Archives for: "March 2009"

InformationWeek grasp at straws to bash IE8

InformationWeek have managed to prove their brainlessness continues. As they claim "IE8 Users Downgrade To Explorer 7".

Microsoft (NSDQ: MSFT)'s Internet Explorer 8 appears to be losing market share, even though the browser has been on the market for less than a week.

As of 8:00 am Monday, IE8 -- released Thursday -- held 1.86% of the browser market, down from a high of 2.59% on Sunday, according to market watcher Net Applications. The most likely reason for the decline is that early adopters of IE8 are switching back to the more familiar, and --at this point -- reliable Explorer 7 browser.

The Net Applications data is here. What they should have said if they weren't trying to make an ideological point was:

The most likely reason for the decline is that early adopters had to show up for work Monday morning, where they are forced to use Windows XP and Internet Explorer 6.

As we can see from the Net Applications data (which I've highlighted and marked the days for easier visibility), IE8 usage drops during working hours. This is nothing more than a high resolution version of the weekly cycle between Windows XP and Windows Vista, with Windows XP seeing greater use during the week, and Windows Vista showing greater use during the weekend.

Surprisingly InformationWeek's journalists aren't aware of this effect, despite it being core to their reporting.

Update: PC World are following along spouting the same nonsense, as have TechTree and no doubt others. Despite the fact that as of this hour (0100 UTC on the 26th) IE8 usage has climbed to 2.82% its highest ever figure.

Jade Goody dies - national IQ jumps 3 points overnight

I normally don't post things like this, but this was just too good to ignore.

Nuff said.

A Muslim Prime Minister? So what?

Over on Labourhome one poster attacks Labour MP Shahid Malik for "handing the BNP a massive propaganda victory".  What's the reported mishap?  At a conference back in 2008, Shahid Malik is reported to have said:

"I am confident, as Britain's first Muslim minister, that, in the next thirty years or so, we'll see a prime minister who happens to share my faith."

What's the big deal?  We have a Church of Scotland Prime Minister right now, we've had Church of England Prime Ministers in the past and even in-the-closet Roman Catholics.

The real issue everyone seems to be missing isn't about which supernatural intergalactic dictator somebody subscribes to, but the fact they subscribe to any supernatural intergalactic dictator.  I'd like to think that in 30 years time we would have made some progress and that we wouldn't have people in such important positions believing in such childish fairy tales.

The original poster goes on to ask:

So my question is this - how should Labour respond to Mr. Malik's remarks?

Respond to what?  He's entitled to his opinions, why should the Labour Party do anything about that? 

I do believe he's wrong and that the Christian elite are too well entrenched in this country for us to see a Muslim PM in that sort of time frame, at least not without a serious shift towards a secular state.  I'd like to think the increasing fundamentalism between Christianity, Judaism and Islam will help bolster the secular movement and drive the sensible majority in this country against religion - or irrationality in general, if its the Prince of Wales' bogus detox snake oil or supernatural intergalactic dictators at the end of the day its all the same thing - bullshit, and we should strive against it.

Charlie Miller on the lack of security on Mac OS

OneOne of the bloggers on ZDnet interviewed Charlie Miller the bloke who nailed Mac OS X through Safari in seconds at the recent Pwn 2 Own contest, one of the questions asked is pretty interesting and nicely sums up the OS security situation over the last 3 or 4 years, of course you wouldn't know it reading the press or if you get your information from Apple's PR department.

Why Safari? Why didn't you go after IE or [Firefox]?

It's really simple. Safari on the Mac is easier to exploit. The things that Windows do to make it harder (for an exploit to work), Macs don't do. Hacking into Macs is so much easier. You don't have to jump through hoops and deal with all the anti-exploit mitigations you'd find in Windows.

It's more about the operating system than the (target) program. Firefox on Mac is pretty easy too. The underlying OS doesn't have anti-exploit stuff built into it.

With my Safari exploit, I put the code into a process and I know exactly where it's going to be. There's no randomization. I know when I jump there, the code is there and I can execute it there. On Windows, the code might show up but I don't know where it is. Even if I get to the code, it's not executable. Those are two hurdles that Macs don't have.

It's clear that all three browsers (Safari, IE and Firefox) have bugs. Code execution holes everywhere. But that's only half the equation. The other half is exploiting it. There's almost no hurdle to jump through on Mac OS X.

Nice to see him mention how annoying Address Space Randomisation is (introduced with Windows Vista), which randomises where applications are in memory upon boot, preventing an attacker from knowing what address any executable code is that they've managed to get into memory. And also the No-Execute Bit (introduced with Windows XP SP2) which marks segments of memory as non-executable, preventing any code that could be inserted through say a buffer-overrun from being executed from these areas.

One of the comments asks:

Miller talks a lot about memory randomization but not much about ACL and the UNIX permissions structure. He was able to know where his exploit was in memory and access it, but was he able to do anything at the system level without throwing up a credentials dialog?

No, the goal was simply to get at user data, not run with administrative rights. To elevate one would follow up by exploiting another vulnerability which can lead to privilege escalation, of which there are far more on Unix based seems than on Windows.

Hopefully people will start to realise how insecure Mac OS X actually is. Although judging on the sort of headlines the press used to cover this, the worst of which saying IE8 released and hacked, without even mentioned how fast Safari went down, or that the build of IE8 used was a beta build and 4 months old.

Internet Explorer 8 released

Internet Explorer 8 has been released for Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008.

Highly recommended, even if IE isn't your main browser grab it from here.

Mac OS X and Safari hacked within seconds

Like last year Apple has again fallen first in the Pwn 2 Own contest. This time just taking seconds instead of minutes like last time round. Charlie Miller won the $10,000 first prize.

Internet Explorer, Firefox and Chrome are being targeted on Windows 7 (I'd imagine build 7000), and Firefox and Safari on the current version of Mac OS X. In addition this year they're also going to be working on mobile phones such as Blackberry, iPhone and Android, Symbian and Windows Mobile based phones.

As of right now, two hours after starting Internet Explorer, Firefox and Chrome are still standing.

Update: IE and Firefox have gone down.

WorldWide Telescope web client now available

The WorldWide Telescope team has released a web client for WorldWide Telescope, written in Silverlight and currently in alpha but from my testing works quite well.

WorldWide Telescope web client

It doesn't support the 3D solar system view yet, but pretty much everything else is in there, including tours. Performance isn't as good compared to the full Windows client which makes use of 3D hardware acceleration. Nevertheless it is pretty useable, and the servers at the moment don't seem to be under as much load as they were when the full client was released last year. As someone who is in the process of making a couple of tours I can't grumble at the increased install base that having a web client will bring.

Check it out at worldwidetelescope.org/webclient.

Tidying up Internet Explorer 8 a tad

Internet Explorer 8 is probably going to be released very soon. So I thought I'd do a quick article on how to tidy the thing up a bit - I'm not happy with how the UI is configured out of the box, It's not as clean as IE7. This is what it looks like right off the bat:

Internet Explorer 8

The most obvious addition is the favourites bar running along the top I'm not the world's biggest fan of this thing. If you don't like the amount of space it takes up and don't mind losing quick access to web slices you can right click on an empty area of it and uncheck the favourites bar option:

Internet Explorer 8 customisation

On resolution constrained computers like my Dell Mini 9 I also turn off the status bar (and run it in fullscreen), I don't generally recommend people do that as they lose the ability to see what website hyperlinks point to, I'd like to see a status bar that automatically hides like Chrome in IE9.

You can also tidy up the what buttons are shown, toggle if they show text and icons or just icons you can do this by right-clicking an empty area of the tab or favourites bar and going to Customise. The options for removing buttons you don't want, for example the e-mail and help buttons looks a bit like this:

Add or remove buttons from Internet Explorer 8

Here's what IE8 looks like after doing a few tweaks to it, much cleaner in my opinion.

BitLocker To Go - encryption for USB flash drives

With Windows 7 Microsoft is expanding BitLocker so users can easily encrypt USB flash drives.  What does this look like?  Well it looks a bit like this:

It then has a look at the drive for a few seconds and asks you how you want to unlock the drive, using either a password (8 characters minimum) or using a smart card and a PIN.

It then forces you to either save the keys used for encryption or print them off, good for sticking in a safe somewhere - good idea because if you forget your password and don't know the keys your data is gone.

After clicking next it'll go ahead and encrypt the drive.  This can take a while, especially on larger drives.

Once that's completed you'll be prompted to enter your password when inserting the drive.  You also get the option of automatically unlocking the drive for your user account.

If you want to read the drive on Windows Vista or Windows XP you can, as it comes with a small application that can decrypt the device to allow reading, but not writing.

Retail Empire Total War downloading from Steam

So as one might expect the Steam servers have been hammered today. And it seems a number of people who have actually brought the retail version, are having Empire Total War get downloaded via Steam instead of actually off the discs.

It took six attempts to get the install to work off the discs when I tried about 2 hours ago. You'd run the installer from the disc, Steam would throw an error saying its too busy to handle the request, and the installer would die. Upon checking the 'My Games' tab you'd see Empire Total War trickling down from Steam, not from the disc.

To sort this out, exit Steam, and re-run the installer from the disc and select the re-install option - if Steam throws another error about being too busy try it again. You'll need a patch downloaded from Steam but that isn't too big.

Trying it on my second machine 30 minutes ago was a bit better, Steam again said it was too busy but upon the second attempt the install worked properly, so it looks like the servers are getting a bit better.

Why bother? Installing from the discs is faster than downloading 15GB off Steam, which at the current rate would takes days...