a l e x f a l k e n b e r g

Alex and Stacey welcome their latest addition, their second child and son Zachary. Congrats!

If you're new here, we'd love it if you subscribed to our RSS feed. Thanks for visiting!

We still have a few machines running Office 2003 around here. If you do too, then by all means, get updated!

It’s quite possible the Microsoft Update service has already pushed these updates out to you earlier this week. Otherwise, you’ll need to go through Office Update or hit the Microsoft website and grab the update directly yourself (as linked below). Regular Windows Update does not check for updates to Microsoft Office; we recommend you upgrade to the more advanced and inclusive (and still free) Microsoft Update service.

Customers that retain us for software updates and security audits should have received these updates already, automatically.

[…] The Microsoft Office division has just released Service Pack 3 for 2003, and it is available for download through Office Update or directly from Microsoft’s web site.

The update includes a number of hotfixes that were released post-SP2, as well as some new tweaks. New fixes in Excel include performance improvements for loading files over slow networks and updates to the error-reporting service. Word gets fixes for many formatting errors, as well as for the problem some users had copying and pasting text from web pages. Powerpoint gets attention for problems with the “Package for CD” feature. In addition to bug fixes, SP3 contains numerous security patches to close recently-discovered holes.

[…]

(Snippet from ArsTechnica. Image from Microsoft.)

Be careful out there.

A zero-day PDF vulnerability in Adobe’s Acrobat Reader has come to light that can lead to Windows boxes getting taken over completely and invisibly, according to a security researcher.

“All it takes is to open a [maliciously rigged] PDF document or stumble across a page which embeds one,” said researcher Petko D. Petkov, aka pdp, in a blog posting on Sept. 20.

[…]

Paul Henry, vice president of technology and evangelism at Secure Computing, based in San Jose, Calif., said in an interview with eWEEK that PDF vulnerabilities have a strong advantage when it comes to users being tempted into opening them, giving this vulnerability the potential to become a “huge” attack vector. “From a social engineering standpoint, it’s easier to attach a PDF to e-mail and assume [the target will] open it. If you’ve got a request to launch a video conversation from someone you never heard of, chances are you won’t do it. Or you won’t click on a video online if you don’t know where it’s from. But from a social engineering point of view, this is deeper.”

[…]

The scenario is that an attacker rigs a PDF file designed to exploit the flaw. He or she distributes it via e-mail or through other means, or hosts it on a Web page. When a user opens the rigged PDF file with a vulnerable application, the user’s machine can be loaded with malware that makes it open to a takeover.

[…]

“The ability to use PDFs to install malware and steal personal information from remote PCs is here,” he said in a statement. “Readers should be cautioned to only open PDF files from senders they explicitly trust.”

(Snippets from eWeek. Image from Adobe.)

CodeGear has released 3rdRail, a Ruby on Rails integrated development environment, that hopefully delivers some of the same convenient IDE experience as Delphi and other Borland/CodeGear products have in the past. It installs an instant Ruby on Rails environment, and features code completion, project management, refactoring and integrated debugging.

The Eclipse-based IDE runs on Windows, Mac and Linux, and a 30 day trial is available.

I’m pretty excited about it, as I dabble more and more with Rails, but I’m a little concerned about the $300 annual subscription for maintenance… I hate paying for bug fixes. I understand CodeGear’s saying “updates”, too, but when–especially in the first year–are any “updates” really anything but features that should have been in the product at release, or fixes for bugs that shouldn’t have ever seen the release date?

I’ll be downloading the trial and taking it for a spin, of course.

(Image from CodeGear.)

You’ve long been able to go to a local retailer for some time and pick up a “student” edition of Office for around $150 (often on sale for less after instant or mail-in rebates). You’ve never had to prove your student status for those items, and it became a relatively inexpensive way to obtain a “standard” version of Office for pretty cheap.

Plenty of college campuses have done deals with Microsoft as well, offering Office and other MS products for ridiculously low prices (realizing, of course, that student tuition and fees are subsidizing that to some degree). $10 copies of Windows, $20 copies of Office, etc weren’t unheard of.

Microsoft is trying something new; it may or may not be for you, though (keep reading).

Starting today, they’re offering Office Ultimate 2007 for $60. Early word is it will be download-only. The program goes live later today (around 1pm US-Central time, although the site’s countdown clock has been a little wonky), and runs through April of next year. The website for it is here:

[LINK: theultimatesteal.com]

The exact licensing terms are still unavailable. I strongly recommend you review the license terms (once the site goes live and those terms are posted), of course. In the cases of university programs that have offered MS software in the past, sometimes students were granted perpetual licenses for any software they still owned at graduation time. Other agreements called for license suspension at graduation, or terminated licenses if you never graduated at all. Pricing has also varied wildly. No idea yet if the installation will be limited to a single PC or allow a few installs (as other “student” editions have in the past) so you end up with the home PC, the laptop, etc, all covered.

Bottom line, though: for the money, even if the license expires upon graduation, $60 through this new program is a pretty darn good deal. The suite has a retail value of $679.

ALL THAT SAID, you should still check with your university (probably your campus bookstore) and see what they’re offering. You may well get a better deal from them than this one, still.

ArsTechnica has more details on MS’ TheUltimateSteal program here:

[LINK: arstechnica.com]

Palm’s CEO Ed Colligan announced today that they were killing the Foleo, which was just about to actually ship. Good riddance, I say!

I totally called the Foleo-will-die thing waaaay back when it was first announced. Like, instantly. It was never clear who they were really even targeting with it. As a hacked device running Linux or something, it might have been interesting, but given it’s intended purpose, the form factor was stupid, the limited functionality and performance was stupid.

It suffered immediately and most obviously from the “one more device to lug around” problem, all other issues aside. No one wants that. A device that adds to the PDA/phone/laptop bundle people already lug around, in a size somewhere between all of them? Just say no!

“What was Palm even thinking?” comes to mind as well…to get a completely ludicrous idea to even pass the proposal stage, I mean, not a lot of bright bulbs in the room at any of those meetings, apparently. And five years was wasted on this. Five. Ouch. And a cost of “less than $10 million dollars to our earnings”, according to Colligan. Ouch again.

So many bad ideas seem to get past what should be layer upon layer of review…how do such bad ideas get as far as becoming a real product?

And for Palm, which has needed to step up its game for some time now or be forgotten forever, this was a really giant waste of time and resources. What’s even more confusing is that Palm still apparently doesn’t seem to get why the Foleo was so stupid, because they’re planning a Foleo II:

Colligan:
When we do Foleo II it will be based on our new platform, and we think it will deliver on the promise of this new category.

Good luck with that, Ed…you and yours apparently really, really need it. But first, I think I’d hope you could you crank out some improved smartphones or something. Just sayin’.

What products have you seen or owned that made you think “how did this ever get past the first hurdles of any design process?”