Slashback: Gaping, Wristwear, Screenies

Slashback with ever more on ... the massive bust of illegal software producers reported on last week, the gaping security hole moaned at by those confined to the Microsoft asylum, another review of the new Linux+Java Zaurus from Sharp, and how to get the binary watch you've always wanted. Enjoy!

Too bad there isn't a lot of good Free software. aka-ed writes: "A small update on the "Drink Or Die" busts: Apparently, the feds' move has borne preventative fruit. According to this post from one of the major commercial Usnet services, binaries traffic on Usenet has taken a noticeable hit since the bust, for reasons speculated upon in the post itself."

Open wide, and say "mmmmghrfgghfgr." atreus42 writes: "Microsoft has released a patch to fix the Gaping Security Hole(TM) in Internet Explorer 5.5 and 6.0. This security bulletin details the file extension/content header spoofing bug that would allow bad people to disguise a downloadable executable file as text. The internet isn't doomed after all..."

How to make my Visor look slow and lowly. Sindre Lia writes "Sharp's new Zaurus SL5500 is the first PDA device from a major manufacturer in a long time that uses a new operating system and a new user interface.

According to preliminary reports from infoSync staffers Larry Garfield and Janice Karin that attended the launch of the SL-5500 and got hands-on experience with the new device, the GUI still needs polishing and to some degree also the hardware, but the device has according to them a lot of potential if some first-generation problems can be fixed.

See all the pictures of the new OS here!"

At least this letter is not in binary ... Dog and Pony writes with a lengthy letter (informative, if you have odd taste in watches). "Slashdot recently ran a story about a pretty silly binary watch. Well, anyways, being a silly person, I thought one would be cool to have, even though I normally don't wear watches.

Problem was, they only shipped inside Norway... so I sent them a polite mail, asking them to notify me if they would start shipping internationally. And today I got an answer.

Too bad it seems a really cumbersome process to get that watch... have these guys never heard of PayPal? And offering payment via the www in 2003? 'Course, you gotta have goals...

Here is a copy of the mail:

> Dear Customer

> Please note the binary watch is released World-Wide Sale

> To be able to expedite your orders please follow instructions below

> 1.0
> Order Your watch by using or online home page:rsi-digital.com

> 2.0
> US$ 35 must be transfer from your local bank to

> ATT
> NORDEA BANK NORWAY
> Middelthuns Gt 17
> Postboks 1166.Centrum
> 0107 OSLO

> ACCOUNT NUMBER: 6527 05 04641
> Research & Supplier International A/S
> Postboks 236
> 4201 Sauda
> Norway

> 3.0
> Original receipt must be faxed to +47 52 78 88 01 or send scanned and send by mail to arramsta@online.no

> 4.0
> Your order will than be expedite from our sales office

> Delivery time is estimated to be 10 to 14 days after received confirmed payment by fax or mail as stated above

> 5.0
> Note: RSI will from 2003 offer payment by using WWW.

> 6.0
> Payment 35USD cover cost of watch 28 USD handling and postage 7 USD
> Total:
> =35 USD

> Best Regards

> Tone Yven
> Sales engineer

I am still thinking that black one....

On a side note, to us non-native English speakers, that has spent too much time in Dilbert-land, "Sales engineer" really sounds like an oxymoron."

MS patch and unsupported OS

[LauraLolly]

I run Win 95 and IE 5.5. The patch doesn't work. It hangs. Apparently, it was created for Win 98 up, but I can't find any documentation to that effect.

Aaaarrrrrgh! Senior moments are nothing to Microsoft Moments.

Guess I'll be using Netscape exclusively from now on.

As unwilling as ever to accept blame.

[Derek+Pomery]

File Name Spoofing Vulnerability:

* The determination on choosing to accept a file download from an Internet site should always be based on the trustworthiness of the source and not on the file type. File downloads should never be accepted from an untrusted source, no matter how harmless the type may appear to be.

No, it was a stupid design that allowed quiet execution due to the combination of content-type and file extension checking. When I download a PDF, I should be confident that unless I try running it in some fashion, it should be perfectly safe to download it to my machine.
Or just to make an extreme case, if I download an HTML usenet post, I don't want the browser trying to automatically convert the BASE64 to an executable and running that.
Some common sense on MS' part would've been appreciated.

Re:illegal software producers?

[splante]

Well, no, it's not an accurate description of what they do. The software is produced by the people who write the code. These "pirates" could more clearly and accurately be described as "illegal software reproducers" or "illegal software copiers."

Re:Why don't you order the CD?

[CrimsonWraith]

Yeah, because we all know that M$ instantly threw away all the IE CDs without the fix, and ran a new batch that don't have the issue, and will gladly send you one of those. Dream on. He is going to pay for a version where he will have to d/l the patch anyway.

Re:illegal software producers?

[Kalabajoui]

Your comment reminds me of something I read in "The Gentle Art of Verbal Self Defense for Business Success" by Suzette Haden Elgin, Ph.D. Whew, better catch my breath! It's been a while since I read it, so I don't remember word for word how she covered the topic. The gist of it is this: People and organizations will attempt to hijack both the denotative and conotative meanings of words for personal, political, or organizational gain. Content producers labeling copyright infringement (which is a rather technical and non-emotionaly loaded term) as piracy (a word that has readily identifiable conotations and denotions) is a prime example of this type of vocabulary manipulation.

Everytime I hear the word 'piracy', I am
reminded of the example Dr. Elgin sites in her Gental Art book, with the Army Press Corps use of Sweep and Clear to replace Search and Destroy. This example was also used in a scene in the Vietnam War movie Full Metal Jacket. Rather than arguing or debating the merits of their ideas, those who change keywords and concepts are attempting to exchange the opinions and ideas you already have with those they desire you to have, pro or con. If people are ignorant of the original or more apt description or word for an idea, ('copyright infringement' vs 'piracy')then all the better for the manipulator seeking to affect public opinion and sentiment. This is commonly refered to as 'spin' and it is a supremely effective tactic.

(in truth it was hard not to feel at least some affection for something capable of providing such unexpected pleasures as "bacon" and "murder"), --Mr Gray; Stephen King, Dreamcatcher

Re:Make up your mind...

[os2fan]

Free software is better coded than commercial code, and is getting better all the time. Linux is out of the hobbyist area and is now a serious threat to the system.

But this does not reflect onto the user interface, and it is here that the lingering impression of "Bad Software" is created.

You see, while you may be able to say this is good or bad, you may not know exactly what makes it good or bad.

The reality is that a good UI should present the user with a series of controls, and each control should do what it appears to do. If it is part of a larger environment, then it should conform to this.

This holds as much for command line utilities as it does for GUI apps. For example, you would get annoyed with a terminal program whose output you could not redirect or work with, or was unable to take redirected input.

Writing documentation and UI is about second-guessing the great variety of user tastes and needs. Things like the CUA simplifies some of this.

Apart from having buttons, the program must communicate what it does. For example, most cd burnig programs allow you to make an image of the file as a separate item in the menu. NERO does not do that. Instead, you select burn to a virtual burner, and do it like that. I spent three days fiddling around with this, until someone enlightened me.

The point is, that when there is more than one step involved, the order can be confusing and yield incorrect results. [Think of incorrect order in a pipe].

What we need is some sort of effort done similar to what Knuth did with TeX. Some sort of arbitary language of UI that one can put this interface or that, a la LaTeX style. There is already enough different interfaces around to be able to do it. What one needs to do is be able to is to be able to construct enough of the UI functionality to define it for programmers to implement.

The problem with free software is not that the code is poor, but there seems no way of making a good communication style, and this is, what UI means.

Re:Opera is one alternative [karma is low; plz rat

[benjj]

Errr... Evolution uses GtkHTML which is extremely small and light. If you're having problems using GtkHTML maybe there is something wrong with your machine?

Galeon sometimes feels slow on my K6 333, but flies on my work machine (a dual PII 550MHZ).

Evolution never gives me speed problems with HTML rendering though.

OT Evolution Default Browser

[xrayspx]

If you run the Gnome Control Center (gnomecc), under Document Handlers -> URL Handlers, you can set the browser to whatever you like. I have http set to 'konqueror "%s"', since I use KDE and like my anti-aliased browser fonts.

Now, if only I could get Evolution to show IMAP folders in the Mail Summary on the Summary page, and some sort of visual indicator when new mail is received (a-la a little envelope in my tray) ... I've tried all the mailcheckers I can find, and they only seem to do IMAP-Inbox, not any subfolders beneath Inbox, which does me no good.

Hope that helps.

I see one maggot, it all gets thrown away -- My Fiancee