Slashdot Mirror

Try GRC.COM, it does just that when you try the ShieldsUP tester ...
---
Inanimate Carbon Rod thanks you for your support. See you in 2004!

If you are running a Windoze box (especially on a laptop) download this demo for an example of the advanced rendering tjwhaynes is talking of. Render demo

-b

RealNetworks sucks anyway. See this article.

I have 3 Zip drives. An external SCSI drive I've had for 4 years, an external Parallel Port drive for 2 years, and an internal ATAPI drive that I've also had for about 2 years. Never had a problem with any of them until about 3 months ago when the internal ATAPI Zip drive started making strange noises and acting erratically. After some searching I found out about the "Click of Death" here .

It is a real phenomenon.

When my system began to exhibit the symptoms I called my vendor's support line since it was still within the warranty period and they dispatched a tech to replace the drive within a couple of days. The tech confirmed for me that Zip drives are a major headache for them. They tend to fail on a regular basis.

Do you work for Iomega? You are spreading untrue claims in your message. The problem is NOT with the early models of the Zip drive. The problem is more likely to occur in NEWER models of the drive. Iomega has serious quality control problems and the problem started happening when they started to cut corners in manufatcturing. While it is true that you can damage a drive by dropping it, that is simply NOT the major cause of the problem although Iomega would have you believe otherwise. Do you think I dropped my internal ATAPI drive?

I urge everyone who has a similar problem to check out the Click of Death site for more information. Busted up disks CAN spread the problem between drives, but this is not really the underlying cause of most of the problems.

There have been class action lawsuits filed against Iomega regarding their Zip drive product. Their senior executives were finally forced to admit they had a serious problem. Sending people to their web site without pointing out the alternative explanation is a disservice.

I have 3 Zip drives. An external SCSI drive I've had for 4 years, an external Parallel Port drive for 2 years, and an internal ATAPI drive that I've also had for about 2 years. Never had a problem with any of them until about 3 months ago when the internal ATAPI Zip drive started making strange noises and acting erratically. After some searching I found out about the "Click of Death" here .

It is a real phenomenon.

When my system began to exhibit the symptoms I called my vendor's support line since it was still within the warranty period and they dispatched a tech to replace the drive within a couple of days. The tech confirmed for me that Zip drives are a major headache for them. They tend to fail on a regular basis.

Do you work for Iomega? You are spreading untrue claims in your message. The problem is NOT with the early models of the Zip drive. The problem is more likely to occur in NEWER models of the drive. Iomega has serious quality control problems and the problem started happening when they started to cut corners in manufatcturing. While it is true that you can damage a drive by dropping it, that is simply NOT the major cause of the problem although Iomega would have you believe otherwise. Do you think I dropped my internal ATAPI drive?

I urge everyone who has a similar problem to check out the Click of Death site for more information. Busted up disks CAN spread the problem between drives, but this is not really the underlying cause of most of the problems.

There have been class action lawsuits filed against Iomega regarding their Zip drive product. Their senior executives were finally forced to admit they had a serious problem. Sending people to their web site without pointing out the alternative explanation is a disservice.

For more on the IOmega Click of Death problem, check out the TIP (Trouble In Paradise) section of Steve Gibson's web site

Check out Steve Gibson's Shields Up , especially if you run Windows. It will probe your IP address for open ports and NetBIOS crap.

Anyway, the point I was trying to make (badly) is that if you're going to maintain a constant connection to the Internet by all means run some type of firewall if you don't want to get your box compromised. I use ZoneAlarm and couldn't be happier with it. I just passed the Port Probe and "Sheilds Up!" tests at grc.com with flying colors. Some of the scans ZoneAlarm protects me from (as reported by the security checks at GRC):

• Your Internet port 139 does not appear to exist!
• Unable to connect with NetBIOS to your computer.
• Port 21 FTP Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!
• 23 Telnet Stealth! There is NO [...]
• 25 SMTP Stealth! There is NO [...]
• 79 Finger Stealth! There is NO [...]
• 80 HTTP Stealth! There is NO [...]
• 110 POP3 Stealth! There is NO [...]
• 113 IDENT Stealth! There is NO [...]
• 139 Net BIOS Stealth! There is NO [...]
• 143 IMAP Stealth! There is NO [...]
• 443 HTTPS Stealth! There is NO [...]

I think this would be a good idea but don't know if there's anyone with the resources to undertake the task. If you could make a business out of it, like maybe Enonymous' Privacy Ratings site, then that might work. I'd monitor it if there was such a site. Maybe someone would want to run something like FuckedCompany.Com but concentrate on slippery privacy practices.

I've found that PrivacyDigest and WebVeil do a pretty good job of keeping abreast of the news. Privacy Digest is better because it is more comprehensive, but WebVeil is selective, seeming to focus on privacy for consumers specifically rather than everything that is privacy under the sun. Otherwise, I just pay attention to and filter what the paranoids are saying in alt.privacy or check on the privacy issues section of Yahoo and Wired.

Why is it only for Windows? Because Steve Gibson wrote it. He likes to write "hand-crafted" assembly language, for x86 platforms. So he wrote it for Windows.

Maybe it reads like a press release. But don't forget... when he finally has something to release, he is going to give it away free (like beer). He isn't spamming this page out by email, he isn't trying to trick anyone out of their money, so why are people so worked up?

He wrote, and gave away, a cool utility for Zip disk owners. He also wrote and gave away some other stuff, and let's not forget how cool his Shields Up! page has always been.

Even if we moderate his latest web page (-1, marketdroid-speak) he has plenty of karma left over.

steveha

Did you see the stack he's proposed/designed? His new implementation of ping doesn't appear to need the WeirdStack to work.

On the other hand, he claims there that encrypting every SYN/ACK that goes out causes no overhead... which I might believe, until one gets SYN attacked.

On another note: of course its Wintel Oriented. He discovered an x86 asm programming book, and was touched (in the head) by the Wand of Optimization, so he can hand-code assembly language better than a compiler can optimize it! Too bad he wasn't touched by the Wand of Porting...

Quote from the site:

Since Encrypted Tokens are created simply based upon the Client's IP address, there is no way for any malicious hacker to ever collect even a small fraction of the total four billion possible IP/Token pairs . . . which will all change, anyway, the next time the Server is restarted!

TFTs exist in two different colour pixel configurations, RGB and BGR (not quite since they are not in simple three pixel groups, but it will do for now), and Cleartype exploits the higher spatial resolution that can be gained from treating each colour pixel separately.

This of course means that ClearType needs to be told what configuration your panel uses, and if the wrong one is used it will indeed look horrible. Try mirroring the image, that should give you a better idea of what it should look like (presumably Whistler has a configuration option somewhere to set this).

More resolution is always nice, but the colour screen has it's own potential to improve plain text output, if it uses some sort of sub-pixel font rendering.

sulli

Basically, PMFirewall is just a script to help you configure all of your TCP ports and IPCHAINS/IPMASQ. I have found it easy to use, but I am sure there are alternatives that are just as good.

I would like to point out that I haven't performed a complete and thorough test to determine how secure my system is. I did run the "ShieldsUp" test at grc.com and it couldn't find any open ports or access any services. This may not be the most exhaustive test around, however, so I can't give any guarantees.

#ipchains -I input -p tcp -y -s ! 127.0.0.0/24 -j DENY

should drop any TCP SYN packets coming from 'outside' your box. As I understand it the SYN packets are the ones that request a connection, so response data (telnet, www, etc) should get through ok.

Gibson Research will scan your ports for you.

Real Player/Jukebox comes with spyware that reports back all downloaded files. See here for more details.

Razorfish Studios countersue IAM.com
Why Intel have to like RAMBUS
Detailed packet analysis of Realnetworks/Netscape's spyware.

Of course since the guys at slashdot probably have stocks in netscape they didn't care to run it as a major story. Gibson Research has tested them with packet sniffers:
RealNetworks RealDownload, Netscape/AOL Smart Download, and NetZip Download Demon utilities all report back to their respective owners, reporting the URL of what you are downloading, a unique ID tagging your machine, and your IP number - the IP number is sent along in the package so proxies etc won't help.

Have a look
http://grc.com/downloaders.htm

--

JHK
http://www.cascap.org because you care.

JHK
http://www.cascap.org because you care.

Check out this story on that site: http://grc.com/oo/aureate.htm

Christ! I consider myself a pretty savvy user, and I had this advert.dll on my system. It's part of, for instance, Go!Zilla. (See list http://www.radiate.com/press/products.html ).

Quick summary:

- installs as part of other freeware without telling you
- hides in your browser's address space to avoid detection by egress firewalls
- specifically avoids removal when user attempts windows add/remove programs
- periodically (insecurely) checks with the master server to see if there are "updates", then downloads and runs them

If someone wants to ruin this company (and 22 million home users' day), a little DNS poison and a trojan would certainly do it.

If you're a windows user, delete /windows/system/advert.dll now!

Gibson Research's opt out utility can remove unwelcome spyware. GRC also maintains a list of suspected spyware and other useful privacy resources including a FAQ.

Gibson Research's opt out utility can remove unwelcome spyware. GRC also maintains a list of suspected spyware and other useful privacy resources including a FAQ.

Gibson Research's opt out utility can remove unwelcome spyware. GRC also maintains a list of suspected spyware and other useful privacy resources including a FAQ.

look here. This will better help to understand of what we are speaking, what is interesting about it (and what is old news).

The Apple II doesn't really do this. It uses the properties of the NTSC colorburst signal to create color from a synchronized high-resolution monochrome signal. The physical "subpixels" on the CRT can't be aligned to this signal, and the end result is fuzziness, not clarity. The R,G,B phosphors on the screen are not directly addressed.

CRT's and even analog LCD's don't gain anything from this, as this technology needs direct access to the R,G,B elements of the display to create antialiased text that is as sharp as possible. It even needs to know the order of the RGB elements. This done through wholly digital displays that directly address the color pixels on the display, such as an LCD on a laptop. The next step would be to make this independent of the display type, with tuning tools or profiles for individual display devices.

Television does this naturally, being a wholly analog system. Point a color camera at some text, and the edges of the text will fall on the color elements within the camera, irregardless of arbitrary pixel boundaries. If you magnify a still image on a TV set, you'll notice that any sharp edges are defined independantly of the positions of the color elements, and they are "smooth". In contrast, any computer-generated edges show a bias toward pixels, causing some jagginess in even the best anti-aliased graphic. Of course, if the source camera and the receiving TV set have different color element geometries, the result will be a little off.

Whatever you call it, this is antialiasing taken to the max. I'm glad that someone is taking it seriously, even if it's Microsoft. CG for television should take notice, too, to try to simulate the natural look of purely analog signals.

You can download a demo of the technology used behind ClearType, at Steve Gibson's page:

http://grc.com/cleartype.htm

It is configurable for all sorts of LCD layouts, including BGR and RGB. Unfortunately, it runs only on Windows, so this probably won't help you if you have an iMac... but perhaps you could do screen captures then view the graphics on the Mac?

Of course, this was all done over 20 years ago, with the Apple ][: it displayed color, but internally everything was black and white! Due to the way the NTSC television signal works, it could create color by placing thin white vertical lines very close together in precise positions. It did this, essentially creating more subpixel resolution. The application was different, using black and white pixels to create color (essentially opposite to what is done now, using color pixels to create more black and white resolution), but the underlying technology solution was the same.

I just hope Microsoft doesn't try to patent this! Hopefully, the Patent Office will see the mountain of prior art that is the Apple ][.

Anyone remember Steve Gibson's ClearType demo? Steve says that Apple invented this tech looong time ago (so long that patent already expired). I'm hoping that he will re-check facts and tech again and see if MS really did innovate something this time. I still think that this is old Apple's tech that Woz discovered some time ago. If anyone has a LCD pannel handy I recommend you check MS samples and Steve's ClearType app and see that the results really are similar.

Someone should ask Steve Gibson to opensource his app so that we can incorporate this tech into X display server (it's written in ASM so it's very fast to).


--
GroundAndPound.com News and info for martial artists of all styles.

Here is the software of the guy who claims Apple figure all this out years ago. He has a demo written (idiosyncratically enough) in pure i386 assembly:

Free and Clear

However, his discussion doesn't seem nearly as complex as the one we have linked in this article. My feeling is that the idea of sub-pixel manipulation is one of those "floating revelations" that recur to more than one clever mind, but that MS Cleartype is the first practical application.

Oh, and here's the cleartype site at MS. Be sure to view it with an LCD screen - otherwise you won't get the benefit due to the triangular distribution of color spots on a CRT:
MS Reader

-konstant
Yes! We are all individuals! I'm not!

Very interesting
Yes, your still have to have an LCD to see that it works

checkout:
http://grc.com/ctwho.htm

While I heartily applaud the steps being taken to make screen more legible, I question the truth of the Microsoft claim to have invented this technology. Steve Gibson of Gibson Research Corporation , has a whole page dedicated to this very issue, located here. He makes some very straighforward points, including reminding us that Apple had something which worked the same way around 15 years ago.

And of course this does absolutely nothing for screens other than LCD..

While I heartily applaud the steps being taken to make screen more legible, I question the truth of the Microsoft claim to have invented this technology. Steve Gibson of Gibson Research Corporation , has a whole page dedicated to this very issue, located here. He makes some very straighforward points, including reminding us that Apple had something which worked the same way around 15 years ago.

And of course this does absolutely nothing for screens other than LCD..

http://grc.com/cleartype.htm

http://grc.com/optout.htm

The above is a link to a software program that identifies and removes a particular program that loads when Windows starts. The program is made by Aureate/Radiate. It comes piggybacked onto shareware/adware programs downloaded from places like Tucows. It sends your browsing habits and other information back to a central server even when the programs they came with are not active. To make matters worst it is known to increase the frequency of browser crashes and tries to only be active when you are sending/receiving data to disguise itself. They sneak an agreement to allow this into the EULA. All of my machines were "infected" when I checked. Kinda scary.

Marc

The RADIATE (formerly Aureate) monitoring programs that are packaged with over 400 freeware, shareware and demo programs is a perfect example of a deliberately spread virus (in Win9x)

1) you are not informed that a *separate* program will be installed, in addition to the program you intend to install. This program can monitor your activity even when the program it came with is not in use.

2) the monitor program is not removed when you uninstall the 'carrier' free/shareware program or purchase the paid version of a demo. In fact, there is no way to completely remove it except through an external program like OptOut from Steve Gibson (freeware)

Sounds like a classic, deliberate, and very malicious 'virus'. I'm sure there's something in the license allowing the installation, but nothing about it persisting forever (even after you remove the program the license applies to). True, you could prosecute under the 'unauthorized computer use' felony, but I think the virus law gives a better tool, since the virus+vector model is a familiar one (putting an unannounced virus inside a desired executable doesn't make it less of a virus)

The RADIATE (formerly Aureate) monitoring programs that are packaged with over 400 freeware, shareware and demo programs is a perfect example of a deliberately spread virus (in Win9x)

1) you are not informed that a *separate* program will be installed, in addition to the program you intend to install. This program can monitor your activity even when the program it came with is not in use.

2) the monitor program is not removed when you uninstall the 'carrier' free/shareware program or purchase the paid version of a demo. In fact, there is no way to completely remove it except through an external program like OptOut from Steve Gibson (freeware)

Sounds like a classic, deliberate, and very malicious 'virus'. I'm sure there's something in the license allowing the installation, but nothing about it persisting forever (even after you remove the program the license applies to). True, you could prosecute under the 'unauthorized computer use' felony, but I think the virus law gives a better tool, since the virus+vector model is a familiar one (putting an unannounced virus inside a desired executable doesn't make it less of a virus)

Interfering with a computer, system, or network or giving out a password or other confidential information about a system is a misdemeanor of the first degree, with a maximum penalty of five years and $10,000 fine.

OK. So we all know about "bad" viruses -Mellisa, etc, and "trojans" -but what I want to know is how this legislation can be used to keep Large Corporations from digging around in my HardDrive..

When RealNetworks or Aureate/Radiate add "special features" to their software to profile my music listening habits, or track my web access from within, rather than from accessed pages- does that count as "Interfering, or giving out confidential information".
-

Or maybe it's not such a bad precedent; it'd be interesting if such a ruling helped discourage hard-drive searching by software which searches for "undesirable" content without your consent or knowledge.

It's pleasant to think that this ruling has potential to only be used for Good Things®.

However, the stark reality is that if it can be used to prevent breaches of privacy à la Aureate Media aka Radiate, it can also be wielded as a weapon in cease-and-desist letters as well as in the courtroom when a site doesn't like another (a competitor, perhaps?) crawling them on a regular basis like the recent AuctionWatch brouhaha.

Gibson Research Corporation has a fantastic links page regarding privacy. Many links on this page really ring true with this ruling.

On another note, Slashdot is really on the ball -- eBay's Press Releases page has absolutely nothing to say about this (as of when I wrote this, of course).

--
"Give him head?" ... "Be a beacon?"

"One World, one Web, one Program" - Microsoft Ad

Not that this is the best test for it, but if you go to GRC you can use their "sheilds up" section to test what info your Windows machine is giving out. Using it before and after installing ZoneAlarm was very informative. (of course, you could always run the portscans yourself from another machine, but I'm lazy!).

I recommend this software to all my windows friends with cable modems - script kiddies just love to target those @home & roadrunner IP blocks! I get at least 2-3 scans a day looking for trojans.

-------

I have no affiliation with the following:
Steve Gibson has been a real help to many with his Shields Up! and SpinRite, but a little known program on his site will take out the Aureate VIRUS.
Everyone that uses CuteFTP and many other shareware programs have the Aureate VIRUS in thier computer. It is installed with the program With NO UNINSTALL PROGRAM !
It sits, and waits for an internet connection to send constant information back to ads(x).adsoftware.com and there have been a lot of problems with system lockups because the software can't make contact !


From the ABOUT tab in the program
The OptOut Web Site at http://grc.com/optout.htm contains an extensive summary of the issues and problems surrounding the use of advertising agent programs, parasites, and spyware. You will also find extensive information about OptOut's current capabilities (they will keep growing). Please click the link above to visit our site to learn about this problem and OptOut.
--

Me again: It is small 38k, written in assembler and is free (as in beer) until sometime in July.
Get it and use it And RTF Agreements BEFORE installing software on your machines !!!!!


- Save The Whales ,Collect the whole set !

Hmm. For a hoax, it seems pretty well done. This website has a DLL remover: http://grc.com/optout.htm
---

Here's a similar program. It doesn't deal with DoubleClick - instead it removes Aureate "spyware" from your system (win32 only). More info/download here

A bit of research shows that if the Woz didn't invent sub-pixel anti-aliasing, he at least got a patent for it a long time ago (US Patent #4,278,972 - invented 1976, filed 1980, recieved 1981) His technique used a neat hack of the NTSC standard that's used for color TV in the US, because a color LCD panel would have cost an insane amount of money - assuming that they had been invented at that time.

Admittedly, anti-aliasing wasn't his particular goal, but he still did it (think Wrong Way Corrigan ;)

There's a handy page at http://grc.com/cleartype.htm, and several /. discussions of the issue: here, here and here.

So I think that I safely assume that you either:
1) meant to say that "Cleartype *IS* the same. As has been pointed out countless times."
2) or are totally clueless

Results: I was getting probed at an average of once every 20 minutes from a variety of locations. Urk! (Please note, my ip starts with a 24, which tends to indicate an @home or roadrunner cable modem service)

Side note: If you want to test your machine, go to Steve Gibson's SheildsUP!. It's a bit slow at the moment (and posting this ain't gonna make it faster). Personally I wish I had known about this site before this insanity started.

-----

This is a really profound realization, that your language has such power to expand--or limit--your horizons, and define which concepts you are able to think about fluently, and which ideas are not easily ponderable.

Of course, in his portrayal of C as being an ancient, out of date language, he goes so far as to claim:

Yes, you could develop user interfaces in C, but they were extremely kludgy in those early days, and didn't become mainstream until the advent of object-orientation and GUI class hierarchies.

Skipping over brief discussions of hardwiring games and assembly, we come to C. He discusses slow adoptation of C by game programmers, then holds DOOM as a turning point of some sort:

When id Software released DOOM, they surprised much of the industry by having no reliance on assembly code--despite excellent game performance, and by successfully cross-developing the game (in NeXTstep and DOS), then successfully porting it to an astounding variety of platforms.

I'll gloss the section on C++. I think he's getting overworked about the failings of C++. Many, many projects continue to work in C++ just fine without collapsing. I think he's a bit arrogant for lump UnrealScript into the mix. He filtered out Pascal and other C contemporaries to presumably keep his list simple, then lumps in a fairly specialized pet language.

Getting the future we get to the good parts. He wants to discuss "parametric polymorphism." He handwaves away C++'s templates with:

Unfortunately, the C++ language bastardizes this concept in its support for "templates" (C++ lingo for the same concept), a terribly hacked and inadequate feature which, unfortunately, leads programmers to believe that parametricity is just a flawed concept--just like object orientation looked like a flawed concept to C programmers.

Anyway, we get to his list of things he wants for "'parametric polymorphism' in its full glory." (His extra quotes, not mine. Read into what you will.) First we wants an "open world evolution of source code and binaries." I read this as, he wants to be able to change various bits (containers, algorithms, other bits) without breaking compatibility. Why templates fail as a "link-time feature" is beyond me. I manage to "evolve" my template containers and algorithms without breaking anything just fine. Sure, I can break things, but I fail to see how any language can stop me from breaking things.

He wants "functions references bound to specific objects." I can't figure this one out. I certainly can stick function pointers in objects. Perhaps he means closure, which is easily done with function objects (an object which looks and acts suspiciously like a function). (This is slightly inelegant in C++, but certainly not an "enormous amount of 'duct tape'".

He also wants his polymorphic types to support bounds and constraints (simple enough), and "higher-order function calling" (No guess).

He then dwells on an example. He's got three integer arrays A, B, and C. He wants to add the each element in B and C and place the result in the corresponding element in A. He seems deeply bothered that C++ doesn't look at "A = B + C" and "do the right thing." He seems to ignore other, reasonable interpretations of B + C. Perhaps it means concatenate the arrays, or add all of the elements in B and C into a single number and put it into A[0]?

Looking at things this way, the beginning C programmer who naively tries "C=A+B" is showing more ingenuity and insight into programming than the experienced C programmer who knows why that doesn't work.

Ultimately he appears to be looking for a general way to work on sets in this sort of way. It's a darn shame he hasn't looked at the STL recently, since tools like for_each() provide a solid, general basis for running over a single array, and a for_each like function running over two containers isn't very hard to write.

Moving on, we find:

What if the modeler built several pieces of trees -- branches, roots, and leaves; and the programmer wrote code to hook them together...? The forest could be infinitely larger and more realistic due to each tree being unique."

His discussion on virtual classes and frameworks is interesting. Somehow I'm not feeling a compelling calling for virtual classes, but it's interesting.

His discussion on how wonderful UnrealScript is particularly interesting. He wants the various "good bits" of Java (binary interoperability, security), plus a few more (language supported serialization that automatically is backward compatible). This sounds nice and all, but he quietly ignores speed issues. Given that Unreal shipped with framerates regularly below 10fps on systems that were "up to date" when it shipped, I suspect he doesn't care. Like the Java advocates say, "A slight speed hit is okay, since computers keep getting faster." Of course, the "slight" speed hit generally turns out to be at least cutting your speed in half, it isn't okay. I'd certainly notice Word getting 50% slower, and I darn well want to run by games with as many graphical bells and whistles on as possible. Oh well.

--

I wonder what Steve Gibson (author of Spinrite) thinks of this, since he still devlops mostly (if not entirely) in assembler--even for Windows development.