Slashdot Mirror

TheKarateMaster writes "Just days after the release of eXeem Open Beta comes eXeem lite 0.19 Public Beta. Much like with KaZaA, the official version of eXeem comes chock full of spy/adware -- specifically, cydoor. eXeem lite is spyware free and free of bloat -- and free. Version .20, which should fix a few minor bugs, is expected 'in next coming days.' (read: soon)"

wadiwood writes "Five record companies are suing the makers of Kazaa. Sharman (moved to vanuatu in Feb 2004) say they are not responsible for what their users do with the software. Personally I don't get what Sony is doing selling MP3 players for all your "favourite tunes" and then selling music which they say you are not allowed to copy to their MP3 players, but that's another story."

meier73 writes "A whitepaper has just been released detailing a secure (OpenSSL/digital signatures), copyright-aware P2P network. The paper claims that this system enables legal file trades, something that isn't guaranteed by Kazaa, Morpheus or eDonkey. The whitepaper goes on to state that the long-term goal of this system is to catalog every human creation in existence that can be expressed by a digital medium. Project stats: a super-computing cluster that will scale to more than 900TB of storage, 300M transactions per day and trade music, television, movies and books. Doesn't this constitute a responsible and legitimate use of P2P?"

Famatra writes "A story from Zeropaid indicates that maker of KaZaA, Sharman Networks, has sent a Cease and Desist Letter to the maker of KCEasy because it interoperates with their FastTrack network. The creator of KCeasy says on the KCEasy website "I feel that inclusion of FastTrack access with KCeasy is not worth a legal battle between Sharman and myself". A similar issue was covered by the Slashdot story Fight On Blizzard Vs. Bnetd Case on the right to reverse engineer to create an interoperable network. Reverse engineering to be another on the list of rights that have fallen by the wayside?"

securitas writes "The New York Times Business section published a longish profile of P2P VoIP startup Skype, founded by the people that brought you P2P file-sharing client Kazaa. Previously the domain of geeks everywhere, this is significant if only because it seems to signal that VoIP is starting to garner mainstream consumer interest and serious business interest. The article discusses Vonage and a Daiwa Securities telecom report that says Skype 'is something to be scared of, and is probably set to become the biggest story of the year.' Critics dismiss it as hype. But Skype faces a potential court battle with the FBI. 'Because traffic over Skype is strongly encrypted and distributed over wide-ranging sources, it could hamper authorities' ability to wiretap.' An FBI spokesman says, '... it is something that we are looking into.' Of course last week's Minnesota federal court ruling that exempts VoIP from traditional telecom legislation doesn't hurt the case for VoIP. The text of the ruling is expected to be available this week. Read the previous Slashdot stories on Skype and the Vonage vs Minnesota case for some background."

Txiasaeia writes "In a very strange turn of events, it seems as if Kazaa (and only the 'official' Kazaa, not any of its non-spyware derivatives) is offering a copy of Atari's new PC RPG, Temple of Elemental Evil for download. What makes this particular case unusual is the fact that, once you download the 6-hour time-limited 'demo', you can unlock the full game for $49.95. While Steam has been doing this with Counterstrike, Kazaa is footing the bill for the bandwidth for ToEE, which makes it one of the first times that a major game publishing house has embraced a P2P client as part of its official distribution network. Is this latest move by Atari an attempt to garner media attention (especially with the RIAA and Kazaa in the news), or are they seriously embracing P2P as a legitimate source for game distribution?"

Txiasaeia writes "In a very strange turn of events, it seems as if Kazaa (and only the 'official' Kazaa, not any of its non-spyware derivatives) is offering a copy of Atari's new PC RPG, Temple of Elemental Evil for download. What makes this particular case unusual is the fact that, once you download the 6-hour time-limited 'demo', you can unlock the full game for $49.95. While Steam has been doing this with Counterstrike, Kazaa is footing the bill for the bandwidth for ToEE, which makes it one of the first times that a major game publishing house has embraced a P2P client as part of its official distribution network. Is this latest move by Atari an attempt to garner media attention (especially with the RIAA and Kazaa in the news), or are they seriously embracing P2P as a legitimate source for game distribution?"

sniggly writes "Cnet News.com has an interview with Kazaa co-founder Janus Friis about their latest product Skype. Skype is a p2p VOIP technology that quote '... is addressing all the problems of legacy VoIP solutions: bad sound quality, difficult to set up and configure, and the need for expensive, centralized infrastructure.' Windows only beta client available."

SanityInAnarchy writes "Everyone should remember when Google removed several links that Sharman (owner of Kazaa) claimed were infringing their copyrights. At first, only real results were touched and sponsored links left alone. Well, that sponsored link was removed, but there are quite a few left on a search for 'Kazaa Lite' that, if they aren't infringing Kazaa copyrights, openly advocate piracy. Well, maybe not quite, but I still can't believe they expect that phrases like 'complete albums,' 'full-length movies,' and 'Napster lives' are to be interpreted as '100% legal.'"

Carpoolio writes "TechTV is continuing its good coverage of the RIAA attack on file swappers, and now they've gone to Australia to interview Nikki Hemming, CEO of Sharman Networks (Kazaa). It's supposedly one of the only TV interviews she's ever done, and Hemming has some interesting things to say about Hilary Rosen and the RIAA, and the future of Kazaa, but without revealing too much. In TechTV's story (part of a three-part series), they've pitted the two against each other, using a recent interview they did with Rosen. Streaming video of the Rosen interview is included on the site."

scubacuda writes "Detroit News: Nikki Hemming, CEO of KaZaA, says KaZaA wants to be the official online distributor for the entertainment industry. 'Realize that this technology is inexorable, and come to the table,' says Hemming to our friends Hilary Rosen and Jack Valenti."

scubacuda writes "According to this News.com article, U.S. District Judge Stephen Wilson said a lawsuit against Sharman Networks (the makers of Kazaa) could proceed, since Kazaa software had been downloaded and used by millions of Californians. (The Australia-/Vanuatu-based company had filed a motion to dismiss the lawsuit, arguing it was not bound by U.S. laws since it did not have substantial contacts with California.)"

tusixoh writes "Arguments were presented in federal court on Monday in a lawsuit filed against the file-sharing services Grokster, StreamCast, which distributes the Morpheus peer-to-peer software, and Kazaa by record and movie companies claiming that illegal copying of music and movies was costing artists millions and stifling creativity. CNN has the report."

Anenga writes "A Windows (and somewhat WINE compatible) Gnutella client, Shareaza, has released a public preview of its next version which includes a re-designed Gnutella protocol they call "Gnutella2". Gnutella2 (or "G2") dumps the Gnutella broadcast model and uses a new global searching method with UDP connections. It also features compression to limit hub-to-hub (G2 Ultrapeers) bandwidth, Tiger Tree Hashing etc. Shareaza has released a small description of the revised protocol here, but plans to release a full spec to the GDF after the release of v1.7 Final. Gnutella2, which is really a revised Gnutella protocol, will also be free and open for anyone to use in their clients. Shareaza and G2 may give Gnutella - an open and free P2P protocol which has been struggling to keep up with the times against Kazaa, eDonkey and other P2P spin-offs - the stability and power it needs to attract the closed and commercial FastTrack Network users when or if the network folds."

Anenga writes "A Windows (and somewhat WINE compatible) Gnutella client, Shareaza, has released a public preview of its next version which includes a re-designed Gnutella protocol they call "Gnutella2". Gnutella2 (or "G2") dumps the Gnutella broadcast model and uses a new global searching method with UDP connections. It also features compression to limit hub-to-hub (G2 Ultrapeers) bandwidth, Tiger Tree Hashing etc. Shareaza has released a small description of the revised protocol here, but plans to release a full spec to the GDF after the release of v1.7 Final. Gnutella2, which is really a revised Gnutella protocol, will also be free and open for anyone to use in their clients. Shareaza and G2 may give Gnutella - an open and free P2P protocol which has been struggling to keep up with the times against Kazaa, eDonkey and other P2P spin-offs - the stability and power it needs to attract the closed and commercial FastTrack Network users when or if the network folds."

The sleaze has gotten out of hand; it's time to roast a group of 20 or so companies whose profits are directly linked to creating fear in their customers, who have to keep discovering new sources of fear to improve their bottom line - or in the absence of new discoveries, keep inventing new sources of fear. Yes, it's time to take on the anti-virus software vendors.

The latest "news" to come out of the AV industry is New Virus Infects Picture Files. McAfee put up their description and made sure to issue a wide-spread press release to stir up some interest. McAfee's spokesdrone fans the flames:

• "Potentially no file type could be safe."
  
  That evolution should make computer users think twice about sending pictures or any other media over the Internet, Gullotto said.
  
  "Going forward, we may have to rethink about distributing JPGs."

Now, if you know much about computing, you may be a little suspicious of this. JPEGs are compressed image files that only contain data representing an image to be displayed, not code to be executed. A modification of that data might screw up the picture of your cat dangling from the edge of the kitchen table you like so much, but it won't turn the image into a potential virus transmitter, because the programs that display JPEGs don't read them with an eye toward executing the code. An image file is just data to be displayed. The line between "data" and "code" is a little bit fuzzy - often particular characters or a particular file can be both data and code, depending on the context of how other code handles it. Or a particular file can include both data and code separately, like a Microsoft Word file that includes data (your text) and code (some macro designed to be executed by Word when the document is opened).

But for JPEGs there's a well-designed standard, and it doesn't include executing code of any sort. If a JPEG-handling program doesn't like the data it sees, it should just stop trying to display the image, not decide to start executing code from the image. JPEGs are mostly harmless.

McAfee's claim of a virus spread through JPEGs requires one essential element: you have to have already been infected by ANOTHER virus transmitted by some actual executable code. What it comes down to is:

Once you're infected with a virus, the virus can set you up to be infected by other viruses.

No shit, Sherlock. Once you have enemy code running on your system, you're toast. A virus could alter Microsoft Word so that opening any Word document at all would erase every file on your hard drive, making every single Word document in existence a deadly threat -- to you, and to you alone. But this isn't a new virus threat of any sort. It isn't a breakthrough. It's a consequence of being infected, not a new method of being infected.

Two weeks ago, we ran a story about a cross-platform virus. Like this one, it didn't really exist in the wild. Like this one, it was mainly a PR ploy (by Symantec, in that case). But we thought it had at least some minimal technical interest as a bit of code that would run under Windows or Linux.

McAfee and Symantec (and all the other AV vendors out there) are waging a PR war to "discover" ever more news-worthy viruses to defend against. To get maximum coverage, your new virus needs to do something unique or different -- make your computer turn green, or infect something previously uninfectable, or whatever it might be. Compare this to Klez, a very basic virus similar in most ways to viruses that have gone before, which is still out there looting and pillaging tens of thousands of computers every day, but isn't ideal for AV vendors because they don't have a monopoly on the cure.

The press is catching on, to some tiny extent at least, that most virus alerts are fictitious and just designed to drum up business for the vendors. But it's far easier to repurpose a vendor's press release and call it a story than to dig into real threats that exist on the Internet, and the causes of those threats. Today, like last year and the year before and five years ago, there are major email-borne virus threats out there. (There are still old-school viruses out there too, transmitted by sneaker-net or by downloading suspicious software, but email is clearly the way to go for the discriminating virus creator.) All the real email virus threats share a few distinguishing characteristics:

• They only affect Microsoft Windows. If you aren't running Windows, you are safe.
• They're usually transmitted by email. If you know enough on your own, or you've had a half-hour class in "Email 101", you should be able to avoid executing random files received by email.
• They auto-execute in Microsoft Outlook or Outlook Express. Microsoft has finally made some progress, after many years, in reducing the vulnerability of their flagship email programs. So if you have a recent or fully-updated version of these programs, you may not be as vulnerable as people running older versions. Nevertheless, this was (and still is, since so many people don't have recent or fully-updated versions) a primary vector.

And that's really it. If you don't run Windows, you're safe. If you have basic email skills, you're safe. If you don't run Outlook, you're safe. That's the story of modern viruses, and fortunately or un-, it's a pretty boring one.

McAfee, and Symantec, and everyone else involved in the anti-virus FUD business: lay off. I mean that literally, as in, "Lay off the people you employ for the purpose of drumming up new virus threats." Lay off the public relations people you employ to say things like, "We may have to rethink about distributing JPGs." Lay off the BS. There's a real market for your product, people who (for whatever reason) are using Windows and/or Outlook, and haven't received the half-hour training course necessary to avoid viruses. You can market to them based on your fast responses to real virus threats - you don't need to manufacture any more.

sh0rtie writes: "Kaspersky Labs and the BBC are reporting that the Fasttrack network that Kazaa uses has been hit by its first targeted worm virus dubbed 'Benjamin.' Is this a clever RIAA creation or that of a mischievous virus writer? I guess we will never know, but the result is that it seems to be bringing unsuspecting users machines to a crawl with full hard drives and clogging up the Fasttrack network with massive amounts of traffic bringing more headaches for ISPs and sysadmins worldwide."

Slashback items of note tonight: One more report (the last word?) on the demise of Loki, a good move on the Brilliant/KaZaA front, and a little 12-month oopsie on the release schedule for the newest from Stephenson.

It's all fun and games until you end up in Bankruptcy. Born Game writes: "Loki was supposed to be declared dead today by the bankruptcy trustee. Dennis Powell has followed their story closely, and he has written a wrapup that will break your heart and make you mad."

I hope he's making it longer than Cryptonomicon. We reported that Neal Stephenson's new book Quicksilver was due last month. An anonymous reader pointed to this page at Amazon UK, writing "the book is due out March 6th next year, not this year. Meh."

Maybe calling it Brilliant wasn't such a bright idea. asv108 writes: "According to this article from MP3 Newswire, Cnet's Download.com has removed KaZaA media desktop due to concerns over Brilliant Digital Entertainment's hidden software."

It's still available elsewhere though; if you or someone you love wants to use such software regardless, TDScott writes: "In case anyone is having trouble convincing their friends that there's a problem with the b3d spyware installed with KaZaA, I've put together a quick summary page on what the problem is and how to remove it (use AdAware with caution) - pointing people to it might save you hours of explanation."

I hope these are available stateside, too. Pankaj writes "Simputer is All set to hit the market in India. The Open Source Computer (Both Hardware/Software) Has found its first makers in Encore Solutions who will start selling it within the next one month. {sources internal}. This will give the iPaq and Palms a run for their money, as the simputer is loaded with features like internal modem, smartcard reader and usb port. There are plans to add a gsm phone into it too -- watch out, Nokia! And one third the price; it's supposed to be 10,000 Indian Rupees. Thats around $210 try comparing it to the ipaq.

Did you ask what it is based on? It's Linux 2.4, man, with gtk and its developer kit it's as free as the hardware itself. This looks like hot stuff to go for.

chill writes: "'Download Temporarily Suspended -- Download of the KaZaA Media Desktop software is temporarily and voluntarily suspended pending Dutch court decision on January 31. We apologise for the inconvenience. Please check back at www.kazaa.com for more information.' --- Both the Linux and Windows client downloads are offline. I wonder what the judge thinks this will do to the tens, if not hundreds of thousands who already have the software?"

More reason below on why not to eat the yellow links, as well as the ongoing interesting effects of the Sircam virus, and whatever happened to Linux in Mexican schools. (Answer: it didn't.) And please send some good news for next time.

... and you'll like it! LupusUF writes: "As everyone knows by now...Kazaa is using top text links Kazaa is using top text. But not only are they using them, they are badmouthing people who complain about them. When someone posted a complaint, a Kazaa moderator (Super_Harris) started out his reply by saying "How Dare You!" and then went on trying to explain why they are using top text. Another moderator makes some more poor excuses in the same thread. The same thread also has some very useful information about the spyware that kazaa has installed with the latest version (cydoor, Onflow, New.Net, WebHancer).

My advice would be to get ad-aware.

I hope Kazaa starts treating its users with more respect, and at least gets moderators that can answer questions without treating their users like idiots."

Sircam Sircam A quivering, cowardly reader wrote to point out that sensitive Ukranian government documents were apparently leaked by the Sircam virus. Even juicier than the steady stream of love notes, recipes, tax information, homework, bids and schedules that keeps flowing into my mailbox.

Don't look for much help from Microsoft on this, either, and hardly any from ISPs. Most of the ISPs I've contacted still claim not to have heard of Sircam, and say "it's not our responsibility." Email from Microsoft (after I cc'd them on a few of my virus alerts) equally disclaims responsibility. Funny how Sircam never made it to the front page of their site. Kudos to Charter Communications for calling customers to let them know they were infected -- and a pox on Prodigy for refusing to.

May the path of least resistance rise to meet you. Alec Muzzy writes: "Wired has a story about a failed plan to install Linux on computers for Mexican Schools in an effort to save money. Instead they have decided to run Windows, because Linux wouldn't run on their hardware. As they say, 'It was easier to go with Windows.'

Here's a perfect example of where the free cost of Linux should have been an advantage, yet they decided to go with Windows instead. Does this mean that the costs of running Linux are higher than the cost to purchase Windows?"

If you have a popular file-sharing program called KaZaA on your computer and suddenly start seeing yellow links to obvious ads on some of your favorite Web sites, this is because a cunning piece of software called TopText was automatically installed on your computer along with KaZaA. Many Web site owners are upset with this alteration of their content. But there is an opt-out procedure (albeit a somewhat cumbersome one) you can use to keep TopText links from being added to your site, according to the company that markets TopText.

We learned about TopText (which was called HOTText until the end of last week) because a number of Slashdot readers submitted a San Francisco Chronicle story about it.

Cyklopz wrote, "...this is quite insidious. I found a link from BankOne's site to Wells Fargo! It crops up all over search engine results as well. Sheesh!"

Microsoft has removed (at least temporarily) a similar, but less blatantly commercial feature called Smart Tags from their upcoming release of MSIE 6.0 because it upset so many people.

KaZaA has an opt-out dialog for TopText when it is installed, but Benny Evangelista, who wrote the Chronicle story, says that neither he nor other people he spoke to who had downloaded KaZaA spotted it until they knew it was there and went looking for it.

KaZaA claims over 5.4 million Web users have downloaded their software so far, and boasts on their Web site that "...KaZaA is one of the most active media communities on the net, usually there are over 600 000 users online simultaneously. 90% of users are recommending KaZaA, which is the 4th most downloaded program on C|Net Download.com."

I both emailed and called TopText's vendor, San Francisco-based eZula, to ask if there was any way we could keep their TopText links from showing up on OSDN Web sites, including Slashdot. Since we often use links as integral parts of our stories, we would just as soon select our own, right? Plus there is a little matter of keeping ads apart from editorial material, which is one of those silly ethics things only journalists who care about their personal integrity may notice, but that upset us to the point of irrationality when we spot them.

Assaf Henkin of eZula told me the only way to keep TopText links from marring our sites was to email all domain names we wanted blocked to:

support@ezula.com

Henkin said it would take "a couple of days" for removal requests to be honored. But at least now you know what to do.

For more information about about how TopText works, go to eZula's contact page and (you must have Flash installed for this to work) click on the "Media Kit" link. Or, for an unanimated but more complete description of eZula's services, check this .pdf file. Note that, although KaZaA is the only eZula "partner" we know about at this time, their media kit boasts of "partnerships with tier one ISPs" and claims their software "...currently delivers your Keyword message to nearly 4 million Internet users, wherever they are on the Web, and this number is growing rapidly as eZula expands its partner base."

Will Web users notice the proliferation of these little yellow advertising links? Will they be able to tell them from the "real" links story authors or Web site owners put in? Will anyone care? Should anyone care? Or have we all gotten so used to ads sneaking into everything from movies (via product placement) to upcoming show "announcements" during the happy talk segments of local TV news that such things don't matter any more?