Slashdot

Futurepower(R) writes "The Los Angeles Times reports that the U.S. House of Representatives on Tuesday voted 238 to 180 to send Kucinich's impeachment article — for Bush's reasoning in taking the country to war in Iraq — to the Judiciary Committee...

But they don't intend to actually impeach Bush, the article says."
http://www.latimes.com/news/politics/la-na-impeach16-2008jul16,0,1728141.story

Futurepower(R) writes "The New York Times has a story about a free service that tests if your server is working: Down for everyone or just me.com"
http://www.downforeveryoneorjustme.com/

Futurepower(R) writes "TrueCrypt developers have complained to a Microsoft representative about Microsoft's secret disk encryption API. They say that, if they don't get satisfaction, they will file a complaint with the European Commission. These are the relevant paragraphs:

"As Microsoft does not provide any API for handling hibernation, all non-Microsoft developers of disk encryption software are forced to modify undocumented components of Windows in order to allow users to encrypt hibernation files. Therefore, no disk encryption software (except for Microsoft's BitLocker) can guarantee that hibernation files will always be encrypted. At anytime, Microsoft can arbitrarily modify components of Windows (using the auto-update feature of Windows) that are not publicly documented or accessible via a public API. Any such change, or the use of an untypical or custom storage device driver, may cause any non-Microsoft disk encryption software to fail to encrypt the hibernation file. We plan to file a complaint with Microsoft (and if rejected, with the European Commission) about this issue, also due to the fact that Microsoft's disk encryption software, BitLocker, is not disadvantaged by this."

"[Update 2008-04-02: Although we have not filed any complaint with Microsoft yet, we were contacted (on March 27) by Scott Field, a lead Architect in the Windows Client Operating System Division at Microsoft, who stated that he would like to investigate our requirements and look at possible solutions. We responded on March 31 providing details of the issues and suggested solutions.]"

Truecrypt is free and open source. Many people think that encryption software must be open source because of the need to guard against hidden behavior. Truecrypt provides file encryption, full partition encryption, including encrypting boot partitions, and even hidden encryption."

Futurepower(R) writes "We need a bank that can handle accounts in U.S. dollars, Euros, and the Brazilian Real. We need to write checks in those currencies and use ATM cards to withdraw local currency in Europe and Brazil. We need to transfer between the U.S. dollar and the Euro and Brazilian currency without a big penalty. We've done a lot of research, and found only accounts with excessive fees or very limiting restrictions. Does anyone at Slashdot have advice?"

I'm no Microsoft apologist, but I do think the unbridled hate that pervades /.'s reaction to every single Windows article is a bit out of hand. Maybe this will help stem the tide of Vista-bashing. Sure, Vista kinda sucks, but all Windows versions kinda suck. I think most people who are ripping on Vista for being the operating system anti-christ are forgetting how badly XP sucked pre-SP1, and even pre-SP2. 7 years ago, the chorus of "OH MY GOD XP IS SO MUCH WORSE THAN 2000! THERE'S NO NEED TO UPGRADE!" in every XP article's comments were eerily similar to the ones you hear now every time Vista gets a mention. Vista's maturing, and as it does it'll become a better operating system, and everyone will benefit, even if they don't use Vista. Microsoft still competes largely on the basis of being a de facto standard. Vista's release has caused them to lose this edge somewhat, and the window has opened for their competition, who compete mostly on features, to get a little lazy (Leopard, anyone?). Microsoft competing more vigorously on their stale plank, assuming they don't magically find traction they've been unable to find for years, can't do anything but help the products on the market. Okay, now it's time to cue the million responses calling me a Microsoft shill. Suggested topics: "There really was no reason to upgrade from 2k to XP, I still use 2k just fine," "Vista is beyond repair because of DRM," and "Vista is way more broken than Leopard, how dare you rip on OS X."

It may be paranoia, but I am considering that given the welcome that Vista has received, Microsoft had no choice but to do this. Producing two OSs that compete with one another is insanity... especially when the product that's winning is not the latest one.

So the solution is fairly obvious - if you can't improve Vista, you can make XP worse. That way, people know they're going to be dissatisfied with your product from the get-go, but at least they'll buy the latest one.

Futurepower(R) writes "This New York Times graphic summarizes the use of oil: Burning through oil."
http://graphics8.nytimes.com/images/2008/04/20/weekinreview/oilgraphic1-900x1572-2.jpg

Futurepower(R) writes "Winifred Mitchell Baker has given up her position as CEO of Mozilla.

Firefox is now partly a profit-making effort. There has been considerable discussion about the possibility of Firefox issuing stock and becoming a public corporation. Firefox made a profit of $47,000,000 on revenues of $67,000,000 in 2006, an enormous profit.

Firefox makes money when people use it to visit ads. It seems likely that a profit-making Firefox would eventually prevent add-ons like AdBlock Plus that stop the display of ads which many users find annoying."
http://www.macworld.com/article/131460/2008/01/mozilla.html

Futurepower(R) writes "We have found that providing security is our biggest expense in using Windows, much more than the cost of buying Windows.

Can you recommend a software firewall for Windows? We need outbound leak protection. (Windows firewall does not provide leak protection.) When one program tries to use another, we need notification of the names and locations of both programs. We would like email notification of intrusion attempts.

We know about the Matousec firewall tests, but those are only leak tests.

Recent versions of the software firewall we have been using have been slowing some computers to a crawl, interfering with our backup software, randomly blocking our remote access software, and stealing focus when it does automatic updates at times that cannot be controlled. (We use a hardware firewall, too, of course, and limit user rights.)"

Futurepower(R) writes "Sun fixed 11 'highly critical' vulnerabilities in Java. Secunia lists the vulnerabilities as "highly critical, security bypass".

Remember that Java Runtime Environment 6.0 breaks some Java applications, such as Freemind. Those applications may need JRE 5.0 Update 13."

Futurepower(R) writes "The internet Streisand effect assured many more will see the Move-On.org ad that the U.S. Senate voted 72 to 25 to condemn. The reaction ranged from strongly negative toward MoveOn.org to strongly positive."

Futurepower(R) writes "The story copied below at the bottom may be in error. It is possible that I may have visited the Windows Update web site on the date and time in question, where the files could have been copied as part of the update process. When I submitted the story, I made a mistake about the time; it was PM, not AM. Some people are reporting that the files are installed as a part of a visit to Windows Update, and not in a hidden way.

See http://yro.slashdot.org/comments.pl?sid=296677&cid=20587273

There is an issue of Microsoft breaking applications with updates. See http://yro.slashdot.org/comments.pl?sid=296677&cid=20589299

It is interesting that the files in question bear a creation date and time that is the same as the date and time of their installation, showing that the files were generated specifically for that computer:

Directory of c:\Winnt\System32\SoftwareDistribution\Setup\ServiceStartup

08/27/2007 03:38 PM <DIR> wups.dll
08/27/2007 03:38 PM <DIR> wups2.dll

It would be interesting if someone would investigate further and verify the facts.

_____________________________

Your Rights Online: Microsoft Installs New Software Without Permission
Posted by kdawson on 06:20 AM — Thursday September 13 2007
from the slipperiest-of-slopes dept. [ Microsoft ]

Futurepower(R) writes "Even though I have Automatic Updates turned off, on August 28, 2007, between 3:49 and 3:51 AM PDT, Microsoft installed new files on my Windows XP computer." Nine files are updated on Vista and on XP SP1, a different set of on each, relating to Windows Update itself. Microsoft-watch.com's Joe Wilcox and ZDnet's Adrian Kingsley-Hughes confirm the stealth update.

_____________________________"

Even though I have Automatic Updates turned off, on August 28, 2007, between 3:49 and 3:51 AM PDT, Microsoft installed new files on my Windows XP computer. See the story on the Windows Secrets web site: Microsoft updates Windows without users' consent.

Futurepower(R) writes "A new report commissioned by the Florida Department of State says, 'A flaw in the optical scan software, for example, enables a hacker to introduce an unofficial memory card into an active terminal before the polls open, according to the report. "This memory card can be preprogrammed to redistribute votes cast for selected candidates on that terminal, including swapping the votes for two candidates," it states.'

Reading that quote from a technically knowledgeable university researcher in a TechNewsWorld article, you might think that changes will be made. But the non-technical press sometimes reports e-voting vulnerabilities very differently.

For example, in this Associated Press article in a business publication, the non-technical press accepts a response from a 'spokeswoman' that changes the subject to 'voting system reliability', which includes hardware and other failures that don't affect the vote count. Sample quote from an article titled, Voting Machine Companies Attack Review, 'Voting system reliability is something we're always working at improving,' said Michelle Shafer, a Sequoia spokeswoman. 'Security is never finished.'"

Kelson writes "A member of the Opera development team has responded to last week's article which criticized Opera for fixing critical security issues in December's 9.10 release, but not disclosing the existence of the vulnerability until three weeks later.

Sometimes it even happens that we do not mention issues in our changelogs even though we have fixed it — because we are waiting for other vendors to fix the same issue in their products.

It can happen that the severity of an exploit is upgraded by our internal security team at a later stage, since further analysis shows that the original severity was not accurate: our priority is to first fix the issue...

So what you have been seeing with the 9.10 release and the delayed announcement of two vulnerabilities is an unhappy coincidence of the release and the Christmas vacation.

"