November 2005 Archives

Somebody out there has figured a new, smart way to make money from spam :

Removal from the SORBS Spammers database is not automatic, nor is it free, you are required to pay a 'fine'.

The 'fine' is US $50.00 and is designed to be small enough [...]

http://www.sorbs.net/lookup.shtml?66.94.237.43

Additional information: Received: from n9a.bulk.scd.yahoo.com (n9a.bulk.scd.yahoo.com [66.94.237.43]) by desperado.sorbs.net (Postfix) with SMTP id 17F461158D for <[email]>; Tue, 22 Nov 2005 10:57:18 +1000 (EST)

Across the street from our office there is a Pizza Restaurant. Actually, there was one - because they've just closed it down for renovation. The new banner says it will become a Cafe starting with December 1st and the coffee-addicted part of me is (okay, maybe a little bit suspiciously) looking forward to it.

One of the reasons for which the Pizza Restaurant Across The Street From Our Office (F.K.A. "PRATSFOO") closed was that nobody was really going there to buy pizza. Being an office building where most of the companies have something to do with IT, and because IT people are so lazy, everybody was simply ordering pizza on phone. Needless to say, the Pizza Restaurant across the street didn't take orders on phone. This turned out to be a fatal design flaw (*). As I've already explained, the solution to this design flaw was the replacement of the pizza owens with coffee-making machines. Now, since almost every company which has something to do with IT has a coffee machine in the office, I seriously doubt the success of the upcoming Cafe, but that is not the point here.

People tend to be lazy. If presented with a set of options, they will most likely chose the one which involves less walking, moving, writing and thinking. For one product to be successfull, it has to be simple and straightforward. It has to fullfill a function and nothing more. (products which fullfill more functions than most people need appeal to another category, which is usually called "geeks")

With the in mind, the success of Apple's MacOS X is truly a notable exception.

Designed to be nice, clean and sometimes annoyingly straightforward, the operating system appeals to that no-nonsense category of people who buy iPods (because they are cute and trendy), P&S digicams (because they are trendy) and other - you name it (because it is trendy or cute) - underfeatured appliances. On the other hand, Apple's MacOS X comes with a strong Unix core under the hood. A hood which can be accessed the geeks and the like. So if you come to think of it, being both no-nonsense and having thousand of hidden functions under the hood is probably the main reason behind Mac OS X' success.

Back to our friends from across the street, the geek in me can't help thinking: how about a Cafe which also does pizza with home delivery?

PS: WiFi in the Cafe would also be nice.

(*) - suggested further reading on fatal design flaws and other frightening things: all of Steve McConnell's books.

Ran into a strange problem Friday evening, with the latest FC4 kernel, "2.6.14-1.1637_FC4".

Being a Linux and Windows user (now MacOS as well), the preferred method for sharing files between these systems is of course, samba. For security reasons, my samba server, located on a Fedora Core 4 machine, runs with SELinux active _and_ enforced.

When a folder is created over samba with SELinux enabled, smbd sets the appropriate security context to "samba_share_t". This is necessary because smbd is restricted to serving files with that security context alone.

For a reason yet to be identified, the part where the security context gets set is no longer taking place with kernel "2.6.14-1.1637_FC4". Whenever a new file/folder is created over samba, it just gets an empty security context:

In the screenshot above, "k1532" has been created over samba with the system running an older, "2.6.13-1.1532_FC4" kernel. The "k1637" folder has been created under the lastest kernel and as you can see, there is no security context attached.

Most odd.

Anyway, I guess there is a price for riding the penguin for free, which comes back into the form of glitches like the above. And unlike Windows, rebooting doesn't help. Unless you reboot into an older kernel, of course - like I'm doing now.

Happy weekend!

There are a couple of reports on the Internet that version 1.5 of the popular Internet Explorer replacement Firefox has been released.

Not quite so. What people are seeing is actually 1.5RC2, which has been made available yesterday. However, the name of the product, as shown in the internal update dialog of 1.5(,RC1) is indeed "1.5", which could suggest that the final version has been released. Being a kind of "final" release candidate, the developers have decided to call this product "1.5" and if no bugs are found, the binary itself will become 1.5 Release. Otherwise, RC3 will appear, again, dubbed "1.5".

And while at it, it's worth noting that somebody has gone the lengths of writing a book on why IE is bad for you and why you need to put it away for Firefox:

The book can be purchased from the Mozilla Store along with other cool Firefox (and Thunderbird) merchandise.

I'm probably not the only one to state that the Windows Live service is barely half-baked and it was released way too soon. Not only technically incomplete (still no Firefox support), sometimes it doesn't even work with Internet Explorer! Could this be a sign that Microsoft is really that desperate to catch up with Google?

Anyway, despite the incompleteness, there are however some very interesting goodies in the Windows Live portal. One of them is the Windows Live Safety Center. This includes a free ActiveX-based antivirus scanner, based on the RAV (or OneCare) engine.

You may wish to check the type of information collected by Microsoft beforehand:

http://safety.live.com/site/en-us/article/datacollect.htm

Some examples include: Hosts (the Windows hosts file?), the contents of the Startup Folder, the list of installed Services and Drivers, the list of Internet Explorer Add-ins, the contents of the Registry Run key, and so on.

Of course, due to the usage of ActiveX technology, the scanner is limited to the Windows platform. A good thing is that unlike OneCare, it also works on Windows 2000 as well as 9x'es. By the way, the other extreme is probably Trend Micro's online scanner, which even works (tested) under MacOS - neat!

And last but not least, we (Kaspersky) have our own Online Scanner, which has been developed from scratch in Bucharest, at KL Romania. You may find it at:

http://www.kaspersky.com/downloads/kws/

or the newly-released Romanian version:

A very unfortunate news came up this morning. Apparently, the owner of UNA, (Ucrainean National AntiVirus), Mr. Dmitriy Zagorodniy was shot about two weeks ago.

The original article can be found at:

http://www.pk.kiev.ua/article.php?story=20051102125721880

Below you can find an approximate translation of the article into English using Babelfish:

The creator of Ukrainian Antivirus dead

"newspaper..." will follow the course of events and compulsorily it will report the results of consequence.

There is no breaking news that Sony has been found distributing a rootkit on some of their most recent DRM'ed CDs, such as Van Zant's - Get Right With The Man. Besides creating a huge interest in Van Zant's music, this triggered practically hundred of thousand of angry voices at this unheard of abuse from Sony. Just to give you an ideea:

I Don't Buy Content/Copy-Protected Cds, October 19, 2005

Reviewer: J. H. Smith "Fair Use Advocate" (Easton, PA USA)

No offense to the brothers Van Zant, but I'll never buy this CD because it's copy protected. I don't have an MP3 player and I don't download music illegally, but I DO make mix CDs from my own discs, so I couldn't do that here. This is an infringement of my fair-use rights and I refuse to go along with it - and so should you.

Safer to download!, November 3, 2005

Reviewer: Elvis
After reading these reviews I decided it was probably safer to download it using Emule, Nice one Sony BMG!

This CD, plus all others by Sony that have copy protection, install Malware, November 3, 2005

Reviewer: PhilNZ (Switzerland)
If you install this Malware, hidden software will be installed on your computer, that runs without your knowledge, uses your CPU and RAM constantly, and can NOT BE REMOVED!
For a detailed analysis go to sysinternals and search for rootkit

Sony's scheme worse than you thought, November 3, 2005

Reviewer: T. Rowe "Tolkien Fan" (Georgia)

Again, no offense to the Van Zant brothers (they should switch lables if they can). The hidden program and directories that the copy protection method installs on your system can be used by viruses to hide from AV software. DO NOT buy Sony CD's until they quit using this scheme.
Even if you own a non-windows machine, I don't think Sony should be patronized.
I rate this a 1 only because of Sony. I like the Van Zant's music, but won't buy this one.

I could include more, but you get the point. Now, back to our story. Unheard? Sure thing - no. Because DRM is not something new by all means, and because there have been cases of rootkits being distributed with DRM'ed CDs in the past.

So what is different this time?

Basically, it's the "last drop" effect. You buy a music CD from Amazon, put it into your Windows computer for playing and Accept the EULA (you just paid for it, right?). Then you click Yes/OK during the next dialogs warning you that there is something fishy going on, such as a music CD installing drivers into your system. Later, you run a regular anti-rootkit tool, such as Rootkit Revealer or F-Secure's BlackLight, and surprise - they say you have a rookit! Which in theory is bad, right? Rootkits are there because hackers installed them in the first place to get further access to your machine, to keep the door open, or because some tricky malware put them into your system to cover its tracks. The source of the rootkit? Well, the last Audio CD from Sony, which presumably thought you are a dark ugly pirate which will undoubtely rip their CDs first thing after putting it in the computer. So much for the honest customer presumption - and even better, while you run the treacherous rootkit on your system, the pirates just use Linux or MacOS or even Windows to rip the CD and upload it on the web or distribute it in some other form. But you are a single voice in a large ocean called the Internet, so nobody hears your angry screaming. But then, somebody else falls victim to this, and there are two voices screaming. And more. And more... until you reach the final drop.

Luckily, the last drop is good, and there's a positive outcome of this whole story. Sony removed the stealthy rootkit from their latest Aurora (the name of the DRM scheme they use) update and hopefully, future Van Zant albums will come out clean of Windows drivers and other hidden/hiding software. One maybe not so positive outcome for Sony is that now even more people will go to P2P networks to download "clean" copies of DRM'ed packages, which maybe they would have bought in the first place. In all cases, I can bet Apple's iTunes will become even more popular; at least their DRM content doesn't open hidden backdoors into your system.

For the Italian-enabled readers, my friend Marco Giuliani at HWUPGRADE.IT came up with the following interview. Thanks again, Marco!

Finally, we have Microsoft's answer to GMail, Google and other G'ees:

    http://www.live.com/

This includes 2GB mailboxes, javascript e-mail client interface, javascript searching (faster the Google).

Unfortunately, it looks they've started on the wrong foot:

    Firefox Users
    Firefox support is coming soon. Please be patient :-)

It still kind of works with Firefox, altough it looks pretty messed up.