apple-list February 2009

apple-list@lists.umanitoba.ca

1 participants
8 discussions

INTEREST: SuSe LINUX 11 Release Candidate available for download

by billing

The next version of both the SusE LINUX Enterprise Server (SLES) and Desktop (SLED) - version 11 - is being made available in the Release Candidate for downloads. A registration is required to complete the download process. Here's the write-up about SLES/SLED 11: Novell Downloads Disclaimer ATTENTION! By downloading the above ISO images provided for the SUSE Linux Enterprise 11 Sneak Preview, you are accessing pre-release versions of SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11. You are using these pre-release versions at your own risk! These pre-release versions of SUSE Linux Enterprise 11 are made available exclusively via download as a preview. Novell recommends to use them solely for evaluation purposes. Do not use the pre-release versions to run any system in production. Also, there is no upgrade path available from the Sneak Preview versions to the final General Availability versions of SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11, or to later versions. Novell does NOT provide any bug-tracking channel, support, services, or warranty for the use of these pre-release versions, no matter if you update from a previous version of SUSE Linux Enterprise or if you perform a completely new installation. Thanks http://download.novell.com/protected/Summary.jsp?buildid=_skp4YryXVs~

15 years, 2 months

FYI: Adobe Acrobat and Reader Vulnerability exploits PDF files

by billing

Begin forwarded message: > From: Ken De Cruyenaere <kdc(a)cc.umanitoba.ca> > Date: February 20, 2009 9:43:00 PM CST (CA) > To: um-compureps(a)cc.umanitoba.ca > Subject: [C-REPS] Heads up ! - Adobe Acrobat and Reader Vulnerability > > > There is an exploit in the wild and a patch is not expected until > March 11th. > > See below for suggested (temporary) solutions. > > ----- Forwarded message from CERT Advisory <cert-advisory(a)cert.org> > ----- > > > Systems Affected > > * Adobe Reader version 9 and earlier > * Adobe Acrobat (Professional, 3D, and Standard) version 9 and > earlier > > > Overview > > Adobe has released Security Bulletin APSB09-01, which describes a > vulnerability that affects Adobe Reader and Acrobat. This > vulnerability could allow a remote attacker to execute arbitrary > code. > > > I. Description > > Adobe Security Bulletin APSB09-01 describes a memory-corruption > vulnerability that affects Adobe Reader and Acrobat. Further > details are available in Vulnerability Note VU#905281. An attacker > could exploit these vulnerabilities by convincing a user to load a > specially crafted Adobe Portable Document Format (PDF) file. > Acrobat integrates with popular web browsers, and visiting a > website is usually sufficient to cause Acrobat to load PDF content. > > > II. Impact > > An attacker may be able to execute arbitrary code. > > > III. Solution > > Disable JavaScript in Adobe Reader and Acrobat > > Disabling Javascript may prevent some exploits from resulting in > code execution. Acrobat JavaScript can be disabled using the > Preferences menu (Edit -> Preferences -> JavaScript and un-check > Enable Acrobat JavaScript). > > > Prevent Internet Explorer from automatically opening PDF documents > > The installer for Adobe Reader and Acrobat configures Internet > Explorer to automatically open PDF files without any user > interaction. This behavior can be reverted to the safer option of > prompting the user by importing the following as a .REG file: > > Windows Registry Editor Version 5.00 > > [HKEY_CLASSES_ROOT\AcroExch.Document.7] > "EditFlags"=hex:00,00,00,00 > > > Disable the display of PDF documents in the web browser > > Preventing PDF documents from opening inside a web browser will > partially mitigate this vulnerability. If this workaround is > applied it may also mitigate future vulnerabilities. To prevent PDF > documents from automatically being opened in a web browser, do the > following: > 1. Open Adobe Acrobat Reader. > 2. Open the Edit menu. > 3. Choose the preferences option. > 4. Choose the Internet section. > 5. Un-check the "Display PDF in browser" check box. > > > Do not access PDF documents from untrusted sources > > Do not open unfamiliar or unexpected PDF documents, particularly > those hosted on web sites or delivered as email attachments. Please > see Cyber Security Tip ST04-010. > > > IV. References > > * Adobe Security Bulletin apsa09-01 - > <http://www.adobe.com/support/security/advisories/apsa09-01.html> > > * Securing Your Web Browser - > <http://www.us-cert.gov/reading_room/securing_browser/> > > <snip> > ----- End forwarded message ----- > > > --- > Ken De Cruyenaere Computer Security Coordinator > kdc(a)cc.umanitoba.ca Information Services & Technology > (204) 474-8340 University of Manitoba > > > > ----- End forwarded message ----- > > _______________________________________ > um-compureps mailing list > um-compureps(a)lists.umanitoba.ca > http://lists.umanitoba.ca/mailman/listinfo/um-compureps >

15 years, 2 months

FYI: if you share, make sure you have a termination clause...

by billing

....or... All your content are belong to us.... forever. As you may already have heard, the online "social networking" service FACEBOOK briefly changed their "Terms of Service" this month... and then changed them back. The initial change allowed FACEBOOK to retain anything you'd put into your FACEBOOK account (pictures, text, poems, songs, etc.), even if you had closed your account. The online video-blog Rocketboom (www.rocketboom.com) has a video that examines some of the issues surrounding this event: http://www.rocketboom.com/rb_09_feb_19/

15 years, 2 months

FYI: ECODISC DVD stuck in Mac slot drive...

by billing

...from: http://www.ecodiscdvd.net/ "EcoDisc is the revolutionary, eco-friendly DVD with all the optical properties, playability and quality of traditional DVDs at a third less of the cost. They use 50% less polycarbonate and produce 52% less CO2 emissions. You can easily convert your existing CD line to a more profitable EcoDisc line. They’re thinner, lighter, more flexible, more durable and environmentally friendly. Go green, save green, make green. Go EcoDisc." Sounds great, right? Thinner, lighter, use less material, creates less pollution, flexible.... what could be the problem? They are "too thin" for slot-loading drives..... They've already been used in magazine give-away's in the UK. They're coming to North America... ...from: http://www.digitaltoast.co.uk/ecodisc-cover-dvd-stuck-in-mac-slot-drive ECODISC DVD STUCK IN MAC SLOT DRIVE The problem of unwanted freebie coverdiscs has been growing for a while now. So, someone invented EcoDiscs, which are half the thickness of a normal DVD. Except they’ll bugger your Mac up and leave you with a bill for £65+VAT. The Independent and The Daily Mail amongst others gave away some ecodisc cover DVDs this weekend, and on Monday, a distressed relative called to say the mac was making strange noises. After a couple of hours, I began searching on the internet, and found the answer: http://www.reghardware.co.uk/2008/01/17/slot_load_pc_pro_drive_mayhem/comme… http://www.pcpro.co.uk/news/155010/mail-on-sunday-angers-mac-users-with-dvd… http://qompute.wordpress.com/2008/01/18/ecodisc-becoming-ecodisaster-for-ma… http://www.reghardware.co.uk/2008/01/17/slot_load_pc_pro_drive_mayhem/ http://digg.com/apple/Environmental_DVD_Wrecks_Apple_Drives http://www.kizo.com/2008/environmental-dvd-wrecks-apple-drives/ http://apple.slashdot.org/article.pl?sid=08/01/17/1747254 I phoned The Independent who took no responsibility at all, but said they’d send out a standard form reply by email (which never came) disclaiming all responsibility. So, there’s a warning on the disc (click for full size: hint, you're looking for this symbol ) Yes, it’s 4mm high, in fuzzy print. As if anyone is going to see that! It needs to be the LARGEST thing on the disc. I then called the manufacturer, ODS, who sent me the document below - yes, the solution is to turn the Mac upside down while ejecting the disc. In fact, as this didn’t work at first, I followed further guidelines on the net suggesting I bang it while ejecting and upside down! This finally freed the disc, but does anyone have any idea how bad that can be for a hard drive?! It could cause a head-crash and data loss at the least. Another surprising thing is that according to one of the articles above, Ecodisc have had “less than 12 calls about it”. Makes you wonder why they need a standard document like this, doesn’t it... Everything below is quoted: EcoDisc – argument guideline to get EcoDisc out of Apple computer If customers face the unlikely incident that the EcoDisc is not ejected out of a computer slot-in drive (even after several trials) our recommendation is: To try with 1. turn laptop/PC upside down, 2. press manual “eject” button To restart the computer once again and try with the eject button If accessible: to take the disc-drive out of the computer, open the disc-drive with a screw driver and then take the disc out. A technically versed person can accomplish this within ten minutes To take the computer to the next Apple shop for fixing; cost approx. 25-50€. Not to insert a second EcoDisc afterwards, because we cannot guarantee that this measure works with all slot-in drive constructions existing world wide Not to use tools like tweezers or other, because these tools might really damage the drive, but the EcoDisc itself does not damage the drive or destroy it, just might block the ejection mechanism ....sounds like the best thing is to just not insert them in the first place.... thanks, wayne

15 years, 2 months

INTEREST: Stanford's "Clean Slate" Internet redesign...

by billing

...from: http://www.nytimes.com/2009/02/15/weekinreview/15markoff.html?th&emc=th Do We Need a New Internet? By JOHN MARKOFF Published: February 14, 2009 Two decades ago a 23-year-old Cornell University graduate student brought the Internet to its knees with a simple software program that skipped from computer to computer at blinding speed, thoroughly clogging the then-tiny network in the space of a few hours. The program was intended to be a digital “Kilroy Was Here.” Just a bit of cybernetic fungus that would unobtrusively wander the net. However, a programming error turned it into a harbinger heralding the arrival of a darker cyberspace, more of a mirror for all of the chaos and conflict of the physical world than a utopian refuge from it. [...] ...from: http://cleanslate.stanford.edu/about_cleanslate.php About Clean Slate Mission Our mission is to "reinvent the internet" so Future Internet can: • overcome fundamental architectural limitations (e.g. lack of security and mobility support) of today's Internet • incorporate new technologies (e.g. sensor networks, optical networks) • enable new class of applications and services (e.g. content dissemination, sensorized physical world, large scale virtual world environments) • continue to be a platform for innovations and thus be an engine for economic growth and prosperity for the society. We know our mission is ambitious - that is what makes it worthy of our group of very talented students, staff, and faculty. Our Approach • We think of the Internet in very broad terms: it is not just about the TCP/IP protocol stack and switches and routers. It is the collection of systems that make the heart of the Internet: the services, computation and storage - those concentrated in dedicated centers, and those globally distributed. It is also the diversity of ways that we will connect to, and interact with, the Internet - via mobile and personal communication, with virtual presence and virtual worlds, reaching all parts of the globe. Together, these form the online infrastructure that society will continue to depend on. • We are taking an interdisciplinary approach with students, staff, and faculty from Departments of Electrical Engineering, Computer Science, and Management Science and Engineering and from Business School and Law School. Stanford's depth and breadth of expertise combined with its collaborative culture makes the interdisciplinary program possible. • We are also partnering with the industry to benefit from its insights, technologies, and resources. Stanford's long history of successful collaboration with the industry and its location and role in the Silicon Valley makes the industry collaboration at this scale possible. • We are reducing barrier to exploring a (radical) idea by creating a mechanism to seed exploratory projects. • We are also undertaking larger collaborative flagship projects to address broader research themes and associated challenges that require development of new architectures, technologies and systems and their deployment in a test bed network. For these projects, we are exploring special partnerships with the industry. • We are selectively collaborating with researchers outside Stanford and also contributing to national initiatives such as NSF's GENI initiative including FIND that we share a common vision with. • We are making it an enjoyable and fun experience for the participants in the program. Our Team We have assembled a great team with members that have a strong track record of contributions in all aspects of the Internet: • From theory to system development to deployment to technology commercialization • From physical layer technologies to network architectures and protocols to distributed systems and services to applications • Security and robustness of networks and systems • Economics and policy issues pertaining to current and future Internet You can learn more about the team by looking at People section of the website. We are always interested in new members including undergraduate and graduate students who have a passion to make the world a better place using innovations especially in networking and systems. If you are interested, look at Contact section of the website. ...from: http://yuba.stanford.edu/trainwreck/ The Future of TCP: Train-wreck or Evolution? April 1, 2008 Stanford University, Stanford, CA Sponsored by: The Stanford Clean Slate Internet Program Cisco Systems The Stanford Computer Forum Home Program Committee Important Dates Agenda Registration Logistics ParticipantsContact Workshop Description: Spurred on by a widespread belief that TCP is showing its age and needs replacing - and a deeper understanding of the dynamics of congestion control - the research community has brought forward many new congestion control algorithms. There has been lots of debate about the relative merits and demerits of the new schemes; and a standardization effort is under way in the IETF. But before the next congestion control mechanism is deployed, it will need to be deployed widely in operating systems and - in some cases - in switches and routers too. This will be a long road, requiring the buy-in of many people: Researchers, product developers and business leaders too. Our own experience of proposing new congestion control algorithms has been met with the challenge: "Show me the compelling need for a new congestion control mechanisms?", and "What will really happen to the Internet (and my business) if we keep TCP just the way it is?" As a community, we need examples that are simple to understand, and demonstrate a compelling need for change. We call them the "Train wreck scenarios". Examples might show that distribution of video over wireless in the home will come to a halt without new algorithms. Or that P2P traffic will bring the whole network crashing down. Or that huge, high-performance data-centers need new algorithms. Whatever your favorite example, we believe that if we are collectively armed with a handful of mutually agreed examples, it will be much easier to make a business case for change. Or put another way, if we can't articulate compelling examples to industry leaders, then is the cost and risk of change worth it? The goal of the workshop is to identify a handful of really compelling demonstrations of the impending train-wreck. The outcome will be a set of canonical examples that we will use to persuade industry of the need for change. You can choose the way you present your demonstration: You could bring equipment and show a live-demo; you could show simulations or animations; or you could produce a video showing a real or synthetic demo. Whatever method you choose, the goal is to create a case that will persuade a mildly-technical but influential business leader of the need for change. We will invite a panel of judges to give prizes for the most compelling examples in two categories: (1) The Overall Most Compelling Example, which will be judged on a combination of the technical merits and the presentation of the scenario, and (2) The Most Technically Compelling Example, which will be judged on its technical merit alone, without consideration of the way it is presented. The whole purpose of the workshop it to focus on the problem, not the solutions. We are most definitely not interested in your favorite scheme, or ours. So we need some ground-rules. No-one is allowed to mention a specific mechanism, algorithm or proposal at any time during the workshop: Not in their talk, not in a panel, and not in questions to the speakers. The only mechanisms that will be allowed mention are: TCP (in its standard and deployed flavors), and idealized alternatives for purposes of demonstration. For example, comparing TCP with an oracle that provides instantaneous optimal rates to each flow. We will video the entire workshop and all the demonstrations, and make it publicly available on the Internet. We will make any proceedings and talks available too. The goal is to open up the demonstrations for public scrutiny and feedback after the event. The event is hosted by the Stanford Clean Slate Program and local arrangements will be made by the Stanford Computer Forum, Nick McKeown and Nandita Dukkipati. The workshop has received offers of support and funding from Cisco Systems and Microsoft. Last updated March 30, 2008

15 years, 2 months

FYI: got a car? Look out for computer malware...

by billing

...from: http://isc.sans.org/diary.html?date=2009-02-03 The SANS Institute (SysAdmin, Audit, Network, Security: an affiliation of over 165,000 computer security personnel around the world) has posted the above article on their site. The short story is that fliers put under the windshield wipers of cars in Grand Forks, ND alluded to parking violations and gave a web site URL. Browsing to the URL installed malware on Microsoft Windows machines. Click on the link for all the "gory" details.... Wayne

15 years, 2 months

INTEREST: Treating Stuttering with iPhone

by billing

...from: http://www.medgadget.com/archives/2009/02/start_treating_your_stuttering_wi… Monday, February 2, 2009 Start Treating Your Stuttering with iPhone Filed under: Neurology , Rehab Hollins Communications Research Institute, based in Roanoke, Virginia, is a premier organization dedicated to treatment and research of speech impediment disorders, specifically stuttering. Until now, patients at the facility had to regularly come in to receive objective analysis of their speech using desktop computers. To increase compliance with therapy and to help people assess their own speech on the go, an iPhone application was created which can listen to and provide objective feedback to the patient and clinicians back at the facility. The iPhone device was programmed at HCRI with a sophisticated voice monitoring system that evaluates and scores speech behaviors taught during stuttering therapy. When clients use the device during training in outside situations, such as in a shopping mall, restaurant or business setting, fluency measurements for each utterance are displayed on the iPhone screen. Having this data immediately available to stuttering therapy program participants makes speech practice more effective and helps improve the speed with which fluency results are achieved. In addition, the iPhone records every speech sample in an onboard file for later transmission to HCRI. This information enables the institute's therapists to provide more detailed and precise training to clients, as they learn to apply new speech capabilities in everyday situations. The iPhone has exceeded expectations during trials with stuttering therapy participants, according to HCRI Founder and President Ronald L. Webster, Ph.D. Client scores in outside trials were similar to those made in the clinical environment, indicating that quality transfer of fluency skills was being attained. Webster added that client responses during the trials, which were completed last week, have been extremely positive. He attributes the device's strong appeal to the fact that the iPhone is a practical and fun piece of technology to use for the advancement of stuttering treatment outcomes .

15 years, 2 months

FYI: Seagate hard drives locking up: more info available; still need to contact Seagate tech support

by billing

- original info: > While it's been some time since Seagate drives shipped in Apple > machines, external drives or other machines may have them.... here's > a description of the problem and a link to find out if your Seagate > drive may be susceptible... > > ...from: > http://news.zdnet.co.uk/hardware/0,1000000091,39596623,00.htm ...and from: http://www.theregister.co.uk/2009/01/16/barracuda_failure_plague/ Countries affected by the hard drive firmware failure: ...and to determine if your SEAGATE hard drive may have the problem visit: http://seagate.custkb.com/seagate/crm/selfservice/search.jsp?DocId=207931 An issue exists that may cause some Seagate hard drives to become inoperable immediately after a power-on operation. Once this condition has occurred, the drive cannot be restored to normal operation without intervention from Seagate. Data on the drive will be unaffected and can be accessed once normal drive operation has been restored. This is caused by a firmware issue coupled with a specific manufacturing test process. Support is available through Seagate’s call center, which can be reached by dialing: 1-800-SEAGATE (1-800-732-4283). Seagate also says that customers can expedite assistance by sending an email (discsupport(a)seagate.com). The company asks that you include your drive's model number, serial number, and current firmware revision. Thank-you, Wayne Billing Information Services and Technology University of Manitoba

15 years, 2 months

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

apple-list February 2009