Firefox 1.5

Firefox 1.5 should now be available.

Even mozilla.com had a makeover.

Firefox 1.5 is pretty great. My beta feedback:

  • inplace updates (rather than download and install) should help with the slew of point releases as Firefox has hit over 100 million downloads
  • speed is improved (woo!)
  • Linux ‘look and feel’ is much improved

Here’s to the next 100 million downloads!

Google Analytics – another update

A few weeks into using Google Analytics – and I must say I’m very impressed.

The data collected is stunning – for example – 70% of blog visitors use Firefox (not surprising for a tech blog)


Analytics - browsers

Also currently 5% of my blog visitors are from a microsoft.com domain. A hearty hello if you’re in Redmond right now.

Now I was tracking a lot of this before – by trawling my apache logs. Google Analytics is just easier – and it produces pretty graphs!

The only downside – and I don’t recall seeing many blogs on this point yet – is the payload of the tracking technology. The analytics uses javascript – and downloads a huge 17KB of script. It’s not a lot – but the latency is noticable on some sites.

Clean Server Power

Not UPS and filtered power – more the generation.

I’ve just signed up with Utah Power for their Blue Sky program.

I join 12,000 other Utah customers – including businesses like Uinta brewing. Sounds good to me 🙂

[Edit – I made a 80×15 button for this: Wind Powered!]

Ray Ozzie on ‘Simple Sharing Extensions’

An interesting post from Ray Ozzie – one of the most influential people to have joined Microsoft in the last five years.

I’ll paraphrase by stealing quotes:

Each of us has a mix of private, shared, and public events and meetings that we’re tracking.
Some of these we edit privately and publish to others.
The most challenging calendars we deal with are those that are “shared”
It’s tough because we use a mix of different email/calendaring systems
And the same goes for contact lists.

Sounds familar!

What we really longed for was “the RSS of synchronization” … something simple that would catch on very quickly.
so we created an RSS extension that we refer to as Simple Sharing Extensions or SSE.

Fair enough – another MS developed extension. Wait – there’s more:

We’re releasing the SSE specification under a Creative Commons license – Attribution-ShareAlike. I’m very pleased that Microsoft is supporting the Creative Commons approach; you can see more about this at in the licensing section at the end of the spec.

Now that’s smart.

Hopefully some of these concepts will be adopted in main-stream products; more cutting edge projects like Hula should be all over this.

My main concern is still around security and authorisation – I don’t want to send a private calendar to a colleague – for it to be shared publically. That’s a real problem with things like this.

Internet Explorer – another unpatched vulnerability

SANS are flagging a particularly nasty Internet Explorer problem:

the UK group “Computer Terrorism” released a proof of concept exploit against patched versions of Internet Explorer. We verified that the code is working on a fully patched Windows XP system with default configuration.

The bug uses a problem in the javascript ‘Window()’ function, if run from ‘onload’. ‘onload’ is an argument to the HTML tag, and is used to execute javascript as the page loads.

The Javascript Window() vulnerability has been known for a few months now, but it has so far been treated as a denial of service (DoS) vulnerability. The author of this PoC figured out a way to use this older vulnerability to execute code.

Impact:
Arbitrary executables may be executed without user interaction. The PoC demo as tested by us will launch the calculator (calc.exe).

In addition ot the PoC ‘Calculator’ exploit, a reader (thanks Chris R!) submitted a version that opens a remote shell. The PoC exploit allows for easy copy/paste of various shell code snippets.

In itself, the vulnerability will not escalate privileges. We are trying to verify other exploits at this point.

Mitigation:
Turn off javascript, or use an alternative browser (Opera, Firefox). If you happen to use Firefox: This bug is not affecting firefox. But others may. For firefox, the extnion ‘noscript’ can be used to easily allow Javascript for selected sites only.

Looks nasty. Fully patched Windows XP and IE 6 is at risk from this one; turning off javascript is going to break a lot of new sites..

As the man said – make sure you use Firefox or Opera.

Business value of a CMDB

Nice article this month from Line56.com – about the business value of a CMDB.

It’s by the ex CTO of Marimba – who is now CTO of the Change and Configuration Management space at BMC – Kia Behnia.

I’d expect BMC to push a CMDB message – they after all message ITIL heavily and have a CMDB product.

The nice piece about this article is the real difference ‘process’ and ‘best practices’ can bring – regardless of your management technology.

The other truth is that a single repository as a CMDB is unworkable – a ‘meta-CMDB’ or ‘virtual-CMDB’ is far more realistic. Kia refers to federated CMDB:

However, not all management data related to configuration items are appropriate for storage in the CMDB. This is why organizations should consider a CMDB based on a federated data model. Why? Just like links within the general ledger to financial details stored in the accounts receivable system, a federated CMDB links to IT details. For example, a federated approach allows for other useful management information — such as service level agreements, purchase orders, incident and problem tickets, performance and utilization data–to be linked to the configuration items within the CMDB.

NetWare uptime

It may not be fashionable to talk about tradtional NetWare anymore – but there is a vast installed base that is running this reliable NOS.

Novell Cool Solutions has been running a competition to showcase server that have been up for years.

Here is the latest round.

My favourite is this NetWare 3 server – it’s been running for nine years:

NetWare Server