« July 2003 | Main | September 2003 »
Don Box on being a programmer:
In general, I would be very hesitant to encourage anyone to pursue this career path. Like writing a book, the only people who should do it are those who can't not do it.
If you can't not program and you live in the St. John's area, contact me. I'd like to talk.
I installed Clemens Vasters' dasBlog tonight on one of our internal web servers. I'd like to try a corporate weblog to see if we can set a little more group creative thinking and collaboration going.
We're a .NET shop so I wanted to use something we were comfortable extending. The first thing I want to add is the ability for multiple users to post.
I'll try to post here on how the experiment works. If successful, I think we'll look at creating a weblog module for our Sharepoint install. That would be cool.
Since installing Outlook 2003 (beta2 with technical refresh) I've been using the built-in Junk Mail filter provided by Microsoft. It works wonderfully. It actually does a better job than SpamNet. I've canceled my SpamNet subscription and just now configured the Outlook Junk Mail filter to automatically just permanently delete spam - I trust it that much.
Hint: If you're using Exchange server, make sure you configure your account in cached mode - i.e. cache your email on your local machine, otherwise the filter doesn't work. And don't set it to permanently delete your junk mail until you have confidence that it's not deleting important stuff. I did have to build a small list of trusted senders before I gained confidence that everything going forward is junk.
* gnuftp, the FTP server for the GNU project was root compromised. A
replacement machine was rolled out in its place on the morning
(Eastern time) of 2003-08-02.
* After substantial investigation, we don't believe that any GNU
source has been compromised.
* To be extra-careful, we are verifying known, trusted secure
checksums of all files before putting them back on the FTP site.
That process began on 2003-08-02 and is ongoing.
Events Concerning Cracking of Gnuftp
A root compromise and a Trojan horse were discovered on gnuftp.gnu.org,
the FTP server of the GNU project. The machine appears to have been
cracked in March 2003, but we only discovered the crack in the last week
of July 2003. The modus operandi of the cracker shows that (s)he was
interested primarily in using gnuftp to collect passwords and as a
launching point to attack other machines. It appears that the machine was
cracked using a ptrace exploit by a local user immediately after the
exploit was posted.
(For the ptrace bug, a root-shell exploit was available on 17 March 2003,
and a working fix was not available on linux-kernel until the following
week. Evidence found on the machine indicates that gnuftp was cracked
during that week.)
This is the server that hosts the sources for all GNU projects, including GCC - the compiler used by most open source developers. Imagine the possibilities for putting trojans into some of the most used open source software. Apparently they didn't have backups, or what they had were also compromised. Thankfully they have checksums that they can verify the source code against.
I guess security doesn't only affect Windows, but nothing else makes interesting news.
Test posting from Pocket #MT.
7-Zip is a great open source alternative to WinZip. Now your conscience doesn't have to bother you every time you click the "Evaluage" button when WinZip opens.
Filezilla is a great open source FTP client - a bit rough, but does everything I want.
I generally download and install Cygwin for (among many other things) the SSH client. I heard about PuTTY only yesterday, so I haven't tried it yet. It looks like a great lightweight and free SSH client.
Except for PuTTY I use the other apps regularly.
See, I do like open sores... er, I mean source.
[NeoWin.net] In at least a partial answer to its critics, Microsoft said it would begin shipping the consumer and business versions of Windows XP with the protective network firewall completely activated, to make PCs less vulnerable to attacks.
Great idea. And they're doing it with the current shipping version rather than waiting for Longhorn. If only they had done this from the start with XP...
Wow. NVidia has really benefited from supplying XBOX, while ATI got stuck with the Nintendo Gamecube.
I just installed Messenger Plus! 2.20. It now supports MSN Messenger 6.0. The killer new feature for me is the ability to map every contact to a custom name. I now have every contact mapped to the actual person's name. No more playing "find the contact". Sweet. Worth it for this feature alone.