December 2004 - Posts
Tomorrow I'll start for a little holiday (3 days) and I will be without PC and without Internet connection for all this time so, altough today is the 29th of December, this is the time for me to say this words to all my readers and to all Bloggers in the world:
I wish you a wonderful end of 2004 and a great beginning of 2005. My heart now is with all the population on the South East of Asia... I encourage every people in the world to donate something to help this people and my first thinking for the new year will be totally for them.
Happy New Year to all the Blogosphere... 2005 is here!
Paul Thurrott has published a little preview of the future Microsoft Anti-Spyware tool, born after the acquisition of Giant Software from Microsoft, and Ben Riga has a nice review of the first internal Beta release of this product.
If you're curious it's an interesting reading to do... However, I hope that Microsoft will decide to release the Anti-Spyware tool for free and not under an annual subscription (as rumours are saying). An official Microsoft Anti-Spyware freely available to all Windows Users (maybe under Windows Update with all the Spyware definitions) could be a great service for the community and for the security of all users.
The first beta could be released on January 2005, so only the time could say what will be the choices.
... and you think to live in a Firefox World, this is the set of Icons for you (128 pngs and 7-size XP icons):
Nice! 
I see continuously that most of people who comments my Blog posts place their mail address in clear text on the their comments (there's a large email addresses collection in clear if you see my posts about Gmail and MSN for example).
I don't delete your comments if they're in theme with the post subject and obviously I don't delete your mail address, but a little recommendation for you is not post your mail address in clear... I don't want that my Blog could be a good source for spam bots to easily retrieve email addresses to spam and I don't want that you'll receive lots of trash on your mailbox.
I hope the message will be received. Thanks!
As most of you know (I think everyone), after the big problem with the European Courts, Microsoft has promised to sell a version of Windows without a built-in Media Player.
For what I've listened, seems that this new version will be called Windows XP Reduced Media Edition and will be delivered for both Home and Professional XP editions in January (obviously, only in Europe).
Now my question is... someone has news about this? What about the price list for this new versions? January will be here soon but no news about the shipments.
These are the resolutions that Directions from Microsoft has planned for the new year (as reported by Cnet).
This is a brief summary (obviously, with my personal comments ):
- Better detailed, multiyear road maps for major Microsoft products: I think Microsoft is working well on this direction, expecially this year (we've received roadmaps for products, CTP versions, Beta versions to test, documentations and support tools for free).
- Improve diffusion of its revenue-generating acquisitions (business products such as Navision, GeCad etc.): Yes, this is a big point of work for Microsoft I think. Lots of these products that Microsoft has under his brand are really interesting and powerful products (I'm thinking about Navision that I've known a little on this month) but there is not good support from the big mother (MS) and no good documentations on the net. Microsoft can work a lot for this and I hope on a major support for the (few) Microsoft Certified Partner that works with these products.
- Better Security: Obviously, big improvements are doing about security but MS can't stop his investments on this field.
- Making the PC a home entertainment hub: The big investments on Windows Media Center are on this direction I think and this could be a new world for business.
- Doing a better job of convincing customers that they can get more out of their software by using newer versions: Customers must upgrade their software versions, but I hope on big price down campaign, expecially for developers products and home OS (such as XP and XP Pro).
- Fending off open-source software: This is about server software but now increasingly also about the desktop (Linux, products such as Firefox, OpenOffice etc.). The key for me is not a war against the Open Source movement but a profitable collabouration with this world. Open Source could retrieve benefits from Microsoft and viceversa. Oh, and don't forget interoperability, a must for the future.
- Convincing developers that its upcoming Longhorn version of Windows is the way forward: there's not too much work to do for convincing developers that Longhorn is the future. I think all of us now know that we've to move on this direction a day, but we hope only that Longhorn will be a really powerful, secure and extendible platform.
- Making Xbox 2 a profitable and well-supported game console: No particular comments about this...
- Shipping a 64-bit version of Windows that encourages PC upgrades: move to 64 bits is not only an hardware upgrade, but also a software upgrade. Developers must have the right developer tools to move all existing applications to the 64 bit world.
- Playing well with others: the last proposal on this list but one of the most important for me. Microsoft must take the "others" in considerations, must work with others and must interop with others. I hope that in the future we'll be more standard compliant and all the software world (Microsoft, Apple, Sun, Open Source world etc.) could be more collabourative.
Something forgotten? Mmmm... maybe continue to improve Windows Update Service. Now is a great service, but I hoope on something better.
Just turn on my pc for a quick email check after the Christmas rituals (a big dinner, meeting with parents etc). The big surprise of the day was the snow that is faling down from this morning. A white Christams is really nice! 
However... I think that if today I was at work, maybe I could be less tired now.
A bad Christmas for Windows... some new vulnerabilites that affects all Windows systems are been discovered yesterday from a Chinese company, able to discover it but really stupid to publish the exploit on the net. Congratulation... 
However, one vulnerability, in the operating system's LoadImage function, could enable an attacker to compromise a victim's PC when the computer displays a specially crafted image placed on a Web site or in an e-mail. An other vulnerability, in the Windows Help program, likewise could affect any program that opens a Help file.
The other 2 exploits are explained on this SecurityFocus post and they involve the Microsoft Windows Kernel management of ANI (Windows Animated Cursor) files.
Parsing a specially crafted ANI file can cause the Windows Kernel to crash or stop to work properly. An attacker can crash or freeze a target system if he sends a specially crafted ANI file within an HTML page or within an Email. 
Seems that XP SP2 is not vulnerable to this, but must be well verified I think.
No words about the common action of publish on the net some exploit code. I don't know if the authors can imagine how dangerous could be actions like these. if you're so intelligent to discover flaws on a complex system like Windows, don't trash all your intelligence on actions that only a stupid can perform please...
I
wish
you a
nice day
without work,
without problems
but only in happiness
and peace. Relax your mind,
turn off your PC and think that
it's Christmas and your family needs
all your attention and your love. I wish you
a wonderful day with all my heart and my thinks are
also for all the people around the world that can't read this
Blog, maybe because unfortunately they're less lucky than us.
Open your heart and live
in peace.
* Merry *
Christmas!
Opera Software has released the first public beta of version 8 of its Opera browser. The new release adds lots of interesting features, such as improved RSS handling (with an RSS icon like the Firefox one on site that expose RSS feeds), fit to window or paper width, a start-bar for easy access to the most commonly used functions, automatic update checks, an easier install process, a simplified user interface and a trash can that remembers closed windows and blocked pop-ups.
But the revolutionary features added on this new Opera release is the support for voice input/output (based on the IBM Voice Technology). Is this the future of Browsers? We will surf the net by saing to our browser something like "open www.google.com"?
I'm not so sure but it's curious to see first movements on this direction. I think that also poeple that loves Firefox (like me) shoulg give a try to this new Beta, downloadable from HERE.
Today Paul Turrot has published a nice interview with Todd Wanke about the story inside the creation of XP SP2, a nice reading recommended to all.
On this interview there is also a view on the future and it's interesting to see that a XP SP3 is in project. In this interview (in my opinion) there's too much optimism about XP SP2. For me this new SP2 is not a total success, but in many cases it had critical effetcs on systems.
A piece of interview say that "SP3 for Windows XP is slated to be a service pack the way we've always done service packs, and not to be a major upgrade. It will focus specifically on QFEs and fixes [to bugs] that are reported by customers. It should not contain new features. The focus right now is on Windows Server 2003 SP1, making sure that the work we've done in XP SP2 is forward-ported into Server."... Ok, good to see it will be a traditional Service Pack, but I hope it could solve also some problems that affects many (too many) systems that works good without SP2 and NOT WORK with SP2.
All users could be more happy...
Ops, I forgot another request: a decent Firewall is only a dream or could be reality? A Firewall like the one embedded on the SP2 is ridiculous for a great system.
Hewlett Packard (HP) has thinking to us and for Christmas has sent us a little present. A new PC? A new Pocket PC? A new printer? No no no... nothing of this...
So... what? A nice "IT edition" of a famous italian chocolate, called "Gianduiotto"! Wonderful!
P.S. Sorry for the image's quality, but it's taken with a mobile phone with bad light conditions.
I'm observing every day the spam comments that arrives on my Blog and I can see that the favourite target of Blog spamming is a man that has these characteristics:
He has a lot of sexual problems, he has a short dick and he needs enlargment pills, he needs viagra and he needs erotic films to see after the viagra assumption.
When he has free time, he likes beautiful machines (a chance to attract beautiful girls?) and first of all he likes playing at Casino's, maybe with a good credit card.
As you can see, absolutely a wonderful man... maybe the "Spam Bot" programmer is something like these? I think so if he has so much free time to work with spam...
The
Computer Security Lab of Rice University has found that the
Google Desktop Search (GDS) engine contained a serious security flaw that would allow a third party to read the search result summaries that are embedded in normal Google web searches by the local search engine.
An attacker would not be able to read your files directly, but the search results often contain snippets of your files. If you had a file with a list of web passwords, for example, an attacker might be able to read some of those passwords.
To be attacked, the user must visit the web page of a potential attacker. The attacker includes a Java applet in the web page. This applet will appear to the user as a normal part of the web page, but it will also make certain network connections that trick the Google Desktop into integrating its local search results, even though the applet never actually connects to Google. The applet can then read these integrated results and transmit them back to the attacker's web server.
This is why most of Google Desktop Search users have observed that in these days Google has activated an autoupdate.exe process on their GDS engine. Google is involved on a GDS upgrade and al users that have a version number like 121004 or major are safe.
HERE you can find a PDF with major details.
I think this is only the first flaws discovered on software like these and I'm waiting for new MSN's and Yahoo's Desktop Search flaws too.
Google is thinking at your Christmas presents...
Do you have a friend that is really interested to Google's Software? if the answer is Yes, Google has a nice idea: download the entire software ZIP file, burn it on a CD and stamp it with the nice new Google's festive artwork.
Your Christmas present is ready to go!
I'm one of the big fan of sample applications releasing from Microsoft because I think that they are one of the best way to learn how to build some types of complex applications.
Today Microsoft has released a great Business Intelligence Portal Sample Application for Microsoft Office, an integrated, web-based OLAP solution that enables employees in an organization to create and share OLAP/Relational/XML based views, using SharePoint Portal Server 2003, SQL Server Reporting Services, and Office Web components.
This is really interesting and complete, recommended if you're interested on these types of applications.
Microsoft, I love this "sample releasing" line...
Secunia has published a new spoofing vulnerability that affects Internet Explorer (also IE6 with SP2 is affected).
The vulnerability is caused due to an error in the DHTML Edit ActiveX control when handling the "execScript()" function in certain situations. This can be exploited to execute arbitrary script code in a user's browser session in context of an arbitrary site.
A test, which can be used to check if your browser is affected by this issue, is available at this address:
http://secunia.com/internet_explorer_cross-site_scripting_vulnerability_test/
Solutions? For the moment, only the "do it yourself" actions: disable ActiveX support.
Are you one of the people involved on the "Spread Firefox" campaign? Mozilla today announced that it has placed a two-page ad in the December 16th edition of the New York Times, as promised.
Do you want to see your name? Here are the links for you:
http://www.mozilla.org/press/nytimes-firefox-final.pdf
or
http://www.mozilla.org/images/nyt_ad_2004.png
Enjoy!
Yahoo has started a new Video Search Service (on Beta stage).
I've played with it a little bit and it seems really interesting. You've only to type the media you've interested in and Yahoo shows you some files location to download it with thumbnails of the video. The engine indexes all the major video file types, such as .avi, .mov, .mpg, .wmv and .rm and I've see that with the Advanced Search features you can restrict the search to the file type you want (really useful).
What is really interesting (as you can see on this post on Yahoo's Blog) is that the service uses RSS Feeds that can be used from Media Providers to submit their videos (Poadcasting and RSS technology).
A great service... I'm sure that also Google and MSN will start thinking about this...
Microsoft has released today 5 important Security Update, resumed as follow:
Microsoft Security Bulletin MS04-041
Vulnerability in WordPad Could Allow Code Execution (KB885836)
Microsoft Security Bulletin MS04-042
Vulnerability in DHCP Could Allow Remote Code Execution and Denial of Service (KB885249) (NT4 Only)
Microsoft Security Bulletin MS04-043
Vulnerability in HyperTerminal Could Allow Code Execution (KB873339)
Microsoft Security Bulletin MS04-044
Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege (KB885835)
Microsoft Security Bulletin MS04-045
Vulnerability in WINS Could Allow Remote Code Execution (KB870763) (XP/2000 Not Effected)
An update for your system is urgently required...