Slashdot Mirror

Take 30 minutes and do this, never get infected AGAIN (on Windows no less), ever, & most certainly NOT in 12 minutes time as was said here recently & I posted this for those that have been victims because it works...

Don't get yourselves infect, not again, ever!

APK Online Security 20-points basic checklist. A combination of things really, layered security is the idea!

DETAILS:

http://www.avatar.demon.nl/APK.html [demon.nl]

SUMMARY:

1.) IP Security Policy in place for adbanner servers blocking OR other "undesirable" IP addresses.

2.) A custom adbanner blocking HOSTS file with 35,000++ entries in it with known banner ad servers in it (which have been shown in some cases even as bearing malicious javascript etc. in them as well as just plain slowing you down as you surf the web by calling out to DNS' servers for URL to IP resolution & loading their remote data).

* This HOSTS file is at the URL above for public consumption/download so anyone can "have @ it"... apk

3.) Tcp/IP filtering @ the IP Stack levels (UDP & TCP) allowing ONLY port 80. Need others? Open then up, this is all I need personally here.

4.) Using up to date AntiVirus & AntiSpyware.

5.) Using .PAC file proxy filters in all web-browsers vs. adbanners & such.

6.) IE Restricted Zones (added to via .reg files which the first body of code in the HOSTS file I use is prepped for the .reg filedata for via a program I built in ObjectPascal delphi console mode ripping away the URL from the 127.0.0.1 loopbacks I equate adbanner servers to, etc. & then insert these here and into IPSecPols also).

7.) Custom adbanner filtering Cascading Style Sheets in webbrowsers when possible (via Opera).

8.) ZoneAlarm Pro or Native Windows Firewall. ZA is the better overall, the Windows one works though.

9.) Disable Java-javascript &/or ActiveX-activescripting in your webbrowsers.

Sorry webmasters, but too many holes popup here and ONLY IE gets that enabled here for Windows Update really only or sites that "demand" I use either.

10.) Making sure the Operating System is up-to-date/fully hotfix or service pack patched.

11.) Disabling uneeded services (especially remote oriented ones, e.g.-> Remote Registry) gaining not only memory & CPU cycles back, but also security:

Microsoft is even into this one now, evidenced by Windows Server 2003 Security Configuration Wizard run by the installation of SP #1 final onto it.

(I've been doing it for YEARS now, better than a decade since Windows NT 3.51 in fact: It WORKS!)

12.) Using restricted Registry &/or FileSystem ACL rights to disks/folders/files + Registry Hives.

13.) Amending secpol.msc & gpedit.msc security polices local to my system for better security.

14.) Using User-Rights & restricting them to my usual logged on user & the system entity SID itself only on most rights, denying all other groups.

15.) Applying registry hacks known to fortify the system BOTH remotely & locally per Microsoft guides for this on Windows Server 2003 for "OS Hardening" &/or "Tcp/IP Hardening".

16.) Being sure applications are up-to-date & patched current as well.

17.) Lastly here, by using a LinkSys BEFSX41 "NAT" & true CISCO technologies based stateful-packet-inspecting firewall router!

18.) Disabling NetBIOS over Tcp/IP & stopping Client for Microsoft Networks (all you need to get online IS Tcp/IP).

However, Ms Lans need these for file and printer sharing and networking properly/fully. THIS changes on LANS, but can be secured better than the default so IF you need it? Patch/harden for it IF you have to use it.

19.) ADDITIONALLY:

RUNNING IE in a "runas limited user class" sandbox effect, is possible -

It is actually possible to run IE securely

That's why the detailed URL is in it, the 20 steps are SUMMARY...

HOWEVER, the detailed part (actually called DETAILS in my first post)?

Is one of the FIRST things I posted:

http://www.avatar.demon.nl/APK.html

* That's as EASY as I know how to make it, & tells you what tools to use, how to do each step, etc. IN DETAIL... many folks cite & quote from it online & have used it, and wrote me in thanks etc. because they're NOT having to go to the local "Mom & Pop Shop"...

That same "mom & pop shop" that survives lately on yes, cleaning out the infections, or just grabbing their data & doing a reinstall... but does NOT show folks how to avoid this b.s. like malware/viral infections, etc. because... it keeps them in business.

Do what my 20 summary points note, by following the detailed steps from that URL?

You'll never get burnt again... unless, you do something STUPID like click on email attachments sent by those you don't know, etc. & the like which are in actuality, macro infectors etc.

APK

http://www.avatar.demon.nl/APK.html

A.) Want to filter your XP Tcp/IP stacks some more & be more secure online by filtering packets @ the IP Stack level?

Go to your network connection properties via Control panel called "network & internet connections":

1.) Use the Network Connection item
2.) Right-Click on the connection itself, & from the popup-menu, select properties
3.) Under the "This connection uses the following items" section window, hi-lite 'Internet Protocol (TCP/IP)'
4.) Click the Properties button
5.) Click the Advanced button
6.) Use the Options tab
7.) Hi-Lite Tcp/IP filtering
8.) Click the Properties button
9.) Now, in the TcpPorts section, Tick off/Click the 'Permit Only' checkbox-radio button
10.) Under there, use the Add button to Add the ports you ONLY want to come thru (I only allow 21 for FTP servers I might run or port 80 for HTTP... add what you need to let come in on an as-needed basis for what you run)
11.) In the IP Protocols section, Tick off/Click the 'Permit Only' checkbox-radio button
12.) Under there, use the Add button to put in the number 6

* A simple "12-step" program to heighten the effectiveness of the Internet security of your machine online!

(UDP Ports can be filtered as well & right now? It's my belief using IP protocol 6 only does this! You could add IP protocol 17 (which is UDP) to the IP section as well. If you want to add UDP specifically allowed filters (since it is my belief it is already ALL UDP packet filtered since I only allow IP protocol 6 thru which is Tcp packets only in the IP section)?

You would add IP protocol 17 in the IP Section, as well & any ports for the UDP you want to allow in the UDP section checking off either ALLOW ALL, or Allow Only & adding ports you wish to come in!

This takes some research & doing with your ISP or with games as many use UDP since it is the fastest NET based protocol since it uses no return validation of packets sent as Tcp/IP does... ISP's for cablemodem providers often use ports like 53 in the 'known ports' category for communications with your system & higher ports like the 60000 range also! BUT, it can be strengthened as well, but takes some research & trial & error testing with your ISP!)

See, I found that many level #1 support techs aren't aware of this & many Tier #2-3 ones aren't either... hence, why I stated it can be VERY trial & error on your part but worth it! But, it is a PAIN trying & retrying it to get it right... but it can be done!

There you go!

APK

Take 30 minutes and do this, never get infected AGAIN (on Windows no less), ever, & most certainly NOT in 12 minutes... not again, ever!

APK Online Security 20-points basic checklist. A combination of things really, layered security is the idea!

DETAILS:

http://www.avatar.demon.nl/APK.html

SUMMARY:

1.) IP Security Policy in place for adbanner servers blocking OR other "undesirable" IP addresses.

2.) A custom adbanner blocking HOSTS file with 35,000++ entries in it with known banner ad servers in it (which have been shown in some cases even as bearing malicious javascript etc. in them as well as just plain slowing you down as you surf the web by calling out to DNS' servers for URL to IP resolution & loading their remote data).

3.) Tcp/IP filtering @ the IP Stack levels (UDP & TCP) allowing ONLY port 80. Need others? Open then up, this is all I need personally here.

4.) Using up to date AntiVirus & AntiSpyware.

5.) Using .PAC file proxy filters in all web-browsers vs. adbanners & such.

6.) IE Restricted Zones (added to via .reg files which the first body of code in the HOSTS file I use is prepped for the .reg filedata for via a program I built in ObjectPascal delphi console mode ripping away the URL from the 127.0.0.1 loopbacks I equate adbanner servers to, etc. & then insert these here and into IPSecPols also).

7.) Custom adbanner filtering Cascading Style Sheets in webbrowsers when possible (via Opera).

8.) ZoneAlarm Pro or Native Windows Firewall. ZA is the better overall, the Windows one works though.

9.) Disable Java-javascript &/or ActiveX-activescripting in your webbrowsers.

Sorry webmasters, but too many holes popup here and ONLY IE gets that enabled here for Windows Update really only or sites that "demand" I use either.

10.) Making sure the Operating System is up-to-date/fully hotfix or service pack patched.

11.) Disabling uneeded services (especially remote oriented ones, e.g.-> Remote Registry) gaining not only memory & CPU cycles back, but also security:

Microsoft is even into this one now, evidenced by Windows Server 2003 Security Configuration Wizard run by the installation of SP #1 final onto it.

(I've been doing it for YEARS now, better than a decade since Windows NT 3.51 in fact: It WORKS!)

12.) Using restricted Registry &/or FileSystem ACL rights to disks/folders/files + Registry Hives.

13.) Amending secpol.msc & gpedit.msc security polices local to my system for better security.

14.) Using User-Rights & restricting them to my usual logged on user & the system entity SID itself only on most rights, denying all other groups.

15.) Applying registry hacks known to fortify the system BOTH remotely & locally per Microsoft guides for this on Windows Server 2003 for "OS Hardening" &/or "Tcp/IP Hardening".

16.) Being sure applications are up-to-date & patched current as well.

17.) Lastly here, by using a LinkSys BEFSX41 "NAT" & true CISCO technologies based stateful-packet-inspecting firewall router!

18.) Disabling NetBIOS over Tcp/IP & stopping Client for Microsoft Networks (all you need to get online IS Tcp/IP).

However, Ms Lans need these for file and printer sharing and networking properly/fully. THIS changes on LANS, but can be secured better than the default so IF you need it? Patch/harden for it IF you have to use it.

19.) ADDITIONALLY:

RUNNING IE in a "runas limited user class" sandbox effect, is possible -

It is actually possible to run IE securely: just create a throwaway restricted user account for IE use alone. The restricted account user can't install software and can't access files of other users, so even if IE autoexecutes any nastiness, it can't do any damage.

Of course, it's a hassle to

"FreeBSD underneath - You say this as if it's a tiny feature; more evidence you know very little about OS X, and FreeBSD. I have access to virtually all of the command line programs on most linux distros, even apt-get!"

Nice, nice, this I can agree is a benefit... provided you know how to port the code over if needed correct? I mean, if time showed me ANYTHING about Unix code, & C even...? Universal portage & instant run is largely a fantasy, some work IS involved... heck, even between Linux variants @ times!

"Many linux programs are easily runnable along side OS X apps using X11. Simply put, the Terminal application in OS X blows the "Command Prompt" in windows away."

Mebbe... what about Windows Shell Scripting? Are the development tools the equivalents of say (my fav) Borland Delphi?

(RealBasic might be, this is a NEWLY released language that afaik? Creates TRUE, non-interpreted apps (single.exe w/out runtimes) on Windows, Linux & Macs...)

"Security. I don't have the link on me but it's been shown that OS X and other FreeBSD derivatives are the most secure operating systems on the planet."

No, it means they are LESS attacked, because there is less of them out there... Macs, as nice as they are currently (this I can agree upon because I like the FreeBSD underpinnings & Aqua), present less surface area to attack... there aren't as many out there, due, imo, to their cost.

You can secure Windows 2000/XP/2003 Server EXCELLENTLY & EASILY, if you know how its done... takes about 1/2 hour tops with notepad.exe & regedit.exe...

"There was an article on slashdot a few months ago about this, but I'm too lazy to search for it. Windows security... heh, oxymoron."

Again, no oxymoron. It's simple to do, see here:

http://www.avatar.demon.nl/APK.html

That's ALL you really need to do, & it doesn't take more than 1/2 hour to hack in.

"iApps - Free. Buy a mac and get many aplpications for free (iMovie, iPhoto, iTunes, GarageBand, Mail, etc). If you've actually used these, you'll realize how great they are. They're not simply little toys, but they are real, near-professional quality applications that can do amazing things. Get a windows box, and you will have none of this (Windows Movie Maker, a poor rip off of iMovie, is so crappy it does not count)."

Hmmm, mebbe. I have to admit, I was impressed with MacOS X's native IP toolset for instance. BUT, imo, Windows has way, WAY more software available for it that works & is of professional software OEM quality even in the shareware/freeware world.

Why? RAD tools like VB, Delphi, & C++ Builder... they make it possible to learn to code alot simpler than (imo) tools that existed on & for the MAC until RealBasic showed up recently.

Plus, the monetary incentives' the largest to learn to code for Windows via Win32 API or even .NET... why? 90% of the worlds' computers running Windows is pretty good odds of making a buck is why. Money's a POWERFUL motivator.

"Built in Java VM. It makes Java developers happy (like me)."

Well, there USED to be a std. MS JavaVM, until Sun & others raised hell on MS... so, there you go on that account.

"Built in Python. It makes Python developers happy."

Built in Assembler called DEBUG in Windows if you do assembly... built in Windows Scripting HOST too, if you know VB (simplest to learn imo), you've got that too & it's fairly powerful... and batchfiles aren't the joke you made them out to be either... they can be pretty powerful.

"Intelligent file sharing with permissions; in windows you have to go through hell to get this working."

No you don't! It's EASY to get up & running... a simple network client & if you like? You change it to simple file sharing in Explorer, make your shared folder etc. & add users to it that are allowed from remote systems to access them into a valid us

If someone would buy the rights to the 5 series http://www.jarno.demon.nl/psion5.htm/ and update it with a good colour screen (and perhaps wifi) I would get one immediately.

The problem with technical definitions is that it requires someone who is technically competent to apply them. The US has only recognized Aspergers at all only very recently. (It was identified in the 1940s, I believe, but not diagnosed outside of "Old Europe" as a certain politician kindly refers to that part of the world until the 1980s.)

The most practical method of diagnosis is to hang out with autistic people. If you find you think in ways that they can relate to (and vice versa) then you have a working diagnosis. In other words, if it looks like a duck and quacks like a duck, you must consider the possibility that it really is a duck.

Best place to find autistic people is over on Starlink. The Asperger channel is only for people who have been diagnosed, not just self-diagnosed, but there are plenty of other resources there.

I bought a Logitech QuickCam Zoom, which has worked perfectly with the Philips chipset driver available here. Unfortunately, due to political differences between the Kernel developers and the developer of this module (who provided a source provided low-quality driver, and a binary only higher-quality driver), the module is no longer actively maintained. :-( This was already covered here on Slashdot.

You might want to check out Antiword.

I've been using that lately on .doc files and it works great - though I have to admit I haven't tried it on anything very complex yet.

eye-opener worm (RFC):

1. Do the usual spreading (outlook address book has proven effective)

2. Perform the usual tricks to knock out active virus scanners
(I have seen that work on McAfee and AntiVir with my own eyes)

3. Incrementally scramble files on all available network-drives;
every hour or so go and seek the oldest 100 [by access-time] files that
haven't been scrambled yet and overwrite parts of them somewhere in the
middle. Overwrite instead of unlinking ensures the files cannot easily be
"undeleted". Make sure to overwrite with a random pattern (use a *fast*
homegrown RNG, just using localtime() should suffice) to make it a little
harder for virus scanners to identify corrupted files.
The n least accessed files are chosen in order to go undetected for
as long as possible. You may increase the rate of destruction to something
like "pick the last 1000 files" when the system clock says "it's Saturday".

3a. Send some of the files via E-mail to random recipients from
the address book every now and then. Prefer .xls and .doc for
broadcasting. Send the scrambled version (no free backups here) or
implement a very simple version of antiword to extract the meat and
send as plain ascii.

4. Start performing the same procedure on the local harddrive only after the
network volumes have been >50% done with. Only go for "My documents" and
such, do not scramble system files in order not to kill your host.

5. Last stage (when done with everything) would be the great haikiri -
overwrite local drives.

The various mechanisms would ideally be balanced out so that complete
obliteration of a company network happens in approx. 4 days.
The worm would be set free on a friday night (EST) in multiple
locations.

This description was only for educational/research purpose and I do not encourage anyone to do such a malicious thing.

Becasso for BeOS does this - http://www.sumware.demon.nl/products/becasso/

And another one, as seen from Mozilla 1.7.3 in Mac OS X: http://www.inlv.demon.nl/temp/sco-defaced.png

With VLC's Server, you can have it record to the hard drive in a higher-quality format and also have it lower the FPS and stream it to your VLC from anywhere (firewall rules notwithstanding). You can tell it to turn off the audio to save disk-space/bandwidth (depending on if you're recording or streaming). I typically used the msmpeg4 codec for streaming because it's the smallest (bandwidth) and highest quality video codec at about 5 FPS for my security project. It worked rather well, and there was enough USB bandwidth to capture from 4 cams on the same USB port with a USB hub.

It's just something worth checking out! I know it worked for me, and if I had a child, I know I'd be setting one of these up in my place! =) Take care!

- Insolence

What about the lovely Antiword app?

I hate to open OpenOffice/Abiword just for read a shity text writen for a moron in Microsoft Word, Antiword cut the bloat and show me just plain text :-D

Try it and be happy

Saludos amigos \o/

For the overly, overly religious; (666) 666-6666.

I think my ISP might appreciate a call like that. :)

For those who don't know what this is all about...

It's all about how to obfuscate baby!

Actually I have been thinking about solid state drives for quite some time now. Here's what I came up with the last iteration :

You are pretty much just as well off with a nice tight SATA RAID 5 array. Tom's ran a recent article on throughput for SATA RAID 5 arrays and found that at 6 drives (using those bad ass high end Raptors, I'm guessing) he could break through the 200 megabytes per second sustained transfer rates. About 4-5 times what you and I get on a daily basis from our regular ATA-100 hard drive (which was to be expected, given the number of drives in the array.) A single person on a single machine doing single (or simple multi) tasking isn't going to notice much difference in performance between that and a RAM drive. Some, yes, but almost negligible. The only way the additional performance gains from RAM make sense is multiple users doing radically different things - this would have the drive array thrashing around trying to do all those different things but RAM seek times are effectively zero.

You really wouldn't get the incredible boost in performance you are imagining, simply because hard drives are already pretty fast and approaching the point where they are no longer the bottleneck.

Look here for a review from a little over a year ago. He got all excited about the differences he saw, but in reality many applications didn't show a noticable difference.

Don't get me wrong - I am going to keep trying, as this is a never ending quest ... but solid state drives aren't the holy grail of computing.

If you want to experiment with solid state drives, check out Cenatek's Ramdisk. Cost you $69 (they may have a free timed demo, I'm not entirely sure) and you can use it to convert your system RAM to a Ramdrive = solid state disk. If you like what it does, just throw more memory in your computer and go for it. If you can find a way to really speed up your system, be sure to share it with the rest of us ($69 is dirt cheap if you can figure out a way to get a 20% boost in performance - but you would need a bunch of RAM to take advantage of it.

One ironic twist is that LavaRnd used only the PWC (open source) module. We did NOT use the PWCX (binary-only) module. Our hotplug script did an rmmod of the pwcx module. We discovered that the PWCX module reduced the entropy that the webcams provided. The PWCX module, when loaded, made webcams a poorer entropy source.

LavaRnd used the entropy provided by the actual hardware. Our analysis showed that PWCX was in effect "faking" the larger image sizes by taking, say the true 160x120 pixel CCD output and expanding it to something like 640x480. The expansion was as if a 2D smoothing function (such as a 2D spline?) filled in the pixels in between. Each of the original 160x120 hardware pixels was turned into a 4x4 pixel grid where the edges of the grid were adjusted to fit better with neighboring 4x4 pixel grids. The PWCX appeared to support a higher frame rate because the PWCX module "decompressed" the true hardware pixels and filled in the pseudo-pixels on the other side of the USB wire.

We discovered the PWCX effect while taking entropy measurements of webcam frames. Using PWC alone in 160x120 mode, the webcam produced slightly more entropy than 640x480 PWCX mode. The PWCX module was not adding real image data to webcam frames, it was just smoothing and filling in data that looked good enough to a human. However, PWCX could not fool the math ... :-)

The PWC maintainer says on his web site:

" and I'm going to request (well, demand) that PWC will be removed from the kernel tree.''

The PWC maintainer's position appears to be that if you cannot use PWCX, then PWC is worthless. From LavaRnd's point of view, PWCX (the binary only module) adds no value and in some ways reduces the Logitech QuickCam's value as an entropy source.

We (LavaRnd) do not want to take sides in this PWC/PWCX kernel dispute. If this posting appears that way, then we apologize. The PWC folks have been mostly patient with our unusual use of their webcam modules. The Linux kernel folks have provided us with a wonderful platform for LavaRnd. As for ourselves, we put a lot of time into helping end users use the PWC module in older kernels.

Here is our advice request:

The LavaRnd project would like to see the PWC (open source) module remain in the Linux Kernel. We would like the Linux kernel folk to not honor the maintainer's request to remove everything. We want the support of PWC without PWCX to continue in the Linux Kernel. What is the best was to make this position / request known to the key Kernel people in the hopes they will PWC as part of Linux?

And does every chunk of the Linux Kernel need an active maintainer? Could PWC remain in the Linux Kernel without the original maintainer's support or would someone such as ourselves need to step up and offer to maintain it?

It wasn't a Blade Runner track. It was a separate track done with Jon Anderson, You can find it in the album Odyssey

...is here (until the real site is back). Have fun.

Allow me to second the suggestion for Motion.

I've quietly run a security camera with Motion in my cubicle at work for a couple of years now. It's picked up lots of interesting things, and cost a bad security guard his job.

Hardware? I've experimented. My current setup is a Logitech QuickCam Pro 4000 on USB. I tried a cheapie BT878 card but wasn't happy with the results. The hardware is a 733 MHz Pentium 3 running a heavily patched and upgraded system that started life as RedHat 7.3.

If things look interesting during the day I use CamStream and mjpegtools to make timelapse videos of the view out my window.

...laura

• Abiword - Word processor, supports .doc, .rtf, GPL.
• Open Office - Whole Office suite, including a database frontend and BASIC macro language.
• Perl - Scripting language
• Python - Scripting language
• Cygwin - UNIX emulator. Can create Windows programs, reliant on a cygwin1.dll.
• MinGW - Port of some of the UNIX utilities (BASH, gcc, vi...) to Windows.
• djgpp - UNIX emulator for DOS.
• Mozilla, Firefox, Thunderbird - Web browser, e-mail client, IRC client, lots more.
• Filezilla - FTP client.
• xchat - IRC client.
• putty, pscp, psftp and others - Telnet/SSH clients.
• Gaim - Client for IRC/Yahoo/MSN/ICQ/AIM and more.
• gzip - Compression (usually better than .zip).
• tar - Extracts/Makes tar archives.
• bzip2 - Totally ace compression (usually better than gzip).
• Info-ZIP - Support for .zip. Good free substitute for Winzip.
• 7-zip - Support for multiple compression formats.
• frhed - Hex editor
• Ext2fs - Several programs for doing Ext2 under Windows.
• Antiword - Converts documents out of the proprietary .doc format.
• MySQL - RDBMS.
• Apache - Web/Proxy server
• sendmail - Mail server
• squid - Proxy server
• freeamp - Audio player
• winlame - MP3 encoder
• cd-ex - MP3/OGG encoder?
• gimp - Very detailed graphics program.
• imagemagick - Graphic manipulation. Provides the 'convert' utility under UNIX.
• freeciv - Civilisation clone.
• gnuplot - Plotting package.
• TightVNC - A fork of VNC, with enhancements.
• RealVNC - The original VNC.
• rdesktop - Access Windows Terminal Services and Remote Desktops.
• Nmap - Well known port scanner.
• John the Ripper - Password cracker. Does NT and MD5.

Yep, that about does it!

Use the Antiword!

Antiword + ps2pdf = word to .pdf converter

camstream is a nice collection of tools for webcams and other video-devices that uses video4linux2. Combining it with some Image Processing Library(gimp?) and a fancier gui should make it a decent enough tool.

One list here of USB webcams supported in linux.

Here you find webcams that need the Philips drivers.

First, go get antiword and elinks
To read HTML under mutt put something like
text/html; elinks -dump-charset 8859-1 -dump %s; copiousoutput; nametemplate=%s.html
inside your .mailcap file and put
auto_view text/html
inside your .muttrc file.

To read word attachments from inside mutt put
application/msword; antiword -m 8859-1.txt '%s'; copiousoutput; description=3D"Microsoft Word Text"; nametemplate=3D%s.doc
and
auto_view application/msword

respectively.
Note that you can even change the default charset in the commands and it works perfectly!!!

M$ Word: In most cases, it's an elephant that is used to squat a mosquito: you don't need such a monster program to type in a small report/question of a couple of pages or an abstract of the project.

Then again, you could also argue that you don't need a monster program like Emacs to type in a small program/email of a couple of pages, either. [1] And yet some people happily use Emacs all day long, just as some people -- a completely non-intersecting group of people, I suspect -- use Word all day long.

I have a hard time faulting anyone for using the tool they've become proficient with, even if sending a 200 word message as a .DOC attachment balloons the content from a couple of kilobytes to several times that, while generally contributing nothing useful. But whatever, there are ways to deal with that.

The bigger problem isn't that Word is bad, but that promoting lock-in is bad. Now that the .DOC format has been roughly reverse engineered, there are a variety of programs that can open it, but it would generally still be better to use .RTF or .PDF for most of these situations. The important thing isn't to have free software applications for working with these formats -- though, obviously, that matters a lot -- but that the formats exchanged are open and portable, so that nobody can get locked into a dead end, either because a vendor discontinued a product or went out of business, or because a free software project has been abandoned and no one has done anything to the source in years.

+++++

Anyway, in the end, it's not always up to the teachers -- sometimes it's a matter of department or school policy, and circumventing it isn't worth the trouble to them.

I had a project in college where we worked for two semesters on a web crawler, and at the end had to make a big presentation to the public about our work. The requirement was that we had to prepare & submit a PowerPoint slideshow, but I felt then & still do that this was entirely the wrong approach, especially for a web based project, so we did a version of the demonstration as a series of HTML slides on our project's web server, showed our faculty advisors that this looked just as good as the PowerPoint slideshow -- and, as a bonus, allowed us to link directly to our project's web front end directly from the presentation -- and after we were done, the slideshow exactly as given would work in anyone's web browser. We were breaking the project rules, but we demonstrated in advance that there were clear advantages to not going with the proprietary format, and so we were allowed to go it our way.

I think this is a reasonable approach. Rather than just throwing a temper tantrum about having to use The Man's tools, demonstrate that an alternative can be just as good, if not better, and make your intentions clear early enough to win over the faculty (or your boss, or whatever). If you don't convince them, you still have time to turn around and switch to The Man's format, but at least you tried, made your case, and let them know that the alternative could have worked; it'll be a moral victory, if nothing else, and maybe next time around you'll get to do it your way.

+++++

[1] "Emacs: For a Brave GNU Word"

Antiword is your friend.

So far, most posts in here have been about binary only drivers provided directly by hardware vendors. My case is somewhat different, yet if I read everything correctly, I could still be affected by all this.

I am the author of the Linux Philips webcam driver, which supports a lot of Philips and Logitecht webcams, and a few others. This driver has been in development for nearly 4 years, has been formally introduced into kernel 2.4.5 and has been in continual support by yours truely ever since the first public release, some 3 years ago. Now here's the catch:

Part of the driver (PWC) is Open Source, even in the kernel under the GPL. With it, you have a functional webcam driver, but there are some limitations; you can't get the full resolution and not as high as framerate as is possible. For that, you need a binary only plugin, called PWCX. It contains decompression routines that allow you to use the cam at its full performance. These decompression routines fall under an NDA and are thus not public. Judging by the number of mails and webvisitors I think this driver has been quite a success. And now this may no longer be possible.

The point is, that by the strict interpretation held by Linus et al. I can no longer make this PWCX driver, thereby depriving a lot of users of a useful bit of hardware. Or at least make it quite a bit less enjoyable. I might as well remove the PWC driver altogether form the kernel then, hmm?

First off, I feel sorry for the thousands of Linux users that use my driver (PWC and/or PWCX) and may no longer be able to do so. Second, I'm getting pissed off beyond measure by this Open Source fundamentalism because it is my driver that may be turned into a worhtless piece of code.

It is my ass here that's on the line; I signed the NDA with Philips and if I goof up and accidently post the decompressor code or fail to protect it properly, I will be the one standing in court, not Linus. Second, I went through all the trouble of getting in contact with Philips, trying to convince them to help the Linux community and indeed they have, and I commend them on that. But they have their reasons to shield some parts from prying eyes (read: competition) and I can't blame them. So that's why there's and NDA and it's even fairly relaxed. Without the NDA there wouldn't even have been a driver.

BTW, Philips spent exactly 2 webcams and a couple of manhours on getting the paperwork done in order to get their product supported in Linux for 3 years across 3 major kernel versions, including online helpdesk. I think that's damn cheap. I cannot count the hours I spent on programming and debugging and tracing intractable bugs, not to mention the time spent in helping users by e-mail. I've also spent many an hour to get this PWCX module crosscompiled to various hardware platforms in order to extend it's Linux usage as much as possible. Now that may appearantly all have been a big waste of time. Thank you very much!

No, it is time to realize for anybody who thinks that the GPL is the Holy Grail of computing that this is not going to work. You cannot force anyone to oblige by a volountary license (because that's what the GPL is: nothing more, nothing less). As I wroting in my piece on tainting the kernel, if you make it any harder for (hardware) vendors to support their product in Linux, they'll drop it like a brick because they don't have to. This way Linux will never gain any real acceptance.

Finally, it's also not very wise to piss off people like me, who are doing their best, and made some small yet clearly apreciated contribution to Linux. I would also rather have a complete Open Source solution, but I'm realistic enough to know that is not possible in this Universe. So I think I've struck quite a good comprise. But if I am being told now: "well, that isn't good enough", I might just throw in the towel in the ring altogether.

- Nemosoft

So far, most posts in here have been about binary only drivers provided directly by hardware vendors. My case is somewhat different, yet if I read everything correctly, I could still be affected by all this.

I am the author of the Linux Philips webcam driver, which supports a lot of Philips and Logitecht webcams, and a few others. This driver has been in development for nearly 4 years, has been formally introduced into kernel 2.4.5 and has been in continual support by yours truely ever since the first public release, some 3 years ago. Now here's the catch:

Part of the driver (PWC) is Open Source, even in the kernel under the GPL. With it, you have a functional webcam driver, but there are some limitations; you can't get the full resolution and not as high as framerate as is possible. For that, you need a binary only plugin, called PWCX. It contains decompression routines that allow you to use the cam at its full performance. These decompression routines fall under an NDA and are thus not public. Judging by the number of mails and webvisitors I think this driver has been quite a success. And now this may no longer be possible.

The point is, that by the strict interpretation held by Linus et al. I can no longer make this PWCX driver, thereby depriving a lot of users of a useful bit of hardware. Or at least make it quite a bit less enjoyable. I might as well remove the PWC driver altogether form the kernel then, hmm?

First off, I feel sorry for the thousands of Linux users that use my driver (PWC and/or PWCX) and may no longer be able to do so. Second, I'm getting pissed off beyond measure by this Open Source fundamentalism because it is my driver that may be turned into a worhtless piece of code.

It is my ass here that's on the line; I signed the NDA with Philips and if I goof up and accidently post the decompressor code or fail to protect it properly, I will be the one standing in court, not Linus. Second, I went through all the trouble of getting in contact with Philips, trying to convince them to help the Linux community and indeed they have, and I commend them on that. But they have their reasons to shield some parts from prying eyes (read: competition) and I can't blame them. So that's why there's and NDA and it's even fairly relaxed. Without the NDA there wouldn't even have been a driver.

BTW, Philips spent exactly 2 webcams and a couple of manhours on getting the paperwork done in order to get their product supported in Linux for 3 years across 3 major kernel versions, including online helpdesk. I think that's damn cheap. I cannot count the hours I spent on programming and debugging and tracing intractable bugs, not to mention the time spent in helping users by e-mail. I've also spent many an hour to get this PWCX module crosscompiled to various hardware platforms in order to extend it's Linux usage as much as possible. Now that may appearantly all have been a big waste of time. Thank you very much!

No, it is time to realize for anybody who thinks that the GPL is the Holy Grail of computing that this is not going to work. You cannot force anyone to oblige by a volountary license (because that's what the GPL is: nothing more, nothing less). As I wroting in my piece on tainting the kernel, if you make it any harder for (hardware) vendors to support their product in Linux, they'll drop it like a brick because they don't have to. This way Linux will never gain any real acceptance.

Finally, it's also not very wise to piss off people like me, who are doing their best, and made some small yet clearly apreciated contribution to Linux. I would also rather have a complete Open Source solution, but I'm realistic enough to know that is not possible in this Universe. So I think I've struck quite a good comprise. But if I am being told now: "well, that isn't good enough", I might just throw in the towel in the ring altogether.

- Nemosoft

Google sez: The Philips driver has multiple camera support.

Remember you'll have to choose the camera based on the 'chipset', not the brand name.

The server is slow and may be totally slashdotted soon, so here is a torrent I made which contains all the 11 screenshots in .png format. Please use this instead of the main webserver. (Read about BitTorrent if you're not familiar with it.)

HTTP handling in kernel mode... well... maybe they got drunk that day

Other developers have gotten drunk too.

(That is one place where Open Source developers can claim MS is copying their "innovation")

What do they win? :)

What will the USA Drug Enforcement Agency think about making cocaine, known on the street as "snow", from potato starch?

Man, you would have figured they'd at least try making a visor first.

Yes well, those of us using more modest and affordable kit rather than the veritable supercomputer you were using can verify the delay and prove it.

I was using a Sinclair ZX80 in 1981 and it was painfully slow. I don't know of any ZX80 emulators out there, but here are some ZX81 emulators for various systems, so you can see for yourself:

Palm Pilot

Dos/Windows

Java

You can get the drivers from here. Part of it is in recent kernels, but theres a binary only module that lets you get the higher res / higher frame rates out of it. The guy who made the linux driver has also made some little control program for it too that lets you change camera settings on the fly (camstream). The webcam I have been using is a Philips ToUcam Pro PCVC740K which costs about £50 (~$75 US) at the moment, other webcams are supported by the philips driver though (not just philips ones)

Well, there's always the Antiword viewer, too.

Well, kinda. The first Honda production car was the 1963 Honda S500. It had four wheels and a front/rear engine/drive config, true. But that's about as close to Ford-like as it came, with the drive train being a motorcycle chain. And of course, the steering wheel and controls on the right-hand side. (You've forgotten that the Japanese drive on the English side of the road.)

Refs:

Honda Corporate timeline

Classic Honda History

Comments on Honda S2000N

The article says Europe, not the European Union. The estimated population of Europe was 728,981,999 in the year 2000.

Some type of software? Don't be so pessimistic, device drivers aren't the only things we know how to write. If the manufacturers don't help, we'll reverse-engineer it and do it anyway.

VW even had to pay compensation to Tatra after a court case in the 60's

The body, suspension, powertrain, basically everything about the Beetle was virtually a straight copy of the Tatra 97

Maybe not exactly what you're looking for, but this is what got me introduced to OpenBSD and ipf.

Beyond that I'd check out the documentation for IPFilter and PF. Both are very good.

You mean like heavy duty European fisting?

When O'Reilly's onlamp.com published an article on this bibliography, their ad serving system revealed itself to be an AI with a sense of humour by choosing a remarkably inappropriate IBM ad to go along with it.

Speaking of dead bodies... I was rceently contacted by a lady that used to be high up in Scientology in Clearwater who had read this list of bizzare deaths at thier headquarters.

All folks have to do to defeat scientology and send it to the scarp yard of history is to keep on getting the word out,

..."they" zipped their word files before sending them...
no way.
Acorn User will be happy to use !AntiWord to convert these into formatted text, at least. (BTW, it works on most platforms ;-)