Slashdot Mirror

http://www.boingboing.net/2005/11/18/users_sue_mat chcom_f.html

Schneier has said several times that "half a million computers were infected". However, I saw that famous graph that said half a million networks were infected. Who is right?

this isn't one of those lightning-fast internet worms; this one has been spreading since mid-2004. Because it spread through infected CDs, not through internet connections, they didn't notice?

On Friday, the Milan-based (Association for Freedom in Electronic Interactive Communications - Electronic Frontiers Italy) filed a complaint about Sony's software with the head of Italy's cybercrime investigation unit...

The complaint alleges that XCP violates a number of Italy's computer security laws by causing damage to users' systems and by acting in the same way as malicious software, according to Andrea Monti, chairman of the ALCEI-EFI. "What Sony did qualifies as a criminal offense under Italian law,"

This M$ program relies on spyware built into XP that keeps track of all the software on your machine. If you're fortunate enough to have an un-infected system (such as Win 2K) you can keep the Genuine (Dis)Advantage spyware off your machine when doing updates by following a simple procedure.

But the most important thing is.... does the Microsoft "Genuine Advantage" CRACK work in Firefox too?

Sony should NOT stick to music either!! They tried to shut down Beatallica (http://www.beatallica.org/) cuz they created spoof songs based on the Beatles and Metallica. Sony will go after ANYONE - even if you are simple metal d00ds from milwaukee, wisconsin who were just having a good time!

shame on sony - over and over again.

http://www.boingboing.net/2005/02/24/beatallicaorg _shut_d.html

maybe DVD Jon should call Larz and have him step in!
http://www.boingboing.net/2005/02/20/sony_v_beatal licaorg.html

--srgtd

Sony should NOT stick to music either!! They tried to shut down Beatallica (http://www.beatallica.org/) cuz they created spoof songs based on the Beatles and Metallica. Sony will go after ANYONE - even if you are simple metal d00ds from milwaukee, wisconsin who were just having a good time!

shame on sony - over and over again.

http://www.boingboing.net/2005/02/24/beatallicaorg _shut_d.html

maybe DVD Jon should call Larz and have him step in!
http://www.boingboing.net/2005/02/20/sony_v_beatal licaorg.html

--srgtd

I've been chasing down several accounts of government agencies, companies, educational institutions and others banning the use of Sony CDs on their PCs, due to the security risks of having Sony's rootkit DRM infecting their PCs. One government ministry, Alberta Agriculture, has banned the use of music CDs altogether, since Sony is hardly the only music company crippling its CDs with sneaky, malicious software. Here are a couple examples:

It has been brought to our attention that there is significant risk to the security and the operation of UC computers in using Sony BMG produced CDs. For this reason, the use of Sony BMG produced CDs in University of Canberra computers is prohibited.

Here I thought this would only happen for "secure" workplaces. Sorta makes you feel sorry for SCO, they can't get anyone to even look at the crazy they're selling when Sony's got such a superior line of insane self-destructiveness.

As referenced: On Boing Boing!,
mentioning the 700 hobo names,
which were recorded with geek-folk-copyleft-rocker Jonathan Coulton,
as can be heard here,
or seen illustrated by a number of independent artists via Flickr,
and as was also mentioned with great humor on November 16th's Daily Show with Jon Stewart.

Sony CDs banned in the workplace

"I've been chasing down several accounts of government agencies, companies, educational institutions and others banning the use of Sony CDs on their PCs, due to the security risks of having Sony's rootkit DRM infecting their PCs. One government ministry, Alberta Agriculture, has banned the use of music CDs altogether, since Sony is hardly the only music company crippling its CDs with sneaky, malicious software. Here are a couple examples:

It has been brought to our attention that there is significant risk to the security and the operation of UC computers in using Sony BMG produced CDs. For this reason, the use of Sony BMG produced CDs in University of Canberra computers is prohibited.

EAT IT *AA's! Sony put a gun to your head and pulled the trigger.

You may have other reason not to buy a PS3

http://www.boingboing.net/2005/11/12/new_sony_lock ware_pr.html

FYI. BoingBoing have compiled a comprehensive timeline of events surrounding this: http://www.boingboing.net/2005/11/14/sony_anticust omer_te.html

Oct 31: Sony DRM uses black-hat rootkits
Nov 3: Sony releases de-rootkit-ifier, lies about risks from rootkits
Nov 3: Felten on Sony's rootkit-"remover: they're still adding something"
Nov 3: Defeat WoW spyware using Sony's rootkit: proof it has side-effects
Nov 9: List of CDs infected with Sony's rootkit DRM
Nov 9: Sony's EULA is worse than their rootkit
Nov 10: Sony Music CDs infect Macs, too
Nov 10: Fantastic screed against the coders who wrote the previous Sony DRM junk: they've done it before
Nov 11: Sony will stop shipping infectious CDs -- too little, too late
Nov 12: Sony's *other* malicious audio CD trojan
Nov 12: New Sony lockware prevents selling or loaning of games
Nov 13: Sony's malware uninstaller leaves your computer vulnerable
Nov 13: Sony's rootkit infringes on software copyrights

Other stuff:
Sony lied about its rootkit. They said it didn't phone home with information about your deeds. It does. When they were caught in the lie, they said that they didn't pay attention to the information it sent back, so it's OK
Microsoft is building a Sony rootkit-remover into its anti-spyware product
Lawsuits against Sony are already underway in Italy and the US
At least one piece of malicious software that exploits Sony's rootkit has been discovered in the wild

Update: Christopher sez, "You missed one in your Sony timeline that I think is excellent. A call from Dan Goodin over on Wired to boycott all Sony products until they make amends..."
posted by Cory Doctorow at 09:40:06 AM

So basically just links about technology or Hello Kitty.

I've always wondered what the internal culture is in companies that leads them to launch suits like this, as they almost always backfire even if they are won. The McDonald's lawsuit against a couple of people distributing anti-McDonald's pamphlets, for example, certainly led to much more anti-McDonald's media coverage than a couple of nutty activists could ever have managed on their own.

Well, (according to the internet), among other things it's in the local paper, and I've just seen this story linked on the front page of Yahoo! Canada. (Its in the "In the News" box on the right side at the time of this writing)

I bet.... yup just checked... it's Farked, and it'll probably hit BoingBoing tomorrow.

I wouldn't be surprised to see it get picked up nationally in a day or two.

So yeah, I think Activa's about to find out exactly how quickly news like this can spread...

From AQFL: Broadband Reports and Boing Boing say WiFi doesn't "stand for" wireless fidelity. It's a pun on "Hi-Fi" and "wireless fidelity" doesn't mean anything.

I'm not sure all that feel-good music will work with Storm Troopers, and rebel star systems trying to escape Imperial rule.

I dunno, it seems to fit quite nicely with tap-dancing stormtroopers.

It sounds odd, but lots of grim stuff can be recast as cheerful to great effect, as anybody who's heard an easy listening version of Rape Me or seen the romantic comedy trailer for The Shining knows.

> Do we really want a standard that enables DRM? Is there such a thing as acceptable DRM? Why is this a good thing for OpenDocument?

It's certainly not a good thing for OpenOffice and other free/open source office packages since DRM is fundamentally incompatibile with open source. If you don't understand why, read this:

http://www.boingboing.net/2005/08/24/drm_ssl.html

Put simply, client side security only works (and that is debatble) in a completely closed system. Here's an example of this I ran across just last week. I have a PDF that I have many times copied and pasted text out of using xpdf. Recently, I bought a Mac Mini, and I happened to scp the very same pdf over to the mac, and open it in Preview. When I tried to copy text out of it, Preview popped up a dialog saying I was not allowed to copy text out of it without entering a password. That works as long as everyone plays by the rules in the standard. But as soon as there is an open source version someone can modify, it'd be quite simple to remove further restrictions once the software already has access to the unencrypted data.

At least the systems mentioned would stack better than this monstrosity.

Boingboing recently had an article pointing to a Flickr Photo Set about the Bernal Heights Illegal Soapbox Derby. Lots of silly cars, and the one rule is that every car is required to have a beer holder. Usually Halloween, sometimes other weekends as well.

Would it have been this?

Sony released some kind of software update tool that removes the rootkit pretty cleanly.

Sony removes it pretty cleanly? Are you sure? You might be interested in reading this.

I felt a great disturbance in the Apartment Complex, as if millions of neighbors suddenly cried out in terror and were suddenly silenced by my giant subwoofer.

You must be confused...I think This is the Woofer you're looking for.

right?

Sony ditches DRM CDs

That's funny...

Zombie Walks in Seattle - Boingboing seems to be a hotbed of articles on upcoming zombie mob activity and pointers to pictures of the events afterwards:
Vancouver Pictures San Francisco.

Zombie Walks in Seattle - Boingboing seems to be a hotbed of articles on upcoming zombie mob activity and pointers to pictures of the events afterwards:
Vancouver Pictures San Francisco.

Zombie Walks in Seattle - Boingboing seems to be a hotbed of articles on upcoming zombie mob activity and pointers to pictures of the events afterwards:
Vancouver Pictures San Francisco.

See also The Republican War on Science by Chris Mooney.

I think blogs without user comments are destined to failure.

I don't know... this one doesn't have comments, and is pretty successfull.

If MSFT borrow ideas, they should pay for them as they would have the world pay them for using their ideas (except they're not Microsofts ideas because Microsoft never invented anything - a minor detail). If you still don't understand what's so offensive about Microsoft, then please, for the good of humanity go fuck yourself in the face with a handgun.

This would be relevant to gaming if it were a well thought out article about online identity, instead of somebody whinging that they had to change their name in WoW because they didn't take the time to read the rules of the game. I've seen Taco point others to Slashdot's years out of date FAQ, so now I'll take the time to point him to one: Part 3, Section A, Subsection 13 (naming conventions) AND I QUOTE (though the emphasis is mine alone):

In particular, you may not use any name...
13. That incorporates titles. For purposes of this subsection, "titles" shall include without limitation 'rank' titles (e.g. , "CorporalTed," or "GeneralVlad"), monarchistic or fantasy titles (e.g., "KingMike", "LordSanchez"), and religious titles (e.g., "ThePope," or "Reverend Al").

Now, if you're going to join a service that you must pay a monthly fee to use, that you're going to put in all sorts of time over, then don't you think it would behoove one to read the fucking rules of the service? it's pretty clear that Taco was breaking the rules, so what exactly does he expect to happen? Does he expect to get an exception just because he's That Guy Who Makes Slashdot Run? If it took him "dozens of inquiries to get that explained" then he needs to learn to read the rules of the game before he plays. I don't play Wow, and it took me about 10 seconds to find the relevant rules page and its section regarding names. It's really not that hard.

This is a non-story, the only reason it's on the front page is because of Taco's abuse of power. To be fair, at least it's something fresh and recent instead of the usual "news items" (or duplicate posts) that showed up on the BoingBoing RSS feed weeks ago...

This is called serendipity. Another fine example is the recurrent laryngeal nerve http://www.boingboing.net/2005/02/20/intelligent_d esigns_.html.

Umm, the MITers were disproving the MythBusters, not the other way around. For a show with a little more credibility, check out PBS where they actually get real scientists and engineers to see if they can replicate ancient technological feats on Secrets of Lost Empires. Conclusion: Not so simple.

And anyone caught looking up popular destinations only in Google Maps, is headed to Guantanamo.

That would be funny if the feds hadn't told cops to be on the lookout for people carrying almanacs. Or if they weren't hassling casual photographers everywhere.

Next thing you know, people will start objecting if you stand on the public sidewalk and take pictures of their buildings. oh wait.

Exactly. The fact is that the data is not anonymous, so it will end up being usable to track people. Not a problem in most societies... but when you can get a visit from the Secret Service for making an anti-Bush poster then I think anyone's correct to be asking questions...

Or you could go visit his website.

There's also the CSA going through congress, requiring a huge expansion in government registration and regulation to include things like sex-scenes in regular non-porn movies.

The "life came from comets" statement is just a theory, like many other things in science. However, a lot of scientific ponderings and observations have taken place and are taking place about this theory. Therefore, there exists some possibility that it might be true. No scientific organization or any Govt is saying that life happened ONLY this way and NO other way.

Many scientists accept the possibility that comets MIGHT have had a role in evolution or life because of certain observed phenomena that agrees with hypothesis (and vice versa). That is science. OTOH, religious freaks refuse to consider any other point of view except the 'interpretation' of their religious text even if it flies in the face of observable evidence. That's faith. Like those who say dinosaur bones are a Test From God or some shit. While scientists regularly disagree with each other, they atleast have some observations, deductions or calculations to show for it. Religious freaks who fight among each other have nothing to say except "My interpretation r0x0r!!" or "My god is better than yours !".

If scientists could assemble non-living material into a living organism it would certainly help the theory of evolution.

Thats not a very smart argument. It's like those people who refused to believe that the earth is round unless they saw a photo of it from space, even when scientists, astronomers, sailors had known for centuries that the earth was spherical, purely through observation of natural phenomena and calculations... which some people are too stupid to understand or too bigoted to accept. Anyone who needs that kind of 'proof' to 'believe' in evolution... its like talking those people in the US who still belive the Sun moves around the earth.

In some countries, the problem IS that the US "isn't the least bit restrictive". Remember, there are some countries out there that don't have Freedom of Speech, Religion, Protest, Anonymity or many other things.

Think of the Great Fire Wall of China for starters.

Then there are those that also want to eliminate all the porn on the internet.

So yes, I'd say it is about "control", or lack there of.

So, what happens when the readership of blogs is 1/3 of newspapers?

Then we'll talk. :) I don't think this'll happen for some time, if ever, so I may never have to answer the question!

According to this page, boingboing - a pretty popular blog - gets around 300k readers a day. That's three times the previously quoted LA daily newspaper. So - answer the question. Are the people who contribute to boingboing journalists?

Ok, this is slightly off-topic, but you aren't the guy responsible for UNICEF Bombing the Smurfs, are you?

Democracy has been subverted for ages and will continue to be. The only thing that keeps it rolling along is the electorate eventually gets pissed off enough and kicks the scoundrels out and installs new scoundrels. Rotating the bastards out is something akin to hitting the reset button - things work well for awhile until it's time to reset again.

These 20 congress folk who signed the letter need to be reminded who voted them into office. The bribes the MPAA and RIAA are paying had better be enough for them to live on once they're kicked out.

John Shadegg, R-AZ, (202) 225-3361 | Mary Bono, R-CA, (202) 225-5330
George Radanovich, R-CA, (202) 225-4540 | John Shimkus, R-IL (202) 225-5271
Bobby Rush, D-IL, (202) 225-4372 | Ed Whitfield, R-KY, (202) 225-3115
Albert Wynn, D-MD, (202) 225-8699 | Charles Pickering, R-MS, (202) 225-5031
Lee Terry, R-NE, (202) 225-4155 | Charles Bass, R-NH, (202) 225-5206
Mike Ferguson, R-NJ, (202) 225-5361 | Frank Pallone, D-NJ, (202) 225-4671
Eliot Engel, D-NY, (202) 225-2464 | Vito Fossella, R-NY, (202) 225-3371
Edolphus Towns, D-NY, (202) 225-5936 | John Sullivan, R-OK, (202) 225-2211
Michael Doyle, D-PA, (202) 225-2135 | Marsha Blackburn, R-TN, (202) 225-2811
Bart Gordon, D-TN, (202) 225-4231 | Charles Gonzalez, D-TX, (202) 225-3236

Posted as AC to promote non-karma-whoring

Wayyyyyyyyyy off topic, but news must spread.
http://www.boingboing.net/2005/10/09/unicef_bombs_ the_smu.html

It looks like he initially lied to the police and said the the reason the IDS detected it as a hack, was because he was using Lynx. That is the first story that went around the net. He was on Solaris, using Lynx, made a credit card payment, and the IDS picked it up as a hack.

Here's the original BoingBoig: http://www.boingboing.net/2005/01/27/jailed_for_us ing_a_n.html
and then: http://www.boingboing.net/2005/02/11/supposed_tsun ami_cha.html

In the end, despite his initial lie, all he did was try a directory traversal 'attack' (the ../ trick to try and break out of the root web directory). Not so much as an attack, as a query.
Basically he was trying to answer: "Is this site vulnerable to this easily exploited flaw, and if so, I better call them or my Credit Card number is going to make it's waya round the russian mafia sites in no time".

I don't doubt he was secretly hoping the flaw existed so he could get some fame saving a disaster relief web site.

I guess then technically, if you click the following link, their IDS should flag it as a 'hack' and if you live in jolly ol'england expect a boot at your door: Don't click me or you go to Jail!

If you try it out, let me know how fast their response time is.

It looks like he initially lied to the police and said the the reason the IDS detected it as a hack, was because he was using Lynx. That is the first story that went around the net. He was on Solaris, using Lynx, made a credit card payment, and the IDS picked it up as a hack.

Here's the original BoingBoig: http://www.boingboing.net/2005/01/27/jailed_for_us ing_a_n.html
and then: http://www.boingboing.net/2005/02/11/supposed_tsun ami_cha.html

In the end, despite his initial lie, all he did was try a directory traversal 'attack' (the ../ trick to try and break out of the root web directory). Not so much as an attack, as a query.
Basically he was trying to answer: "Is this site vulnerable to this easily exploited flaw, and if so, I better call them or my Credit Card number is going to make it's waya round the russian mafia sites in no time".

I don't doubt he was secretly hoping the flaw existed so he could get some fame saving a disaster relief web site.

I guess then technically, if you click the following link, their IDS should flag it as a 'hack' and if you live in jolly ol'england expect a boot at your door: Don't click me or you go to Jail!

If you try it out, let me know how fast their response time is.

...and the sexpests will come. This promises to be The Sims Online all over again, replete with such sociopathic pillars of the online community as this sterling human being.

Does he seriously think that he has any ability to screen for Bastet or Cthulu worshipping gothic pagans with dominant tendencies who in the height of passion also enjoy shots of their significant others' blood?

The other thing is, the above types will not only descend on the game in droves, but because mainstream types don't want to be anywhere near such sewer-dwelling vermin, (completely understandably!) they will be repelled, and thus a comparitively small number of the freaks will be the only people he makes money from.

The thing that MMOG authors don't seem to have got through their skulls yet is that with the possible exception of WoW, normal people don't play MMOGS, because normal people already have lives. Thus, the only demographic you're going to get in an MMOG are those who in ages past would have been part of the inpatient mental health system...Either that, or burned at the stake. ;-)