Slashback: Gopherectomy, Portacinema, Disunity

Slashback tonight with a quartet of updates. So, read on for more information on portable video viewing (and instant recording!), United Linux and one analysts view of What it All Means, Microsoft's answer to a Gopher hole, and why easily guessed passwords sometimes save the day.

Throwing the gopher out with the bathwater. An Anonymous Coward writes: "As reported on News.com and discussed on Slashdot, MSIE's gopher support had a serious security vulnerability that allowed your machine to get ROOT'ed.

Well, it seems that Microsoft is unwilling or unable to make the fix, so it is removing support for the gopher protocol from IE. Not that MSIE's gopher support isn't very poorly implemented anyways."

Kept out of the U.S. by the secret conspiracy, no doubt. Buggalo writes "When I saw the article about the Pogo Flipster I thought I'd mention this too. Of course, it's not available in the US (not yet at least), but it sounds cool anyway. It plays MP4 video as well as MP3 audio. One thing that differentiates it from the Flipster is that this one includes video inputs so you don't even need a computer to get anything onto it. It also seems to have a larger screen. From what I can tell it has 64 megs of flash memory built in, and has an SD memory card slot as well. Sorry the website is in Japanese, but you can use Babelfish to translate it."

Not betting on a United front. dgb2n writes "Smart Money Magazine published an excellent article covering the business implications of the United Linux consortium. It provides some good insight into Red Hat's business model, stock price, and future prospects and names a potential winner in the Linux market."

At least this one aspect is happy. Hellkitten writes "The password for the database has been found, it was as simple as 'ladepujd', the name of the database's creator spelt backwards This previous Slashdot article explains the problem they had.

Aasentunet posted this notice, telling the password and thanking everyone that helped"

ZDNet has the story here as well."

Re:No more gopher? What a cop out

[GSloop]

Or they could spend a few of those billions making secure code in the first place.

Pleeeeeze - it can't be that hard scanning your code for unchecked buffers! So I don't think that fixing the thing even after the fact would be that insanely difficult...

Lastly how about software liability?

The only time that MS really fixes things (or anyone else for that matter) will be when it costs them. When they have to go before a jury, and explain how they didn't use any due dilligence, and that that total system crash that took down the First Interstate Loan Center (Portland Oregon) in the early-mid 90's for hours and hours every week was their own fault. (As I recall it was an undocumented switch in the TCP stack that fixed the SNA session dying thing...) [I know, I had friends that worked there then - NT 3.1, 3.5? dunno]

When companies no longer can shield themselves from liability by claiming that software is _SO_ different than the rest of the known world, they'll actually do somthing - till then, just get ready to take it like a good consumer!

Cheers!

Microsft goes one to many... FIX for bug here...

Just as predicted, news media this week seems to be covering the MSIE gopher root exploit with a new focus on Microsoft and their real problems with security, not just the latest hole. One company even goes as far to say that they 'cleaned up Microsoft's mess, once again'. With 18+ un-patched vulnerabilities in line for a fresh MS-fix, this may be the straw that breaks the camel's back.