Johnny Cash Lyrics

Johnny Cash Lyrics
A sok fekete hír után hallgassátok az új év alkalmából a legendás "Man in Black"-et. (Flash kell)

IBM Grid Near 50,000 machines - Slashdot Users #13

another similar writes "IBM's World Community Grid is off to a roaring start. Since kicking off six weeks ago (original Slashdot story), the grid has grown to almost 36,000 users with almost 50,000 machines. Growth continues as more media coverage hits. There is a team of Slashdot users - currently ranked 13th in points with only 79 members. If you have spare cycles, download the software, join us and crank for medicine. For those of you with dual processor systems, you'll have to use a homebrewed tool - beyond two is not supported yet. Alas, you also have to be running Redmond's finest. According to their FAQ, a Linux client is slated for development in 2005."
[Via Slashdot: ]

[Listening to: The Last Redemption - Wasp - Neon God - Part II - Demise (13:39)]


Free Anti-virus protection for Microsoft users from CA

Happy Holidays! For those of you who haven't already gotten enough presents, here's one that can help you stay secure...Computer Associates is offering a free one-year subscription to their eTrust EZ Armor LE product which combines their anti-virus and firewall products. You can also get just the eTrust EZ Antivirus at half-price. Details on the offer can be found at http://www.my-etrust.com/microsoft/, and according to the site, the deal's good through February 1st, 2005, so don't wait too long.


[Via Microsoft WebBlogs]

[Listening to: Trail of Tears - Wasp - Dying For The World (5:50)]

Szoftvermérnökök, akik specifikáció nékül vágtak kód írásába

Gerilla magyar fordítások A cikkeket írta: Joel Spolsky Funkcionális specifikációk egyszeruen Funkcionális specifikáció írásáról szóló cikksorozat. Szoftvermérnökök, akik specifikáció nékül vágtak kód írásába, azt gondolják, hogy úgy is remek programozók, csípobol lonek. De nem. Valami szörnyen terméketlenek. Rossz kódot írnak, gyenge minoségu terméket készítenek. Ez óriási kockázattal fenyeget, ami teljességgel indokolatlan.

To the optimist, the glass is half full. To the pessimist, the glass is half empty. To the engineer, the glass is twice as big as it needs to be.
[Listening to: Es mindig is ejjel lesz mar - Béla Bartók - (1:48)]

Barts PE Builder 3.1.2

Bart's PE Builder helps you build a "BartPE" (Bart Preinstalled Environment) bootable Windows CD-Rom or DVD from the original Windows XP or Windows Server 2003 installation/setup CD, very suitable for PC maintenance tasks. It will give you a compl...
[Via MSFN - Where People Go To Know]

[Listening to: Hajnalban az elsot leltern - Béla Bartók - (3:47)]

Instant Messenger Password Recovery

Egy ügyfelem kisfia elfelejtette MSN Messenger-ének password-jét. Na most nekiesve a keresésnek találtam számos jó fizetős programot (pl. Advanced Instant Messengers Password Recovery 30 USD), majd egyszercsak ráakadtam erre az oldalra: NirSoft. Itt virított egy Messenpass nevű 83 kB méretű program, mellyel azonnal megkaptam a Mirinda és az MSN Messenger password-jeimet. Jegyezzük meg, hogy Passport is van!(minek?) Az oldalon lévő többi program sem akármi! A Mail Pass View mind a 12 mail pwd-met jól eltalálta, ugyanígy a Dialupass, a Protected Storage PassView-t nem volt erőm kipróbálni, értesítsetek, ha működik.


Citrix and Microsoft Renew their Licensing Deal

Citrix and Microsoft announced today that they're renewing their cross-licensing agreement for another five years.

The press release was light on details, although it appears that this is nothing more than an extension of their current agreement. The current agreement, previously renewed every three years, is what allowed Microsoft to get the core Terminal Server code from Citrix and Citrix to get the Windows source code from Microsoft.

The press release mentioned the word "Longhorn" five times, although it didn't say what Citrix was going to be doing with Longhorn or in the Longhorn timeframe.

Most likely, the main point of this press release is for Citrix to convince people it's okay to buy MetaFrame and that MetaFrame will still have value in the Longhorn timeframe.

Mark Templeton's quote was filled with the requisite terms ("exciting," "integration," "help us deliver solutions," "help us better serve our customers, "great value to customers," and "agreement is a driver of innovation.").

Microsoft's response from Bob Muglia (SVP for Windows Servers) was equally as insightful. "We are excited to expand our business relationship with Citrix Systems in order to better serve our customers. This collaboration will result in an improved and more extensible Windows Server platform for ISVs that broadens the solutions for Windows server and ensures that Windows 'Longhorn' Server will be the best platform for access solutions available in the market. Furthermore, this technology and patent licensing agreement provides an important context for our collaboration with Citrix." Continue At Source

[Via Bink.nu]

[19:09] Adobe Reader 7.0

Megjelent és letölthető jól, ezzel akár mán PDF űrlapokat is tölthetünk majdan ki.

Ja, és bazi gyorsan indul "hekkelés nélkül" is. :-)

Letöltés: Adobe Reader 7.0
Forrás: neowin.net

[Via X-COM Microsoft/Windows blogja]

Tényleg gyorsabb, de ráfér a hekkelés. Hekk:ar-speedup
  • komplett kitörli az előző verziókat, kivéve a shortcut-okat a desktop-on
  • Optimizál az installáláskor
  • miért restartol?

[Listening to: Es mindig is ejjel lesz mar - Béla Bartók - (1:48)]


Autoruns v6.1

Autoruns, a program that shows you what images are configured to automatically start during boot and logon, now will show you the auto-starting images for other user accounts stored on a system.
[Via Sysinternals]

[Listening to: Overture - W.A.S.P. - The Neon God part one: The Ris (3:32)]

Windows Internals, 4th Edition

The definitive book on the internals of Windows 2000, XP and Server 2003 and the revision to Inside Windows 2000 is now at the printer! Find out what's in it and preorder your copy today.
[Via Sysinternals]

Mega Merger: Symantec and VERITAS

Symantec and VERITAS announced their intentions to merge. The merger would create a security company with approximately $35 billion in potential revenue.
[Via Windows IT Pro Magazine - Windows IT Pro Magazine]

Na most hogyan lesz az ntbackup-pal?
[Listening to: Stone Cold Killers - W.A.S.P. - Dying For The World (4:56)]

OpenOffice 2.0 Preview Release

gmuslera writes "A preview release of OpenOffice.org 2.0 was released, which has new features like better MS-Office compatibility, an Access-like program and a more. Here is a review of it with screenshots and how it performs. It's work in progress, maybe not recomended for production sites, but it is a good sample of what is coming."
[Via Slashdot: ]

Exchange 2003 Offline Address books (OAB) Best Practices guide

If you want to know how to deploy and manage OAB's in your organisation, then read this document.  It also has some useful tips on how to automate the deployment of OAB's when you deploy the client along with useful tips on administering the OAB .

[Via Bink.nu]

The Ten Worst Products of the Year

WaZiX writes "Not sure what you want to buy for christmas? Well me neither, but PCMag has an interesting article on what they consider to be the 10 worst products of the year, so at least you know what not to buy. Helpfull article that picked out products from different categories such as PDA's, Notebooks and MP3 players."
[Via Slashdot: ]

[Listening to: Fear of the Dark - Iron Maiden - (0:-1)]


Smoke - Windows Installer Validation Tool (Download)

The Windows Installer validation tool I’ve been babbling about for a few days now is available for download on DeployNow!  Stop by and check it out:


I’ve even enhanced it a bit more to allow for either delimited text output, or xml.

Included in the zip file is a sample batch file that shows how conditional logic can be applied based on smoke’s return value to take alternative courses of action if problems creep into your msi files.

Enjoy – and make sure you link to it, blog about it, and give me some feedback on it!

[Via A .Text Community]
[Listening to: Clockwork Mary - Wasp - Neon God - Part II - Demise (4:19)]

Open Letter to a Digital World

jg21 writes "Exasperated after spending 5 hours removing spyware and trojans from his wife's Windows PC, sysadmin Chris Spencer has written an impassioned Open Letter to a Digital World. In the letter he reviews the 'elephants in the closet' - i.e. unfixed bugs and glaring security vulnerabilities - that Microsoft in his view hopes ordinary users will ignore, including some discussed in previous Slashdot stories."
[Via Slashdot: ]
[Listening to: The Demise - Wasp - Neon God - Part II - Demise (4:00)]


FireFox 1.0+:The Official Win32 20041216 [Trunk] build is out. - MozillaZine Forums

The Official Win32 20041216 [Trunk] build is out. - MozillaZine Forums


Microsoft could soon charge for spyware defense tools

Microsoft disclosed plans Thursday to offer frustrated users of its Windows software new tools within 30 days to remove spyware programs secretly running on computers. But it might cost extra in coming months. In a shift from past practice, the w...
[Via MSFN - Where People Go To Know]
[Listening to: Die With Your Boots On - Iron Maiden - Piece of Mind (5:26)]

Linux Desktop Migration Cookbook from IBM

almondjoy writes "I was project leader for publication of this recent IBM Redbook, available for free download here: Linux Client Migration Cookbook: A Practical Planning and Implementation Guide for Migrating to Desktop Linux. At this point, I'm gathering input for what we could improve on, and what additional topics should be covered in a second version of the book. I realize this is a broad topic to cover in a rapidly changing environment. And because these books are developed by IBM there are some content limitations. Nonetheless, in the next version we want to continue making the book as useful as possible for anyone considering a migration to Linux on the desktop."
[Via Slashdot: ]

Download IBM Redbook: Download IBM Redbook
[Listening to: Flight Of Icarus - Iron Maiden - Piece of Mind (3:50)]

New generation of hacking tools puts many more Wireless LANs at risk

This week, Michael Ossmann of SecurityFocus released an alarming article on the recent advancements in wireless LAN encryption cracking that put many WLAN networks once thought to be secure at risk. Even though the WPA standard brought us TKIP encryption in 2003 and the 802.11i standard brought us AES encryption this year, many organizations and enterprises are still using Dynamic WEP to encrypt their WLAN data to keep hackers from seeing sensitive data or gain unauthorized network access. Because Dynamic WEP was thought to be relatively safe and didn't have any special hardware/firmware/software requirements like TKIP or AES, many organizations have held off on their migration plans to the newer WPA standard -- let alone the 802.11i standard. Unfortunately, the lease ...
[Via ZDNet Blogs]
[Listening to: Where Eagles Dare - Iron Maiden - Piece of Mind (6:12)]

Microsoft Sneaks Out 'Critical' SP2 Fix

There is a serious Windows Firewall bug in Windows XP Service Pack 2 and Microsoft has issued a "critical" fix for it.
[Via Microsoft Watch from Mary Jo Foley]
[Listening to: Mother Russia - Iron Maiden - No Prayer For The Dying (0:-1)]


Index - Vélemény - Az internet arca

Index - Vélemény - Az internet arca
Hát a két sosem hallott, de nyilván virágzó intézmény (Informatikai Érdekegyeztető Fórum, Informatikai Felhasználóvédelmi Iroda) qrva nagy jódolgában hülye kérdéseket tesz fel "arra ösztönzi a gyerekeket és a boldog lelkű felnőtteket, a műkedvelő kicsiket és nagyokat, a kezdő és profi designereket, hogy rajz (festmény) vagy egyéb formájában mutassák meg, milyennek képzelik el az Internet arcát, alakját, kukacmentes szimbólumát", meg is kapja rá az illő választ.

"Windows: Suspend or Hibernate" added to RunDLL32 Scripting

Allows putting computers configured with suspend or hibernation support into the desired state. Supports configuration as specified in the Microsoft KB article cited.
[Via Dx21, LLC]
[Listening to: 06 Transylvania - Iron Maiden - Iron Maiden (4:19)]

Exchange 2003 Disaster recovery articles

From: blogs@msdn

I presented at a TechNet evening on Disaster Recovery for Exchange 2003 the other night and had several questions about web resources to assist with Disaster recovery.  So here they are for reference:  I'll create some BlogCasts of the demos and post them on my blog too.

How to recover items that have been deleted by using Shift + Delete (Hard Deleted)

Whats new in Exchange Server 2003

Disaster Recovery for Exchange 2000 Server

Disaster Recovery for Exchange 2003

How to Backup and Restore Exchange using Windows Backup

Disaster Recovery includes Metabase backup and restore

Exchange databases are not mounted

Backing up and restoring the Metabase

How to protect Exchange data from Hard disk failure

Exchange 2003 Data backup and Volume Shadow Copy services

Using Exchange Server 2003 Recovery Storage Groups

Restoring from an OST after Deleting the Mailbox

Exchange Mailbox merge wizard - Exmerge

Maintenance, backup and disaster recovery for Exchange

Move Exchange to New Hardware

Exchange 2000 Support

Using LDIFDE to import and Export to Active Directory

Windows Server 2003 command line tools

Restoring Exchange Server 2003

Using Recovery Storage groups in Exchange 2003

[Via Microsoft WebBlogs]

[Listening to: The Flame - W.a.s.p. - Wasp (3:40)]

Adobe Acrobat 6.0.3 Professional and Standard Update

This update addresses several potential vulnerabilities in Adobe Acrobat Professional and Standard versions 6.0.0-6.0.2. Note that currently there are no known malicious exploits of these vulnerabilities. Adobe recommends that all users of Adobe ...
[Via MSFN - Where People Go To Know]

A download helyét nem közvetlenül adták meg, még egy csomót kell egerészni és várni, különösen IE és FF esetén. Leggyorsabban Opera-val jön le.
A letöltés helye Windows-ra: Acro-Reader_603_Update.exe
Aki a PDF SpeedUp-ot használja, a következőket kell tennie: -run pdfsu.exe -restore -run Acro-Reader_603_Update.exe -run pdfsu.exe -optimize
[Listening to: Nightcrawler - JUDAS PRIEST - Painkiller (0:-1)]

Bart's PE builder v3.1.0 released

Major changes:

- Completely new user interface (http://www.nu2.nu/pebuilder/images/high/pebuilder.gif)

- Removed the resource limits (user resources limit & 24 hour time limit)

- New (easy) way of adding storage and network drivers

- Added CD burning

- Added a slipstream dialog that helps less advanced users to slipstream

their windows installation files. See menu "source->slipstream"


[Via Bink.nu]
[Listening to: Revengeance (Be Thy Name) - Wasp - Dying For The World (5:21)]

MIT Tech Review looks at Google and Microsoft

MIT Technology Review: What's next for Google.

This is a must-read article for anyone interested in Microsoft or Google.

My take? Google got where it did by focusing on what people want. I know that intimately. I'm still a big fan of Google. Why? Because they gave me a better search engine when the rest of the industry thought that search was done.

Guess what, it's not done, even today. Feedster, Pubsub, Technorati, Copernic, X1, Yahoo, MSN, and others remind us of that every single day.

They also took a stand against anti-user advertising. Go to Google. Do you see any color advertising? Any popup ads? Any blinky crap?


I'm sure that more than one Google salesperson has come to Sergey and Brin with a multi-million-dollar deal to take some Flash-based ads.

Sergey and Brin keep turning down the money. They have a philosphy. And it's brilliant.

Watch the users and give them what they want while also figuring out a business model. Sergey and Brin noticed that people will read -- and click on -- blue underlined text. You know, standard old HTML. And look at all the ads. They are standard old HTML. Nothing fancy. But they are making billions because they turned down the short-term multi-million-dollar deals.

They have a philosphy. Their product shows it. It's user centric.

So, what's the lesson for me? For Microsoft?

Serve the users.

Serve the users.

Serve the users.

Yeah, I wouldn't be suprised to see Steve Ballmer jumping around in a month or two getting us to cheer that.

But Ballmer had it right when he cheered "developers, developers, developers."

You see, how do you serve the users? Especially in a hyper-competitive space? Get developers to help you out. Get content professionals to help you out. Get geeks to help you out.

How do you do that?

1) Share the love (and some cash). Why do I still love Google to this day? Because Google always ranked my sites properly. Other search engines still don't. Including MSNs. By properly I mean that sites that are more relevant than mine are higher than mine, but sites lower in relevance than mine are lower than me. I still remember seeing porn sites getting higher ratings than my sites on Alta Vista when you searched on "netmeeting" (I started a well-trafficed site for NetMeeting).

But "share the love" goes deeper than that. Google is sharing revenue with the Web. Does Yahoo help me make money? Does MSN? No. By being selfish MSN is telling people to go to Google. This pull is strong. And getting stronger.

2) Let developers play. Here Microsoft should learn from Bill Gates' earlier decision to let third-party components plug directly into Visual Basic's user interface, er, IDE.

This let a sizeable developer community build products that enhanced Visual Basic. I know, I helped build ads for some of the component vendors.

By building an open platform Microsoft encouraged a sizeable industry (enough to sell hundreds of thousands of dollars in advertising in the magazine I was working for every month).

3) Serve the geeks (a little bit). Enough to make them go "ooohhh, they care about me." Look at the MSN Desktop Suite team videos I shot. Those guys put in some secret registry keys (that now aren't so secret) to make the UI better. And they put in some advanced shortcut functionality. My dad won't care about that, but the geeks sure will. In fact, look at the bloggers who are liking the new suite. They are praising it because of these features.

4) Be transparent. Invite users in. Let them help design the product. Listen to your MSN Search Champs. Videotape your design meetings. Bring everyone inside your strategy meetings and your design meetings. Let everyone participate in improving the search engine. Getting interviews with the team up was excellent. It sure helped you get your message out faster. But, now, go the next step. Bring all your customers inside the company and let them tell you what they need.

Listen, listen, listen.

See, there are more innovations ahead. Sergey and Brin listened. And now they are both billionaires.

Who's next?

[Via Scobleizer: Microsoft Geek Blogger]

Egyszer már elolvastam, de legalább még 1* el fogom,
[Listening to: The Raging Storm - W.A.S.P. - The Neon God part one: The Ris (5:45)]

Tips for migrating a physical computer to a virtual machine (part 4)

Ben Armstrong blogja:

Well we are at the final post in my series on migrating a physical computer to a virtual machine.  If all other steps have failed the last thing to check is the HAL that is being used by the operating system.  The HAL is the 'Hardware Abstraction Layer' and is responsible for some of the lowest level access in the system.  You can find out about all the various HALs here: http://support.microsoft.com/default.aspx?scid=kb;en-us;309283.

Having the wrong HAL loaded can result in:

  • Blue screens during boot
  • Unrecoverable processor errors
  • Boot simply 'stalling' and never finishing

In order to update the HAL you should boot into the recovery console (as described here: http://blogs.msdn.com/virtual_pc_guy/archive/2004/12/10.aspx).  You should then change directory to the \WINDOWS\SYSTEM32 directory and run "expand D:\I386\HALACPI.DL_" followed by "copy HALACPI.DLL HAL.DLL".

Note - this method is not officially supported by Microsoft - but I have found it to be very handy :-)


[Via Microsoft WebBlogs]

Part 3
Part 2
Part 1
[Listening to: X.T.C. Riders - W.A.S.P. - The Neon God part one: The Ris (0:-1)]

:: w.bloggar News::

:: w.bloggar :: 13 December 2004 Almost there: v4.00 RC3 + Mozilla Version This is to announce a new release candidate to the Premium Users. This is the last one, before the final release, it comes with a major change: No longer uses registry to save the accounts and settings, all is stored now on a file called settings.xml, that can be exported and imported. The Premium Users can Download RC3 IE and Mozilla versions at the Beta Forum. The 4.00 final release still planned to the end of the current week.

Writing Secure Code

First of all: Remove the limit on TCP connection attempts

One of the things that my team is responsible for is helping developers understand the importance of writing secure code and how to do it. Rick Samona has joined my team and is working with security experts like Jeff Cooperstein and Michael Howard to begin the process of helping developers think more about security. We did some research and we found that about 50% of developers think it is important to write secure code (what about the rest?) and that they even feel security is more their responsibility than the responsibility of system administrators. And about two-thirds of them they feel like we (that's we, the industry, not just we, Microsoft) don't provide them with enough information, tools, guidance, and so on to write secure code.

So Rick is going to start to make it easier to write secure code (right after he gets my coffee). [Rick made me add that last bit.] One of the things he did was to pull together information in response to a question about requiring administrator privileges to install or run an application. I found it to be a good read, so I'm including it below.

But my main question is, what should we be doing to make it easier to write secure code?

Microsoft Recommended Best Practice

Microsoft encourages that as a best practice developers write their applications to execute with the least privileges to get the job done. The reason for doing this is quite simple â€" if an attacker creates a security vulnerability and it penetrates your system, whether it be a Trojan horse or virus, this code will run at the same privileges as the compromised process. In Writing Secure Code, Second Edition, Michael Howard states that "I haven’t been [using an admin account] for over three years, and everything works fine. I write code, I debug code, I send e-mail, I sync with my Pocket PC…" Microsoft has been working on several things to make writing least privilege applications as easy and streamlined as possible.

We recommend that before a developer creates an application, he/she should write down the resources it must access, special tasks it must perform, and the necessary permission settings. Many times the developer will notice that there is not need to create the application to need admin privileges.

There are three main reasons for developers writing applications which require elevated privileges:

1. An Access Control List (ACL) issue

2. A privilege issue

3. Using LSA Secrets

Many times these can be avoided. More information can be found in "The Challenge of Least Privilege."

Windows XP

With Windows XP, Microsoft allows users to do something special when running an application that requires admin privileges. A user can use the runas command or click on the shortcut for the application and check the Run as Different User option.

Visual Studio 2005

Visual Studio 2005 has evolved to make writing secure applications easier than before, including least privilege applications. VS 2005 allows developers to develop and debug applications as a least privilege account. So, for example, if a developer is writing an application that targets least privilege users, the developer can now developer and debug this application as a least privilege user himself. This makes developing the application much easier, because if the developer inadvertently writes the application in a way that requires higher privileges (i.e. write to the registry), then the application will not run since the current login is not an administrator. This was not the case before. This will be true for both unmanaged and managed code.

Furthermore, VS 2005 will enable developers logged in as an administrator writing managed code to run the code in a sandbox using custom privileges. This is called Code Access Security and is provided by the .NET CLR. Let me give an example:

Assume that a developer is logged in as an administrator and he/she is developing an ASP.NET application that launches calculator on the computer. This is obviously not something a developer should want an ASP.NET application to do. If the developer tests this, it will obviously run since it is running on the developer’s privileges. Currently, the only way to know if the application will run under least privilege is to post it on the website and run it. With CAS, the developer can select what privilege the application should run at and test it. So, for this ASP.NET application, the developer can select "Internet privileges," and when he/she tests the application, it won’t run. It will also highlight the chunk of code that has the issue in order to aid the developer to fix the problem.

This will make the process of writing least privilege applications much more simplistic and streamlined.


Longhorn will introduce even more functionality for least privilege â€" the idea of Application and Deployment Manifests. Application Manifests will allow application developers the state what permissions their application requires to run properly. Deployment Manifests allows System Admins to indicate how much trust they have in an application. This is a high-level explanation of a powerful functionality which will work for both managed and unmanaged code.

To simplify security both for admins and end-users, Longhorn will have only two levels of system access: least privilege and administrative. Developers will need to make a choice of how they want their applications to run and write the code accordingly. For example, developers will have to store the application state in the user profile, not in the Program files directory.

Addition Resources

The Challenge of Least Privilege


Security in Longhorn: Focus on Least Privilege


Chapter 1: The "Longhorn" Application Model


Michael Howard and David LeBlanc

Writing Secure Code, Second Edition, pages 60-62

[Via Microsoft WebBlogs]
[Listening to: Why Am I Nothing - W.A.S.P. - The Neon God part one: The Ris (0:58)]

Internet Explorer Developer Center

And then there were 50...

OK, maybe there aren't 50 Developer Centers (yet — it just feels that way some days), but there is now an Internet Explorer Dev Center. With new content, even! Learn what SP2 and future advances have in store for you. It's worth saving the link, even if all you need to do is find the DHTML reference, as I seem to have to do a lot.

Ráfér, mit is fognak csinálni? Új weboldalt?
[Via Microsoft WebBlogs]

[Listening to: The Raging Storm - W.A.S.P. - The Neon God part one: The Ris (0:-1)]

Paradigms lost

Mennyire igaza van britton.manasco-nak
Well, the week may have started with the announcement that Oracle would acquire PeopleSoft. However, Tim O'Reilly, founder and president of O'Reilly & Associates, has provocatively stated that "eBay will someday buy Oracle." O'Reilly's facetious point is that the interconnected, global Web is enabling a new power shift that tends to commoditize software much as software arose amid the commoditization of hardware a generation before. "[C]ompanies like eBay and Amazon that are not really now thought of as computer companies or players in the computer industry may one day be seen in that way," he says in an interview with David Kaye at IT Conversations. Just as IBM underestimated Microsoft, so too, might the power of today's digital savvy "end user" companies ...
[Via ZDNet Blogs]

Windows XP SP2: Remove the limit on TCP connection attempts

SpeedGuide.net :: Windows XP SP2: "Remove the limit on TCP connection attempts
Windws XP SP2 introduces a few new twists to TCP/IP in order to babysit users and "reduce the threat" of worms spreading fast without control. In one such attempt, the devs seem to have limited the number of possible TCP connection attempts per second to 10 (from unlimited in SP1). This argumentative feature can possibly affect server and P2P programs that need to open many outbound connections at the same time. Rant: The forward thinking of Microsoft developers here is that you can only infect 10 new systems per second via TCP/IP ?!?... Keep in mind that would still make 10^60 in a single minute, (that's 10 with 60 trailing zeros...) if everyone already infected also infects 10 new computers per second. In other words, even though it is not going to stop worm spreading, it's going to delay it a few seconds, limit possible network congestion a bit, and limit the use of your PC to 10 connection attempts per second in the process ! I have no problem with the new default setting limiting outbound connection attempts. Still, users should have the option to easily disable or change this setting. I might be going out on a limb here, but ever since the introduction of Windows XP I can't help thinking that I dislike all the bult-in Windows "wisardry" in a sense that the system also limits user access. That irritating trend to ease the mental load on end users is somewhat insulting, considering that Windows is to make the more "intelligent" choice instead of the end user, as well as limit their access to tuning such settings... End of rant. With the new implementation, if a P2P or some other network program attempts to connect to 100 sites at once, it would only be able to connect to 10 per second, so it would take it 10 seconds to reach all 100. In addition, even though the setting was registry editable in XP SP1, it is now only possible to edit by changing it directly in the system file tcpip.sys. To make matters worse, that file is in use, so you also need to be in Safe mode in order to edit it. You only need to worry about the number of connection attempts per second if you have noticed a slowdown in network programs requiring a number of connections opened at once. You can check if you're hitting this limit from the Event Viewer, under System - look for TCP/IP Warnings saying: "TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts". Keep in mind this is a cap only on incomplete outbound connect attempts per second, not total connections. Still, running servers and P2P programs can definitely be affected by this new limitation. Use the fix as you see fit. To change or remove the limit, you can use the following program: Event ID 4226 Patcher v2.11 - A patching program for removing or changing the limit imposed on connection attempts in SP2. The patcher has the ability to restore tcpip.sys back to the original... Still, you might want to back up tcpip.sys, use it at your own risk. The author of this patch can be reached @ http://www.lvllord.de/

Érdekes és komoly, hogy az MS egy security jelleg? korlátot a lefordított kódban rejt el, ezzel a jól védett rendszerek TCP/IP hatékonyságát ideális esetben 1/10^60 -ad részére csökkenti (persze a lehet?ség optimális)
[Listening to: Me & The Devil - W.A.S.P. - The Neon God part one: The Ris (0:53)]



EventMonitor is a command line tool that can display windows event log entries in real time. you can filter by event log name (system, security) and by event severity (warning, error). the entries can also be written to an output file. this file can be plain text or xml. several xsl stylesheets are included to convert the xml output to html.


[Via Rod Trent at myITforum.com]
Download: EventMonitor
[Listening to: Mephisto Waltz - WASP - The Headless Children (1:28)]

P2P In 15 Lines of Code

TinyP2P is a functional peer-to-peer file sharing application, written in fifteen lines of code, in the Python programming language.
nile_list writes "Edward Felten of the very fine Freedom to Tinker has written a 15 line P2P program in Python. From the post on Freedom to Tinker, "I wrote TinyP2P to illustrate the difficulty of regulating peer-to-peer applications. Peer-to-peer apps can be very simple, and any moderately skilled programmer can write one, so attempts to ban their creation would be fruitless." Matthew Scala, a reader of Freedom to Tinker, has responded with the 9 line MoleSter, written in Perl."
[Via Slashdot: ]
[Listening to: The Headless Children - WASP - The Headless Children (0:-1)]

nLite v0.99.5 beta

nLite is an all-in-one GUI utility that will give you the ability to permanently remove unwanted components such as Internet Explorer, Outlook Express, Media Player, MSN Explorer, MSN Messenger and a variety of other components from your own Windows ...
[Via MSFN - Where People Go To Know]
Újabb verzió
Download: v0.99.5 beta

[Listening to: Nobody Knows Anything - Anthrax - We've Come For You All (2:57)]

Response to Building a Better Browser

Scott Berkun, former Internet Explorer program manager, has written an interesting article: How to build a better web browser. A few friends have asked for my comments, so here goes.

For readers unfamiliar with my background, I'm the developer of the NetCaptor web browser. NetCaptor introduced "tabbed browsing" to the world back in 1998, long before Opera or Firefox.

Scott is right on in his opinion on intelligent bookmarks. A system that automatically builds a list of your most frequently visited sites, whether from the address bar, Links, Favorites, Aliases, or other means has been on my TODO list for years - I just need to pull the trigger one of these days.

Scott thinks Favorites should be searchable, and notes that Firefox has that feature. NetCaptor has had it also... for longer than most of my children have been alive. It would be slick to allow searching by other site metadata as well. NetCaptor just searches the actual Favorites files themselves (essentially little .ini files), and it wouldn't be too hard to add the site metadata to that file when its created.

About sidebars. I think one of the reasons that IE's sidebars never really caught on is that they are so hard to switch between. They are totally independent of one another. Want to switch from your Favorites to your History bar? If you click the History button, the Favorites bar goes away. Where'd it go? I think NetCaptor's tabbed sidebar is a much better implementation.

The part of Scott's article that really got me going was his discussion of Security and Stability.

Something is wrong if competition in any product line continually focuses on security and stability. These design attributes are basic requirements, not advanced features. You won't see advertisements for toaster ovens that say "Now, it explodes less often!"

He's right... there is something wrong - what's wrong is that the market leader IE has made security features and usability an afterthought. How many clicks does it take to add a web site to your Trust Sites zone in Internet Explorer? About 9. Tools > Internet Options > Security Tab > Trust sites icon, sites button, type the site, hit OK twice, and then you're done. And you have to type the site address correctly. In NetCaptor, its a two clicker with no typing: Security menu, Add to Trusted Sites zone. How many clicks does it take to disable javascript in IE? About 5. In NetCaptor, its 2 again. Does IE let you look at the cookies that a current site has stored on your system? Nope. Someday alternative browsers will move beyond the focus on security, but only when IE is so secure that improvements aren't necessary.

One last gripe. Scott thinks browsers should store credit card numbers so users never have to type them twice.

[P]rovide a standard secure way for me to pay for things on the web, and don’t ever require me to type in that 16 digit # again.

No, no, no. Please don't store credit card numbers locally. Why? There is no secure way to store them locally so that a spyware or trojan app can't steal them. Even if you encrypt them on your local machine, you need to decrypt them on the local machine. Anything you do on your machine is crackable, so it would be fairly trivial to write a trojan to steal that data. IE puts its autocomplete data in "protected storage", but its trivial to get it out again. I've got an app I never released that goes through and shows you exactly what's stored by autocomplete - sometimes its not pretty.

[Via Adam Stiles]
Hát egy jó browser az kéne.
[Listening to: Hangman - Roy Harper - Whatever Happened To Jugula (7:06)]


e-mail gif

Egy heavy metal oldalon láttam: Send email me
[Listening to: The Weavers Answer - Roger Chapman And The Shortlis - In My Own Time (Live) - Disc T (6:36)]

Desktop Search Tools Will Help Virus Writers

An anonymous reader writes "With desktop search tools all the rage, ZDNet is reporting that virus writers could take advantage of the technology to produce more efficient malware. "Any software that can index and capture data on a users PC will be subject to virus and Trojan exploits. It is just a matter of time," said an analyst at Frost & Sullivan. "
[Via Slashdot: ]
[Listening to: Hell For Eternity - W.A.S.P. - Dying For The World (0:-1)]

Tények és következtetés


A prosectura előtt nem fúj a szél.
A prosectura előtt nappal, derült időben mindig süt a nap.
A prosectura bejárata fölött van egy kis esőtető.
A prosectura ajtaját ritkán nyitogatják.
Az Onkológiai Intézet normális betegei a prosectura előtt dohányoznak.

továbbhasznosítható rittergő lézerek

Most olvastam az És-ben Kovács Zoltán cikkében ezt a találó kifejezést.

MSN Toolbar Suite Beta setup built by the WiX toolset.

No X-COM: ld.: uninstall gondok
MSN Toolbar Suite Beta setup built by the WiX toolset.

Since it appears lots of other people are talking about the beta of the MSN Toolbar Suite (Scoble is tracking many of them here and here) so I thought I'd take a look at it.  Besides, I'm tired tonight and not up to writing anything superbly technical.  Anyway, I downloaded the bootstrapper that kicked off the install.  It was obviously a Windows Installer package so I went rooting around for their MSI file to see what I could see.  I finally found a copy of it (in the Windows Installer cache that I will talk about some other night) and popped the MSN Toolbar Suite's MSI file open in Orca.

At first, I was pretty excited because the installation package was written using the WiX toolset (albeit a version of WiX built about four months ago).  Unfortunately, as I investigated deeper, I saw some non-ideal authoring.  For example, the Directory table has a number of entries where the short and long names for the directory are identical.  This bloats the package for no reason.  More recent builds of the WiX toolset print out a warning to inform the setup developer about that kind of unnecessary duplication.  Also, I noticed a large number of invalid identifiers in the MSI file.  Those also would have been caught if built by a more recent build of the WiX toolset. 

As you can see, the WiX toolset is slowly getting smarter about bad authoring.  I've even considered adding a "-pedantic" switch to candle.exe many times to catch things that just shouldn't be done in an MSI file.  However, for now there is plenty of error checking to tighten in the WiX toolset without the "-pedantic" switch.  But, I digress...

Fortunately, none of the errors described above are fatal with the current versions of the Windows Installer available so the Beta installed just fine (it's indexing my machine right now).  However, to ensure future compatibility with the Windows Installer at least the identifier issue should be fixed.  Also, fortunately, this release is just a beta package so there is still time for all of the issues to get fixed.  Finally, a few of the MSN Toolbar Suite guys are coming up to Redmond this week (they are down at the Silicon Valley campus) and they've scheduled lunch with me to talk about how they are using the WiX toolset.  I'll raise these issues with them again there.

Oh, and I agree with Michael Giagnocavo, "What's with the shortcut on the desktop?  Don't do that!  The desktop is the user's space.  At least ask for permission to stick stuff there."

[Via when setup isn't just xcopy]

Microsoft's alpha tester (na megvan a felelős)

If anyone should be complaining about buggy Microsoft products, it's Ron Markezich, Microsoft's CIO.
[Via CNET News.com]

Google adds major libraries to its database

Ld.: http://www.sfc.hu/2004/12/google-to-digitize-much-of-harvards.html
Search giant plans to begin converting the holdings of leading research libraries into digital files that would be searchable online.
[Via CNET News.com]
[Listening to: Die By The Sword - Slayer - Show No Mercy (3:36)]

Security research suggests Linux has fewer flaws

Four years of research by a code-analysis firm finds that the latest open-source OS beats commercial software for quality.
[Via CNET News.com]
[Listening to: The Antichrist - Slayer - Show No Mercy (2:50)]

Google To Digitize Much of Harvard's Library

FJCsar writes "According to an e-mail sent today to Harvard students, Google will collaborate with Harvard's libraries on a pilot project to digitize a substantial number of the 15 million volumes held in the University's extensive library system, which is second only to the Library of Congress in the number of volumes it contains. Google will provide online access to the full text of those works that are in the public domain. In related agreements, Google will launch similar projects with Oxford, Stanford, the University of Michigan, and the New York Public Library. As of 9 am on December 14, a FAQ detailing the Harvard pilot program with Google will be available at hul.harvard.edu."
[Via Slashdot: ]
[Listening to: Evil Has No Boundaries - Slayer - Show No Mercy (3:10)]

Open Source Math Software For Education?

Rui Carmo writes "Now here's something you don't get asked every day, but which a friend happens to need for her kids: If you had to suggest Open-Source software for mathematics - somewhere from high-school to freshman level, and not merely for 'pure' mathematics, but also applicable to physics and statistics (the kids are considering going into Applied Maths and Engineering), what would you point people toward, assuming they have access to both Linux and Windows? I know this is a niche thing and that there is nothing out there that even comes close to Wolfram's excellent Mathematica (which I used on my old NeXTCube), but surely something along the lines of (or simpler than) Calculation Center exists?" The Knoppix-based Quantian might be a good place to start; what math software do you recommend?
[Via Slashdot: ]
[Listening to: Hallowed Ground - Wasp - Dying For The World (5:54)]

MovableType Comment and Trackback Spam causing major issues

MT userek figyelem!

I know this site deals with a lot of trackback spam and we have our comments locked down because of the issues with spammers hitting this site and adding thousands of comments. Many of you have complained that you do not comment due to the typekey registration requirement. At this point we have no choice and until MovableType gets a viable solution that is they way it is going to have to be.

Some webhost are starting to shutdown some sites because of the server loads they are causing. Jay Allen who works for Six Apart is busy improving his own code the MT Blacklist so hopefully things will approve on the comment spam arena. [PhotoDude]

[Via Geek News Central]
[Listening to: Stone Cold Killers - WASP - Dying For The World (4:56)]



A Krisztina legújabb gyöngyei:
Állandóan halljuk "a szabályokat" a nők részérol. Na most itt a másik oldal. Ezek a MI szabályaink! Jegyezd meg... Mindegyik pont SZÁNDÉKOSAN az 1-es számot kapta, mert egyformán fontosak!
1. MINDEN férfi csak 16 színben lát, mint a Windows alapbeállításnál. Például a barack az egy gyümölcs, nem szín. A padlizsán az zöldség. Fogalmunk sincs, mi az a mályva.
1. Ha viszket, megvakarjuk. Így szoktuk.

[Listening to: W.A.S.P = Helldorado - - W.A.S.P = Helldorado - (4:33)]

Semiconductor Breakthrough: Processor 24 per cent faster | Technology on The Earth times

Semiconductor Breakthrough: Processor 24 per cent faster | Technology on The Earth times
Your processor can now run 24% faster at the same power levels based on the new strained silicon transistor technology, as claimed by IBM and AMD today. The New technology was named as “Dual Stress Liner”. It improves the performance of p and n channel transistors by stretching silicon atoms in one transistor and compressing them in the other transistor. New production techniques are not required, standard materials and tools can be used for volume manufacturing. AMD and IBM have jointly developed this technology; stained silicon has been made to work for the first time with silicon on insulator technology, resulting in high performance at low power. AMD’s executive vice president Dirk Meyer said "Our shared progress in developing advanced silicon technologies allows AMD to deliver today's best performance per watt." Strained silicon technology would first be integrated into all 90nm processor platforms. The multi core AMD 64 processor would also use this technology. 90nm AMD 64 would enter the market in mid 2005. IBM’s Power Architecture based chips would use this technology, products schedule for shipping in mid 2005. Lisa Su, VP Technology development & alliance at IBM and Technology Group said “Innovation has surpassed scaling as the primary driver of semiconductor technology performance improvements, this achievement with AMD demonstrates that companies willing to share their expertise and skills can find new ways to overcome roadblocks, and help lead the industry to the next generation of technology advancements”

La deuxiéme vie du Cobol

A COBOL-rol vagy rosszat, vagy semmit. Figyelemre méltó azonban, hogy a jelenleg nagygépen futó programok 75%-át ebben írták, és várhatóan jövőre a programok 15%-át is ebben fogják írni. (elnézést a hibás francia karaktarekért, akit zavar, nézze az eredetit).
Egyébként érdekel a COBOL.NET
Les éditeurs rivalisent d'imagination pour adapter le langage. Par exemple avec le Web-to-Host, Cobol Objet ou Cobol .Net.

Olivier Bibard , Décision Informatique, le 13/12/2004 à 12h00

On en parle peu et pourtant, ils sont toujours là . Le Gartner Group estime que les programmes Cobol représentent 75 % des applications d'entreprise dans le monde, soit entre 180 et 200 milliards de lignes de code. Ils constitueraient même 15 % des nouvelles applications développées en 2005.

Plusieurs éditeurs ont trouvé des solutions pour sortir ces applications de leur isolement. Les outils disponibles permettent de les relier à des systèmes plus modernes comme des serveurs Unix, des intranets ou de les faire fonctionner sur des plates-formes moins coûteuses, à base de processeurs x86.

Placer le mainframe sur le web

Les premières solutions de Web-to-Host ont fait éclater le couple terminal passif-mainframe en offrant l'accès à de la logique Cobol depuis un PC client équipé d'applications bureautiques. Cette première génération d'outils Web-to-Host , proposée par Scort, Seagull ou Attachmate, intercepte à la volée les flux de données CICS ou 5250 et en interprète les données pour les insérer dans des écrans remodelés. Les utilisateurs disposent ainsi d'interfaces beaucoup plus faciles à exploiter.

Point faible de cette technologie, l'interprétation à la volée ralentit considérablement les débits d'informations. La mise en place d'un serveur intermédiaire entre le mainframe et les postes clients a, depuis, accéléré le système. Fondée sur un serveur d'applications J2EE, cette brique intermédiaire reçoit les données du mainframe, les insère dans un fichier XML avant de les mettre en forme dans des pages HTML, JSP ou ASP, développées une fois pour toutes lors de la mise en place de la solution. Les transferts d'informations sont rapides, et le flux XML provenant du serveur J2EE peut également être transmis aux systèmes des partenaires de l'entreprise.

Autre avantage, la mécanique applicative du serveur intermédiaire cache aux développeurs Cobol la complexité d'un système Java. Le serveur intermédiaire peut aussi être appelé sous la forme d'un service web. Ces systèmes se révèlent cependant difficiles à faire évoluer. Un changement dans l'application Cobol demande de modifier les composants mis en oeuvre sur le serveur intermédiaire et les fichiers XML quand ils existent.

Fabriquer des applications objet

Autre alternative, certains éditeurs proposent des approches plus complexes permettant d'exécuter les programmes Cobol sur des machines moins coûteuses que les mainframes. MicroFocus propose ainsi un compilateur pour exécuter du Cobol avec Unix ou Windows.

Cet outil apporte une couche d'abstraction masquant aux développeurs les particularités de ces OS. « Plusieurs éditeurs développent leurs logiciels en Cobol et les compilent sur toutes les plates-formes. C'est le cas de Fidelity avec HR-Access ou du module de ressources humaines de PeopleSoft Â», précise Patrick Rataud, directeur des opérations de MicroFocus France.

Dernière possibilité proposée, le Cobol Objet. Ici, la programmation procédurale est remplacée par la logique objet. Les applications vieillissantes s'intègrent plus facilement aux plus récentes. Un composant Cobol peut ainsi être inséré dans un EJB et être présenté comme un service Web.

Cette approche laisse cependant sceptique Michel Koutchouk, PDG de la SSII Infotel : « Ce n'est qu'une ouverture, Cobol est fait pour traiter des données. L'objet a d'autres intérêts, comme la réutilisation des composants ou le développement Web. Â» Pourtant, Microsoft ne s'y est pas trompé. Le Cobol (Fujitsu et MicroFocus) fait partie des langages de programmation de la plate-forme .NET.

Les programmeurs Cobol créent avec lui des applications fonctionnant nativement sur les serveurs Windows 2000 et 2003, que l'éditeur de Seattle veut implanter dans les grands comptes. Les vieux jours du Cobol sont donc assurés.



[Via A .Text Community]

Googlism - "What Does Google 'Think' About You?"

Egy újabb alkalmazás, amely a keresőrendszer ménkű nagy adatbázisát és hatékony keresőmotorját használja.
Választ kaphatunk a Who is, What is, When is, Where is kezdetű kérdésekre.

Googlism.com will find out what Google.com thinks of you, your friends or anything! Search for your name here or for a good laugh check out some of the popular Googlisms below. "What Does Google 'Think' About You?" - Poynter.org
Who The Googlism.com concept was conceived by Paul Cherry and creatively programmed by Chris Morton. Googlism.com is in no way affiliated, sponsored or in any way the property of, or responsibility of Google.com (Google Inc). However, we do use Google.com for creating our exciting and funny results. If you have any comments, suggestions or otherwise, please contact us at mailto:support@googlism.com Googlism.com is owned by an Australian company Domain Active, there we go, we saved you the hassle of doing a whois.
What Googlism was created as a fun tool to see what Google "thinks" of certain topics and people. Of course, the results are not really Google's opinion, they're yours, the web site owners of the world. Within the Google results are thousands of your thoughts and opinions about thousands of different topics, people, names, things and places, we simply search Google and let you know what website owners think about the name or topic you suggested. When The Googlism idea was formulated in September 2002 and developed that month for a world wide release in early October 2002. Welcome to Googlism.com, what are your Googlisms? NEWS! Sometime early January 2004, Google.com adopted measures to prevent Googlism.com from querying the Google servers to find new Googlisms. We are not upset, due to the immense popularity of Googlism.com, we were requesting an average of 15,000 unique queries a day. We have just over 1.7 million unique Googlisms in total and since opening we served around 16 million total searches, or an average of 35,000 searches per day. Where Googlism.com has received links from thousands of webmasters and websites all around the world. We have had online reviews in PCMag.com, About.com, ZDNet.com, and many more. Print articles in worldwide magazines and newspapers, including one book that we know of. There are a couple of pages about Googlism in "Google Hacks - 100 Industrial-Strength Tips and Tricks" By Tara Calishain and Rael Dornfest.

Falánk űrhajósok

http://www.bbchungarian.com 2004. december 10. - A publikálás ideje 15:16 GMT Falánk űrhajósok Elfogy az élelem a nemzetközi űrállomáson, mivel az űrhajósok túl gyakran repetáztak. A földi irányítók most egy rendkívüli szállítmány indítását szervezik, de ha ez nem ér az állomásra karácsonyig, akkor evakuálni kell a legénységet. Úgy tűnik, hogy a nemzetközi űrállomás fedélzetén valaki maxi adagokat ehetett, mert az éléskamra kiürülőben van. A repülésirányítók evakuációt terveznek. Bár az orosz fél szerint az amerikaiak kicsit túlérzékenyek, amikor az étel kerül szóba, és valójában nincs is ok pánikra. Készletek még vannak, legfeljebb nem az űrhajósok kedvenc fogásai. Az űrállomás szabályai kimondják, hogy amikor kevesebb, mint 45 napra elegendő élelmiszer, víz vagy levegőkészlet van a fedélzeten, fel kell készülni az állomás elhagyására, mivel az újraellátással gondok lehetnek. Ha kevesebb, mint egy hónap marad hátra, elkezdődik az evakuációs program. Ilyenkor az amerikai asztronauta és az orosz kozmonauta szó szerint elkezdi felemészteni a vastartalékokat. Az oroszok most újabb készleteket csomagolnak a Progress szállítórakétára, amelynek indítását karácsony estére tervezik. A fedélzeten pedig egyelőre a személyzetnek jobban oda kell figyelnie az adagokra, hogy maradjanak még tartalékai.


Tyranny of the geeks

Nick Bradbury blogja hivatkozik erre:

Adam Bosworth, formerly of Microsoft and BEA and now at Google has probably written one of the best blog posts I've ever seen at http://www.adambosworth.net/archives/000031.html. Its a transcript of a talk he has given where he talks about KISS( no, not the French kind, more of the Keep it Simple, Stupid kind). Follow the link and read that post first. In fact, if you're a software developer, take a large printout and paste it over your bed for you won't hear more sound advice.But I want to deal with something Adam doesn't deal with but implies a lot. Something I'd call 'tyranny of the geeks'.

Adam talks of KISS and how the simpler interface wins out over the more complex interface in the long run. For example, Ted Nelson's Xanadu is nowhere to be seen while the World Wide Web, full of its 404s 'is' the Internet for most people. E-mail doesn't work over some complex binary format - it works over simple text messages. In the long run, simple is better. However, this is a fact sadly lost for most people today. Let me take a few glaring examples

HTML and the web :The 'crime' committed by Internet Explorer

I remember reading some comments on http://blogs.msdn.com/ie where the commenter had basically blamed the IE team for broken HTML today. He argued that IE (though Netscape had started this and not IE) had created havoc by accepting bad HTML. I think that guy is out his mind. Here's why.

Geeks like us can't live without something being strictly defined. We crave to know how exactly stuff works - vagueness and ambiguity is abhorred. However, let's look at the explosion of the Web. Almost all the best designers I know learnt their design by doing 'View->Source'. They opened up a page and seeing how the source looked like, typed out a few tags in Notepad. I remember the excitement when I first saw the output of some HTML code 5 years. Now, imagine if all I had got back was an error complaining of a tag which wasn't closed. I might have been geeky enough to try and fix it - most other people would have abandoned their foray.

Programming languages need strict interpretation - if someone makes a mistake, it would be catastrophic not to point out the error. However, the web is a visual medium. Turn the clock back to some 5 years ago when everybody and his neighbour had a personal homepage in AngelFire or Geocities. If all they had seen was an error message complaining of a tag that hadn't been closed - would they have persisted? I doubt it. Geeks would - but your average geocities homepage guy wouldn't have. If browsers aren't as forgiving as they are today, most of the customized templates on Blogspot wouldn't work. I cringe every time I see someone flaming someone else for not being XHTML compliant. Tim Bray - if you're reading this, I want to know something. Why is XML case-sensitive? No human-being ever thinks in case-sensitive terms. A is a. End of story. So now, I have a situation where writing <html> </HTML> wouldn't be XHTML compliant. And what do I get out of XHTML apart from geek-bragging rights and this strange idea of 'standards-compliance'? Does it give me more freedom? Does it help my viewers? My customers?

[Update: Be careful what you wish for you just might get it. Tim Bray posts in my comments as to why this was done]

In the 'Art of Unix Programming', Eric.S.Raymond argues for programs being liberal in the input they receive but carefully makes an exception for web browsers. Probably because crediting web browsers would mean crediting the IE team. Imagine your mom being confronted with a page which says "Broken HTML - unclosed tag". IE coming up with its best guess for an implementation is a far better idea. I love the Firefox team for being liberal on this too.

People argue that broken HTML is a problem today and this was caused by Netscape and IE being forgiving. Yes- HTML might be broken but part of the credit for the huge success of the web must go to those early Netscape and IE hackers who figured out that normal people don't care about <B><I> </B></I>.

HTML and the web (contd) : The story with CSS

I remember reading a post on www.alistapart.com which dealt with image roll-overs. I remember posting a comment saying "We're in 2004 and we're still talking about image roll-overs"? He couldnt have been more apt. Nowadays, it is the 'in'-thing to be CSS-aware. If you're dumb enough to use a table tag, you're branded as a clueless moron. However, no one really tells you why table tags are bad. In fact, the equivalent CSS for generating something like your standard sign-up form is downright scary. And with every browser (Opera, Firfox, IE) having a different idea on what 'right' CSS is, you're much safer with table tags. For those using CSS and use divs and floats to build their tables, I ask them why. Why do something that is so un-intuitive? I could teach a kid about rows and columsn. Most programmers won't understand floats and block elements and why float actually means 'float' and not 'align'. Its crazy!

The problem is that the geeks don't like the idea that the web has no structure. We, in our inherent geekiness, don't like the idea of people using font tags. We don't like the idea of people mixing content and presentation. We say "Hell..let them inherit CSS attributes!". And we like to criticize the browsers which allow normal people to use HTML. Its a typical old-boys club attitude - we don't like the idea of other people actually enroaching on our domain so we put barriers for them. We say "include your CSS files", "make everything lower-case", "understand the box model".

Somehow the rows and cells of a good-old table tag seems more alluring.

RSS aggregators and Nick Bradbury

Some time ago, there was a remarkable argument between two opposing RSS reader camps. One camp argued that all invalid RSS (and Atom) should be rejected outright. The other camp (with Nick Bradbury probably being the most vociferous), said that aggregators should make an attempt to parse bad RSS. Nick said something along the lines of how his customers wouldn't really care whether the feed has an invalid date format or not. They would just say "Show me the damn thing!". The fact that Nick was probably the only one among the lot who had to *sell* aggregators also said a great deal. If an aggregator is going to reject a lot of feeds on the basis of it being the wrong encoding or some other geeky thing, I'm going to abandon it for another aggregator which can. I remember pasting the OPML file for pdcbloggers into FeedDemon (an early version) and Feeddemon rejected it saying that it was an invalid OPML file. The geek that I am, I opened it up in Notepad and to the human eye, it looked all right. When I posted a question on this on the forum, Nick posted back saying how it was missing one trivial tag. Hundreds of feeds couldnt be loaded in Feeddemon only because someone had forgotten one tag. Seems silly doesnt it that after so many decades of computing, computer software is so dumb that it cant figure out a file which is 99% correct?

Hurray to all the Nick Bradburys of the world - we need more people like you. We need more people like you thinking of what is the best thing for the end user rather than having long and unnecessary flame-wars on what is the best way to represent a date.

A year ago, I read up a lot on the Semantic Web and RDF. I have to admit that I didn't understand any of it. Any of it. Ontologies, RDF, OWL, what not. However, you see blogs and enclosures getting the same effect with only a fraction of the complexity. I dont need smart agents to find what I want - I just search in Google and it is usally smart enough to give me what I need. I dont have high hopes for the semantic web unless they simplify and do it real soon.


Edit and Continue

This is another pet topic of mine as I have some experience with the C# implementation of EnC. A lot of bloggers have opposed EnC talking of it leading to bad software practices. I fail to understand this reasoning - why take away a tool from someone on the basis of whether it could be used harmfully? Most Windows users wouldnt be aware that something as powerful as NTSD (the debugger) ships along with their operating system. However, it is an invaluable tool when you can't install VS.NET on a machine thousands of kilometers away. The same argument holds true here - I'm debugging through an ASP.NET application and after 3 hours, I find that there is a bug due to me writing a '<=" as a "<".  You really want me to spend another 3 hours getting to that point? Is that a good use of my time? I don't think so. I remember reading an interview with one of the Id (the Doom guys) developers where he said how the addition of EnC to VC++ 6 was a huge thing to them. When you have several bots interacting at random with a 3d engine, reproducing the entire thing may not be so easy.

But this is another example of geek tyranny. Most 'hardcore' geeks don't like VB programmers. Truth of the matter is, VB gets the job done, like it or not. And for someone writing some small internal tool, EnC is a bigger deal than being asked to a set of unit tests.


Programming languages

The C and C++ hackers sneer at the Python and Perl people.I wrote a web crawler in Python recently and I shudder at the prospect of writing the same thing in C/C++. Ritchie and Stroustroup might be great geniuses - but the lack of an inbuilt string type was a huge mistake. Character arrays? Give me a break! Imagine dealing with an integer as a set of bits all the time. All these buffer overrun problems wouldn't have existed if arrays knew their size and there was no such thing as the null termination character.

The argument made in favor of C and C++ is performance. With Moore's Law, that argument has run out of steam a long time ago. Unless you're writing device drivers, there is no good reason to use C and C++ and have to worry about whether strncpy adds a null-terminating character or not. The virtual machine is the future with dynamic languages showing the way for languages. I remember seeing C-Omega for the first time - my first reaction was "Man..this is so natural!". But the purists (the geeks) wouldn't agree. They want their character pointers, their factory classes. They don't like the idea of people actually writing code without having to figure out what pointer indirection is.

I could go on and on about programming languages - but this is somewhere where KISS is really taking hold with languages like Python and Ruby showing the way.

We geeks need a reality check. And we need it soon.


This Blog Hosted On: http://www.DotNetJunkies.com/
[Via Sriram Krishnan]

An open letter to the Security Community:

Ez egy elég komoly figyelmeztetõ:
Stop surfing, browsing and using any sort of Internet viewing software.

Seriously.  Right now there are several unpatched browser vulnerabilities and one “blast through the POPup blocker”.  The sky is definitely falling.

And why do we have these unpatched vulnerabilties that are being discussed in detail with no patches?  Because someone believes that it's more responsible to disclose it to the community of folks that then turn it into worms and what not than to responsibly disclose to the vendor and WAIT for an appropriate time for us to test and apply patches. 

  • Nicolas Waisman disclosed a paper on WINS vulnerability - patch is not yet released
  • eEye while stating on their web site that they practice “responsible disclosure“ have released technical details about an vulnerability the same day as the patch is released [approximately 12 hours last time] with usually enough technical details to begin the clock ticking.
  • http-equiv-at-excite.com has regularly disclosed before allowing for a patch.
  • Liu Die Yu, in reading his essay on the Microsoft Security Resource Center titled “Die slowly this time MSRC explained“, apparently believes that going after the MSRC with verbal abuse is the noble thing to do.

These are just a view of the examples of businesses and individuals that make us more IN-secure out here.

I can hear you now say if the Evil Empire  well if they'd only write better code“.  Wake up folks.  In the book Practical Cryptography the authors state that bridge builders have a finite threats to deal with.  Gravity, water, weather.  Software coders have an infinite amount of threats, including, but not limited to, all of us pesky end users still running as local administrator around here.  [And while those say that it's hard to run as user mode, I would argue that for the vast majority, that if it were not for the insecure requirements of the applications we are running, we COULD run as user mode most of the time as many of us have no need to install software on reoccuring basis]

I'm tired of my security, my patching, being influenced by someone not even willing to use their real name. 

I'm tired of security firms that don't sell products in the small business server space that say they holding Microsoft responsible when all they do is end up hurting my community.

Patches hurt me in my community in two ways.

Firstly they hurt me when I don't know about them.  When all I do is go to Windows update and that's not enough to fully protect me.  [Granted, these days on the Internet, most “gunk” traveling the wire is tuned for XP and 2k and thus even when USAToday stuck us out there with only a strong password to protect us and netbios ports exposed, we stayed up].

Secondly, they hurt me when I apply them and they do harm.  Granted, this is happening less often, but there are still the rare times that they cause issues.  Rare is one time too many for me.

I'm sure there are folks that will tell me I'm kidding myself that the exploit is only coded “after” the patch comes out, that is, it's already been out in the exploit community and the mere release of the patch alone gives the folks out there the opportunity to reverse engineer an exploit.

But folks you are missing something.  Down here, my community is not specifically targeted.  We're road kill.  We get hit with the worms, the blasters, slammers.  We don't get hit with the specifically targeted attacks.  Ryan and Kevin stuck us out there to get hit by a MACK truck.  They weren't specifically hacking us.

So to those folks that think you are being noble, that you are holding Microsoft responsible, that you are making sure they do secure coding?  You hurt me and my community more.

Remember that we don't buy your products.

We don't know who you are down here if you are seeking fame.

We just get affected by what you do.

Remember that.  You hurt us most.

For the record, Opera is patched, Firefox has a workaround, but I'll stick stick with IE because I can group policy it and I have not heard of these actually being exploited.... yet.

[Via A .Text Community]

Switching to Google Desktop/GDPlus

Joel Ross GDPlus, nagyon jó kiegészítése a Google Desktop-nak. Testreszabható a keresés.

Copernic didn't last long. Thanks to Joel Ross I found GDPlus, a hacked version of Google Desktop which allows you to add additional file extensions for Google Desktop to index. Its works great, so now I can search my whole box for PHP, Python, Delphi, C#, C++ and other source code files. I'm not a big fan of installing hacked programs, but this will work for now. Google Desktop seems faster than Copernic Desktop Search, and I like being able to search from a browser... I always have a browser open, and now Google Desktop is just an easy QuickSearch away in NetCaptor.

[Via Adam Stiles]
[Listening to: Forever Free - WASP - (5:09)]

Hacking Google Suggest

Scoble->Nick Bradbury Nick Bradbury blogjáról kevertem ide:

Google's Suggest feature is lighting up the blogosphere these days. It functions as like autocomplete for your search box, where Google attempts to determine what you are searching for and gives you suggestions. Web tinkerer that I am, I had to dig in a little and see how this works.

At its simplest, Google Suggest is javascript code that looks at what you are typing in the Google search box. When you press a key, GS phones home and passes the current contents of the search box. The server returns some suggestions are then displayed to the user. The javascript code is a little obfuscated, more to keep the size down than to obscure the contents. You can look at it here.

The script handles the onkeydown event of the search box. When that fires, it grabs the contents of the search box and sends the contents to a Google server for suggestions.

A request to the suggestion server looks like this:


In return, the suggestion server returns some results as javascript. Here are the results that get returned when I have typed "netcaptor" in the box:

sendRPCDone(frameElement, "netcaptor", new Array("netcaptor", "netcaptor 7.5.3 crack", "netcaptor download", "netcaptor 7.5.3", "netcaptor crack", "netcaptor pro", "netcaptor 7.5.2", "netcaptor 7.5.3 serial", "netcaptor v7.5.3", "netcaptor review"), new Array("141,000 results", "169 results", "68,300 results", "2,890 results", "8,360 results", "56,500 results", "2,390 results", "213 results", "281 results", "15,900 results"), new Array(""));

Cool, huh?

Hacked appropriately, this could be a cool tool for generating related searches to a given keyword. Here's a quick, first attempt - I put together some sample code that grabs Google's suggestion for a given keyword (or partial). GPL'ed PHP source code is included.

Oh yeah - you might be interested in my earlier post about hacking Adsense for Feeds.

[Via Adam Stiles]
[Listening to: W.A.S.P = Helldorado - - W.A.S.P = Helldorado - (4:33)]