Windows security is a joke

All of this was gleened from the most recent Crypto-Gram

One person ‘s experience trying to secure Windows. One interesting point: after he does a clean install, he doesn ‘t have time to download all the security patches before his computer is infected by malware. Worth reading. http://www.techuser.net/index.php?id=47

—————————————————————-

The security of your computer and your network depends on two things: what you do to secure your computer and network, and what everyone else does to secure their computers and networks. It ‘s not enough for you to maintain a secure network. If everybody else doesn ‘t maintain their security, we ‘re all more vulnerable to attack.

In early May, stories were written saying that Microsoft would make this upgrade available to all XP users, both licensed and unlicensed. To me, this was a very smart move on Microsoft ‘s part. Think about all the ways it benefits Microsoft. One, its licensed users are more secure. Two, its licensed users are happier. Three, worms that attack Microsoft products are less virulent, which means Microsoft doesn ‘t look as bad in the press. Microsoft wins, Microsoft ‘s customers win, the Internet wins. It ‘s the kind of marketing move that businessmen write best-selling books about.
Sadly, the press was wrong. Soon after, Microsoft said the initial comments were wrong, and that SP2 would not run on pirated copies of XP. Those copies would not be upgradeable, and would remain insecure. Only legal copies of the software could be secured.
This is the wrong decision, for all the same reasons that the opposite decision was the correct one.


This decision, more than anything else Microsoft has said or done in the last few years, proves to me that security is not the first priority of the company. Here was a chance to do the right thing: to put security ahead of profits. Here was a chance to look good in the press, and improve security for all their users worldwide. Microsoft claims that improving security is the most important thing, but their actions prove otherwise.

ColdFusion7 BlackStone


Tonight I went to Mid-Michigan ColdFusion Users Group meeting to see Ben Forta speak on ColdFusion 7 CodeName: BlackStone.


First off, an update to MX6.1 is due out (circa) this fall. It will include the 60+ bug fixes that have been released as individual patches as well as a rewritten database engine. The new engine slated for release in BlackStone but was deemed too cool to wait on.


Now onto BlackStone… this is an upgrade that everyone is going to want to budget for. 🙂 The added functionality and enhancements cover so much of ColdFusion that it will have something that everyone can appreciate at some level.


Here are my notes from the presentation.


It will contain some “data entry enhancements”. CFFORM will have a format=”” attribute. When you set it to xform it will become a “sinkable form”. All you code are a bunch of form fields and it does the rest. The skins will be .XSL files (XML Style Sheets). I can 't wait to see what people do with this and download them from the Macromedia Developer Exchange.


CFSELECTGROUP will be added. This will allow grouping of datasets for use in trees, drop downs and whatever else you use grouping for.


FLASH-IFICATION!


Now this is cool stuff! CFGRID and CFTREE will have new format=”” parameters that will allow you use flash. The flashed tree and grid are far more usable than the current java ones and a lot prettier. With CFFORM you can code all of your fields and leave all the display crap out (again). Using format=”flash” on CFFORM will now return a flashed form complete with some awesome real time input validation and awesome possibilities for forms morphing and changing based on earlier user input. A great example of this used by Ben Forta was having a first and last name text box side by side with an email text box with a value of “@macromedia.com” sitting underneath it. As he typed in his first name it was dynamically showing up in the email textbox as ben@macromedia.com. Doing something in similar in java script would be messy at best.


I saw at least one new cfform field type that is going to be introduced called dateChooser. It.s a nice little pop up calendar that will allow a user to click ran than having to type a date in (in whatever format the coder wants).


<CFDOCUMENT>


This is a family of tags that will allow you to dynamically output content into a PDF or FlashPaper. It contains a cfdocument item tag that will allow you to do things like a page break or headers and footers. It also introduces the new cfdocument. Scope. It has neat things such as currentPageNumber and so forth.


 


<CFREPORT>


This is a neat one. 🙂 It will allow you generate reports of many different kind. It has a (currently) external program called “Coldfusion Report Builder” that has an interface very similar to that of MS Access ' report maker. When you use CFREPORT you simply point to the file generated in report builder and BLAMO.. Instant report. Did I just say “Blamo”?


You will be able to package your applications in an EAR, JAR or WAR file for distribution and deployment. It will contain a complete runtime version of CF as well as your application and all datasources, mappings, registered tags and so forth. You can then move that file to any Java compliant web server (aren 't they all these days?) and your app will run. It will ask for a cf license key of course… But it will run, without having to install cf.


Dreamweaver is being tweaked and will have a lot more useful CF wizards including a login mechanism and a next – previous generator.


Details on this are sketchy and we had to push Ben to get the info… But…. HomeSite may be phased out at some point to be replaced with something else. A new product. Not dreamweaver. 🙂 I 'm not sure what to expect with this and I think Ben (or Macromedia) wanted it that way. 🙂

Updating

Man, It’s a beautiful night, I have both windows in my office open with a nice cool cross breeze. Drinking an awesome white ale, listening to loud tiesto and other misc chill and trance music and coding my brains out.
This update mechanism has been hurting my head for a while now but I think I have a concept that should work. I have never had to write an auto update mechanism for any of my web apps so this was a learning experience. I ‘m taking a bit of a linux/cvs approach and allowing for multiple “builds”. Edge, stable and current.
Its going to be soooo nice once its all done. We already have about 8 sites running metazoa even though its still under constant pre-beta development… So updates are a bitch. This will be awesome once its done! 🙂

Guardian Linux

Guardian Linux is realy starting to shape up. I have a development server that I am building it on right now. The foundation exists and is stable, I am now simply writing a bunch of custom tools and wrappers and tweaking the functionality to match that of OpenBSD.
Prepare for proactivley secure linux! 🙂

Mtv Lies!

Tivo just told me that Mtv was playing music videos right now! holy shit! Music videos on Mtv?!

All excited I switch to it to see that they are on comercials. Thats fine, I can wait them out. Besides, it will be interesting to see what kind of videos Mtv deems air worthly these days.

Nine (9) minutes of comercials later they play a 4 minute Mtv News.

God, its been 13 minutes and I still havnt seen a video. People put up with this?

Still intersted in these videos that they promised I wait some more. After the news they play more comercials. After 7 minutes more of comercials I get pissed off and come to blog to rant about it. How do they get away with 20 minutes of comercials?! People still watch this crap?!

Sick and tired of being sick and tired

Bah, I.m sick again.  I keep getting these awful freaken dizzy spells.  They make it hard to concentrate on anything.  So I find myself paying upwards of $100 to visit the Dr. tomorrow to figure out what my problem is.
The whole thing really pisses me off.  I got a job about 9 months ago at SiteObjects and received a contract, signed by my employer, stating that I will have medical insurance after 3 months of employment.  I was REALY looking forward to this because I could get these dizzy spells taken care of as well as my wisdom teeth.


So after 9months of employment I get laid off and never saw insurance one.  That.s 6 months that my employer was contractually obligated to provide insurance and never did.  Now I.m unemployed and paying for it all myself with my unemployment money.


Let this be a lesson to you… research potential employers.  Its not fun to be taken advantage of.


On another note& Metazoa is coming along nicely.  The details that everyone wanted?  It.s a Content Management System secured to the teeth.  Its compliant with many security standards right out of the box (HIPPA, NSA DITSCAP and many others).  I have never seen a CMS that is as full featured as the one that war.c and I have created.  It.s in early alpha right now and should be available in beta very soon.  Look for all of my sites to be switching to it in the near future.

Busy

For the last few months I have spent all of my time concealed in my house working on a  big top secret project.  I just got back from dropping my co-conspiriters back home in Canada.


Now details of the project will slowly start surface on this page and metazoa.ca.


Im going back to bed.

Laid off

I got laid off from work today.  There is not enough client work to keep me busy and not enough development/support work till the release of the new product.


I 'm not horribly bothered by it as I have seen it coming for about a month now.  Now I just collect unemployment and try and my CISSP and GLI swinging.

Microsoft admits to themselves that they suck

quotes from an internal memo sent to Microsoft Chairman Bill Gates on February 21, 1997 by C++ general manager Aaron Contorer, a software expert.
“There is a huge switching cost to using a different operating system,” he wrote Gates.
“It is this switching cost that has given customers the patience to stick with Windows through all our mistakes, our buggy drivers, our high TCO, our lack of a sexy version at times…
“It would be so much work to move over that they hope we just improve Windows rather than force them to move,” he said.