From ultra-mobile PCs to high-end systems built for the road warrior, here's a look at what's sleek, light and fast in the notebook PC space.
The phishers and spammers are at it again. And what better vehicle to distribute malware than a highly trafficked, international sporting event like the 2008 Beijing Summer Olympic Games? From the convincing to the inane, here are a few scams to watch for in the next few weeks. Let the games begin.
The Chinese capital of Beijing is humming with excitement over the Games Of The 29th Olympiad. ChannelWeb offers glimpses of how tech giants are showcasing their latest technology advancements on the world's stage.
So how do you make sense of all of these tools and functionalities? A little known (until now) add-on project called MozLab might change the meaning of what it means to interact with a browser. The project is the work of a single developer at this stage.
At its core, MozLab is a shell and framework for Mozilla's browser. The code is based on the XML user interface language (XUL). For those that don't know what XUL is, just open up the Mozilla browser and look around - - Firefox's user interface is implemented in XUL. XUL uses Mozilla's open source Gecko engine for rendering.
The language is primarily used for creating new interfaces or fiddling with user interfaces and JavaScript. Firefox parses XUL like it parses any other script or language. In fact, Firefox uses the same code structures to parse HTML, XUL, DOM, CSS and other Web technologies. In a way, you can think of Microsoft's XAML as the commercial versions of XUL.
The shell tool in MozLab is called MozRepl in Firefox or Repl, for short, when it runs on a shell. With Repl, developers can interrogate user interfaces and test JavaScript functionality in real time. Repl is at version .1 in beta, so expect buggy software. Repl is supposed to work with Telnet, PuTTY and Netcat. In the lab, we were only able to make it work with PuTTY. However, the developer recommends Netcat.
Bugs aside, Repl is going to allow developers to light Firefox up. Right now, the Repl framework can connect and modify some page functionality. The power behind this add-on is that it can be done with little coding. The framework simplifies developer interactions with the Mozilla browser and Web pages. Developers can navigate to sites, change elements on pages, add new functions and test them in real time.
After looking at some the functionality in Repl, it clearly looks like it is going to play an important role in speeding up development.
On a Lenovo Thinkpad with Ubuntu 8.04 (Hardy Heron), Firefox 3 was nigh unusable for the past few weeks. The distro was released with Firefox 3 Beta 5 " and the instability was maddening " with Firefox crashing several times an hour. It didn't matter how many tabs were open, or what sites were running. Trying to close a tab (after reading my Dilbert comic for the day) often crashed the browser. At one point, we even downgraded to Firefox 2 to stop the crashes. (Crashes trump leaks when it comes to useability.)
With RC1 and RC2, the stability started to improve. With RC3, we are down to one crash a day. So far, we haven't isolated a particular web site culprit for the crash, but we suspect the pop-up ads. But is the stability thanks to the fixes made to the Firefox 3 core browser, or is it the third-party plugin AdBlock? At the moment, the add-on is doing more for this box's stability than the browser itself.
The add-ons have been slow in coming, but they are slowly trickling in (Google Toolbar! Firebug! Greasemonkey!), and will only make the browser more useable after the launch. The feature list is extensive, so it's easy to see why Firefox 3 is generating so much enthusiasm. However, one of its new features " the "smart bar" - just seems jam-packed with features that will never be used. We are ready to be proven wrong.
After almost three years of development, it seems a little silly to say that Firefox 3 feels like it was rushed out. But even with RC3, we worry about stability. We want the confidence of not having random crashes, and we want to know that memory leaks are a thing of the past. It's clearly come a long way, but with all the download hype, is Mozilla pushing out a not-quite solid product just for a publicity stunt? At least on this Ubuntu box, FF3 is not quite yet the World's Best Browser.
We don't begrudge developers their fun, but Exherbo made us pause. It shares a lot of concepts from Gentoo, but Exherbo's developers claim that it is not a true Gentoo fork. From the site, "Exherbo is a distribution designed for people who know what they're doing with Linux." In this case, that's just Exherbo's developers, apparently, since the site is very adamant the Exherbo is not intended as a user-distribution and a wide developer base is not desired. From the site: "A developer base polarised between those who make thousands of changes every month and those who make perhaps a dozen each year does not make it easy to push forwards the sort of improvements we want." Huh?
So in other words, Hi! We are playing in the open source sandbox with open source toys, but we play with only our friends. Nyah nyah.
It seems a little counterintuitive to say that users are "a detriment to the distribution's technical needs" since some of the best software features often are user-requested. It's okay -- we get it. As developers, we've created perfect applications that pesky users kept ruining because they couldn't appreciate the simplicity and elegance of our creation. All the whining for useability, error-checking, and formatting! And jealous rival developers clearly don't understand how to work with the perfect architecture.
Still, it's a little arrogant of the developers to write, "It's just that we have nothing to offer you, and you have nothing to offer us." It's the age-old tree in the forest question. If I can't get to look at the app, can't tinker with it, or even see what it does, who cares? And when (if?) Exherbo is ready for users, will anyone come?
SSH, or Secure Shell, is an encrypted protocol (using SSL) to connect to another machine. SSH also supports X11 forwarding to get graphical programs running on one machine to display on another. It is much more secure than telnet or other protocols to get to the shell prompt on a remote machine. A key generated by the server verifies that the user is connecting to the correct machine, and had not been diverted to a different (malicious) machine. Some systems assign a user-level key as its only authentication method -- no password required.
Discovered by security expert Luciano Bello, Debian's OpenSSL library was generating predictable random number sequences. This means that content encryption and authentication mechanisms using SSH were all weak, as anyone with free time could use brute-force tactics to break the keys.
The problem extends as far back as 2006, when Debian patched the OpenSSL library to fit the distribution better. The change removed the logic that seeded the OpenSSL random number generator. Without seeding, the random number generator was no longer random.
This isn't limited to only SSH, however, as the vulnerability extends to OpenVPN keys, DNSSEC keys, and key material used in X.509 certificates, and session keys used in SSL/TLS connections. All previously generated keys using OpenSSL versions starting with 0.9.8c-1 should be considered compromised.
The testing and current (etch) Debian versions are affected, but not the old stable (sarge) distribution. For Ubuntu, versions 7.04 (Feisty Fawn), 7.10 (Gutsy Gibbon), and 8.04 LTS (Hardy Heron) are all impacted.
To fix the vulnerability, all systems should download the patch to fix the OpenSSL library. Once the update is applied, weak user keys will be automatically rejected where possible so that new keys can be regenerated.
The known_hosts files should be updated with regenerated keys and old keys deleted. The update contains a ssh-vulnkey tool which can check for vulnerable keys. Unless there is a high degree of confidence that the key was generated on a safe machine (old Debian version), all keys should be regenerated regardless.
Subscribe To This Feed
