Microsoft announced last December 15 of yet another major flaw in version 7 of its Internet Explorer browser which allows remote code execution on the target computer (as if the others do not already).

Dubbed as Microsoft Security Advisory (961051), the advisory went on to discuss the issue as follows:

The vulnerability exists as an invalid pointer reference in the data binding function of Internet Explorer. When data binding is enabled (which is the default state), it is possible under certain conditions for an object to be released without updating the array length, leaving the potential to access the deleted object’s memory space. This can cause Internet Explorer to exit unexpectedly, in a state that is exploitable.

It appears also that its not only IE7 that’s affected. It affects versions up to IE8 also. Even the BBC has snatched this issue as well.

What was weird for me was that the Full Disclosure community did not make any reaction to this disclosure by Microsoft. Or it might be too early as the secinfo experts and enthusiasts are scrambling to verify this if at all.

My take on this is - what’s new? Honestly, I’m not surprised at all.

Technorati browser, internet, explorer, IE, major, flaw, microsoft, security
Site Search Tags: browser, internet, explorer, IE, major, flaw, microsoft, security

This just came in yesterday, the Samba team has been granted full access to the documentation of Microsoft’s Network File Protocols. This is a direct result of the European Commission’s decision regarding Microsoft acting as monopoly. Microsoft was ordered to open up some of its proprietary protocols and pay the sum of $613 million in fines.

The landmark decision by the European Commission also grants competitors and opensource developers to release the produced code as purely opensource and will be licensed under GPL2 or GPL3. This allows Samba and other similar projects to be able to fully build opensource products that will be fully compatible with Microsoft’s protocols. The timing is right for this latest development specially with the Samba Team getting their momentum going in providing Active Directory-compatible features with its latest Samba 4 project currently in its alpha stages.

Another project that will benefit to this latest development will be Centeris Likewise.

Additional Reference:
Samba Team Receives Microsoft Protocol Documentation
The PFIF Agreement
Freeing Up the Windows Workgroup Protocols

Technorati: samba, microsoft, protocols, opensource, linux,
Site Search Tags: samba, microsoft, protocols, opensource, linux,

The following article contains opinions and personal views of the author and will be taken as such. There is no guarantee to the accuracy, timeliness of some of the information that may be found within the article. The methods that are discussed here might not be applicable in your case. The author will not be held liable for any damage caused by using the method/(s) described in this article . Use the methods at your own risk. - hardwyrd

If you’ve downloaded documentations, help files, and how-tos, I’m pretty sure you’re very familiar with CHMs. CHMs — or Compiled HTML Help (or Manual) files, were pretty much popularized by Microsoft (shudder…) and was(is) in use by Microsoft Help. CHMs are pretty much compact in its own allowing plain HTML help files to be crammed into a single file and yet have its layout and objects intact.

On Linux however, this file format is not natively supported. You’d have to use a reader app to get to the info contained in CHM files. One of those popular CHM readers is gnoCHM. Another, also popular CHM reader is xCHM. xCHM is the one we will take a short look for today.

xCHM is pretty much a basic and simple CHM reader. It features a very simple interface, with standard browsing buttons that you can find in virtually any type of internet browser. The reader afterall is like a browser on its own showing you the contents of a compiled “web site”. Using xCHM is a no-brainer. Since xCHM is not a part of the standard install of your favorite distro (not that I’m aware of), we need to get the package and install it ourselves. For this session, I am using SLED10, however, at the bottom of this article you will find steps in installing it in Ubuntu or Debian.

Getting xCHM
You can get the latest stable xCHM build from its website at Sourceforge. Or you can copy and paste the following to your browser:

http://xchm.sourceforge.net/

In the xCHM site, you can choose to download pre-built binaries for your specific distro, or you can get the source and compile xCHM yourself. I will feature building xCHM from source. Should you want to feel “gung-ho hard core” about this exercise, you may get the package using wget by doing the following in your terminal:

wget http://jaist.dl.sourceforge.net/sourceforge/xchm/xchm-<version-number>.tar.gz


Once you have downloaded the xCHM source, we will need another set of package for it. xCHM uses the wxWidget GUI Library. If your distro doesn’t have this included, we will need to get wxWidget from its website. You may go “gung-ho hard core” again and do the following in your terminal:

wget http://prdownloads.sourceforge.net/wxwindows/wxWidgets-<version-number>.tar.gz

Let’s Build!
Once you finish downloading wxWidget, we will need to extract it and compile it.

# tar xzvf wxWidgets-<version-number>
# cd wxWidgets-<version-number>/
# mkdir buildgtk
# cd buildgtk
# ../configure --with-gtk
# make
# make install
# ldconfig

With a working wxWidget install, we can now proceed to installing xCHM. Again, we will need to extract the xCHM source package and install it.

# tar xzvf xchm-<version-number>.tar.gz
# cd xchm-<version-number>/
# ./configure
# make
# make install

That’s all there is to it!

To test if xCHM works, just type xchm in your terminal or open a chm file directly by typing xchm /path/to/your/file.chm.

For Ubuntu / Debian users, you may get wxWidget by first adding the wxWidget trusted key.

# curl http://apt.wxwidgets.org/key.asc | sudo apt-key add -

Modify your /etc/apt/sources.list to include the wxWidget repo.

# wxWidgets/wxPython repository at apt.wxwidgets.org
deb http://apt.wxwidgets.org/ DIST-wx main
deb-src http://apt.wxwidgets.org/ DIST-wx main


Do an update of your apt cache.

$ sudo apt-get update

Install wxWidget.

$ sudo apt-get install python-wxgtk2.8 python-wxtools python-wxaddons wx2.8-i18n

Once wxWidget is installed, you may proceed in installing xCHM from your Ubuntu repo. Make sure that you search first if xCHM is present, then proceed to installation.

$ sudo apt-cache search xchm
$sudo apt-get install xchm


You can also do wxWidget and xCHM installation in one command sweep after you have added the wxWidget repo.

$ sudo apt-cache search xchm
$ sudo apt-get install python-wxgtk2.8 python-wxtools python-wxaddons wx2.8-i18n xchm

No sweat. ENJOY!

Screenshots

Technorati: xCHM, chm+reader, CHM, reader, Linux, gnochm, SLED10, Ubuntu
Site Search Tags: xCHM, chm+reader, CHM, reader, Linux, gnochm, SLED10, Ubuntu

The cost for vendor-centric certifications from the likes of Cisco, Microsoft, Red Hat, and Novell to name a few are somewhat highly specially for middle-wage earners like me who happens to reside in the Philippines.

So what do I do? Enlist at BrainBench. Although, there have been a lot of mixed opinions coming from all sorts of people regarding BrainBench’s certifications, I still find time to take the exams it offer. However, what I do is wait out for any “sponsored certifications” because these are for certain to be free of cost for the taker. I get to “certify” my self without paying for anything.

However, some people say that BrainBench’s certification is not truly reliable because the taker can engage in cheating at any time. I have been taking BrainBench’s certifications for a few years now. BrainBench’s exams are actually timed, plus the exam items are random. If you will spend a little more time scanning for the right answer, there’s a slim chance you’ll get the right one.

Plain Honesty
For my part, ever since I’ve started taking BrainBench’s exams I never tried to cheat on it. Why? because I am not cheating BrainBench. I’m cheating myself I’f I did. Plus the timed test doesn’t give me much room to cheat anyways.

Newly Acquire BrainBench Certification
I am not so sure about how other companies and employers perceive BrainBench’s certifications whether they will honor it or not. Regardless, I have taken another of its certification, the Apache 2.0 Administration exam, and passed it. I got a 3.17 mark.


Test: Apache 2.0 Administration
Date: 12-Sep-2007
Score: 3.17
Weights: 100% Apache 2.0 Administration
Elapsed time: 29 min 23 sec
Apache 2.0 Administration
Score: 3.17
Percentile: Scored higher than 52% of previous examinees

Demonstrates a solid understanding of core concepts within this topic. Appears capable of working on most projects in this area with moderate assistance. May require some initial assistance with advanced concepts, however.
Strong Areas

* Securing Web Server
* Server Configuration

Weak Areas

* Tracking Server Activities
* Customization

Bottomline
I’m not really sure how serious companies are with regards to accepting BrainBench’s certifications. Of course, I still have my eye on taking CompTIA’s A+, Linux+, and Network+. I also got my eye on LPI’s own set of certifications. However, my pocket’s not that deep right now and instead of paying for certifications, I need it to buy food for the table. BrainBench’s exams are a great mental exercise for me and my skill anyways and I don’t expect to get a perfect score from it nor do I ambition to.

Technorati : certification, BrainBench, skill, evaluation, exam, free+certification
Site Search Tags: certification, BrainBench, skill, evaluation, exam, free+certification

In an enterprise environment, it is quite a challenge for administrators to be able to quickly and efficiently deploy a bunch of network services on top of Linux. Services like web(http), ftp, DNS, DHCP, SSH, and the like require some configuration time, proper planning, and discussion with the deployment team, auditing team, and helpdesk teams. Rolling out a set of physical servers is also another area where improvement in deployment speed is almost equivalent to a the success or failure of your business.

Choosing what platform or operating system to leverage on for your environment is also another key decision. Depending on an enterprise’s requirements, you may opt to go for Linux, pure Unix, Windows (yeah it too is an option by some standards), and even Mac OS X. You might ask, “How come Netware is never mentioned?” Well, it is quite obvious. Despite the strength and reliability of Netware, the low volume of applications that could be had on the platform has almost put it to near obscurity. However, those who are still using Netware continue to profess to its rigidity, solid performance, and reliability.

What will happen to Netware? Actually, Netware is not dead. It is alive and well, and Novell continues to nurture the still breathing, and would you believe it - growing, community of Netware users. Yes, yes, I’ve said Netware was put to near obscurity. Got it? N-E-A-R. It’s not obscure. It’s not dead. It is just low under the radar compared to other platforms like Windows, Linux, Solaris, and others. Again, its community is growing.

How on earth is it low on the radar and yet growing? Simple. Novell is slowly morphing Netware. From a pure Netware operating system, it is now a hybrid operating system. Novell called it Open Enterprise Server (OES). Open Enterprise Server is both a Linux system and a Netware system. On one hand you can install it as a Netware-kernel based server, offering the same traditional Netware services. On the other hand, you can deploy it as a pure Linux system, based on SuSE Linux Enterprise Server 9, offering traditional Linux services like any other Linux distribution and yet also offering the Netware services that you can only previously find on Netware. Services like Virtual Office, Edirectory, iFolder, and Netware Storage Services, are just a few of those services traditionally found on Netware.

Novell Open Enterprise Server 2 Public Beta
Recently, I have received an email from Novell’s Beta Management Team informing me (and others in their mail list of course) that Open Enterprise Server 2 is now available as Public Beta release. OES 2 will complete the transition of offering Netware services on top of a pure Linux system.

Solid Under the Hood
OES 2 runs on top of SuSE Linux Enterprise Server 10 SP 1 leveraging the latest stable enterprise SuSE build fused with the latest Netware 6.5 services on an easy to deploy Linux-cum-Netware distribution.

Notable Improvements
Like any recent Linux distributions, Open Enterprise Server 2 has full support for 64-bit dual-core and multi-core processors. And just like its SuSE Linux Enterprise brethren, it also comes chockful ‘o virtualization goodness thanks to the built-in Xen Hypervisor technology that allows it to provide both paravirtualized and fully-virtualized environments of Windows, Solaris, or other Linux distributions.

The most notable development to date that the Open Enterprise Server 2 may offer is the Dynamic Storage Technology introduced in this build. Dynamic Storage Technology eliminates seldom-used data from taking up valuable space on your most expensive and highest-performing storage devices. As Novell puts it:

“Dynamic Storage Technology allows administrators to create policies that dictate what data is considered active or inactive. With these policies, inactive data is relocated to lower-cost storage solutions and is backed up less frequently. Active data then resides on highest-performing storage environments, is backed up more frequently and is first to be restored in the event of a disaster. End users see no change in the way they access their information, but the data is automatically optimized based on policies and actual use.”

Another key development to this build is called Domain Services for Windows. In the good old days of Netware and the previous OES version, the only way for Windows workstations to authenticate to Edirectory will be via the Novell Client which must be installed on all machines. With Domain Services for Windows, workstations will no longer need to have Novell Client installed, and instead will communicate with Open Enterprise Server using native Windows protocols and authenticate themselves the same way they authenticate to Active Directory.

The same Domain Services for Windows also provided another way to manage OES on top of Windows — via the Microsoft Management Console. Netware and the previous OES version is managed via ConsoleOne or iManager. Now, administrators can perform certain file system and directory tasks, as well as centrally administer Samba shares via the MMC.

Me and my team are still currently evaluating the current beta build and it might be a month or so before the final stable release. However, we are very excited to see this thing run and look at what it can do. Who knows, this might just allow Windows Server 2003 make a run for its money.

Links:
Novell OES Product page
Novell OES 2 Public Beta Download page

Technorati: OES, Open, Enterprise, Server, Novell, Netware, Linux,
Site Search Tags: OES, Open, Enterprise, Server, Novell, Netware, Linux,

In a landmark move, IBM yesterday announced that it is joining with the OpenOffice.org community in the continued development of OpenOffice.org software. In a press release made through the OpenOffice.org website, Mike Rhodin, IBM’s Lotus Division General Manager expressed that “IBM is very pleased to be joining the OpenOffice.org community. We are very optimistic that IBM’s contribution of technology and engineering resources will provide tangible benefits to the community membership and to users of OpenOffice.org technology around the world. We’re particularly pleased to be teaming with the community to accelerate the rate of innovation in the office productivity marketplace. We believe that this relationship will improve our ability to deliver innovative value to users of IBM products and services. We also believe that the collaboration will lead to an even broader range of ODF-supporting applications (ISO 26300) and solutions that draw from the OpenOffice.org technology.”

John McCreesh, OpenOffice.org’s Marketing Project Lead welcomed the announcement by saying “We welcome IBM’s contributions to further enhancing the OpenOffice.org product. But equally important is IBM’s future commitment to package and distribute new works that leverage OpenOffice.org technology supporting the ISO ODF standard. ODF is a once in a generation opportunity for the IT industry to unify round a standard, and deliver lasting benefit to users of desktop technology.â€�

Meanwhile, Sun Microsystems, one of the staunch supporter of OpenOffice.org, welcomed IBM’s move with open arms. “In the seven years since Sun founded the project, OpenOffice.org has fueled and filled the need for document data and productivity tools that are open and free. Open source software and ODF are having a profound impact around the world, with numerous communities and organizations coming together to support these initiatives and governments, and corporations and schools standardizing on the software. We look forward to working with IBM and the other members of OpenOffice.org to ensure that this momentum continues. We invite others to join us in the community and participate in building the future as OpenOffice.org and ODF continue to gain popularity across the planet,” said Rich Green, Executive Vice President for Software at Sun Microsystems.

The OpenOffice.org project was stemmed from Sun Microsystem’s own StarOffice that offered document compatibility with Microsoft’s own proprietary Office document formats. OpenOffice.org, along with the Organization of the Advancement of Structured Information Standards (OASIS), developed and promoted the use of the OpenDocument specification (ODF) which allows documents to be openly supported by any application free of proprietary restrictions. IBM for its part was said to have borrowed code from the OpenOffice.org software and integrated the code into their Workplace suite of products back in 2005. This move will in turn even things out with IBM returning the gesture and sharing code with the OpenOffice.org community. This will shift things in favor for OpenOffice.org, further cementing its viability as an office productivity suite that is worthy of attention.

The recent move by IBM also caught the attention as welcome news to Red Hat, Beijing’s RedFlag Chinese 2000 Software, and Ubuntu.

It can also be noted that Microsoft in its part is busy in lobbying its own “open” document format in the form of the OOXML specification for standardization which is currently under review at ISO.

OpenOffice.org Press Release

Technorati : openoffice, OpenOffice.org, IBM, opensource, open-source, announcement
Site Search Tags: openoffice, OpenOffice.org, IBM, opensource, open-source, announcement

The keyboard and the mouse have been our oldest means of interacting with a computer. Of course there are some other specialized devices like braille boards, microphones, trackballs, graphic tablets, light pens, drawing pucks, and the list goes on. However, on a common computer workplace, you’re bound to see only the ever humble keyboard, and the mouse. And we have done so much torture to these devices and has given little or no care for these handy helpers. And it seems that the time is almost here that we will be saying goodbye to them.

Microsoft and Surface aim to be first in the mainstream market for multitouch computing

May 30 saw Microsoft, with CEO Steve Ballmer in hand, introducing their new product dubbed Microsoft Surface code named “Milan”. The product aims to be a tactile computing platform with full interaction with virtual objects on a table-top display unit. This project was started way back 2001 and was kept relatively under tight wraps for a couple of years.

Surface is basically a table cut in the middle and replaced with a projection screen. It is then stuffed inside with a run-off-the-mill high-end PC running Windows Vista (ugh!), a projector, and a couple of infrared cameras that sense the interaction of the fingers on the touch surface (display). Microsoft has also developed the software that is taking charge all the interaction within Surface. Milan senses all sorts of gestures, finger manipulations, and interaction with the virtual objects.

However, the big question is even if I can afford this type of machine will I buy it? NO. Why? The reason goes far beyond the fact that it is being made by Microsoft, no. It is the fact that they have put too much moving parts on that thing. Too much moving parts, means too many points for failure. Plus they will need to find a way to make it thinner than it is. And it is a table-top for pete’s sake.

If not Surface and if I will go for Tactile Computing in the future, what would I choose? Read the following entry.

Jeff Han and the wave of the future

Jeffry Han, a Human-Computer Interface designer doing research and consulting at the New York University, made a public demonstration at the annual TED event last August 2006 what he calls an “interface-free computer display”.

Courtesy of multi-touchscreen.com.

What sets Jeff Han’s multitouch screen display apart from Microsoft is that compared to MS Surface, Jeff Han’s display uses a method called “frustrated total internal reflection” (FTIR).

FTIR recognition technology has been existing for quite sometime and is already a very mature method. It has been in use on biometric devices the likes of fingerprint readers. (See at Wikipedia)

Summary
In all, what Jeff Han and his team developed is in my opinion a lot more efficient, more customizable, and space saver since the multitouch screen display can be a few factors thinner than existing touch screens and way thinner than the Microsoft Surface. This will also bring the possibility that Jeff Han’s multitouch screen display may be able to work well with other platforms and not only Windows.

My bet will definitely be with Jeff Han and his team.

Jeff Han has spun off his research team from the NYU Courant Institute of Mathematical Sciences and called it Perspective Pixel.

It won’t take long and we will definitely see a new breed of display-input systems. No, I don’t want something coming from Microsoft. I want one that runs on Linux or Mac, thank you. And Jeff Han’s display might be the one safe bet.

Watch Jeff Han performing a demo of a larger version of the multitouch screen at Perceptive Pixel

More links:
Jeff Han at TED 2006
Jeff Han’s Bio at TED
Jeff Han’s page
Multi-Touch Screen.com

Technorati : Surface, Microsoft, Jeff Han, multitouch+screen, Perceptive+Pixel, display, devices
Site Search Tags: Surface, Microsoft, Jeff, Han, multitouch+screen, Perceptive+Pixel, display, devices

Recently, Novell and the Electronic Frontier Foundation entered into a partnership to join EFF’s fight against software patents.

With this recent move by Novell in providing funding for the EFF, left a lot of hardline opensource advocates baffled. Novell is lending a hand in fighting patents yet on the other, it entered into an agreement with Microsoft on patent protection.

Other people might be baffled by this recent Novell move, however, I see it as a wise defensive tactic. How so? At present, Novell is actively pursuing its Linux business and Linux-based solutions, while developing, co-developing, and sponsoring opensource projects and initiatives. Microsoft on the other hand is also busy tossing FUD (fear, uncertainty, and doubt) against opensource in general and Linux in particular whilst also engaging in its own opensource tango (CodePlex, DLR, etc..). There is really nothing that can stop Microsoft from tossing FUD, rattling prospective and existing customers using Linux and opensource. The only recourse on Novell’s mind is to have a “short term” solution, err protection, to its own client base from Microsoft’s allegations.

It’s partnership on the other hand is THE “long term” solution. Despite Novell being a part proprietary-part opensource outfit, it seems to have recognized the hassle that software patents brought. And it seems that Novell also has come to understand that software patents plus ingenuity is not equal to software innovation. Partnering with the EFF is one way to speed up the process of doing away with software patents.

What will Novell get as a benefit out of its EFF partnership? IF the EFF will be successful in lobbying against software patents, Novell will be one of the first companies to benefit from it. How so? It will by then be able to develop innovative products that will really cater to what their customers need without spending too much on research and development and reuse available techniques without fear of being muscled because it has encroached on patents.

Where will this leave the opensource community? The community will grow along with Novell and Red Hat to exponentially epic proportions. Why? Same reason that applies with Novell, no more fear of being chased down the street by a mad mafia boss because you are on the same business as he is and selling almost the same product as he is at the fraction of the cost.

Yes, my outlook of the future is a lot more prestine than what is happening right now. If the future will be what I think it is should EFF + Novell = No Software Patents, then I see no reason why I am not going to support this move.

And lastly, I think there are now a lot of MS lawyers scrambling and scratching heads how to get away from the SuSE Linux coupons fiasco. Before we know it, MS might become under the GPL by hook or by crook. He who laughs last, laughs loudest.

Technorati EFF, Novell, Microsoft, Linux, open, source, software, patents,
Site Search Tags: EFF, Novell, Microsoft, Linux, open, source, software, patents,