Wednesday, May 28, 2008

Why you really do have to apply those patches immediately ...

Or abandon #$!$%%$ Flash and XP ...

Slashdot | Adobe Flash Zero-Day Attack Underway

...Security researchers have found evidence of a previously unknown Adobe Flash vulnerability being exploited in the wild. The zero-day flaw has been added to the Chinese version of the MPack exploit kit and there are signs that the exploits are being injected into third-party sites to redirect targets to malware-laden servers. From the article: 'Continued investigation reveals this issue is fairly widespread. Malicious code is being injected into other third-party domains (approximately 20,000 web pages) most likely through SQL-injection attacks. The code then redirects users to sites hosting malicious Flash files exploiting this issue..

It doesn't suffice to restrict browsing to "quality" sites. If those sites are hacked, then traffic can be redirected to a site where the a specially crafted .SWF file launches the exploit and attacks your machine. Antiviral software won't help either -- at least until it's patched and updated (too late).

Keeping up with these patches is a slow, onerous task -- particularly on a slow booting XP machine (forget Vista!).

The easiest defense is to use a Mac. Even though Flash on OS X is vulnerable, it's doubtful that the injected malware will work, particularly if you run in standard user mode (nobody who reads this blog would be foolish enough to run OS X as an admin).

Eliminating Flash, a notorious source of vulnerabilities, is the next option to consider. I'd really like to see Apple do their own Flash interpreter. (QuickTime is about as bad, but at least that gets patched through Apple's updater.)

Tuesday, May 27, 2008

Unsharp mask: how to use it

I've never seen this explained -- despite years of my sharpening images! These directions are for a generic unsharp mask too, Aperture has additional options.
Photojojo » Unsharp Mask: How Do You Actually Use That Thing?

... Step 1: View the image at 100%. Set the radius between 1 and 3. Set the amount between 300 and 500. Set the threshold at 0.

This will look like crap. But you’re going to fix it in a minute, so don’t worry.

Slide the radius level up until you start to see nasty halos forming, then back it off a bit. It’s OK if it looks a little bit harsh at this point.

Step 2: Change the image view to 50%. Adjust the amount until it looks grainy and oversharpened, than back it down a little.

Since web images need a fairly high amount of sharpening (in the 300 to 500 range), our example here isn’t quite as dramatic as we’d like. We made the “after” image a little soft so you can see what’s going on at this stage.

Step 3: Move the threshold slider up until the low-contrast areas look smooth, but you can still see fine details...

... Photography Jam has a good set of starting points for different kinds of pictures. We liked their all-purpose and web settings, but there are lots more on their site.

All-purpose sharpening: amount=85, radius=1, threshold=4
Sharpening for the web: amount=400, radius=0.3, threshold=0...
I'm going to add this site to my feed list.

Make Firefox 3 beta accept the Windows Live Writer Blog This extension

Update 8/20/08: See the last update for the new way to do this.

I can't get the changes I've made to WLW's rfd file, per Joe Cheng's (WLW engineering) blog, to do anything. I'm hoping Joe will have some advice, but, in any case, the illustrious WLW team is promising an update to the "Blog Ths in Windows Live Writer" Add-on. I might just wait for that.

I ended up installing the Firefox Nightly Tester Tools add-on. Then I removed all non-compatible add-ons except for WLW (note I'd already uninstalled Google Web Accelerator), then I clicked the over-ride compatibility button in the test tools options. That worked.

Update 5/27: Joe Cheng's (WLW engineering) blog has a post about a finer grained workaround. Joe also promises to update the extension soon. I continue to be amazed that the WLW team is supporting Firefox use. (Tip via Brandon T. I subscribe to Joe's blog, so I should have caught his posting. I need to check out Bloglines and see if I've somehow lost his feed ...)

Update 8/18/08: At the end of July Joe updated his post. Note the renaming install.rdf trick to force Firefox to refresh its version. The advice now works, but it's also becoming obvious that Microsoft manage understands the value of WLW, and is no longer interested in maintaining a plug-in that supports Mozilla Firefox.

Saturday, May 24, 2008

I know what's wrong with Google Calendar sync

But when I tried to report it, and thus answer their problems, I got this message:
Oops!: "Something bad happened. Don't worry, though. The Spreadsheets Team has been notified and we'll get right on it."
I suspect the log I uploaded was too long -- I have about 1300 events in my calendar.

Google calendar sync engineers messed up recurring events that extend across a daylight savings time transition. Google keeps the absolute time the same for entire length of the recurring event, so the local time shifts on one or the other side of the DST transition.

I hope they've figured this out on their own, because their feedback mechanism is broken too.

Incidentally, while solving this one, I discovered a few other bugs.
  1. If you delete an email account from Outlook 2003, all appointments have a dangling reference to the missing identity. Google Calendar Sync can't handle the dangling reference. The fix is to create a new email account, then start and quite Outlook a few times. It clears the dangling reference.
  2. If a sync fails due to bug #1 Google Calendar Sync's local cache is still udpated. So future attempts to sync even after fixing bug #1 don't work because GCS thinks nothing has changed. You need to delete all the local data stored in Application Data (see initial reporting link for the path).
So I found 3 bugs, each significant.

Too bad I can't tell Google!

Google knows Google Calendar Sync is broken

Google should stop the Google Outlook Calendar Sync "beta" and regroup, but at least they've recognized it's truly broken:
New way to report Google Calendar Sync issues - Users - Troubleshooting | Google Groups:

.... To help us continue our investigations into some of the Google Calendar Sync issues we’re aware of, please fill out the info in the form provided below...

Reporting form
http://spreadsheets.google.comviewform?key=p6j_DPbvdPlCl4unmYPKZeA
They created the urgent feedback form on 4/16 and added notes on 4/25. They request submission of the log, but apparently that's been problematic.
How to get the Google Calendar Sync log file

...C:\Documents and Settings\\Local Settings\Application Data\Google\Google Calendar Sync\logs...
In my case recurring events are being synced with a 1 hour delay. In other words, it's a time zone problem. Time zones are a nightmare, as a friend said we should really all change to sidereal time.

Google groups posts demonstrate a very wide range of problems with sync, all of which seem time zone related.

No matter how gnarly time zone problems are, my sympathy for Google is limited. They need to pull the "beta".

What does Google think of your site?

Precede your URL with "http://www.google.com/safebrowsing/diagnostic?site=" to find out what Google thinks of your site.

For example:
  • http://www.google.com/safebrowsing/diagnostic?site=http://www.faughnan.com
  • http://www.google.com/safebrowsing/diagnostic?site=http://notes.kateva.org
  • http://www.google.com/safebrowsing/diagnostic?site=http://tech.kateva.org
Nothing of interest on mine ...

Friday, May 23, 2008

Sun xVM VirtualBox: free VM for OS X windows work

Via TUAW. It's a free OpenSource app now maintained by Sun. It won't have the support of VMWare Fusion (current leader) or Parallels (contender), but it includes an RDP server for remote access to VMs and it's supposed to support "any x86 based OS" on Windows (least interesting), Solaris (of course), Linux or OS X.

I think this would make most sense for someone with a copy of Windows 2000 who wants to run Microsoft Office 2003 and one or two other compliant apps. (Disabling net access for the VM seems adviseable, though Win2K is probably not a major OS target any more. Who knows, it might now be safer on the net than XP, especially if, like me, you run XP without antiviral software). [1]

That would be me, except I already have a license to VMWare Fusion. If I didn't, I'd try this.

[1] Because the antiviral software causes more problems for me than the viruses. I use Firefox with NoScript, stick to good neighborhoods, and use XP as little as possible.