Slashdot Mirror

mpawlo writes: "The widely debated Craig Mundie speech is now online." We tried not to run this, but there are too many submissions to ignore. Yes, much of what the guy says is nonsensical. Why not translate it into terms your boss can understand? For example, Mundie says forking code is bad. Here's the same thought translated into manager-speak: "Having multiple vendors competing to offer us the best product at the lowest price is worse than having one vendor who can sell the product to us at monopoly prices." Update: 05/03 8:19 PM by michael : Alan Cox has a response.

eEye Digital Security was doing some testing that apparently Microsoft hadn't done on its own webserver (IIS 5.0) running on its latest OS (Windows 2000, all versions). "Within a matter of minutes," they say, "a debugger kicked in on inetinfo.exe because of a 'buffer overflow error'" -- and two weeks later, we got simultaneous announcements from Microsoft and eEye. This is a remote SYSTEM-level exploit in a popular webserver, in the wild, i.e., Danger Will Robinson. eEye says about a million servers will need to be patched; it may be more. Go see Microsoft's writeup and patch. See also eEye's droll and informative writeup, which, now that an exploit is confirmed to be in the wild today, has added some source code.

PapaZit asks: "Laptop and home users don't alway have access to a network. There are many tasks that can be done off-line, but require an occasional network connection (reading and responding to email, for example). In the Free Unix front, there has been some work in this direction, but it hasn't made it anywhere outside of Windows. Coda has made it possible for me to work with centralized files offline, and I have some ugly scripts involving perl, fetchmail, and procmail that handle email, but I wouldn't inflict them on others. An OS with automated "Network indifference" seems like it would be useful to both novice users and power users, and it's the sort of thing that could make these alternative operating systems more appealing to the masses. Are there any efforts in this direction that could use support or testers? Are people waiting until networking becomes so ubiquitous that the problem goes away?"

Mubarmij asks: "A lot of people, including the ex-Vice President, think that Terrain Visualization and the Georeferencing of all kinds of data is the next big thing. Given the broad applications (sims, education, games, GIS, virtual tourism, etc) that can be derived from such technology, I would tend to agree that if this is not actually the NBG(tm), then at least it is very close. Like the internet, this technology has taken its time in obtaining it's current level of sophistication. However, there is huge potential here that has yet to be tapped, despite the fact that it currently fills a huge niche market. I had once read that NASA spends more than 70% of its resources on space imaging and visualization-related activities (unfortunately I link to the article that mentions this, but one should remember that the major goal of all space satellites is to take multihued pictures of Earth and other planets, and you will see that this is not an exaggeration), which is quite a lot of money." Open Source has provided several frameworks for GIS from which a "killer app" may spring from. Read more on the various Open Source projects on GIS, and feel free to share your thoughts on where this technology may head in the future.

"There are quite a few web sites, commercial and non commercial that tend to this technology. However, it seems like the early nineties, where people are just starting to get aware of the internet, but are still awaiting for the killer app to make this thing fly.

There are two open source projects I am aware of that deal with this area. The first, VTP, is a real open source project attempting to create a real terrain visualizer. The second, OpenSkies, is not really open source yet (despite its claim)... but it is interesting in that it allows networked people to fly or drive through virtual worlds that are reality based.

Here are a few other questions:

• Do you think that this technology will remain a niche market (albeit a big one)? If so, is this likely to occur?
• Are you aware of any open source projects other than the two mentioned above that deal with this area?"

Interested readers will also want to check out Drawmap and the longstanding Open Source GIS, GRASS.

mansoft was one of several to send us a followup to last week's story about the massive MSIE/Outlook security hole. He points us to this Wired news article: "Your computer may not be protected against a recently discovered and dangerous security hole -- despite all claims to the contrary from Microsoft." Ack! If you tried the patch and got the message, "This update does not need to be installed on this system," you may need to upgrade your IE and re-patch. I'm amazed at how poorly this has been handled. I'll be even more amazed if there is no fallout. If Melissa or ILOVEYOU had been able to install backdoors as they spread, that would have really, really sucked. Update: 04/03 04:24 PM GMT by J : According to this Wired story, Microsoft was given six weeks of silence to prepare and issue the patch.

Visit an attacker's webpage using Microsoft's browser on Microsoft's operating system, and the attacker can execute arbitrary code on your system with your full privileges. Oh, and thanks to Microsoft innovation - you may remember this from the trial - the browser is integrated with the OS, so reading email from an attacker (opening attachments not necessary) also gives them full access to your machine. MSIE 5.5 is vulnerable, and MSIE 5.01 is vulnerable unless you've installed Internet Explorer 5.01 Service Pack 2. Read the security bulletin and download the patches. Discovery props to Kriptopolis.

CleverNickName asks: "I have adsubtract installed, on my Windows 2000 system, and filter out all cookies and advertisements, except for sites like Slashdot. When my Windows Media Player starts up a CD, it tries to set a cookie, and I hear adsubtract 'gulp' it. So why does WMP need to set a cookie about my CDs? Does it send this information to the Borg? I've read the included documentation, and searched on Microsoft's website, without finding an acceptable answer. Maybe a fellow reader can help unravel the mystery?" I could not get my Windows 98 box to reproduce this behavior. I didn't see anything in the C:\Windows\Cookies that would indicate that WMP was sending anything, nor did I see the machine emitting any unusual network traffic. If anyone else has noticed this behavior, please let us know.

Doug Miller is Director of Competitive Strategy in Microsoft's Windows Server Marketing Group. Doug is responsible for a team within Microsoft focused on competitive strategy and enterprise interoperability products. He's been spotted at Linux shows. He uses vi. He was a Unix guy for many years. His previous company, Softway Systems, was acquired by Microsoft in 1999. What are you going to ask him today? Up to you, but one question per post, please. We'll send Doug 10 of the highest-moderated questions and post his answers next week.

Doug Miller is Director of Competitive Strategy in Microsoft's Windows Server Marketing Group. Doug is responsible for a team within Microsoft focused on competitive strategy and enterprise interoperability products. He's been spotted at Linux shows. He uses vi. He was a Unix guy for many years. His previous company, Softway Systems, was acquired by Microsoft in 1999. What are you going to ask him today? Up to you, but one question per post, please. We'll send Doug 10 of the highest-moderated questions and post his answers next week.

omarius writes "From the Microsoft Security Bulletin: 'VeriSign, Inc., recently advised Microsoft that on January 30 and 31, 2001, it issued two VeriSign Class 3 code-signing digital certificates to an individual who fraudulently claimed to be a Microsoft employee. The common name assigned to both certificates is "Microsoft Corporation".' See the bulletin for more information. Brings a whole new meaning to the concept of 'Windows Update.' ;)" Most users probably ignore the name on a certificate presented to them anyway, but even that minimal protection is worthless if certificate authorities don't perform their job.

deran9ed writes: "The German foreign office and Bundeswehr are pulling the plugs on Microsoft software, citing security concerns, according to the German news magazine Der Spiegel. Spiegel claims that German security authorities suspect that the US National Security Agency (NSA) has 'back door' access to Microsoft source code, and can therefore easily read the Federal Republic's deepest secrets. Article in German, English article"

Wanker writes "An Eastern European hacker group has spent the last year systematically exploiting known bugs in IIS to steal customer and credit card info. Read about it at the SANS security site." Says SANS, "The FBI and Secret Service are taking the unprecedented step of releasing detailed forensic information from ongoing investigations" of the IIS, MS SQL Server and Windows NT breakins. We don't normally post news about exploits, but the scale here is massive: more than a million credit cards have been taken in a blackmail-extortion operation that has been going on for a year. Speculation is welcome as to why NT sysadmins don't install service packs for known vulnerabilities... Update: 03/09 03:37 AM GMT by J : Microsoft says, Don't Be A Victim!.

If you are an NT admin or know someone who is, note especially:

"Within a day or two, the Center for Internet Security will release a small tool that you can use to check your systems for the vulnerabilities and also to look for files the FBI has found present on many compromised systems...

"The Center's tools are normally available only to members, but because of the importance of this problem, the Center agreed to make the new tool, built for the Center by Steve Gibson of Gibson Research) available to all who need it."

Ron Harwood writes "Hewlett-Packard has announced that version 7.0 of OpenMail will be the last major release of the application. OpenMail is a pretty good competitor to MS Exchange and it can be used under Unix. Perhaps when HP decides to discontinue it as a product, they should open the source code." The ComputerWorld article says that this is the last *major* release - bug fixes and such will still come out. As well, they will provide support for the next five years, but it sounds like OpenMail may have reached the end of it's lifespan.

Falrick writes "Microsoft, the company that has its fingers in inumerable pies, decided to follow suit by also placing their toes in them with this anouncement yesterday that they will also be moving into the embedded chip market. While the article doesn't say that Microsoft will actually be producing chips, they are apparantly licensing special versions of WindowsCE for use on a variety of chips including those made by Intel, ARM and MIPS. On the upside, though, for those of you who would like to get back those licensing fees, or Microsoft Tax, that you paid on that shiny new system a few years ago, MS may also be partenering with Bally Gaming & Systems to put WindowsNT into their casino slot machines. Now, what's the payoff on three blue-screens in a row again?"

Vesuri writes "TransGaming Technologies has released a patch for Wine which makes it possible to run Direct3D applications under Wine. I ran 3DMark2000 and I was impressed - it really DOES work like they promised. It's not perfect but it's a really good start!"

zero asks: "Looking over at the MS Web site, a lot of the ideas behind .NET remind me of Java - and so does the hype around it. I remember when it was said that Java would revolutionize the way things work by having applications loaded on-demand off the network (for example)... sound familiar? It would be interesting to hear what the Slashdot community thinks of what MS is doing better (or what they think they're doing better) in their plans for .NET, and how much potential they have."

Pentapod asks: "I'm giving in to RSI and looking for a trackball mouse. I've tried the Logitech Marble Wheel but didn't find it very comfortable for my small hands. Now I'm looking for a thumb-operated trackball like the Logitech Trackman Wheel Mouse or the Microsoft Trackball Optical Mouse. These two look most promising, but there's also the Logitech Marble Mouse and the Logitech TrackMan FX among others. My question to Slashdot - the prices vary by up to A$100. So is there a real difference? What is it? Is the Microsoft 'Intelli-eye' technology really 'new' and better? Has anyone done any comparison between trackball models?"

adpowers writes: "You can find a picture and description of the Xbox at the press release from Microsoft." There's also shoots from Gamespy, news from C|Net, and a report from Reuters - and lastly, a report from MSNBC.

adpowers writes: "You can find a picture and description of the Xbox at the press release from Microsoft." There's also shoots from Gamespy, news from C|Net, and a report from Reuters - and lastly, a report from MSNBC.

abh asks: "I can't be the only one out there who has a background programming under Windows, primarily using Microsoft's Visual Studio. I'm a Linux enthusiast who is looking for information (books? Web sites?) on developing using the GNU tools. Since most of my experience is with a visual design environment, are there similar environments available Linux?"

drix writes: "Microsoft is recruiting people to playtest the Xbox!" Someone over there has got to be reading! Let me have a crack at one guys! (Course, if they don't the conspiracy theorists will know why: and don't say, "Rob Doesn't Live in Seattle" cuz that's too easy. Course who am I kidding: The Microsoft conspirators are too busy saying the xbox will the crappiest system ever without ever touching one. I just see it as Microsoft's way of saying, "We're not a monopoly. Promise!" as they attempt to swallow another industry. The system may very well rock).

Happy New Year's! HAPPY NEW YEAR'S! The ball has dropped, the clock in your local bell tower has probably stopped ringing (at least, if you aren't too far west), and if you're getting a midnight kiss it had better take longer than a database refresh. In Europe, they've been enjoying the brighter breezes and fresher smells of the third millennium for hours! Now's your chance to ponder, predict and pontificate, or just leave a message for all posterity, at least until a big EMP pulse returns us to the days of carbon paper, cave-dwelling, etc. What will life be like ten years from now? 100? The next time people argue about which day is the true millennium turn? Will Larry Ellison release a new thin client in 2059? Who's right about the staying power of Microsoft: ESR? Or Bill Gates? Will my grandkids get a stern warning from the security guard for fooling around on the Space Elevator? What will everyday life be like? Be idealistic. Be cynical. Extrapolate from Scientific American, 2001 , or Spaceballs as you see fit. (And those still waiting for local midnight, feel free to post from your side of the space-time continuum, too.)

lizrd writes "The New York Times is reporting (yeah, yeah, you gotta sign to read it) that several Linux distros will be shipping stable versions of Linux for Intel's new 64-bit Itanium chip on the day that it is released to the public. Microsoft however will not be supplying a version of Windows for Itanium until sometime in the fall of next year, several months after the expected May release of the new processor."

lizrd writes "The New York Times is reporting (yeah, yeah, you gotta sign to read it) that several Linux distros will be shipping stable versions of Linux for Intel's new 64-bit Itanium chip on the day that it is released to the public. Microsoft however will not be supplying a version of Windows for Itanium until sometime in the fall of next year, several months after the expected May release of the new processor."

hardcorebit asks: "Interactive Software Engineering has announced that a version of the Eiffel programming language, called Eiffel# is available for Microsoft's .NET initiative. The .NET framework provides a common type system and inheritance mechanism for different languages. The claim is that Eiffel# programmers can use this to seamlessly integrate code from other programming languages, across networks, and so on. The only thing is that .NET doesn't support multiple implementation inheritance, so Eiffel# currently lacks this feature. There are one or two other differences as well. I'm not an Eiffel expert, so I'd like to know whether the missing features matter and if so, how much." First C# and now Eiffel#...is Microsoft trying to wrap some of the more popular languages in it's .NET initiative? If so, how effective can it be if Microsoft is leaving out features like multiple inheritance and the ability to redefine features in descendant classes?

Mayank points to this interview at FreeOS.com with Red Hat CTO Michael Tiemann, in which Tiemann discusses why the Hat shipped a development kernel with their 7.0 distribution, journaling filesystems, the openness of ecos, and the competition (no, not that competition). It's a good read, though it would be cool to see the same questions addressed at even greater length. Guess everyone has a time limit, though;) [Updated by timothy:] I flubbed, that should read "development snapshot of gcc," of course, not "development kernel." Stop hitting me.

anubis__ asks: "It appears that Microsoft has an XSL ISAPI filter available for IIS. This enables you to, among other things, serve up a different XSL stylesheet depending on the client device. Something like this will become invaluable with the growing mobile phone/PDA browser market. Is there a module available (or in progress) for Apache that does something similiar with XML? I know it can be done with SSI and PHP."

bmongar writes " DrDobbs has an article about a project for a mirrored universal astronomy database. Jim Gray basically wants a netowrk of observatories around the world to publish their data and mirror other observatories' data. Basically creating a quadruple redundant system of data all avaliable online. He wants to create a new type of astronomer, the astronomer that is a data miner." As the article also says, the guy behind this is the guy behind the TerraServer as well.

F.Prefect writes: "Microsoft is going to be releasing a 'subscription version' of Office 10. This version will actually stop allowing a user to create new documents after the subscription period ends. Read their press release. Although they will still offer a non-subscription version for more money, I can't help but think that Office 11 or some subsequent software package will do away with non-subscription versions entirely ..." Seeding of the .NET "cloud of services" has officially begun, it looks like. Press releases, of course, try to make you want to buy the products they're pushing, but this one is a head-scratcher. It boils down to "It works like the regular version, but you get to pay for it again this time next year, too, or it breaks!" Won't IT manager types get tired of this?

spectro writes: "Wired is reporting the first two-way satellite Internet service has been launched by StarBand. The service promises speeds up to 500Kbps down and 150Kbps up, but a ping latency of about 400ms, so gamers are out of the question. Anyway a nice alternative for those of us who cannot get DSL yet, but watch out... The Evil Empire is part of the joint venture." It's nice to know that someone has finally made the leap, after years of promises and millions of R&D dollars. Check out the article for information on some of the competition, too.

NoInfo writes: "You've heard a lot about XML, SOAP and the idea of Web services. All of which have been intriguing me a great deal lately. Sun, Big Blue, MS, Ariba and others have teamed up to create UDDI.org. The site describes a bit about their idea of companies publishing the electronic services they provide. They will also eventually let you search a registry of those businesses and their offered services, including any exposed 'Web services' they provide. With all these forces behind it, perhaps it's not even a question, but will UDDI and/or Web services 'fly'? Are there any Slashdotters aiming to provide Web services, despite its heavy backing by Microsoft?" If this lives up to its promise of platform independence, then may turn out to be something incredibly useful. Are there any readers involved in UDDI who can comment further on how things are progressing?

Cabal writes: "I recently came across this article on Linux Journal. It discusses some of the more interesting legal ramifications of the theft of Microsoft's source code that I hadn't even thought of and it's effect on open-source projects. Basically, it's saying don't go near any code claiming to be stolen from MS, and with good reason, including quotations from the Samba project. Check it out, it's a good read."

Once a year, would-be cyborgs and their creators congregate for a few days of catching up with each other and the state of the art at the International Symposium on Wearable Computers's conference, sponsored by the IEEE and corporate sponsors like Microsoft and Compaq. Ever-lighter and more colorful head-mounted displays, innovative input devices and boundary-stretching ideas on human/machine interaction conspire to attract strange looks from startled pedestrians or frank admiration from fellow participants. When ISWC2000 began Monday in Atlanta. it marked the fourth such gathering -- the event has been held in San Francisco, Pittsburgh, and Cambridge, Mass. ISWC is about equal parts trade show, academic conference, and family reunion for a visibly different kind of family. Since ALS had ended just one day before, I stayed in the Peachtree state an extra few days to check it out. Read on to see what I found.

Excuse me, is that a StrongArm? A survey of the show floor reveals that wearable computing in the year 2000 is still a small, specialized field. Despite cyberpunk literature, Max Headroom, AT&T "You Will" commercials and cell-phones equipped with earbud mics to get us used to the idea, the cost and discomfort of wearing one's own computer still makes it anything but mainstream. Input devices are awkward, displays are expensive and for the most part too obtrusive for casual use. The interface discomfort is more than just physical, too -- it's semantic. Many of the computers demonstrated at ISWC 2000 will run the same applications as your desktop PC (since they're based on shrunken X86 hardware), but simply aren't built for it when it comes to interface. Typing a letter is still easier at a standard keyboard and a conventional monitor than with a forearm keyboard and a monochrome eyepiece, in part because "typing a letter" is something we're much comfortable with in another setting. The niche that wearables will fill is still being hewn -- by the people at ISWC, in fact.

Unlike Comdex, CES, or even Linux World, there are no hordes rushing the door seeking T-shirts and yo-yos. The attendees mostly seem focused on the technology at hand, and catching up with what their academic colleages or business competition are doing. As you might expect, that means improving battery life, devising and improving useful applications, tweaking both input and output devices to be more intuitive, and making the actual hardware of wearable computing more comfortable.

Three basic groups come to strut their stuff at this kind of event: Systems vendors, component manufacturers, and academics. In a field as technical and experimental as wearable computing, rigidly separating the three is difficult sometimes. Besides which, some of the companies which could be selling wearables are at present still circling the outskirts before entering the field outright (like IBM, whose Linux-equipped wristwatches were demonstrated to oohs and aahs, and Compaq, whose iPaq is belt-mountable and capable, but not a "wearable computer"), and some former industry bigwigs have returned to academia, like Steven Schwartz, who headed research for Xybernaut before migrating to his current position at the MIT Media Lab.

The few true systems vendors tend to be focused on industrial and government applications, the kind of roles that can justify the latest, most capable hardware even if pricey: that means their market is focused on high-margin sales and hardware which doesn't much see the shy side of $3,000, but which is polished and presentable with ergonomics, true wearability and niceties like voice recognition and wireless communication present and accounted for.

The component vendors, on the other hand, span a huge range -- everything from budget displays (like the $500 M1 from Tek Gear) to materials which could serve as the infrastructure for future wearable systems, like the high-tech fabrics developed by Bekaert -- Bekaert's Douglas Watson showed me spool of thread I assumed was some sort of fortified cotton, or perhaps silk, but which turned out to be stainless steel. "It turns out that steel ends up having many of the same characteristics and flexibility as cotton or polyesther, when you get to the same filament diameter, he said. And at a company called Foster-Miller, Senior Engineer of Materials Technology Brian Farrel showed off the items on a table display which included military-stength cloth straps through which are woven nearly any kind of data cable, from USB to fiber-optics, or in some cases electical power connections. Foster-Miller also had vests stuffed full of haptic sensors, developed as part of a program to help fight spatial disorientation among pilots. (A gentle nudge from one of the sensors helps orient pilots who may have briefly lost their true orientation.)

Companies specializing in nothing but display systems, like MicroOptical and Liteye wowed visitors with their latest displays as well. The most-worn displays among the wearable-equipped, though, seems to be the lightweight Micro-Optical.

And probably most important in the long term, there are academic groups -- research groups from CMU, Columbia, MIT, and GA Tech are all represented. Xybernaut and VIA may sell complete systems to industrial users and the military, but universities are still the biggest source of design ideas and basic research in everything from software to analysing the potential of wearable hardware to cause musculoskeletal distress. (More about academic types on Friday.)

Established players If you're looking to buy a wearable system outright (or have a few pitched to you), ISWC is one of the few opportunities to try on a range of devices and actually play with wearable computing outside of the design studios and graduate labs of elite universities, and without forking over thousands of dollars.

There are relatively few companies who've been around long enough or sold enough computers to call major players in the wearables market, but two old names in the young field are VIA and Xybernaut, both of which had booths on hand to demonstrate their latest machines and give hints about future models.

Xybernaut, perhaps the best recognized name among wearable manufacturers, demonstrated several variations on their XXXX. While it's hard to not call many of the devices around the floor "futuristic," Xybernaut's sleek machines practically define the term.

VIA (from high-tech Minnesota) showed their devices, too: their current model, the VIA II, is about the size of two very fat wallets, and flexes to allows the sides to fit comfortably against the body. Plans are also in the works for a model integrating a low-power 600Mhz chip and 128MB of RAM. (Now from where does that sound familiar?) The folks at VIA promise an announcement about that new model at Comdex, but there aren't that many lines to read between here.

Not-so-established players Tiqit, a commerical offshoot of work at Stanford's Wearable Computing Laboratory, demonstrated their "matchbook sized" machine (I say more like a pack of cigarettes), which they claim is the world's smallest complete x86 PC, and that it is shipping now. Unusual in that it relies on a 486 chip rather than the ARM, StrongARM and low-power 586s which seem to dominate the show, the Tiqt instead favors sheer tininess over computing power. It still has enough muscle to serve web pages, edit text, and do most of the functions that wearables are called on to do at present, with the exception of processor-intensive chores like speech recognition.

Another academic offshoot, this one from Georgia Tech's famed wearables program with Thad Starner is called Charmed Technologies (about which more in the second installment) -- but check out their site for plans free for your use to build your own wearable computer case, fitting standard PC104 board, before it gets slashdotted.

... but then I'd have to kill you.

John Murray, Director of Software Engineering for Pacific Consultants LLC, was showing off something a bit more exotic than even the other complete wearable systems: field-computers that PCLLC is building in limited quantities for the U.S. Army, having beaten out giants like Raytheon to build for the Army the ruggedized wearable system known as Land Warrior.

The system is built for abuse -- connections are all military-grade and waterproofed. This all comes at a weight cost that probably puts military-spec wearables off most people's list: around 16 pounds worth of electronics, batteries and cabling is joined by an external antenna the diameter of a gun barrel, a shoulder-mounted GPS receiver, a small flat-panel display and a full-color 640x480 prism display manufactured by NAME. The processing unit (a 166MHz Pentium processor on a PC104 board, mated to 800MB of flash disk and 64MB of RAM) is carried separately from the radio-spectrum communications module, which contains a standard 802.11 card.

Ron Hill, a retired Army Sergeant (first class), and now with the Omega Training Group, was in full camo dress and wearing the system. Murray pointed out that the cable connecting the wireless module to the CPU (worn around Hill's back) is actually a USB connection, finegled into military-style cable and connectors. Other than such specialized connections, though, the componenents themselves are fairly standard, just ruggedized.

If the weight wasn't enough to dissuade you, though, this might be: all told, Murray says the system costs ten to twelve thousand dollars per person. "But we're still early on. Those costs should drop considerably as we increase the numbers. That cost is with each system being built one at a time, and we're a small shop."

Right now, the system is running windows 2000; part of that was expediency, because we only had 9 months to develop the thing, and part of that was because the military wanted it to run with certain pre-existing pieces of software." Murray admitted interest in switching to a real-time OS such as QNX, or perhaps a Linux-based real-time system.

Try this on for size Not everyone fits into one of the neat categories of vendor or academic, though, and not all of the wearables at the show look like bladerunner props, either. Jonny Farringdon, Senior Scientist in Wearable Technologies at Philips' UK Research Laboratories, held forth in a booth festooned with heat-sensing bras, gloves which measure sexual arousal (well, galvanic skin conduction), and other oddities which might not seem odd for long. Specifically, two of the jackets on display at the booth went on sale this month in Europe as part of Levi's Industrial Clothing Division line.

"4 of the jackets [in that line] contain fully-integrated electronics," he says, pointing to a khaki parka, as he begins unfolding and peeling the velcro around a multitude of pockets and flaps to reveal the inventory of a small electronics store scattered through its folds, and headphones which snake through the fabric. "Microphone in the collar, GSM mobile phone, MP3 player, remote control. All hidden and discrete -- it looks like you're wearing a jacket."

He demonstrates the system integration built into the jacket/system with a sample phone call. "Let's say some one rings you up It knows, it switches the music off, it patches the phone call through the same headphones, you talk -- not into the collar, you just talk -- and when you're done, it hangs up and switches the music back on." And it works the other way, too. "If I want to make a call, I dial by saying your name, it looks at your number, connects the call, switches the music off. If the call is taking a long time to connect -- as GSM calls tend to do -- it plays me music in the background, then when the call connects it switches the music off. I can play you my MP3s through my phone."

Check back Friday for more on the academic aspects of the ISWC2000 in Take 2: Vested Interests.

alecto writes: "The Naked PC page directed at independent computer shops compares selling PC's without an operating system with "selling a house without a roof." It also implies that the dealer knows "full well" the buyer's just going to install an infringing copy of Windows -- and that they should "politely decline" to sell a machine without an OS. The just-below-the-surface message is that dealers could be liable for infringement if a customer buys a "naked" machine from them and subsequently installs an infringing copy of Windows. (Nowhere in the text is the possibility that the customer might want to install a legal, free operating system mentioned.)" It's very much a salesmen type help piece, but it's a pretty funny read. The most amusing comment is that they say "tell them that you're best equipped to install the OS." I'm kinda curious, who keeps the default install? I mean, even if it's Windows, I always had to reinstall just to make it functional anyway. Maybe that's changed, but I still hear that solution in a context that makes it sound like conventional wisdom.

cluge asks: "MS still proudly presents their Linux Myths Page and recent Dell commercials show Linux as a 'lower end' solution. This seems even stranger coming from Dell when you look at all the the Linux solutions that they are offering. The comparison made in their print adds compare 2 machines with vastly different amounts of memory (or so has been reported here and elsewhere). With a new kernel coming out, should the Linux community tune a couple of machines and set up an open test? Test the following: static Web serving, file sharing (Samba or NTFS), and routing performance. Having Linux knowledgeable people run the test allows performance tuning for the application being tested. The testers comments and recommendation on performance tuning will be valuable to the entire Linux community and the tests will let the community know where it stands, win, lose or draw." So how much difference does a year make? Do any of the claims on that page still hold any merit today?

OrenWolf writes: "Microsoft has threatened to sue the current developers of r/w NTFS support in the Linux Kernel. Details can be found in the current Kernel Traffic post." No, your honor, we aren't a monopoly.

perikalessin asks: "It's obvious that software companies can get to the point where they're large software companies and still generally tend to be only reactive when it comes to security issues, not proactive, in terms of getting security audits, evaluations and certifications on their products. After several weeks of research, on and off, interwoven with other projects, I finally found the important keywords for anyone who wants to look into this topic: 'security evaluation', 'Common Criteria', 'ICSA' and older phrases: 'ITSEC/TCSEC' and 'Orange Book'." If you've ever performed security audits on software, your input would be greatly appreciated.

"It turns out that the much-touted Microsoft Windows NT 3.5 and 4.0 TCSEC C2 rating basically states that the operating system assures separation of users and data and audits user and security-related events -- capacities that are essentially standard expectations of any modern 'enterprise' operating system. That rating is essentially two (2) levels out of seven (7) from the rating for utter lack of security (D1). See the U.S. Government's Commercial Product Evaluations page and its associated Trusted Technology Assessment Program (TTAP)'s FAQ entry on TCSEC evaluation rating interpretation for more information. For now, be aware that the evaluation ratings go non-intuitively, from lowest to highest: D1, C1, C2, B1, B2, B3, A1. Microsoft's rating also only applies to very specific configurations of the Windows NT Operating System and none of its frills -- like ASP, for instance.

Still, even from the standpoint of researching evaluation and certification options, it looks like only International Government Evaluation (i.e. the 'Common Criteria' evaluation process) and perhaps the ICSA certification are available to any vendor who wants to be pro-active and benefit from standards in the process. (Please let me know if you know better!) And I've talked with a number of hacker types who sneer at the idea that any of these certifications are worth the money and effort to put into them.

At the same time, pointy-haired types eat this certification stuff up. In point of fact, government contracts can be much more possible and much easier to obtain if you get certified this way, and as Microsoft's spin-doctoring of their C2 TCSEC rating points out, it just makes the company that has the rating look more responsible, all around, or can, if your readers and customers don't know what the rating actually means.

Sure, it's possible to contract with any security auditing firm to get something or someone to say that your product's at least minimally secure, but it's still unfortunate, but true, that if you want any kind of widely-recognized, standard certification, you'd better actually seek out some kind of formal evaluation and rating.

Do people agree, disagree, and either way, can they prove it?"

Chris DiBona, a man of many titles (Linux Community Evangelist, VA Linux Systems; President, Silicon Valley Linux Users Group; Grant Chair, Linux International) passed to us this reminder that for all the (occasionally legitimate) claims of standards compliance out of Redmond, subtly breaking standards in the name of "improvement" can be far worse than more blatant attempts. Hint: supplanting ASCII is a bad idea. (More below.)

Chris writes: " So here's an interesting feature from our friends at MicroSoft. They've decided that Outlook 2000 users by default really don't want to communicate with the rest of the world, preferring to communicate only with other OL2000 users.

Now, while I don't have any problem with people extending the content of an e-mail with attachments, i.e. sending html-ized version and v.cards, it seems downright stupid to make the default behavior of ol2000 to send it's e-mail only in MS's proprietary TNEF format.

Now, It's clear that they've had some support calls on this, as proven by this KB Entry. So that means that they caught some flak for it. But they haven't changed it.

Fun Quotes from the KB entry:

• In addition to the receiving client, it is not uncommon for a mail server to strip out TNEF information from mail messages as it delivers them. If a server option to remove TNEF is turned on, clients will always receive a plain text version of the message. Microsoft Exchange Server is an example of a mail server application that has the option to remove TNEF from messages.

This means in essence that unless you are using a 'TNEF Aware' server -- like, say, hmm, MS Exchange -- you may not be able to read your mail. I may be reading a bit much into this paragraph, but it seems to me that this paragraph says 'if your friends can't get your email, it's their servers fault, not yours.'

And to take this the further, go join the EFF if you haven't already, step, suppose somone were to circumvent the protections on the TNEF format and write a program that could understand it, would you be liable under the DMCA section on anti-circumvention? Admittedly, I'd be surprised if MS took this route, but it's worth considering every single time you think about decoding proprietary formats. Does this mean strings is now a circumvention tool?

Anyhow, if there are any microsofties out there, do the right thing and cut down your support costs by making ascii the ol2000 default transmission behavior for text. And for anyone using Outlook 2000, you should switch to a program that your friends can actually recieve email from. Or at least shut off that option."

Whaddya wanna hear? a) Microsoft's licensing practices, while never to everyone's taste, perhaps, seem to have mellowed at least a bit from the projected future of pay-per-reinstall. 2) The SDMI boycott you read about here lately has lost a key proponent; the reasons are unclear and so is the eventual outcome. iii) If Linux is too cool, BSD too smug, Windows too ridiculous, perhaps you need ... a truly infernal OS. N) Yet more proof that Carnivore and its ilk may be annoying and a threat to the average user, but hardly a sting to a wired criminal worth his salt. All below.

Frankly, this would have been just too silly. steveha writes: "Microsoft just changed their 're-imaging' payment policy. Companies buying computers that come with Windows installed can once again re-image the system hard disk without Microsoft demanding an extra license payment. Here is the official Microsoft document. Computer Reseller News had the story."

Burn baby burn. rpeppe writes: "briefly, you can download Inferno here, for free.

you might remember from a month or so back that the UK firm Vita Nuova obtained rights to Inferno, a next-generation virtual/embedded OS created by the likes of Rob Pike, Ken Thompson and Dennis Ritchie. Inferno uses many of the ideas from Plan9 but, unlike Plan 9, there are no restrictive hardware requirements - it runs as a "virtual OS" under Linux, Windows, Plan 9 and others, mapping the resources provided by the host OS into a standard form for programs running within Inferno, which will run without change on any platform running it (including on bare hardware, such as SA1100 or MIPS)

we've just made free downloads available (for any use) for Linux, Windows and Plan 9. the actual kernel is not open source, but the download includes open source for all the user-level code in the system (applications, libraries, etc), plus unix-style documentation so there's plenty to tinker with.

this is a system that is genuinely trying to address the problems that are "too deep for unix to fix" and includes all sorts of interesting takes on some of the original unix philosophy (after all, it represents 30 years of evolution from the unix original). plus it's a really nice environment in which to write genuinely (and elegantly) portable programs."

Taking the meat from the jaws of Carnivore. An unnamed correspondent writes "Found a nice article on the circumvention of Carnivore which details steps one can take to avoid big brother. Article is nicely written which has a strange reference to the NSA's Verona project of World War II."

Nothing here may be all that new or surprizing to those already interested in online privacy or cryptography in general, but if you ever need ammunition in an argument about the nice government versus slithering heroin-dealing kiddie-porn terrorists, it'd be nice to point out how accessable these methods are to all involved.

OK, who has what up their sleeves, and why? Fervent writes "Interesting twist in the SDMI boycott -- Don Marti's backing down a bit. Apparently he and Leonardo Chiariglione, executive director of the SDMI, talked and found ways to get along about secure music. The article is here."

I'll be impressed if the music industry or anyone else can come up with a high-quality music format which can't be effectively copied with a modicum of hassle. "Anything that can be read," etc. Thta's not about to stop them from trying on both technological and legal fronts. Of the two, I'll take technological any day.

4/3PI*R^3 writes: "In a recent /. posting Paying Twice for Windows we read about how Microsoft contracts obligated businesses to pay twice for Windows if they used disk imaging software. Well, it appears there has been some backlash and Microsoft has modified their position (MS-Word doc) on disk imaging software. At least for Select and Enterprise customers. This still does not help the small shops that can't afford these licensing options."

jinx_ writes: "For those of you who were interested in the OpenBSD IPv6, Microsoft has a site of their own on the subject. 'Microsoft Research (MSR) is writing an Internet Protocol Version 6 (IPv6) implementation to further networking research on the Windows NT/2000 platform. USC/ISI East is our partner in this development. Due to external interest, we have decided to make a beta version of this implementation publicly available in both source and binary forms.' Sounds like it would be fun to play with at least." Anyone know anything more on this? Post below, please.

Step right up ladies and gentlemen and behold, quickies so amazing, that you may not want to stare directly at them. First up, a trio of Microsoft bits: Ethan sent us an RFC for writing RFCs in Word. Russ pointed us to a great entry contained within the microsoft knowledge base. and an anonymous reader noted that boardwatch is selling BillGatus of Borg posters again. You may need a soundtrack for this one: chisox sent a bit about Jem Finer composing a thousand year song (and a machine to play it). If generative music ain't your thing, Jason noted that MC (Stephen) Hawking has made some of his R&B and Rap cuts available in MP3 format. And while it isn't exactly music, Several folks showed us the way to best learn about Semi Conductors: have Britney Spears teach it. wishus's submission is much less educational: he's kissing up to me by telling us that Sarcasta's latest update is in depth study on Carpal Tunnel Syndrome. If you need some images to enlighten and amuse, B.D.Mills noted that stinky meat is back if you didn't get enough the first time, Ant sent us the correct use for the new mac cubes, and danfairs sent us a picture of... well, a fire extinguisher. table and chair pointed us to Political Arena, a Quake 3 modwhere you blow up the political candidates (is this treason once one of them gets elected?) If blowing up Bush isn't enough stress reduction for you, einstein has shown us how best to customize your case and void your warrenty in one swing. Of an axe. Kartoffel wrote a CueCat interface for BeOS as well as a Mr T vs. CueCat Comic Strip. Even more offensive then another Mr T vs. episode is a comic featuring Admiral Ackbar debating Napster sent in by georgeha. Last of all, if you didn't know, Spinal Tap is back out in limited release. God what a great flick. Just figured I'd mention it ...

paulywog asks: "I've used a fair number of non-Free (Beer) scientific plotting packages during college and as an engineer -- including Matlab, SigmaPlot and DeltaGraph, Excel (ick), SAS, my trusty HP 48G, among others. Lately, I've been looking for OSS resources that can provide similar features. Part of the reason is that there are some features that I've wanted, but never been able to get out the other software. One feature in particular: shade the area between two curves or shade the region outlined by error bars on this plot. I'd like to hear what experience other scientists and engineers have with OSS plotting packages in terms of ease of use, power, and flexibility."

wishus writes: "The Compaq iPAQ is Compaq's PocketPC offering, with a 206 MHz Intel StrongARM. Microsoft beware, though, because there are now 2 different ways to put Linux on it - Compaq's own is at handhelds.org and the second, announced yesterday, is from Century Software. They are actually two very different means to the same end - Linux and X running on the iPAQ, complete with handwriting recognition." If only it had 802.11 wireless support, I'd be there.

Lady and Gentlemen, sit back and brace yourself for the assault of the quickies: AlexPixel sent us the curiously named Bilbo.com which actually sells feet keyboards for key modifiers and mouse clicks. cadfael sent us a sordid tale of a coder scorned. Some billboards: first from Ant we have a windows error and from mazur we have a bit of unix (must be california ;) mmca noted that scientists have discovered why candy wrappers are loudest in movie theaters. IcesTorm-I noted a supposed windows bug that will make ya wonder. DuncMonk sent us a cool comic strip called Sinfest that you might wish to add to your morning coffee. How about the x86 Still for those of you who believe that controlling your stereo, lights, garage door, and neighbors dog just isn't enough for your PC. Not out there enough for ya? How about RSA implemented entirely in javascript? (Doesn't work for me ... I leave that crap turned off ;) And finally to leave everyone on the proper melodic note, gribbly Symphony #2 for Dot Matrix Printers. Fortunately it's available in MP3 just in case you don't have a dot-matrix printer still handy...

Adam Bertil was one of a number of people who've written about the recent announcement from www.plex86.org that Plex86 will now run DOS applications. Kevin Lawton apparently did the work and a screenshot is on Plex86 ^[?] .org.

viktor_haag writes: "Report on MSNBC today of a new vulnerability that exploits a hole in (at least) Microsoft Outlook. The bad news is -- this time you don't even have to read the email; in fact, the exploit can take place before Outlook even places the email in your Inbox. Looks to involve overloading the message's Date header field. MS says they're going to release a security patch on July 19 to fix this hole." The irony is of course that we're so jaded by all these sad macro viruses that when something this serious hits, we shrug it off as 'Just another security hole,' but this one is massive.

18buddhas brought us stories and pictures of id Software's New Office. TheLocustNMI busted some MC Paul Barman and Commodore 64 on us. Geek rap, eh? Apparently C-64 is the sixth-most downloaded Jewish hip-hop group on the planet. An anonymous coward told us about grown men with joysticks on their heads. a2fan shared the super-secret Microsoft Breakup Plan. Ant told us to check out some commercials, and then akaChe got our hopes up with the iTari. Combat, anyone? Fish shared the proposal to encode Basic Egyptian Hieroglyphs in Plane 1 of ISO/IEC 10646-2. Speaking of history, another anonymous coward sent in the link to a really great PBS parody, The 1999 House. tobyjaffey (aka trj) wrote in about the Geekshirts project at SourceForge. Josh Woodward told us about the scary fact that Sometimes Barney Starts Playing Peekaboo on His Own.

illuin writes: "There's an interesting article over on BetaNews with a potential take on Microsoft's vision of the future internet, and internet based applications. Of course, it sounds quite a bit like Project Oxygen (press release,) currently being pursued by MIT's Laboratory for Computer Science." The recent "dot-Net" announcement by Microsoft throws a new light on Oxygen, and on other distributed projects like Gnutella and Freenet. Project Oxygen and Microsoft may have radically different views on how all this diffuse computing ought to act and be organized (read "Who pays, how much, to whom?"), but the fact of widely disseminated files and an increase in ASP-style distribution seems inevitable.

illuin writes: "There's an interesting article over on BetaNews with a potential take on Microsoft's vision of the future internet, and internet based applications. Of course, it sounds quite a bit like Project Oxygen (press release,) currently being pursued by MIT's Laboratory for Computer Science." The recent "dot-Net" announcement by Microsoft throws a new light on Oxygen, and on other distributed projects like Gnutella and Freenet. Project Oxygen and Microsoft may have radically different views on how all this diffuse computing ought to act and be organized (read "Who pays, how much, to whom?"), but the fact of widely disseminated files and an increase in ASP-style distribution seems inevitable.