Practical Technology

for practical people.

February 11, 2008
by sjvn01
0 comments

Apple TV 3.0?

While we’re still waiting around for direct to Apple TV video rentals, aka Apple TV 2.0, some hints have recently arrived at what Apple TV 3.0 might look like.

These hints were discovered in an Apple patent about placing ‘widgets,’ small, useless applications you can run on a computer, on a multimedia center. Or, in other words, putting widgets on your television courtesy of Apple TV.

Most of us know widgets that do jobs like telling us the weather, stock market quotes and the like. In Mac OS, these are made available on the Dashboard. From the Apple patent, it looks like we can expect to see similar functionality on our TVs somewhere down the road.

Continue Reading →

February 11, 2008
by sjvn01
0 comments

Thunderbird security woes

When Firefox 2.0.0.12 came out on Feb. 7, it brought with it fixes for three critical security holes and seven that were not quite so serious. According to the security advisories, many of these problems were also fixed in the Thunderbird 2.0.0.12 e-mail client. Unfortunately, there is no Thunderbird 2.0.0.12.

The Mozilla Foundation’s press release focused on the Firefox 2.0.0.12 security fixes. The Foundation also reported, though, in its MFSA (Mozilla Foundation Security Advisory), that these same bugs had been fixed in the fictitious Thunderbird 2.0.0.12.

Specifically, the following critical security advisories were reported to be fixed in both Firefox and Thunderbird 2.0.0.12: MFSA 2008-01 (crashes with evidence of memory corruption) and MFSA 2008-03 (privilege escalation, XSS, remote code execution). In addition, the serious security bug MFSA 2008-05 (directory traversal via chrome: URI) and moderate security bug MFSA 2008-08 (file action dialog tampering) are reported to have been fixed in the nonexistent Thunderbird 2.0.0.12.

All of these security problems can be traced back to how the Web browser engine behind both Firefox and Thunderbird, Gecko, handles JavaScript. Or, to be more exact, the core problem lies in how this layout engine mishandles JavaScript.

The brute-force solution is simply to make sure that JavaScript is never enabled in Thunderbird. Unlike in Web browsers, where disabling JavaScript is far more serious in that it also disables some JavaScript-dependent Web sites, there’s seldom any call for using JavaScript with HTML-formatted e-mail messages.

Still, it is upsetting that Mozilla reports that these problems have been fixed in a version of Thunderbird that doesn’t exist. The latest version of Thunderbird is 2.0.0.9.

DesktopLinux.com tried to reach the Mozilla Foundation Feb. 8 for an explanation, but, as of the afternoon of Feb. 11, the Foundation had not replied.

There has long been concern that Thunderbird was not a real priority for Mozilla. In September 2007, Mozilla announced that it was spinning Thunderbird off into a company of its own: MailCo. Only weeks later, Scott McGregor, one of Thunderbird’s two key developers, left Mozilla. This reignited Thunderbird users’ fears that Mozilla was not so much moving Thunderbird out as throwing it out.

Since that time, MailCo has still not left the launch pad. Dr. David Ascher, formerly chief technology officer and vice president of engineering for ActiveState, and a director of the Python Software Foundation, is heading the effort to found the company. On his blog, Ascher reported that as of Jan. 15, Dan Mosedale, once he’s done with his work on the forthcoming Firefox 3, will be helping to get MailCo off the ground.

It appears, though, based on the postings in the blog, that MailCo is still months away from opening its doors. In the meantime, there appears to be little work being done on Thunderbird despite these misleading messages indicating that security fixes are still being delivered to the popular open-source e-mail client.

A version of this story first appeared in DesktopLinux.

February 8, 2008
by sjvn01
0 comments

Reviving OS/2’s best in the Linux desktop

Get over it. We’re never going to see OS/2 open-sourced. If you want to run OS/2 today, the closest you’re going to get is Serenity System’s eComStation. But, it just might be possible for Linux desktop users to get one of OS/2’s best features: SOM (System Object Model).

IBM, I’m told by developers who should know, still has all of SOM’s source code and it all belongs to IBM. It’s because IBM doesn’t have all the code for OS/2 and some of it belongs to Microsoft that IBM open-sourcing OS/2 has proven to be a futile hope.

Of course, many of you are asking, “SOM, What’s the heck is SOM?” I’ll tell you. It’s a CORBA object-oriented shared library. Those of you who aren’t programmers are doubtlessly staring cross-eyed at the screen right about now. For you: SOM is an easy-to-use universal programming library that both KDE and GNOME developers could use to create programs that would work in any Linux desktop environment.

The closest many users ever got to SOM was OS/2’s Workplace Shell, its desktop interface. What made SOM so powerful in the Workplace Shell was that it made it so easy to customize the desktop and its applications. With SOM, getting an application to look and act like a KDE, GNOME or what-have-you desktop program is almost trivial. Instead of delicately playing with APIs to move an application from, say, Ubuntu GNOME to OpenSUSE KDE, an SOM-aware application simply needs to call on the WinReplaceObjectClass API to use the KDE set of classes instead of GNOME’s.

If this were adopted, it would be much easier for developers to create, if I may borrow Java developers’ pet phrase, “Write once, run everywhere” applications. However, unlike Java applets, which are often slowed down by the need to be run in a Java interpreter, SOM-enabled applications and desktop environments wouldn’t face such delays.

Technically, it would work by GNOME and KDE using gtk and qt bindings to one common SOM library. Thus, today’s desktop developers really wouldn’t need to learn anything new about how to program for this new desktop environment. They would need to learn enough about OOP (object-oriented programming) to use SOM effectively, but that’s nothing compared to the kind of hoop-jumping needed currently to move an application from one desktop interface to another.

SOM wouldn’t be good just for hooking applications to the desktop. You can also use it with other programming languages. For example, SOM-aware Java, PHP, Python, Ruby or what have you would give Mono and Microsoft .Net some interesting competition on both the Linux and Windows platforms.

The other advantage of course is that OOP tends to create more stable and flexible applications from the very first version. The best example of that today is Apple’s Mac OS X’s Cocoa and Carbon. Now, while the debates over which of these is better than the other continue to rage in the same way that old-school Unix and Linux users still argue over vi vs. EMACS, one thing is certain. Mac OS X applications are stable and they always work in the same way.

Linux, while it uses OO languages like C++, really doesn’t have a universally accepted OO library. If Linux were to adopt SOM for that purpose, it could avoid the Carbon versus Cocoa arguments, and become — dare I say it? — the best desktop programming environment of all.

Another plus for SOM is that IBM designed it to work on any architecture, from mainframes to PCs. It’s also already been ported to AIX, IBM’s Unix. Put this together and it means that porting SOM to Linux should be simple.

If this is such a great idea, why hasn’t Linux already had its own OO system? Well, actually, there have been such attempts. The best known of them was probably GNOME’s Bonobo. It didn’t really go much of anywhere.

Bonobo ran out of steam not because the idea was wrong. The idea was fine. Indeed, like SOM, Bonobo was based on CORBA. The problem was that creating an OO framework is enormously time-consuming and difficult. Once an OO framework and its libraries are built, it’s easy to use, but the upfront costs can be a killer. With SOM, of course, that’s not a problem. That work has already been done.

Of course, for any of that to make a difference for Linux, SOM would need to be open-sourced. That shouldn’t be a problem. IBM hasn’t used SOM in a product in ages. Since SOM is just collecting virtual dust, why shouldn’t IBM open-source the code?

Heck, IBM doesn’t even need to release or clean up the development tools. Linux is loaded with developer tools. Just open-sourcing SOM alone, with perhaps some demonstration widgets, would be all that it would take.

Would the result look anything like OS/2? No, not at all. But what it would do is give Linux an outstanding OO framework that would go a long way toward making desktop Linux much more attractive to ISVs, and those applications would help make Linux even more interesting to desktop users.

Oh, and, IBM, since SOM can also be run in a network-aware DSOM (distributed mode), it would make integrating Linux desktop and IBM middleware running on IBM servers, especially the AIX and z/OS hardware, very easy for enterprise customers. Need I say more?

A version of this story first appeared in DesktopLinux.

February 7, 2008
by sjvn01
0 comments

Vista SP1, RTMs, and Lies

How can you release something to manufacturing, when it’s not ready to be released it to manufacturing Microsoft?

Just how stupid does Microsoft think we are? Well, I guess we must be pretty stupid, because Microsoft comes right out and tells us that it’s RTMing (release to manufacturing) Vista SP1 on February 4th, except that if you read further down in the announcement letter, Microsoft says it’s not really releasing it for another six weeks.

Say what?

I quote from the Microsoft Corporate VP of Windows Product Management, Mike Nash’s public letter of February 4th , “Today we are excited to announce that we have released Service Pack 1 for Windows Vista to manufacturing (RTM) for our first set of languages (English, French, Spanish, German and Japanese).”

So far, so good. And, you can read all about how wonderful, simply wonderful, Vista SP1 is both in his letter and in hundreds of follow-up news postings.

But, what’s this, nine paragraphs down? “We are going to stage our rollout of SP1 for current Windows Vista users to be approximately concurrent with the availability of Windows Vista SP1 on new PCs and in stores.” And, what does that mean?

It means, “In mid-March, we will release Windows Vista SP1 to Windows Update (in English, French, Spanish, German and Japanese) and to the download center on microsoft.com.” Maybe it’s just me, but mid-March doesn’t sound like February 4th to me? And, for those many users who have blind faith in their computers, “In mid-April, we will begin delivering Windows Vista SP1 to Windows Vista customers who have chosen to have updates downloaded automatically.”

More >

February 5, 2008
by sjvn01
0 comments

Google`s Real Goal: Messing with Microsoft

Oh, you might think that Google actually wants to help Yahoo, but what it really wants to do is to mess with Microsoft’s head.

The shoe’s on the other foot. Microsoft has made a multi-billion dollar business from FUDing its competition, now Google is enjoying its chance to see how Microsoft likes the same treatment by objecting to its proposed purchase of Yahoo.

It took Google less than a weekend to respond to Microsoft’s offer for Yahoo. By February 3rd, Google senior vice president of development and chief legal officer, David Drummond, had said, “Microsoft’s hostile bid for Yahoo raises troubling questions.”

Hostile? A bid of $44.6 billion, or $31 a share, a 62 percent premium on Yahoo’s share price, which was at a four-year low, is hostile? Wow. Give me a hostile takeover any day then.

More >

February 4, 2008
by sjvn01
0 comments

Can XP Be Saved?

If Microsoft sticks to its guns, you won’t be able to buy XP after June 30. The public has other ideas.

Microsoft’s plan is to start retiring Windows XP on June 30. Some users, however, want to keep XP around for years to come.

According to Popular Science, there’s a grassroot effort afoot to force Microsoft to keep selling XP to customers in shrink-wrapped packages and to OEMs. What’s driving this movement? Two things: First, it’s not really a “grassroots” movement. It’s actually being orchestrated by InfoWorld, an online news publication.

That said, with 71,386 people signed up as of noon Jan. 30 to the Save Windows XP petition, clearly the movement is tapping into a spring of resentment against Vista.

More >