Bash is worse than heartbleed! Oh noes!

A really bad remote code execution bug surfaced yesterday, in Bash–the GNU replacement for the Unix shell. If you have a webserver running, or possibly just SSH, it can be used to execute arbitrary code. It affects anything Unixy–Linux, BSD, Mac OS X, and likely many proprietary Unix flavors, since many of them have adopted the GNU toolchain.

This could be really bad. Some people are calling it potentially worse than Heartbleed. Maybe. I’m thinking it’s more along the lines of MS08-067. But there’s an important lesson we must learn from this.

Read more

The trade off of fidelity and convenience in marketing, and how it doomed my favorite company

I’m reading a book called Trade-Off, by former USA Today technology columnist Kevin Maney. It’s primarily a marketing book.

Maney argues that all products are a balance of fidelity and convenience, and highly favor one or the other. He additionally argues that failed products fail because they attempted to achieve both, or failed to focus on either one.

An example of a convenient product is an economy car. They’re inexpensive to buy and inexpensive to keep fueled up, but don’t have much glitz and you probably won’t fall in love with it. A high-end sports car or luxury car is a lot less practical, but you’re a lot more likely to fall in love with it, and gain prestige by driving around town in it.

Read more

Update Flash now

Adobe updated Flash today, to fix a couple of 0-day vulnerabilities. Here’s how to force a manual update on Windows and Mac OS X. I put on my sysadmin hat and looked over the update scripts on the page; they’re a little complex but don’t do anything nefarious. Grab the appropriate update script for the … Read more

A fast way to turn lots of images into an Adobe Acrobat PDF file

I have a collection of magazine scans that, inconveniently, came as a series of JPG images rather than as PDFs that are more conducive to reading. I wanted PDFs, so I found a way to turn lots of images into an Adobe Acrobat PDF file.

Building the PDF manually took a good 30 minutes per issue, so I wanted a faster way. Using command-line tools, I was able to convert the entire collection (about 40 issues) in less than 30 minutes.

Read more

Thanks for the misinformation, Disney

In one of its throwaway kid’s sitcoms, Disney insinuates that open source software contains spyware and using it is a ‘rookie mistake’.

Open source software rarely contains viruses or spyware. Since it’s open for examination, changes to the code that have any funny business in them tend to be rejected. For that matter, code with unintended bad consequences tends to either be rejected, or quickly changed.

Read more

Things I wish everyone knew about home Mac security

On Wednesday evening, I wrote about basic computer security from a Windows-centric perspective. I knew some people who needed help in a hurry, and given there was a 90% or so chance they were running Windows, I took that route.

Some of my buddies who use Macs passed it along. And much of what I said then does apply, but I’d like to clarify a few of those points.

Read more