Clack

GMail invite spooler

The other day I learned from BoingBoing about a new technology that's available. It's called the Gmail account spooler (you'll have to find the link on their home page since they use PHP Sessions).

The way it works? If you have spare Gmail invites, you send them to a special email address. Somebody that wants a Gmail account simply goes to the spooler, puts in their email address, and a Gmail invite is sent to them (if there are any in the spooler that are available).

I'm not posting on Clack any more about gmail invites. I'll be sending any spare ones to the spooler. If you want an invite, go use the spooler.

Gmail Invites (update)

Apparently, one of three things is going on:

• everybody who wants a gmail account already has one


• nobody knows what gmail is


• nobody reads Clack anymore

I've found people to give the invites away to, so, when/if I get more, I'll post about it again.

Run Screaming! Arms Flailing!

begin sarcasm

Oh My God! It's like the Y2K bug, only worse! Oh jeez, I certainly hope the media picks up on this so everybody knows that the world is going to end on Tuesday, Jan 19, 2038, at precisely 03:14:17 UTC! Jiminy, I've got to go to Home Depot and get duct tape and plywood tonight, and start buying non-perishable foodstuffs and bottled water NOW!

end sarcasm

The 2038 bug

Lavasoft release new version of AdAware

If you run Windows, you absolutely need to run this tool on a regular basis to scan your system for and remove SpyWare and Malware.

download

RAID 5 on linux

OK, this is more for myself than anybody else, but I've struggled with this since late last week, and six months from now, if I need to do this again, I'll at least have a record of it.

As some of you know, I have a pretty massive machine that I use as a videoserver here at the house. It's running hardware RAID5 (using an LSI Logic MegaRAID i4 controller). Things have been great with the controller, would highly recommend it!

The RAID 5 in the box consists of five 160GB drives giving a total of 0.6 Terabytes available. I've reached that limit over the past year, and needed to add a new drive to the array. Hey, that's one of the benefits of RAID5!

Scott and I went to Best Buy and I picked up a Seagate 160GB drive for $149.00 with $50 in rebates.

I popped the drive in the machine, reconfigured the RAID controller to include the new drive in the array, and let it rebuild the array (which incidentally, took almost two days!). Booted Linux back up (I run SuSe 9.0 Professional on this box) mounted /dev/sda1, and ..... the array showed the same size as before. Major frowny face for me. The hardware controller reported the correct size of the array (781,352,660 MBytes), but df showed only 620,000 MBytes of that as available.

I should probably note that I'm running ReiserFS on this array as well. Repeated google searches for various combinations of linux, suse, "df returning incorrect values", RAID, RAID5, megaraid, i4, ad nauseum, returned nothing seemed like it would help. I did however, find out about reiserfs_resize and cfdisk...handy utilities, but nothing that would help me in this situation.

Poking around tonight in YaST (Yet another Setup Tool...SuSE's administration interface), there's Disk Partition Manager. I didn't have high hopes for anything useful, but, low and behold, there it was... dum da dum! "Resize Partition".

Crossing my fingers and clicking the button brought up a screen that showed me the existing partition, and a block of green (free) space labeled "Unused Disk." There's a nice little slider widget that can be used to adjust the amount of free space. Slinging that sucker all the way to the right so that all available space would be used for the existing partition, I said a little prayer and sacrificed a virgin chicken (while standing on one foot and humming the theme song to Green Acres), and clicked the Apply button.

After the requisite "Warning: this may be a bad thing to do" messages, away it went, happily resizing the partition. When it finished, a mount /dev/sda1 /raid command mounted the raid array back up. A quick check revealed the pre-existing data still existed....WHEW! ('cause there's just no practical way to back up 0.6 TB of data).

The end result?

videoserver:~ # df

Filesystem           1K-blocks      Used Available Use% Mounted on

/dev/hda2             38305816  13869196  24436620  37% /

shmfs                   192592         0    192592   0% /dev/shm

/dev/sda1            781352660 619039280 162313380  80% /raid

The size of the RAID array has increased by 160 GB to a total of 0.78 TB! I've got two more drive slots open in this case (and coincidentally, one more IDE channel on the controller). Two more drives are going in the machine to bring the total size of the array to 1.12 TB.

Slate.msn.com recommends Firefox over IE

From Are the Browser Wars Back? How Mozilla's Firefox trumps Internet Explorer (link via /.):

In less than a day, Internet administrators sterilized the infection by shutting down the Russian server that hosted the spyware. But not before a barrage of scary reports had circled the world. "Users are being told to avoid using Internet Explorer until Microsoft patches a serious security hole," the BBC warned. (Disclosure: Microsoft owns Slate.) CNET reporter Robert Lemos zeroed in on why the attack was so scary. "This time," he wrote, "the flaws affect every user of Internet Explorer." That's about 95 percent of all Net users. No matter how well they had protected themselves against viruses, spyware, and everything else in the past, they were still vulnerable to yet another flaw in Microsoft's browser.

[...]

The problem is that hackers continue to find and exploit security holes in Explorer. Many of them take advantage of Explorer's ActiveX system, which lets Web sites download and install software onto visitors' computers, sometimes without users' knowledge. ActiveX was meant to make it easy to add the latest interactive multimedia and other features to sites, but instead it's become a tool for sneaking spyware onto unsuspecting PCs. That's why the U.S. Computer Emergency Readiness Team, a partnership between the tech industry and Homeland Security, recently took the unusual step of advising people to consider switching browsers. Whether or not you do, US-CERT advises increasing your Internet Explorer security settings, per Microsoft's instructions. (Alas, the higher setting disables parts of Slate's interface.) Even if you stop using Explorer, other programs on your computer may still automatically launch it to connect to sites.

email tracking no longer a "snope?"

Saw this in yesterday's USA today
(online at USAToday.com)

Now they'll know if you read their email

An Internet service is about to test the frontiers of e-mail privacy.

DidTheyReadIt.com, which will launch Monday, allows anyone to secretly track e-mails they send. You'll see whether someone opens your email, how long the recipient keeps it open - even where geographically the recipient is reading it.

The reaction could be harsh. "It will freak people out," says Internet expert Esther Dyson.

"It violates our electronic space in a way that's as uncomfortable as someone violating our physical space," says Mitchell Kertzman, a partner at technology investment firm Hummer Winblad. "Add this company to the long list of people who are making the Internet a less attractive place to live and work."

The service comes from Rampell Software of Cambridge, Mass. DidTheyReadIt.com will cost $50 a year. You register on the Web site, and then every time you send an e-mail, you add .didtheyreadit.com to the end.

Can email be saved?

InfoWorld has an interesting article about what could be done to do away with Spam entitled Can e-mail be saved?

Six experts plus one unrepentant spammer were asked how they would change the system to remove mass-marketers' incentives to flood your mailbox with ads...not surprisingly, they got six different answers.

What Is SpyWare?

From Ask Yahoo!:

Generally speaking, spyware refers to any computer program that gathers information about a person without his or her knowledge. Spyware programs can track your Internet page views, allow someone else to read your email, and even record your keyboard strokes. They are obviously cause for alarm.

The Yahoo! Spyware and Adware Category features several resources, such as 2-Spyware.Com and SpyChecker.Com, which offer information about the most common spyware programs, as well as anti-spyware downloads. Spyware Watch offers a general tutorial on detecting and removing spyware programs.

With new spyware legislation pending in Congress, the issue has become a hot topic in the press. A word to the wise: Check your cookies, avoid suspicious downloads, and in a work environment treat your emails like postcards.

Personally, I use LavaSoft's Ad-Aware. Earthlink also offers a free scanner called Spy Audit that you can use to scan your Windows box. Note that Spy Audit doesn't include removal tools.

MythTV, PVRs, and me

OK, a little background information....I've been a ReplayTV owner for a number of years (ie, I bought one of the first ones when they came out). The 50x0 series hit the market a couple of years ago, and could do all kinds of geeky, cool things like share recorded programs with other ReplayTV 50x0 owners, automatic commercial skip, internet downloads of the program guide, and streaming video from another local 50x0 series ReplayTV.

Enter software called DVArchive. DVArchive is a nice little Java application that runs on your computer that interacts with your ReplayTV and can pull recorded shows down and archive them to your computer's hard drive. It also acts like another ReplayTV and will serve up archived shows back to the real ReplayTV, streaming them across your LAN. The newest version (3.0) does all kinds of cool additional things like letting you program your ReplayTV from a web page, and gathering and displaying it's own program guide.

So, last year about this time, I got the brainiac idea that I'd build a computer system with a huge RAID drive in it, rip my DVD collection (or at least part of it) off to the hard drive, and I'd have a large movie collection online and instantly accessible from any TV in the house (yes, I have a distributed A/V network throughout the house, too).

Turns out, I was about a year ahead of the curve. Because the ReplayTV uses an MPEG-2 decoder that's pretty picky about certain parameters in the stream, converting "previously recorded" content that wasn't recorded on a ReplayTV wasn't possible. Never fear, the "videoserver" box hasn't gone unused. It's been happily running DVArchive and archiving many favorite episodes of my favorite shows. Also, having a terabyte of disk space comes in handy when you need to make a full backup of another computer before re-installing the operating system or having an almost real-time backup of important stuff like email (yep, I run my own mailserver too).

Finally, a set of tools have been released that will convert standard MPEG video to the picky ReplayTV format. The process isn't pretty, and is sometimes a 4-step manual process, but it works. But, there's a problem...as always. Streaming video from the videoserver usually works, but will cause the ReplayTV to crash and reboot sometimes. This is a problem, especially if it crashes while another recording is going on.

So, I've decided to build my own DVR/PVR (Digital Video Recorder/Personal Video Recorder) using MythTV.

I have an additional Linux machine (2.4 GHz P4) sitting here that I figured I'd use as the MythTV box....NFS mount the terabyte RAID drive to MythTV, and use the same machine for playback by hooking it's S-Video and audio into the distribution amp for my house's A/V network.

Has anybody used MythTV? Will it playback regular MPEG-1/2/4 movies (ie, "prerecorded content" that wasn't generated by the MythTV backend?).

AOL raffling spammer's Porsche

Link via Boing Boing:

BBC News World Edition:

Internet giant AOL has ratcheted up the war against unsolicited e-mail with a publicity-grabbing coup - an online raffle of a spammer's seized Porsche.

AOL won the car - a $47,000 Boxster S - as part of a court settlement against an unnamed e-mailer last year.

"We'll take cars, houses, boats - whatever we can find and get a hold of," said AOL's Randall Boe.

[...]

Seizure of property is becoming a major tactic in these lawsuits, since guilty spammers often protest their inability to pay large fines.

The Porsche-owning spammer, whose identity remains confidential, was one of a group sued last year for having sent 1 billion junk messages to AOL members, pitching pornography, college degrees, cable TV descramblers and other products.

stupid spammer of the day (again)

while going through and reporting spam today, I came across this one.....this guy should have his computer license revoked! You know, if you're going to send out millions of spams in hopes that somebody clicks on your links, at least provide text for your spam mailer to substitute! Sheez!

From: "Angelo Buckle"
To: x
Subject: %RND_SUBJECTS
Date: Sat, 27 Mar 2004 17:34:58 -0500
Subject: %RND_SUBJECTS
From:"Angelo Buckle"
Date:Sat, 27 Mar 2004 17:34:58 -0500
To: x

%SOME_TEXT
%RND_AD_1

%RND_AD_3

%RND_BUY_TAG www.%DOMAINS_FOR_MAILING

spam of the day

today's idiotic spam:

Just finished my art project for collage! I am so depressed right now. I must study the whole week, and no brake, buuut that’s life… Anyways, just wanted to say hello, am going to be setting the whole day today at home studying and watching movies. Lets just Say I have no life now, computer is like my second home LOL… anyways if you got a Minute check my info it’s on the second page http://xxxxxxxxxxxxx Ohhh, and please if your not a serious individual, I beg of you only one thing, don’t give my info to nobody. ( * ) _ ( * )…. Hehehe, Ok, talk later. Bye Hun..

Candy.

so, she's in "collage", but she kan't spel oar you'se eenglish korectly. (emphasis in above spam mine). Amazing! She can spell individual, but she can't tell the difference between your and you're. LMFAO at the stupid spammers!

Beam Me Up Scotty

Link from /.
Forbes is running an article about Vocera Communications's internal communication system in use at their office. The employees wear the device and touch it to start the connection. After the device is activated, the user speaks the name of the person they wish to communicate with.

The system does voice recognition on the spoken name, looks it up in the company directory, locates the person on the WiFi network and begins a voice-over-IP (VOIP) communication session.

Baystar confirms Micro$oft behind SCO investment

(via /.)

Business Week says

For months, rumors have swirled around the Web alleging that Microsoft helped finance a small Utah software company's suit against IBM and two corporations that use Linux software. BusinessWeek has learned that Microsoft did not put up the money, but did play matchmaker for SCO Group and BayStar Capital, a San Francisco hedge fund which made a $50 million investment in SCO last October.

Lawrence Goldfarb, managing partner of BayStar, says that senior executives at the software giant had telephoned him about two months before the investment. Would he be interested in investing in SCO, they asked? Goldfarb wouldn't identify the executives, but says neither Chairman William Gates nor CEO Steve Ballmer were among them. He says Microsoft didn't put any money into BayStar or the SCO investment. A Microsoft spokesman says that the company has no "direct or indirect" financial relations with BayStar, but declined to comment when asked whether execs called BayStar to suggest investing in SCO.

[...]

Four ISPs use CAN-SPAM to sue hundreds of alleged spammers

from CBS Market Watch

EarthLink, Microsoft, Time Warner's America Online and Yahoo announced the combined filing of six lawsuits against hundreds of defendants who have been charged in violation of the laws under the federal anti-spam law, the Controlling the Assault of Non-solicited Pornography and Marketing Act of 2003, also known as CAN-SPAM.

[...]

The defendants are being charged with sending millions of bulk spam e-mail messages to customers while concealing the origins of their e-mail. The common allegations are that the bulk mailers use deceptive solicitations for products that include get-rich schemes, prescription drugs or pornography. Other charges include sending spam through third-party computers to disguise the point of origin, falsifying the origin of the e-mail or failing to include a physical address in the e-mail.

[...]

Each of the four companies last night filed legal complaints in federal courts in California, Georgia, Virginia and Washington state. The complaints charge the defendants with sending a combined total of hundreds of millions of bulk spam e-mail messages to customers of the four networks. Some of the common allegations described in the complaints include these:

* Deceptive solicitations for a variety of products including get-rich-quick schemes, prescription drugs, pornography, instructions for conducting spam campaigns, banned CDs, mortgage loans, university diplomas, cable descramblers and other common types of unsolicited e-mail
* Use of open proxies (sending spam through third-party computers to disguise their point of origin)
* Falsified "from" e-mail addresses (spoofing)
* Absence of a physical address in the e-mail
* Absence of an electronic unsubscribe option

Each allegation is a direct violation of the CAN-SPAM law. A summary of each filing is included below. More detailed information about each case can be found on each complainant's Web site.

[...]

America Online

AOL v. Davis Wolfgang Hawke, et al.

Davis Wolfgang Hawke (also known as Dave Bridger), Braden Bournival and unknown John Doe Defendant co-conspirators are alleged to have transmitted millions of spam email messages directing AOL Members to websites selling "Pinacle" penis enlargement pills, weight loss supplements, hand-held devices advertised as "personal lie detectors," and a product labeled "the Banned CD." These spam messages were transmitted between July 1, 2003 and the present. The complaint alleges that AOL has tallied at least 100,000 member complaints about messages advertising these products. In addition, the complaint alleges that Hawke also offered to provide or sell a number of illegal spam-related goods and services under the apparently fictitious name "Dave Bridger," including:

* Providing "250 free proxies every day to (Hawke's) affiliates" and offering to "pay them $20 per sale for Pinacle, an herbal penis enlarger"
* Offering "bulk friendly hosting" on servers located in China, Latin America, or other foreign countries, so that mailers could "point your domains to our server if it helps you get into specific domains like AOL"
* Selling millions of AOL addresses, and "cracked" bulk mailer programs

AOL v. John Does 1-40

AOL's Complaints alleges: From at least November 2003 to the present, unknown John Doe Defendants have transmitted millions of spam messages to AOL Members advertising numerous websites selling a variety of products, including mortgage leads, adult-content websites and business opportunities. The messages are transmitted through fraudulent means to make it difficult to determine the identity of those responsible, and contain misleading subject lines, including the completely false claim in some that the spam message is an "important message from AOL." The John Doe Defendants also used other deceptive tactics in an attempt to evade AOL's spam filters, including random text in the body of their messages. AOL has already tied more than half a million Member complaints to these Defendants (and is still counting complaints attributable to them). On some days, complaints about these spammers constituted as many as 10% of all AOL Member complaints about spam.

EarthLink

EarthLink v. John Does 1-25 (The "Prescription Drug Spammers"); John Does 26-35 (The "Mortgage Lead Spammers"); John Does 36-45 (The "Cable Descrambler Spammers"); John Does 46-55 (The "University Diploma Spammers"); and John Does 56-65 (The "Get Rich Quick Spammers") and John Does 66 - 75, other spammers.

Since January 1, John Doe defendants 1 - 75 have been responsible for a substantial portion of the incoming spam on EarthLink's network, sending millions of spam emails to advertise Websites selling prescription drugs, mortgage leads, cable descramblers, university diplomas and get-rich-quick schemes. The defendants have hidden their identities with false domain-name registration information, falsified headers, fake "from" lines and misleading subject lines, violating the federal CAN SPAM Act, EarthLink's Acceptable Use Policy and other state and federal laws. Some of the defendants have used text randomizers to insert long passages of gibberish in messages in attempts to evade EarthLink's spam filters.

Fingerprint phrases and sample subject lines include: "Enjoy deep discount meds here," "G_eneric via-gra 60% cheap*r cowslip," "promote someone else's online business and cash in big," "make over $1000 per day," and "attention single mothers."

Microsoft

MICROSOFT CORPORATION v. JDO MEDIA, INC., a Florida Corporation, and JOHN DOES 1-50 (United States District Court, Western District of Washington)

This lawsuit charges JDO Media, Inc. ("JDO"), a Florida company, and other unknown defendants, with operating an automated multi-level marketing ("MLM") program that is advertised through spam, and that instructs its members on how to generate leads for the program, or for other products, through spam. The lawsuit alleges that Hotmail subscribers have been barraged by millions of illegal emails touting this program.

The lawsuit alleges that the spam used to promote the program is intentionally routed through open proxies, contains header information that is false and misleading, and uses other obfuscatory methods to disguise the senders' identities. This lawsuit also charges that the email advertising the program contains misleading subject lines such as "This is your lucky day", "Elite, Professional Invitation", and "Warning!!! These three minutes could change your life". Many of these email messages are sent with "high priority." These deficiencies are all alleged to be in violation of the federal CAN-SPAM Act.

Alleged CAN-SPAM Violations

-- falsified from email addresses and transmission paths
-- use of open proxies
-- deceptive subject lines
-- no physical address on some of the messages

MICROSOFT CORPORATION v. JOHN DOES 1-50, d/b/a Super Viagra Group (United States District Court, Western District of Washington)

This lawsuit alleges that the Super Viagra Group has sent hundreds of millions of illegal e-mail messages to Hotmail subscribers advertising either "Super Viagra" or a weight loss patch. The e-mailing practices of this spam group are sophisticated, and are alleged to be in violation of the federal CAN-SPAM Act and other state and federal law.

The lawsuit contends that the Super Viagra Group routes its e-mail messages through open proxies and hijacked computers in countries around the world, uses misleading transmission information and subject lines, and take other actions to disguise their true identities. The lawsuit identifies almost forty different domain names where, allegedly, the Super Viagra Group's products can be purchased. The identified domains are registered to individuals in Argentina, Turkey, Russia, South Africa, South Korea, Lithuania, and India.

Alleged CAN-SPAM Violations

-- open proxies for some or all emails
-- falsified from email addresses on most or all emails
-- deceptive subject lines on some emails
-- no physical address on most emails
-- no electronic unsubscribe option on some emails

Yahoo! Inc.

Yahoo! Inc. vs. Eric Head, Matthew Head and Barry Head, and their companies Gold Disk Canada, Inc., Head Programming, Inc., and Infinite Technologies Worldwide, Inc. collectively known as "The Head Operation."

Alleged Spam Activity:

Defendants were on Yahoo! Mail's "Most Wanted" spammer list for allegedly sending millions of spam messages. In January 2004, Yahoo! Mail received approximately 94 million total e-mails from The Head Operation.

* Disguised Identity: The use of open proxies from countries all over the world to disguise the origin of the messages.
* Unsolicited Commercial Messages: Messages consisted of solicitations for life insurance, mortgage and debt consolidation and travel services.
* Deceptive Subject lines: Messages included misleading subject lines, including "past due account."
* Sold Personal Data: Defendants allegedly collected personal information, such as the names and e-mail addresses of Yahoo! Mail users who responded to the defendants' spam solicitations, and sold the information as "leads" to marketers.
* False Domains: The domain names for the websites promoted in the messages were falsely registered to individuals with physical addresses in China.
* Font Tricks: The defendants used color font tricks to hide randomized text in an attempt to circumvent the SpamGuard filter.

EFF suing FCC over the Broadcast Flag

Link via Boing Boing

from The EFF:

The Electronic Frontier Foundation (EFF) joined five library associations, Public Knowledge, the Consumer Federation of America, and the Consumers Union in suing the Federal Communications Commission (FCC) last week to block overbroad regulation of next-generation televisions and related devices.

"The FCC's digital broadcast television mandate is a step in the wrong direction because it would make digital television cost more and do less, undermining innovation, fair use, and competition," said EFF Senior Intellectual Property Attorney Fred von Lohmann, "The FCC overstepped its bounds, unduly restricting consumers and manufacturers when it issued its broadcast flag ruling."

The Federal Communications Commission (FCC) ruled on November 4, 2003, that consumer devices capable of receiving broadcast digital television (DTV) signals must implement content control technologies demanded by the entertainment industry to restrict consumer uses of digital television. Left unchallenged, the "broadcast flag" mandate would go into effect by July 1, 2005.

The lawsuit, called ALA v. FCC, was filed in the Court of Appeals in Washington, D.C., and charges that the FCC exceeded its jurisdiction, acted in an arbitrary and capricious manner, and failed to point to substantial evidence in adopting a broadcast flag mandate.

The FCC has asked the court to put the lawsuit on hold, pending the FCC's decision on petitions to reconsider the broadcast flag mandate, although all of the petitions address unrelated matters. The coalition of organizations opposed in court the FCC's attempt to postpone the lawsuit.

First CAN-SPAM Lawsuit Filed

A California Internet service provider is putting the federal Can-Spam Act to its first test, two months after the law passed, by filing a lawsuit against the owner of home-improvement website BobVila.com.

Hypertouch, based in Foster City, California, filed the suit on Thursday claiming the owner of BobVila.com and its marketing affiliate BlueStream Media violated provisions of the Can-Spam Act by sending out e-mail advertisements containing missing contact information. The suit claims that BlueStream Media forged the header information that can help e-mail recipients identify where a message originated.

Under the Can-Spam Act, which is the United States' first nationwide attempt at reducing the amount of spam clogging the Internet, all e-mail advertisements must contain valid headers and contact information.

Wired.com link via /.

Follow the Money?

If you believe the memo the Open Source Initiative has posted is true, SCO has accepted around $100 million from Microsoft to fight their "anti-Linux" campaign. We've heard the rumors for months that Micro$oft is funding the SCO battles, but, if this memo is real, we see just how much money Micro$oft is pouring into this battle.

[...] I realize the last negotiations are not as much fun, but Microsoft will have brough in $86 million for us including Baystar. The next deal we should be able to get from $16-20, but it will be brutial as it is for go to makerket work and some licences. I know we can do this , if everyone stays on board and still wants to do a deal. I just want to get this deal and move away from corp dev and out into the marketing andfield dollars....In this market we can get $3-5 million in incremental deals and not have to go through the gauntlet which will get tougher next week with the SR VP's.

This is the smoking gun. We now know that Microsoft raised at least $86 million for SCO, but according to the SCO conference call this morning (03 Mar 2004) their cash reserves were $68.5 million. If not for Microsoft, SCO would be at least $15 million in debt today.

The "$16 to $20" is almost certainly $16 to $20 million, and since this memo is five months old that deal is almost certainly completed by now. This means it's possible SCO has burned through as much as $30 million in just a year of barratry.

The part that starts I just want is interesting, too. It looks as though Anderer is talking about shopping for a wealthier patron group within Microsoft's corporate hierarchy; SCO has been taking money from Microsoft corp dev (probably corporate development) but the gauntlet of Microsoft's senior vice-presidents is about to make that more difficult. He thinks they can get more money from marketing and field dollars, whatever that is (later paragraphs suggest it's a different group within Microsoft).

We should line up some small acquisitions here to jump start this if we
do it. We shoudl also do this ASAP. Microsoft also indicated there was
a lot more money out there and they would clearly rather use Baystar
"like" entities to help us get signifigantly more money if we want to
grow further or do acquisitions

In other words, Microsoft wanted to funnel its anti-Linux payoff through third parties. Maybe in case the antitrust guys at the Department of Justice happen not to be asleep at the switch?

The bit about acquisitions seems more ominous when you remember that Caldera/SCO has a long history of lawsuits over obsolete technologies stripped out of dead companies - starting with DR-DOS from Digital Research and continuing through USL's System V into the present with the IBM lawsuit.

[...]

Link to OSI via MeFi

Verisign files lawsuit against ICANN

You might remember the bruhaha last fall when VeriSign turned on it's "Site Finder" service. Basically, site finder was a system to return IP addresses that point back to VeriSign's servers for domains that don't exist. VeriSign was running an ad-supported commercial search engine. Internet Explorer does the same thing, presenting a search box from Microsoft when an address can't be resolved in a URL.

But, Internet Explorer doesn't break things such as mail delivery, or spam measures to block mail from domains that don't exist (more commonly known as "spoofed" return addresses).

from News.com (.com.com.com.com):

Mountain View, Calif.-based VeriSign on Thursday sued the Internet Corporation for Assigned Names and Numbers (ICANN) in federal court in Los Angeles, claiming it was unlawfully prevented from adding new features to the domain name database it has a contract to run. Last fall, ICANN ordered VeriSign to halt its Site Finder service, which redirected nonexistent domain names to the company's Web site and caused problems for some network administrators.

"ICANN has worked closely with VeriSign and the other registries for the past several years," the nonprofit group said in a statement Friday. "Therefore, ICANN is disappointed that VeriSign has again chosen confrontation over consensus."

VeriSign's lawsuit was filed just three days before the start of ICANN's meeting in Rome, which begins Sunday. It claims that ICANN has transformed itself over the last six years from a modest technical coordinating body into the "de facto regulator of the domain name system" and alleges breach of contract and antitrust violations. The lawsuit asks for an injunction against ICANN.

"We have still to receive any information saying that Site Finder was going to be a threat to the stability or security of the Internet," Tom Galvin, VeriSign's vice president for government relations, said Thursday. Galvin said that the two organizations had been butting heads for years, and VeriSign eventually "realized our best option was to try to get some sort of clarity in the legal sense."

SCO to sue Linux user today

Link from Geek News Central:

[...] SCO has embroiled itself in legal disputes in the last year with IBM, Red Hat and Novell over whether or not Linux illegally contains Unix source code that is owned by SCO. SCO has threatened to sue Linux users in the past, and in May it sent letters to 1,500 large companies warning them that, unless they purchased software licenses from SCO, they could be liable for legal action.

SCO claimed in November to be 90 days away from launching a lawsuit against an end user, but the deadline passed recently without a suit having been filed. However, SCO is now ready to proceed with litigation against a single Linux customer, McBride said in an interview Monday.

After consulting with its law firm, Boies, Schiller and Flexner, SCO has narrowed down its list of possible targets to a "handful" of the world's 1,000 largest corporations, McBride said. "We're going to file it tomorrow. It's sort of come down to a couple of complaints we have prepared," he said.

McBride declined to offer more details other than to say that the companies being considered were neither Internet Service Providers nor technology companies and that they all had recognizable names. [...]

UPDATE: SCO announced today (03/03/2004) that the target of the lawsuit is AutoZone. From CBS Market Watch:

SAN FRANCISCO (CBS.MW) - SCO Group's shares fell as much as 12 percent Wednesday after the software company posted a bigger first-quarter loss and sued AutoZone for copyright violation by using the Linux operating system.

SCO fell $1.40 to $10.84 in early trading in the wake of the company's double-barreled announcements. On Wednesday, SCO said it was suing AutoZone for running versions of Linux that contain operation codes and structures used in SCO's proprietary Unix operating system. SCO said it would seek "injunctive relief against AutoZone's further use or copying of any part of SCO's copyrighted materials and also requests damages" in the suit filed in the U.S. District Court in Nevada.

The AutoZone suit is the latest chapter in SCO's ongoing fight to rein in what it believes is its right to revenue from the open-source Linux operating system. Linux is based on elements of Unix, and SCO holds the rights to some of the copyrights behind the operating system used in many enterprise computer servers. [...]

spammers set up phony "Do not spam" site

from Leo Laporte's Two Shows Nightly:

Spammers have set up a phony "Do Not Spam" site and are placing it at the bottom of their emails. The site, unsub.us, harvests addresses for future spam campaigns. Now more than ever, do NOT click the "Remove me" links in spam. In fact, don't open spam at all - it just signals your presence. Delete spam - don't read it.

YAWF (Yet Another Windows Flaw)

Yahoo! has a story about Microsoft's announcement today that a "critical flaw" exists in most versions of Windows that could allow attackers to run malicious programs on your PC.

In its monthly security bulletin, the world's largest software maker warned that Windows NT, Windows 2000, Windows XP and Windows Server 2003 were at risk and offered software updates to fix the flaws, which were given Microsoft's highest severity rating of "critical."

"It does affect all (current) versions of Windows," said Stephen Toulouse, security program manager for Microsoft's Security Response Center. "We're not aware of anyone affected by this at this time."

Marc Maiffret, co-founder of eEye Digital Security, the company that discovered the flaw, criticized Microsoft for taking more than six months to come up with a patch to fix the problem, particularly since the flaw allows an attacker multiple ways to break into a system and could do almost anything they wanted to the system.

"We contacted Microsoft about these vulnerabilities 200 days ago, which is insane," he said. "Even the most secure Windows networks are going to be vulnerable to this flaw, which is very unique."

Firebird...errr...Firefox 0.8 released

Mozilla Firebird Firefox 0.8 has been released. Yes, another name change.

* Easier Downloading * Installern (for Windows) * Pinstripe Theme (for Mac OSX) * Extension UI * Better Bookmarks * DOM Inspector

Get your copy here

Are you running Mozilla?

Are you running Mozilla of some form or fashion? If so, type this in your location bar at the top:
about:mozilla

And the beast shall be made legion. Its numbers shall be increased a thousand thousand fold. The din of a million keyboards like unto a great storm shall cover the earth, and the followers of Mammon shall tremble. from The Book of Mozilla, 3:31 (Red Letter Edition)

username:password URLs disabled in Internet Exploder

MeFi points us to Microsoft Security Bulletin MS04-004 and notes that the security patch for IE Microsoft released on February 02, 2004 disables the ability to use username:password in URLs.

from Microsoft:

This Internet Explorer cumulative update also includes a change to the functionality of a Basic Authentication feature in Internet Explorer. The update removes support for handling user names and passwords in HTTP and HTTP with Secure Sockets Layer (SSL) or HTTPS URLs in Microsoft Internet Explorer. The following URL syntax is no longer supported in Internet Explorer or Windows Explorer after you install this software update:

http(s)://username:password@server/resource.ext

more RealPlayer BS

again from Boing Boing (Car Talk dumps Real for WMP)

Car Talk will now be available via the Windows Media Player, rather than RealMedia. That's right, we're unceremoniously dumping RealMedia.

Why? Because, for a long time, we've had tons of complaints about RealNetworks. And the one that ticks us off the most is the perceived trickery they use to sell their premium products. This is just our opinion, mind you, but it's shared by enough of our listeners, that we finally decided to take action.

Here's the problem. In order to hear our audio, you have to go to Real.com and download their "free" RealPlayer. But when you get to the web site, the free player is harder to find than Osama Bin Laden at night. And the site seems to do everything it possibly can to get you to "buy" a player instead. You have to work very hard to get the free player. And we think that stinks. And get this. It stinks so much that it even makes Microsoft look good by comparison. That's something, huh?

tired of RealPlayer's popups and spyware? download the BBC version

Boing Boing has a piece about the BBC's special deal with Real Networks which disposes of their spyware tactics...

Basically, if a user clicks on a link to download Real Player from a BBC website, the referrer script sends them to a page where they can download an expiry-free, spyware-free and nuicance-free version of the player. It's because the BBC have such a stringent public service remit, that it was offensive to charge people a license fee for BBC content, then make them pay all over again for the facility to view/listen to it.

You can get the spyware/popup/adware free version here (on the BBC's website)

www.ftc.gov/secureyourserver

Does your proxy allow connections from untrusted networks like the Internet? Is there an open relay on your system? Are you using proper access controls for your server? Answer these questions incorrectly and the U.S. Federal Trade Commission would like to have a friendly word with you.

The agency, along with 38 of its counterparts in 26 countries, has -- coincidentally or not -- picked the week myDoom swept the Internet to roll out "Operation Secure Your Server." It is an international effort to reduce the flow of unsolicited commercial e-mail, aka spam.

[...]

It would be impossible to measure the success of the previous campaign, according to Heyder. "We sent out numerous letters and saw a lot of traffic on our Web site. We are assuming people who get this notice would want to address their vulnerabilities for their own sake."

For more information, go the FTC link: www.ftc.gov/secureyourserver.

Full Story on Yahoo!

CIO of Just Sports responds to SCO

link via Geek News Central:

It seems Just Sports received a letter from SCO to extort request licensing fees for SCO's yet-to-be-proven-in-a-court-of-law intellectual property claims of its code being included in Linux kernels.

Mr. Gavin M. Roy, CIO of Just Sports responds in this letter (Acrobat Reader required).

[...]

Our current understanding of your legal situation is that your organization has yet to prove your claims of SCO intelectual property being included in the GPL based Linux kernel software that SCO itself has distributed under the GPL.

[...]

Before you waste any more of my time or yours, please detail exact information such as the offending lines of code and the kernel version you contend this code is in. Alternatively if your organization agrees, we can re-address these issues after your current lawsuits regarding these issues are finalized.

New virus alert!

A new virus was discovered yesterday making the rounds. McAfee has now classified W32/Mydoom@mm as a "High Outbreak Risk worm.”

I mention this here simply because the virus spreads so rapidly and spews so many copies of itself through an infected computer that we are having a hard time keeping our mail servers up and running (yes, I work for an ISP).

Please, if you’re reading this and you’re running Windows, make sure your virus scanner definitions are up-to-date!

See this page at McAfee.com for more information.

A real alternative?

OK, I've kept Anil Dash's entry about an alternative to Real Player in my FeedOnFeeds stories for over a week now because, eventually, I want to try it out. I hate RealPlayer. It's slow, cumbersome, and those stupid ads (they call them "news") that pop up all the time annoy the living crap out of me.

I haven't tried it yet, but if you have, leave me a comment and tell me what you think.

Open up a can of spam

Today's requisite spam entry:

Wired News

In the two weeks since the Can-Spam Act, a U.S. law barring unscrupulous bulk e-mailing practices, took effect this year, providers of spam-filtering software say they're blocking more messages than ever. Spammers, they say, are either ignoring the law or pretending to comply with guidelines for legitimate e-mail marketing.

With the advent of Can-Spam, Jacob said spammers are also increasingly guilty of "faux compliance," exploiting a caveat in the law that permits unsolicited e-mails from legitimate marketers who allow recipients to opt out of future mailings. Unscrupulous junk mailers are pretending to go along with the guidelines by including false return addresses for opting out.

more on referral spam

My apologies for all the spam related stuff lately, but these low-life scum-sucking pigs irritate the living shit out of me. My mailbox is full all the time (over 800 since Jan 1) and now the fuckers want to use webspace and bandwidth that I pay for so that they make money. No, I don't think so. I don't list referrals on the front page of Clack, so, even if I weren't blocking all the referral spam that comes in, it would serve them absolutely no purpose.

There is an upside to all of this, though. After some help from Zack and Richard getting started, I've learned WAY more about regular expressions, apache, and htaccess than I ever thought I might want to know.

So, without further delays, the latest entry on what a friend and coworker of mine called the "spam blog":

it seems that Starprose is using a new agent string....

172.153.236.119 - - [13/Jan/2004:13:42:57 -0500] "HEAD /blogs/Clack/ HTTP/1.1" 200 0
"http://www.starprose.com/article46.html" "Referrer Advertising System"

it's blocked now on Clack.

Testing

Your TV as a spam relay

In a move that scares the crap out of me, Microsoft announced yesterday at the Consumer Electronics Show in Las Vegas that it has created "Media Center Extended." This software will allow your TV to access video, music and photos stored on other PCs on your LAN.

from Yahoo!

In his annual address at the Consumer Electronics Show in Las Vegas, Gates demonstrated his plan for "seamless computing" with products that connect to or synchronize with PC hardware or Microsoft software.

Gates said Microsoft will unveil products later this year that will allow TV viewers to access live and recorded TV programs, music files, digital photos and other media stored on their PCs.

"Ease of use can be better if the software does it right," Gates said. "These scenarios demand all of these advances work together."

Called Media Center Extender, the new software package will provide up to five televisions remote access to PCs running the company's Windows XP (news - web sites) Media Center Edition.

The software supports the copyright protection system known as digital rights management, so users can order media directly from Internet-based subscription services like Movielink via a TV, Gates said.

Gateway and Hewlett-Packard have already announced they will manufacture TVs with Media Center Extended software embeded in them, and HP, Gateway, Dell, and Samsung will offer set-top boxes.

Microsoft will also release an adapter kit for Xbox that will include the software, a DVD adapter and a remote control for less than $60 that will turn the Xbox into a "media adapter" for any TV.

Great, so now my TV will be susceptible to viruses, worms, trojans, and other security holes and will crash at least once a week. Spammers will take over your TV and force you to watch penis enlargement, viagra, and cheap mortgage commercials in the middle of your favorite TV shows. Oh, I just can't wait!

End of Life

As of January 16, 2004, support for Windows 98 ends. Windows 98 (and 98SE) becomes obsolete, unsupported, and (as far as Micro$oft is concerned, dead). Online "self-help" will continue to be available on their website until at least June 30, 2006, but there will be no more updates, no more bug fixes, and no more security patches for 98 or 98SE.

from /.

Via_Patrino writes "According to Microsoft on january 16, MS Windows 98 and 98se will end Extended Support Phase, that means they'll became obsolete and assisted support will no longer be available from Microsoft, affecting about 27% of the internet users. That means even if 98 is working well for your needs (and especially computer specifications) and you want to pay for support (because that might cost less than switching hardware) you can't, because who will be able to patch eventual new bugs (security related or not) besides Microsoft? So if you're not planning a switch it might be your last opportunity to update MS Windows 98, after that some software might disappear from MS website (just like MSIE 5.5 for 95 did)."

Microsoft "life expectancy" site

101 Ways to save the internet

Link over to Wired and see Paul Boutin's suggestions for 101 Ways to Save the Internet

1 Unleash vigilante justice on spammers One activist has proposed filters that launch distributed denial-of-service attacks back at spammers. Great. Just make sure we have the right addresses first.

6 Triple our cable modem speed First step: Just turn off the Golf Channel and UPN.

7 Demand truth in advertising for software updates C'mon, AOL 9.0 is really AOL 8.0 with the version number increased 1.0.

8 Declare spammers are terrorists And put Ashcroft, Ridge, and Rumsfeld on their tails.

15 Stop the US Patent Office before they patent the hyperlink Oops, too late.

Bluetooth GPS receiver

This is cool as sh*t! I bought a new GPS receiver this weekend to go along with my new ipaq 5555. Pharos makes it and its cool factor is unbelievable!

It has a rechargable battery and is bluetooth enabled. simply turn it on, set it on the dash, establish a bluetooth connection to my ipaq, and off I go. I've had a GPS receiver for a while, but it was corded and had to be plugged into the cigarette lighter and into the IPAQ.

This'll be great on those motorcycle rides through the country next year!

Retro games making a comeback

I found this article from Yahoo! interesting. Why you ask? Simple. I've had a "craving" for several weeks now to play Super Mario Brothers on a classic Nintendo Entertainment System. Not the N64, or the Gamecube; but the old, gray console, with controllers you can actually understand.

I've had such a craving, that, late last week, I bought one off ebay. It's on it's way, along with 6 controllers, two light-zapper guns, and thirty games.....I can't wait!

open source firm releases patch for IE spoofing flaw

Well, the dynamics of this are bound to get interesting.....seems that a Vaunatian company called Openwares.org has released a patch and the source code for the latest security flaw in Windows Internet Explorer.

By exploiting the flaw, a hacker can make a redirect url appear to be some other site in the address bar. The exploit is simple, and I'm amazed that nobody has found it before....

Tests for the exploit are on Openwares.org's page.

NOTE! I do NOT condone this patch or take responsibility for you and your computer if you install it. This post is presented for informational purposes only!

There is some discussion on openwares.org's forums about the patch being more easily exploited than the hole it fixes.

There's also some commentsthat the patch itself sends manipulated URLs back to a script at openwares.org.

The source code is available....download and judge for yourself, or, read this on slashdot.

Link via Boing Boing

woohoo! new toy today!

well, I did it. I broke down and bought a replacement for my aging and failing IPAQ 36xx series I bought right after I moved to Atlanta three years ago.

You're looking at (well, not really) the proud, new owner of a horribly expensive HP Ipaq 5555 Pocket PC!

Bluetooth, WiFi (802.11b), biometric fingerprint reader, 128MB of RAM, 400 MHz processor! Happy Christmas to me!

Now, I've just got to order a cable adapter (HP changed the interface between the old one and the new one) and I can use all my old sync cables and GPS receiver. Although, chances are, I'm going to buy a new Bluetooth GPS receiver soon.

spam breakdown

Just for fun, I thought I'd break down the 1345 (as of 10:08 pm EDT5EST 12/16/2003) spams that I've accumulated since 11/25/2003 (three weeks)

846 of the 882 caught by SpamAssassin (a couple of my email boxes don’t filter through SpamAssassin yet) were sent using an open proxy/relay to hide the spammer's identity
446 of them contain the word free
209 of them contain viagra in some shape or another
105 of them contain the word prescription
81 of them contain the word Microsoft
71 of them contain the word drug
45 of them contain the word meds
44 of them make direct reference to my male sexual organ
33 of them contain the word generic (as in “generic viagra”, or in Spammer’s vocabulary: “G3ner1c V.1.@.G.R.A”
32 of them contain the word levitra
27 of them contain the word casino
23 of them contain the word mortgage
22 of them have a subject line of hi
22 of them contain the word channel (as in cable devices)
14 of them contain the word paris (as in the hotel heir's sex tape)
3 of them have "fagott" in the subject line (notice the misspelling)

Showing the irony and nonsensical nature of it all, at least 31 of them are hawking spam control software. talk about putting yourself out of a job!

and, one of my favorites, showing just how f*cking stupid one of the spammers is:
5 of them contain in the subject line "%RND_UC_CHAR[2-8]" with those five email being received over a week and a half period from 12/01/2003 until 12/10/2003

If you’re not smart enough to make your spam software work, I seriously doubt you’re smart enough to
1) run a pharmacy
2) design and build illegal devices to attach to my cable
3) create a “banned government CD”

I’m working on more detailed, automated breakdown software that I’ll roll into place (hopefully) on 01/01/2004. Stay tuned!

new release of w.bloggar

Version 3.03.1065 of the wonderful blogging tool w.bloggar is out. This version fixes several bugs, updates the conversion table of special characters, and several other things.

The full changelog can be found here

Ho!

I don't play a lot of computer games. I did in my younger days (early to mid 90s), but now, I just don't care for all the running around, shoot this, kill that, blow that up, etc. It just all seems so mindless and a waste of time.

But, digging through my closet in the office the other day, I came across what is probably the greatest game ever made. It's simple to play, doesn't require huge amounts of hand-eye coordination, and gameplay isn't dependent on how fast you can move your mouse. It is, quite simply, a resource allocation game.

What's the game, you ask? Spaceward Ho! of course. I got addicted to this game back in the early 90's. One of my best friends, Kent Hawk, and I used to stay late at the company we worked for, and play it networked on a couple of Mac Classics until the wee hours of the morning.

When Ho! 2.0 came out, you could also get a Windoze version. I was in heaven! I lost countless hours of my life playing this game and listening to it say Yaaaah! when sending a ship to another planet.

Finding that software the other day brought back all the fun that I had playing this game. I installed version 2.0 (which was written for Windoze 3.0 or higher) on my installation of Windoze XP Pro. It installed, even created the program group icons, and started up. Oh, excitement! I made my moves, then clicked the "End Turn" button. CRASH! General Protection Fault. Hmmm, not too surprised considering this is XP, after all.

Visiting Delta Tao's web site, I found out that now, version 4.0 is out for windoze. Paid them another $24.95 for V 4.0, downloaded it, installed it, and listened to the computer player (Timmer) curse me over and over as I systematically annihilated him from the galaxy! Oh, the fun of a truly classic computer game.

The dissection of spamware

The following link to an article appearing in SecurityFocus is an incredibly detailed account of one administrator discovering a machine being used as a spam spewer. David Barroso Berrueta details in intricate detail how the spewage was discovered, and his analysis of how it works. Incredibly interesting read for you techies out there: The Rise of the Spammers

via Boing Boing

Turning off your SSID in a Wireless LAN is actually bad for security and performance

link via Boing Boing

link directly to article: 129k PDF

The SSID is present in the following 802.11 management messages: BEACONs PROBE Requests PROBE Responses ASSOCIATION Requests REASSOCIATION Requests

This presence in management messages, or frames, is an oft-overlooked detail of the IEEE 802.11 specification that is critical to debunking the myth of SSID hiding. Management messages are always sent in the clear, even when link encryption (WEP or WPA) is used, so the SSID is visible to anyone who can intercept these frames

...

Linux system update caused me some headaches

Well, since reading yesterday about the new kernel exploit that was found, even though I'm behind a firewall, restrict all incoming connections to a non-standard ssh port, and require all access to any of the machines at home to be tunneled through an ssh connection (that requires the correct ssh key to be installed, and that you know the password to that key), and the exploit is a local-only (ie, you must be logged into the unix machine to compromise it) I thought it was my civic duty to upgrade my two linux servers (one running SuSe 7.3, the other running SuSe 8.0).

The 7.3 box hadn't been updated in 522 days! :-)

The upgrades went smoothly, and I noticed nothing broken (until today). I run Feed on Feeds as a server side RSS feed aggregator. When I logged on to catch up on all the feeds that I read on a daily basis, stuff was all over the place. regardless of the feed I clicked on to read the updated items, I saw ALL feeds that had been aggregated up to that point.

After going through the usual contortions (dropping the tables, clearing the magpie cache, dropping the mysql database, etc), I remembered that during the install of feedonfeeds, I had updated the PHP version installed. Seems the update reinstalled the old (patched) version of PHP, and of course, that didn't work (or I wouldn't have updated it to begin with).

A couple of ln -s commands, and restarting apache, and everything was working again (albeit, without all my historical aggregated feeds). Fortunately, before I dropped the database in mysql, I used the "subscription list as opml" link on the panel in feed on feeds to save my subscription list.

Sidenote: I've never been able to get feedonfeeds to subscribe me to the slashdot feed. It looks like it's working, then just stops. I figured that as long as I was working on it, I'd upgrade the magpierss libs while I as at it. Feedonfeeds ships with magpierss-0.5, and the latest is magpierss-0.5.2. Simple upgrade...copy the magpie files, update init.php in feedonfeeds to "require" the new magpie files. And now, yippee, the subscription to slashdot is working like a champ!

Spam counter to be added

This is gonna be fun! Congress is passing an anti-spam bill, but I'm betting that spam will continue to increase. So, as an exercise in my programming skills, and for shear amusement value, I'm going to be tracking the number of spam/UCE (Unsolicited Commercial Emails) I receive.

I'm going to begin working on the counter in the coming weeks and will reset it to zero beginning January 01, 2004. Let's see if the "CAN-SPAM" bill works. Anyone wanna place a little wager on it?

BTW, I'm copying an idea I saw over at The BradLands.

I don't know how he's doing it, but I've got some ideas of my own for tying this into my mail system at the house.