Slashdot Mirror
Slashback: Mexico, Ukraine, Oceania
... and you'll like it! LupusUF writes: "As everyone knows by now...Kazaa is using top text links Kazaa is using top text. But not only are they using them, they are badmouthing people who complain about them. When someone posted a complaint, a Kazaa moderator (Super_Harris) started out his reply by saying "How Dare You!" and then went on trying to explain why they are using top text. Another moderator makes some more poor excuses in the same thread. The same thread also has some very useful information about the spyware that kazaa has installed with the latest version (cydoor, Onflow, New.Net, WebHancer).
My advice would be to get ad-aware.
I hope Kazaa starts treating its users with more respect, and at least gets moderators that can answer questions without treating their users like idiots."
Sircam Sircam A quivering, cowardly reader wrote to point out that sensitive Ukranian government documents were apparently leaked by the Sircam virus. Even juicier than the steady stream of love notes, recipes, tax information, homework, bids and schedules that keeps flowing into my mailbox.
Don't look for much help from Microsoft on this, either, and hardly any from ISPs. Most of the ISPs I've contacted still claim not to have heard of Sircam, and say "it's not our responsibility." Email from Microsoft (after I cc'd them on a few of my virus alerts) equally disclaims responsibility. Funny how Sircam never made it to the front page of their site. Kudos to Charter Communications for calling customers to let them know they were infected -- and a pox on Prodigy for refusing to.
May the path of least resistance rise to meet you. Alec Muzzy writes: "Wired has a story about a failed plan to install Linux on computers for Mexican Schools in an effort to save money. Instead they have decided to run Windows, because Linux wouldn't run on their hardware. As they say, 'It was easier to go with Windows.'
Here's a perfect example of where the free cost of Linux should have been an advantage, yet they decided to go with Windows instead. Does this mean that the costs of running Linux are higher than the cost to purchase Windows?"
It's just cheaper for Mexican schools to pirate Windows than to learn Linux. Wouldn't you agree? ;-)
Can't use an OS because you've never used it before? Learn to use it!
/dev/fd0 /mnt/floppy. Yeah, mount, then a space, then a backslash, then d, e, v, another backslash, f, d, and the number 0, then a space, then a backslash, m, n, t, backslash, then the word floppy. Floppy, f, l, o, p, p, y. Thats right Mom. An error? Oh, that means you don't have FAT support compiled into your kernel. O.K, heres how you compile a new kernel...."
"Hi Mom! Whats that, you can't open the word document you were sent by your friend? Oh, O.K, follow my instructions. Open an xterm first. An xterm. Oh your using KDE arn't you? See the little icon at the bottom of the screen that looks like a screen? Yeah, the black one. Click that. O.K, has a window opened? Great. Now, type su and press enter. No, s, and then the letter u. Su, yeah mom. O.K, now type your root password. Thats the one, on the peice of paper I told you keep safe. That one, yeah. You can't find it? Keep looking Mom, you really need that password...you've found it? Good. Type it in, and press enter. No Mom, it won't show you what you're typing. Oh right, you must have typed it wrong. Type su and enter again, then type your password in and press enter. Did it work? Um, how can you tell? Does the bash prompt say "root" or "mom" on it? The bash prompt. The writting on the left of the window, on the line you're on. It says "root"? Good. Now put your disk in the drive. Type mount
So on and so forth. Yeah, Linux for everyone! Wooo!
It's pretty amazing to me that they decided to buy a $100 OS instead of a $30 modem card, and in general Linux requires fewer system resources than Windows. And having problems installing because of old drives not being able to read CD-R's is a little silly, too -- for the volumes they're talking, they could easily press their own CD's for almost nothing. I have to believe that there's something else going on there. Like it being absurd to have 2 people responsible for every aspect of of deploying computers and software to thousands of schools without any staff for training, backed by a bureaucracy that was willing to give $millions to MS rather than building staff to support this project.
:-)
Kickbacks? Corruption? How much would MS pay to keep latin america from developing into a center of Linux/open source development?
amavis works well, though there is the obvious performance hit due to the extra processing done on every message. With some optimization, you can get the performance to stay at an acceptable level though.
--
Sendmail -> AMaViS -> Sophos Sweep ... Does the job VERY nicely! I'd recommend Sophos to anyone!
/. ID is lower than the real Bruce Perens'.
Barely related, but another nice mail server addon is "Drac". It hooks into qpopper or cucipop and uses RPC to update a database of IP addresses allowed to use your relay. Successful auth while checking POP gives your IP a half hour relay window. Others are denied.
The real Threed's
--Threed
Linux installs are like Windows installs in that they are much easier after you have done 5 or 6 of them, but that's hardly consolation to the new Linux user. Even worse, Linux is only a little better if you can get it pre-installed. Even then it's not quite like Windows, and there certainly are quite a few things that aren't well supported. On the other hand Linux has some really cool advantages over Windows, especially for power users. I definitely prefer my Linux desktop over my Windows one, but I have learned to use Unixy tools.
There are some tips that make Linux a little easier to use. First of all, join a Linux mailing list, preferrably one for the distribution that you are using, and spend some time lurking. Yes, I know, you have better things to do than reading 100 emails a day about how to get a particular sournd card working. You don't have to actually read all of the email, you just need to get a feel for what sort of questions are being asked, so that you can A) not ask the same question as the last 400 people when you have a question and B) so that you can learn a little bit about how actual Linuxers get their work done.
For example, a new Windows refugee with a fresh install of Linux almost always heads straight for Wine, because they want to run their old familiar software. Now, Wine is certainly useful for those critical pieces of software that don't have Linux equivalents, but that kind of software is getting more and more scarce all of the time. Instead you should (after making sure that it hasn't been asked a million times) ask some actual Linuxers what they use as a replacement for the software that you would like to use. You would be surprised how enlightening this is. I learned about LaTeX that way (long before Linux had a word processor), and I have been grateful since. LaTeX is certainly not as easy to use as a word processor, but for some types of documents it is clearly the "right tool for the job."
Another word of advice is to refrain from building packages from source unless you really have to. Yes, I realize that this sounds contrary to the whole Open Source ethos, but the way to mastery is long and fraught with many perils (sorry I couldn't resist). Chances are good that there is an RPM package of the software you want to use, and since you use RedHat, it's almost certain to work for you. Save the source code for pieces of software that you want to hack (or debug).
If you decide that Linux isn't for you, try back again in six months to a year. You will be amazed at how far along it will have come. Linux isn't for everyone yet, but it is getting there.
"I started an entire Free Software Project while working at the largest University in my Home Country of Mexico, so I'd know a little something about Linux and might know 1 or 2 other people in Mexico who do too!"
or
"Hey! Didn't one of those GNOME guys come from Mexico? Maybe we should call him and see if he knows anyone..."
Just a thought...
AC wrote:
Two questions.
1) Am I clean or is there something else that I need to deinstall?
2) I didn't know what KaZaA was, and have not installed it. Does anybody know what other programs could have installed eZula/TopText?
I cannot answer that. We deselected the TOPtext installation during the KaZaA setup so it never got to my system in the first place. If possible, get a copy of the Norton System Doctor (NSD) and have it inspect your HD. NSD can usually find dangling registry entries, orphan DLLs, and other nasties that may help you troubleshoot what else may be lurking in your system.
I just had an idea: Go to eZula.com and check their list of partners. Perhaps you downloaded something in the past few weeks/months that you missed. Also, since they get along so well with IE, there is a possibility that they used IE or Outlook (is that what you use for e-mail?) to sneak the TOPtext program into your system.
It's late... I'll let my subconscious work on other ideas. If I come up with something else I'll post it in the morning.
Cheers!
Ehttp://eugeneciurana.com | http://ciurana.eu
I've been using KaZaA for several weeks without intrusions or undesireable software running on my Windoze box.
The latest upgrade for KaZaA, including all the "enhancements" came over the wires either last Sunday or Monday. Neither TOPText, nor any of the other "intrusionware" were installed.
I believe "intrusionware" became a problem for us in 1998 or so with QuickBooks Pro and its desire to install AOL (Corel Draw! also installed some unnecessary crap by default). We realized that most default configurations of shrinkwrapped software tended to install things we didn't want in our (or our customers') systems. Ever since we follow these steps to prevent the introduction of undesirable code:
We found that, 95% of the time, our desktops (and those of our customers still using Windows) were easily rolled back to a known "clean" state by using these tools. The other 5% we had to manually remove one or two registry entries, or DLLs/VxDs loaded during Windows start up. If we absolutely must run a piece of Windows software (i.e. QuickBooks), we can usually pick and choose what to remove and what to leave installed by following this procedure.
About the KaZaA installation
In the case of KaZaA, it drops an upgrade program in its download/share folder. That program gives the option for a "custom install". Deselect (is that a verb?) the options that you don't want such as TOPtext. Watch your registry. No changes to the system.
KaZaA installs some banners and other annoyware under C:/WINDOWS/SYSTEM/adcache. KaZaA's UI is a modified version of Internet Exploiter. It's a web browser with a custom UI. You can disable the annoying ads at the bottom of the screen by:
This process sounds like a lot of work, but in reality it only adds about 2 minutes to every new software installation. It saves us from endless hours of grief at a later time.
Annoyware aside, I really like KaZaA. It's quick, and I've been able to find everything I searched for on it.
(If you see my previous posts, we're a mostly-UNIX shop. We (and several of our customers) run a hybrid UNIX+Samba+Windoze environment. No flames on this, OK? I'm a realist, and business demands that we use Windows under certain circumstances)
Cheers!
Ehttp://eugeneciurana.com | http://ciurana.eu
Take a look at TINY. It was designed for exactly the use you're asking for.
Think about it, you've got a bunch of closed source stuff written by some shady companies, can't imagine that is all the best quality code.
But then, it might be a difficult one to exploit, not as easy as, say, a buffer in an index server extension...
Most of this spyware won't have ports listening, they'll be initiating the contact with only certain hosts. Still, the fact that Webhancer patches Winsock leaves some room open for problems.
So is it possible? Can you imagine the consequences? Instead of 300,000 unpatched IIS servers, you might have 6,000,000 targets (number of Kazaa downloads).
Bleh!
Yes, ISPs should be installing Sircam filters, assisting users with installing such filters, or both. It's in their own interest to do so, to cut back on terabytes of unwanted traffic clogging up their pipes.
It's not good enough to tell people not to open attachments, when those attachments are clogging up their pipe and filling up their disk, or using up their disk quota at their ISP.
If you look at the CERT Advisory, the only fix it discusses is installing commercial anti-virus software... While that might be a good idea, I would think that there's got to be some other proceedure, like Delete this or that, reinstall MS Word, go into the Control Panel and click the little box that says "I'm not a complete fool, and I care slightly about system security, so don't run any damn macros without asking me", or whatever.
Has anyone seen cleanup proceedures discussed? I know little about the Windows world these days, but my friends still have me pegged as The Computer Expert.
I don't expect ISPs to handle viruses, but I do expect them to at least let users run procmail (or something similar) on the ISP's machine so that users can filter some things out prior to moving it across the slower ISP-to-user connection.
BTW, anyone got a good procmail rule for recognizing Sircam?
---
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Congratulations, you've just destroyed the referential integrity of the message. If the message had a MIME-encoded cryptographic signature, you rendered the entire message useless.
:-/
Time to start using _plain text_ again, isn't it? I've never understood the eagerness of stupid mail clients to use Mime all over the place. Ohwell .
The real solution is a well-designed email client:
Uses cryptography to establish trust.
Only automatically opens/runs attachments via sandboxed methods.
Requires user intervention, and by default displays a warning, for accessing attachments that cannot be sandboxed.
To use your own word. Balderwash!
Cryptography to establish trust? What on earth prevents the virus from using the same crypto? The passphrase? The passphrase that may be sniffed from the keyboard by the virus? Yeahrite.
Sandbox model. Well, sure, but don't you forget something? How should the nice little doc be _saved_ for the cluebie, after he opened it in his nice little sandbox?
Note number 3 is ok. User intervention is OK, but it'll make user just click 'ok' all the time, and have no effect except for the first month or so.
--
"Rune Kristian Viken" - http://www.nwo.no - arca
Too bad Symantec's scanners, as of July 27, 2001 anyway, couldn't catch Sircam.
--
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
Try here: http://officeupdate.microsoft.com/OE/scripts/help/ OE-attach.asp.
. asp.
If that doesn't help, you can try here: http://www.microsoft.com/exchange/download/advice
--
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
You laugh, but you'd better believe Microsoft will be pointing to this story whenever one of their potential customers is considering Linux. "Look! Mexico tried it and it was a big failure. Stick with me, boys. Nobody ever got fired for buying Microsoft."
--
Mod up a post Rob doesn't like and you'll never mod again
This is a reply I typed up and started sending everytime I received one of these (annoying 200 Kb bandwidth-wasting) Sircam documents:
Hello. Just to let you know, it seems that your Windows-based PC appears to be infected with the "SirCam" virus (details at http://www.zdnet.com/filters/printerfriendly/0,606 1,2801171-2,00.html, possible anti-virus fix details at http://www.symantec.com/avcenter/venc/data/w32.sir cam.worm@mm.removal.tool.html). It is likely that you, or somebody else who has used your PC, double-clicked an attachment received from another infected user, which caused your own PC to be infected. (Double clicking on attachments you have received by e-mail, whether from a "trusted" source or not is almost NEVER a good idea.)
What you choose to do about this is your business, but I thought I'd let you know that your private documents are being sent to random Internet users around the world -- and not every one of them deletes them unread like I do.
By the way, you might wish to consider switching to Linux. I have been a happy Linux user since 1995, and I have not had to put up with these kinds of viral infections since giving up Microsoft software so long ago.
that Morpheus creates. You'll note that they start off kazaablahblahblah
As far as I can tell, Super_Harris is just some guy with a lot of free time who added "Kazaa Moderator" to his .sig file in a fit of zealousness one day. He devotes a whole lot of posts to plugging his own "advice" website and picking fights with Kazaa critics. If he actually has some sort of official position with Kazaa, I haven't seen the evidence yet.
I'd set one up myself, but with the current climate of sue first and ask questions later, or worse jail first, ask questions later, I'm not too comfortable about the idea, even if it turns out in the end to be a legal proposition.
Now... find a lot of free anonymous webspace somewhere.... hmm...
-Restil
Play with my webcams and lights here
First of all, #2. If a program is secure, it doesn't matter if the port is open. Also, if the system is secure, it won't be able to catch the worm in the first place, and therefore its not a problem.
#4 same issue. If the worm can get in, then you need to be playing a little less quake.
A well designed worm will do the following:
Search for one single hole (lets say a named hole). Install a resident program on the system. Patch the hole. Search out, locate, and infect 100 insecure systems. After infecting 100 other systems, remove itself.
This worm will only infect a machine once. There will be a lot of scanning, but only 100 times and once the first 100 have passed, that machine will never scan again for that vulnerability.
A separate worm should be available for every known exploitable security hole. Obviously here I'm thinking of linux systems, but its a start.
Ideally the scanning could be done to specific blocks of IP addresses in such a way that it will minimize repeated attempts.
-Restil
Play with my webcams and lights here
Yes, when I was working for some school districts in Texas we where able to purchase NT for like $25. $10 more if you wanted a CD set.
load "linux",8,1
One installer that really bugs me is RealPlayer. There is a screen during the install where you select which "channels" you want to subscribe to or something. None of the visible options in the scrollbox are selected, so most people just go on.
Of course the channels that they really want to push are at the bottom of the list and are checked by default, you just can't see them without scrolling down.
That just bothers me.
load "linux",8,1
No, what's really needed is a virus that sends an email to people in the user's personal address book that carries as its payload a letter explaining to all, just exactly why they shouldn't be using Outlook.
-- -- --
To whom it may concern,
You probably know the person who sent this email to you. This person has spread a malicious worm to your computer because they insist on using insecure Microsoft products.
Please take the time to call this person and suggest to them that they switch to another mail client. Here are some links you can point them to:
Pegasus Mail
Eudora Mail
By the way, I am attempting to spread this virus from your machine as you are reading this. If you have taken the appropriate precautions, good for you. If not, expect some phone calls.
Have a great day!
-- -- --
load "linux",8,1
Most people (joe sixpack, joe average, joe professor, all of whom have sisters jane and kids bobby and susie -- my family, the folks down the block, 'normal' people in the world) use a computer as an interesting, more interactive television and storage locker.
... *All operating systems are bad for most people.*
;)
... huh?) I've used the de-installer on Windows two or three times, didn't find it all that helpful or intuitive, in keeping with the rest of Windows ;)
They print papers for school, keep addresses handy on (electronic) sticky notes, click on interesting things they see on the web, draw picures, archive photos, send notes, play music -- all the things AT&T commercials want them to do. That's why they bought a computer.
For them, and for more informed computer users, people who spend hours a day at it, the same thing is true
I'm not that familiar with Windows (though I do use it sometimes) because the guts, even the outer guts, of Windows just aren't all that interesting to me compared to other things I'd like to know about in the world. I don't find the windows interface particularly intuitive, and I enjoy learning its particular brand of not being intuitive much less than I do the non-intuitive interfaces to various Linux environments
I can see a user who installs an app from one dialogue box expect symmetry in its removal -- "Hey, I hit 'install Bingo' to put it on, so I can hit 'uninstall Bingo' to get it off, right?" -- and their expectation I think would be reasonable. It's not fair or reasonable to expect them to understand the assumptions made by a badly labeled, poorly-placed remove option, especially when programs are put on specifically to hide. (Installation puts on 10 programs, de-installation takes off one
For computer jocks (like other enthusiasts in any field) things that are esoteric and obscure to the newbie may be obvious, because they have insider's knowledge, have devoted time and study to it. A lot of them seem to think that only they deserve to use computers.
For *most* users, programs like kazaa's spyware tie-in are sufficiently difficult to detect that the users don't even know they're there.
The esoteric aspect of computers are cool -- it's neat to discover how things work (see Gary Brown's site, and ask him to stop submitting every single thing on it to slashdot;)) and to be interested in the inner workings of electronic things, but there's no good reason to expect people to jump in high on the learning curve of computers, and every reason not to.
Ignorance, not stupidity, is what's being preyed on here, and ignorance is curable, but not by osmosis. Bad interfaces make people feel stupid, so they never care to correct their ignorance in favor of doing other things with their time. So they end up with crud software on their disk, and don't feel like learning how or why it got there, have no idea that it's reporting info to others. ("but it would be trivial to monitor the ports that it might --") No. Again -- Jocks, yes. Most users, No. That's what's so slimy about this stuff.
timothy
jrnl: http://tinyurl.com/c2l8yr / foes: http://tinyurl.com/ckjno5
One simple, specific act that would should have been done by Microsoft years ago, that should have been forced on them by angry users years ago, and which can be easily implemented today with either real mail servers or third-party Exchange add-ins, would stop SirCam and many other viruses in its tracks.
If an attachment is executable, drop it on the floor. (Be nice and replace it with a message explaining that the executable attachment was stripped and, if this is the 1-in-a-million legitimate occurance the attachment should be retrieved from the sender via FTP or HTTP.) "Executable" means anything with an executable extension (e.g., "vbs") or which starts with a Windows executable prefix.
This takes a little bit of time to perform, but it's far cheaper to automatically scan the first few kilobytes of a message than to needlessly send gigabytes of virus-laden mail. It also takes less customer service time than answering mail from irate customers who lost important messages because the virus filled their mailbox, who have lost hours as their system tried to automatically download megabytes of virus-laden mail, etc.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
Well, yeah - in a way: a "vaccine"...
Although not strictly "good" - because vaccines are typically (always? I am not a virologist) made from weakened or dead viruses, which basically give the immune system time to build up a resistance as it fights this lesser threat (and yeah, sometimes even a vaccine can cause the illness it tries to prevent).
But I am not sure it would be accurate to describe a virus-killing/patching virus a vaccine or not...
Besides, all the points you made are valid, and are things that really keep this kind of idea on a back burner...
Worldcom - Generation Duh!
Reason is the Path to God - Anon
Right! As others have said, wait for the BSA audit. What I can't understand is why all those machines even need modems? Throw some cheapo network cards in them, add a hub and put a good modem in one machine acting as a modem gateway (I tend to doubt each machine has it's own phone line, too)...
Worldcom - Generation Duh!
Reason is the Path to God - Anon
I have been needing the help and advice on some things, but files send I to people, no response! Where can send I this file to get advice that I am needing?
Goodbye!
---- El diablo esta en mis pantalones! Mire, mire!
IANAL either, but there's this new law out that should help you with your prosecution. You may have heard of it...Digital millenium something or other.
Is there one main web site out there where people can submit interesting things they've received in order to have their advice? An admitted voyeur, I've been disappointed with the quality of things I've gotten so far - although one zip file full of (clean) pictures of some girl was interesting. I guess this means I correspond with boring people. Oh well.
----
grep -ri 'should work'
I always figured that it would be cute to modify a spammer's bulk mailing program so that it quietly slipped in a couple emails traceable to the spammer. Emails with threats... To high-placed politicians... That should get the wheels of justice going :-)
But I have mixed feelings about making life worse for the dumb clod that catches viruses. Yes, they deserve to be LART'ed, but going beyond that is probably stepping from justice into barbarism.
How about a virus that sends an email to the local paper, which can have a weekend insert listing all the community dumbasses?
A dingo ate my sig...
Yes, I read it this morning. Thanks.
Prevent email address forgery. Publish SPF records for y
Prevent email address forgery. Publish SPF records for y
Strangely enough, I would not object to client/server software that allowed users connecting to a server to annotate my pages and read the annotations of others if:
1) The software did not install deceptively as part of another product.
2) The annotations don't take the form of advertisements and
3) I was running the server or the person running the server asked my permission before pointing it at my pages.
I suppose one might question the value of the stuff on my web page, but it is valuable to me and I'll not stand for it being modified against my wishes.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
As for the installation of Linux on Mexican computers, a great deal of that was probably education. Not many Mexican school teachers would be up to the task of installing Linux. Honestly, they have enough trouble finding teachers qualified to teach anything there. I'll probably get slammed by any Mexican nationals that come to the site, but my impression of Mexican education from when I lived there was that it was well, third world.
I certainly don't blame the teachers. It's, to a large degree, a matter of finance. It's a poor country and they can't afford to hire good teachers and they can't afford to educate good teachers. It's a viscious circle.
I never really had any confidence in the ability of Mexico to deploy Linux in their schools. Just didn't seem likely.
Which brings me to a point of internationalization. How well does Linux internationalize to other languages, like Spanish?
All (or I should say, a great majority) of the computers in Mexico use "Spanish (Traditional)" keyboards (the Windows definition of the keyboards) where the enyay (the n with the squigly line on top) is where our semicolon/colon key is on English keyboards, and most of the non-letter keys are relocated. As well as having the ability to place accent marks above the vowels.
I find your assessment to be a little too biased, sorry. And I say that with having a few years of living in Mexico under my belt. I find that the corruption situation has been improving significatly over the past 5 years.
That said, I don't know exactly where you live, and conditions are different from area to area. As I said in my previous post though, I think it has more to do with a lack of people trained in Linux than with lining a politician's pocket with $$$.
Also, as a democrat, I found your remarks in that area a little offensive. We won't go into the literacy of some of the "great" republicans of recent history cough-cough-Quayle-cough-cough.
I think the slashdot populace (not you, the kind of people whose sentiment was expressed in that line about ISPs) should think their principles through carefully. Most of the time, ISP regulation of your email or access is seen as bad on slashdot. So is government regulation of the internet. I agree. But when there is some annoyance, they want regulation to fix that. Bad idea!!
Annoyances like spam or sircam are not that bad compared to what could happen to the internet if we encourage value-add ISPs like this (or in the case of spam, government regulation). Just press delete or write some damn mail filters. Stuff like the DMCA or the CDA is much, much harder to deal with.
It is true that corporate email systems should have filters for this. Perhaps, if I ask my ISP to block mail with attachments, they should be able to provide that service. But when I am paying for raw internet connection, I do NOT want regulation on that from anyone. Do you?
It's good to want to warn people, but keep it short and simple. The links are nice. Admonishments about double clicking, trusted sources and "your business" can be percieved as smug and are inefective in anycase. Do you know this thing requires a double click? MS will give a scary warning for the links too... the user may be scared to look at your untrusted email links after that.
Imagine getting something like this from some clueless MS user who had been tricked. Replace Linux references in the above with MS BS and you can see how offensive it is. Also, imagine that the files they referenced were not yours.
The essential information you are sending is that you recieved mail purporting to be from them, their machine is infected (must be if SirCam remembers it? imagine if it had an address harvester!), and news links. A three liner should do.
Friends don't help friends install M$ junk.
I'm sure what he meant was that he can't use email ; )
Yup, I've only got a couple of these so far, but I figured the proper thing to do was educate people. And how better to drive the message home than public humiliation - I've mailed them back to give them my advice on the file they sent (as requested), told them how I got it (in simple terms), and informed them that I'd be making fun of them on my web site. Ahhh, it feels good to help : )
The other two posters above have been very helpful, but I think there's one thing that will still need to be done. Sit your friends down, reiterate the fact that they've just sent out private data, and tell them to remember this next time they get a suspicious email attachment.
Hardware compatibility problems have been solved, and the idea to adopt an open-source platform still stands.
This year, 1,400 schools will be equipped with external modems, and Ibarra plans to install Linux on those computers.
Dosen't sound like they're giving up to me. Also, they already have twenty schools running on GNU/Linux. They have schools already on it and they're planning to add more, it's just not a fast or as wide-spread as they had hoped. Just because a project dosen't go off as well as expected dosen't mean it is a failure.
Was Linux 2.4 a failure because it shipped a year late?
Jordan Bettis
``Wherever you go, there's another stupid sigfile quote.''-- ;-)
Kuro5hin.org: where the good times never end.
-- ;-)
Kuro5hin.org: where the good times never end.
I meet "software engineers" and "system administrators" all the time who want nothing whatsoever to do with Linux.
Here's the deal, in case anyone hasn't figured it out yet: PEOPLE WANT DENIABILITY.
"Well, it doesn't work, and we have a trouble ticket in with Microsoft" (Translation: I don't have to do anything for the rest of the month!)
"Well, the Visual C++ toolset have been upgraded, and we need to upgrade several parts of the server infrastructure, and the vendors are shipping late" (Translation: I don't have to do anything for the next two years!)
"Well, the infrastructure has been upgraded, but now we all need training" (Translation: off to vegas for drinking and whoring!)
"Well, the system just crashes -- Microsoft products aren't the greatest, but it's the only game in town. It'll get better with the next service pack" (Translation: I don't do anything but install the crap!)
Dr. Who refered to these people as "The Tesh" (The techs or technicians). They had little interest in science or engineering, or creating anything new, or even improving what they had, but rather had a kind of cult of knowledge where *they* held the secrets and they rarely let anyone else in. Microsoft is the cult, the MCSE/MCSD is the tesh. They can always throw up the "Microsoft has bugs!" excuse when things go bad.
Contrast this with Linux -- all you need is desire, skill and talent. There is nothing hidden, and it's all free. How far can you go? It's up to you.
The choice seems so simple, but I meet more and more programmers and admins who just want to use access and VB -- no interest in anything that is not just "a few clicks to the next paycheck", or anything that could remove their golden parachute of deniability.
Treatment, not tyranny. End the drug war and free our American POWs.
Treatment, not tyranny. End the drug war and free our American POWs.
See my user info for links.
I installed redhat 7.1 on an old HP 386 box that had 4 mb. or ram on it. X is really slow on that machine. Windows 98 will not install on it.
Maybe, since you already have the machines networked, you could install RH 7.1 (it is free) on a machine with a cdrom, then install on the rest via boot floppies and NFS.
My own experience is that Linux runs on more hardware as time goes by, not less.
Treatment, not tyranny. End the drug war and free our American POWs.
Treatment, not tyranny. End the drug war and free our American POWs.
See my user info for links.
Well, telling people not to click on attachments will help at least somewhat. The viruses propagate by social engineering, so it's important to break the cycle of infection by teaching people not to open the attachments uncritically. That won't do anything to keep current infections from sending out messages, but it will cut down on the next generation of infections and may (ha, ha, ha) prevent the next virus from propagating at all. It's certainly better than just ignoring the problem completely, and there's always the risk of deleting a legitimate attachment accidentally if you scan transmitted email for viruses. Just think about the damage that could be done if some cracker inserted a bogus entry that recognized MS Word headers into the virus definitions for the on-server virus scan used by a major ISP. Then you'd have a really nasty lawsuit on your hands.
--
Karma down to 50 again. Thanks Karma Kap.
There's no point in questioning authority if you aren't going to listen to the answers.
Well, since I've never been there I'll trust your apprasial of the situation (it fits with what I've heard before) but I can forsee some outcomes which might still allow a win for Open Source in Mexico:
With the world economy slowing down, there is a chance Mexico might be able to hire some Linux folks at lower prices, especially if they can find some who really care about this issue and are willing to price themselves competitively with the Windows folks in this case.
The next step is to have Microsoft audit all of Mexico's public institutions for license compilance. American corporations are getting that treatment - what makes you think Microsoft won't stoop to grabbing cash from Mexico? Then Mexico audits to find out where all the cash went and a few people who have been skimming the cream get it in the shorts...
The third is to get American corporations to donate their old hardware to causes like this. Linux can do fairly well on older hardware, and if they can be convinced that a bunch of educated Mexican computer nerds are just what they need to solve the eternal shortage of qualified computer people, they may just make a dent. (Plus if they can get a tax credit they like that too.)
A crutical factor is how much autonomy the schools have in something like this. If all schools must meet a national standard, and that standard is windows, we are So Outta Luck. (And so are they.)
I'm actually surprised that the politicians are interested in the details of the software to be installed at all. Are they actively in favor of Windows, or was it indifference that killed (or slowed, at least) the Linux effort? If it was indifference that might be a good sign, actually. Namely, if they don't care and we do, we might still make something happen. Does anyone have a feeling for this one?
"I object to doing things that computers can do." -- Olin Shivers, lispers.org
Given the odds are most of the hardware Mexico will be able to obtain will be out of date, here are some good tools to make a command line based linux distribution a little less frightening, and more importantly useful. It's surprising how much of an unnecessary luxury GUIs are for many things. Anyone with more experience or ideas, tack 'em on.
Desktop Shell:
Midnight Commander - command line mode
http://www.gnome.org/projects/mc/
Flash - An altered version of this might prove extremely useful for schools in setting up a basic, intuitive interface:
http://www.netsoc.ucd.ie/flash/
Typing:
Gtypist - includes a spanish mode
http://www.gnu.org/software/gtypist/
Editors:
nano - The standard easy text editor.
http://www.nano-editor.org/
emacs - Scary but powerful - for advanced students
http://www.gnu.org/software/emacs/emacs.html
Typesetting:
teTex - fairly complete distribution of the TeX typesetting system; probably not necessary for most levels of education, but if formatted text is desirable this is definitely the none graphical way to make it.
http://www.tug.org/teTeX/
Development Environments:
Rhide - Borland like environment for use with gcc
http://home.lanet.lv/~pavenis/rhide.html
Mathematics:
I do not recommend the use of mathematical programs for educational purposes until there is no other reasonable way to solve the problem. However, a powerful and free computer algebra system does exist, and can be run from the command line, so if research projects or some such effort require it:
Maxima
http://www.ma.utexas.edu/maxima.html
Web Browser:
links - ncurses based browser. A nice piece of work. It will not do graphics, but will handle tables and frames.
http://links.sourceforge.net
Email:
mutt - mutt is very powerful. It can be configured to act similar to the pine email system in order to be slightly more friendly to new users.
http://www.mutt.org/
"I object to doing things that computers can do." -- Olin Shivers, lispers.org
If MS was really smart they'd offer free Windows licenses to all K-12 education. Not that they are having a problem keeping users, but that would probably insure vast amounts of Users for Life.
Comment removed based on user account deletion
reminds me of the old rhyme, "For want of a nail, a shoe was lost, for want of a shoe a horse was lost, for want of a horse a skirmish was lost, etc etc etc, all for want of a nail"
"It is a greater offense to steal men's labor, than their clothes"
It has been pointed out however, that Kuchma would hardly have anything to fear from an e-zine like Ukrajinska Pravda, since very few have access to the Internet in Ukrain, and that it was unlikely that he had even heard of Georgy Gongadze.
It is, nevertheless, an issue to be alarmed by.
Employee of Inrupt, Project Release Manager and Community Manager for Solid
For the price of a stinking Network Associates Webshield operating in transparent mode at the router of each ISP, they could filter out most viruses. They could route port 25 traffic through one of these babies and things might be rosier. I chalk that up to lazy/overworked/ignorant admins not caring/able/knowing to put such a system in place. We have a webshield and the only time we saw SirCam was because we had to take it out of the loop for some quick maintenance; the one guy that go it knew not to open it and deleted it.
Of course, security is a process so no amount of filtering is going to keep 100% out. If you still get that one virus headed for the guy in the company with Outlook and who blindly opens every message that comes at him, then you've still got a cultural problem to cure.
"Beware of he who would deny you access to information, for in his heart, he dreams himself your master."
Outlook viruses are, in my opinion, the responsibility of (1) Mictosoft, and (2) the Outlook user, who should be trained not to open crap that comes from random people with attachments! I really don't see how an ISP can help. (Of course, helpdesk people need to know about it, etc.)
sulli
RTFJ.
So when you boil it down, is it cheaper to pay for training the 100's or 1000's that would need it in the ways of linuxy goodness, or simply purchase windows and click yes when asked until the systems are deployed? I think the Mexican School Boards have realized that it is the former, though I suspect it was with the assistance of MS marketting and sales that made it clear to them. PS, Brian Farina can bite my ass!
A company I worked at in Mexico got caught in a BSA audit. They found lots of pirate copies because that's what companies in Mexico do software-wise.
So at the end of the day the deal was a certain NUMBER of computers were identified as having pirated software. The company was allowed to choose which ones. Those computers were "secured" with a legal sticker over the power buttons that could not be legally broken until the requisite number of software licenses were purchased.
So, the company just "chose" to have them secure all their old 386 machines that they were going to get rid of anyway. They then stuck them in storage in the basement and purchased the new computers they were going to buy anyway... but they never broke the stickers on the "secured" computers--and never purchased the "required" licenses. Problem solved.
Organizations in Mexico, for some reason, would rather spend $5 on hardware/software than $1 on human resources. Perhaps it's because there's so much corruption everywhere that no-one trusts their employees to do their job and to do it honestly. Then again, can you blame them when a CS graduate might earn US$1000/month...
Believe me, the reason they went with Windows is because they'd rather pay Windows people US$800/month rather than paying Linux people US$1000/month, even if it means having to spend millions of dollars on Windows license. And, of course, some politicians will probably be taking a good part of that $124 million to their personal bank accounts.
Mexico is a wonderful country, but it's very frustrating to live here and see the incompetence and corruption in decision-making. Believe me, it makes American politics and decision-making seem PURE and reasonable in comparison. Heck, even Democrats sound coherent after witnessing the absurdities and abuses that go on down here--and for a Democrat to sound coherent ought to give you an idea of how bad things are down here.
Anyway, this isn't a blow against Linux. It's about par for the course in terms of Mexican political decision-making.
PS--For what it's worth, I can't really see the government actually paying for all the licenses anyway. They'll probably set aside $20 million for licenses, buy one license, and the politicians will keep the rest.
The punchline was that it wouldn't even uninstall from Add/Remove Programs. I had to reinstall it just to uninstall it nicely.
I've installed Morpheus from musiccity.com, and I'm running Ad-Aware again. Wonder if this'll turn out any differently...
(Side note, damn if Morpheus doesn't look almost exactly like Kazaa.)
Since you post as ACoward, my first impulse is to ignore you and wait for you to be modded down. But here's the deal: you (presumably) and I (most assuredly) actually pay attention to the screens which appear after each click of the "Next" button. For us, then, that's not a problem. What is an issue is the vast majority (care to argue this point?) of windoze users, many of whom are no more than kids, who simply click "next" until a program installs. Yet I believe that most of these people wouldn't want anything to do with some of the spyware which comes with kaZaa.
As for the checkboxes option, how many pieces of software (any commercial word processing app, for example) have you installed which had such a checkbox window with about ten options, some of which you didn't know too much about, and you accepted because that's the default install. Face it, it should be a reasonable expectation that when you install a piece of software advertised to perform a given task, that software isn't going to do a number of completely unrelated tasks which have the further effect of telling a complete stranger what websites you choose to browse?
Kill Smart Tags:
political_news.c: warning: comparison is always true due to limited range of data type
It is definately getting interesting on the discussion thread mentioned at the top of this article. I think the kakaA folks are now realizing just how badly they have screwed up :)
Kill Smart Tags:
political_news.c: warning: comparison is always true due to limited range of data type
I mean, at least BearShare practices disclosure when it wants to install garbage on your machine. And (although I've never felt the need to bother with this one) I'm sure that if you complained to BearShare folks, you'd get a more coherent response than "How dare you! ... blah blah advertisments and buisness..." OK, maybe the writer wasn't a native speaker of English, but I mean, come on. When I deal with anyone, even via email, I at least attempt to make an effort to sound and act like a professional (which, if you met me, is by no means assured). These guys look like a bunch of baked s'kiddies and halfwit marketers to me. If they aren't, then their behavior needs to adapt to what are really reasonable expectations from the consumer which aren't that hard to meet. Picking adware more carefully and clearly stating in the installation what each program is, and why it is installed would be a good start.
Kill Smart Tags:
political_news.c: warning: comparison is always true due to limited range of data type
Anyways, after some discussion, linux turns out to be more expensive for us to use than windows. Why? Because we're a small company. The tech guys there (myself included) double as both programmers and system administrators. All of us know windows inside and out just by using it for years. For upgrades, windows is trivial to upgrade.
Linux is a different story. We all also know how to use linux - but none of us are expert admins at it. We would need to hire a linux sysadmin to be safe and ensure it was configured correctly (yes kids, linux is easily hacked too if not configured right) I've never known a linux sysadmin who worked for cheap. So we spent a couple grand going for a windows machine and setup, and saved ourselves several thousand dollars in the salary we would need to pay someone to maintain and secure the linux setup.
-
but one of the main ones. Another reason was we develop software for the financial services industry, which uses windows far, far more than they use linux.
-
On the KaZaa thread, the first email which I get saying that my site had links which I did not put up myself will send me to an attorney to discuss what I can do to them along the lines of changing my content, including copyright infringment (I know that I'll have to put notices on the pages) and to see if defacing a website charges can be arranged along the lines of prosecuting them like the Code Red Worm writers could be prosecuted. The fact that things were done on the client side instead of the server side should not be relevant (IANAL).
I just downloaded and installed ad-aware. That will teach them!
But I'm still a bit confused, and need some help. What exactly are the files that ad-aware installed along with itself? They're in c:\windows and they're called 'make_money_fast.exe' 'enlarge_your_penis.dll' 'lose_weight.vxd' 'herbal_viagra.com' 'send_all_your_data_to_our_company.vbs' and 'popup_x10.js', and they're set to run on startup...
Now, I swear I'm not trying to defend Microsoft on this, but this is NOT an Outlook virus. Do a little more research on the sircam worm, and you will find out that it will work at any address that it is sent to. The worm is a complete program in it self. It does not rely on Outlook to send mail for it, as the application has it's own SMTP server built in.
m @mm.html
Check out the following for more info on this really impressive... um I mean dangerous worm. http://sarc.com/avcenter/venc/data/w32.sircam.wor
Salon has a pretty good article on the whole parasite software thing. KaZaA figures prominently. There are some reasonable aspects of bundling such software, but it's ridiculuous to do so without a)allowing opt-out and b)clearly notifying users...
Buy Hex-Rated Stuff, fight the DMCA!
I run a small non-profit project for at-risk kids in a slum area in Rio de Janeiro state. We have a small Novell 3.11 network (legally licensed, even though the server does think we're in 1901) and running on a variety of ancient, often rebuilt hardware, ranging from 386-SX-16s to a 486-DX-120. The reason for such low-end hardware is very simple: money (or rather the lack of it).
I have been unable to find a Linux version with a GUI that runs on such low end boxes. Windows 3.1 runs on some, I have OS/2 2.1 on a 386 and Windows 98 on the 486-DX. I'm also using FreeGEM and homewritten VB/DOS software on most machines.
Does anybody know of a low-end Linux distribution (that will ideally install without needing a CD drive) with some sort of GUI and some useful application software that could be used for teaching purposes on such ancient hardware?
Maybe Linux couldn't be installed on some of the existing hardware in some Mexican schools for the reasons?
Comments anyone?
Just imagine a 486-100, 16MB ram, 300MB disk.
I can happily install Win95(the very first ones) plus Off97 (Word - main app) on it, with netscape and pegasus for some web and mail access. Sure, the performance won't be high, but it will work. No way you can get an X-Windows based office suite on that, and with p-200/32mb the difference in performance would be even more dramatic.
This is real, some schools _are_ that poorly equipped. I still have to setup such a system from time to time, and I work for an university .. (Bratislava, Slovakia, Eastern Europe).
While we have some 10-15% of such crappy machines and it's getting better all the time, I can imagine there are schools where such junk is 80-100% of their equippement.