Slashback: Gaping, Wristwear, Screenies

Slashback with ever more on ... the massive bust of illegal software producers reported on last week, the gaping security hole moaned at by those confined to the Microsoft asylum, another review of the new Linux+Java Zaurus from Sharp, and how to get the binary watch you've always wanted. Enjoy!

Too bad there isn't a lot of good Free software. aka-ed writes: "A small update on the "Drink Or Die" busts: Apparently, the feds' move has borne preventative fruit. According to this post from one of the major commercial Usnet services, binaries traffic on Usenet has taken a noticeable hit since the bust, for reasons speculated upon in the post itself."

Open wide, and say "mmmmghrfgghfgr." atreus42 writes: "Microsoft has released a patch to fix the Gaping Security Hole(TM) in Internet Explorer 5.5 and 6.0. This security bulletin details the file extension/content header spoofing bug that would allow bad people to disguise a downloadable executable file as text. The internet isn't doomed after all..."

How to make my Visor look slow and lowly. Sindre Lia writes "Sharp's new Zaurus SL5500 is the first PDA device from a major manufacturer in a long time that uses a new operating system and a new user interface.

According to preliminary reports from infoSync staffers Larry Garfield and Janice Karin that attended the launch of the SL-5500 and got hands-on experience with the new device, the GUI still needs polishing and to some degree also the hardware, but the device has according to them a lot of potential if some first-generation problems can be fixed.

See all the pictures of the new OS here!"

At least this letter is not in binary ... Dog and Pony writes with a lengthy letter (informative, if you have odd taste in watches). "Slashdot recently ran a story about a pretty silly binary watch. Well, anyways, being a silly person, I thought one would be cool to have, even though I normally don't wear watches.

Problem was, they only shipped inside Norway... so I sent them a polite mail, asking them to notify me if they would start shipping internationally. And today I got an answer.

Too bad it seems a really cumbersome process to get that watch... have these guys never heard of PayPal? And offering payment via the www in 2003? 'Course, you gotta have goals...

Here is a copy of the mail:

> Dear Customer

> Please note the binary watch is released World-Wide Sale

> To be able to expedite your orders please follow instructions below

> 1.0
> Order Your watch by using or online home page:rsi-digital.com

> 2.0
> US$ 35 must be transfer from your local bank to

> ATT
> NORDEA BANK NORWAY
> Middelthuns Gt 17
> Postboks 1166.Centrum
> 0107 OSLO

> ACCOUNT NUMBER: 6527 05 04641
> Research & Supplier International A/S
> Postboks 236
> 4201 Sauda
> Norway

> 3.0
> Original receipt must be faxed to +47 52 78 88 01 or send scanned and send by mail to arramsta@online.no

> 4.0
> Your order will than be expedite from our sales office

> Delivery time is estimated to be 10 to 14 days after received confirmed payment by fax or mail as stated above

> 5.0
> Note: RSI will from 2003 offer payment by using WWW.

> 6.0
> Payment 35USD cover cost of watch 28 USD handling and postage 7 USD
> Total:
> =35 USD

> Best Regards

> Tone Yven
> Sales engineer

I am still thinking that black one....

On a side note, to us non-native English speakers, that has spent too much time in Dilbert-land, "Sales engineer" really sounds like an oxymoron."

That M$ Patch...

[Kris_J]

...Is only available to IE 5.5SP1 and 6. I have 5.5 and a 56k modem. It will take me about 5 hours and a version upgrade to fix a small security hole. I've already tried once and inital crapplet that is required to start the download of IE5.5SP1 failed to complete its 400k-ish download. I'm seriously considering swapping to another browser.

Re:That M$ Patch...

[joebp]

I'm seriously considering swapping to another

May I be the first to suggest Opera 6.

A quick rundown of the pros and cons of moving:

Good:

• Not Microsoft -- doesn't have stupid holes, and the ones it does have are fixed quickly.
• Not Microsoft -- they're a nice bunch of intelligent people who go about their business, selling their software through information rather than disinformation.
• The browsing experience is absolutely delectable! For example, I wasn't sure whether 'delectable' was the right word just then... In IE I'd have to open a new window, go to dictionary.com or similar, type in delectable, click submit, read results... In Opera I double click on the word, and click 'Dictionary' from the dropdown menu.
• Customize until you drop dead.
• Built in Pop-up control.
• Standards compliant
• Use (BeOS|Linux/Solaris|Mac|OS/2|QNX|Symbian OS|Windows)? Then learn to use Opera for (BeOS|Linux/Solaris|Mac|OS/2|QNX|Symbian OS|Windows). Then you can switch to (BeOS|Linux/Solaris|Mac|OS/2|QNX|Symbian OS|Windows) and retain your browser UI.

Bad:

• Not free -- but you get what you pay for afterall, and if you don't want to pay, you can use an advert-ed version (not as painful as you might think).
• Not open-source -- but neither is IE.
• Not as forgiving as IE on bad coding -- but this is really not an issue with Opera at all, just people who don't understand HTML.

Re:That M$ Patch...

[Kris_J]

Choose between downloading the free ad-supported version with all features and functionality included, or download and purchase your copy of Opera for 39 USD.

Uhh, no thanks. Choosing between ads and A$80 is not my idea of a good time, at least not until I'm working again.

Ultimately, I think I use too many services that won't work on anything but the Big 2 (I have to bypass my proxy for things like Netbank, eBay, Blogger, etc). What I really need is a way of fixing this file type attachment hole without having to download a patch. Has anyone worked out a custom filter for Proxomitron that detects malformed MIME type stuff...?

resources

[4mn0t1337]

Well, if the feds would just dedicate as much manpower to dealing with spammers as they do to pirates, it would make all our lives easier.

Drop in usenet traffic? Howzabout a drop in mail traffic?

And wasn't the microsoft "gaping security hole" patch covered a few days ago?

Northern Europeans and six-bit words

[GlobalEcho]

On a side note, to us non-native English speakers, that has spent too much time in Dilbert-land, "Sales engineer" really sounds like an oxymoron."

Leave it to a Nordic to apologize for their English, and then use a word that 1/2 the high school students in the USA couldn't define, all in the same sentence.

Disappointing link

[victim]

When I see a link on the internet for massive bust I don't usually expect to get a page of text...

Why don't you order the CD?

[SlashChick]

You're going to have just as many problems downloading another browser as you are downloading the patch. Instead, why don't you order the IE6 CD? It costs $10. There's also another one that includes Windows Media Player for $10.

Also, I believe that the free 30-day trial CDs of Earthlink and such have the latest IE on them. You should be able to get this from an office supply store or computer store.

Finally, if you have a friend with broadband, or you have a fast work connection, you can use the advanced option in IE's install to save the files to a disk instead of just installing it directly. Burn to a CD and you're all set.

Re:Why don't you order the CD?

[daniel_isaacs]

Does anyone know which versions of Netscape are "safe" (no bugs, no holes, no need to upgrade)

You have to be kidding me. :)

MSIE Patch is Ineffective

[Jeremiah+Cornelius]

She and her beta team forgot about *the* most important Content-Type: The MSIE 'Patch' does little but obscure the problem - which was accurately described in the original Slashdot Rant as a natural consequence of Windows treating the browser as a shell extension.

There is a thread on BugTraq which explores this issue in depth:

http-equiv@excite.com is quoted:
Clearly what this so-called "patch" does is convert all embedded file types in MHTML documents viewed in patched Internet Explorer 6 into *.TMP files. Previously all file types and file names were retained and if accepted would run.

MS patch and unsupported OS

[LauraLolly]

I run Win 95 and IE 5.5. The patch doesn't work. It hangs. Apparently, it was created for Win 98 up, but I can't find any documentation to that effect.

Aaaarrrrrgh! Senior moments are nothing to Microsoft Moments.

Guess I'll be using Netscape exclusively from now on.

Re:MS patch and unsupported OS

[Daytona955i]

I remember reading somewhere a little while ago that M$ is no longer supporting Win95 or older systems so any new software they put out (Like IE and Office) will only be available for Win98 and up. Also in the same article they said that Win98 is being scheduled to be phased out in 2002. Solution: Install Linux.

What about a UNIX watch?

[MadCow42]

Would YOU have been thrilled to see your watch roll over with the UNIX clock a few months back?

"What time is it?"

"Hmmm.... it says 1008722379... I'm not sure if that's AM or PM though."

MadCow

Paying for the Binary Watch online..

[evel+aka+matt]

Actually, about 3 days after that letter went out, they sent one saying that you would be able to use a credit card online within 10 days, and also gave simplified payment instructions.

resources used and deployed

[teambpsi]

I would venture to guess that the amount of money lost to the resources used and stolen by spammers is probably close to or soon will top revenue lost to pirated software

Its not just pipe, cpu, and diskspace, but think about all the productivity lost

especially when people spend an extra five minutes around the water cooler bitching about the spam they get ;)

As unwilling as ever to accept blame.

[Derek+Pomery]

File Name Spoofing Vulnerability:

* The determination on choosing to accept a file download from an Internet site should always be based on the trustworthiness of the source and not on the file type. File downloads should never be accepted from an untrusted source, no matter how harmless the type may appear to be.

No, it was a stupid design that allowed quiet execution due to the combination of content-type and file extension checking. When I download a PDF, I should be confident that unless I try running it in some fashion, it should be perfectly safe to download it to my machine.
Or just to make an extreme case, if I download an HTML usenet post, I don't want the browser trying to automatically convert the BASE64 to an executable and running that.
Some common sense on MS' part would've been appreciated.

Now you know what it feels like...

[nzgeek]

...to try to buy anything if you don't live in the US!
Perhaps 25% of sites that offer online purchasing are so USA-centric it's crazy. I guess that's part of living in New Zealand, but come on US$35 to ship a paper back book!? I can send one to my sister in NYC for NZ$12 (US$5 ish)

More Slashback that wasn't posted (re: Uplink)

[Mr.+Sketch]

Not really OT.

After /. posted the Uplink article, the introversion server went down. But now the server came back up yesterday (Monday), so you may now place your orders.

Opera is one alternative [karma is low; plz rate!]

[mccormick]

One quality alternative to Netscape and IE is Opera . It is on the larger side, as it is trying to compete with IE, but it is fast and secure. The gestures are especially useful; they make me feel like I'm a kid again painting with my hands. Opera is also available for a number of platforms, including your favourite forms of free Unix (i.e. Linux) and Windows. Could help to make your workspaces consistent, if you work on multiple platforms.

Apart from the well known ones, the only other types of alternatives I can think of are the stripped down Gecko systems (Gecko being the HTML renderer built out of the Mozilla project.) They repackage the core technology, without the rest of the stuff would typically gives Mozilla its reputation for being slow, bloated or inefficient. Gecko, by itself, is a very small, fast and efficient core, comparable to the IE renderer. Most of the ones I've seen are for Linux-type systems, though, like Galeon . And don't forget that Gecko, Mozilla, Netscape 4.7 and Netscape 6 are differnet beasts, but all closely related.

Note! If a moderator would care to help me along in the karma department... I don't know what I did (I don't post often), but every time I post I get can automatic -1. Please see the value of my comments for whatever they are worth! Thank you!

Text Entry on the Zaurus?

[sterno]

The one thing that has kept me loyal to the Palm derivatives is Grafitti. It is a really excellent way to enter text quickly and accurately (for the most part). What are people's opinions of the Zaurus keyboard. It looks too small to be useful, so I was curious to know what people who have tried one think.

A bit on the MIT bust...

[neoptik]

Turns out it was a sys-admin in the economics department here. He was a student at another Boston area university, working for the MIT department of Economics, and he also happened to be second in command of a rather large warez ring.

Anyway, the details. He had around 10 machines just sitting underneath a table in the server room, with a combined storage of 2 terabytes. Apparantly, he was eating up 8-20 megabits of MIT's bandwidth a day. Needless to say, he is no longer employed by the institute...

They're going after the real terrorists!

[Wesley+Everest]

Now that it is clear that the mailed anthrax originated in the U.S. and is probably from a neo-Nazi or someone who has an interest in creating hysteria to build support for increased police powers, it's good to see that the FBI has turned their attention to the real terrorists!

We don't really want to catch the guys that started the anthrax scare, but those warez kidz, now, they are a top priority. I understand Osama Bin Laden himself was able to plan the Sept 11th attacks using cracked software.

It's time to crack down. Let's jam bamboo under their fingernails and put electrodes on their testicles and make them scream so that we can all feel safe again.

Binary

[Syberghost]

At least this letter is not in binary ...

Well, since it was emailed, technically it WAS in binary...

Re:illegal software producers?

[Kalabajoui]

Your comment reminds me of something I read in "The Gentle Art of Verbal Self Defense for Business Success" by Suzette Haden Elgin, Ph.D. Whew, better catch my breath! It's been a while since I read it, so I don't remember word for word how she covered the topic. The gist of it is this: People and organizations will attempt to hijack both the denotative and conotative meanings of words for personal, political, or organizational gain. Content producers labeling copyright infringement (which is a rather technical and non-emotionaly loaded term) as piracy (a word that has readily identifiable conotations and denotions) is a prime example of this type of vocabulary manipulation.

Everytime I hear the word 'piracy', I am
reminded of the example Dr. Elgin sites in her Gental Art book, with the Army Press Corps use of Sweep and Clear to replace Search and Destroy. This example was also used in a scene in the Vietnam War movie Full Metal Jacket. Rather than arguing or debating the merits of their ideas, those who change keywords and concepts are attempting to exchange the opinions and ideas you already have with those they desire you to have, pro or con. If people are ignorant of the original or more apt description or word for an idea, ('copyright infringement' vs 'piracy')then all the better for the manipulator seeking to affect public opinion and sentiment. This is commonly refered to as 'spin' and it is a supremely effective tactic.

(in truth it was hard not to feel at least some affection for something capable of providing such unexpected pleasures as "bacon" and "murder"), --Mr Gray; Stephen King, Dreamcatcher

Re:Opera is one alternative [karma is low; plz rat

[Mr.+Slippery]

NPL != Free

NPL'd software is free software. There are many free software licenses besides the GPL.

From a list of free software licenses at the GNU website:

The Netscape Public License (NPL)

This is a free software license, not a strong copyleft, and incompatible with the GNU GPL. It consists of the Mozilla Public License with an added clause that permits Netscape to use your added code even in their proprietary versions of the program. Of course, they do not give you permission to use their code in the analogous way. We urge you not to use the NPL.

Re:Make up your mind...

[os2fan]

Free software is better coded than commercial code, and is getting better all the time. Linux is out of the hobbyist area and is now a serious threat to the system.

But this does not reflect onto the user interface, and it is here that the lingering impression of "Bad Software" is created.

You see, while you may be able to say this is good or bad, you may not know exactly what makes it good or bad.

The reality is that a good UI should present the user with a series of controls, and each control should do what it appears to do. If it is part of a larger environment, then it should conform to this.

This holds as much for command line utilities as it does for GUI apps. For example, you would get annoyed with a terminal program whose output you could not redirect or work with, or was unable to take redirected input.

Writing documentation and UI is about second-guessing the great variety of user tastes and needs. Things like the CUA simplifies some of this.

Apart from having buttons, the program must communicate what it does. For example, most cd burnig programs allow you to make an image of the file as a separate item in the menu. NERO does not do that. Instead, you select burn to a virtual burner, and do it like that. I spent three days fiddling around with this, until someone enlightened me.

The point is, that when there is more than one step involved, the order can be confusing and yield incorrect results. [Think of incorrect order in a pipe].

What we need is some sort of effort done similar to what Knuth did with TeX. Some sort of arbitary language of UI that one can put this interface or that, a la LaTeX style. There is already enough different interfaces around to be able to do it. What one needs to do is be able to is to be able to construct enough of the UI functionality to define it for programmers to implement.

The problem with free software is not that the code is poor, but there seems no way of making a good communication style, and this is, what UI means.

I can?t believe that now one has mentioned this

[mE123]

What about K-Meleon? This is IMHO one of the best *browsers* (i.e. no mail client, no news client, no blot) out there. It uses the gecko (i.e. Mozilla's) rendering engine. It's open source (GPLed). It's almost completely bug less (and the bugs are all UI, not the "I can delete your hard drive" variety). It's multi-lingual. It's secure. It's easy. And to your question it's small (3.89 mb). It kicks butt.


----------
SLEEP IS FOR THE WEAK.
WHEN YOU SLEEP THEY EAT YOUR TOES.

Um... What the FBI Did was Illegal I think

[beefstu01]

This is in reference to the link off of the message- the DoJ press release

No, it really doesn't make sense, but I guess this is the only way to have charges dropped from the Warez rings.

Remember the last moments of the Clinton Presidency? When he made a slew of laws? Well one of these was called the McDade Act(s), which specifically states that no agent undercover may lie. That was one of the dumbest laws passed, considering that it could have prevented 9-11, but it applies to this case. The DoJ prides itself on it's "year-long" undercover investigation, but they should have known that its a big no-no to lie. I'd bet that some of these people "undercover" were asked "are you w/ the feds" in which their answer would obviously be "NO." Thats a lie, and goes against whath the (retarded) McDade act states. Boom, thats it- they were found illegally.

Please don't flame this, because all I'm doing is bringing to light something that most people didn't know. This is like the old police searching a random student at a HS dance, then arresting him for Marijuana possession. THe kid gets off totally free afterwards because the police had no warrant (etc...). I guess that the McDade act is the only trump card that the Warez rings have. I personally believe that McDade is totally stupid, and it will be really sad if they are used to throw out the case.

better watch for europeans

[20011207]

hi,
there's a much better watch for europeans (i own one myself (since more than 5 years)) and it's really cool!
i admit: in the beginning it's difficult, but due to the design (using diagonal slashes instead of 0s and 1s) you find patterns quite rapidly and then the watch is great.
link: museumsmarket.de

The difficulty of paying remotely in Europe...

[Dimwit]

I don't know about the binary watch, but I know here in Luxembourg it is next to impossible (and, sometimes, quite illegal) to pay remotely. If I want to pay my doctor, I have to go to my bank and sign a paper transferring money from one person to another.

I could do web banking, but there are two problems: One, it's Windows only (and not due to a limitation in the browser - you get a smart-card reader that only works with Windows. It is *really* secure, though), and two: it's *really* expensive.

So, it's not that odd that they don't take credit cards...

Re:Opera is one alternative [karma is low; plz rat

[Emil+Brink]

and Galeon is the lightest Gecko based browser that I can find.
Well, seems like you need to find SkipStone, then. It's the Gecko engine packaged up using only GTK+ widgets, no GNOME. It's pretty nice.

Corollary:

[Fat+Casper]

Gun manufacturers can legally be sued over the actions of criminals who happen to use their products. Using the new definition of terrorism, we should be able to lock up Bill & Co. and throw away the key.

Of course, that also goes for the Linux distros that default install with everything enabled. All those helpless, rooted lusers would be giving the "I was cleaning it and didn't know it was loaded" line.

"The idea that an arbitrary naive human should be able to properly use a given tool without training or understanding is even more wrong for computing than it is for other tools (e.g. automobiles, airplanes, guns, power saws)." -- Doug Gwyn

It's ethier time or it isn't?

[Zero__Kelvin]

"how to get the binary watch you've always wanted"

Hey Jed ... what time is it? One or zero?

And here I thought this was illegal:

[Legion303]

Operation Bandwidth:

On December 11, 2001, the longest-running of the undercover operations culminated with the execution of over 30 search warrants across the United States and Canada. This undercover operation, code-named 'Bandwidth,' was a two-year covert investigation established as a joint investigative effort to gather evidence to support identification and prosecution of entities and individuals involved with illegal access to computer systems and the piracy of proprietary software utilizing 'warez' storage sites on the Internet.

Bandwidth, through the joint efforts of the Defense Criminal Investigative Service (DCIS), the Environmental Protection Agency Office of Inspector General (EPA-OIG), and the Federal Bureau of Investigation (FBI), supervised by the U.S. Attorney's Office for the District of Nevada, created a 'warez' site, controlled and monitored by the undercover operation, as a means of attracting predicated targets involved with the distribution of pirated software. The undercover 'warez' site has been accessed to transfer over 100,000 files, including over 12,000 separate software programs, movies and games.

If it looks like entrapment, walks like entrapment, and quacks like entrapment....

Any lawyers want to comment?

-Legion