Wednesday Wishbone

All the news that's fit to rant aboutLast news before Turkey Day.
Mathematician and father of Cybernetics, Norbert Wiener, was born in 1894. Peanuts creator, Charles Schulz, was born in 1922. France became the third space power in 1965 with the launch of the Asterix-1.

  1. A Danish security company is warning users of IE 6 (which is nearly everyone) to turn off Active Scripting or use a different browser. A Chinese security researcher discovered five cross-site scripting vulnerabilities which would allow hackers to compromise affected PCs. The question now is whether Microsoft will break its new monthly update policy to offer a fix. The company is investigating.
  2. Don’t rush to use Opera instead, however. Versions 7 to 7.22 of Opera have two security flaws that could also give hackers access to your PC. The company has released an upgrade to 7.23 and recommends that all users download it. I say stick with open source: Mozilla is looking better all the time.
  3. Some hackers prefer to use social engineering. According to Sophos, a new Trojan, sysbug-A, is being distributed as an attachment to a “saucy” email from a man who apologizes for not using a Trojan. He claims to be sending nude pix of Mary. You know the drill. Don’t open attachments!
  4. The Senate approved the CAN-SPAM act yesterday, now all that remains is for Bush to sign the bill into law, which he has promised to do. It’s not the bill many of us had hoped for, but it’s better than nothing.
  5. The Motion Picture Association of America (MPAA) and the Recording Industry Association of America (RIAA) are seeking permanent anti-trust exemption. Senator Orrin Hatch has introduced the EnFORCE Act: Enhancing Federal Obscenity Reporting and Copyright Enforcement Act of 2003 (how much time is wasted by Senate staffers working up these strained acronyms?) which includes a provision to offer permanent immunity to the kind of antitrust lawsuits filed by webcasters against the RIAA two months ago. Hatch says the protection is required by “market realities.” Hunh?
  6. Having cell phone problems? AT&T Wireless’s glitches continue. A software bug has been causing delayed connections and other issues. It prevented customers from switching carriers on Monday when number portability went into effect. How convenient.
  7. Andrew Morton says Linux kernel 2.6.10 is the last beta version. Expect 2.6 final in the second half of December. Commercial distros will incorporate the new kernel in early 2004. (Incidentally, I installed SuSE 9 last night using the 21 MB boot.iso and a network install and it came up beautifully. The YaST installer is the best I’ve used. And it recognized all the hardware that Red Hat 9 did not. It comes with Open Office and Ximian, defaults to KDE 3.1, and recognized all my NTFS partitions, too. Two thumbs up.)
  8. Now that Vivendi has sold the domain name MP3.com to c|net, it plans to destroy all the files on the old MP3.com servers. Michael Robertson, the founder and former owner, is trying to save what he calls “the largest collection of digital works ever assembled.”

16 Replies to “Wednesday Wishbone”

  1. I’m really going to show some ignorance here, but how is open source safer? Logic tells me that if a hacker could go through the source code, (s)he could find flaws quicker, easier, and be able to coordinate a better, more-thorough attack.
    I love to learn, so someone please fill in this blank for me!
    With all that seemingly anti-open source stuff said, I’m a huge fan of Mozilla’s Firebird.

  2. I’m trying out the SuSe9.0 live eval version now to see if i like it before going through the install.

  3. Enough tech talk, why doesn’t Walmart sell a Madden Turducken? They would make millions. Just curious.

  4. I don’t understand CNET wanting the MP3.com Domain name if they are not going to host the Music. It seems a shame if someone doesn’t pick up what looks like a perfect mucic site already!! Is is just me???

  5. stand alone dvd recorders barraged the ads this week.
    you barely warned us with the pioneer/ Tivo offering in your holiday gift guide. a couple days later we’re hit with an onslaught of new toys with virtually no preamble. did it catch you by surprise?
    I’ve longed for a lasting medium to store video. What good is a camcorder when the tapes don’t last or the dvd’s data errodes over time? I take it this batch of toys has the same flaws. Are you going to do a review and when will we know how well to trust the dvd recording format? Hope you had a good holiday!

  6. Brent said:

    I’m really going to show some ignorance here, but how is open source
    safer? Logic tells me that if a hacker could go through the source
    code, (s)he could find flaws quicker, easier, and be able to coordinate
    a better, more-thorough attack.

    That’s what a lot of closed soure advocates say. The idea behind open source being more secure is two fold, and fall under Eric Raymonds notion that “Given enough eyeballs, all bugs are shallow.” (Linus’ law)
    First, with everyone being able to look at your code, it receives enough peer review that security problems can be ID’ed as fast or faster than crackers can find ’em — thus allowing the author to publish a fix *before* something becomes a problem.
    Second, when a problem is found, you’re not limited to waiting for the publishers development staff to understand the problem, then coming up with a fix, and then waiting for the the fix to be distruted (if “they” decide to distribute it at all). With open source, everyone who has the product (and is code-aware) becomes a potential bug-fixin’ devloper. This means that open source projects can be much more responsive to fixing problems than their closed source counterparts.
    I’d love for someone in-the-know to comment on Brent’s notion of a cracker scouring source code for flaws. I just don’t imagine alot of the virus/worm writers examining thousands of lines of code just to come up with a really excellent exploit. This seems to require too much focus — particularly since lots of the big worms only seem to show up after a legitimate researcher has published an example exploit that can be cut-n-pasted into an existing body of code.

  7. Thank you, Thom, for addressing my question! That makes perfect sense, so much so in fact that I’m surprised I didn’t realize that myself!

  8. wow, so when will the riaa ask to be exempted from killing music sharers too? Isn’t that where they are headed?

  9. I have switched over to mozilla for quite a while now and love it, the only time i use IE is for updates….does everything

  10. Happy Thanksgiving. I read your blog often but never thought to say THANKS for always having the best news all in one spot. xoxo

  11. oh no. please don’t tell me that mp3.com will turn into one of those funky “search” pages.
    I hate those. Talk about wasting good domain names. That crap should be against the law.

  12. Thanks for providing the link to barnes and noble for your book. even cheaper than last year with a dvd to boot! Now if you’d just sign them all for those of us out of staters.

Comments are closed.