Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Comment Re:Perfect american corporate business practice (Score 4, Insightful) 231

But they didn't do anything illegal. They're basically just using their own download application that comes with extra stuff.

Yes, but Download.com still assures users that they will never bundle that "extra stuff". Their Adware & Spyware Notice says:

In your letters, user reviews, and polls, you told us bundled adware was unacceptable--no matter how harmless it might be. We want you to know what you're getting when you download from CNET Download.com, and no other download site can promise that.

Also, they make it look like a download link for the real installer (which it used to be), and then the user gets this CNET crap. But they still used our name liberally in the trojan installer as if we were somehow responsible for or involved in this abomination. I've got screen shots on my Download.com fiasco page.

Also, this "apology" rings hollow because they aren't fixing the problem along with it. In particular:

1) He claims that bundling malware with Nmap was a “mistake on our part” and “we reviewed all open source files in our catalog to ensure none are being bundled.” Either that is a lie, or they are totally incompetent, because tons of open source software is still being bundled. You can read the comments below his post for many examples.

2) Even if they had removed the malware bundling from open source software, what about all of the other free (but not open source) Windows software out there? They shouldn't infect any 3rd party software with sketchy toolbars, search engine redirectors, etc.

3) At the same time that Sean sent the “apology” to users, he sent this very different note to developers. He says they are working on a new expanded version of the rogue installer and “initial feedback from developers on our new model has been very positive and we are excited to bring this to the broader community as soon as possible”. He tries to mollify developers by promising to give them a cut (“revenue share”) of the proceeds from infecting their users.

4) You no longer need to register and log in to get the small (non-trojan) “direct download” link, but the giant green download button still exposes users to malware.

5) The Download.Com Adware & Spyware Notice still says “every time you download software from Download.com, you can trust that we've tested it and found it to be adware-free.” How can they say that while they are still adding their own adware? At least they removed the statement from their trojan installer that it is “SAFE, TRUSTED, AND SPYWARE FREE”.

Submission + - Why Double-Spacing After Periods Isn't Wrong (heracliteanriver.com)

An anonymous reader writes: Over at Slate, Farhad Manjoo struck a nerve earlier this year with a vitriolic article attacking anyone who would dare to put two spaces after a period, a post with thousands of comments (and counting) and dozens of online responses. (http://www.slate.com/articles/technology/technology/2011/01/space_invaders.html) He blames the two-space rule on the history of typewriters and ignorance of a consensus among typographers that supposedly goes far back in history. But the recent linked blog post cites numerous sources showing that Manjoo and typographers don't know their own history. It turns out that single-spacing is the aberrant practice, only introduced because technology made people lazier, publishers wanted to save money, and typesetters became dumber. The creators of many historical typefaces still in use today are apparently rolling over in their graves over the current standard. (Note: Slashdot ran an Ask Slashdot story on the topic of spacing last year: http://ask.slashdot.org/story/10/08/04/161232/sentence-spacing-1-space-or-2)

Submission + - CNet / download.com trojaning OSS tools (seclists.org)

Zocalo writes: In a post to the Nmap Hackers list Nmap author, Fyodor, accuses C|Net / download.com of wrapping a trojan installer (as detected by various AV applications when submitted to VirusTotal) around software including Nmap and VLC Media Player. The C|Net installer bundles a toolbar, changes browser settings and, potentially, performs other shenanigans — all under the logo of the application the user thought they might have been downloading. Apparently, this isn't the first time they have done this, either.

Fyodor's on the lookout for a good copyright lawyer, if anyone has one to spare.

The Internet

Nmap Developers Release a Picture of the Web 125

iago-vL writes "The Nmap Project recently posted an awesome visualization of the top million site icons (favicons) on the Web, sized by relative popularity of sites. This project used the Nmap Scripting Engine, which is capable of performing discovery, vulnerability detection, and anything else you can imagine with lightning speed. We saw last month how an Nmap developer downloaded 170 million Facebook names, and this month it's a million favicons; I wonder what they'll do next?"
Cellphones

Review of HTC Desire As Alternative To iPhone 544

Andrew Smith writes "My search for an alternative to the iPhone has been long and frustrating. On paper, the HTC Desire is the first serious challenger to the iPhone's reign as king of phones. But how does it compare in use? There is much good and much bad. (This review is primarily for UK readers as HTC's new handset, the Incredible, will not be available [in the UK].)"

Comment New Nmap 5.30BETA1 Release (Score 5, Informative) 55

We just today released Nmap 5.30BETA1, which contains the version detection signature described in this post for detecting the Energizer trojan. It also includes a detection and exploitation script for a major Mac OS X vulnerability which Nmap developer Patrik Karlsson found last month and Apple finally patched this morning. There are about 100 other changes as well, including 37 new NSE scripts. You can download it free here.

Pardon the Nmap promotion, but it seemed on-topic for the story.
Security

Submission + - Detecting critical Apple vulnerability with Nmap (cqure.net) 1

iago-vL writes: Patrik Karlsson, an Nmap developer, released a script today to detect a vulnerability in the Apple Filing Protocol (afp), CVS-2010-0533. This vulnerability is trivial to exploit and allows users to view files outside of public shares. He describes this vulnerability, which he discovered inadvertently while working on the Nmap Scripting Engine (NSE), as "strikingly similar to the famous Windows SMB filesharing vulnerability from 1995." Instructions on how to detect vulnerable systems using Nmap can be found in the post linked above.
Programming

What Does Everyone Use For Task/Project Tracking? 428

JerBear0 writes "I work as the sole IT employee at a company of about 50 people. I handle programming, support, pretty much anything that is IT related, or even that plugs in. As seems to be true with many small companies, the priorities seem to shift quite frequently. As a result, I've always got multiple programming (both new systems and improvements/changes to existing systems), integration, research, maintenance tasks/projects on my To Do list, in varying stages of completion. At any given time, I need to be able to jump back to one of these items and pick up where I left off. I am currently using Outlook Tasks, and then end up referencing my notebook and email for those dates to figure out exactly where I left off. It works, but not well. If it's been a while, I'll end up losing an hour or two just tracking everything down. I looked at using MS Project / OpenProj, but they want an individual file for each project, and I want at least the project/task list all on one screen. Essentially what I'd want would be a Task List on steroids, allowing for hierarchical subtasks, attachments, and prioritization. Ideally it would be a desktop app, but a locally-hostable web app would be okay. In some of these projects I may want to include proprietary information, which I really don't want floating out in the cloud outside of my control. I know I'm not alone in this problem, so what do you guys (gals) use to address this?"
Input Devices

How To Enter Equations Quickly In Class? 823

AdmiralXyz writes "I'm a university student, and I like to take notes on my (non-tablet) computer whenever possible, so it's easier to sort, categorize, and search through them later. Trouble is, I'm going into higher and higher math classes, and typing "f_X(x) = integral(-infinity, infinity, f(x,y) dy)" just isn't cutting it anymore: I need a way to get real-looking equations into my notes. I'm not particular about the details, the only requirement is that I need to keep up with the lecture, so it has to be fast, fast, fast. Straight LaTeX is way too slow, and Microsoft's Equation Editor isn't even worth mentioning. The platform is not a concern (I'm on a MacBook Pro and can run either Windows or Ubuntu in a virtual box if need be), but the less of a hit to battery life, the better. I've looked at several dedicated equation editing programs, but none of them, or their reviews, make any mention of speed. I've even thought about investing in a low-end Wacom tablet (does anyone know if there are ultra-cheap graphics tablets designed for non-artists?), but I figured I'd see if anyone at Slashdot has a better solution."
Space

Giant Ribbon Discovered At Edge of Solar System 251

beadwindow writes "NASA's IBEX (Interstellar Boundary Explorer) spacecraft has made the first all-sky maps of the heliosphere and the results have taken researchers by surprise. The maps are bisected by a bright, winding ribbon of unknown origin: 'This is a shocking new result,' says IBEX principal investigator Dave McComas of the Southwest Research Institute. 'We had no idea this ribbon existed — or what has created it. Our previous ideas about the outer heliosphere are going to have to be revised.' Another NASA scientist notes, '"This ribbon winds between the two Voyager spacecraft and was not observed by either of them.'"
Privacy

Did Chicago Lose Olympic Bid Due To US Passport Control? 1040

An anonymous reader writes "Yesterday, Chicago lost its bid for the 2016 Olympics (which went to Rio de Janeiro instead), and it's looking very likely that US border procedures were one of the main factors which knocked Chicago out of the race: 'Among the toughest questions posed to the Chicago bid team this week in Copenhagen was one that raised the issue of what kind of welcome foreigners would get from airport officials when they arrived in this country to attend the Games. Syed Shahid Ali, an I.O.C. member from Pakistan, in the question-and-answer session following Chicago's official presentation, pointed out that entering the United States can be "a rather harrowing experience." ... The exchange underscores what tourism officials here have been saying for years about the sometimes rigorous entry process for foreigners, which they see as a deterrent to tourism.'"
Earth

Laughing Gas Is Major Threat To Ozone Layer 306

Hugh Pickens writes "The Christian Science Monitor reports that according to new research, nitrous oxide, the colorless, sweet-smelling gas with a long history as a medical and dental anesthetic is the next big threat to Earth's protective ozone layer. Its role in destroying ozone has long been recognized, as well as its role as a heat-trapping greenhouse gas but the new study puts nitrous oxide's ability to deplete ozone into numbers comparable to those used for other ozone-depleting gases covered by the 1987 Montreal Protocol. The researchers note that the health of the ozone layer has been improving since the adoption of the protocol and that nitrous oxide looms large today as an artificial destroyer of the ozone layer, in part because the emissions of other harmful chemicals have been so sharply reduced." (Continues.)

Highly-Paid Developers As ScrumMasters? 434

An anonymous reader writes 'At my company, our mis-implementation of Agile includes the employment of some of our most highly-paid, principal engineers as ScrumMasters. This has effectively resulted in a loss of those engineering functions as these engineers now dedicate their time to ScrumMastery. Furthermore, the ScrumMasters either cannot or do not separate their roles as Team Leads with those of ScrumMastery and — worse — seem to be completely unaware that this poor implementation of Agile development is harmful to our velocity. To date, I have chalked this up to poor leadership, a general lack of understanding of Agile, and an inability to change from traditional roles left over from the waterfall development mode. In addition, I have contended that, for a given Scrum Team, the role of ScrumMaster should be filled by someone of lower impact, such as an intern brought in specifically for that purpose. But I would like to put the questions to Slashdotters as to whether they have seen these same transitional difficulties, what the results have been at their respective companies, or whether they just plain disagree with my assertion that principal engineers should not be relegated to the roles of ScrumMasters.'
Cellphones

Nokia Releases Linux Handset 484

galaxy writes "Nokia releases their first Linux mobile handset, the N900 The handset is based on the latest release of Maemo, the Nokia mobile Linux platform, and includes e.g. GSM and 3G access (with HSPA, giving datarates of up to 10Mbps downlink and 2Mbps uplink on suitable networks), WLAN, Bluetooth, camera, assisted GPS and, most importantly, a touchscreen complemented by a hardware QWERTY under a slider. The beast is powered by an ARM Cortex-A8 processor at 600 MHz, has PowerVR SGX with OpenGL ES 2.0 support, 32GB internal memory etc."

Slashdot Top Deals

The person who makes no mistakes does not usually make anything.

Working...