Critical RealVNC vulnerability discovered

If you are running RealVNC for remote access you should make sure to upgrade the server software due to a recently discovered critical vulnerability. This is especially true if the VNC machine is available on the standard port and without VPN requirements.

“Using the following method, it is trivial to gain access to any RealVNC server without knowing the password. This allows full control of the target machine, with privilege levels equalling that of the user under which the RealVNC server runs – often full Administrator access on Windows desktops.”

Full article on securityfocus.com: RealVNC 4.1.1 Remote Compromise

Show ‘n Tell Thursday: SSH tunneling – a must have tool for any travelling consultant (18 May 2006)


With the use of firewalls that also restrict the outbound ports accessible from the corporate networks it is getting harder and harder to access resources at the office while at a customer location. Luckily there is a solution that works most of the time and that all travelling consultants should know about.

SSH tunneling is the solution to so many questions. For some reason many networks allows you to create outbound SSH connections which makes it possible to tunnel Notes (port 1352) and Sametime (port 1533) traffic to a SSH server and from there to the destination. Don’t worry it is much simpler than it sounds.

This tutorial shows you how to set it up. I recommend PuTTY as the SSH client to use. The below screenshot shows an example of tunneling Notes and Sametime traffic to sametime.example.com and notes.example.com respectively.

Tunnelling traffic via the internet beats the hell out of replicating via GSM dial-up or via a fax/PSTN line.

The word is spreading – Hannover mentioned at EclipseZone

“The next release of Notes, codenamed Hannover, will begin beta testing this fall with a set of office productivity tools that support the industry-standard OpenDocument Format (ODF), Lotus announced this week at a user group conference in Germany.”

Full article at EclipseZone: Notes & ODF > Eclipse RCP?

Updated on 18 May 2006: Also Slashdotted

Escape parenthesis’ in FT query

Had an issue today with an application that finds document using a FT search in LotusScript. The problem appeared to be quite obvious. The query was:

FIELD <fieldname> CONTAINS (<query>)
e.g.
FIELD CompanyName CONTAINS (Acme)

After looking into the problem the source of the issue turned out to be that the query string itself contained parenthesis’ which made the query be malformed due to the parenthesis’.

FIELD CompanyName CONTAINS (Acme (US))

The solution was to enclose the query string in quotes:

FIELD CompanyName CONTAINS ("Acme (US)")

Java in Notes/Domino Explained: Visibility modifiers


The Java programming language has 4 access modifiers:

  • public
  • private
  • protected
  • (none) aka “friendly”

Below I’ll tell you a little about each of the modifiers.

Modifier Description
public This is the least restrictive of the modifiers and it should be understood as literal as the word. Member variables and methods are visible to code inside and outside the class independent on class inheritance hierarchy and package.
private This is the most restrictive of the modifiers. Member variables and methods are private to the inclosing class and isn’t visible to any code outside the class itself. Variables and methods marked private are however visible to inner classes.
protected Protected is somewhere in between public and private and means that the variable or method is visible to the inclosing class and its subclasses. This makes it very usable when designing class hierarchies since it allows you to put code in a generic super class without making it visible to outside classes.
(none) aka “friendly” Leaving out the modifier gives the variable or method the same properties as a public variable or method but only inside the same package. This is beneficial if you are designing an API and you need some public methods that shouldn’t be exposed to outside code. Be aware that there isn’t any mechanism for disallowing programmers to create new classes in your packages so caution should still be exhibited when using the “friendly” modifier.

Extending the reach – Sametime for the masses…

As previously announced the new version of Sametime (v. 7.5) will be able to connect to the Google Talk network and hence extend the reach of the Sametime enabled knowledge-worker. What wasn’t apparent to me at the time of the annoucement was the fact that the integration means that the reach will be extended even more when vendors like Nokia integrates Google Talk into their products. Great scoop for IBM/Lotus and great news for all the users of Sametime.

Via Slashdot

I guess that’s what you call adoption…

“Ian Skerrett has put together quite a comprehensive list of languages supported by Eclipse and the associated plugins. In addition to that he asks anyone that notices a discrepancy in his list to pipe up and add it. I was baffled by the size of this list, but it is a great reference for developers thinking of coming over to the Eclipse IDE and thinking “Can I work in that IDE?”, the answer seems to be a resounding YES.”

Full post at the EclipseZone: Support for 20 Languages in Eclipse