If that was the WRV200, then yeah, you probably would've been better off sticking with the previous boxes. Apparently the WRV200 has been a real problem child with bad firmware, etc. pretty much since it was released.
The Symantec article may be referring to some research they were doing over the course of a week or two, or the fact that they're looking at Rustock.B may mean that it's a new variant that again deals with F-Secure's detection.
The first place to look is often the event log (on any of the NT-derived OSes). The quickest way to get there is to right-click on My Computer and pick Manage.
The next things to check into are running processes, what starts with the system and what might be shimmed in elsewhere.
For running processes, SysInternals' Process Explorer is invaluable. Tweak the columns used to show the company, description, and executable path; be suspicious of things of things with no descriptions, things you don't recognize, or anything running from a funky location. You can open up detailed information on any process that includes TCP and UDP ports open for sending or receiving, security information and strings within the executable; you can also get a listing of files, registry keys, etc. that each process has open.
Process Explorer also does one other thing very useful - it lets you suspend a process without killing it. I've had to clean systems where that was the only thing that let me get stuff cleared because I wasn't able to kill the spyware processes off without triggering relaunches by a different process. Suspending processes on the other hand worked just fine.
Also from Sysinternals is Autoruns, which lists off everything that gets started automatically with Windows or at login from any of the many places such things can hide. HijackThis gives a similar set of information broken down a bit differently.
Ghostscript is actually available under two licenses: * The current release is available under the AFPL which allows pretty much any personal use but limits commercial use (particularly as part of a product) to licensees who've dealt with Artifex. I looked into this at a past job; the cost wasn't worth it for what we were doing but could be worthwhile for larger-distribution products. * The previous major release is available under the GPL, with its attendant permissions and restrictions.
So, you might be able to sell the current/maintained version while open-sourcing older versions.
In addition, you might be able to use the razor-blade model - give away the software, but charge for updates to data that's useful to the end-users such as tax information, etc.
Shows compressed executables in a different color - many of the spyware/adware packages and worms are compressed, far fewer legitimate programs are.
Lets you add columns for Description, Company Name and Image Path - items with no description or company are more suspicious, anything running from a temp directory is very suspicious and anything with a graphic file as the executable is clearly not legit.
Lets you view details about processes such as strings (not always useful, but sometimes) and network connections. Not sure if program X is legit? Check its network activity. If it has an outbound SMTP connection to Singapore, odds are pretty high that it's not legit.
Pick a process and hit Ctrl-L to display the lower pane (assuming you've turned it off for normal use) and you can see what handles the process has open - file handles to files or devices, registry handles to keys, etc. or you can see the list of DLLs being used.
No install required - it's a standalone executable and will run happily from a USB key.
Can replace Task Manager should you choose to do so.
The XP built-in one works, but if he's moderately savvy then I highly recommend that he get one that will block both outbound and inbound connections. I use Kerio Personal Firewall, but I know there are others out there as well.
Basically what he should do is treat it as learning for the first while and "teach" the firewall what applications are allowed to connect out. Email client? Let it connect out for SMTP/POP3/IMAP; *maybe* let it connect out on HTTP/HTTPS but I don't advise it. Firefox? Let it connect out. IE? Let it connect out, but possibly with limitations (I let it go but have an alert that displays when it's making connections). IM clients? Allow them to connect to the appropriate services. Anything else? By default it's blocked or at least asks for permission. Unknown apps get an alert popup so you'll know something's trying to get out since that's going to be the best indication of an infection on the system.
Beyond the option of challenging the report with the credit reporting system (which would trigger a return to the original reporter for more information, etc.) your coworker probably had several other courses of action. The simplest would probably be small claims court in his home state with a suit for libel with provable damages. Just because I as a small business owner have a bad check with "William Gates III" on it and an address that's no longer any good doesn't mean that I get to tell the credit reporting agencies that the former head of Microsoft bounced a check to me without any proof.
I've found that my best bet for getting something done by Dell with little pain is to avoid the phone completely.
I'll run tests (their diagnostics and others such as memtest), then do a detailed writeup of what I've tested, what the results were, what I think the problem is and any steps I've taken to try to resolve it (e.g. removing & reseating the memory). Then I go to the support site, put in the service tag, and go through the contact us bit and "Email Product Support." It may take a day or two, but it's worked better for me than trying to deal with them on the phone.
There are apparently some known issues with Firefox not correctly releasing memory, a.k.a. memory leaks. Most of them seem to be cross-platform, so it's not just interactions with one particular OS.
You can find out more by looking through Bugzilla.
Well, with a big chunk of them I know what they do in theory, I just don't see how it requires a team of 10 developers particularly given what I saw coming from them. I regard myself as well above average but probably not outstanding, and given a year and 1-3 people (including myself) I could've not only done better but done it cheaper.
From the stories I've heard and the politics I observed I suspect that a big chunk of the issue was the result of poor planning and specification early on by one particular person (still) in a position of power. Even so, a burn rate of $10 million a year puts them in a hole that I don't see them coming out of.
One thing I haven't really seen in the comments so far is that there's a difference between wifi and highspeed. If a municipality wants to offer always-on connections that are capped at 28.8, that's fine by me - the municipality isn't spending a lot of money on connections but the bulk of the advantages is still present - particularly in the future when WiMax becomes available and common.
I don't need a *fast* connection for email, school research, even browsing/. but I do need *a* connection. Depending on the area that may be the case for quite a few people. Heck, if WiMax was available with its broader reach I suspect you could have some kind of business based on that - blanket an area with signal and provide free bandwidth-limited access to everyone, but charge for higher-speed connections. It's the wireless version of what Juno and NetZero and others tried.
Illinois Senate bill 0499 was introduced in late February with an amendment by State Senator Rauschenberger that would do similar things.
I sent letters to my state senator and representative encouraging them to vote against it when and if the opportunity came up, and I fully encourage any other Illinois residents to do the same. If you're not sure who your state senator and representative are, you can find out at Project Vote Smart by entering your 9-digit ZIP code. If your state senator is on the Environment & Energy Committee it's even more important that you get in touch with them.
My letter (adjusted appropriately for the recipient) reads:
Senator,
I just became aware of Senator Rauschenberger's attempt to modify Illinois state law to completely ban municipalities, counties, cities and other political divisions within the state from offering data connection services in Senate bill 499 (specifically, amendment 001).
As one of your constituents I'd like to strongly encourage you to work against this attempt at ensuring that poorly-served areas of the state remain poorly-served.
By banning political entities from offering any kind of data services this modification ensures that in areas where no commercial carrier finds it cost-effective to offer services those services will remain completely unavailable even if the residents of an area are willing to provide them for themselves through local government. Even more, even if the infrastructure already exists because the municipality requires it for other uses, it will not be legally allowed for that infrastructure to be made available. This modification prevents the provision of data services that for the most part don't even directly compete with the broadband carriers that are pushing for these limitations - in particular it means that such options as inexpensive low-speed wireless access will not be available, even though that sort of low-cost connection would provide exactly what many people need as it did with the Minitel service in other countries.
The phrasing of the amendment is also very suspect - what precisely is a "political subdivision of this State," and does that phrasing mean that if this becomes law that all libraries that currently offer wireless Internet access to their patrons must immediately shut it down? Overall Senator Rauschenberger's proposal is an overreaching attempt to limit the options available to Illinois voters in a transparent attempt to cater to large phone and cable companies that aren't even based in Illinois, and I hope I can count on you to oppose it.
From the company that'd laid me off a little over a year earlier (though at the time I was in a different group). I did a bit of consulting with them in the interim, and when someone retired they offered me a position. I was initially tempted and went through the interviews, but things I learned during the interview process made me think that there wasn't a future in it and that I'd be stuck doing testing and piddly crap, not development.
I've done more consulting with them since and I wish them the best of luck since I like the people and think they have a good product with lots of potential. I just didn't see any realistic way for them to not just break even but cover the money that's already been sunk - the group I interviewed with turns out to be only about 25-35% of the whole operation and I just can't figure out what the hell most of the other 70% is doing except sucking down cash.
Quote "Seeing as how the typical OEM would normally preactivate Windows XP, most legitimate users shouldn't have much need to go through the activation process," is that it doesn't make any sense. Almost any OEM is going to configure an image, then run sysprep on it before loading it onto PCs go go out. After sysprep, you need to activate.
I guess I could be wrong though - Dell's not a typical OEM is it?
That none of the online hotspot directories include a rating for each hotspot to show availability of outlets. Range: "none," "1-4," "5-10," "10+," and "Almost every table."
Who knew when we were writing that stuff 15 years ago that it would be around FOREVER?
I did. There's not much out there under my name that I'd find truly embarassing (and really nothing under another name either - guess I'm just vanilla). Anyone digging around for info on me would have to have a pretty good idea of what they were doing though, if only because of assorted and sundry ISP changes over the years.
If you're that concerned, use multiple browsers. Multiple identities within one browser doesn't really work if you want to be able to use both at the same time, but Mozilla and Firefox are separate and will run at the same time with no problems.
I'd have figured something like that would've gone into place quite some time ago, at least on the larger IRC networks (EFNet, Dalnet, whatever they are these days).
All you really need is the servers at a few of the nodes to be running logging software, and it wouldn't even need to be running in the context of the IRC server - it'd just need to be tracking the inbound and outbound traffic. It wouldn't catch everything, but you'd get a fair amount of it and probably get enough to tell you what areas needed more examination.
Similarly, I assume that just about everything on Usenet is monitored and saved by at least a few agencies domestic and foreign, if not more. How much would Giganews charge for a full feed? That's not going to be a lot of use against one-way traffic, but discussions would almost certainly be trackable.
As with many things the information stream itself is relatively easy and inexpensive to get access to, but extracting good information out of it is likely to be harder. I wouldn't be surprised if a big chunk of the money they're giving out is related more to the analysis of that sort of information stream (and existing store) than to the simple acquisition of data.
The limitation on the number of writes to a particular area of memory has been known since flash memory first started to appear. Most devices or drivers should account for the issue by either rotating writes to avoid overusing one particular region or by remapping failing sections into other areas.
Remapping failing areas will cause the available capacity of formatted flash devices to gradually shrink, while rotating writes will attempt to keep any areas from wearing out too fast (making it more likely that multiple areas will start to fail around the same time).
Someone who's done more looking into this should be able to give a good idea which technique(s) are most widely used.
Don't ever keep money that you really need access to in a Paypal account! Tie the Paypal account to a secondary checking account at your regular bank. No overdraft protection on that secondary one. Regularly transfer money from Paypal into that secondary account, then go to your bank's online interface and transfer it from the secondary checking to the primary one.
It doesn't work any further than an inch from the reader.
That's a factor of the reader far more than it's a factor of the RFID tag. With more power there's more noise to filter, but I doubt that there's anything preventing creation of a reader that'll pick up tags at 20+ feet. Even if there's not one out there right now, there'll be something within a few years.
I believe that Visual Basic 3 (and probably earlier) ran basically the same way - they weren't true executables that depended on vbrun300.dll, they were stub programs that passed themselves to that DLL for interpretation and running.
Slashdot Mirror
The RV0xx wired routers are pretty solid, perform pretty well, and have some nice features particularly in the newest firmware releases.
If that was the WRV200, then yeah, you probably would've been better off sticking with the previous boxes. Apparently the WRV200 has been a real problem child with bad firmware, etc. pretty much since it was released.
The Symantec article may be referring to some research they were doing over the course of a week or two, or the fact that they're looking at Rustock.B may mean that it's a new variant that again deals with F-Secure's detection.
I suggest they replace it with something else. Almost anything else, really.
Norton is the only thing I've ever seen decide that outbound DNS queries were *all* suspicious and should be silently blocked.
The first place to look is often the event log (on any of the NT-derived OSes). The quickest way to get there is to right-click on My Computer and pick Manage.
The next things to check into are running processes, what starts with the system and what might be shimmed in elsewhere.
For running processes, SysInternals' Process Explorer is invaluable. Tweak the columns used to show the company, description, and executable path; be suspicious of things of things with no descriptions, things you don't recognize, or anything running from a funky location. You can open up detailed information on any process that includes TCP and UDP ports open for sending or receiving, security information and strings within the executable; you can also get a listing of files, registry keys, etc. that each process has open.
Process Explorer also does one other thing very useful - it lets you suspend a process without killing it. I've had to clean systems where that was the only thing that let me get stuff cleared because I wasn't able to kill the spyware processes off without triggering relaunches by a different process. Suspending processes on the other hand worked just fine.
Also from Sysinternals is Autoruns, which lists off everything that gets started automatically with Windows or at login from any of the many places such things can hide. HijackThis gives a similar set of information broken down a bit differently.
Ghostscript is actually available under two licenses:
* The current release is available under the AFPL which allows pretty much any personal use but limits commercial use (particularly as part of a product) to licensees who've dealt with Artifex. I looked into this at a past job; the cost wasn't worth it for what we were doing but could be worthwhile for larger-distribution products.
* The previous major release is available under the GPL, with its attendant permissions and restrictions.
So, you might be able to sell the current/maintained version while open-sourcing older versions.
In addition, you might be able to use the razor-blade model - give away the software, but charge for updates to data that's useful to the end-users such as tax information, etc.
The XP built-in one works, but if he's moderately savvy then I highly recommend that he get one that will block both outbound and inbound connections. I use Kerio Personal Firewall, but I know there are others out there as well.
Basically what he should do is treat it as learning for the first while and "teach" the firewall what applications are allowed to connect out. Email client? Let it connect out for SMTP/POP3/IMAP; *maybe* let it connect out on HTTP/HTTPS but I don't advise it. Firefox? Let it connect out. IE? Let it connect out, but possibly with limitations (I let it go but have an alert that displays when it's making connections). IM clients? Allow them to connect to the appropriate services. Anything else? By default it's blocked or at least asks for permission. Unknown apps get an alert popup so you'll know something's trying to get out since that's going to be the best indication of an infection on the system.
Beyond the option of challenging the report with the credit reporting system (which would trigger a return to the original reporter for more information, etc.) your coworker probably had several other courses of action. The simplest would probably be small claims court in his home state with a suit for libel with provable damages. Just because I as a small business owner have a bad check with "William Gates III" on it and an address that's no longer any good doesn't mean that I get to tell the credit reporting agencies that the former head of Microsoft bounced a check to me without any proof.
I'll run tests (their diagnostics and others such as memtest), then do a detailed writeup of what I've tested, what the results were, what I think the problem is and any steps I've taken to try to resolve it (e.g. removing & reseating the memory). Then I go to the support site, put in the service tag, and go through the contact us bit and "Email Product Support." It may take a day or two, but it's worked better for me than trying to deal with them on the phone.
There are apparently some known issues with Firefox not correctly releasing memory, a.k.a. memory leaks. Most of them seem to be cross-platform, so it's not just interactions with one particular OS.
You can find out more by looking through Bugzilla.
From the stories I've heard and the politics I observed I suspect that a big chunk of the issue was the result of poor planning and specification early on by one particular person (still) in a position of power. Even so, a burn rate of $10 million a year puts them in a hole that I don't see them coming out of.
I don't need a *fast* connection for email, school research, even browsing /. but I do need *a* connection. Depending on the area that may be the case for quite a few people. Heck, if WiMax was available with its broader reach I suspect you could have some kind of business based on that - blanket an area with signal and provide free bandwidth-limited access to everyone, but charge for higher-speed connections. It's the wireless version of what Juno and NetZero and others tried.
I sent letters to my state senator and representative encouraging them to vote against it when and if the opportunity came up, and I fully encourage any other Illinois residents to do the same. If you're not sure who your state senator and representative are, you can find out at Project Vote Smart by entering your 9-digit ZIP code. If your state senator is on the Environment & Energy Committee it's even more important that you get in touch with them.
My letter (adjusted appropriately for the recipient) reads:
I've done more consulting with them since and I wish them the best of luck since I like the people and think they have a good product with lots of potential. I just didn't see any realistic way for them to not just break even but cover the money that's already been sunk - the group I interviewed with turns out to be only about 25-35% of the whole operation and I just can't figure out what the hell most of the other 70% is doing except sucking down cash.
I guess I could be wrong though - Dell's not a typical OEM is it?
That none of the online hotspot directories include a rating for each hotspot to show availability of outlets. Range: "none," "1-4," "5-10," "10+," and "Almost every table."
I did. There's not much out there under my name that I'd find truly embarassing (and really nothing under another name either - guess I'm just vanilla). Anyone digging around for info on me would have to have a pretty good idea of what they were doing though, if only because of assorted and sundry ISP changes over the years.
If you're that concerned, use multiple browsers. Multiple identities within one browser doesn't really work if you want to be able to use both at the same time, but Mozilla and Firefox are separate and will run at the same time with no problems.
All you really need is the servers at a few of the nodes to be running logging software, and it wouldn't even need to be running in the context of the IRC server - it'd just need to be tracking the inbound and outbound traffic. It wouldn't catch everything, but you'd get a fair amount of it and probably get enough to tell you what areas needed more examination.
Similarly, I assume that just about everything on Usenet is monitored and saved by at least a few agencies domestic and foreign, if not more. How much would Giganews charge for a full feed? That's not going to be a lot of use against one-way traffic, but discussions would almost certainly be trackable.
As with many things the information stream itself is relatively easy and inexpensive to get access to, but extracting good information out of it is likely to be harder. I wouldn't be surprised if a big chunk of the money they're giving out is related more to the analysis of that sort of information stream (and existing store) than to the simple acquisition of data.
The limitation on the number of writes to a particular area of memory has been known since flash memory first started to appear. Most devices or drivers should account for the issue by either rotating writes to avoid overusing one particular region or by remapping failing sections into other areas. Remapping failing areas will cause the available capacity of formatted flash devices to gradually shrink, while rotating writes will attempt to keep any areas from wearing out too fast (making it more likely that multiple areas will start to fail around the same time). Someone who's done more looking into this should be able to give a good idea which technique(s) are most widely used.
Don't ever keep money that you really need access to in a Paypal account! Tie the Paypal account to a secondary checking account at your regular bank. No overdraft protection on that secondary one. Regularly transfer money from Paypal into that secondary account, then go to your bank's online interface and transfer it from the secondary checking to the primary one.
That's a factor of the reader far more than it's a factor of the RFID tag. With more power there's more noise to filter, but I doubt that there's anything preventing creation of a reader that'll pick up tags at 20+ feet. Even if there's not one out there right now, there'll be something within a few years.
That's a heck of a surprise to me since I did just that on a recent trip.
I believe that Visual Basic 3 (and probably earlier) ran basically the same way - they weren't true executables that depended on vbrun300.dll, they were stub programs that passed themselves to that DLL for interpretation and running.
Just how old is that patent, anyway?