Slashback: Gaping, Wristwear, Screenies

Slashback with ever more on ... the massive bust of illegal software producers reported on last week, the gaping security hole moaned at by those confined to the Microsoft asylum, another review of the new Linux+Java Zaurus from Sharp, and how to get the binary watch you've always wanted. Enjoy!

Too bad there isn't a lot of good Free software. aka-ed writes: "A small update on the "Drink Or Die" busts: Apparently, the feds' move has borne preventative fruit. According to this post from one of the major commercial Usnet services, binaries traffic on Usenet has taken a noticeable hit since the bust, for reasons speculated upon in the post itself."

Open wide, and say "mmmmghrfgghfgr." atreus42 writes: "Microsoft has released a patch to fix the Gaping Security Hole(TM) in Internet Explorer 5.5 and 6.0. This security bulletin details the file extension/content header spoofing bug that would allow bad people to disguise a downloadable executable file as text. The internet isn't doomed after all..."

How to make my Visor look slow and lowly. Sindre Lia writes "Sharp's new Zaurus SL5500 is the first PDA device from a major manufacturer in a long time that uses a new operating system and a new user interface.

According to preliminary reports from infoSync staffers Larry Garfield and Janice Karin that attended the launch of the SL-5500 and got hands-on experience with the new device, the GUI still needs polishing and to some degree also the hardware, but the device has according to them a lot of potential if some first-generation problems can be fixed.

See all the pictures of the new OS here!"

At least this letter is not in binary ... Dog and Pony writes with a lengthy letter (informative, if you have odd taste in watches). "Slashdot recently ran a story about a pretty silly binary watch. Well, anyways, being a silly person, I thought one would be cool to have, even though I normally don't wear watches.

Problem was, they only shipped inside Norway... so I sent them a polite mail, asking them to notify me if they would start shipping internationally. And today I got an answer.

Too bad it seems a really cumbersome process to get that watch... have these guys never heard of PayPal? And offering payment via the www in 2003? 'Course, you gotta have goals...

Here is a copy of the mail:

> Dear Customer

> Please note the binary watch is released World-Wide Sale

> To be able to expedite your orders please follow instructions below

> 1.0
> Order Your watch by using or online home page:rsi-digital.com

> 2.0
> US$ 35 must be transfer from your local bank to

> ATT
> NORDEA BANK NORWAY
> Middelthuns Gt 17
> Postboks 1166.Centrum
> 0107 OSLO

> ACCOUNT NUMBER: 6527 05 04641
> Research & Supplier International A/S
> Postboks 236
> 4201 Sauda
> Norway

> 3.0
> Original receipt must be faxed to +47 52 78 88 01 or send scanned and send by mail to arramsta@online.no

> 4.0
> Your order will than be expedite from our sales office

> Delivery time is estimated to be 10 to 14 days after received confirmed payment by fax or mail as stated above

> 5.0
> Note: RSI will from 2003 offer payment by using WWW.

> 6.0
> Payment 35USD cover cost of watch 28 USD handling and postage 7 USD
> Total:
> =35 USD

> Best Regards

> Tone Yven
> Sales engineer

I am still thinking that black one....

On a side note, to us non-native English speakers, that has spent too much time in Dilbert-land, "Sales engineer" really sounds like an oxymoron."

That M$ Patch...

[Kris_J]

...Is only available to IE 5.5SP1 and 6. I have 5.5 and a 56k modem. It will take me about 5 hours and a version upgrade to fix a small security hole. I've already tried once and inital crapplet that is required to start the download of IE5.5SP1 failed to complete its 400k-ish download. I'm seriously considering swapping to another browser.

Re:That M$ Patch...

[joebp]

I'm seriously considering swapping to another

May I be the first to suggest Opera 6.

A quick rundown of the pros and cons of moving:

Good:

• Not Microsoft -- doesn't have stupid holes, and the ones it does have are fixed quickly.
• Not Microsoft -- they're a nice bunch of intelligent people who go about their business, selling their software through information rather than disinformation.
• The browsing experience is absolutely delectable! For example, I wasn't sure whether 'delectable' was the right word just then... In IE I'd have to open a new window, go to dictionary.com or similar, type in delectable, click submit, read results... In Opera I double click on the word, and click 'Dictionary' from the dropdown menu.
• Customize until you drop dead.
• Built in Pop-up control.
• Standards compliant
• Use (BeOS|Linux/Solaris|Mac|OS/2|QNX|Symbian OS|Windows)? Then learn to use Opera for (BeOS|Linux/Solaris|Mac|OS/2|QNX|Symbian OS|Windows). Then you can switch to (BeOS|Linux/Solaris|Mac|OS/2|QNX|Symbian OS|Windows) and retain your browser UI.

Bad:

• Not free -- but you get what you pay for afterall, and if you don't want to pay, you can use an advert-ed version (not as painful as you might think).
• Not open-source -- but neither is IE.
• Not as forgiving as IE on bad coding -- but this is really not an issue with Opera at all, just people who don't understand HTML.

Re:That M$ Patch...

Not only does Opera 6 for windows allow for either MDI or SDI, like you are complaining about, but also with a simple CTRL + TAB you can change between windows if you are using the MDI.

Gotta love people who bitch without checkin' things out.

Myself, I much perfer the MDI, and someone else out there must like it too as Mozilla now has the option to do MDI or SDI as well!

resources

[4mn0t1337]

Well, if the feds would just dedicate as much manpower to dealing with spammers as they do to pirates, it would make all our lives easier.

Drop in usenet traffic? Howzabout a drop in mail traffic?

And wasn't the microsoft "gaping security hole" patch covered a few days ago?

Gaping security holes

http://www.sans.org/topten.htm

Unix and Linux are doing great!!!!!! None of those "gaping holes" that MS has. Yes, bash away, for everyone knows it's MICROSOFT that's responsible for all those gaping security holes. Really. Really. No kidding. Seriously.

Re:Gaping security holes

http://www.attrition.org/mirror/attrition/os.html

From the latest month available (May 2001):
Linux: 9.89% of total defacements
Win NT/2000: 81.79%

Now do you really believe that Windows is installed on 8 times as many webservers as Linux is? Take a look at netcraft.com. So it would appear that Windows based webservers are far more likely to be defaced than Linux.

All software has bugs, and some bugs are exploitable. Linux and Unix just have fewer.

Re:Gaping security holes

[Osty]

Of course, web site defacements are pretty trivial compared to other things. How many linux boxes do you think are sitting out there on cable modems, with a default "install everything" redhat install, running BIND? Where do you think all the DDoS kiddies get their bandwidth? Hacked linux boxes on broadband connections. Personally, I'd much rather have a defaced web site, because even though I'd still have to do a reinstall to make sure the system was clean, at least I'd know about it. If instead my box was rooted and used in a DDoS, my only inclination something is wrong would be when I can't check my e-mail or my web browsing was going much slower than usual. Hell, the box could be rooted for months, or even years, and I'd never know. (note: "I" here is the "collective I", not me in particular.) Linux, or any unix for that matter, is much more dangerous when compromised than any Windows box.

Why don't you order the CD?

[SlashChick]

You're going to have just as many problems downloading another browser as you are downloading the patch. Instead, why don't you order the IE6 CD? It costs $10. There's also another one that includes Windows Media Player for $10.

Also, I believe that the free 30-day trial CDs of Earthlink and such have the latest IE on them. You should be able to get this from an office supply store or computer store.

Finally, if you have a friend with broadband, or you have a fast work connection, you can use the advanced option in IE's install to save the files to a disk instead of just installing it directly. Burn to a CD and you're all set.

Re:Why don't you order the CD?

[arkanes]

The Opera download (especially without the JVM) is teensy compared to an IE or mozilla download. Also, consider using GetRight or Download Accelerator, or practically anything that allows you to resume downloads - saved me from MUCH aggravation in my modem days (about a month ago :P)

MSIE Patch is Ineffective

[Jeremiah+Cornelius]

She and her beta team forgot about *the* most important Content-Type: The MSIE 'Patch' does little but obscure the problem - which was accurately described in the original Slashdot Rant as a natural consequence of Windows treating the browser as a shell extension.

There is a thread on BugTraq which explores this issue in depth:

http-equiv@excite.com is quoted:
Clearly what this so-called "patch" does is convert all embedded file types in MHTML documents viewed in patched Internet Explorer 6 into *.TMP files. Previously all file types and file names were retained and if accepted would run.

Paying for the Binary Watch online..

[evel+aka+matt]

Actually, about 3 days after that letter went out, they sent one saying that you would be able to use a credit card online within 10 days, and also gave simplified payment instructions.

Re:Sharp Zarus

[jockm]

The Zarus that was demoed at JavaOne was running Embeddix+AmigaDE. Somewhere along the line they dropped AmigaDE, now it is running Embeddix+QT+Jeode. Still very cool though...

Re:resources used and deployed

[4mn0t1337]

the amount of money lost to the resources used and stolen by spammers

Yup. That was my point. But the thing is, M$, Adobe, Etc all have budgets for lobbiest. We don't. Who do you think they (law makers and law enforcement) are going to listen to?

US$500M dollars lost to 1 company is a big deal.
US$50 dollars lost to 10M people ain't no thing.

Now, if congress could "feel our pain" (as an expression common to the time put it) things might change.
To that end, I suggest that everytime you get a mail with a bogus "unsubscribe notice" at the bottom, I suggest you change the reply to the eddress of your elected reps.
See how long they (Okay, thier staff and interns) think Spam *isn't* a problem...

(oh, nice PJ quote.)

More Slashback that wasn't posted (re: Uplink)

[Mr.+Sketch]

Not really OT.

After /. posted the Uplink article, the introversion server went down. But now the server came back up yesterday (Monday), so you may now place your orders.

Re:MS patch and unsupported OS

[Daytona955i]

I remember reading somewhere a little while ago that M$ is no longer supporting Win95 or older systems so any new software they put out (Like IE and Office) will only be available for Win98 and up. Also in the same article they said that Win98 is being scheduled to be phased out in 2002. Solution: Install Linux.

Re:Now you know what it feels like...

[KewlPC]

The cost depends on how it is shipped. AFAIK most US-based online purchasing shipment is done via UPS. Depending on what is shipped and how it is shipped (UPS ground, Next Day Air, 2nd Day Air, etc.) it can cost more or less than what it would cost to ship the same item via the US Post Office or Fedex.

Many places only offer shipment to the continental US because dealing with UPS for international/overseas shipping is a huge pain in the ass in my experience, and AFAIK you need special authorization (so that customs doesn't have to open every box and see what's inside).

They're going after the real terrorists!

[Wesley+Everest]

Now that it is clear that the mailed anthrax originated in the U.S. and is probably from a neo-Nazi or someone who has an interest in creating hysteria to build support for increased police powers, it's good to see that the FBI has turned their attention to the real terrorists!

We don't really want to catch the guys that started the anthrax scare, but those warez kidz, now, they are a top priority. I understand Osama Bin Laden himself was able to plan the Sept 11th attacks using cracked software.

It's time to crack down. Let's jam bamboo under their fingernails and put electrodes on their testicles and make them scream so that we can all feel safe again.

more on zarus & how to put it on your ipaq

[Spiral+Man]

hmm, it seems a lot of people are talking about the sharp running some java/amiga thing or something. what it actually appears to be running is qtopia (formerly qpe).

you can find more screenshots here

and more info here here

this runs on top of the familiar linux distribution. and works on a compaq ipaq as well (although, not the 3800 series).

Re:Opera is one alternative [karma is low; plz rat

[Mr.+Slippery]

NPL != Free

NPL'd software is free software. There are many free software licenses besides the GPL.

From a list of free software licenses at the GNU website:

The Netscape Public License (NPL)

This is a free software license, not a strong copyleft, and incompatible with the GNU GPL. It consists of the Mozilla Public License with an added clause that permits Netscape to use your added code even in their proprietary versions of the program. Of course, they do not give you permission to use their code in the analogous way. We urge you not to use the NPL.

I can?t believe that now one has mentioned this

[mE123]

What about K-Meleon? This is IMHO one of the best *browsers* (i.e. no mail client, no news client, no blot) out there. It uses the gecko (i.e. Mozilla's) rendering engine. It's open source (GPLed). It's almost completely bug less (and the bugs are all UI, not the "I can delete your hard drive" variety). It's multi-lingual. It's secure. It's easy. And to your question it's small (3.89 mb). It kicks butt.


----------
SLEEP IS FOR THE WEAK.
WHEN YOU SLEEP THEY EAT YOUR TOES.

Um... What the FBI Did was Illegal I think

[beefstu01]

This is in reference to the link off of the message- the DoJ press release

No, it really doesn't make sense, but I guess this is the only way to have charges dropped from the Warez rings.

Remember the last moments of the Clinton Presidency? When he made a slew of laws? Well one of these was called the McDade Act(s), which specifically states that no agent undercover may lie. That was one of the dumbest laws passed, considering that it could have prevented 9-11, but it applies to this case. The DoJ prides itself on it's "year-long" undercover investigation, but they should have known that its a big no-no to lie. I'd bet that some of these people "undercover" were asked "are you w/ the feds" in which their answer would obviously be "NO." Thats a lie, and goes against whath the (retarded) McDade act states. Boom, thats it- they were found illegally.

Please don't flame this, because all I'm doing is bringing to light something that most people didn't know. This is like the old police searching a random student at a HS dance, then arresting him for Marijuana possession. THe kid gets off totally free afterwards because the police had no warrant (etc...). I guess that the McDade act is the only trump card that the Warez rings have. I personally believe that McDade is totally stupid, and it will be really sad if they are used to throw out the case.

Re:illegal software producers?

This theme was excellently demonstrated in the British comedy series Yes Prime Minister. In effect Sir Humphrey Appleby was indicating to Bernard how the selective use of wording could be used to produce surveys indicating support/opposition to national service.

In Australia the present government has used words such as queue jumpers and illegal criminals to describe boat people. This is despite the fact that it is not unlawful to arrive in Australia if you are claiming political asylum and that there is no queue for processing refugees.

The difficulty of paying remotely in Europe...

[Dimwit]

I don't know about the binary watch, but I know here in Luxembourg it is next to impossible (and, sometimes, quite illegal) to pay remotely. If I want to pay my doctor, I have to go to my bank and sign a paper transferring money from one person to another.

I could do web banking, but there are two problems: One, it's Windows only (and not due to a limitation in the browser - you get a smart-card reader that only works with Windows. It is *really* secure, though), and two: it's *really* expensive.

So, it's not that odd that they don't take credit cards...