25.January.2006 -- The Solaris 10 Operating System (Solaris OS) just got better. The newest release of the software includes a host of new features, such as:
* GRUB-based (GRand Unified Bootloader) boot loader for simplification of installation and boot of the Solaris 10 OS on x64/x86 platforms
* Sun Update Connection, which provides immediate access to the latest patches and fixes, or software updates
* Solaris Containers improvements to enable customers to install and update patches dynamically within a Container
* Improved network performance
* Improved memory management
* Updated peripheral support including iSCSI support
* Integrated bug fixes
Simplified Installation and Updating
The Solaris 10 Operating System 1/06 integrates two applications that simplify installing and updating. The popular GRUB boot loader, traditionally used on Linux, simplifies and accelerates the boot process for alternate operating systems from a Solaris system or USB device.
Sun Connection software enables immediate access to Sun Connection Services, so you can get the latest software updates (including security patches and fixes), as they become available.
Market Momentum
Nearly four million people have chosen the Solaris 10 OS since it became available just over a year ago. The list of supporting independent software vendors grows longer each day.
Customers are seeing remarkable performance improvements after deploying the Solaris 10 OS in their environments, due to networking enhancements, a radically improved kernel, special optimizations for memory allocation, and chip multithreading (CMT). The Solaris 10 software's unique Solaris Dynamic Tracing feature (DTrace) yields additional application performance gains by tuning applications.
"We favor Solaris because we've seen it's faster than Linux for the same applications with no changes, especially large memory footprint applications, including simulations and large database cache applications," says Neal Tisdale, vice president of Software Development at NewEnergy Associates, a Siemens Company.
"We also like the features of DTrace and the Sun compilers. These are pulling my development teams over into Solaris."
“We favor Solaris because we've seen it's faster than Linux for the same applications with no changes, especially large memory footprint applications.”
---------------
Neal Tisdale
Vice President of Software Development
NewEnergy Associates, a Siemens Company
A Thriving Ecosystem
Sun continues to support a community of participation in the software space. In addition to making the Sun Java Enterprise System and all of our developer tools available free of charge, we have also committed to opening the source all of our infrastructure software. All of this software is available--at no cost--through the Solaris Enterprise System.
The Solaris Enterprise System includes popular developer tools such as the NetBeans software, the Sun Studio 11 software, and the Sun Java Studio Enterprise software, giving developers powerful choices for creating applications optimized for the Solaris 10 OS. Sun also makes it easier for customers to deploy open source software by supporting popular open source applications such as the Postgres database.
Access the Solaris source code, including the recently released features, the Solaris ZFS (zettabyte file system) and the Solaris Containers for Linux Applications, through OpenSolaris.org.
Get the Solaris OS Today
Download the Solaris 10 OS 1/06 today, free of charge, or order a media kit containing the Solaris Enterprise System software. Because at Sun, we're all about delivering value.
Thursday, January 26, 2006
DOA UNTUK KEKASIH HATI
Allah Yang Maha Pemurah, terima kasih Engkau telah menciptakan dia dan mempertemukan saya dengannya.
Terimakasih untuk saat-saat indah yang boleh kami nikmati bersama.
Terimakasih untuk setiap pertemuan yang boleh kami lalui bersama.
Terimakasih untuk setiap saat-saat yang lalu.
Saya datang bersujud dihadapan-Mu,
Sucikan hati saya yaa Allah, sehingga dapat melaksanakan kehendak dan rencana-Mu dalam hidup saya.
Yaa Allah, jika saya bukan pemilik tulang rusuknya,
janganlah biarkan saya merindukan kehadirannya.
Janganlah biarkan saya melabuhkan hati saya di hatinya.
Kikislah pesonanya dari pelupuk mata saya
dan usirlah dia dari relung hati saya.
Gantilah damba kerinduan dan cinta yang bersemayam di dada ini dengan kasih dari dan pada-Mu yang tulus dan murni.
Tolonglahsaya agar dapat mengasihinya sebagai sahabat.
Tetapi jika Kau ciptakan dia untuk saya, yaa Allah,
tolong satukan hati kami.
Bantulah saya untuk mencintai, mengerti dan menerima dia seutuhnya.
Berikan saya kesabaran, ketekunan, dan kesungguhan untuk memenangkan hatinya.
Urapilah dia agar dia juga mencintai, mengerti dan mau menerima saya
dengan segala kelebihan dan kekurangan saya sebagaimana saya telah Kau ciptakan.
Yakinkanlah dia bahwa saya sungguh-sungguh mencintai dan rela membagi suka dan duka saya dengan dia.
Yaa Allah Maha Pengasih, dengarlah doa saya ini.
Lepaskanlah saya dari keraguan ini menurut kasih dan kehendak-Mu.
Allah Yang Maha Kekal, saya tahu Engkau senantiasa memberikan yang terbaik buat saya.
Luka dan keraguan yang saya alami pasti ada hikmahnya.
Pergumulan ini mengajar saya untuk hidup makin dekat pada-Mu, untuk lebih peka terhadap suara-Mu
yang membimbing saya menuju terang-Mu.
Ajarlah saya untuk tetapsetia dan sabar menanti tibanya waktu yang telah Engkau tentukan.
Jadilah kehendak-Mu dan bukan kehendak saya yang jadi dalam setiap bagian hidup saya, yaa Allah.
Amin....
Terimakasih untuk saat-saat indah yang boleh kami nikmati bersama.
Terimakasih untuk setiap pertemuan yang boleh kami lalui bersama.
Terimakasih untuk setiap saat-saat yang lalu.
Saya datang bersujud dihadapan-Mu,
Sucikan hati saya yaa Allah, sehingga dapat melaksanakan kehendak dan rencana-Mu dalam hidup saya.
Yaa Allah, jika saya bukan pemilik tulang rusuknya,
janganlah biarkan saya merindukan kehadirannya.
Janganlah biarkan saya melabuhkan hati saya di hatinya.
Kikislah pesonanya dari pelupuk mata saya
dan usirlah dia dari relung hati saya.
Gantilah damba kerinduan dan cinta yang bersemayam di dada ini dengan kasih dari dan pada-Mu yang tulus dan murni.
Tolonglahsaya agar dapat mengasihinya sebagai sahabat.
Tetapi jika Kau ciptakan dia untuk saya, yaa Allah,
tolong satukan hati kami.
Bantulah saya untuk mencintai, mengerti dan menerima dia seutuhnya.
Berikan saya kesabaran, ketekunan, dan kesungguhan untuk memenangkan hatinya.
Urapilah dia agar dia juga mencintai, mengerti dan mau menerima saya
dengan segala kelebihan dan kekurangan saya sebagaimana saya telah Kau ciptakan.
Yakinkanlah dia bahwa saya sungguh-sungguh mencintai dan rela membagi suka dan duka saya dengan dia.
Yaa Allah Maha Pengasih, dengarlah doa saya ini.
Lepaskanlah saya dari keraguan ini menurut kasih dan kehendak-Mu.
Allah Yang Maha Kekal, saya tahu Engkau senantiasa memberikan yang terbaik buat saya.
Luka dan keraguan yang saya alami pasti ada hikmahnya.
Pergumulan ini mengajar saya untuk hidup makin dekat pada-Mu, untuk lebih peka terhadap suara-Mu
yang membimbing saya menuju terang-Mu.
Ajarlah saya untuk tetapsetia dan sabar menanti tibanya waktu yang telah Engkau tentukan.
Jadilah kehendak-Mu dan bukan kehendak saya yang jadi dalam setiap bagian hidup saya, yaa Allah.
Amin....
Alasan orang jawa memberi nama..
Pandai menanam bunga, diberi nama Rosman.
Pandai memperbaiki mobil, diberi nama Karman.
Pandai main golf, Parman.
Pandai dalam korespondensi, Suratman.
Gagah perkasa, Suparman.
Kuat dalam berjalan, Wakiman.
Berani bertanya, Asman.
Ahli membuat kue, Paiman.
Pandai berdagang, Saliman.
Pandai melukis, Saniman.
Agar jadi orang kaya, Sugiman.
Agar jadi orang yg berbudi luhur, Budiman
Agar besar nanti pandai cari muka, Yasman
Suka begituan, Pakman
Suka makan toge goreng, Togiman
Selalu ketagihan, Tuman
Suka telanjang, Nudiman
Selalu sibuk terus, Bisiman
Biar selalu beruntung .... Lukman
Biar pinter main game .... Giman
Biar bisa sering cuti .... Sutiman
Biar jadi juragan sate .... Satiman
Biar jadi juragan trasi .... Tarsiman
Biar pinter memecahkan problem .... Sukarman
Biar kalau ujian ndak usah mengulang .... Herman
Biar pinter bikin jus .... Yusman
Biar jadi orang yang berwibawa .... Jaiman
Biar jadi pemain musik .... Basman
Biar awet muda .... Boiman
Biar pinter berperang .... Warman
Biar jadi orang Bali .... Nyoman
Biar jadi orang Sunda .... Maman
Biar lincah seperti monyet .... Hanoman
Biar jadi orang Belanda .... Kuman
Biar tetep tinggal di Jogja .... Sleman
Biar jadi tukang sepatu handal .... Soleman
Biar tetep bisa jalan walau ndak pake mesin .... Delman
Pandai memperbaiki mobil, diberi nama Karman.
Pandai main golf, Parman.
Pandai dalam korespondensi, Suratman.
Gagah perkasa, Suparman.
Kuat dalam berjalan, Wakiman.
Berani bertanya, Asman.
Ahli membuat kue, Paiman.
Pandai berdagang, Saliman.
Pandai melukis, Saniman.
Agar jadi orang kaya, Sugiman.
Agar jadi orang yg berbudi luhur, Budiman
Agar besar nanti pandai cari muka, Yasman
Suka begituan, Pakman
Suka makan toge goreng, Togiman
Selalu ketagihan, Tuman
Suka telanjang, Nudiman
Selalu sibuk terus, Bisiman
Biar selalu beruntung .... Lukman
Biar pinter main game .... Giman
Biar bisa sering cuti .... Sutiman
Biar jadi juragan sate .... Satiman
Biar jadi juragan trasi .... Tarsiman
Biar pinter memecahkan problem .... Sukarman
Biar kalau ujian ndak usah mengulang .... Herman
Biar pinter bikin jus .... Yusman
Biar jadi orang yang berwibawa .... Jaiman
Biar jadi pemain musik .... Basman
Biar awet muda .... Boiman
Biar pinter berperang .... Warman
Biar jadi orang Bali .... Nyoman
Biar jadi orang Sunda .... Maman
Biar lincah seperti monyet .... Hanoman
Biar jadi orang Belanda .... Kuman
Biar tetep tinggal di Jogja .... Sleman
Biar jadi tukang sepatu handal .... Soleman
Biar tetep bisa jalan walau ndak pake mesin .... Delman
Wednesday, January 25, 2006
Debunking the WMF backdoor
by Thomas C. Greene (SecurityFocus.com)
Claims that the WMF vulnerability was an intentional backdoor into Windows systems makes for an interesting conspiracy theory, but doesn't fit with the facts.
Contrary to a recent rumor circulating on the internet, Microsoft did not intentionally back-door the majority of Windows systems by means of the WMF vulnerability. Although it is a serious issue that should be patched straight away, the idea that it's a secret back door is quite preposterous.
The rumor began when popinjay expert Steve Gibson examined an unofficial patch issued by Ilfak Guilfanov, and, due to his lack of security experience, observed behavior that he could not explain by means other than a Microsoft conspiracy. He then went on to speculate publicly about this via a "This Week in Tech" podcast, and on his own web site. Slashdot grabbed the story, and the result is a fair number of Netizens who now mistakenly believe that the WMF flaw was created with malicious intent.
What it is
We think it's time that this irrational fear is put to rest. First, let's look at how the flaw works: A WMF (Windows Metafile) image can trigger the execution of arbitrary code because the rendering engine, shimgvw.dll, supports the SetAbortProc API, which was originally intended as a means to cancel a print task, say when the printer is busy with a very large job, or the queue is very long, or there is a mechanical problem, and so on. Unfortunately, due to a bit of careless coding, it is possible to cause shimgvw.dll (i.e., the Windows Picture and Fax Viewer) to execute code when SetAbortProc is invoked.
A metafile is essentially a script to play back graphical device interface (GDI) calls when a rendering task is initiated. Unfortunately, and due entirely to Microsoft's carelessness whenever security competes with functionality, it is possible to point the abort procedure to arbitrary code embedded in a metafile.
Gibson could not imagine why WMF rendering should need the SetAbortProc API, since, as he mistakenly believed, WMF outputs to a screen, not a printer. In fact, it can output to a printer as well. But following Gibson's erroneous assumption, the question arose: what would be the point of polling the process and allowing the user, or application, to cancel it?
Having exhausted his imagination on that score, he concluded that there's no good reason for SetAbortProc to be involved in handling metafiles. The more logical explanation, Gibson reckoned, was that someone at Microsoft had deliberately back-doored Windows with this peculiar little stuff-up. And besides, the idea of compromising a computer with an image file seemed quite cloak-and-dagger, adding to the supposed "mystery."
Nothing new here
To anyone well acquainted with Windows security, hence Microsoft's insistence on ease of use whatever the cost, the idea of intentional mischief along these lines is immediately suspect. Microsoft still encourages users to run Windows as administrators, because it believes that logging in is too much trouble for the average point-and-drool civilian. It enables scores of potentially dangerous networking services by default, lest anyone struggle to enable them as needed; and its security scheme for IE - which, instead of distrusting Web content by default, forces the user to decide whose content to trust and whose not to - is essentially a means of skirting responsibility by blaming the victim for the crushing burden of malware they are carrying.
Microsoft has made a pudding of security from its earliest days, and no amount of malicious intent can possibly account for this. The company's obsession with ease of use is more than adequate to account for this and thousands of other security snafus like it.
Furthermore, the WMF flaw doesn't make for a good backdoor, assuming that one would like to target a user, or class of users. For example, IE is not in itself vulnerable; the problem comes when the system renders online WMF files with shimgvw.dll. So luring a Windows user to a malicious web site is no guarantee that they will be affected, while many others, who are not targets, might well be affected. Similarly, when sending a malicious WMF file via e-mail or IM, there is no guarantee that the intended target or targets will be vulnerable. And there are plenty of other types of malicious file that can be sent or placed on line in a similar manner, so there is no distinct advantage to using WMF. It is not a powerful back door.
Finally, Microsoft doesn't need this as a back door; it already has one: Windows Automatic Update. It's got Windows boxes phoning home without user interaction, identifying themselves, and downloading and installing code in the background. Technically speaking, it would not be difficult for the company to pervert this process subtly, and effectively, to target certain machines for malware. But naturally, there is no possibility that it ever will: its actually doing so would be detected, and proved, and the company would end up with the PR debacle of the century. So, yes, there is a back door in Windows, and no, it is not news.
Here Gibson takes his preferred route to getting the ink that he craves: technobabble and innuendo. He can't prove anything (technically, he hasn't got the chops), so he lurks in the gray area between fact and fiction, and generates torrents of fear, uncertainty, and doubt.
The FUD Olympics
Gibson has a bad track record: a history of latching onto arcane issues that he doesn't fully understand and can never prove, and converting his limited understanding into fodder for the next internet melt-down. In mid-2001, when he discovered the SOCK_RAW protocol (which had been implemented in UNIX and Linux for ages) and Microsoft's intent to implement it in Windows XP, he predicted an "XP Christmas of Death" for 2001-2002, which has yet to materialize. Nevertheless, he made such a riot over the issue for so long that Windows XP service Pack 2 disables the function. Naturally, the installed user base of XP machines in botnets remains the same, because the problem was, and is, the ease with which even the most inept script kiddie can own a Windows box. Default configurations are very loose, so there are scores of routes into most Windows systems that require very little knowledge or talent to exploit. Microsoft needs to tighten up thirty or so glaring design and configuration flaws, all right, but raw sockets is not among them.
In 2002, when he discovered SYN floods, he developed a broken gimmick that he called "GENESIS" (Gibson's ENcryption-Enhanced Spoofing Immunity System). He said it was "beautiful and perfect." In fact, it was nothing more than an inept implementation of SYNcookies, which had been developed (in a properly working form) for Linux by Dan Bernstein and Eric Schenk years earlier. Gibson denied that he had ever heard of SYNcookies, and insisted had thought up his own, broken version independently, but this is highly unlikely. Of course, that can't be proved or disproved, keeping the issue in the vague territory that Gibson so comfortably inhabits.
The WMF backdoor very much in keeping with Gibson's history of getting security matters a bit wrong, filling the gaps in his understanding with technobabble, and hyping the actual matter out of all reasonable proportion in his neverending quest of ink.
And here, much as we regret it, we've given him even more ink. We can only hope that it dispels the ridiculous rumor that Gibson has propagated, and thus will do more good than harm.
Claims that the WMF vulnerability was an intentional backdoor into Windows systems makes for an interesting conspiracy theory, but doesn't fit with the facts.
Contrary to a recent rumor circulating on the internet, Microsoft did not intentionally back-door the majority of Windows systems by means of the WMF vulnerability. Although it is a serious issue that should be patched straight away, the idea that it's a secret back door is quite preposterous.
The rumor began when popinjay expert Steve Gibson examined an unofficial patch issued by Ilfak Guilfanov, and, due to his lack of security experience, observed behavior that he could not explain by means other than a Microsoft conspiracy. He then went on to speculate publicly about this via a "This Week in Tech" podcast, and on his own web site. Slashdot grabbed the story, and the result is a fair number of Netizens who now mistakenly believe that the WMF flaw was created with malicious intent.
What it is
We think it's time that this irrational fear is put to rest. First, let's look at how the flaw works: A WMF (Windows Metafile) image can trigger the execution of arbitrary code because the rendering engine, shimgvw.dll, supports the SetAbortProc API, which was originally intended as a means to cancel a print task, say when the printer is busy with a very large job, or the queue is very long, or there is a mechanical problem, and so on. Unfortunately, due to a bit of careless coding, it is possible to cause shimgvw.dll (i.e., the Windows Picture and Fax Viewer) to execute code when SetAbortProc is invoked.
A metafile is essentially a script to play back graphical device interface (GDI) calls when a rendering task is initiated. Unfortunately, and due entirely to Microsoft's carelessness whenever security competes with functionality, it is possible to point the abort procedure to arbitrary code embedded in a metafile.
Gibson could not imagine why WMF rendering should need the SetAbortProc API, since, as he mistakenly believed, WMF outputs to a screen, not a printer. In fact, it can output to a printer as well. But following Gibson's erroneous assumption, the question arose: what would be the point of polling the process and allowing the user, or application, to cancel it?
Having exhausted his imagination on that score, he concluded that there's no good reason for SetAbortProc to be involved in handling metafiles. The more logical explanation, Gibson reckoned, was that someone at Microsoft had deliberately back-doored Windows with this peculiar little stuff-up. And besides, the idea of compromising a computer with an image file seemed quite cloak-and-dagger, adding to the supposed "mystery."
Nothing new here
To anyone well acquainted with Windows security, hence Microsoft's insistence on ease of use whatever the cost, the idea of intentional mischief along these lines is immediately suspect. Microsoft still encourages users to run Windows as administrators, because it believes that logging in is too much trouble for the average point-and-drool civilian. It enables scores of potentially dangerous networking services by default, lest anyone struggle to enable them as needed; and its security scheme for IE - which, instead of distrusting Web content by default, forces the user to decide whose content to trust and whose not to - is essentially a means of skirting responsibility by blaming the victim for the crushing burden of malware they are carrying.
Microsoft has made a pudding of security from its earliest days, and no amount of malicious intent can possibly account for this. The company's obsession with ease of use is more than adequate to account for this and thousands of other security snafus like it.
Furthermore, the WMF flaw doesn't make for a good backdoor, assuming that one would like to target a user, or class of users. For example, IE is not in itself vulnerable; the problem comes when the system renders online WMF files with shimgvw.dll. So luring a Windows user to a malicious web site is no guarantee that they will be affected, while many others, who are not targets, might well be affected. Similarly, when sending a malicious WMF file via e-mail or IM, there is no guarantee that the intended target or targets will be vulnerable. And there are plenty of other types of malicious file that can be sent or placed on line in a similar manner, so there is no distinct advantage to using WMF. It is not a powerful back door.
Finally, Microsoft doesn't need this as a back door; it already has one: Windows Automatic Update. It's got Windows boxes phoning home without user interaction, identifying themselves, and downloading and installing code in the background. Technically speaking, it would not be difficult for the company to pervert this process subtly, and effectively, to target certain machines for malware. But naturally, there is no possibility that it ever will: its actually doing so would be detected, and proved, and the company would end up with the PR debacle of the century. So, yes, there is a back door in Windows, and no, it is not news.
Here Gibson takes his preferred route to getting the ink that he craves: technobabble and innuendo. He can't prove anything (technically, he hasn't got the chops), so he lurks in the gray area between fact and fiction, and generates torrents of fear, uncertainty, and doubt.
The FUD Olympics
Gibson has a bad track record: a history of latching onto arcane issues that he doesn't fully understand and can never prove, and converting his limited understanding into fodder for the next internet melt-down. In mid-2001, when he discovered the SOCK_RAW protocol (which had been implemented in UNIX and Linux for ages) and Microsoft's intent to implement it in Windows XP, he predicted an "XP Christmas of Death" for 2001-2002, which has yet to materialize. Nevertheless, he made such a riot over the issue for so long that Windows XP service Pack 2 disables the function. Naturally, the installed user base of XP machines in botnets remains the same, because the problem was, and is, the ease with which even the most inept script kiddie can own a Windows box. Default configurations are very loose, so there are scores of routes into most Windows systems that require very little knowledge or talent to exploit. Microsoft needs to tighten up thirty or so glaring design and configuration flaws, all right, but raw sockets is not among them.
In 2002, when he discovered SYN floods, he developed a broken gimmick that he called "GENESIS" (Gibson's ENcryption-Enhanced Spoofing Immunity System). He said it was "beautiful and perfect." In fact, it was nothing more than an inept implementation of SYNcookies, which had been developed (in a properly working form) for Linux by Dan Bernstein and Eric Schenk years earlier. Gibson denied that he had ever heard of SYNcookies, and insisted had thought up his own, broken version independently, but this is highly unlikely. Of course, that can't be proved or disproved, keeping the issue in the vague territory that Gibson so comfortably inhabits.
The WMF backdoor very much in keeping with Gibson's history of getting security matters a bit wrong, filling the gaps in his understanding with technobabble, and hyping the actual matter out of all reasonable proportion in his neverending quest of ink.
And here, much as we regret it, we've given him even more ink. We can only hope that it dispels the ridiculous rumor that Gibson has propagated, and thus will do more good than harm.
Subscribe to:
Posts (Atom)
