The article is short but useful: Geek to Live: Survive IT lockdown - Lifehacker. The comments add value too.
Evading corporate lockdowns is not necessarily a good career move. If the lockdowns interfere with the ability to do work they are a leading indicator of the need for a career change.
Tuesday, February 28, 2006
Monday, February 27, 2006
Winner of greatest kludge: Microsoft Access Macros
Today I did something using Microsoft Access Macros.
Words fail me.
I thought I knew what a kludge was, but Access continues to astound me. What a rat's nest of hacks, ancestral code, forgotten functionality and undocumented features!
I got it working, but only through ESP. Hell for a programmer must be working on the codebase for Microsoft Access. (Ok, so Word is likely worse and Outlook is perhaps just as bad).
Words fail me.
I thought I knew what a kludge was, but Access continues to astound me. What a rat's nest of hacks, ancestral code, forgotten functionality and undocumented features!
I got it working, but only through ESP. Hell for a programmer must be working on the codebase for Microsoft Access. (Ok, so Word is likely worse and Outlook is perhaps just as bad).
Blog Search - Advanced Options
At long last Google's Blogger has added Google-like advanced search to their blog search. Wow, that took a while.
Sunday, February 26, 2006
Aperture 1.1 due in March
Aperture 1.1 is what I've been waiting for. Actually, I want Aperture 1.11, but if reports are good I'll go for 1.1 in May.
XP on MacTel: via Linux and VMware
The initial enthusiasm for booting XP on a MacTel machine has waned. The problem may be intractable without risky hardware hacks.
So attention has moved to an odd alternative: Boot Linux, then run VMWare on Linux, then XP on VMWare: Mac OS X Internals: XP (VMware) on the Intel-based Macintosh.
It sure sounds odd, but it plays to the vast strength of Linux -- the ability to port to new platforms. It's easy to imagine a stripped down distro that would package just enough Linux to support VMWare. So one would reboot a MacTel machine to Linux/VMWare/XP ...
So attention has moved to an odd alternative: Boot Linux, then run VMWare on Linux, then XP on VMWare: Mac OS X Internals: XP (VMware) on the Intel-based Macintosh.
It sure sounds odd, but it plays to the vast strength of Linux -- the ability to port to new platforms. It's easy to imagine a stripped down distro that would package just enough Linux to support VMWare. So one would reboot a MacTel machine to Linux/VMWare/XP ...
Saturday, February 25, 2006
Magical Mac stuff
I'm browsing the collection of images that I use to index our attic. (Hierarchical data structures are most easily represented using the native folder system.)
I open one in the OS X image viewer app. I rename it in the folder while it's open. The application handles it, changing the name on the fly.
Windows doesn't do that.
Sweet.
PS. The OS X 10.4.x TextEdit application is such a reasonable lightweight substitute for Word, that after some reflection the best way to get a decent RTF file format word processor on the G3 iBook is to buy Tiger for the iBook! (My research suggests it runs quite well on a G3 with 640MB DRAM and I get the educational price.)
I open one in the OS X image viewer app. I rename it in the folder while it's open. The application handles it, changing the name on the fly.
Windows doesn't do that.
Sweet.
PS. The OS X 10.4.x TextEdit application is such a reasonable lightweight substitute for Word, that after some reflection the best way to get a decent RTF file format word processor on the G3 iBook is to buy Tiger for the iBook! (My research suggests it runs quite well on a G3 with 640MB DRAM and I get the educational price.)
Friday, February 24, 2006
The security flaw in OS X: bad
Macintouch has the first decent and clear analysis of what Apple did wrong. The way OS X "identifies" a file is a hack, a kludged compromise between Mac Classic, UNIX, BeOS, Windows, and NeXTStep. The results include some fundamental contradictions which can be easily exploited.
It will be amusing if it turns out that the primary security feature of OS X was that malicious hackers couldn't afford the hardware to allow them to develop attacks. Now they can. If so, there will be a lot of others coming.
Apple is being characteristically silent. They've known this would happen, it's a bad sign that they haven't fixed the problem long ago ...
Update 3/6/06: Matt Neuberg has a very good summary of this problem. Fundamentally he agrees with me, but he knows more.
MacInTouch: timely news and tips about the Apple MacintoshI've long suspected that the kludged history of OS X would make it very vulnerable to attacks. That's why I've never boasted of the fundamental security of O X. I suspect security experts felt likewise. So why now? I wonder if this had anything to do with the hacked betas of OS X/Intel that are circulating. A whole new audience may be playing with OS X ...
[MacInTouch Reader] The initial press coverage of the (misnamed) Safari/Terminal vulnerability has a number of folks barking up the wrong tree.
This vulnerability has nothing to do with Safari, other than Apple's design mistake of having Safari by default open "safe files" making the exploit far easier.
This vulnerability has nothing to do with Terminal, other than Terminal being a convenient way to run arbitrary scripts. There are other bundled apps that handle provided scripts. For example, compiled applescripts in 10.3 can be run despite being renamed as a jpg or the like via a metadata reference to Script Runner.
This vulnerability is not specific to zip files. Any archive file type that can contain metadata in an OS-X-standard way can be used. Examples are zip, tar, ...
This vulnerability is two mistakes together, involving the application and use of improper metadata.
The first mistake is in the OS routines and example code that allow writing usro or other resources which are inconsistent with a file's extension. The applications that take advantage of these routines/examples, and which can consequently be used to extract exploits, include at minimum the default BOMArchiveHelper (OS X 10.3 or newer), and StuffIt Expander 10.
The second mistake is in the OS routines that have the Finder, Mail, and likely many others displaying the file type branding (icon) based on the extension (.jpg, .mov, etc.), while then opening the file based on the non-matching type and owner in the usro metadata.
The second is more critical to fix, across the board, as malicious files can potentially be written to disk by an attacker without using traditional archivers like BOMArchiveHelper or StuffIt Expander.
It will be amusing if it turns out that the primary security feature of OS X was that malicious hackers couldn't afford the hardware to allow them to develop attacks. Now they can. If so, there will be a lot of others coming.
Apple is being characteristically silent. They've known this would happen, it's a bad sign that they haven't fixed the problem long ago ...
Update 3/6/06: Matt Neuberg has a very good summary of this problem. Fundamentally he agrees with me, but he knows more.
Subscribe to:
Posts (Atom)