Slashdot Mirror

I remember grabbing one of those because it was a free hackable barcode scanner, but I never got around to actually doing anything with it. I'm pretty sure I still have it in the bottom of a drawer somewhere.

Somewhere between these two clear-cut extremes is "designed to fail" - intentional design choices that serve little or no purpose but to artificially reduce the product's useful life, although without being so explicit as an automatic destruct timer. A couple real-world examples from my own experience:

When an old Xerox photocopier at my dad's office failed for the last time, we disemboweled it (not quite Office Space style, but it was thoroughly disassembled). One component stood out as truly bizarre: it was either an extremely ghetto method of faking a log-scale amp, or a design-to-fail timer: the component was literally an incandescent light bulb glued to a photosensor, hidden inside a black shroud similar to a relay casing. Given that the lamp filament had burned and the copier broke, I lean toward the latter.

Last year or so, my front-load Sears/Kenmore washing machine broke after only a few years' use. The culprit: A cheap, uncoated pot-metal bracket, continuously submerged in water/detergent/dirt by design, corroded through. This failure mode would be completely avoided by a few cents' worth of engine paint or similar applied to the bracket. This is an old and well-known problem.

(Disclaimer: tooting own horn.) If you're interested, I recently put together an open-source Arduino variant designed for minimal power consumption (1uA sleep current, a few mA active) for battery and energyharvesting uses. This variant uses the *PA variant AVRs, which run down to 1.8V, and power is supplied through 'power shields' which can be interchanged for different power sources. It's still an 8-bit AVR, so it won't help you on RAM or processor speed, but it should be more than enough to run a FAT32/microSD logger library.

Despite the "no, we're perfect" attitude, I'm sure all this publicity will find them cranking up the sensitivity on their infallible (sarcasm intended) webspam detector algorithm. Ever try to get in touch with a live human to report a misclassification, or even find out what triggered it? As someone who had his entire (noncommercial, ad-free, and 100% original material) site misclassified as a spam site and delisted from Google for about a month last year, I can confirm that the procedure for getting a potential Algorithm issue addressed by a live human involves knowing someone who is Facebook friends with Matt Cutts.

I eventually got this resolved (with approximately a month of trial and error; I'm not facebook friends with Matt Cutts) - it turned out the webspam algorithm was keying on a text file from an extensive dossier of published anti-malware research, documenting the list of keywords a particular piece of spyware used to trigger popup ads over webpages. For that, entire domain blocked, including subdomains. Censoring the keywords got us unbranded as spammers, but I really shouldn't have to do that.

(PS. I even dumped Google and tried using Bing for a few weeks out of protest...believe me, the view over there isn't any prettier.)

Extraordinary? For work prototyping I usually get mine here: http://goldphoenixpcb.biz/quote2.php

It's $100 for 100in^2 (that's a lot of space!) for 2-layer. In 6 years I've only once had a pressing need for more layers. Obviously, $100 is definitely not free (it's tangible goods and labor after all), but if you have a few friends who want boards, your price per design drops pretty quickly. BatchPCB does exactly this.

There's plenty of design space left for people who are not making GHz PCs and cell phones. If you're prototyping and your needs are not that extravagent, your cost is ~ 99 cents, and you can build a machine for it yourself from an open-source design and readily available parts :-) (mine was ~ $200 and the gas to get to home depot and back).

Google have also been getting very aggressive lately about algorithmically delisting sites that fail some minor "spam" metric or other, which, according to many of the "SEO" types discussing the subject*, may include splogged copies of your content hosted in obscure countries and *incoming* links from suspect sites. I found just how rampant this is becoming only when the algorithm decided I was a spammer too. From what I can now tell it was a simple misclassification, and at the time of this writing, the site appears to be indexed again (with throwing a couple 'NOINDEX's around on the pages that confused them), but it did give me a firsthand taste of how easily they are now throwing babies out with the bathwater, and how many other legitimate sites I may be missing out on by using Google. I've since changed away from Google for most of my search needs.

More details, for anyone who finds themselves in the same situation:
First off, the preferred method of getting a classification issue looked into by a live human seems to be knowing someone who is Facebook friends with Matt Cutts. Otherwise, try for a media frenzy (if you're suitably popular or controversial), or don't waste your time.

From what I can now tell (or rather guess), it tripped on a detailed dossier we published of a back-in-the-day malware, which included a full list of URLS and keywords that it triggered on. This being the usual popup-spawning unkillable background process, you can probably guess the kinds of sites and keywords it triggered on (or just read the 'Sections' page). Some while after the site was delisted, an automated "we're removing your site" message showed up in the Google Webmaster Tools listing a sampling of the keywords on that page and suggesting it was placed there by an exploit.

A reasonably popular site (it's been slashdotted a few times), together with one of the oldest continuously-running malware help forums in existence, silently delisted from Google for ONE FILE. Legitimate, at that.

* "SEO" = likely banned for more legitimate reasons, although OTOH, determining how Google's ranking algorithms work is their fulltime job.

Google have also been getting very aggressive lately about algorithmically delisting sites that fail some minor "spam" metric or other, which, according to many of the "SEO" types discussing the subject*, may include splogged copies of your content hosted in obscure countries and *incoming* links from suspect sites. I found just how rampant this is becoming only when the algorithm decided I was a spammer too. From what I can now tell it was a simple misclassification, and at the time of this writing, the site appears to be indexed again (with throwing a couple 'NOINDEX's around on the pages that confused them), but it did give me a firsthand taste of how easily they are now throwing babies out with the bathwater, and how many other legitimate sites I may be missing out on by using Google. I've since changed away from Google for most of my search needs.

More details, for anyone who finds themselves in the same situation:
First off, the preferred method of getting a classification issue looked into by a live human seems to be knowing someone who is Facebook friends with Matt Cutts. Otherwise, try for a media frenzy (if you're suitably popular or controversial), or don't waste your time.

From what I can now tell (or rather guess), it tripped on a detailed dossier we published of a back-in-the-day malware, which included a full list of URLS and keywords that it triggered on. This being the usual popup-spawning unkillable background process, you can probably guess the kinds of sites and keywords it triggered on (or just read the 'Sections' page). Some while after the site was delisted, an automated "we're removing your site" message showed up in the Google Webmaster Tools listing a sampling of the keywords on that page and suggesting it was placed there by an exploit.

A reasonably popular site (it's been slashdotted a few times), together with one of the oldest continuously-running malware help forums in existence, silently delisted from Google for ONE FILE. Legitimate, at that.

* "SEO" = likely banned for more legitimate reasons, although OTOH, determining how Google's ranking algorithms work is their fulltime job.

uninstall Norton

I've seen a number of computers that appear to be setup right but will not work until you uninstall Norton.. I'm not really sure how/why that could happen but it's not a settings problem.

O and if that doesn't work, lspfix found here http://www.cexx.org/lspfix.htm if you don't already know as it will save you a lot of time and I know in your type of job your boss is up your ass about getting people off the line but the problem is though you are trying to fix it over the phone so how do you get the program to them... DOH... sorry...

XML is available. See http://www.weather.gov/forecasts/xml/ I while back I threw together a quick n dirty script that queries the NDFD every few hours and drives an LED weatherball in front of my house. Keeps me from having to remember to check a weather report every night :-) If you back up to the main page, there are even links to view the forecast models themselves.

Sadly, the "DMCA-enabled battery" asshattery is not a new idea - well-known chipmakers such as Dallas-Maxim have been pushing cryptographic battery-lockout and ID chips directly to electronic engineering departments for years now. I've been personally seeing these ads in EE trade rags since at least '06. And yes, they trot out the claim that it will "improve safety" by locking out "inferior knockoff" batteries (or more to the point, shield you from liability), and that it's totally not a vendor lock-in thing at all. Sadly, part of me is actually surprised that it took this long for a mainstream manufacturer to take the bait. Anyway, we know how it will end (Sega v. Accolade, Lexmark vs. SCC, Magnuson-Moss Act, as other posters have pointed out), but you already know who foots the bill for the de rigeur years of lawyering it will take to reach that zero-sum result.

These recent privacy modes (Chrome's Incognito, FF Private Browsing) seem to miss the point. What's the great importance of keeping my browsing history off my local disk (I already know I surfed porn), when the evilclick.net advert in Window #2 can still read a cookie set by the evilclick.net advert in Window #1?

There is a more detailed description elsewhere, but here is a brief description of the feature I really want to see in a good browser stealth mode: Each clickstream is its own session. For example, I create a new window/tab from scratch - it may as well be a brand new universe. In a proper 'privacy mode', it should not have access to data generated by any previous or subsequent surfing in other tabs (e.g. cookies, authenticated sessions). Same goes for clicking a link to a different domain, or being redirected by non-click means (meta-refresh, etc.).

Quick example: In a moment of weakness sometime ago you signed up for a Gmail account. Today you open up your browser in privacy mode (fresh start; per-session cookies, whee!), and go surf some raunchy porn sites (ads served by AdSense; stores a session ID cookie pointing to the adserver's record of URL each ad appeared on). Later in the day (forgetting about the porn), you log in to Gmail. Whoops! Adserver's randomly-assigned SID (originator: google.com) is now readable by scripts in the Gmail window (originator: google.com), a strongly authenticated session - your midget horse porn addiction can now be linked to your email address. (But no deep-introspection ad relevance hivemind would actually store that data, right?)

The article makes a plausible argument, but fails to give any real world examples.

The classic is the free razor. Give away the razor for free. The blades are not cheap.
The new one is free cell phones. Get your free cell phone. The air time is not cheap.

Extended further is provide very inexpensive inkjet printers. There is no bargan on official ink.

An example of the above gone wrong is the free :C bar code scanners.. that were re-purposed instead of being subscribed to the non-free content.
http://www.cexx.org/cuecat.htm
http://www.hackaday.com/2005/06/12/cuecat-hacking/
http://oilcan.org/cuecat/

The inexpensive I-Opener web device
http://www.ghettohardware.com/articles/iopener/
http://www.theregister.co.uk/2000/03/23/netpliance_hobbles_iopener_99_pc/

If you use the free then fee model, be sure the item up for fee is something people will buy.
I-tunes is free.. But it can be used to rip CD's. That's OK. The plan is to sell iPods and maybe a few tracks on the iTunes store.

As I write this via my Comcast link, a yellow box in my GMail window informs me that it thinks my "network administrator has blocked GMail chat." This happens semi-reliably when my housemate is torrenting (affected services include parts of GMail as well as FTP and VNC). Encryption solves this. Currently it appears that Comcast's BitTorrent blocker cannot reliably tell the difference between the individual streams and simply sends nukes indiscriminately at connections originating from the same modem where torrent activity has been detected.

Will they fix the Desktop Effects / Restricted Driver white-screen perma-fuck?

ooooh, that looks so scary!

http://tim.cexx.org/?page_id=374

i don't understand what it is, but i'm frozen with fear...

A friend and I nearly got bounced out of an electronica concert at the door due to homebrew wearable blinkenlights (err yes, this was in Boston). As some other posters has suggested, Instructables might do well to devote a section to "making your homemade circuits look purchased" so as not to attract nuisance Homeland Security attention and/or jail time. (Although, the Mooninite boards that ground Boston to a halt in January were professionally manufactured, and appeared to be machine-populated boards. They even masked the boards in black solder mask (unlike the boring green mask on most circuit boards), which costs extra for small runs.)

Mathematically sound solution, no algebra required. Although the bigger problem I find with "seat down" isn't one of power efficiency (number of seat state changes) but that leaving the seat down on any public facility leads to it getting pissed on by slobs, which isn't much good to anybody.

Heh, and here I've been using cosmic roundoff error to explain free will.

So basically... if I make MS Word try to open the Windows equivalent of /dev/random as a .doc file, it'll crash. How...inconvenient. Sure, there's this small-but-nonzero chance that such crashes are an exploitable vulnerability. Maybe they are, maybe they aren't (I don't have my disassembler handy)...but if they aren't, I don't give a damn about them, and I'd be surprised if the Word development team felt differently. One in a million users might rename their favorite Black Sabbath mp3 to a .doc file to look for hidden satanic messages, or whatever, but I wouldn't exactly consider this a showstopper--especially one that the devs should waste time fixing in preference of Word's more serious issues. How about not randomly changing fonts and sizes when you delete neighboring paragraphs or copy/move text around? It seems since Word 95 onward (at least up to Office 2003), they decided to reimplement the Delete key as a "randomize font sizes" key.

Aha! THAT's why those pigfuckers capture your IP, User-Agent and a few other fields on first pageview and banish you to Unexpected Error Ocurred Purgatory if they ever change. I have a long rant on this subject, but the short form is I found the reason I thought Myspace was "always broken" the last couple years is my User-Agent Randomizer ran into their Paranoid Session Validator and began brawling. Using fields like UAgent as additional session validation tokens is a reactinary, but increasingly common stopgap on sites that know they have active XSS vulnerabilities but don't know where they all are or how to fix them.

Bah. My Wifi hackybit (Nintendo DS lite) with all its own associated hackybits runs for less than $200 off the shelf, runs a variant of uClinux, and can run for a week on a battery charge (assuming most of that time is in Sleep mode waiting for the target network to come in range).

I'm actually somewhat surprised I haven't seen any stories along these lines yet. Load up a DS with wepcrack and some malware, power it on, flip it closed and mail to target. While it sits all morning in shipping/receiving, it's found the least-secure AP and begun forwarding the most interesting sniffed packets to your web server. System "flip-open" interrupt triggers power-off, clearing memory contents.

You get sensitive data, target gets a free DS. Win-win!

I've gotten up to a few fun projects this year.

CompactFlash in-dash mp3 player - yeah, you can get off-the-shelf CF players cheap these days, but mine's 100% homebrew, made mostly from spare parts left over from a handheld data logger project.

Temperature & Humidity-controlling terrarium - for growing highland Nepenthes, certain orchids, other plants with very specific requirements. Since the writeup, it's gone to microcontroller Peltier heating/cooling and an ultrasonic mist generator instead of aquarium pump for humidity.

PS2 Rez Trance Vibrator - as popularized by the well-known GameGirlAdvance article. They're no longer in production, so I reverse-engineered someone's reverse-engineering and (forward-engineered?) made my own.

The TrashAmp - subwoofer and amplifier built entirely out of things found curbside on trash night.

In college, I made a VCR internet-ready. Some friends and I had started sort of an underground newspaper, and as it gained popularity there was talk of running our own pirate TV programming over the dorm cable network. One of the group had access to the hub room where the coax feed to the dorms was generated (mainly from satellite tuners) and assigned to channels. Our programming was to take over the useless "information channel" (scrolling text marquees for events that had already come and gone, etc.) after midnight with prerecorded student-created shows and B movies. I had a shitload of classes that semester though and couldn't stay up past midnight every night to start playback, so I wired together some transistor drivers from the VCR buttons to the parallel port of an old 486, so that it could be remotely controlled via ethernet by a script.

I've gotten up to a few fun projects this year.

CompactFlash in-dash mp3 player - yeah, you can get off-the-shelf CF players cheap these days, but mine's 100% homebrew, made mostly from spare parts left over from a handheld data logger project.

Temperature & Humidity-controlling terrarium - for growing highland Nepenthes, certain orchids, other plants with very specific requirements. Since the writeup, it's gone to microcontroller Peltier heating/cooling and an ultrasonic mist generator instead of aquarium pump for humidity.

PS2 Rez Trance Vibrator - as popularized by the well-known GameGirlAdvance article. They're no longer in production, so I reverse-engineered someone's reverse-engineering and (forward-engineered?) made my own.

The TrashAmp - subwoofer and amplifier built entirely out of things found curbside on trash night.

In college, I made a VCR internet-ready. Some friends and I had started sort of an underground newspaper, and as it gained popularity there was talk of running our own pirate TV programming over the dorm cable network. One of the group had access to the hub room where the coax feed to the dorms was generated (mainly from satellite tuners) and assigned to channels. Our programming was to take over the useless "information channel" (scrolling text marquees for events that had already come and gone, etc.) after midnight with prerecorded student-created shows and B movies. I had a shitload of classes that semester though and couldn't stay up past midnight every night to start playback, so I wired together some transistor drivers from the VCR buttons to the parallel port of an old 486, so that it could be remotely controlled via ethernet by a script.

I've gotten up to a few fun projects this year.

CompactFlash in-dash mp3 player - yeah, you can get off-the-shelf CF players cheap these days, but mine's 100% homebrew, made mostly from spare parts left over from a handheld data logger project.

Temperature & Humidity-controlling terrarium - for growing highland Nepenthes, certain orchids, other plants with very specific requirements. Since the writeup, it's gone to microcontroller Peltier heating/cooling and an ultrasonic mist generator instead of aquarium pump for humidity.

PS2 Rez Trance Vibrator - as popularized by the well-known GameGirlAdvance article. They're no longer in production, so I reverse-engineered someone's reverse-engineering and (forward-engineered?) made my own.

The TrashAmp - subwoofer and amplifier built entirely out of things found curbside on trash night.

In college, I made a VCR internet-ready. Some friends and I had started sort of an underground newspaper, and as it gained popularity there was talk of running our own pirate TV programming over the dorm cable network. One of the group had access to the hub room where the coax feed to the dorms was generated (mainly from satellite tuners) and assigned to channels. Our programming was to take over the useless "information channel" (scrolling text marquees for events that had already come and gone, etc.) after midnight with prerecorded student-created shows and B movies. I had a shitload of classes that semester though and couldn't stay up past midnight every night to start playback, so I wired together some transistor drivers from the VCR buttons to the parallel port of an old 486, so that it could be remotely controlled via ethernet by a script.

I figured the /. crowd would get a kick out of my jack-o-lantern this year. The realistic lighting is powered by a bundle of six RGB LEDs, each individually controlled by its own tiny PIC10F200 microcontroller - so technically my pumpkin is pulling 6 MIPS right now :-P (The 'flickering' pseudorandom table is generated with the blue channel all 0s, and the green limited to about 3/4 the intensity of the current red value so that it can only produce a flame yellow and not a sickly green...)

So, wait. Webmasters are ignoring XHTML, so they're going to roll out yet another dialect of HTML that forgoes the advantages of XHTML, but slowly becomes XHTML-like, and expect everyone to suddenly flock to it?

Sure, as a webmaster, I can follow XHTML rules for any new page or script I write - for someone who already writes correct HTML, the nuances are not substantial. Tell a webmaster about the existence of the </p> tag and you're a third of the way there. But do they really expect I'm going to go back and rewrite all those pages I wrote back in '99? Where does the W3C get off remotely invalidating something that was correct when people wrote it, and expecting them to "fix" it? As long as browsers will correctly render old HTML, old HTML will persist.

So, wait, a free content-hosting company is starting to act like a free web host (1999)? The shock!

Thanks for summarizing TFA; I kind of figured before bothering to click that it was going to be some random blogger saying basically that they all sucked.

I don't own an ipod, but is it really true that after 4 generations of them, there still is no non-kludged way of passing control messages to/from a HU? Modulating song title data over FM, what are they smoking? The thing has not only USB and firewire pinouts on the dock port, but a bidirectional serial interface too.

Hell, I just "integrated" my own homebrew CompactFlash mp3 player (linky) into my dash, using the magic of line-in. The old Pioneer HU in my car has an IP-BUS dataport on the back that can send and receive commands (button presses, title display data)...if I were ambitious (I'm not), I could tie them together with a $2 CANbus level translator.

I think one of the child posts hit it on the head; it seems the ideal ipod integration hardware is Velcro and a line-in.

What is less clear is if this is intended to apply to people VIEWING livejournal content. After all you aren't even really acting as a livejournal user when you do this you are just reading someone's blog.

DNS is nearly impossible to maintain competitively, and naturally the participants will not want to exert any extra effort over what is required to secure their own personal profit.

The problem here is that while there is basically an infinite supply of domain-space (ignoring the quality difference between domains, say sex.com vs afj32f3-f3fanee.ffff12), and thus there could be an infinite supply of domain-space sellers, the infrastructure required to support this is currently non-existant as well as being outside of the control of the would-be domain-space merchants.

Take, for instance, http://www.new.net/ who already offers a domain-space alternative to the government run ICANN monopoly. As far as I can tell they have failed to convince any nameserver software vendor to make the changes to the software necessary in order to support multiple root networks, and instead have turned to rely on modifying Windows's TCP/IP stack (which has been known to break it badly enough to deny all internet access) and which has apparently installed adware in the past (see http://www.cexx.org/newnet.htm ) in order to support their alternative domain system.

Having 10 separate root networks might be cool to try, but in practice, you might get lucky if two or three become popular enough to convince a majority of the ISPs to configure their nameservers to attempt to relay to them (I suspect that the current ICANN situation will convince nameserver vendors to change their code where new.net failed). The remainder will then have to feed off of the suckers... send out mail saying that if they don't buy slashdot.org on foonic, then they'll sell it to someone else and who knows what will happen then (though with 1% of the resolution market, the answer is "probably not much"). Of course, this assumes that an "msnic" doesn't appear, charge $1 per domain for registration, take the world by storm, then turn around and demand that if ISPs want their clients to resolve the most popular domains in the world, they'll have to sign contracts banning them from allowing their clients to resolve using any other network. Afterwards, renewal on those $1 domains will be $50.

More often than not these days, the real tough buggers have randomly generated process names. Here's how I clean a machine:

Tools required:

Process Explorer(procexp) from http://www.sysinternals.com/
autoruns.exe from the same, or hijackthis.exe from http://www.merijn.org/
Any good virus scanner(McAfee's Enterprise scanner is decent. Use a simple scanner if possible, not a scanner/firewall/spam filter/personal servant. It will be generally be faster and simpler.
Ad-Aware from http://www.lavasoft.de/
LSPFix from http://www.cexx.org/lspfix.htm/
Updated Stinger from McAfee http://vil.nai.com/vil/stinger/
Experience enough to know valid windows processes and files.

Have all of this on a USB drive or CD. Will probably fit on a 64mb drive, unless your virus package is bulky.

Boot to safe mode

Start Task Manager or Proc Explorer and kill anything that doesn't look good, or everything that you know isn't part of windows. You could go to Control Panels:Admin Tools:Services and stop all services first, this will narrow the field.

Run Stinger, just let it scan memory and running apps. Don't wait for it to do a full system scan.

Run Ad-Aware, do the same. Just trying to ditch bad things that are actually running.

If you've gotten this far in 15 minutes, the machine probably isn't in too bad of shape. Dump all temp files, c:\temp, c:\winnt(windows)\temp, c:\documents and settings\username\local settings\temp, c:\documents and settings\username\local settings\temporary internet items

Update virus definitions and do a full scan. Latest SuperDAT from McAfee or Definitions from Symantec or whoever you use, should also be put on the USB drive or CD.

So, virus scan didn't deal with it, or couldn't stop/remove it? This is where it gets tricky and completely manual. This is the point where most people give up, since you really need to know what should be where in Win2k/XP/2k3. I'm really not thinking of 95/98/Me, if those are hosed just wipe it clean and move to XP home for $99-199

Run HiJackthis and look for gremlins. This tool really requires an eye for what is supposed to be there, but pay special attention to startup objects and BHOs(Browser Helper Objects aka evil Internet Explorer plugins)

Add/Remove programs. Go through it with the client. Anything they don't recognize, or know they don't need, ditch. This can be risky, since people forget, but compared to a reinstall . . .

Now for the real manual part . . .

Run lspfix and check for foreign entries. There are normally 2-4 LSP's present. I usually only do this if there are persistent network failures.

Check Hosts file at c:\winnt(windows)\system32\drivers\etc\hosts There really should only be one entry in here, for 127.0.0.1 localhost. You may have already checked this with hijackthis

Browse to c:\winnt(windows). Sort by date. On a default install, the file modify dates are going to be a long time ago. If you see anything from within the last few months, get suspicious. Ignore log/text files, but don't ignore those without an extension. Do the same for c:\winnt(windows)\system32 This can be a bit trickier, there are way more files in system32 than winnt(windows), but the same rule generally applies. Anything from the last 3-6 months is suspicious.

Do the same for c:\program files Delete any empty folders that your previous uninstall didn't remove. You should have an idea what is supposed to be here, after doing Add/Remove programs, so hack and slash the folders that you don't think belong.

In one of these deleting sprees you are sure to find something bad that won't let itself be deleted, usually a .dll that is registered and can't be removed. Never fear! Write down the .d

How did the PhoenixNet BIOS, that had spyware or adware or whatever that it installed when you booted windows, pull it off without appearing as a drive to windows?

I'm still a little surprised that UBCD for Windows (its a full featured Windows boot disk creation toolset) hasn't caught on more then it has.

I'm assuming you're trying to be silly even mentioning hash checking, because that would be overkill for the average desktop users (but certainly something you'd have already done on a production system, and there are plenty of tools for that already).

Just the boot disk should do fine for most peoples needs: from it run your AV (its always a good idea to run a second scan using another program, 3 were provided last time I checked) and run your AW scan (I don't recall if it includes more then one). Another good idea is running a tool like Cexx's lspfix which can be used to remove unwanted software directly from you TCP/IP stack (which of course means if you don't know what your doing you can ruin your stack).

99% of the average computer users problems can be solved with that toolset alone.

Of course your right, the correct procedure does start with shutting down the compromised system but after that most windows users can stick to a road more frequently traveled. :)

It's about as deceptive as any other spyware/malware crap in existance. It commonly installs itself using "drive-by-downloads", monitors EVERY site you visit and sends those back to Claria, pops up windows on random intervals or when you visit a competitors site, and other very questionable tactics.

It can also be very difficult to remove once your system is infected (The actual "Gator" part isn't _that_ hard to uninstall, but the spyware part of it, called GAIN, buries itself very deep).

See here for more info, or just do a google search for Gator or GAIN.

One one hand, spyware is some pretty evil stuff. There are little weasel programs I've spent quite a bit of time trying to get out of systems.

On the other hand, I get paid to do that. I just did one small company with 5 computers that was literally shut down because they couldn't do anything on their systems. Spyware is a problem on just about every single "joe average" computer that I have seen lately. The problem, of course, is going to get worse as long as Windows continues to allow users to run with privileged access by default.

I don't feel like going into a Microsoft rant - I'm sure it would be preaching to the choir anyway. I would like to share effective tools in my warchest for cleaning out spyware -

Ad-Aware - My favorite anti-spyware program right now. Gets about 95% of baddies.

HiJack This! - Cleans up anything that Ad-Aware may have left behind. It scans all startup regkeys, services, and BHO IE extension keys and lets you select which ones to nuke. BE CAREFUL, it lists both the good and the bad. If you don't know what a process is, google for it before you remove its key.

There are many other useful tools on this download page as well, like LSPFix. This program will fix the mess left by programs that mess with your TCP stack, such as New Net, whos manual removal can disable your Internet access completely.

Pocket KillBox - You know those processes that come back from the dead after you kill them? Can't delete the EXE because it's locked in both normal and safe modes? Pocket Killbox is what you need. If it can't delete the file outright, it can temporarily end the Explorer task and try it that way. If that doesn't work, it can use Windows' replace-on-reboot function to swap the EXE with a dummy file on the next reboot. Very handy for getting rid of the most nefarious of processes.

Spyware Blaster - Pre-emptive spyware prevention. The interesting thing about this program is that it doesn't remain resident in memory. Instead, it writes files and regkeys to your system that prevent the spyware from installing. Adding and removing protection can be done in one click.

Pasty

http://cexx.org/dakota/pv2.htm

Might... get one myself..

Come on, the Bastard GeoSysadmin did that in 1998.

No, there's no truth to that rumor :-)

Your imagined application sounds just like the Cue:Cat ;^)

There is a utility that already exists to remove some of the new kernel level Malware utilites out there. It is referred to as LSPFIX. The home website for this is:

http://www.cexx.org/lspfix.htm

This utility allows you to see what network level drivers are loading into the kernel. I've had to use this utility to strip Malware off of several client systems. Be very careful, if you pull out a legitimate network driver, you will permanently damage your network settings.

It's either the network connection itself (especially on dial-up/ISDN/xDSL) or the server. So, fine.. if I use a browser which takes half a second longer to render a page, so what. I've just waited 30 seconds to get half a page from an overloaded server which lives on another continent. Curious that such other limitations should go without mention at the home of the Slashdot Effect.

if i was still on of their customer i wouldn't expect an free antipsyware/antivirus from microsoft, but nothing less than to correct the problem at its source, and do what we should reasonnably expect from them: give the security the priority it deserves.

for example the network stack shouldn't be so easily parasited by spyware like new.net, that can break your internet connection when you remove them.. unsurprisingly the only tool that i could find to handle this wasn't from MS: LSP-Fix.

what is waiting MS to correct such design flaws ?

unfortunately most people don't know much about these issues, and i guesse these products won't get the boycott they deserve.

If you install Kazaa with MS Antispyware running, it will install all of the spyware, but MS Antispyware will pickup about half of the spyware immediately after installation. To get rid of the rest, a thorough system spyware check will kill it.

It's important to note that while you can kill the spyware bundled with Kazaa, if you modify the Cydoor installation, then Kazaa will cease to function.

Here is a good website if you want to install "dummy" files to trick Kazaa and other adware software into thinking you have the spyware on your system, but really don't.

you can neuter most cydoor apps using the dummy cd_clint.dll files from here. Using these, the apps will still run but no more ads! My boss had installed a GRE word prep program and it didn't work after I cleaned up with AdAware (kept saying cd_clint.dll not found or something). I replaced it with this and everything was a-okay!

Your camera already works, so why fix something that's not broken? I couldn't imagine tinkering with the code or hardware of a late-model digital camera -- it'd be way too complex. Most of the functions are probably implemented in hardware, too, so modifying any sort of firmware is unlikely to get you anywhere. The level of integration is sure to be extremely high.

The only cameras that have been looked at and disassembled are the Dakota Digital/CVS "one-time-use" cameras. It's because they're cheap, and hold the promise of extended reuse. They don't have very many features, and probably can't have any more added to them. The attraction is the challenge of breaking a "closed" system, and getting something for (close to) nothing.

The original blue Dakota was based on a custom Sunplus chip. So far there's been one modified firmware release that fixes bugs and extends the picture limit. This model has been discontinued, however. More info here, here, and here.

The newer models have been looked at in depth as well, and they're based on SMaL chipsets. So far methods of reading and writing have been uncovered, and a method of downloading pictures via hacked drivers is documented. The eventual goal is a GPL driver and sofware, and possibly firmware upgrades. Current progress here, and background info here and here.

Your camera already works, so why fix something that's not broken? I couldn't imagine tinkering with the code or hardware of a late-model digital camera -- it'd be way too complex. Most of the functions are probably implemented in hardware, too, so modifying any sort of firmware is unlikely to get you anywhere. The level of integration is sure to be extremely high.

The only cameras that have been looked at and disassembled are the Dakota Digital/CVS "one-time-use" cameras. It's because they're cheap, and hold the promise of extended reuse. They don't have very many features, and probably can't have any more added to them. The attraction is the challenge of breaking a "closed" system, and getting something for (close to) nothing.

The original blue Dakota was based on a custom Sunplus chip. So far there's been one modified firmware release that fixes bugs and extends the picture limit. This model has been discontinued, however. More info here, here, and here.

The newer models have been looked at in depth as well, and they're based on SMaL chipsets. So far methods of reading and writing have been uncovered, and a method of downloading pictures via hacked drivers is documented. The eventual goal is a GPL driver and sofware, and possibly firmware upgrades. Current progress here, and background info here and here.

PIC18LF452 running at 20mhz (For v2 the crystal has been changed to 29.4912MHz

But.....but....mine plays 320Kbit/s at 8MHz! :-P

Sorry to reply to myself, but I remembered where I saw it right after posting. Here's the text of the law.

I saw it during the CueCat fiasco. Quick recap: the company was pissed that people were reverse-engineering the things, so they tried to claim that the ones they sent unsolicited in the mail were still their property, and hence, the recipients did not have rights to do as they pleased with the devices.

Further thoughts: my original idea might have been wrong, since the company could have an argument that you requested the item. But who knows.

The reply-to-self isn't for extra karma, so please don't mod this post up at all. Look, I even checked the 'no karma bonus' box.

OKAY I'M DONE NOW.

Plain and simple, I think spyware is one of the nasty parts of computing/the internet that should be illegal and carry heavy fines (which is how I feel about spam as well).

Since it's unlikely that governments will take time out of their busy lives trading and selling each other's votes on porkbarrel bills, I'd hope that they'd at least set some guiderules for it..

- The EULA should be required to be understandable by a user with a 6th grade reading comprehension level. No legalese.

- In the EULA, they must specify

a) Exactly what data is collected and how,
b) which domains/companies this data is sent to,
c) Anyone they share collected data with
d) Which servers/domains the spyware opens connections to.
e) A valid physical address of the company, to file claims or complaints.

- Spyware should not be allowed to change the user's homepage.

- Spyware should NOT be allowed to be bundled with another program, in such a way that installing the software automatically installs the spyware without giving the user an option.

- By default, spyware should be "unselected" during install if bundled with another application.

- Spyware companies should be required to be bonded, and should be required to have enough cash on hand/on deposit to pay for any violations of the rules

- There should be a HUGE fine if removing the spyware destroys any part of network connectivity. There have been SO MANY times that removing spyware on a client's machine has completely destroyed IE's ability to browse, or destroyed the TCP/IP stack itself. I can't tell you how many times TCPFix has saved the day..

Anyway, for those of you who've had AdAware partially remove spyware (and thus bork the machine), or for those spyware programs that do a great job of destroying networking while they uninstall themselves, the following utilities are extremely useful.
TCP Fix: Win9x or if the TCP fix doesn't solve it, sometime's it's a LSP issue: LSP Fix. One of those two has never failed to restore a broken network connection after cleaning up spyware. It's useful to have them in your tech toolkit cd... -J