Well, Firefox doesn't write global registry keys and it still won't run with "Protect my computer" min privileges. There's a bug filed for it but no action. The workaround is to run with normal privs.
For the most recent outrage see Paperghost's blog which describes the installation of spyware using child porn as bait. Don't ask the question "how low can they go" unless you can stomach the answer.
It's fine to browse with cookies off by default, IF you know what you are doing. Unfortunately, most people aren't computer-savvy enough to do this. I run a site that has user logins; like Slashdot and thousands of others we use cookies to keep track of this. At least a few times a week we get emails from people saying "your site is broken, when I log in it says I'm not logged in on the next page!" Those people have cookies turned off (or blocked by some utility).
In most cases, just blocking third-party cookies is enough to prevent any tracking across sites. If you don't use a login at a site you can always batch-delete its cookies on a daily or weekly basis to prevent any long-term tracking.
The going rate for a US computer is more like 15 to 20 cents. Other countries go for as little as 1 or 2 cents. Cash4Toolbar is installing its stuff through some blogspot.com blogs (IE users beware) and some really cute social engineering, but several others are seeding infected files on BitTorrent.
...until this Monday's announcement by Apple. Are a lot of developers going to want to pour their souls into code that will decrease in relevance and market size over the next five years?
"As long as the machines are still built by apple exclusively, this'll be more-or-less transparent to the mac user."
And how will Apple stop people from running their OS on a generic platform? Hmm, maybe this ties in with the (non)announcement about Intel DRM from a few days ago.
Apple will certainly need some sort of hardware lockin if they plan to offer their bundle at a premium price and control the platform to the extent they do today. Unless the big surprise down the road is that they plan to sell the OS separately.
As I understood TFA, one of the driving forces for this is the Kyoto treaty that has the goal of nations reducing their CO2 emissions to 1990 levels by 2012. The US is not ratifying the treaty but several Kyoto participants including Japan are far from meeting their goals.
Research that I have seen in the past shows that often the environmental cost of creating a new car or appliance is higher than using the old one, even if it's less efficient. The major benefit I can see from Japan's standpoint is that many of the parts and products would be produced offshore. The energy consumption and pollution would be elsewhere but Japan would reap the energy and environmental benefits of the churn--assuming they can dump their old stuff offshore.
So how would that work? Would music stores distribute DRM-wrapped versions of their content via an open P2P network? If so, I want a cut of the money my P2P client/server is saving them on distribution costs. How about "upload 10 songs, download an unlocked song free!"
The funny thing is that they would need to keep track of your uploads in this scenario to give you credit, which means trackerless networks need not apply.
When you're a subcontractor, all the rights to your work generally go to the company that is paying you. In open source, your work remains yours to use or take elsewhere when you change jobs. That is a powerful advantage.
As much as we all make fun of big companies, they can add value by doing the things that generally don't get done in programmer-driven open source projects. Usability testing is one example.
I think it's an even simpler premise. People don't like "unfair" laws. If the average person can't figure out who's been hurt, then a crime has not been committed.
Intellectual property laws don't make common sense in these cases. Even if you can get your head around the idea that something has been "stolen" (even though the original owner still has it), it's hard to buy the idea that the damages are huge. If I download one track of a song off a P2P network, aren't the damages 99 cents if that's the price I'd pay at iTunes?
When a law tries to tell the people a lie, they lose respect for the law.
If the OS still hits the drive then you're not going to get the most out of hybrid drives. There was an interesting presentation at Microsoft WinHEC last month. The presenter said that Samsung's new flash was significantly faster so it eliminated a lot of the flash performance penalty. You can see the slides here:
The limbs on a tree can always come up with a reason why they shouldn't be pruned.
If IBM thinks they don't need these workers, they should be able to eliminate them. If IBM is wrong then the company will suffer and the worker will find a better job. If IBM is right they will benefit and the worker will need to get their sorry ass in gear or work at a crappier job.
After being through a half-dozen jobs in my life I realized that a capable person losing a job is an opportunity, not a tragedy.
Mod parent up. In 1995 it was about glory; in 2005 it's about money. I just investigated a social engineering exploit involving porn that installed about 10 different pieces of spyware. Given that each company pays 10 to 30 cents, these guys are making maybe $2 off each install. When it's distributed to say a million people a day and just 0.05 percent fall for it, that's $1,000 a day!
My Bayesian spam filter, k9 has had only 4 false positives in six months. All of them were from HTML messages composed in Word. Seems that a lot of spammers don't know HTML and use Word to compose their spam as well.
Our company sends out a newsletter and I have (successfully) fought the same battle against HTML. Outlook 2003 doesn't even render external images anymore, so if it's a question of beauty just show your boss what that email looks like without its images.
These are all good generic suggestions. As for Aurora in particular, a Google would lead you to this post that also identifies it as Bolger and a few other names. The reason it's so sneaky is that it installs as a print monitor that is hosted by the print spooler exe. The dirty work is done by a randomly named exe file. If you try to kill that, it spawns another randomly named exe to take its place.
The post above has some registry edits to fix the problem. However, I can tell you that won't always fix the problem. The newer versions seem to work differently. You CAN remove them using the spyware maker's uninstaller which I hate to recommend but it does work.
Who modded this funny? It is painfully accurate. People that keep every email they ever received, including ones with large attachments, will run afoul of Outlook's 2GB limit on.pst files. When you hit that limit, Outlook starts doing strange things but doesn't let on that you've just done something horrible. Then you are left to pick up the pieces and try to figure out what you have lost.
Mega-systems like this make sense for big SQL and application servers where CPU is a bottleneck. Most of the other uses are solutions looking for a problem. Intel and AMD would dearly love to corral more of the dollars spent on building systems; these mega-chips have high margins. But the reality is that it is going to be more cost-effective for most setups to use a large number of inexpensive PCs with modest CPUs.
Click fraud in Adwords/Adsense. Google says the problem is minimal, but it's not. Yes, it's in Google's best interest to clean it up to maintain confidence in the system, but they don't want to let on how big a problem it is for the same reason. They don't want people to start asking for credits or refunds.
Scams perpetrated through Adwords/Adsense. Keywords are being bid up by the scum that can afford to--the ones that lie to make the sale. It's tough for a legit company to compete with one that will lie. As a publisher I have almost no control over what ads are displayed on the site, I can only block by URL and not by company for example. I cannot block Claria the company, I must block whatever URL they or their affiliates decide to use this week. And I'm limited to a total of 200 URLs in the Adwords block list.
Toleration of spyware distribution through blogger.com. Want some spyware? Tryoneoftheseblogs.
Very few developers are exploiting Windows bugs, at least not knowingly. The problem is that the standards changed.
When Win9x/FAT32 ruled the earth there were no protected directories and everyone, including Microsoft, tended to have writable files everywhere. A lot of programs saved their settings to files in their program directory, which seems bad until you realize that most of the rest wrote to an INI file in the Windows directory. But there were plenty of examples from Microsoft that did similar things.
When WinNT arrived with NTFS, the boys realized they had made a big mistake and started to segregate code (Program Files) from data (Documents and Settings). That let the OS have write-protected program directories, at least theoretically. The problem is that most app writers are not cooperating.
Confirmed opt-in is not the universal solution. Someone comes to your site, and they want to use your services NOW. Instead, you tell them that you'll give them access as soon as they click on the email confirmation you will send them.
I agree that with decent email servers this process will take just a few minutes, but large services like Hotmail, Yahoo, or AOL can take more than an hour at times. Plus, AOL has a convenient "block anyone not in my address book" anti-spam feature that clueless users often enable without thinking of the consequences.
Sites I run have been tagged a few times by overeager RBL lists and then the opt-in emails are almost SURE to be blocked. The block is usually removed within a few days. What are we supposed to do in the meantime, though, close the site?
In the past I've used what I call delay-confirmed opt-in. For the first session after registration I let the user go ahead without confirmation, and send out any emails that might be generated during that session. If they don't confirm within 24 hours the account is removed or suspended pending review.
One other thing, confirmed opt-in "protects" the email address, but it doesn't do much for the service provider since email addresses are so easy to come by. Someone that wants to abuse a service can easily do so if the only verification is an email address.
True, but the "Internet is broken" because their spyware cleanup program detected CoolWebSearch in the IP stack and tried to remove it. The only solution is to us MSConfig to restore the DLL from the original Windows CD and then go to Windows Update to get the required security patches.
"Perhaps the bronze sculptor in Washington state that you linked to isn't the same person as the New York web designer."
Probably you are right. Perhaps we could send the Washington state sculptor to New York to arrange an "unfortunate smelting accident" for the web designer. I certainly would if he tarnished my name.
I will gladly take that bet. If Ray Ozzie had not wanted the deal to go through, it would not have happened. And they definitely would not have made him CTO at Microsoft. He's been at large companies before, so the corporate environment and its politics certainly shouldn't scare him.
I have used Lotus Notes, just briefly, and can say it is by far the worst mission-critical application I have ever used. So perhaps this deal gives Microsoft haters have something to be optimistic about.
...no matter who does it. Yes, technically oriented companies have been led into oblivion by CEOs that are clueless about what they are selling. But just as many, if not more, technical companies have been led into oblivion by technical CEOs that are cluless about their potential customers or the business world.
Don't forget that Jobs saw his competition as IBM, not Microsoft. That was the point of the "1984" Super Bowl ad, he was making fun of IBM. He totally misjudged the real threat to Apple.
Slashdot Mirror
Well, Firefox doesn't write global registry keys and it still won't run with "Protect my computer" min privileges. There's a bug filed for it but no action. The workaround is to run with normal privs.
3 3
https://bugzilla.mozilla.org/show_bug.cgi?id=2665
(Copy/paste since Bugzilla blocks Slashdot)
For the most recent outrage see Paperghost's blog which describes the installation of spyware using child porn as bait. Don't ask the question "how low can they go" unless you can stomach the answer.
It's fine to browse with cookies off by default, IF you know what you are doing. Unfortunately, most people aren't computer-savvy enough to do this. I run a site that has user logins; like Slashdot and thousands of others we use cookies to keep track of this. At least a few times a week we get emails from people saying "your site is broken, when I log in it says I'm not logged in on the next page!" Those people have cookies turned off (or blocked by some utility).
In most cases, just blocking third-party cookies is enough to prevent any tracking across sites. If you don't use a login at a site you can always batch-delete its cookies on a daily or weekly basis to prevent any long-term tracking.
The going rate for a US computer is more like 15 to 20 cents. Other countries go for as little as 1 or 2 cents. Cash4Toolbar is installing its stuff through some blogspot.com blogs (IE users beware) and some really cute social engineering, but several others are seeding infected files on BitTorrent.
...until this Monday's announcement by Apple. Are a lot of developers going to want to pour their souls into code that will decrease in relevance and market size over the next five years?
"As long as the machines are still built by apple exclusively, this'll be more-or-less transparent to the mac user."
And how will Apple stop people from running their OS on a generic platform? Hmm, maybe this ties in with the (non)announcement about Intel DRM from a few days ago.
Apple will certainly need some sort of hardware lockin if they plan to offer their bundle at a premium price and control the platform to the extent they do today. Unless the big surprise down the road is that they plan to sell the OS separately.
As I understood TFA, one of the driving forces for this is the Kyoto treaty that has the goal of nations reducing their CO2 emissions to 1990 levels by 2012. The US is not ratifying the treaty but several Kyoto participants including Japan are far from meeting their goals.
Research that I have seen in the past shows that often the environmental cost of creating a new car or appliance is higher than using the old one, even if it's less efficient. The major benefit I can see from Japan's standpoint is that many of the parts and products would be produced offshore. The energy consumption and pollution would be elsewhere but Japan would reap the energy and environmental benefits of the churn--assuming they can dump their old stuff offshore.
So how would that work? Would music stores distribute DRM-wrapped versions of their content via an open P2P network? If so, I want a cut of the money my P2P client/server is saving them on distribution costs. How about "upload 10 songs, download an unlocked song free!"
The funny thing is that they would need to keep track of your uploads in this scenario to give you credit, which means trackerless networks need not apply.
When you're a subcontractor, all the rights to your work generally go to the company that is paying you. In open source, your work remains yours to use or take elsewhere when you change jobs. That is a powerful advantage.
As much as we all make fun of big companies, they can add value by doing the things that generally don't get done in programmer-driven open source projects. Usability testing is one example.
I think it's an even simpler premise. People don't like "unfair" laws. If the average person can't figure out who's been hurt, then a crime has not been committed.
Intellectual property laws don't make common sense in these cases. Even if you can get your head around the idea that something has been "stolen" (even though the original owner still has it), it's hard to buy the idea that the damages are huge. If I download one track of a song off a P2P network, aren't the damages 99 cents if that's the price I'd pay at iTunes?
When a law tries to tell the people a lie, they lose respect for the law.
If the OS still hits the drive then you're not going to get the most out of hybrid drives. There was an interesting presentation at Microsoft WinHEC last month. The presenter said that Samsung's new flash was significantly faster so it eliminated a lot of the flash performance penalty. You can see the slides here:
t oc10
http://www.microsoft.com/whdc/winhec/Pres05.mspx#
"Hybrid Hard Drives with Non-Volatile Flash and Longhorn [WinHEC 2005; 207 KB]"
The presentation slants towards Longhorn but you can see where the technology is going.
The limbs on a tree can always come up with a reason why they shouldn't be pruned.
If IBM thinks they don't need these workers, they should be able to eliminate them. If IBM is wrong then the company will suffer and the worker will find a better job. If IBM is right they will benefit and the worker will need to get their sorry ass in gear or work at a crappier job.
After being through a half-dozen jobs in my life I realized that a capable person losing a job is an opportunity, not a tragedy.
Mod parent up. In 1995 it was about glory; in 2005 it's about money. I just investigated a social engineering exploit involving porn that installed about 10 different pieces of spyware. Given that each company pays 10 to 30 cents, these guys are making maybe $2 off each install. When it's distributed to say a million people a day and just 0.05 percent fall for it, that's $1,000 a day!
My Bayesian spam filter, k9 has had only 4 false positives in six months. All of them were from HTML messages composed in Word. Seems that a lot of spammers don't know HTML and use Word to compose their spam as well.
Our company sends out a newsletter and I have (successfully) fought the same battle against HTML. Outlook 2003 doesn't even render external images anymore, so if it's a question of beauty just show your boss what that email looks like without its images.
These are all good generic suggestions. As for Aurora in particular, a Google would lead you to this post that also identifies it as Bolger and a few other names. The reason it's so sneaky is that it installs as a print monitor that is hosted by the print spooler exe. The dirty work is done by a randomly named exe file. If you try to kill that, it spawns another randomly named exe to take its place.
The post above has some registry edits to fix the problem. However, I can tell you that won't always fix the problem. The newer versions seem to work differently. You CAN remove them using the spyware maker's uninstaller which I hate to recommend but it does work.
Who modded this funny? It is painfully accurate. People that keep every email they ever received, including ones with large attachments, will run afoul of Outlook's 2GB limit on .pst files. When you hit that limit, Outlook starts doing strange things but doesn't let on that you've just done something horrible. Then you are left to pick up the pieces and try to figure out what you have lost.
Mega-systems like this make sense for big SQL and application servers where CPU is a bottleneck. Most of the other uses are solutions looking for a problem. Intel and AMD would dearly love to corral more of the dollars spent on building systems; these mega-chips have high margins. But the reality is that it is going to be more cost-effective for most setups to use a large number of inexpensive PCs with modest CPUs.
Click fraud in Adwords/Adsense. Google says the problem is minimal, but it's not. Yes, it's in Google's best interest to clean it up to maintain confidence in the system, but they don't want to let on how big a problem it is for the same reason. They don't want people to start asking for credits or refunds.
Scams perpetrated through Adwords/Adsense. Keywords are being bid up by the scum that can afford to--the ones that lie to make the sale. It's tough for a legit company to compete with one that will lie. As a publisher I have almost no control over what ads are displayed on the site, I can only block by URL and not by company for example. I cannot block Claria the company, I must block whatever URL they or their affiliates decide to use this week. And I'm limited to a total of 200 URLs in the Adwords block list.
Toleration of spyware distribution through blogger.com. Want some spyware? Try one of these blogs.
If you don't know what Avenue A is, how do you know it's spyware? Perhaps you are mistaking a cookie for spyware?
Very few developers are exploiting Windows bugs, at least not knowingly. The problem is that the standards changed.
When Win9x/FAT32 ruled the earth there were no protected directories and everyone, including Microsoft, tended to have writable files everywhere. A lot of programs saved their settings to files in their program directory, which seems bad until you realize that most of the rest wrote to an INI file in the Windows directory. But there were plenty of examples from Microsoft that did similar things.
When WinNT arrived with NTFS, the boys realized they had made a big mistake and started to segregate code (Program Files) from data (Documents and Settings). That let the OS have write-protected program directories, at least theoretically. The problem is that most app writers are not cooperating.
Confirmed opt-in is not the universal solution. Someone comes to your site, and they want to use your services NOW. Instead, you tell them that you'll give them access as soon as they click on the email confirmation you will send them.
I agree that with decent email servers this process will take just a few minutes, but large services like Hotmail, Yahoo, or AOL can take more than an hour at times. Plus, AOL has a convenient "block anyone not in my address book" anti-spam feature that clueless users often enable without thinking of the consequences.
Sites I run have been tagged a few times by overeager RBL lists and then the opt-in emails are almost SURE to be blocked. The block is usually removed within a few days. What are we supposed to do in the meantime, though, close the site?
In the past I've used what I call delay-confirmed opt-in. For the first session after registration I let the user go ahead without confirmation, and send out any emails that might be generated during that session. If they don't confirm within 24 hours the account is removed or suspended pending review.
One other thing, confirmed opt-in "protects" the email address, but it doesn't do much for the service provider since email addresses are so easy to come by. Someone that wants to abuse a service can easily do so if the only verification is an email address.
True, but the "Internet is broken" because their spyware cleanup program detected CoolWebSearch in the IP stack and tried to remove it. The only solution is to us MSConfig to restore the DLL from the original Windows CD and then go to Windows Update to get the required security patches.
Even my grandma could have figured that out.
"Perhaps the bronze sculptor in Washington state that you linked to isn't the same person as the New York web designer."
Probably you are right. Perhaps we could send the Washington state sculptor to New York to arrange an "unfortunate smelting accident" for the web designer. I certainly would if he tarnished my name.
I will gladly take that bet. If Ray Ozzie had not wanted the deal to go through, it would not have happened. And they definitely would not have made him CTO at Microsoft. He's been at large companies before, so the corporate environment and its politics certainly shouldn't scare him.
I have used Lotus Notes, just briefly, and can say it is by far the worst mission-critical application I have ever used. So perhaps this deal gives Microsoft haters have something to be optimistic about.
...no matter who does it. Yes, technically oriented companies have been led into oblivion by CEOs that are clueless about what they are selling. But just as many, if not more, technical companies have been led into oblivion by technical CEOs that are cluless about their potential customers or the business world.
Don't forget that Jobs saw his competition as IBM, not Microsoft. That was the point of the "1984" Super Bowl ad, he was making fun of IBM. He totally misjudged the real threat to Apple.
What was the point of this "news" item?