Thursday, December 15, 2005

IBM Corp. announced plans to provide free access for researchers and educational institutions to the specifications for its PowerPC 405 chip core. The move is yet one more way in which IBM is trying to widen the number of users of its Power processors. The hope is that allowing third parties to experiment with the PowerPC chip core will result in more innovation around the technologyCores are individual chip designs that developers can integrate with other designs to create custom chips.The announcement comes after academics engaged in collaborative multicore processing research approached IBM to request more access to its Power architecture, the vendor said in a release issued late Wednesday.The researchers included the Research Accelerator for Multiple Processors (RAMP), a project headed up by the University of California, Berkeley; Stanford University; the Massachusetts Institute of Technology; Carnegie Mellon University (CMU); the University of Texas at Austin; and the University of Washington. Its aim is to build a scalable, multiboard system based on field programmable gate arrays so researchers can experiment with building, programming and managing massively parallel systems of between 64 and 1,024 processors.IBM plans to make the PowerPC 405 specifications available to researchers and academics via Power.org, the vendor consortium it set up just over a year ago.Power.org's mission is to promote the Power architecture. Its members include Cadence Design Systems, Chartered Semiconductor Manufacturing, Novell, and Red Hat. IBM is positioning the Power architecture as suitable for all systems, from handheld devices up to supercomputers and has been licensing the technology to third parties.Last week, Sun Microsystems Inc. announced its intention to publish the specifications for its new UltraSparc T1 chip under a program called OpenSparc. Sun positions its UltraSparc-based servers against IBM's Power5+-based servers.

Tuesday, December 06, 2005

"'leaked' memo has interesting content" Recently a Microsoft memo was supposedly "leaked". It seems pretty obvious to everyone that it was actually deliberately released, but never mind that. The real question is whether the memo was written with an eye toward the planned release or was a genuine internal document that they then decided to throw out to the press.
Knowing Microsoft, you'd bet on the former.
But on the other hand.. do they really believe this stuff? Entitled "The Internet Services Disruption", the memo paints Microsoft as a prescient innovator. For example. When we reflected upon our dreams just five years later in 1995,
the impetus for our new center of gravity came from the then-nascent
web. With a clear view upon the challenges and opportunities it
presented, the entire company pivoted to focus on the internet to
pursue that fully connected dream with support for internet standards
throughout our product line: a web browser, server and development
tools, and a service in MSN that was transformed into a web portal.
Many things we developed in that era continue to fuel the growth
of todays internet: the technologies of AJAX DHTML and XMLHTTP
were created in 1998 and used in products such as OWA.

Microsoft releases Windows Server 2003 R2 update: "

(InfoWorld) - Microsoft Corp. Tuesday released to manufacturing a long-awaited interim update to the current version of Windows Server OS, Windows Server 2003 R2.

The update, which will be generally available to customers in about 60 days, should be 100 percent compatible with applications running on the current release of Windows Server 2003, said Bob Muglia, senior vice president for server and tools at Microsoft, in a webcast Tuesday morning. 'If you have deployed Windows 2003 today you can feel confident deploying this without a long test cycle,' he said.

Microsoft released the first preview of Windows Server 2003 R2 in August and another preview in October.

Virtualization is a key focus of the update, which is designed to work closely with Virtual Server 2005, Microsoft Operations Manager (MOM) and Systems Management Server (SMS) as part of Microsoft's Dynamic Systems initiative, Muglia said.

Microsoft recently simplified its virtualization licensing for Windows Server System, of which Windows Server, MOM and SMS are a part. The company no longer requires a customer to pay for inactive or stored virtual images of Windows Server System on a network. Instead, Microsoft now only charges for the virtual images of Windows Server System products actually running on a customer network.

Microsoft also enables customers to have four virtual machines running on top of Windows Server 2003 R2 Enterprise Edition and Windows Server 'Longhorn' Datacenter Edition at no extra cost.

As part of its continued focus 'to take a leadership role in virtualization,' Muglia said Microsoft is offering a special promotion for Windows Server 2003 R2. Customers who purchase the enterprise edition of the update with get Virtual Server 2005 R2 Enterprise Edition for US$99 until June 30, 2006, he said.

The new Windows Server release also includes a key identity management technology for the company, Active Directory Federation Services (ADFS), which introduces the idea of federated network identity into the OS, Muglia said. This enables companies to securely provide distributed identification, authentication and authorization for users across organizational and platform boundaries.

In addition, Windows Server 2003 R2 also promises new branch-management capabilities; better Unix interoperability through the inclusion of the Unix subsystem within Windows; and a new version of the .Net framework, .Net 2.0, Muglia said.

Sunday, December 04, 2005

iPhoto 5.0.x: Solution for sharing photo libraries between multiple users: "Several MacFixIt readers have recently noted difficulty with sharing iPhoto libraries between multiple users of the same machine.iPhoto 5.0.x: Solution for sharing photo libraries between multiple users.
Several MacFixIt readers have recently noted difficulty with sharing iPhoto libraries between multiple users of the same machine."My wife and I each have our own login for our iMac. As such, I set up iPhoto to store files in the shared directory. Unfortunately, ComicLife did not like this and I had to move our iPhoto directory to my side of the Mac and then had an alias so my wife could still use iPhoto. This seem to work except I've run into the problem that if my wife uses iPhoto and then I use iPhoto later, the photos won't load for me (my wife can still load the photos on her side). Investigating a little further showed me that the permissions of a couple of those database files had been changed so that only my wife could read the files and in fact she was now the owner of those files. Fixing the permissions allowed me to once again load iPhoto. However, the problem has just happened again so I don't know what is going on."

IE bug lets hackers phish with Google Desktop: "An Israeli hacker has demonstrated how a bug in Microsoft's Internet Explorer Web browser can be used to steal personal information from Google Desktop users.DECEMBER 02, 2005 (COMPUTERWORLD) - A bug in Microsoft Corp.'s Internet Explorer Web browser gives phishers a way to scan the hard drives of Google Desktop users, according to an Israeli hacker. Because of a flaw in the way Internet Explorer processes Web pages, a malicious Web site could use the attack to steal sensitive information such as credit card numbers or passwords from the hard drives of its visitors.
"Google Desktop users who use IE are currently completely exposed," hacker Matan Gillon said via e-mail. "An experienced attacker can covertly harvest their hard drives for sensitive information such as passwords and credit card numbers. Since Google also indexes e-mails which can be read in the Web interface itself, it's also possible to access them using this attack."

Gmail virus scanning draws some user complaints: "

(InfoWorld) - The virus-scanning feature Google Inc. added to its Gmail Web mail service this week has generated concern, bewilderment and disappointment among some users.

The three main complaints being aired in Gmail discussion groups are: The virus-scanning feature can't be turned off.

Gmail's long-standing virus protection -- blocking all executable file attachments -- will remain in place. Finally, Google isn't saying which vendor is providing the antivirus technology.

A Google spokeswoman said that, while Google gives thoughtful consideration to user feedback, for now it has no plans to make the antivirus feature optional, nor does it plan to stop blocking executables. She also declined to identify the source of the antivirus technology Google is using.

Disabling the virus scanning is convenient for users who may occasionally need to mail an infected file for reporting purposes to an antivirus vendor and for users who may regularly handle infected messages if they are, say, IT professionals involved in antivirus work.

William Boyle, principal software engineer at Brooks Automation Inc. in Chelmsford, Massachusetts, doesn't foresee being very inconvenienced, but he thinks Google should give users the option to turn off the feature.

'I just do not like to lose control over what I can send and/or receive,' Boyle wrote in an e-mail interview with IDG News Service. 'This may be a problem if I am trying to report a virus to someone.'

'I am a systems software engineer and must be able to send and receive any sort of message,' added Boyle, who has been using Gmail for about six months, but not as his primary account for work or personal communications.

Meanwhile, there are users feeling disappointed that Google is keeping in place its policy of blocking all executable file attachments in Gmail. Prior to the new virus-scanning feature, this had been Gmail's virus protection method.

One of these users is Thomas Quinlen, an attorney with McNabb, Bragorgos & Burgess PLLC in Memphis, Tennessee. 'With virus scanning in place, the blocking is redundant,' he wrote in an e-mail interview.

Quinlen, who uses Gmail as his primary e-mail account for personal communications, has felt inconvenienced by this feature whenever he has wanted to e-mail himself an application from one of his computers in order to install it in one or both of his other computers.

He has remote access to his work desktop PC from his laptop and from his home PC, he explained. 'But if I am going to be disconnected from the Internet -- on an airplane, for instance -- I need the [work] application on the other [nonwork] computer,' he wrote. 'Given the size of attachments Gmail allows, it seems like executables should be allowed, particularly if I am e-mailing it to myself, which is really just file storage rather than sending it out over the Internet.'

Although some technically savvy users are chiming in discussion groups with ways to disguise executables and trick Gmail into allowing them, Quinlen doesn't feel he has the necessary know-how to accomplish this. 'I doubt I have the computer skills to even attempt to defeat [this feature],' he wrote.

Finally, a number of Gmail users are loudly wondering in discussion group threads which antivirus technology Google is licensing, as they weigh what they perceive to be the strengths and weaknesses of different vendors. The consensus among these users is that they shouldn't be in the dark regarding which antivirus company is ultimately protecting their computers.

IE bug lets hackers phish with Google Desktop: "

(InfoWorld) - A bug in Microsoft Corp.'s Internet Explorer (IE) browser gives phishers a way to scan the hard drives of Google Desktop users, according to an Israeli hacker. Because of a flaw in the way IE processes Web pages, a malicious Web site could use the attack to steal sensitive information like credit card numbers or passwords from the hard drives of its visitors.

'Google Desktop users who use IE are currently completely exposed,' wrote hacker Matan Gillon in an e-mail interview. 'An experienced attacker can covertly harvest their hard drives for sensitive information such as passwords and credit card numbers. Since Google also indexes e-mails which can be read in the Web interface itself, it's also possible to access them using this attack.'

Gillon has posted an extensive description of how such an attack would work, along with a proof of concept exploit, on his blog at http://www.hacker.co.il/security/ie/css_import.html.

The IE bug concerns the way Microsoft's browser processes Web page layout information using the CSS (Cascading Style Sheets) format. The CSS format is widely used to give Web sites a consistent look and feel, but attackers can take advantage of the way that IE processes CSS to get Google Desktop to reveal sensitive information.

Hackers would first need to trick users into visiting a malicious Web site for the attack to be successful, Gillon said. The attack works with IE 6 and Google Desktop v2, but it may also work on other versions of Microsoft's browser, but it does not work with non-Microsoft browsers like Firefox or Opera, he said.

Users can nullify the attack by turning off JavaScript in their browsers, Gillon said. This can be done by disabling 'Active scripting' in IE's Internet Options menu. JavaScript is a popular scripting language used by Web developers to make their sites more dynamic.

Users need to be particularly wary of the Web sites they visit these days, because of a second unpatched IE vulnerability that could be used to take over a user's PC. Hackers posted sample code that exploited this problem over a week ago and Microsoft said that hackers are already using the code in attacks. As with the CSS problem, users must first be tricked into visiting a malicious Web site for this second IE bug to be exploited.

Some security experts believe that Microsoft is in the process of rushing out a patch to fix this problem before these attacks become more widespread. These attacks can also be avoided by disabling JavaScript in IE, or by using an alternative browser.

Microsoft executives were unavailable to comment on the CSS bug, but a spokeswoman for the company's public relations agency said the issue is being investigated. Microsoft is not aware of any attacks resulting from the hole, she said.

Thursday, December 01, 2005

Attackers targeting unpatched IE bug, Microsoft warns: "Microsoft issued a warning that attackers could exploit a critical unpatched bug in Internet Explorer, first reported in May, and take over a user's computer.News.)


The bug involves the way Internet Explorer processes the "Window()" function in JavaScript, a popular scripting language that Web developers use to make their sites more dynamic.
Microsoft's Windows Live Safety Center is now able to detect and remove the malicious software, Microsoft's advisory said.
The vulnerability affects Internet Explorer users on Windows XP, Windows 2000 and Windows 98, Microsoft said. "Customers who are running Windows Server 2003 and Windows Server 2003 Service Pack 1 in their default configurations, with the Enhanced Security Configuration turned on, are not affected," the advisory said.

News: Apple releases update for iPod Shuffle: "Apple on Wednesday released an update for the iPod Shuffle that, according to Apple, fixes some ‘bugs’ with that particular model. Apple did not specify what changes were made with the new software. iPod Updater 2005-11-17 includes iPod Software 1.1.3 for the iPod Shuffle. The update contains the same software versions as iPod Updater 2005-10-12 for all other iPod models. The 37MB download is available from the company’s Web site or via the software update control panel."

PDFKey Pro 2.0 Released: "

PDFKEY PRO 2.0 RELEASED BY ACUTUS TRADING

Vancouver, BC - 1 December 2005 - Acutus Trading today announces the release and immediate availability of PDFKey Pro 2.0. PDFKey Pro is a Mac OS X utility that unlocks and decrypts password-protected PDF documents. PDFKey Pro is designed to help Mac users work with PDF files even if their passwords have been lost. Version 2.0 contains usability and performance enhancements to this popular Mac utility.

Why Can't Microsoft Just Patch Everything?: "paneraboy writes 'If smaller software companies can patch all of their bugs serious or minor, ZDNet's George Ou asks, why can't Microsoft -- with its massive army of programmers and massive budget -- patch all of its vulnerabilities? Had Microsoft fixed a low risk browser vulnerability six months ago, perhaps we could have avoided last week's zero-day exploit. Currently, more than two dozen Windows XP issues remain unpatched. Ou thinks Microsoft ought to fix them all.' From the article: 'Almost 4 years after the launch of Trustworthy Computing, I found myself wondering why am I staying up till 4:00 AM to deliver an emergency set of instructions (Home and Enterprise) to my readers because Microsoft felt it unnecessary to patch a flaw six months ago that was originally low risk but mutated in to something extremely dangerous.

EU ministers approve biometric ID, fingerprint data sharing: "

All this and record retention too!

The European biometric ID card takes another step forward this week, with the European Justice and Home Affairs Council set to approve 'minimum security standards' for national ID cards. Alongside this the Council will be roadmapping the rollout of Europe's biometric visa system, which will contain the fingerprints of 70 million people within the next few years, and hearing European Commission proposals for greater sharing of fingerprint data.

Crippling Firefox Bug On Mac OS
There is a major bug in Firefox where if you hold down the mouse button to select text, or scroll, or anything inside the browser window, the Firefox CPU usage shoots up to nearly 100% and hogs your entire system until you let go. I just tested it using top and can verify that the CPU usage jumps to between 75-95% depending on the other applications in use at the time. For Powerbook or iBook users this is a major issue, considering your fans will probably turn on and you'll battery will drain much quicker.