Slashback: Gaping, Wristwear, Screenies

Slashback with ever more on ... the massive bust of illegal software producers reported on last week, the gaping security hole moaned at by those confined to the Microsoft asylum, another review of the new Linux+Java Zaurus from Sharp, and how to get the binary watch you've always wanted. Enjoy!

Too bad there isn't a lot of good Free software. aka-ed writes: "A small update on the "Drink Or Die" busts: Apparently, the feds' move has borne preventative fruit. According to this post from one of the major commercial Usnet services, binaries traffic on Usenet has taken a noticeable hit since the bust, for reasons speculated upon in the post itself."

Open wide, and say "mmmmghrfgghfgr." atreus42 writes: "Microsoft has released a patch to fix the Gaping Security Hole(TM) in Internet Explorer 5.5 and 6.0. This security bulletin details the file extension/content header spoofing bug that would allow bad people to disguise a downloadable executable file as text. The internet isn't doomed after all..."

How to make my Visor look slow and lowly. Sindre Lia writes "Sharp's new Zaurus SL5500 is the first PDA device from a major manufacturer in a long time that uses a new operating system and a new user interface.

According to preliminary reports from infoSync staffers Larry Garfield and Janice Karin that attended the launch of the SL-5500 and got hands-on experience with the new device, the GUI still needs polishing and to some degree also the hardware, but the device has according to them a lot of potential if some first-generation problems can be fixed.

See all the pictures of the new OS here!"

At least this letter is not in binary ... Dog and Pony writes with a lengthy letter (informative, if you have odd taste in watches). "Slashdot recently ran a story about a pretty silly binary watch. Well, anyways, being a silly person, I thought one would be cool to have, even though I normally don't wear watches.

Problem was, they only shipped inside Norway... so I sent them a polite mail, asking them to notify me if they would start shipping internationally. And today I got an answer.

Too bad it seems a really cumbersome process to get that watch... have these guys never heard of PayPal? And offering payment via the www in 2003? 'Course, you gotta have goals...

Here is a copy of the mail:

> Dear Customer

> Please note the binary watch is released World-Wide Sale

> To be able to expedite your orders please follow instructions below

> 1.0
> Order Your watch by using or online home page:rsi-digital.com

> 2.0
> US$ 35 must be transfer from your local bank to

> ATT
> NORDEA BANK NORWAY
> Middelthuns Gt 17
> Postboks 1166.Centrum
> 0107 OSLO

> ACCOUNT NUMBER: 6527 05 04641
> Research & Supplier International A/S
> Postboks 236
> 4201 Sauda
> Norway

> 3.0
> Original receipt must be faxed to +47 52 78 88 01 or send scanned and send by mail to arramsta@online.no

> 4.0
> Your order will than be expedite from our sales office

> Delivery time is estimated to be 10 to 14 days after received confirmed payment by fax or mail as stated above

> 5.0
> Note: RSI will from 2003 offer payment by using WWW.

> 6.0
> Payment 35USD cover cost of watch 28 USD handling and postage 7 USD
> Total:
> =35 USD

> Best Regards

> Tone Yven
> Sales engineer

I am still thinking that black one....

On a side note, to us non-native English speakers, that has spent too much time in Dilbert-land, "Sales engineer" really sounds like an oxymoron."

As unwilling as ever to accept blame.

[Derek+Pomery]

File Name Spoofing Vulnerability:

* The determination on choosing to accept a file download from an Internet site should always be based on the trustworthiness of the source and not on the file type. File downloads should never be accepted from an untrusted source, no matter how harmless the type may appear to be.

No, it was a stupid design that allowed quiet execution due to the combination of content-type and file extension checking. When I download a PDF, I should be confident that unless I try running it in some fashion, it should be perfectly safe to download it to my machine.
Or just to make an extreme case, if I download an HTML usenet post, I don't want the browser trying to automatically convert the BASE64 to an executable and running that.
Some common sense on MS' part would've been appreciated.

Re:illegal software producers?

[Kalabajoui]

Your comment reminds me of something I read in "The Gentle Art of Verbal Self Defense for Business Success" by Suzette Haden Elgin, Ph.D. Whew, better catch my breath! It's been a while since I read it, so I don't remember word for word how she covered the topic. The gist of it is this: People and organizations will attempt to hijack both the denotative and conotative meanings of words for personal, political, or organizational gain. Content producers labeling copyright infringement (which is a rather technical and non-emotionaly loaded term) as piracy (a word that has readily identifiable conotations and denotions) is a prime example of this type of vocabulary manipulation.

Everytime I hear the word 'piracy', I am
reminded of the example Dr. Elgin sites in her Gental Art book, with the Army Press Corps use of Sweep and Clear to replace Search and Destroy. This example was also used in a scene in the Vietnam War movie Full Metal Jacket. Rather than arguing or debating the merits of their ideas, those who change keywords and concepts are attempting to exchange the opinions and ideas you already have with those they desire you to have, pro or con. If people are ignorant of the original or more apt description or word for an idea, ('copyright infringement' vs 'piracy')then all the better for the manipulator seeking to affect public opinion and sentiment. This is commonly refered to as 'spin' and it is a supremely effective tactic.

(in truth it was hard not to feel at least some affection for something capable of providing such unexpected pleasures as "bacon" and "murder"), --Mr Gray; Stephen King, Dreamcatcher