three overs.
At this point, the commentators couldn't distinguish between players on the field. The batsmen had to face spin bowlers for safety - pace bowlers would have been deadly. The cameras couldn't easily focus on the players for the lack of light. Basically, the game should have been over when the players took the offer of bad light.
Despite the "look" on the broadcast, the light was appalling. The cameras and CCU operators were able to enhance the light way beyond was actually available. The true state of affairs, and the true view of what a farce the umpires made of this match, was seen when Stump Cam was shown - there's no way to artificially enhance the image from Stump Cam in the same way as the regular broadcast cameras. It was close to total darkness. Even the enhanced camera images were significantly grainy due to the enhancement artifacts. This was something that never should have been allowed to go on.
The umpires made appalling decisions. The ICC allowed them to do it. Jayawardene had a clear opportunity to stop the stupidity and chose not to do so. The whole thing showed the world how far away from being able to make Cricket a world game the governing body is. It is a shame, but hopefully the ICC will learn from this and take steps to ensure some form of sanity creeps into the rules and the interpretation of the rules.
Regards,
The Outspoken Wookie
During the Sri Lankan innings it started raining, this rain then got progressively heavier, yet the umpires didn't make a decision to leave as they could see a clearer patch of sky beyond the clouds. This was a sensible decision - Sri Lanka needed to keep playing to ensure they had a chance to win, had they gone off then, there would have been too many overs lost, along with any chance of Sri Lanka being able to win.
So, as the rain started to ease, the umpires decided to send the teams off the field. Why, I guess, no sane person will ever be able to understand. Aleem Dar and Steve Bucknor had just made the most stupid decision (probably) ever in cricketing history.
Then, when they decided to bring the teams back on, they failed to calculate the new target. Sure, they could work out that 2 overs were lost and correctly subtracted 2 from 38 to get 36, but they couldn't work out how to use the Duckworth Lewis system to calculate the new target and a few balls later, both teams stopped the match to enquire about the new target. Failing to have this corrected, the teams started playing again whilst waiting for the farce to end, which it eventually did.
Or so we thought.
Now, as the light was fading due to the ridiculous waste of time that the umpires caused by the stoppages, the umpires offered the light to the Sri Lankan batsmen on a number of occasions, which they finally took 3 overs before the end of the match. With absolutely no chance of Sri Lanka being able to win and with absolutely no chance of the light improving (as the WCC final ground dows not have lights), everyone had figured - the ground officials included - that Australia had just won the World Cup. Of course, Aleem Dar then chose to point out to Ricky Ponting that this was not the end of the match and that they would need to come back tomorrow to bowl the three remaining overs. The ground staff at this point had already congratulated Australia on the scoreboard and were preparing to set up for the presentations, yet the umpires shooed them off the field, explaining that the match wasn't over.
Mahela Jayawardene then came onto the ground and discussed the options with Ricky Ponting and, instead of making the most obvious decision there was - conceding defeat - he chose to send his batsmen back out to face the final three overs.
At this point, the commentators couldn't distinguish between players on the field. The batsmen had to face spin bowlers for safety - pace bowlers would have been deadly. The cameras couldn't easily focus on the players for the lack of light. Basically, the game should have been over when the players took the offer of bad light.
Despite the "look" on the broadcast, the light was appalling. The cameras and CCU operators were able to enhance the light way beyond was actually available. The true state of affairs, and the true view of what a farce the umpires made of this match, was seen when Stump Cam was shown - there's no way to artificially enhance the image from Stump Cam in the same way as the regular broadcast cameras. It was close to total darkness. Even the enhanced camera images were significantly grainy due to the enhancement artifacts. This was something that never should have been allowed to go on.
The umpires made appalling decisions. The ICC allowed them to do it. Jayawardene had a clear opportunity to stop the stupidity and chose not to do so. The whole thing showed the world how far away from being able to make Cricket a world game the governing body is. It is a shame, but hopefully the ICC will learn from this and take steps to ensure some form of sanity creeps into the rules and the interpretation of the rules.
Regards,
The Outspoken Wookie
Wednesday, April 11, 2007
Microsoft Patch Releases
Generally, an intelligent entity is able to learn from not only its own mistakes but also from those it sees others make. An entity that keeps repeating the same mistakes over and over is deemed to be moderately unintelligent.
Well in that case, Microsoft must be the dumbest company on the face of this planet (and probably quite a few others). Not only have they once again released a Service Pack for a Windows NT-based operating system that breaks networking on many machines (Windows Server 2003 SP2 this time, Windows NT 4 Service Pack 2 last time), but they have released a second patch for their Animated Cursor component in Windows (obviously, critical in any Server is an animated cursor) and this time they have followed in their long established path of releasing a broken patch that almost immediately needs a patch for the patch.
MS07-017 resulted in a great many machines worldwide failing to run properly and having error messages stating something similar to:
application_executable_name - Illegal System DLL Relocation
The system DLL user32.dll was relocated in memory. The application will not run properly. The relocation occurred because the DLL C:\Windows\System32\Hhctrl.ocx occupied an address range reserved for Windows system DLLs. The vendor supplying the DLL should be contacted for a new DLL.
This is because Microsoft broke their patch and then tried blaming Realtek for the issue. As proof that it was a Microsoft issue, more applications have the same issue with this new MS07-017 patch. As further proof of the origin of the issue, Microsoft have released a new Windows XP Update to address the issues they created by not testing MS07-017 properly before releasing it.
I have a few issues with this patch (in particular) and Microsoft patching practice in general.
1. Why does a Windows Server have an animated cursor component? Is this a critical OS component? No. Is this something that should ever, for any reason be installed on any server? No. Then why does Microsoft ship it as a part of their Windows Server family? Secure By Design - I think not!
2. If this were a highly critical patch (as it is) that was only recently discovered and reported to Microsoft and it was in a critical component of the OS (see my previous point), then one *may* be able to give a little leniency to Microsoft. In this case, that is not what happened. On 22 October 2004 (yes, that's 2.5 years ago) this vulnerability was reported to Microsoft. They willingly did nothing about it. That is called "responsible disclosure" on the part of Cesar Cerrudo, the person who found the vulnerability.
Then on 7 November 2006 - over 2 years after Cesar originally reported this vulnerability to Microsoft - Cesar got sick of waiting for Microsoft to perform their corporate responsibilities and made the details of the vulnerability public. That is STILL called "responsible disclosure" on the part of Cesar - over 2 years for Microsoft to address a highly critical vulnerability in a default Windows component is simply "corporate apathy".
So, what did Microsoft then do? If you guessed "they jumped into action" then you'd be sadly mistaken. If you guessed "they did their absolute best impersonation of a statue" then you win the prize. That's right - Microsoft continued to not make history and remain apathetic towards this vulnerability. That's security the Microsoft way.
On 29 January 2007 (that's 27 months - well over 2 years since the vulnerability was originally reported to Microsoft) an exploit for this vulnerability was released by Joel Eriksson. It then took Microsoft over 9 weeks to release the MS07-017 patch to this 2 and a half year old vulnerability.
Which part of "Secure by design, secure by default" does this lax behavior fit into? Does it even fit into "Secure by deployment"? No, there is no security consideration in any of this. Microsoft totally (again) dropped the ball.
3. When Microsoft belatedly released a patch for this vulnerability, they broke it and then blamed a number of 3rd parties for the issues they created. That's appalling. Again, the corporate apathy present in Microsoft - thanks to Steve Ballmer who is at its helm right now - is what's letting them down. They need to realize that security is important to us, even if it isn't really that important to them. And as we are their customers (they sure don't treat us like clients), then we DO matter to them, as without us, they have no income.
So, all up, I have to express my disgust, once again, in Microsoft's mishandling of another patch release. Don't get me started on Windows Server 2003 SP2...
Regards,
The Outspoken Wookie
Well in that case, Microsoft must be the dumbest company on the face of this planet (and probably quite a few others). Not only have they once again released a Service Pack for a Windows NT-based operating system that breaks networking on many machines (Windows Server 2003 SP2 this time, Windows NT 4 Service Pack 2 last time), but they have released a second patch for their Animated Cursor component in Windows (obviously, critical in any Server is an animated cursor) and this time they have followed in their long established path of releasing a broken patch that almost immediately needs a patch for the patch.
MS07-017 resulted in a great many machines worldwide failing to run properly and having error messages stating something similar to:
application_executable_name - Illegal System DLL Relocation
The system DLL user32.dll was relocated in memory. The application will not run properly. The relocation occurred because the DLL C:\Windows\System32\Hhctrl.ocx occupied an address range reserved for Windows system DLLs. The vendor supplying the DLL should be contacted for a new DLL.
This is because Microsoft broke their patch and then tried blaming Realtek for the issue. As proof that it was a Microsoft issue, more applications have the same issue with this new MS07-017 patch. As further proof of the origin of the issue, Microsoft have released a new Windows XP Update to address the issues they created by not testing MS07-017 properly before releasing it.
I have a few issues with this patch (in particular) and Microsoft patching practice in general.
1. Why does a Windows Server have an animated cursor component? Is this a critical OS component? No. Is this something that should ever, for any reason be installed on any server? No. Then why does Microsoft ship it as a part of their Windows Server family? Secure By Design - I think not!
2. If this were a highly critical patch (as it is) that was only recently discovered and reported to Microsoft and it was in a critical component of the OS (see my previous point), then one *may* be able to give a little leniency to Microsoft. In this case, that is not what happened. On 22 October 2004 (yes, that's 2.5 years ago) this vulnerability was reported to Microsoft. They willingly did nothing about it. That is called "responsible disclosure" on the part of Cesar Cerrudo, the person who found the vulnerability.
Then on 7 November 2006 - over 2 years after Cesar originally reported this vulnerability to Microsoft - Cesar got sick of waiting for Microsoft to perform their corporate responsibilities and made the details of the vulnerability public. That is STILL called "responsible disclosure" on the part of Cesar - over 2 years for Microsoft to address a highly critical vulnerability in a default Windows component is simply "corporate apathy".
So, what did Microsoft then do? If you guessed "they jumped into action" then you'd be sadly mistaken. If you guessed "they did their absolute best impersonation of a statue" then you win the prize. That's right - Microsoft continued to not make history and remain apathetic towards this vulnerability. That's security the Microsoft way.
On 29 January 2007 (that's 27 months - well over 2 years since the vulnerability was originally reported to Microsoft) an exploit for this vulnerability was released by Joel Eriksson. It then took Microsoft over 9 weeks to release the MS07-017 patch to this 2 and a half year old vulnerability.
Which part of "Secure by design, secure by default" does this lax behavior fit into? Does it even fit into "Secure by deployment"? No, there is no security consideration in any of this. Microsoft totally (again) dropped the ball.
3. When Microsoft belatedly released a patch for this vulnerability, they broke it and then blamed a number of 3rd parties for the issues they created. That's appalling. Again, the corporate apathy present in Microsoft - thanks to Steve Ballmer who is at its helm right now - is what's letting them down. They need to realize that security is important to us, even if it isn't really that important to them. And as we are their customers (they sure don't treat us like clients), then we DO matter to them, as without us, they have no income.
So, all up, I have to express my disgust, once again, in Microsoft's mishandling of another patch release. Don't get me started on Windows Server 2003 SP2...
Regards,
The Outspoken Wookie
Tuesday, February 20, 2007
Sensible Political Decisions
I know, this is something that you rarely hear about - a politician making a decision that actually makes sense (other than the "sense" of them being re-elected, that is).
Australia is to implement a plan to phase out incandescent light bulbs by 2010. This will reduce our CO2 output by around 800,000 tonnes per year - a significant reduction. Of course, although we claim this to be a world first, a quick Google search comes up with these previous announcements:
http://www.treehugger.com/files/2006/06/south_africa_to_1.php - South Africa To Phase Out Incandescent Bulbs (2006-06-06)
http://carbonsink.blogspot.com/2006/08/uk-to-ban-standby-devices-and.html - UK to ban standby devices and incandescent light bulbs (2006-08-20)
http://www.thestar.com/News/article/180048 - U.S. states want to phase out light bulbs (2007-02-09), admittedly this is talk, not action at this point, but promising all the same.
And then there's http://www.iea.org/Textbase/work/2007/cfl/agenda.pdf which is the agenda for the IEA/European Commission/CEN-Star-Trend-Analysis workshop on "Compact Fluorescent Lamp Quality and Strategies to Phase-out Incandescent Lamps" to be held on 26 February 2007 at the IEA, Paris, France.
So, whilst we're far from being the first country or state to announce plans to eliminate indandescent lighting and replace it with energy efficient lighting, at least we're on the right path!
We use only fluorescent lighting here at my house and office. I recently saw some nice compact fluorescent downlights that can be used to replace the older halogen downlights that used to be used, reducing the 50W lamps to 9W (or 11W) will reduce power consumption by around 75% - a significant saving.
The issue with fluorescent lamps is their general inability to be dimmed, however that is being overcome by companies such as GE, Tu-Wire, Lutron, Westinghouse and Philips by developing special dimmable ballasts that are used in compact and regular fluorescent lamps. See here for a list of some of the available dimmable compact fluorescent lamps available. This link has some more information on dimmable CF lamps.
Clipsal C-Bus can then dim fluorescent lamps just as it can dim regular incandescent and halogen lamps if these specialized products are used. Quark Automation (blatant plug time, here) designs, deploys and programs automated lighting, HVAC and audiovisual systems for residential and commercial properties and recommends energy efficient lighting.
As an added bonus, Lutron (and possibly other companies) also produce a dimmable compact fluorescent downlight using a special 32W lamp. An added bonus here is that (in Australia, at least) using CF downlights means that instead of the 150mm clearance between a halogen downlight and any insulation (a 300mm diameter clearance), these CF downlights require a mere 25mm (50mm diameter) of room before insulation can be used, meaning a greater cover of insulation in your ceiling space.
Regards,
The Outspoken Wookie
Australia is to implement a plan to phase out incandescent light bulbs by 2010. This will reduce our CO2 output by around 800,000 tonnes per year - a significant reduction. Of course, although we claim this to be a world first, a quick Google search comes up with these previous announcements:
http://www.treehugger.com/files/2006/06/south_africa_to_1.php - South Africa To Phase Out Incandescent Bulbs (2006-06-06)
http://carbonsink.blogspot.com/2006/08/uk-to-ban-standby-devices-and.html - UK to ban standby devices and incandescent light bulbs (2006-08-20)
http://www.thestar.com/News/article/180048 - U.S. states want to phase out light bulbs (2007-02-09), admittedly this is talk, not action at this point, but promising all the same.
And then there's http://www.iea.org/Textbase/work/2007/cfl/agenda.pdf which is the agenda for the IEA/European Commission/CEN-Star-Trend-Analysis workshop on "Compact Fluorescent Lamp Quality and Strategies to Phase-out Incandescent Lamps" to be held on 26 February 2007 at the IEA, Paris, France.
So, whilst we're far from being the first country or state to announce plans to eliminate indandescent lighting and replace it with energy efficient lighting, at least we're on the right path!
We use only fluorescent lighting here at my house and office. I recently saw some nice compact fluorescent downlights that can be used to replace the older halogen downlights that used to be used, reducing the 50W lamps to 9W (or 11W) will reduce power consumption by around 75% - a significant saving.
The issue with fluorescent lamps is their general inability to be dimmed, however that is being overcome by companies such as GE, Tu-Wire, Lutron, Westinghouse and Philips by developing special dimmable ballasts that are used in compact and regular fluorescent lamps. See here for a list of some of the available dimmable compact fluorescent lamps available. This link has some more information on dimmable CF lamps.
Clipsal C-Bus can then dim fluorescent lamps just as it can dim regular incandescent and halogen lamps if these specialized products are used. Quark Automation (blatant plug time, here) designs, deploys and programs automated lighting, HVAC and audiovisual systems for residential and commercial properties and recommends energy efficient lighting.
As an added bonus, Lutron (and possibly other companies) also produce a dimmable compact fluorescent downlight using a special 32W lamp. An added bonus here is that (in Australia, at least) using CF downlights means that instead of the 150mm clearance between a halogen downlight and any insulation (a 300mm diameter clearance), these CF downlights require a mere 25mm (50mm diameter) of room before insulation can be used, meaning a greater cover of insulation in your ceiling space.
Regards,
The Outspoken Wookie
Saturday, February 17, 2007
Little Johnny Whoward
I had a colleague (who happened to be English) make a comment to me a little while back when we were discussing politics. He said that "you guys have the world's most irrelevant political leader" and I think he hit the nail right on the heavily eyebrowed head.
John Whoward - I've changed his name, not to protect the innocent, but because it now has 2 different and equally valid implications - has to be the world's most irrelevant leader. It seems that most people in the country he rules with an ironic fist find him a displeasing little man (even distasteful) and will hopefully oust he and his cronies at the next Federal election. Not only that, I'm sure that Dubya doesn't even know his name and the only time he notices him is when Johnny sneezes - considering Little Johnny has his head firmly planted up Dubya's date, this sneezing causes a wry smile on Dubya's face.
Yes, Little Johnny Whoward, who's head is now permanently shaped exactly like Dubya's rectum, is a political no-one. He's got his political no-ones alongside him, such as Alexander (Quilt) Downer who seems like he's going to cry every time he has to speak in public.
Little Johnny Whoward, you can pronounce that "Who-ward" or "Dubya-Howard - either is equally appropriate, who is trying to bring the Australian worker down to the poverty level of the peasant in the middle ages, seems to have signed a non-compete contract with fairness and reasonable treatment of people - and he's not even trying to soar to the dizzying heights of mediocrity in case he comes close to breaching that contract. It seems he'd rather wallow in the filth and bring the rest of the country down to his level.
I just hope that if the Federal Labor Party actually has policies and a plan this time (they had Beazley last time, and he was neither) that they let people know what they are. I'm not a fan of a religious nutter leading a country - the political system is not a church (read that again, Dubya) and should not be treated like one. But I hope that those behind the Labor Party's nutter leader can actually offer something of benefit to Australians and the world.
Regards,
The Outspoken Wookie
John Whoward - I've changed his name, not to protect the innocent, but because it now has 2 different and equally valid implications - has to be the world's most irrelevant leader. It seems that most people in the country he rules with an ironic fist find him a displeasing little man (even distasteful) and will hopefully oust he and his cronies at the next Federal election. Not only that, I'm sure that Dubya doesn't even know his name and the only time he notices him is when Johnny sneezes - considering Little Johnny has his head firmly planted up Dubya's date, this sneezing causes a wry smile on Dubya's face.
Yes, Little Johnny Whoward, who's head is now permanently shaped exactly like Dubya's rectum, is a political no-one. He's got his political no-ones alongside him, such as Alexander (Quilt) Downer who seems like he's going to cry every time he has to speak in public.
Little Johnny Whoward, you can pronounce that "Who-ward" or "Dubya-Howard - either is equally appropriate, who is trying to bring the Australian worker down to the poverty level of the peasant in the middle ages, seems to have signed a non-compete contract with fairness and reasonable treatment of people - and he's not even trying to soar to the dizzying heights of mediocrity in case he comes close to breaching that contract. It seems he'd rather wallow in the filth and bring the rest of the country down to his level.
I just hope that if the Federal Labor Party actually has policies and a plan this time (they had Beazley last time, and he was neither) that they let people know what they are. I'm not a fan of a religious nutter leading a country - the political system is not a church (read that again, Dubya) and should not be treated like one. But I hope that those behind the Labor Party's nutter leader can actually offer something of benefit to Australians and the world.
Regards,
The Outspoken Wookie
Friday, February 02, 2007
England find the right end of the bat
Well, bugger me!
England beat Australia by 93 runs in the One Day match in Sydney today. That's something for the books!
We played poorly - we fielded like the English team and batted pretty much the same. Sure, Roy retired hurt, but regardless of that, we'd not have come that much closer.
England played well - they batted quite well, fielded much more like Australia than we did, bowled well and basically kicked our butts.
I trust this will give the Poms a good shove in the right direction - ie, playing cricket! They haven't done much of that all summer to this point. They did well today and deserved to beat us. I just hope this continues for them. They may keep their houses after all!
Regards,
The Outspoken Wookie
England beat Australia by 93 runs in the One Day match in Sydney today. That's something for the books!
We played poorly - we fielded like the English team and batted pretty much the same. Sure, Roy retired hurt, but regardless of that, we'd not have come that much closer.
England played well - they batted quite well, fielded much more like Australia than we did, bowled well and basically kicked our butts.
I trust this will give the Poms a good shove in the right direction - ie, playing cricket! They haven't done much of that all summer to this point. They did well today and deserved to beat us. I just hope this continues for them. They may keep their houses after all!
Regards,
The Outspoken Wookie
Subscribe to:
Posts (Atom)