A potential "Y2K7 problem", avagy "Boldog Új Év"

Hihi .

A member of the Visual Studio team at Microsoft blogged about a “Y2K7″ (year 2007) problem they were facing with the build numbers they were using. They used a file versioning scheme like Major.Minor.Build.QFE where the Build number representend the build date. For example 50325 means the file was built on March 25, 2005. The problem is that this number would become 70101 on January 1st, 2007, but this version number field is only a 16 bit integer which can hold a maximum value of 65535. Therefore Microsoft changed their build numbering scheme earlier this year. If you are using a similar scheme you only have few days left to change it.

http://blogs.msdn.com/quanto/archive/2006/12/19/y2k7-crisis-coming-up.aspx

Source: A potential “Y2K7 problem”

Windows 2003 SP2 is now a RC (Release Candidate)

http://www.microsoft.com/technet/windowsserver/sp2.mspx

A Windows Server 2003 & Windows XP x64 Service Pack 2 Technical Overview-ból:

In addition to the all previously released Security Bulletin Updates, Service Pack 2 installs all individual hotfixes released since Windows Server 2003 RTM and several key customer requested features and enhancements.

New Features:
  • Scalable Networking Pack (SNP)
  • XMLLite
Enhancements to Existing Features

The enhancements to Windows Server 2003 Service Pack 2 include:

  • Windows Deployment Services (WDS)
  • Enabling ‘Firewall Per Port’ Authentication
  • Microsoft Management Console 3.0 (MMC 3.0)
  • Wireless Protected Access 2 (WPA2)
  • iCACLS tool
  • Expanded Windows Server 2003 Datacenter SKUs
  • Release of MUI Packs to insure greater compatibility between base and MUI language
  • Performance Improvements for SQL Servers
  • Enhanced discoverability options in MSConfig
  • Improved IPsec filter management
  • Performance Improvements under Windows Virtualization
  • Increased default storage for Message Queuing
  • Improvements to DCDIAG Domain Name Service tests
  • New Events for Cluster Service Accounts

Source: Windows Server 2003 & Windows XP x64 Service Pack 2 Technical Overview ,

http://www.microsoft.com/technet/windowsserver/sp2.mspx

Council for Secular Humanism

A Metazin Van új a fa alatt c. összefoglalása alapján el lehet olvasni Tom Flynn és mások véleményét is az ünnepi kívánságokról. Íme a Council of Secular Humanism cikkéből:

Who Does ‘Happy Holidays’ Exclude?

As a default seasonal greeting, “Happy Holiday” beats “Merry Christams” hands down. It laudably acknowledges that, during the traditional holiday season (roughly, American Thanksgiving through Gregorian New Year’s Day), millions observe some holiday other than Christmas. But “Happy Holidays” implicitly assumes that every Amercican is celebrating something during the five and a half weeks ‘twixt Thanksgiving and New Year’s, when in fact many people aren’t. For those whose “season” includes no holiday, “Happy Holidays” serves the same dark purpose as “Merry Christmas.” It’s a snub, an unsubtle reminder to those out of step that everyone’s “supposed” to be observing some holiday, any holiday, at this festive season.

So exactly whom does “Happy Holidays” rebuff?

Hindus. Diwali, the Hindu festival of lights, sometimes falls during the Western holiday season. This year? It was October 21.

Jains. Jains observe the nirvanna (final liberation) of thier prophet Mahavira on the same schedule as Diwali–October 21 again.

Buddhists. Buddihism has no universal festival during the “season.” (Japanese Buddhists mark Rohatsu, Buddha’s enlightenment day, on December 8, but that practice has little following outside of Japan.)

Baha;is, sort of. No major Baha’i festivals fall during the Western holiday season. There are, however, two minor ones: the Day of the Covenant on November 26, and the commemoration of the Ascension of ‘Abud’l-Bahâ on November 28.

The Nonreligious. Oh yeah, us. While many atheists, secular humanists, and freethinkers continue to observe the Christmas or Hanukkah we grew up with–and some of us substitute alternative holidays like the Winter Solstice, HumanLight, or even Festivus–others (myself, for one) celebrate no festival at all during the majority’s holiday season.

On the other hand, after snubbing Muslims for the last tow years, “Happy Holidays” embraces them anew in 2006. The Eid al-Fitr (Feast of Breaking the Fast) marks the end of Ramadan; for several years the holiday fell during the Western holiday season, and American naïfs, started thinking of it as “Muslim Christmas.” But because Islamic holidays follow a lunar calendar of 354 days, year by year each holiday falls eleven days earlier on the Gregorian calendar. Depending which Muslim authority you listen to, Eid al-Fitr 2006 began at sunset on the day preceeding either October 23 or October 24, well before American Thanksgiving. (In fact, Eid al-Fitr has fallen outside the Western holiday season since 2004.) But as Eid al-Fitr moves ever earlier, so does Eid al-Adha (the Feast of Sacrifice, Islam’s other principal festival). Eid al-Adha falls twice during 2006, once in January and again on December 31. So “Happy Holidays” is inclusive toward Muslims once again–as it will be for four more years, until Eid-al-Adha, too, starts to fall earlier than Thanksgiving. After that will come a long dry spell, until the thirty-three-year precession of Islamic holidays through the Gregorian calendar once again tugs Eid al-Fitr into December.

Clearly, “Happy Holidays” represents progress but not the final answer. We need a short, catchy way to say “Happy Holidays, if you’re having any.” Any ideas?

Source: Council for Secular Humanism

IT’s Showtime – Advanced Malware Cleaning

Mark Russinovich kitűnő előadása. Ajánlom.

Advanced Malware Cleaning


Today’s IT administrator needs to be prepared to identify, analyze, and remediate malware that slips through layered defences since most anti-malware solutions depend on signatures of known threats. This session takes you on a tour of malware infection and persistence technologies, including rootkits, and shows you on real malware infections how to use sophisticated tools like Sysinternals.com freeware tools Process Explorer, Autoruns, and RootkitRevealer to clean malware.

Source: IT’s Showtime

Titkos kérdésem: Ezt a bemutató technológiát lehetne-e használni a magyar webcast-ok, TechNet előadások publikálására?

P.S.: A Sysinternals nevet de jó lenne pontosan leírni! (ld.: Freeware Sisinternals)

Elfogtam egy levelet

Az msftconn-ról kaptam egy értesítést:

Dear Ferenc,
Congratulations on being selected to continue your participation in the Longhorn Server portion of the beta!!!
We are pleased to announce the release of build 6001.16406.061208-1900 of Longhorn Server.

Örülök, hogy folytathatom böngészéseimet. Azt hiszem, valamennyi korábbi résztvevő kapott ilyen levelet. De azért “kiválasztott”-nak érzem magam.

Demonstrating the consequences of XSS vulnerabilities

A Link a http://www.oreillynet.com -on található, amely oldal egy csomó érdekes, tanulságos dolgat tartalmaz. E blogpost éppen a BeEf tool -t. (BeEF is the browser exploitation framework.)

High risk vulnerabilities such as SQL Injection can be easily demonstrated by security analysts to developers or business executives. For example, a xp_cmdshell request injected into an application vulnerable to SQL Injection can be used to demonstrate how an attacker can abuse SQL injection to obtain a command prompt from the host running the (Microsoft) SQL server. Such demonstrations have major visual impact and the consequences of the vulnerabilities are clear.
Link

Source: Demonstrating the consequences of XSS vulnerabilities