Practical Technology

for practical people.

April 29, 2008
by sjvn01
1 Comment

Was Reiser really found Guilty of being a Hacker?

I don’t know if Hans Reiser, creator of the well-regarded, open-source ReiserFS (Reiser File System), is actually guilty of the murder of his estranged wife, Nina Reiser. We can’t actually even be sure that Nina Reiser was murdered. Her body was never found and Reiser’s attorney argued that she may have returned to her native Russia.

Never-the-less, as Wired reported, “with no body, no crime scene, no reliable eyewitness and virtually no physical evidence” Hans Reiser was found guilty of first-degree murder. In California, first-degree murder must be “willful, deliberate, and premeditated.”

I don’t see it. I’ve just gone over the case’s history as recorded in the San Francisco Chronicle and other sites. I could see the jury finding him guilty of manslaughter. I can buy them agreeing on a lesser charge of murder, but first degree? But, finding him guilty of first degree murder, with nothing but circumstantial evidence, and not even very strong circumstantial evidence at that? That surprised me.

Continue Reading →

April 28, 2008
by sjvn01
0 comments

Is Microsoft at fault for Web site cracking spree?

Last week was a lousy week for Web site administrators. Depending on your expert of choice anywhere from just over a hundred-thousand to half-a-million plus Web pages had been hacked to turn this into malware-spewing portals.

Panda, the security company, suggested that a recently unveiled ‘elevation of privilege’ flaw that could be used on XP SP2, Vista, and, far more significantly, Windows Server 2003 and 2008 could be at fault. While the elevation of privilege vulnerability can’t be used to gain full-control of a system, it can be used to get control of accounts that are often used to run Microsoft’s IIS (Internet Information Services) custom applications. So, for example, if you’re running a Web application that uses ASP.NET in full trust mode, your site is crackable.

Microsoft, however, is denying that this wave of attacks have anything to do with IIS or with this particular security hole. Instead, Bill Sisk, a communications manager at Microsoft’s Security Response Center, said the attacks appeared to be ordinary SQL injection attacks.

OK, so whose fault is it then? Much as I like to pound on Microsoft, this time it doesn’t seem to be their fault. Well, not entirely the boys from Redmond’s fault anyway.

More >

April 28, 2008
by sjvn01
0 comments

SCO gets it Day in Court

Years into its legal wars against Linux, SCO gets another chance to go to court on April 28th. However, the case at hand, one last attempt to show that it, and not Novell, owns Unix’s copyright isn’t the case, SCO wanted. Instead of threatening the legality of Linux, this four-day trial will only determine whether the hot water SCO is in is boiling or scalding.

Continue Reading →

April 27, 2008
by sjvn01
4 Comments

Shuttleworth Acknowledges Ubuntu’s Debt to Debian

New comers to Linux sometimes think that Ubuntu sprang forth from Linux as a totally new creation, the next generation of Linux. Old-hands at Linux know better. Now, Mark Shuttleworth, CEO of Canonical, the company behind Ubuntu, sets the story straight for those to whom Ubuntu 8.04 is the be-all and end-all of Linux.

In his latest blog posting, Shuttleworth once more acknowledges the debt Ubuntu owes to other open-source developers and projects. After opening by thanking the Ubuntu community, Shuttleworth moved on to thanking the larger free software world.

Shuttleworth wrote, “I’m very conscious of the fact that Ubuntu is the pointy edge of a very large wedge – we are the conduit, but we exist only because of the extraordinary dedication and effort of thousands of other communities and projects.”

In particular, “We all owe a great deal to the team who make Debian’s ‘unstable’ repository possible, and of course to the upstream projects from GNOME and KDE through to the Linux kernel. We hope you will be proud of the condition in which we have carried your excellent work through to the users of Ubuntu.”

Continue Reading →

April 25, 2008
by sjvn01
2 Comments

Vista Network Speed-Up Tip

I hate Vista, but since one of the things I do is track operating systems, I keep it running on one (1) system.

One of the things I find remarkably disagreeable about this junker of an operating system is that its network software is just awful. For example, it took me quite a lot of digging before I found a way to get Vista to work at all with most NAS (Network Attached Storage) devices.

An eternal problem with Vista, and one I’m not alone in finding, is that it’s slower than the guy in the left-hand lane who doesn’t understand the concept of ‘passing’ when it comes to transferring files across my network. How slow as it? There were times, on a 100Mbps connection when I was averaging a MB transferred ever 7 seconds. That would be great, if I were transferring files over my 3Mbps DSL Internet connection, it’s horrible on a LAN.

I had hoped that Vista SP1 would solve this problem. It didn’t.

Continue Reading →

April 25, 2008
by sjvn01
0 comments

CAPTCHA Meltdown

It seems like it was the just the other day that I was writing about how CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) was quickly becoming completely useless for Web security. Actually, it was just the other day-two days ago-but I was wrong. CAPTCHA is already completely useless.

I found the proof of this in the Web security company WebSense’s Sumeet Prasad, a threat analyst, latest blog. There, he declared that there’s now a botnet-based program that can beat Google’s Blogger CAPTCHA.

The program’s not terribly good at breaking Blogger’s CAPTCHA. WebSense estimates it has an 8% to 13% success rate and it takes about 35-seconds per attempt. But, with hundreds to thousands of zombied home PCs doing nothing but trying to create fake blogs, the program doesn’t have to be very good at it.

More >