January 31, 2004

Digital audio "primer" from ExtremeTech

They call this a "primer" and it will tell you the basics but it also serves as a really useful repository of things like audio formats, lossy vs lossless compression and so on.

Posted by tony at 03:41 PM | Comments (0)

January 28, 2004

CyberSecurity Alerts from Homeland Security

For what it's worth.

The Department of Homeland Security announced today that they have created a "Cyber Alert System" to deliver "timely and actionable information to better secure their systems" (their words). The press release is available here. They talk about providing "products" which are really just emails: bi-weekly tips for the non-techie, bi-weekly bulletins and summaries for the techie, and Alerts (in two forms, one for the non-techie and one for the techie). You can sign up for these at http://www.us-cert.gov/.

I know, I subscribe to the CERT mailings and to the Secunia alerts.

Upate 19:47: Turns out that the Homeland's updates are done in concert with CERT. Got an email from CERT shortly after I published this entry explaining this.

Posted by tony at 09:11 AM | Comments (2)

Mars photos from JPL

Photojournal.jpl.nasa.gov

Posted by tony at 09:02 AM | Comments (0)

January 26, 2004

WPA update -- System Restore the the rescue again!

I had the good fortune of upgrading my wireless setup to the D-Link DI-624 wireless router and their DWL-G650 PC card a little while back. Everything's been running quite well. The connection at home's been running at the rated 108Mbps (yeah, I know, that's not a real data rate) and I've connected to some public 802.11b access points (one at MoonBeans Coffee and a couple of McDonald's installations) as well as some friends' houses so this weekend I decided to apply the WPA update from Microsoft to see how it works.

What a disaster! I searched Google and couldn't turn up any magic bullets and wrestled with it for over 24 hours, including just uninstalling the update and nothing would restore the stability I'd had earlier. The only oddity I'd seen before the WPA update was an inability to connect to anything outside my PC after a resume from hibernation if I left ehe card in when I powered back up. Not a big deal, really -- I'd just pop the card out and reinsert it and everything would be fine. After the update I'd periodically lose connectivity and be unable to restore it (I'd get associated with the AP but wouldn't get an IP address). Only recourse was to reboot. And this continued after I'd uninstalled the update.

Fortunately, I'd created a System Restore point before installing the update (just because you're paranoid doesn't mean they're not out to get you). I restored and now everything's back to normal. Hope it stays that way.

Now, wouldn't you think the WPA update would've created a System Restore point itself? Moral of the story: never assume Windows will do something that you can do for yourself.

Posted by tony at 08:40 AM | Comments (2)

January 19, 2004

Good satellite maps

Jeff Poskanzer's site has the ACME Mapper -- good satellite mapping facilities. Lots of other goodies at the home site, too.

Posted by tony at 03:54 PM | Comments (0)

H.323 vulnerabilities -- !?!

This was released on Jan. 14 -- sorry I'm so late. CERT has issued this advisory discussing vulnerabilities in H.323 implementations. H.323 is a standard multimedia telephony protocol which most have probably experienced with Microsoft's NetMeeting. It says exploitation of the vulnerabilities could result in arbitrary code execution, denial of service or reboots.

Posted by tony at 08:20 AM | Comments (0)

January 17, 2004

Wi-Fi links

BAWUG - SF Bay Area
JiWire - General Wi-Fi resource
PracticallyNetworked - Networking, wired and wireless
WiFi NetNews - Weblog format. Part of JiWire.
WiFiFreeSpot - directory of wireless access points -- access is free although sometimes it requires a purchase of food or something like that. (added 1/18/2004)

Posted by tony at 12:31 PM | Comments (0)

January 16, 2004

Miranda can connect to Yahoo again

Like every other 3rd party IM app, Miranda was unable to connect with Yahoo once they made their switch-over to the new server (scs.msg.yahoo.com) and authentication mechanism about a week ago. Trillian, GAIM, Easy Message and others all managed to fix their code but the Miranda commuinity is pretty loose-knit and the Yahoo protocol isn't "owned" by anyone in the core team so it took a little while for someone to grab the latest libyahoo2 and incorporate it into the Yahoo plug-in. Anyway, I've downloaded it (pointer to the download location is in this Yahoo plug-in thread in the Miranda forum.

Posted by tony at 08:46 AM | Comments (0)

January 13, 2004

Bad business

RipOffReport (aka BadBusinessBureau.com) is a pretty good site that lists "bad" companies and the rip-offs they perpetrate on their consumers. It looks a bit sensationalistic and I'm tempted to not trust them because of that. I dunno, decide for yourself.

Posted by tony at 04:32 PM | Comments (0)

January 12, 2004

Yahoo! Messenger authentication changes

Yahoo's changed something in their Messenger authentication again and it's knocked my favorite multi-IM client, Miranda, out. Trillian's got it working as does GAIM and a new one that I found today -- Easy Message Express (can't remember how I found this one, sorry).

I find Miranda meets my needs better than the others but until they can get get the lastest libyahoo2 incorporated I guess I'll stick with Trillian.

Posted by tony at 09:17 PM | Comments (0)

January 08, 2004

Microsoft security page

(Reported in the January 8, 2004 issue of the Windows Client Update, an email newsletter from Windows Network and .NET Magazine)

Looks like Microsoft's trying to convince everyone that they're serious about security with this page. I think it's pretty funny, though, that they're running ActiveX on even the entry page.

Posted by tony at 04:49 PM | Comments (0)

Yahoo IM file transfer vulnerability

Another security advisory from Secunia, this time it's a filename buffer overflow in Yahoo's Messenger. It's supposedly addressed in V5.6.0.1358.

Posted by tony at 08:37 AM | Comments (0)

January 06, 2004

Microsoft Word password protection bypass

Secunia reports in this advisory of a way to bypass password protection of Microsoft Word documents. It requires using a hex editor to modify the document but, still, the protection's broken.

Another reason to use PDF?

Posted by tony at 07:21 PM | Comments (0)

January 05, 2004

Woo-hoo -- 802.11g, here I come!

I've been researching 802.11g rigs for a couple of weeks now. The best as far as distance and speed is supposedly the Netgear WGT624 108Mbps router but the 2nd best is the D-Link DI-624 router. Both products run the Atheros chipset which can bond 2 channels together, effectively doubling the data rate from 54 to 108Mbps. No, you don't actually get 108Mbps through the router ... more like 30+Mbps.

Anyway, D-Link has a $40 rebate if you buy both the DI-624 and the DWL-G650. You have to purchase them by the end of the day today (1/5/2004) and they both have to appear on the same invoice. Well, I've been looking at them on Amazon.com for well over a week. This morning they cost a little over $160. This evening they cost around $135. Even if something goes wrong with the rebate, I still feel good about this price.

Should be here in a week or two (I'm too cheap to pay extra for shipping).

Posted by tony at 07:58 PM | Comments (0)

SlickRun updated to V3.0.0.1

One of my favorite utilities, SlickRun has been updated to V3.0.0.1. It's a utility that only an old command-line jockey like myself could love. Hit a hot-key combination and up pops a little window into which you type a string of characters (autocompletion available). If the combination is recognized it'll laumch a command that you specify. Fast. And Slick!

Posted by tony at 07:48 PM | Comments (0)

January 04, 2004

Canon VB-C10R Network Camera Cross-Site Scripting Vulnerability

Reported here by Secunia. It makes sense but, I mean, c'mon! -- scripting vulnerabilities in a webcam?!?

Posted by tony at 08:52 PM | Comments (0)

January 02, 2004

Anti-SPAM site: www.deflexion.com

Nancy McGough (Infinite Ink) has been a major source of information for me when it comes to PINE and email in general. I came across her Deflexion site quite by accident and find it's also an excellent source of information, this time about email in general and SPAM and anti-SPAM measures in particular. Here is where I learned about meN@privacy.net, The SpamBouncer: a Procmail-Based Spam Filter and EmailDiscussions.com.

Posted by tony at 08:53 PM | Comments (0)

January 01, 2004

Wireless (mostly) networking pages

Network World Fusion -- focused more on the enterprise and business wireless.

Tom's Networking -- SmallNetBuilder and Tom's Hardware Networking Guide join forces

PracticallyNetworked -- by the Internet.com folks but still pretty decent.

(Update at 14:51) FirewallGuide has a wireless page. Looks just a little dated but there are some interesting links.

(Update at 14:55) How could I forget eWeek's Wireless Guide?

More as I find 'em.

Posted by tony at 02:25 PM | Comments (0)