http://juerkkil.iki.fi/2013/03/13/running-openbsd-on-laptop/
2014-05-12
2014-04-30
IE Vulnerability in a post-WinXP Support Era
US Dept. of Homeland Security official advisory of recent Internet Explorer vulnerability affecting version 6 to 11 of the popular & default WinOS browser.
http://www.us-cert.gov/ncas/current-activity/2014/04/28/Microsoft-Internet-Explorer-Use-After-Free-Vulnerability-Being
Microsoft now has an accompanying security advisory, with many technical details and work around of using the Enhanced Security Feature of IE.
https://technet.microsoft.com/en-US/library/security/2963983
If you are on WinXP however, IE 8 the last version of Internet Explorer available to you an now patch will be released. In this case, you should strong consider installing and using another browser such as Firefox or Google Chrome. On WinXP computer you many want to kill IE so that it never gets used even by a user who manually invokes the application directly.
Here's how to kill IE once and for all on WinXP: http://www.runbooks.info/p/disable-internet-explorer-on-winxp.html
http://www.us-cert.gov/ncas/current-activity/2014/04/28/Microsoft-Internet-Explorer-Use-After-Free-Vulnerability-Being
Microsoft now has an accompanying security advisory, with many technical details and work around of using the Enhanced Security Feature of IE.
https://technet.microsoft.com/en-US/library/security/2963983
If you are on WinXP however, IE 8 the last version of Internet Explorer available to you an now patch will be released. In this case, you should strong consider installing and using another browser such as Firefox or Google Chrome. On WinXP computer you many want to kill IE so that it never gets used even by a user who manually invokes the application directly.
Here's how to kill IE once and for all on WinXP: http://www.runbooks.info/p/disable-internet-explorer-on-winxp.html
2014-04-08
Heartbleed Bug OpenSSL
Possible one of the most significant security bugs in recent times. Any server running OpenSSL 1.0.1 through 1.0.1f (inclusive) is vulnerable to this security threat. As this is a common package on many Linux distros, a very large number of Internet servers, hosting everything from websites, ecommerce sites, email system, instant message, etc. are likely affected by this bug.
By exploing this memory leak the server's private key can be compromised. The attack leave no trace. With the private key in hand, attackers could decrypt any past and future secure traffic that used/uses this key.
For the average Internet user, this potentially means that your password used to access a given secure website, (on a server affected by this bug), could be determined by anyone who has access to a copy data packets exchange between you and the "secure" server. This could be anyone who has access to the path on which your data flows between client and web server, local network administrator, ISP, (NSA it goes without saying).
What Happens Now:
Sys Admin will need to patch their system and get new private keys re-issued.
User should change their password on their system is fully patched and operating with new keys.
The affected version of OpenSSL are included by default in the following Linux operating system.
By exploing this memory leak the server's private key can be compromised. The attack leave no trace. With the private key in hand, attackers could decrypt any past and future secure traffic that used/uses this key.
For the average Internet user, this potentially means that your password used to access a given secure website, (on a server affected by this bug), could be determined by anyone who has access to a copy data packets exchange between you and the "secure" server. This could be anyone who has access to the path on which your data flows between client and web server, local network administrator, ISP, (NSA it goes without saying).
What Happens Now:
Sys Admin will need to patch their system and get new private keys re-issued.
User should change their password on their system is fully patched and operating with new keys.
The affected version of OpenSSL are included by default in the following Linux operating system.
- Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4
- Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11
- CentOS 6.5, OpenSSL 1.0.1e-15
- Fedora 18, OpenSSL 1.0.1e-4
- OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012)
- FreeBSD 10.0 - OpenSSL 1.0.1e 11 Feb 2013
- NetBSD 5.0.2 (OpenSSL 1.0.1e)
- OpenSUSE 12.2 (OpenSSL 1.0.1c)
OpenSSL Security Advisory from 07 Apr 2014 (http://www.openssl.org/news/secadv_20140407.txt)
2014-03-28
Windows Virtual PC does NOT Support 64-bit Guest OS
Really!?!
http://social.technet.microsoft.com/Forums/windows/en-US/577ca89f-22da-4896-bc63-e724c38950a7/windows-virtual-pc-support-64-bits-guest-os?forum=w7itprovirt
Like many others in the ensuing thread discussion on TechNet, this is annoying, frustrating and, why Microsoft, WHY? Another example of Microsoft crippleware perhaps?
If you are a developer or administrator, and need a virtual OS instance to test/demo software, it's likely that you need to TEST on a 64-bit OS, as these are now the norm for any new builds.
Instead, your options for a free virtual machine that can house a 64-bit guest OS are Oracle's VirtualBox or VMWare Player. I guess Microsoft only wants you to use Virtual PC to run 32-bit Windows XP.
http://social.technet.microsoft.com/Forums/windows/en-US/577ca89f-22da-4896-bc63-e724c38950a7/windows-virtual-pc-support-64-bits-guest-os?forum=w7itprovirt
Like many others in the ensuing thread discussion on TechNet, this is annoying, frustrating and, why Microsoft, WHY? Another example of Microsoft crippleware perhaps?
If you are a developer or administrator, and need a virtual OS instance to test/demo software, it's likely that you need to TEST on a 64-bit OS, as these are now the norm for any new builds.
Instead, your options for a free virtual machine that can house a 64-bit guest OS are Oracle's VirtualBox or VMWare Player. I guess Microsoft only wants you to use Virtual PC to run 32-bit Windows XP.
2014-03-20
Microsoft Office 365: Outlook (OWA) to Office Docs (One Drive Pro) FAIL!!!
Thought I'd give Office 365 a test spin. Certainly the low cost per month for OWA and Office functionality has it's appeal. Took me less than 2 minutes to figure out MS still doesn't have a clue what a modern mesh of integrated web application should look and function like.
Take the simplest of Use Cases: Someone just emailed me a Word Document. Great, I'd like to save this to my One Drive and continue to edit it from there using MS Word. Being familiar to Google Gmail/Drive/GoogleDoc platform, I just expected this to be a simple series of clicks, I thought that was the whole point of webifying everything. WRONG. Instead you must, download the document to your local computer and then upload it to SkyDrive, (I mean OneDrive ;-)
MS Support Thread Regarding this Use Case: http://community.office365.com/en-us/forums/154/t/187507.aspx
Now this isn't the end of the world, is actually a relatively trivial task, but it sucks and I can see a number of problems with it. What if I'm not using my personal PC and I don't want to save document to the local disk. At a web cafe or someone elses PC, I won't be sure that I can securely erase what I save locally. Having worked an IT Helpdesk, I can tell you for a fact that many users have trouble locating where on local disk they save things via browser download. This download / upload process requires them to remember a location twice.
Upon noticing this flaw I submitted an Office 365 feedback. This was my reply to MS:
With an Office 365 subscription, Documents can't be save directly from OWA to OneDrive Pro. Are you kidding me!?!?
I think your requirements should have looked something like this:
1.) A functional Webmail client
2.) A functional Web Office Suite
3.) 1 & 2 work together nicely, in something that resembles a half competent Web 2.0 web app.
Back to Gmail for me, thanks for coming out to try-outs Microsoft.
Take the simplest of Use Cases: Someone just emailed me a Word Document. Great, I'd like to save this to my One Drive and continue to edit it from there using MS Word. Being familiar to Google Gmail/Drive/GoogleDoc platform, I just expected this to be a simple series of clicks, I thought that was the whole point of webifying everything. WRONG. Instead you must, download the document to your local computer and then upload it to SkyDrive, (I mean OneDrive ;-)
MS Support Thread Regarding this Use Case: http://community.office365.com/en-us/forums/154/t/187507.aspx
Now this isn't the end of the world, is actually a relatively trivial task, but it sucks and I can see a number of problems with it. What if I'm not using my personal PC and I don't want to save document to the local disk. At a web cafe or someone elses PC, I won't be sure that I can securely erase what I save locally. Having worked an IT Helpdesk, I can tell you for a fact that many users have trouble locating where on local disk they save things via browser download. This download / upload process requires them to remember a location twice.
Upon noticing this flaw I submitted an Office 365 feedback. This was my reply to MS:
With an Office 365 subscription, Documents can't be save directly from OWA to OneDrive Pro. Are you kidding me!?!?
I think your requirements should have looked something like this:
1.) A functional Webmail client
2.) A functional Web Office Suite
3.) 1 & 2 work together nicely, in something that resembles a half competent Web 2.0 web app.
Back to Gmail for me, thanks for coming out to try-outs Microsoft.
2014-03-18
WordPress Myths
Clarifying a few myths you do hear once in a while regarding WordPress. http://portagedesign.com/wordpress-myths/
Very interesting point is the growing interest over time in terms of Google Search results. I would like to see this compared to some numbers on active installations on the Internet. Does anyone know where to find such numbers?
2014-02-21
Whitby Realtor for Whitby Waterfront Condo
In the market for Whitby Waterfront Condo? The website of Carol A Norris, ReMax REALTOR® for the Whitby and Durham areas, has some great information about the Condo buildings in the area, complete with pictures of the properties, list of amenities within and floor plans of the various suites available in each condominium building.
The Yacht Club
The Yacht Club
The Rowe
The Sailwinds
Enable reiserfs support on CentOS 6.5
Needed CentOS 6.5 support for reiserfs to pull data off an old boot drive from a SUSE box. These instructions worked perfectly. Just needed to change 6-4 to 6-5.
Linux/BSD: sharing experiences: HowTo: Enable reiserfs support on CentOS 6.2 and S...: By default RHEL clones such as CentOS and Scientific Linux don't come with ReiserFS filesystem support. However the ELRepo repository ha...
Linux/BSD: sharing experiences: HowTo: Enable reiserfs support on CentOS 6.2 and S...: By default RHEL clones such as CentOS and Scientific Linux don't come with ReiserFS filesystem support. However the ELRepo repository ha...
Subscribe to:
Posts (Atom)