About Duffbert...

Duffbert's Random Musings is a blog where I talk about whatever happens to be running through my head at any given moment... I'm Thomas Duff, and you can find out more about me here...

Email Me!

Search This Site!

Custom Search

I'm published!

Co-author of the book IBM Lotus Sametime 8 Essentials: A User's Guide
SametimeBookCoverImage.jpg

Purchase on Amazon

Co-author of the book IBM Sametime 8.5.2 Administration Guide
SametimeAdminBookCoverImage.jpg

Purchase on Amazon

MiscLinks

Visitor Count...



View My Stats

02/27/2011

Book Review - jQuery Pocket Reference by David Flanagan

Category Book Review David Flanagan jQuery Pocket Reference
A picture named M2

I truly appreciate the Pocket Reference series that O'Reilly publishes, as they serve as a nice way to remember key details without lugging around a heavy book.  David Flanagan's jQuery Pocket Reference follows in that same path, and it's the "other" jQuery book I want to have close at hand when I work with the framework.  I think a good fundamental learning guide is #1 for my learning style, but this is the book that I'll end up referring back to in order to remember the right syntax when I can't recall the right order or all the options.

Content:
Chapter 1 - Introduction to jQuery
Chapter 2 - Element Getters and Setters
Chapter 3 - Altering Document Structures
Chapter 4 - Events
Chapter 5 - Animated Effects
Chapter 6 - Ajax
Chapter 7 - Utility Functions
Chapter 8 - Selectors and Selection Methods
Chapter 9 - Extending jQuery with Plugins
Chapter 10 - The jQuery UI Library
Chapter 11 - jQuery Quick Reference
Index

Considering there's only 146 pages in this pocket guide, Flanagan uses them well to pack in a lot of essential information.  He balances a great mixture of core information with short code snippets to show the options in context.  If you're already comfortable with JavaScript coding, this could well be your main book for learning jQuery.  Between this and other web site resources, you'd probably get most everything you need.  Personally, I prefer something a bit more conversational for learning, so I'd use this pocket guide as a supplemental information source.  Still, it's hard to go wrong here, and it's a great value.  Definitely recommended...

Disclosure:
Obtained From: Publisher
Payment: Free

02/27/2011

Book Review - Minitrends by John V. Vanston and Carrie Vanston

Category Book Review John V. Vanston Carrie Vanston Mintrends
A picture named M2

It's quite common to find people talking about the "major trends" society is dealing with... the rise of China as an economic superpower, the aging of our population, and so forth.  These trends will obviously drive significant business opportunities, but they're far too large on which to build a business.  You need to have something more concrete and bounded to act upon.  John H. Vanston and Carrie Vanston wrote an interesting book that deals with this issue, titled MINITRENDS: How Innovators & Entrepreneurs Discover & Profit From Business & Technology Trends: Between Megatrends & Microtrends Lie MINITRENDS, Emerging Business Opportunities in the New Economy.  They present a methodology for examining those megatrends to find smaller trends that can be the foundation for new products and services that can point you in new directions.

Contents:
Part 1 - The Value of Minitrends: Importance of Minitrends
Part 2 - Uncovering Minitrends: Searching for Minitrends; Where to Search for Minitrends
Part 3 - Some Attractive Minitrends: Minitrends for Individuals; Minitrends for Small and Medium-Size Companies; Minitrends for Large Companies
Part 4 - Prospering from Minitrends: Selecting a Minitrend for Exploitation; Developing a Minitrend Explotation Scheme; Putting the Exploitation Scheme into Action
Part 5 - Becoming a Mintrends Master: Here's the So What!
Index; About the Authors; Letter to Reader

What I found most impressive about the material is that it's not something that's confined to large companies with dedicated departments of "strategic thinkers."  The chapter on searching for minitrends is practical and approachable for individuals as well as companies.  Ideas such as following the money to see where the government is focusing spending, noticing what influential leaders are talking about, analyzing frustrations, and considering human nature are all things that anyone with time and an internet connection can do on their own.  Once you have a few ideas, Part 4 guides you through the process needed to actually do something with the information you've found.  While not all ideas you come up with will pan out or pass a more rigorous review, all it really takes is one or two ideas to take you or your business to the next level.

I'd recommend this book to anyone looking to find a niche to call their own when it comes to business opportunities.  Once you get into the mindset of looking for these minitrends, these unfulfilled and unaddressed needs, you find that everything you read and listen to starts to take on a whole new meaning.

Disclosure:
Obtained From: Author
Payment: Free

02/26/2011

Addressing the potential security vulnerabilities in Lotus Notes and Domino

Category IBM/Lotus
There have been a number of security vulnerabilities showing up from various security agencies involving Notes, Domino, and other related Lotus software.  I found this IBM tech note that addresses the issue and talks about fixes and such...  Check out the full technote for more information.

(Feb 2011) Potential security vulnerabilities in Lotus Notes & Domino

Abstract
TippingPoint Zero Day Initiative (ZDI) contacted IBM Lotus to report eight potential buffer overflow vulnerabilities in Lotus Notes and Domino; for four of which IBM Lotus has fixes, one of which IBM Lotus continues to investigate a fix, and three of which IBM Lotus cannot reproduce and is pursuing additional information.

Content
Most of these attacks represent denial of service attacks by buffer overflow. To exploit these vulnerabilities, an attacker would need to send maliciously malformed messages to the Lotus Domino server over a variety of protocols as indicated below. However, in specific situations, there exists the possibility to execute arbitrary code. In the case of ZDI-11-051 (SPR# PRAD82YJW2), malicious users could supply damaged cai::URIs to facilitate execution of arbitrary code in Notes. Refer to the table for more information on each, including the SPR number for tracking purposes and, where applicable, fix availability.

For four of these eight, namely ZDI-11-048, ZDI-11-051, ZDI-11-053, ZDI-11-052, IBM Lotus has fixes. For ZDI-11-049, IBM has confirmed the issue and continues to pursue an appropriate fix and workaround. IBM Lotus is currently unable to reproduce the remaining three exploits based on the information provided by TippingPoint ZDI.


IBM targets 2Q2011 for release of Lotus Notes and Domino 8.5.3.

02/23/2011

This is why going to the source is far better than copying others...

Category Everything else
I ran across two blog entries in the last couple of days that are quite revealing...

A Sequence Of Circles Traced By 500 Individuals

A Sequence Of Lines Traced By 500 Individuals

In these two videos, Clement Valla used Amazon's Mechanical Turk service to have 500 individuals use their mouse to trace a simple pattern... a straight line and a circle.  But instead of each person tracing from the original source drawing, they did their tracing from the person just before them.  So each tracing was the tracing of a copy.  As time elapses in the videos, you see how the shape gets more and more distorted with each tracing, finally ending up in something that bears no resemblance whatsoever to the original.

What an apt metaphor of life...

We can attempt to be someone or to follow a plan by looking to the source or by following others.  But by following a copy, we will end up incorporating all the errors and flaws, both known and unknown, that have been introduced with each passing cycle or generation.  And what's worse is that others following us will add *our* errors to their attempts along the way, making the deviation from the original ever wider.

This is a good reminder to me... in whatever I do, strive to get as close to the original, as close to the source, as possible.  It may not look like what everyone else is doing or interpreting the "correct" way to be, but the result in my life will be infinitely closer to what I intended.

02/21/2011

Domino Sametime Multiple Reflected Cross-Site Scripting

Category IBM/Lotus
Domino Sametime Multiple Reflected Cross-Site Scripting

Vulnerable Domino Sametime 8.0.1

Domino Sametime is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Domino Sametime 8.0.1 is known to be vulnerable. Other versions may also be vulnerable.


Follow the link to get an example of how this could be exploited...

02/21/2011

The "Doings of the Duffs"... they had me pegged even back in 1918

Category Humor
I ran across this blog entry from the San Luis Obispo Tribune today titled "Doings of the Duffs."  Doings was apparently a comic strip that was nationally syndicated from 1915 through 1930... funny that I've never heard of it.

This particular strip strikes me as funny, however.  If you've followed my blog for any time, you'll know I'm not the best when it comes to home repair.  Apparently the same could be said for Mr. Duff in the strip, also.

A picture named M2

Helen: Say, Tom. You had better phone for a plumber right away - a water pipe in the cellar is leaking!  Tom: Plumber nothing! I'll fix it myself in a jiffy.

Tom: Let's see now.  Do you turn a nut to the left or right to tighten it?

Tom: Helen - oh, Helen! Better see if you can get the plumber on the phone!


More about Walter R. Allman (1882-1924) - the creator and writer of Doings of the Duffs.

02/20/2011

Product Review - Belkin Conserve Insight F7C005q Energy-Use Monitor

Category Product Review Belkin Conserve Insight F7C005q Energy-Use Monitor
A picture named M2

When I plug something into an outlet (like the portable radiator heater down in my basement), I often wonder exactly how much of an impact it might have on my power bill.  This is why I chose to review the Belkin Conserve Insight F7C005q Energy-Use Monitor via the Amazon Vine program.  I haven't used any other type of energy monitor in the past, so I don't have anything to compare this to in my experience.  But what I'm getting from this device is pretty cool... I like it a lot!

In terms of mechanics, it's extremely easy to use.  You plug the three-prong monitor plug into whatever outlet you'll be using for the device you want to measure.  Then you plug the device into the monitor outlet.  There's a display unit attached to the plug via a cord, so you can place it in a position that's viewable regardless of where the plug might be (like behind a cabinet).  That's it... you're now able to see what's going on in terms of energy use.

The display shows CO2 output (per month/year), cost to run device (month/year), and wattage.  Once you've had the monitor plugged in for awhile, it starts averaging the cost, so if  you have something that is turned on and off during regular use (like a TV), you can get a good feel for what your actual energy cost will be to run it based on actual use.  The CO2 output doesn't mean much to me, as I'm not interested in that particular measurement.  Wattage is interesting, as it confirms what the device is supposedly using according to the specs.  For me, the most important aspect was cost, and it was here that I found the most benefit.  

I tried this out on the aforementioned radiator heater to see exactly what this was setting me back to stay warm in my home office.  The wattage reported by the display conformed pretty closely to the specs listed by the manufacturer.  But the cost aspect was a real eye-opener.  If I left the unit on 24/7 at the high power setting, the heater would set me back $144 a month.  Wow!  Popping it down to the low power setting took it to $40 a month.  So now I know that using the heater to take the chill out of the basement is good, but leaving it on past that can get a bit expensive.  Knowledge is power... and money saved!

Now that I've used my Belkin Conserve Insight F7C005q Energy-Use Monitor, I can see myself making a concerted effort to check out stuff that I leave plugged in and turned on for the sake of convenience.  Knowing that I can get a real dollar total linked to everything I have plugged in, I think I'll be much more aware of what I'm using.  I might even start turning green! :)

Disclosure:
Obtained From: Amazon Vine Review Program
Payment: Free

02/20/2011

Product Review - 3M Natural View Screen Protectors for iPad

Category Product Review 3M Natural View Screen Protectors for iPad
A picture named M2

I received a set of 3M Natural View Screen Protectors for my iPad via the Amazon Vine review program recently, and was looking forward to what they might accomplish.  It doesn't take much for my iPad screen to get a major case of the smudgies, and I was hoping that the screen overlays would help reduce that.  While they do help with that issue, I was more bugged by the dust specks and such that almost inevitably end up sandwiched between the screen and the protector.

3M does a good job with the packaging and instructions, as good as any I've seen in other similar products.  Part of the packaging serves as a cardboard squeegee to get the air bubbles out from under the screen.  I used a lint-free cloth they included in my package (probably not part of the retail package) to clean off existing smudges and dust.  But no matter how much/often you rub, there's always something minute left on the screen.  Once I applied the overlay, I used the cardboard edge to push the bubbles out to the edges and mostly out from under the plastic.  It's at that point that you see the dust you missed, and there's nothing much you can do to remove those small screen specks.  Furthermore, some bubbles and edges seal fine, while others won't make full contact regardless of what you do.

Finally, I fired up a movie to see whether those small imperfections would bother me.  I can usually overlook a few smudges when I'm watching a video, but I found myself focusing on the screen spots.  I figured at that point, I'd be better off going without the protector and living with smudges.  At least I can clean those off...

If I had small kids using my iPad, I think the 3M Natural View Screen Protector would have remained on the screen.  It *does* provide a level of protection that would be appreciated in that situation.  But since the iPad is pretty much mine alone, and since I keep it cased 98% of the time, I don't feel that living with the screen imperfections is worth it.

Disclosure:
Obtained From: Amazon Vine Review Program
Payment: Free

02/20/2011

Book Review - The Absent Traveler by Randall DeVallance

Category Book Review Randall DeVallance The Absent Traveler
A picture named M2

I'm often torn when reading collections of short stories, as just about the time I'm really into what's going on, it's over (no, you may not read anything more into that statement...)  But that still doesn't mean that the reads are not enjoyable or interesting for what they are.  Randall DeVallance puts together a quirky collection of short stories and a novella in his book The Absent Traveler.  It didn't take much time to read, and I had to keep reminding myself that they *were* short stories, and not to get too comfortable as the end would probably appear on the next turn of the page.  But keeping that in mind, I had a good time reading his works.

The novella makes up the core of the book, and is the source of the book's title.  Charles Lime is the main character, a guy who is barely making ends meet by working in a tech superstore.  He rents a living space in the basement of a house, with a landlord who spends most of her time getting drunk and trying to get more money out of Charles for house repairs.  Add to that his parents who are as dysfunctional as he is, and it's a pretty bleak existence.  Out of the blue, he gets a phone call from Jasmine, a girl he knew from a few years back.  She's back in town to look after her aunt, and wants to meet up with Charles for dinner.  Charles takes this as his big chance to get a life, but he's reading far more into it than she ever intended.  This crushing disappointment takes Charles back to his only escape in life... books.  But when Charles reads, he gets totally absorbed into the story... as in he is there.  

DeVallance tells a good tale, as well as painting the mood and attitude of the characters.  He also structures his story such that you're never quite sure where to draw the line between Charles and the book he's reading.  I found myself looking forward to the end of the book sequences, to find out what had happened to Charles while he was "somewhere else."  The collections of short stories were quirky and varied.  Some had me wondering "so what?", but others were dead-on in terms of capturing some piece of human nature and taking it to an extreme.

The Absent Traveler was a departure from what I normally read, but it was a good side-trip.  For those who spend time analyzing what they read and thinking about what the author was trying to say, this book will provide a great deal of material to muse over.  For people like me who read for entertainment, it's a good diversion.

Disclosure:
Obtained From: Publisher
Payment: Free

02/19/2011

Book Review - Perform Like A Rock Star And Still Have Time For Lunch by Orna W. Drawas

Category Book Review Orna W. Drawas Perform Like A Rock Star And Still Have Time For Lunch
A picture named M2

I'm always interested in being more productive and efficient in what I do, so I was definitely interested when asked if I wanted to read and review Perform Like A Rock Star and Still Have Time for Lunch by Orna W. Drawas.  Who *wouldn't* want to perform like a rock star in their chosen area of expertise or profession?  I found this to be an excellent source of ideas and concepts, mixed in such a way that it was easy to pick a few items to immediately implement without buying into an entire productivity system.

Contents:
Part 1 - The World Of Peak Performance: Take The Mystery Out Of Success; Knowing What You Want Is Hard... Getting It Is Easy...; Actions Speak Louder Than Words; Man Does Not Live By Rocks And Pebbles Alone
Part 2 - You and Peak Performance: Focus. Focus. And Focus; Bring Order To Chaos; It's Now Or Never; One Of These Days Is None Of These Days; Coping In A Sandstorm Of Interruptions; Using The Power Of Others; Are You Stoned Or Just Checking E-mail?; To Meet Or Not To Meet, That Is The Question; The Present
Part 3 - A Culture Of Peak Performance: Raising Everyone's Game; A Program For Performance

Drawas approaches the topic of peak performance using the analogy of the pickle jar.  If you're unfamiliar with that story, it centers around how to place rocks, pebbles, sand, and water into a jar in such a way as to get all four elements into the jar without running out of room.  In our lives, rocks represent major projects and top priorities.  Pebbles are activities and actions that support the achievement of what the rocks represent.  Sand is made up of stuff that we like (and often need) to do, but they don't really do much to help us reach our goals.  Finally, water is just the everyday clutter and noise that surrounds us.  If we place the rocks in the jar first, followed by pebbles, sand, and water (in appropriate amounts), everything can fit into our lives and we excel in what we do.  But if we fill our jar with water and sand first, there's not any room for the important things that matter.  It's a simple analogy, but one that makes a lot of sense to me.

The book starts out by explaining the pickle jar and how our lives need to be properly balanced in order to achieve our goals.  The second part is made up of the more traditional aspects of becoming more efficient and productive with our time and energy (managing interruptions, delegating, scheduling the day, etc.).  Finally, the last part of the book talks about how we can take these concepts and instill them in others in order to make your organization more productive and successful.  There's a great series of guided discussions and worksheets that help you go from talk to action, which is often the hardest step to take... just getting started.

I personally thought Perform Like A Rock Star is an excellent book on personal productivity and effectiveness.  The pickle jar analogy makes a lot of sense to me, and I'll probably end up building a real pickle jar with rocks, pebbles, sand, and water just to remind me about structuring my life to get the most out of it.  I also appreciated that the author recommended that you take one or two ideas and make them part of your routine before tackling more changes.  All too often these types of books push an entire system that has to be followed in order to succeed.  Past history shows that the chances for permanent change are not great in that situation.  But if I can walk away with one or two ideas that make a difference, then I'm more than happy with what I got from the book.  And in this case, I was very happy...

Disclosure:
Obtained From: Author
Payment: Free

02/19/2011

Book Review - The Infection by Craig DiLouie

Category Book Review Craig DiLouie The Infection
A picture named M2

It's personally amusing that I tell myself I'm not generally attracted to the zombie genre, and yet whenever I happen to read one, I end up liking it.  Craig DiLouie's book The Infection is no exception to that trend.  The author contacted me and inquired if I would like to read and review his latest novel.  Having enjoyed his last two works, I agreed and once again had a great time immersing myself into a world of creatures that relentlessly attack the unfortunate humans who survive.

The Infection starts out quickly with a worldwide epidemic of a virus that causes those who contract it to collapse and scream in a way that is unnatural and frightening.  The Screaming (which is what the event is labeled) is followed by a coma that lasts for three days, and that ends with the victim coming back to consciousness as a zombie-like creature looking only to feed and spread the virus to others who are not infected.  The fact that The Screaming happened simultaneously all over the globe means that society immediately suffered a catastrophic blow with millions of people struck down.  The damage becomes fatal when they all resurrect at the same time and start their attacks.  

The story follows a small group of survivors who end up banding together under the leadership of an Army sergeant and a woman who seems to have an uncanny ability to influence others.  They use a Bradley armored vehicle to move about and protect themselves, but they can't let down their guard at any time as the Infected are nearly everywhere they go.  They eventually make their way to a refugee camp after fleeing the total destruction of Pittsburgh by uncontrolled fire, and it's there that they have to decide what they want from what remains of their lives.  Do they settle into the camp and try to recapture some sense of normalcy (however fleeting that may be), or do they risk their lives defending themselves and others from the horde of Infected moving their way from the ruins of the city?  Complicating the issue is the appearance of strange alien creatures that add another layer of infection and death to those who get caught and attacked.  The answers aren't simple, and they aren't the same for each person...

DiLouie writes the book as a narrative of what's happening at the moment, with flashbacks for each character to tell their story leading up to The Screaming.  The sense of immediacy kept me turning pages to find out what would happen next, and I had a difficult time finding a place to put down the book and do something else.  I also found it interesting how I pictured each character in my mind based on the evolving action, but had to re-picture nearly every one of them when certain facts were revealed in the flashbacks.  It made for some fun little twists along the way.  The only issue I had with the story is that the underlying cause of the virus, as well as how the alien creatures came to be, was never explained or resolved (or I somehow missed it).  Perhaps that was planned as a way to allow the reader some room to form their own story, but I felt a little let down at the end when I didn't have any good answers to those questions.

Regardless of the last point, The Infection was a fun read that was well worth my time.  Perhaps *now* I'll be honest and admit that I actually do like zombie novels more than I let on...

Disclosure:
Obtained From: Author
Payment: Free

02/19/2011

Product Review - Fellowes Smart Suites Corner Monitor Riser

Category Product Review Fellows Smart Suites Corner Monitor Riser
A picture named M2

I recently received a Fellowes Smart Suites Corner Monitor Riser via the Amazon Vine Review program.  When I chose this item, I was thinking that it would be nice to reclaim a bit of my desk space by having room underneath the monitor to store more clutter.  But overall, my impression is mixed.  It does what it's meant to do, but I didn't feel like it was a step up from my current configuration.

In terms of design, the black molded plastic is OK, but the milky plastic overlay that covers the support structure looks and feels somewhat cheap.  It comes with additional rubber feet you can use to adjust the height of the stand, but I didn't use them as it would have made the monitor a whole lot higher than it currently is.  The unit comes with "directions" on how to assemble it, but I certainly had problems making heads or tails of what they were trying to convey.  Granted, I don't think you *need* directions to use this, but the pictures-only instructions did more to confuse than clarify.

My biggest issue was the footprint of the stand.  Since I had my monitor set back to the edge of the desk, I really didn't want to bring it forward much.  But given the way the three legs of the stand flare out, you can pretty much figure that the monitor will end up somewhat closer to your face than you previously had it.  Furthermore, it's much wider and deeper than my current monitor base, so some things had to be spread out a bit more than they had been before.  Granted, you get some of that space back under the monitor, but things like speakers and such will end up in different places.  When I stood back to look at how things had to be placed to make it work, I wasn't thrilled with the arrangement, and went back to my previous layout.

Obviously, your mileage will vary based on what you have on your desk, whether you need your monitor to be higher than it currently is, etc.  But at least for me, this riser didn't offer enough advantages to cause me to stick with it.

Disclosure:
Obtained From: Amazon Vine Review Program
Payment: Free

02/17/2011

Seems like Microsoft has the same challenges IBM/Lotus does (but understands some opportunities better)...

Category Microsoft IBM/Lotus
Mary Jo Foley had a great article a few days back titled What's keeping the Microsoft beancounters awake at night?  In the article, she goes a little deeper into Microsoft's latest earnings report and outlines some interesting "challenges" that the company seems to be facing:

A source of mine passed on to me some information that seems to come from Microsoft’s own scorecarding system from the end of 2010 that detailed some high priority areas for Microsoft’s sales and marketing folks. Not too surprisingly — in spite of all the public noise around the company’s consumer products — enterprise wares (which still result in the majority of Microsoft revenues) are getting a lot of internal attention.

Yes, Microsoft’s Business Division (the Office team) had a bang-up Q2 FY2011, as the most recent earnings statement made clear. But according to the scorecarding information I saw — which, as some have reminded me, is a small sample from inside the company, and not true of all regions — some Microsoft managers consider Exchange’s license and revenue growth over the last several years to be “anemic,” even though Exchange is currently a $2 billion business.

Depending on what analyst group you listen to, Lotus has either lost market share or held even with Microsoft.  So email for email's sake would seem to be an anemic market overall.  It would also seem to point to the fact that email is getting to be a commodity service, and switching email "just to be on Exchange and Outlook" may not be the main driver.  It could be that SharePoint is a significant reason for moving stacks, but even that isn't necessarily all rosy:

On the SharePoint front, the public story is that sales continue to be phenomenal, with more than 100 million SharePoint licenses having been sold to 17,000 customers. However, internally some managers are warning that the sales focus on servers has been low “because revenue-based incentive compensation does not reward selling relatively low-priced servers.

Hmm... sales teams not pushing the "cheap" solution because their incentive programs don't reward that... sound familiar? *cough*Notes*cough*Domino*cough*

And as far as understanding opportunities better, this following snippet seems to confirm and align with what many of us think when it comes to opportunities in the educational market:

(If you’re wondering about Microsoft’s hard-core push to sell Exchange Online and to win education accounts over to online services, slower Exchange Server growth is seemingly at least part of the reason. Microsoft execs view education as a key early adopter of cloud-based services, and e-mail is “the gateway application” for schools.)

If you accept that view, things do not bode well for IBM/Lotus.  Microsoft is structured to provide their gateway "drug" to educational markets for no cost, and IBM/Lotus is not (nor does it look like they will do so in the foreseeable future based on actions to date).  

Having been on both sides of the email/collaboration battlefield, I see that at a macro level there are more similarities than differences between Microsoft and IBM when it comes to how the collaboration stories have unfolded.  The technical details vary, but it's still a matter of trying to change the culture of the workplace.  And at least in my experience, that's far easier said than done... regardless of what brand of software you're using.

02/17/2011

Our handout from BOF402 - From Idea to Print: How to Get Started with Technical Writing

Category ls11
Marie Scott and I did a Birds of a Feather session at Lotusphere centered around getting started with writing, be it internal papers or a potential book.  Scheduled opposite of the This Week in Lotus BoF and right before the trip to Universal Studio, it would be fair to say the turnout was... small.  That's fine, as I'm not sure the room would have held more than about 25 with any room to breathe. :)

Anyway, we had a handout for the BoF, and you can now download it if you're at all interested.  Feel free to follow up with questions, as we can always extend our session "virtually"... or is that "socially"?

BOF402 - From Idea to Print: How to Get Started with Technical Writing

You’ve probably read through a technical book and thought, “I could have done a better job! I know more than this author!” Well, there’s very little to stop you from writing your own book or technical article, but you should know what you’re getting into before you start. There’s a lot that goes on between “I have an idea” to “Look, Ma! I’m on the cover of a book!” Join us as we tell the story of how our book, “IBM Lotus 8 Essentials: A User’s Guide” went from query to outline to deadlines to finished product. Along the way, we picked up a number of tips and hints that we'll share to make the process go easier, and to help you avoid setting unrealistic expectations. Getting your knowledge from your head to a book is a very satisfying accomplishment, and with a few hints and tips you too can be on your way to writing your first article -- and perhaps even your first book!

Handout - BOF402 - From Idea to Print

02/09/2011

The Lotusphere 2011 News Page is now updated and posted...

Category Lotusphere 2011 LS11
Each year I try and collect the news stories that come out related to the Lotusphere event.  The Lotusphere 2011 News Page is now cleaned up and posted, and I'll leave the link posted in the upper left corner of the blog for awhile.

It would have been out sooner, but there were some funky characters that were causing the page to not render, and it took me some time to find what they were and remove them.  But it's all good now, so enjoy the news!

02/09/2011

Celebrate IBM Tuesday on February 22nd with Packt Publishing

Category IBM/Lotus Packt
Coming up to its 100th Anniversary, IBM isn't the only one celebrating this year...

A picture named M2

On Tuesday 22nd February Packt will be publishing an unprecedented four new IBM books in one day

To celebrate this occassion Packt has a special offer on all IBM print books

BUY ANY IBM PRINT BOOK AND RECEIVE A 20% DISCOUNT THROUGHOUT FEBRUARY

Click here to enter Packt's IBM Tuesday Competition



IBM Rational Team Concert 2 Essentials IBM Rational Team Concert 2 Essentials Improve your team productivity with Integrated Process, Planning, and Collaboration using Team Concert Enterprise Edition
COMING SOON!


A picture named M4 Getting Started with IBM FileNet P8 Content Manager Install, customize, and administer the powerful FileNet enterprise content management platform
COMING SOON!

 

A picture named M5 IBM Lotus Quickr 8.5 for Domino Administration Ensure effective and efficient team collaboration by building a solid social infrastructure with IBM Lotus Quickr 8.5
COMING SOON!


A picture named M6 IBM WebSphere Application Server v7.0 Security Secure your WebSphere applications with Java EE and JAAS security standards
COMING SOON!




 

Why not make the most of this offer and purchase a selection of IBM books, here are some popular bundles people are buying right now:

 

A picture named M7
+
A picture named M8
 
A picture named M9
+
A picture named M10
     




 

A picture named M11

+
 

A picture named M12

 
 

A picture named M13

+
 

A picture named M14

     




 

A picture named M15

+
 

A picture named M16

 
 

A picture named M17

+
 

A picture named M18

     




 

A picture named M19

+
 

A picture named M20

 
 

A picture named M21

+
 

A picture named M22

     




 

A picture named M23

+
 

A picture named M24

 
 
 
 
   
 
 
 


02/08/2011

Thank you to Volker Weber for capturing Marie and I at our book signing...

Category Everything Else
At Lotusphere 2011, Marie Scott and I had a chance to do a book signing for our Sametime User's Guide book.  I asked Volker if he would do his magic with a camera and give us something to remember the event.  As always, he did an outstanding job...

A picture named M2

A picture named M3

02/07/2011

IBM Lotus Domino IMAP/POP3 Non-Printable Character Expansion Remote Code Execution Vulnerability

Category IBM/Lotus
IBM Lotus Domino IMAP/POP3 Non-Printable Character Expansion Remote Code Execution Vulnerability

Vulnerability Details

This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the POP3 and IMAP services while processing malformed e-mails. The vulnerable code expands specific non-printable characters within a "mail from" command without allocating adequate space. By providing enough of these characters, memory can be corrupted leading to arbitrary code execution under the context of the SYSTEM user.

Vendor Response
IBM states:


Disclosure Timeline
2008-08-26 - Vulnerability reported to vendor
2011-02-07 - Coordinated public release of advisory

02/07/2011

IBM Lotus Domino LDAP Bind Request Remote Code Execution Vulnerability

Category IBM/Lotus
IBM Lotus Domino LDAP Bind Request Remote Code Execution Vulnerability

Vulnerability Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability.

The flaw exists within the nLDAP.exe component which listens by default on TCP port 389. When handling the an LDAP Bind Request packet the process blindly copies user supplied data into an undersized shared memory buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

Vendor Response
IBM states:


Disclosure Timeline
2010-07-20 - Vulnerability reported to vendor
2011-02-07 - Coordinated public release of advisory

02/07/2011

IBM Lotus Domino iCalendar Meeting Request Parsing Remote Code Execution Vulnerability

Category IBM/Lotus
IBM Lotus Domino iCalendar Meeting Request Parsing Remote Code Execution Vulnerability

Vulnerability Details

This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the nrouter.exe service while processing a malformed calendar meeting request. The process copies the contents of the name parameter within the Content-Type header into a fixed size stack buffer. By providing enough data this buffer can overflow leading to arbitrary code execution under the context of the SYSTEM user.

Vendor Response
IBM states:


Disclosure Timeline
2008-08-26 - Vulnerability reported to vendor
2011-02-07 - Coordinated public release of advisory

02/07/2011

IBM Lotus Domino SMTP Multiple Filename Arguments Remote Code Execution Vulnerability

Category IBM/Lotus
IBM Lotus Domino SMTP Multiple Filename Arguments Remote Code Execution Vulnerability

Vulnerability Details

This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the SMTP service while processing a malformed e-mail. The process continually appends each argument within a filename parameter into a buffer in memory. By providing enough data this buffer can overflow leading to arbitrary code execution under the context of the SYSTEM user.

Vendor Response
IBM states:


Disclosure Timeline
2008-08-26 - Vulnerability reported to vendor
2011-02-07 - Coordinated public release of advisory

02/07/2011

IBM Lotus Notes cai URI Handler Remote Code Execution Vulnerability

Category IBM/Lotus
IBM Lotus Notes cai URI Handler Remote Code Execution Vulnerability

Vulnerability Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Notes. User interaction is required to exploit this vulnerability.

The specific flaw exists within the handling of malformed strings within cai:// URIs. The '--launcher.library' switch can be injected and directed to load a DLL from a network share. This will result in code execution under the context of the current user.

Vendor Response
IBM states:


Disclosure Timeline
2009-12-18 - Vulnerability reported to vendor
2011-02-07 - Coordinated public release of advisory

02/07/2011

Lotus Domino Server diiop Client Request Operation Remote Code Execution Vulnerability

Category IBM/Lotus
Lotus Domino Server diiop Client Request Operation Remote Code Execution Vulnerability

Vulnerability Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability.

The flaw exists within the ndiiop.exe component which listens by default on a dynamic TCP port. When handling a GIOP client Request packet type the process can be made to mis-allocate a buffer size due to a signed-ness bug. Later, the process blindly copies user supplied data into this under allocated heap buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

Vendor Response
IBM states:


Disclosure Timeline
2010-07-20 - Vulnerability reported to vendor
2011-02-07 - Coordinated public release of advisory

02/07/2011

Lotus Domino Server diiop getEnvironmentString Remote Code Execution Vulnerability

Category IBM/Lotus
Lotus Domino Server diiop getEnvironmentString Remote Code Execution Vulnerability

Vulnerability Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability.

The flaw exists within the ndiiop.exe component which listens by default on a dynamic TCP port. When handling a GIOP getEnvironmentString request the process blindly copies user supplied argument into an stack buffer while checking the local variable cache. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

Vendor Response
IBM states:


Disclosure Timeline
2010-07-20 - Vulnerability reported to vendor
2011-02-07 - Coordinated public release of advisory

02/07/2011

IBM Lotus Domino Calendar Request Attachment Name Parsing Remote Code Execution Vulnerability

Category IBM/Lotus
IBM Lotus Domino Calendar Request Attachment Name Parsing Remote Code Execution Vulnerability

Vulnerability Details

This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the NRouter service while transporting malformed e-mails. The vulnerable code copies data from the ATTACH:CID and Content-ID headers within an e-mail into a fixed length stack buffer. By providing a large enough file name, this buffer can overflow leading to arbitrary code execution under the context of the SYSTEM user.

Vendor Response
IBM states:


Disclosure Timeline
2008-08-26 - Vulnerability reported to vendor
2011-02-07 - Coordinated public release of advisory

02/01/2011

If you have time between 2:30 and 3 pm today, come by and get your Sametime User's Guide book signed (or BUY one and get it signed!)...

Category Sametime User's Guide
Marie Scott and I will be down in the Lotus Bookstore on the vendor floor today between 2:30 and 3 pm, signing copies of our Sametime User's Guide book.  Please bring your copy and stop by, or buy one at the bookstore. :)

The reviews on the book have been excellent, and even long-time technical experts in our community found a few new things they didn't know (as I did when writing it with Marie).  

Look forward to seeing you there!

Want to support this blog or just say thanks?

When you shop Amazon, start your shopping experience here.

When you do that, all your purchases during that session earn me an affiliate commission via the Amazon Affiliate program. You don't have to buy the book I linked you to (although I wouldn't complain!). Simply use that as your starting point.

Thanks!

Thomas "Duffbert" Duff

Ads of Relevance...

Monthly Archives