The Champaign-Urbana Computer Users Group

The Status Register - September, 2003


This newsletter will never appear on CUCUG.ORG before the monthly CUCUG meeting it is intended to announce. This is in deference to actual CUCUG members. They get each edition hot off the presses. If you'd like to join our group, you can get the pertinent facts by looking in the "Information About CUCUG" page. If you'd care to look at prior editions of the newsletter, they may be found via the Status Register Newsletter page.
News     Common     PC     Mac     CUCUG

September 2003


To move quickly to an article of your choice, use the search feature of your reader or the hypertext directory above. Enjoy.

September News:

The September Meeting

The next CUCUG meeting will be held on our regular third Thursday of the month: Thursday, September 18th, at 7:00 pm, at the First Baptist Church of Champaign in Savoy. The Linux SIG convenes, of course, 45 minutes earlier, at 6:15 pm. Directions to the FBC-CS are at the end of this newsletter.

The September 18 gathering will be one of our split SIG meetings. The Linux SIG will be examining WebDAV: "Web-based Distributed Authoring and Versioning". The Macintosh SIG is still a mystery. The PC SIG will have Richard Rollins presenting the video editing program Studio 8.

ToC

Welcome New Members

We'd like to welcome the newest members of our group, joining us in the last month: Alan Singleton (Windows PC Desktop).

We'd also like to thank renewing member Debra J. Smith.

We welcome any kind of input or feedback from members. Run across an interesting item or tidbit on the net? Just send the link to the editor. Have an article or review you'd like to submit? Send it in. Have a comment? Email any officer you like. Involvement is the driving force of any user group. Welcome to the group.

ToC

CUCUG's Meeting Site Moves

Due to the sale of the ITC building, CUCUG found itself in need of a new place to hold our meetings. Luckily, President Richard Rollins has come through for us. CUCUG will be meeting at the First Baptist Church of Champaign in Savoy for the foreseeable future. The First Baptist Church of Champaign is located at the corner of Prospect and Burwash, just north of the Windsor of Savoy retirement community, or just west of the Savoy 16 movie complex. The address is actually 1602 N. Prospect Ave. in Savoy, but if you are coming out of Champaign, just go south on Prospect and you'll soon find it on your left.

Richard instructed me to tell you to go to the semi-circular drive up on the south east side of the building and use the double doors on that south east side, in the new edition. The parking lot is on the south side of the building. If you would like to go there "virtually" before you make the drive, you can check out their website at http://www.fbc-cs.org.

ToC

UI PC Users' Group Meeting Wednesday

From: "David L. Noreen" (d-noreen@UIUC.EDU)
Sender: UIUC IBM PC User Group (UI-PCUG@LISTSERV.UIUC.EDU)

The first Fall, 2003 meeting of the PC Users' Group will be on Wednesday, September 17th from 7-9pm in Room 2240 on the second floor of the UI's Digital Computer Lab. (Our usual meeting room on the first floor, Room 1310 DCL, has a class meeting in it this semester, hence the change of room to the second floor.)

We will have our usual group question and answer session/discussion.

Mark Zinzow will discuss recent major virus problems and give an overview on new Anti-Virus technology (e.g. Finjan). John Gilpin will also give a short presentation on the usefulness of Consumer Reports for PC users.

Before the meeting (from 5:45 pm to 6:45 pm) there will be an optional dinner at Garcia's Pizza on Green Street for anyone who may want to stop by and join us. Buy-one-get-one-free coupons for pizza slices will be available for the dinner, just as they have been for the dinners that were held before our recent Spring and Summer meetings. (If you have some extra time before the meeting, please consider stopping by and joining us; there's no particular agenda, it's just an additional opportunity to socialize and have dinner together.)

As always, our homepage:

http://www.uiuc.edu/ro/pcug/

has list management instructions, maps to the room and building, as well as a schedule of future meetings, officers, and links to other area groups.

ToC

FBI arrests MSBlast worm suspect

By David Becker and Matt Hines
Staff Writer, CNET News.com
August 29, 2003, 2:20 PM PT
URL: http://news.com.com/2100-1009-5070000.html

Federal law enforcement officials confirmed on Friday that they have arrested a suspect in the MSBlast worm attack that compromised hundreds of thousands of computers earlier this month.

U.S. Attorney John McKay of Seattle said 18-year-old Jeffrey Lee Parson of Minneapolis was arrested and charged with one count of intentionally damaging a protected computer.

Parson allegedly created MSBlast.B, a variation that differed from the original worm mainly in that two files had been renamed--one with Parson's screen name, "teekid"--and a couple of profane messages aimed at Microsoft and Bill Gates had been added. The B variant achieved only modest distribution in comparison to the original worm and the recent D variant.

McKay said the B variant was a significant part of the continuing spread of the so-called Blaster worm. "We believe he is a key and significant player in the Blaster worm problem and that his arrest is a significant step forward," McKay said during a news conference. "This was a significant attack not only against Microsoft but against thousands of home computer owners and business computer owners."

The MSBlast worm attacks computers that are equipped with Microsoft's Windows software via a flaw in some versions of the operating system. Microsoft had issued warnings about the dangers of the flaw on July 16. The worm, also known as W32/Blaster and W32.Lovsan, began spreading Aug. 11.

In the first 24 hours, MSBlast turned up on an estimated 120,000 computers around the world, despite what was seen as relatively crude programming. The worm was able to spread rapidly, because many home Windows users and corporate information technology departments had yet to implement a patch made available by Microsoft in July.

FBI agents arrested Parson at his home early Friday morning, McKay said, and he appeared before a judge in the U.S. District Court for Minnesota a few hours later. McKay said Parson was released under house arrest, with the condition that he not access the Internet. He faces possible penalties of 10 years in prison and $250,000 in fines if convicted.

McKay said federal authorities were continuing their investigation to identify other suspects in the MSBlast attack, including those responsible for creating the original worm.

The B variant infected at least 7,000 computers and caused damage to Microsoft computers that "significantly exceeds $5,000," according to the complaint. McKay disputed suggestions that the figures indicate Parson was a minor player in the overall Blaster problem, saying the complaint cites a deliberately limited estimate. "We're not prepared today to quantify what that harm is, but it's substantial," he said.

According to the complaint, FBI agents traced traffic the Blaster worm generated back to a Web site of a similar name to Parson's online alias. The site allegedly had source code for other worms, including one designed to spread via file-sharing networks.

Agents were able to trace the site back to Parson using a public database, according to the complaint. "I wouldn't characterize the work as being easy," McKay said, but "he obviously left clues."

Agents searched Parson's home last week, according to the complaint, seized seven computers and obtained a confession from Parson. "Parson admitted modifying the Blaster worm and creating the variant," according to the complaint. "Parson also admitted that he renamed the original 'MSBlast.exe' executable 'teekids.exe' after his online name 'teekid.'"

Neighbors interviewed by the Associated Press described Parson as a big kid who drove too fast, changed his hair color often and spent a lot of time on his computers. Neighbor Curtis Mackey said the allegations surprise him. "I didn't think he had the smarts for it myself," he told the news service. "The profile kind of fits. He kind of liked to be alone a lot."

Earlier this week, FBI Director Robert Mueller said his agency was working alongside the U.S. Department of Homeland Security and with state and local law enforcement offices to track down suspects.

Security software companies lauded the government's increased effort to bring virus writers to justice. Craig Schmugar, research engineer at Network Associates, said the FBI and other law enforcement groups have clearly been placing greater emphasis on pursuing hackers and other Internet criminals.

"This arrest sends a message to other people who might try to create new variants of existing viruses," Schmugar said. "This sort of thing isn't going to go unpunished anymore."

Schmugar said he was not surprised that the suspect is a teenager, as that would fit the industry profile of the average virus writer. According to demographics collected by Network Associates, virus activity tends to increase when school is in session and wane during the summer vacation months.

"But this was the summer from hell," Schmugar said.

ToC

Windows patches may become automatic

By Matthew Broersma
Special to CNET News.com
August 21, 2003, 8:28 AM PT
URL: http://news.com.com/2100-1009-5066612.html

In the aftermath of the MSBlast worm, Microsoft says it may be time to change the way Windows updates its security patches by making the process automatic by default.

A Microsoft representative said the company is "giving strong consideration to enabling Auto Update by default in future versions of Windows," though the company has not yet committed to a time frame. If Microsoft decides to go ahead with the change, it could be implemented in "Longhorn," the code name for the next version of Windows expected to come out in late 2004.

Automatic installation of security patches might have helped prevent the recent MSBlast worm, which successfully attacked hundreds of thousands of PCs that had not installed a month-old patch.

Currently, automatic updates are available as an option. Microsoft executives said the company decided not to make the feature a Windows default with Windows XP after customer feedback that suggested people did not want Microsoft controlling their PCs.

Some security experts, even those normally suspicious of Microsoft, said automatic updates might be the best way to secure PCs--particularly those of home users and small businesses.

Bruce Schneier, co-founder of Counterpane Internet Security and a well-known Microsoft critic, came out in support of the suggestion, telling The Washington Post that it was a "trade-off that's worthwhile."

Market research firm Gartner said such a move could help average people who generally lack the time and IT knowledge to keep up with the latest patches.

But Gartner asserts that Microsoft must make some changes to its updating system before it can be trusted to install software automatically on people's PCs. Gartner said Microsoft must promise not to use the auto-update feature for anything but security patches and should allow a security review of the system by outside parties.

"A compromise of this comparatively new feature could have catastrophic results," Gartner's Terry Allan Hicks said in a statement.

Many people, particularly enterprise system administrators, like to evaluate patches before they are applied because patches can interfere with other software, or even cause system failures. In a well-known incident, Microsoft's Service Pack 6 for Windows NT crashed thousands of servers.

When the first Windows XP service patch appeared last fall, critics said the patch's terms of use gave Microsoft the right to check product versions and block some programs, although Microsoft insisted that no personal information would be collected.

This is not the first time Microsoft has wanted to change its software update mechanism. In June, the company said it planned to simplify its patch technology and to expand its automatic update service to include more products.

The software giant identified four areas in which it plans to make improvements over the next 12 months: patch quality; delivering information to its customers; broadening the number of applications supported by its automated update technology; and simplifying the way that patches are applied.

Matthew Broersma of ZDNet UK reported from London. CNET News.com's Robert Lemos contributed to this report.

Related News
* Microsoft warns of critical IE flaws August 20, 2003
http://news.com.com/2100-1002-5066511.html

* 'Good' worm, new bug mean double trouble August 19, 2003
http://news.com.com/2100-1002-5065644.html

* MSBlast echoes across the Net August 15, 2003
http://news.com.com/2009-1002-5063226.html

* Microsoft aims to streamline its patches June 5, 2003
http://news.com.com/2100-1009-1013833.html

* Get this story's "Big Picture"
http://news.com.com/2104-1009-5066612.html

-----------

Automatic Security Updates From Microsoft?

From: Odd H. Sandvik

"Anyone that remembers Service Pack 6 (a collection of security patches for system NT 4.0) will never let MS perform automatic updates on a system. SP6 was released and it promptly blew away thousands of servers, and there was not any recovery method other than a reinstall. Which is why Service Pack 6 now is SP6A."

http://www.wired.com/news/print/0,1294,60109,00.html

ToC

A legal fix for software flaws?

By Declan McCullagh
Staff Writer, CNET News.com
August 26, 2003, 4:00 AM PT
URL: http://news.com.com/2100-1002-5067873.html?tag=nl

Thomas Leavitt, a system administrator and veteran of three Silicon Valley start-ups, has dealt with computer worms and viruses before.

But the severity of last week's Sobig.F and MSBlast.D attacks got him thinking harder than ever about a cure. Finding and punishing their anonymous authors would be a start. But shouldn't Microsoft also be partly to blame?

"Civil engineers very rarely make a mistake, and when they do it's a career-ending one," Leavitt said. "The software we're using at this point has the potential to create damage as bad or worse."

Microsoft's security failings may draw repeated beatings in the court of public opinion, but they will likely never be tested in a court of law unless current product liability statutes are rewritten, legal experts agree.

Problems with physical products routinely yield multimillion-dollar verdicts and settlements in litigation-happy America. But software vendors are largely protected from product defect claims thanks to unusual exemptions enshrined in typical software licenses--boilerplate known in the industry as End User License Agreements (EULAs) or "shrink-wrap" licenses, so called because they're often printed inside the shrink-wrapped box containing the product or incorporated into the software itself.

These agreements normally take effect as a condition of installing software, and they ordinarily require customers to waive their right to sue over alleged defects. Such EULAs have been repeatedly upheld by the courts.

"Unless someone is injured or dies, it is almost impossible to successfully sue a software publisher for defective software," said Cem Kaner, an attorney and professor of computer science at the Florida Institute of Technology. "The serious proposals to change software law have primarily been to reduce software vendors' liability even further. The most recent battles involve embedded software. You might soon discover that when you buy a car, the body is covered by one set of laws but the software that controls your brakes, fuel injectors, etc., is covered by a different set of laws that are more manufacturer friendly."

Microsoft's security practices have been in the spotlight before over alleged lapses, but the astonishing speed with which Sobig.F and MSBlast.D overwhelmed corporate networks has put the finest point on the problem in years.

A plague of viruses

Computer Economics, a research company based in Carlsbad, Calif., predicted that some 75 new computer viruses will be identified this month, including MSBLast.D and Sobig.F. The company put the cost of computer attacks in August 2003 at about $2 billion. That's a record pace, the company reported, although well below the damage estimated from 2000's Lovebug virus, the worst in history with an estimated $8 billion in damage from lost productivity and system restoration costs.

Microsoft's security problems were further underscored last week when the software giant revealed additional vulnerabilities in Internet Explorer and Windows, reminded users of a patch to fix a vulnerability disclosed last month that was used by MSBlast.D, and suggested that it may make security patches install automatically in the future.

Microsoft did not respond to phone calls seeking comment.

Liability exemptions for software vendors have survived despite persistent bugs and increasingly severe consequences. A programmer's decision not to restrict zeros from acceptable input disabled the U.S. Navy's USS Yorktown, a missile cruiser, in 1997. A nuclear power plant in Ohio was hit in January by the Slammer worm, although the attack reportedly posed no safety hazard, as the plant had already been shut down. And the New York Times was hard hit by last week's batch of malicious code.

Such repeated failures are leading some irked security experts to press for changes in software liability law to better motivate companies to fix buggy and insecure code.

"If the laws got changed that forced software makers to be held liable--criminally, civilly, financially--for their products, we'd see a marked increase in product quality, security and stability," said Richard Forno, an author and security consultant. "The EULA is the slickest 'Get out of jail free card' I can think of in recent years."

MSBlast.D takes advantage of a critical security hole that could allow an attacker to take control of computers running any version of Windows except Windows ME. A group of Polish hackers and independent security consultants known as the Last Stage of Delirium discovered the flaw and worked with Microsoft to fix it. Microsoft issued a patch to plug the vulnerability in July, but many users failed to install it, leading the software giant to suggest that it may resort to automatic software updates in the future.

When software goes bad

Programmers tend to defend the current state of affairs by saying that security is a very difficult problem to solve. Most programming languages were designed with speed, not security, in mind. They also argue that programming is a difficult task to begin with. Current software is brittle and runs into problems if it encounters even one error. In addition, software engineering is a young discipline compared with traditional forms of engineering.

But critics say its time to stop coddling software companies and create real incentives for improvement.

"Unfortunately, the only way to effect change in the software makers' philosophy to business is to hit them where it hurts, namely, in the pocketbook," Forno said. "All it takes is a few large (customers) to say 'enough is enough' and move to an alternative operating environment, and it'll be all the incentive Microsoft needs to revamp its products quickly and effectively."

The Florida Institute of Technology's Kaner, who has written a book titled "Bad Software: What To Do When Software Fails," said that he favors new laws that would take moderate steps, such as requiring companies to disclose known defects in their products and telling potential customers what might trigger the problems.

When dealing with monopolistic companies such as Microsoft, Kaner said, stricter laws may be necessary: "The problem is more difficult in monopoly markets because disclosure can't create a competitive impact. The monopolist might release a product with appalling defects, but if the customer has no other vendor to go to, there's not much pressure on the monopolist to make it better."

New laws

Such changes would require a major overhaul of current software liability statutes and case law, which provide general immunity for technology vendors accused of selling defective products.

In a 1994 case brought against IBM, the Transport Corporation of America sued over a disk drive failure that cost it an estimated $473,079 in business interruptions. The 8th U.S. Circuit Court of Appeals sided with the computer company, saying "IBM properly disclaimed implied warranties" in the contract that its customers signed. The same federal court said a year later, in a second case, Rockport Pharmacy v. Digital Simplistics, that a Kansas company that sold software to pharmacies was not liable for programming problems. The judges rejected claims for breach of contract and negligence.

EULAs remain somewhat controversial among individual end users, but judges tend to view them as legitimate agreements that are just as valid as any other form of a contract. Probably the most influential case has been ProCD v. Zeidenberg, in which the 7th U.S. Circuit Court of Appeals in 1996 upheld a "shrink-wrap" agreement.

Written by the noted jurist Frank Easterbrook, the opinion said: "ProCD proposed a contract that a buyer would accept by using the software after having an opportunity to read the license at leisure. This Zeidenberg did. He had no choice, because the software splashed the license on the screen and would not let him proceed without indicating acceptance."

While no law prohibits a software vendor from drafting a EULA that permits customers to seek damages through the courts, nearly all such agreements tend to immunize the company instead.

R. Polk Wagner, an assistant professor at the University of Pennsylvania Law School, said "in theory there might be liability for these sorts of serious deficiencies, especially if Microsoft knew or should have known about them prior to the release of the relevant software product." But in practice, he added, "this is one of the features of shrink-wrap licensing: software companies can and do generally disclaim all such liability. And at least for now, courts seem willing to uphold these contracts."

Proposed changes to software liability laws have pushed to expand, rather than pull back, liability protection. One legislative proposal called the Uniform Computer Information Transactions Act (UCITA) would eliminate any remaining doubts about the validity of shrink-wrap agreements by explicitly allowing software publishers to sell their products 'as is' and to disclaim liability for defects. But it has stalled in state legislatures.

Of course, Congress could always veer in the opposite direction and curb the scope of shrink-wrap agreements. But one probable consequence of changing the law would be an increase in the cost of software: Firms would have to spend more money testing their products, or spend more money purchasing liability insurance, or both.

Sonia Arrison, a technology policy analyst at the free-market Pacific Research Institute in San Francisco, says one reason the current state of the law is reasonable is that "software is inherently different from (physical products such as) tires since it's more difficult to know beforehand what vulnerabilities will occur."

Even some victims of serious software failures remain skeptical of new laws that would open up software vendors to civil judgments.

Leavitt, the system administrator with the clogged in-box, says he's leery of asking Congress or state legislatures to intervene despite headaches caused by last week's attacks.

"As a legal solution, it's probably likely to create as much of a mess as anything it would fix," Leavitt said. "I'm a little bit nervous about letting the Congress loose and letting them define the liabilities. I have some doubts about their competence in such matters."

ToC

Microsoft Corp. and Be Inc. Reach Agreement to Settle Litigation

Press Release - Source: Microsoft Corp.
Friday September 5, 7:54 pm ET
URL: http://biz.yahoo.com/prnews/030905/sff027_1.html

MOUNTAIN VIEW, Calif. and REDMOND, Wash., Sept. 5 /PRNewswire-FirstCall/ -- Be Inc. (Nasdaq: BEOS - News; OTC: BEOSZ.PK - News) and Microsoft Corp. (Nasdaq: MSFT - News) today announced that the parties have reached a mutually acceptable mediated settlement of an antitrust lawsuit filed by Be Inc. in February 2002, which is currently pending in the United States District Court for the District of Maryland in Baltimore. Be will receive a payment from Microsoft, after attorney's fees, in the amount of $23,250,000 (U.S.) to end further litigation, and Microsoft admits no wrongdoing. All other terms of the settlement will remain confidential. Both parties are satisfied with the agreement and believe that it is fair and reasonable. This is the second private antitrust lawsuit Microsoft has settled this year.

Be is currently in the process of completing its dissolution pursuant to the plan approved by Be's stockholders in November 2001. In accordance with that plan and upon completion of its dissolution, Be's net cash will be distributed to shareholders of record as of March 15, 2002, after payment of any taxes, officers' and directors' compensation, and other expenses, and the satisfaction of any and all of Be's remaining liabilities.

Founded in 1975, Microsoft is the worldwide leader in software, services and Internet technologies for personal and business computing. The company offers a wide range of products and services designed to empower people through great software -- any time, any place and on any device.

NOTE: Microsoft is a registered trademark of Microsoft Corp. in the United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

ToC

Virtual PC Resurfaces in New Office, with a Catch

TidBITS#695/01-Sep-03

Microsoft last month revamped its Office X lineup, adding the recently acquired Virtual PC to a new professional configuration. Office X Standard Edition, which includes Word, Excel, PowerPoint, and Entourage, drops to $400 (or $240 for those upgrading from Office 98 or Office 2002). A comparable $150 Student and Teacher Edition allows licensed installation on up to three computers. The Office X Professional Edition adds Virtual PC 6.1 for Mac, with Windows XP Professional pre-installed, and costs $500, roughly $100 off what the products would have cost separately before. Microsoft says Virtual PC 6.1 adds no new functionality and is just a rebranding of the 6.0.2 version released by Connectix. An upgrade to Virtual PC 6.1 from earlier versions costs $100. Virtual PC is also available as a $150 stand-alone product; for $220 it includes Windows XP Home, and for $250 it comes bundled with Windows XP Pro.

http://www.microsoft.com/mac/products/virtualpc/virtualpc.aspx

Unfortunately, these changes come with news that Virtual PC 6.1 for Mac will not work on Apple's new Power Mac G5. Unlike the PowerPC G3 and G4 chips, the PowerPC G5 processor does not support a feature known as pseudo little-endian mode, which Virtual PC uses to emulate a Pentium processor. Microsoft is reportedly working on a fix, but it requires significant engineering work, and no time frame has been given. [MHA]

http://maccentral.macworld.com/news/2003/08/27/virtualpc/

ToC

FileMaker Releases Two FileMaker Applications

TidBITS#696/08-Sep-03

FileMaker is going in a new direction with its long-standing FileMaker Pro database software. In addition to developing the database applications themselves, the company will also sell FileMaker Applications, a series of task-specific programs developed using FileMaker Pro which - unlike most custom FileMaker solutions - are unlocked to enable customization and extension by FileMaker Pro developers. Although FileMaker Applications are designed to provide instant solutions to data management tasks often overlooked or poorly managed by organizations, by requiring FileMaker Pro 6 they're also intended to spur upgrades and sales of FileMaker Pro itself.

http://www.filemaker.com/applications/

The first two FileMaker Applications are Recruiter and Meetings. Recruiter offers tools for managing contacts and candidate data so users can quickly figure out "who knows who" and "who worked with who," along with tools for managing background information, reporting on organizational structure, email tools, plus more common contact management and reporting capabilities. Meetings offers tools for developing agendas, tracking tasks and action items, sharing meeting minutes, and automating repetitive email. Both FileMaker Applications are available online from FileMaker's online store and require the $300 FileMaker Pro 6 to run; Meetings costs $50, and Recruiter is priced at $300. [GD]

http://www.filemaker.com/applications/recruiter_home.html
http://www.filemaker.com/applications/meetings_home.html

ToC

Intel cuts off wireless networking gear

By Richard Shim
Staff Writer, CNET News.com
August 28, 2003, 3:59 PM PT
URL: http://news.com.com/2100-1041-5069518.html

Chipmaker Intel has discontinued sales of its branded wireless networking products to focus on its Centrino technology.

The Santa Clara, Calif.-based company quietly stopped selling its Intel Pro/Wireless 2011, 2011B, 2000/5000 and Xircom Wireless branded products in February 2003, according to the company's Web site.

"We transitioned from our branded products to providing building blocks for other products," Dan Francisco, an Intel spokesman, said Thursday.

The chipmaker in March introduced Centrino, which is a bundle of chips that consists of Intel's Pentium M chip, chipset and wireless module.

All the major PC makers, including Dell, Hewlett-Packard, Toshiba and IBM, use Centrino technology in some of their notebooks.

Intel kicked off a $300 million marketing campaign earlier this year to promote Centrino and wireless networking. The company has also helped PC makers develop wireless networking products by creating reference designs for the gear such as the Intel Media Adapter.

However, Intel's enthusiasm about wireless networking may have been too much, too soon, according to Intel President Paul Otellini.

Wireless networking technology "Wi-Fi is in danger of being overhyped, and to some degree we may be guilty of that by spending hundreds of millions of dollars on our Centrino advertising campaign," he said earlier this week at the Telecosm Conference in Squaw Valley, Calif.

Otellini added that the popularity of Wi-Fi has led to tremendous pricing pressure for chips, but that's the nature of the business.

"That's life," he said. "Welcome to the semiconductor business."

ToC

AirPort Antennas from MacWireless

TidBITS#694/25-Aug-03

Want to increase the range of your AirPort or AirPort Extreme network? The Mac- savvy wireless company MacWireless is now selling a number of directional and omni-directional antennas that connect to graphite and snow AirPort Base Stations (MacWireless points at the necessary surgical instructions for these two, which weren't designed to have antennas added) and AirPort Extreme Base Stations with antenna connectors. Prices range from $70 to $150 and gain levels vary between models. To stick with antennas that are Apple- certified and fit in with the look of the AirPort Extreme Base Station, look at the Dr. Bott ExtendAIR Omni and ExtendAIR Direct, which MacWireless also carries and which Macworld just reviewed. If you're interested in increasing your signal strength outside or in extreme environments, you might also check out MacWireless's various outdoor mounting boxes and Power over Ethernet products.

http://www.macwireless.com/html/products/antenna/antennas.html
http://www.macworld.com/2003/09/reviews/airportextremeantennas/

For those unfamiliar with antennas used for wireless networking, you can learn more about it in my book, The Wireless Networking Starter Kit, but, briefly, an omnidirectional antenna is essentially a stick which radiates in a 360-degree pattern, so you'd position it in the middle of the area you want to serve. A directional antenna focuses radio waves in a specific direction, so it's best placed on the edge of an area you want covered. [ACE]

http://wireless-starter-kit.com/

ToC

Photoshop Boosted for Power Mac G5s

TidBITS#694/25-Aug-03

Adobe has released a free plug-in for Photoshop 7 that is sure to please graphics professionals using the Power Mac G5. The Adobe Photoshop 7.0.1 G5 Processor Plug-in update for Mac OS X optimizes Photoshop to take advantage of the PowerPC G5 processor, and also uses a new Adobe Color Engine component that's designed to work with the G5. The plug-in is a free 1.4 MB download.

http://www.adobe.com/support/downloads/detail.jsp?ftpID=2132

This release coincides with news that the Power Mac G5, which was announced at Apple's Worldwide Developer Conference in June, is now shipping in its single-processor configurations. According to Apple, dual-processor models are due to appear in late August. Since the introduction, Apple has received over 100,000 orders of the Power Mac G5, which features a 64-bit processor and significant speed increases over previous desktop Macs (see "Apple Announces 64-Bit Power Mac G5s" in TidBITS-685_). [JLC]

http://www.apple.com/pr/library/2003/aug/18pmg5.html
http://db.tidbits.com/getbits.acgi?tbart=07241

ToC

iMacs Speed and Ports Bumped

TidBITS#696/08-Sep-03

Apple refreshed its iMac line today, bumping the processor speed up to 1.25 MHz and improving components on both the 17-inch and 15-inch models. The $1,800 17-inch iMac receives the top-speed PowerPC G4 processor and a fast 167 MHz system bus, and includes 256 MB of SDRAM, an 80 GB hard drive, a 4x SuperDrive, and an Nvidia GeForce FX 5200 Ultra graphics card with 64 MB of RAM. The $1,300 15-inch model has been upgraded to a 1 GHz PowerPC G4 processor with 167 MHz system bus, and includes 256 MB of SDRAM, an 80 GB hard drive, a 32x Combo drive, and the Nvidia GeForce4 MX graphics card with 32 MB of RAM. Both models include the same port configurations as previous models, with a slight twist: the three USB ports on the computer are faster USB 2.0 ports (the two ports on the keyboard remain USB 1.1). FireWire 800 ports, which debuted on the Power Mac G4, have yet to appear on the iMac line. Also, both iMacs now support AirPort Extreme (with the purchase of a $100 card), and can include an internal Bluetooth model (available as a $50 build- to-order option). Both configurations are available now. [JLC]

http://www.apple.com/pr/library/2003/sep/08imac.html
http://www.apple.com/imac/

ToC

20 GB and 40 GB iPods Debut

TidBITS#696/08-Sep-03

Apple today announced the release of 20 GB and 40 GB iPods, replacing the 15 GB and 30 GB models in the current lineup. The 10 GB model remains available for $300, the 20 GB model is $400, and the 40 GB model costs $500. There are no other changes. The larger drives are certainly welcome, and it's interesting to see Apple taking advantage of hard drive size increases and price reductions by increasing iPod storage capacity while keeping prices static. Although a much cheaper iPod would undoubtedly be welcome, the economics of hard drive manufacturing often result in this sort of pattern, so Apple may not have too much room to maneuver, particularly while maintaining the iPod's high margins. It's hard to argue too much, given that the one million iPods Apple has sold so far have undoubtedly helped the company's financial position. [ACE]

http://www.apple.com/pr/library/2003/sep/08ipod.html
http://www.apple.com/ipod/

ToC

iTunes Music Store Sells Ten Millionth Song

TidBITS#696/08-Sep-03

Apple announced today that after about four months the iTunes Music Store has sold its ten millionth song (in an ironic comment on the state of online music, the song was Avril Lavigne's "Complicated"). It's an impressive number, and although there's no telling what Apple's costs in running the store are, it probably contributed at least $3 million to Apple's bottom line in a quarter of the year. The sales rate seems to have stabilized, as you can see if you look at Apple's published numbers. It took 7 days for Apple to reach 1 million songs sold, 16 days to reach 2 million songs sold, 56 days to make it to 5 million songs, and 133 days to hit 10 million. It's not surprising that Apple wouldn't be able to maintain the initial burst of enthusiasm past the first two weeks, but if you eliminate them from consideration, you can see that days 17 through 56 averaged about 75,000 songs per day sold, and days 57 through 133 saw an average of about 65,000 songs per day sold.

That's not too shabby, considering that the iTunes Music Store is basically limited to Macintosh users who are running Mac OS X, have broadband Internet connections, and an interest in purchasing music online. If market share numbers were to be believed, that's at most 5 percent of the overall market that becomes available when Apple opens the iTunes Music Store to Windows users (expected before the end of the year). Personally, I doubt Apple's current song sales would make up just 5 percent of the combined sales to both Mac and Windows users, but that's because I think market share numbers are about as meaningful as statistics cited in political debates. [ACE]

http://www.apple.com/pr/library/2003/sep/08musicstore.html
http://www.apple.com/music/store/

ToC

Common Ground:

What Happens When Corporations Become The Repositories of Your Culture

"They took all the trees And put them in a tree museum
And they charged all the people A dollar and a half just to see 'em
Don't it always seem to go That you don't know what you've got Till it's gone
They paved paradise And put up a parking lot."

      Joni Mitchell, "Big Yellow Taxi" - Released 1970
      http://www.jonimitchell.com/HitsTaxi70.html

----

While you were sleeping
They came and took it all away
The lanes and the meadows
The places where you used to play

It was an inside job
By the well-connected
Your little protest
Summarily rejected

It was an inside job
Like it always is
Chalk it up to business as usual

While we are dreaming
This little island disappears
While you are looking the other way
They'll take your right to own your own ideas

And it's an inside job
Favors collected
Your trusted servants
Have left you unprotected

.....

You think that you're so smart
But you don't have a f...ing clue
What those men up in the towers
Are doing to me and you
And they'll keep doin' it and doin' it
And doin' it and doin' it
And doin' it and doin' it
And doin' it and doin' it
Until we all wake up
Wake up, wake up, wake up, wake up

.....

They know the road by which you came
They know your mother's maiden name
And what you had for breakfast
And what you've hidden in the mattress

Insect politics
Indifferent universe
Bang your head against the wall
But apathy is worse

.....

      Don Henley, "Inside Job" - Released 2000
      http://www.wbr.com/donhenley/insidejob.html

----

The Sonny Bono law - http://www.fepproject.org/commentaries/eldredcomment.html
Extension of Copyright law - http://cyber.law.harvard.edu/cc/Kamp_Article.html

ToC

12-year-old settles music swap lawsuit

URL: http://www.cnn.com/2003/TECH/internet/09/09/music.swap.settlement/index.html

LOS ANGELES, California (CNN) --A day after being sued for illegally sharing music files through the Internet, a 12-year-old girl has settled with the Recording Industry Association of America.

She's the first of 261 defendants to settle their lawsuits with the association.

Brianna LaHara agreed Tuesday to pay $2,000, or about $2 per song she allegedly shared.

"I am sorry for what I have done," LaHara said. "I love music and don't want to hurt the artists I love."

The suit claimed LaHara had been offering more than 1,000 songs on the Internet, using the Kazaa file-sharing service.

The RIAA said it was pleased with the settlement. There are 260 cases still pending.

"We're trying to send a strong message that you are not anonymous when you participate in peer-to-peer file-sharing and that the illegal distribution of copyrighted music has consequences," said Mitch Bainwol, RIAA chairman and chief executive officer. "And as this case illustrates, parents need to be aware of what their children are doing on their computers."

Monday, RIAA filed lawsuits against 261 individual Internet music file-sharers and announced an amnesty program for most people who admit they illegally shared music files through the Internet. The amnesty would only offer protection for songs represented by the RIAA and not from publishers, musicians or others with rights to songs.

Cary Sherman, president of the RIAA, said the civil lawsuits were filed against "major offenders" who made available an average of 1,000 copyright song files.

Record companies blame illegal music file-trading for a 31-percent fall in compact disc sales since mid-2000.

Sherman also announced the Clean Slate Program that grants amnesty to users who voluntarily identify themselves, erase downloaded music files and promise not to share music on the Internet. The RIAA said it will not sue users who sign and have notarized a Clean Slate Program affidavit.

The offer of amnesty will not apply to about 1,600 people targeted by copyright subpoenas from the RIAA. The decision was made a few weeks after U.S. appeals court rulings mandated that Internet providers turn over the names of subscribers believed to be sharing music and movies illegally.

Until now, the only music file-swapping lawsuits filed by the RIAA were against four college students accused of making thousands of songs available on campus networks. Those cases were settled for $12,500 to $17,000 each.

Sherman said Monday that the RIAA had negotiated settlements in the range of $3,000 with a "handful" of Internet users who had learned from their Internet service providers that they were being targeted for lawsuits. The industry is also pursuing subpoenas at universities around the country seeking to identify music file traders.

ToC

Net music firms, DJ, offer to pay girl's fine

Friday, September 12, 2003 Posted: 10:16 AM EDT (1416 GMT)
URL: http://www.cnn.com/2003/TECH/internet/09/12/music.online.reut/index.html

WASHINGTON (Reuters) -- Several Internet music services and a disc jockey have offered to reimburse a New York woman who paid $2,000 to settle charges that her 12-year-old daughter illegally copied music online.

A coalition of several "peer to peer" song-swapping networks said Thursday it was trying to locate Sylvia Torres so it could pay the legal settlement she reached with the Recording Industry Association of America on Tuesday.

Rochester, New York, radio disc jockey Brother Wease also offered to pay Torres' legal bill, and online music retailer MusicRebellion.com said it would allow Torres' daughter, Brianna Lahara, to download $2,000 worth of free music from its industry-sanctioned site.

However, the would-be benefactors all said they would not extend their offers to the 260 other individuals who face RIAA lawsuits for copying music through Kazaa, Grokster and other peer-to-peer networks.

An RIAA spokesman declined to comment on the offers.

Lahara, a Manhattan honor student who offered Madonna's "Material Girl" and some 1,000 other songs through Kazaa, has emerged as something of a poster girl for those who denounce the RIAA's legal campaign as heavy-handed.

"Out of all the millions of people who have downloaded, some girl in a housing project in New York City has got to come up with two grand?" said Wease, who offered to help through his charitable children's fund.

"I just feel that these people are bullies," said Grokster President Wayne Rosso, a member of the P2P United trade group, which offered to pay Torres' bill. "They're like the show-business version of the Taliban."

RIAA spokesman Jonathan Lamy said the recording industry was not targeting 12-year-olds. The only information it had when it filed the suits was the name and address of the Internet account holder, he added.

"The objective of this campaign is not to win a popularity contest, but to communicate a message of deterrence so people realize there can be consequences to this illegal behavior," Lamy said.

ToC

Electronic Frontier Foundation Petition

On Sep 12, Effector List wrote:

Dear EFF Supporter:

This is astounding - in the first 24 hours, over 6,000 people have signed our petition to stop the Recording Industry Association of America's (RIAA) nationwide rampage against average Americans. Rather than working to create a rational, legal means by which its customers can take advantage of file-sharing technology and pay a fair price for the music they love, it has chosen to sue people like Brianna LaHara, a 12 year-old girl living in New York City public housing. Take a stand against the RIAA's tactics by signing our petition:

http://www.eff.org/share/petition/

Brianna, and hundreds of other music fans like her, are being forced to pay thousands of dollars they do not have to settle RIAA-member lawsuits -- supporting a business model that is anything but rational. This crusade is generating thousands of subpoenas and hundreds of lawsuits, but not a single penny for the artists that the RIAA claims to protect.

Copyright law shouldn't make criminals out of 60 million Americans, and it's time for a change. Congress is going to hold hearings; we need your help to make sure that the public's voice is heard. Tell Congress that it's time to stop the madness:

http://www.eff.org/share/petition/

We'll deliver the petition to Congress once we've hit 10,000 signatures. This is a grassroots campaign - please take the time to tell your friends and family about this issue. Thanks for support!

Sincerely,

Ren Bucholz
EFF Activist

ToC

Revealed: How RIAA tracks downloaders

URL: http://www.cnn.com/2003/TECH/internet/08/28/downloading.music.ap/index.html

Music industry discloses some methods used

WASHINGTON (AP) --The recording industry is providing its most detailed glimpse into some of the detective-style techniques it has employed as part of its secretive campaign against online music swappers.

The disclosures were included in court papers filed against a Brooklyn woman fighting efforts to identify her for allegedly sharing nearly 1,000 songs over the Internet. The recording industry disputed her defense that songs on her family's computer were from compact discs she had legally purchased.

According to the documents, the Recording Industry Association of America examined song files on the woman's computer and traced their digital fingerprints back to the former Napster file-sharing service, which shut down in 2001 after a court ruled it violated copyright laws.

Compared to shoplifting

The RIAA, the trade group for the largest record labels, said it also found other evidence inside the woman's music files suggesting the songs were recorded by other people and distributed across the Internet.

Comparing the Brooklyn woman to a shoplifter, the RIAA told U.S. Magistrate John M. Facciola that she was "not an innocent or accidental infringer" and described her lawyer's claims otherwise as "shockingly misleading."

The RIAA papers were filed Tuesday night in Washington and made available by the court Wednesday.

The woman's lawyer, Daniel N. Ballard, of Sacramento, California, said the music industry's latest argument was "merely a smokescreen to divert attention" from the related issue of whether her Internet provider, Verizon Internet Services Inc., must turn over her identity under a copyright subpoena.

"You cannot bypass people's constitutional rights to privacy, due process and anonymous association to identify an alleged infringer," Ballard said.

Using forensics

Ballard has asked the court to delay any ruling for two weeks while he prepares his arguments, and he noted that his client identified only as "nycfashiongirl" -- has already removed the file-sharing software from her family's computer.

The RIAA accused "nycfashiongirl" of offering more than 900 songs by the Rolling Stones, U2, Michael Jackson and others for illegal download, along with 200 other computer files that included at least one full-length movie, "Pretty Woman."

The RIAA's latest court papers describe in unprecedented detail some sophisticated forensic techniques used by its investigators.

For example, the industry disclosed its use of a library of digital fingerprints, called "hashes," that it said can uniquely identify MP3 music files that had been traded on the Napster service as far back as May 2000. Examining hashes is commonly used by the FBI and other computer investigators in hacker cases.

By comparing the fingerprints of music files on a person's computer against its library, the RIAA believes it can determine in some cases whether someone recorded a song from a legally purchased CD or downloaded it from someone else over the Internet.

Copyright lawyers said it remains unresolved whether consumers can legally download copies of songs on a CD they purchased rather than making digital copies themselves. But finding MP3 music files that precisely match copies that have been traded online could be evidence a person participated in file-sharing services.

"The source for nycfashiongirl's sound recordings was not her own personal CDs," the RIAA's lawyers wrote.

The recording industry also disclosed that it is examining so-called "metadata" tags, hidden snippets of information embedded within many MP3 music files. In this case, lawyers wrote, they found evidence that others had recorded the music files and that some songs had been downloaded from known pirate Web sites.

Congressional hearings promised

The industry has won approval for more than 1,300 subpoenas compelling Internet providers to identify computer users suspected of illegally sharing music files on the Internet.

Sen. Norm Coleman, R-Minnesota, chairman of the Senate Governmental Affairs' Permanent Subcommittee on Investigations, has promised hearings on the industry's use of copyright subpoenas to track downloaders.

The RIAA has said it expects to file at least several hundred lawsuits seeking financial damages as early as next month. U.S. copyright laws allow for damages of $750 to $150,000 for each song offered illegally on a person's computer, but the RIAA has said it would be open to settlement proposals from defendants.

The campaign comes just weeks after U.S. appeals court rulings requiring Internet providers to readily identify subscribers suspected of illegally sharing music and movie files.

ToC

Disney Impossible: self-destructing DVDs

Firm eyes competition with rental chains with $5 movie discs that become unreadable in 48 hours.

September 9, 2003: 11:45 AM EDT
URL: http://money.cnn.com/2003/09/09/technology/disney_dvd.reut/index.htm?cnn=yes

LOS ANGELES (Reuters) - If Walt Disney Co. gets its wish, an experimental type of DVD will begin flying off store shelves Tuesday, and self-destructing 48 hours later.

Disney (DIS: Research, Estimates) movies on disposable DVDs are set to arrive in convenience stores, pharmacies and other outlets in a four-city test of whether Americans will pick up a limited-life DVD rather than dropping by a video rental store.

The red DVDs turn an unreadable black 48 hours after their packages are opened -- exposing them to oxygen, which reacts with the disc in a process similar to how Polaroid film develops.

The DVDs, which are being distributed by Buena Vista Home Entertainment, Disney's home video unit, will carry a suggested price of $6.99.

Some retailers are expected to sell them for as little as about $5, said Alan Blaustein, chief executive of Flexplay, which owns the self-destruct technology.

The advantage to the disposable DVD format -- known as EZ-D -- is that such discs can be sold anywhere and never need to be returned, potentially turning any retailer into a competitor with video rental chains such as Blockbuster Inc (BBI: Research, Estimates).

"It should be 'aisle two, bread, aisle 4, EZ-D,"' said Flexplay's Blaustein, who predicted families would continue to rent videos and start buying the disposable DVDs as well.

Stores in Austin, Texas; Peoria/Bloomington, Illinois; Charleston, South Carolina; and Kansas City, Missouri will begin stocking the disposable DVDs including titles such as "Signs" and "The Recruit."

Toys R Us, Phillips 66, Circle K, CVS and Walgreens are some of the chains participating.

The plan has stirred some criticism from environmentalists such as the Alliance for Safe Alternatives, which is asking callers to phone Disney and tell them to scrap the plan which they say will add needless waste to America's landfills.

The plan offers some recycling -- though not in-store -- and consumers will eventually be able to get a new disc in return for six used ones, the companies said.

Although the disposable DVD format does not make it harder for digital pirates to make illegal copies, Blaustein said by making DVDs cheaper the effort would also undercut the incentive to make such bootleg copies.

ToC

Apple sued by The Beatles over iPod, ITMS

By Jim Dalrymple, MacCentral

Apple Computer Inc. is being sued by Apple Corps. The parent company for music legends, The Beatles, has begun legal proceedings against Apple Computer, citing breach of contract for the suit, according to Fox News.

Apparently when Apple Computer first started, The Beatles sued them for the use of the corporate name. In addition to a hefty cash settlement, Apple agreed to only use the corporate name for computer products and not enter the music marketplace.

Years later, The Beatles sued and won another lawsuit when Apple shipped computers that allowed music to be played through attachable speakers. That lawsuit charged breach of a trademark agreement since Apple had agreed to steer clear of the music business. Fox News estimates Apple has paid US$50 million in the lost suits so far.

The latest round of legal proceedings surround Apple's popular MP3 player, the iPod and the iTunes Music Store, which just sold its 10 millionth song online.

"When it first happened with the iPod, we said, "What could they be thinking?" said a Beatles legal insider, who agreed that posters announcing the iPod from "AppleMusic" were among the most egregious violations. "They knew we had the agreement, and that we'd won a lot of money from them already."

An Apple representative was not immediately available for comment.

ToC

MIT to uncork futuristic bar code

By Alorie Gilbert
Staff Writer, CNET News.com
August 29, 2003, 6:09 AM PT
URL: http://news.com.com/2100-1019-5069619.html

A group of academics and business executives is planning to introduce next month a next-generation bar code system, which could someday replace with a microchip the series of black vertical lines found on most merchandise.

The so-called EPC Network, which has been under development at the Massachusetts Institute of Technology for nearly five years, will make its debut in Chicago on Sept. 15, at the EPC Symposium. At that event, MIT researchers, executives from some of the largest global companies, and U.S. government officials intend to discuss their plans for the EPC Network and invite others to join the conversation.

The attendee list for the conference reads like a who's who of the Fortune 500: Colgate-Palmolive, General Mills, GlaxoSmithKline, Heinz, J.C. Penney, Kraft Foods, Nestle, PepsiCo and Sara Lee, among others. An official from the Pentagon is scheduled to speak, along with executives from Gillette, Johnson & Johnson, Procter & Gamble and United Parcel Service.

"I see this (event) as a formal marker that is pretty key," to the development of these next-generation systems, said Pete Abell, analyst at the ePC Group, a research firm tracking the technology.

EPC stands for electronic product code, which is the new product numbering scheme that's at the heart of the system.

There are several key differences between an EPC and a bar code. First, the EPC is designed to provide a unique serial number for every item in the system. By contrast, bar codes only identify groups of products. So, all cans of Diet Coke have the same bar code more or less. Under EPC, every can of Coke would have a one-of-a-kind identifier. Retailers and consumer-goods companies think a one-of-a-kind product code could help them to reduce theft and counterfeit goods and to juggle inventory more effectively.

The way it's been designed, an EPC can be linked to databases that can store much more information about a particular product than is possible with the bar code. In addition to price and manufacturer, the EPC could link to information about location of an item based on a complex system of readers and microchips, or "tags," that communicate via radio frequency, a concept known as radio frequency identification (RFID).

"Put tags on every can of Coke and every car axle, and suddenly the world changes," boasts the Web site of the Auto-ID Center, the research group at MIT leading the charge on the project. "No more inventory counts. No more lost or misdirected shipments. No more guessing how much material is in the supply chain--or how much product is on the store shelves."

Another feature of the EPC is its 96-bit format, which some say is large enough to generate a unique code for every grain of rice on the planet. "Every molecule on Earth is what the MIT boys said," Abell said.

The 12-digit bar code that's used across the United States was introduced in the 1970s, and the retail industry is close to running out of new combinations. The industry is in the process of moving to a 14-digit code in the next year or so, but Abell said that's just a stop-gap measure. "We ran out of room" with the bar code, he said. "The EPC solves all of that; there is plenty of space in there."

Yet, the EPC Network--the EPC specifications and technology related to them--is still very much in the laboratory stage and probably won't begin to replace bar codes for at least a decade, said Abell.

That's because the price of the EPC tags needs to fall from nickels and dimes today to fractions of a penny. Protection of consumer privacy is also a concern. Wal-Mart Stores and Britain's largest retailer, Tesco, both ended the first in-store trials of the technology after privacy advocates spoke out against them. In addition, standards are still being developed to ensure that tags, readers and related computer programs from different technology suppliers all work together.

Working on the standards problem is AutoID, a new arm of the Uniform Code Council, the nonprofit that administers the bar code, or Universal Product Code. AutoID, announced in May, plans to pick up where MIT's Auto-ID Center leaves off, assigning codes, ironing out technical standards, managing intellectual property rights, publishing specifications, and providing user support and training. Heading the group is Dicki Lulay, a former executive at Nabisco Foods and McCormick & Company.

"The Auto-ID Center has done a great job, but you need a global standards body," Abell said. "Everything from Auto-ID Center is proposed; it's a draft. You can't say, 'Oh I can build my systems around that.'"

Representatives from AutoID and MIT were not immediately available to comment.

AutoID will likely release the first set of EPC specifications either at the EPC Symposium or within the next couple of months, Abell said. Wal-Mart is expecting them by November. Sometime that month, the retailer is scheduled to hold a meeting with representatives from its top 100 or so merchandise suppliers at its Bentonville, Ark., headquarters, Abell said.

At that meeting, Wal-Mart intends to present its detailed plan for setting up an EPC system for tracking shipments to its distribution centers, he said. The company has asked the suppliers to begin attaching RFID tags to the large containers and cases they ship to Wal-Mart by 2005.

ToC

The PC Section:

WinInfo Short Takes

By Paul Thurrott
URL: http://www.wininformant.com/

Allchin: We May Listen to Customers and Reassess Windows XP SP2 Schedule

In an interview with ComputerWorld, Microsoft group vice president Jim Allchin said that Windows XP SP2 was still on track for early 2004. However, the company is evaluating the schedule, making me wonder if all the pressure from users is finally settling in over in Redmond. "If we don't change our mind, [that date is correct]," he said. "There are many things that can help drive that. In particular, the consent decree helped drive when we did SP1 ... We could decide to accelerate the service pack. It's not some hard-and-fast thing. We have a team. ... I don't want to get it locked down to a particular path, because something may come up. Something came up in the last couple of weeks. It's got a lot of focus here right now." What should be a big focus, sadly, is changing the service pack schedule. Again, these release need to ship every six months like clockwork.

Allchin: Bug Fixes, New Features, or Both?

In related news, Allchin also helped clarify Microsoft's "no new features" pledge for service packs in the same interview, a clarification that may not please many Windows administrators. "I think it's very confusing about what's a feature, what's a bug fix," he said. "I mean, some of the wireless support that we produced just recently, we've already shipped it for WPA [Wireless Protected Access], for example. Was that a bug fix or was that a feature? ... Our general idea is that service packs are trying to be a rollup of the QFEs [quick-fix engineering updates], as well as other things that we have found internally that we think are important to deliver to customers." People have been complaining about Microsoft adding features to service packs since the mid-1990's, but I think this approach actually makes sense: If the company updates the core OS at some point in its lifecycle, that code should make its way into the next service pack.

Microsoft to Change IE in Wake of Patent Suit

As a result of its patent infringement court loss recently, Microsoft will alter its dominant Internet Explorer (IE) browser, the company said this week. The changes, which have yet to be disclosed, could affect a huge number of Web sites, according to the W3C (Worldwide Web Consortium), a standards body that oversees such Web technologies as HTML and CSS. The changes could be highly disruptive as IE controls about 96 percent of Web traffic, and the patent infringement suit involved hyperlinks, which is pretty much the core technology of the Web. I'll be in constant communication with the Webmasters at http://www.frankstallone.com to ensure that the Web's most important destination is not disrupted by this change, whatever it is.

AOL Users Temporarily Locked Out of Microsoft Sites

Although I'm sure the situation was only a coincidence, AOL users were temporarily unable to hit any Microsoft Web sites this week. A mysterious network disconnection, which both companies vaguely attributed to each other, caused the outage, which lasted 2 days. While investigations continue, both companies have noted that they're working together to provide a better long-term solution and avoid future outages. Watching these two lovebirds getting along is so cute, isn't it? No bad blood at all.

ToC

Microsoft to Unveil New Wireless Hardware, Mice, Keyboards on September 16

In the coming weeks, Microsoft will unveil its second-generation Broadband Networking product line, which will feature 802.11g wireless products that run at 54Mbps, a dramatic improvement over the current line's 802.11b- based 11Mbps. In addition to the standard desktop and notebook computer wireless adapters and wireless base stations, Microsoft will also unveil an Xbox Wireless Adapter that will let gamers access online multiplayer games wirelessly for the first time. The company will also unveil a new line of PC mouse devices and keyboards.

"Our new line of broadband networking devices will make their US debut featuring 802.11g, which is up to five times faster than 802.11b, the technology used in our original lineup that debuted in 2002," Tom Gibbons, general manager of the Hardware Group, said. "Wi-Fi technology is everywhere you look, whether over a cup of coffee at Starbucks or on the front page of the business section. In fact, latest analyst predictions indicate by the end of 2003, there will be 9.3 million Wi-Fi users worldwide, up from 2.5 million last year." Microsoft noted a Gartner study that predicts 31 million Wi-Fi users by 2007.

In addition to the new wireless hardware, which is entering a crowded market that embraced 802.11g months ago, Microsoft also unveiled new mouse and keyboard hardware last week and will ship later this month. All the products are wireless, including the two standalone mouse devices--the Wireless Optical Mouse and Wireless IntelliMouse Explorer--and several mouse/keyboard combinations, such as the Wireless Optical Desktop Elite, Wireless Optical Desktop, Wireless Optical Desktop Pro, and Basic Wireless Optical Desktop. The new mouse devices feature interference-reducing wireless technology and dramatically better battery life than previous models--as much as 6 months, the company says. They also feature an innovative new scroll wheel, called the Tilt Wheel, which will let users scroll horizontally as well as vertically. In early 2004, the company will introduce wired versions of its new keyboards and mouse devices.

ToC

New Windows Update Covers More Products

The fifth revision of Windows Update is set to enter beta testing, as Microsoft continues efforts to improve its facility for keeping customers' systems up to date.

Windows Update V5 is slated to be a significant upgrade, eventually extending the service's reach beyond Windows to all Microsoft products. The company will initially support updates to Office 2003, as well as SQL and Exchange.

The first test version -- what Microsoft calls "the Alpha" release -- of V5 will launch in late September, according to the company. Subsequent updates will be made every two or three months.

"The vision for Windows Update V5 is to provide an efficient and effective means to keep all Microsoft products secure and up to date with the latest patches, starting with Windows, Office, SQL, and Exchange," Microsoft wrote in an e-mail to beta nominees.

Microsoft is accepting applications for the Windows Update V5 beta program until Friday, September 12. The nomination survey can be accessed by signing into BetaPlace with the guest ID: WUV5Prev. Applicants who tested V4 are asked to click a special link named "WU V5 Preview Program Participation for currently in WU V4."

"The key to an effective pre-release program is having customers participate who are willing and able to install, exercise, and provide feedback on the product in a timely manner," noted Redmond beta coordinators. "Please carefully consider your willingness and ability to follow through on these commitments."

ToC

Microsoft Virtual PC for Windows 5.2

Source: ieXbeta

Microsoft Virtual PC is a powerful software virtualization solution that allows you to run multiple PC-based operating systems simultaneously on one workstation, providing a safety net to maintain compatibility with legacy applications while you migrate to a new operating system. It also saves reconfiguration time, so your support, development, and training staff can work more efficiently.

Microsoft will release Microsoft Virtual PC 2004 late in calendar year 2003. In the meantime, a 45-day free trial of the Connectix Virtual PC for Windows version 5, now from Microsoft, can be downloaded for evaluation purposes.

August 15th was the last day customers could purchase Virtual PC for Windows from Connectix. In late 2003, Microsoft will release a new version of Virtual PC (Microsoft Virtual PC 2004) which may have different features and may require migration from the current Connectix Virtual PC for Windows product. You can find more information about Microsoft's Virtual PC for Windows product plans and support options, and you can download a trial version of Virtual PC for Windows 5.2 at http://www.microsoft.com/virtualpc.

Currently, Microsoft has also made available the complete version of Virtual PC for Windows 5.2(43.6 Mb) for MSDN Subscribers at MSDN subscribers site.

Download: Microsoft Virtual PC for Windows 5.2
45-day Free Trial (23.34 Mb)
http://download.microsoft.com/download/0/5/0/0508717e-14fe-4b74-aaa1-a53687ff30db/VPC_52_Trial.exe

ToC

Linux is favourite hacker target: Study

By Jack Kapica
Globe and Mail Update

Linux, not Microsoft Windows, remains the most-attacked operating system, a British security company reports.

During August, 67 per cent of all successful and verifiable digital attacks against on-line servers targeted Linux, followed by Microsoft Windows at 23.2 per cent. A total of 12,892 Linux on-line servers running e-business and information sites were successfully breached in that month, followed by 4,626 Windows servers, according to the report.

Just 360 — less than 2 per cent — of BSD Unix servers were successfully breached in August.

The data comes from the London-based mi2g Intelligence Unit, which has been collecting data on overt digital attacks since 1995 and verifying them. Its database has tracked more than 280,000 overt digital attacks and 7,900 hacker groups.

Linux remained the most attacked operating system on-line during the past year, with 51 per cent of all successful overt digital attacks.

Microsoft Windows servers belonging to governments, however, were the most attacked (51.4 per cent) followed by Linux (14.3 per cent) in August.

The economic damage from the attacks, in lost productivity and recovery costs, fell below average in August, to $707-million (U.S.).

The overall economic damage in August from overt and covert attacks as well as viruses and worms stood at an all-time high of $28.2-billion.

The Sobig and MSBlast malware that afflict Microsoft platforms contributed significantly to the record estimate.

"The proliferation of Linux within the on-line server community coupled with inadequate knowledge of how to keep that environment secure when running vulnerable third-party applications is contributing to a consistently higher proportion of compromised Linux servers," mi29 chairman D.K. Matai said.

"Microsoft deserves credit for having reduced the proportion of successful on-line hacker attacks perpetrated against Windows servers."

ToC

Can rip-proof CDs save the music biz?

Coming soon: The untouchable compact disc

By Bridget Finn
Business 2.0
Wednesday, September 10, 2003

Future of Music

Since 1999, CD unit sales have plunged 26 percent -- a decline of $2 billion -- thanks in part to file-sharing services and other forms of digital piracy. The record labels' frustration is so acute that the Recording Industry Association of America has begun suing hundreds of consumers who have exchanged music on peer-to-peer networks like Kazaa, Morpheus, and Gnutella.

But what technology giveth, can it taketh away?

The industry hopes so: This month the first copy-protected CDs are expected to start showing up on music-store shelves in the United States. And that's great news for the one or more lucky companies whose music- locking tech will be adopted. Even by modest estimates, licensing fees will amount to more than $100 million annually.

The big winner could be Macrovision, a major provider of copy protection to Hollywood. With revenues of $102 million in 2002, the company, based in Santa Clara, California, commands a near monopoly on video and DVD copy protection, providing the system used in more than 2.1 billion DVDs and 85 million DVD players.

Dueling firms

Macrovision also built the antipiracy technology used to protect 150 million music CDs sold in Europe and Japan.

"Our DVD business is in the $40 million- to $50 million-a-year range, but the CD market is twice as big," says Macrovision CEO Bill Krepick.

The technology for the U.S. market is expected to be a better version of the trouble-prone systems introduced in Europe and Japan, which generated complaints when they failed to play on many car stereos and PCs.

Macrovision's technology, called CDS-300, hides the original audio tracks but makes pre-compressed music files available for limited downloads to PCs. The company's main competitor is Phoenix-based SunnComm, a 25-person upstart that already has a contract to supply copy-protection technology to BMG, the fifth-largest record label. SunnComm's MediaMax CD-3 also restricts the original audio files, but does so on the user's PC, rather than the disc, by installing a kind of software lock.

Krepick argues that Macrovision's experience and size give it an advantage.

"We're not a garage operation," he says.

But Bill Whitmore, SunnComm's chief operating officer, points out that CDS- 300 has been plagued by delays.

"Nobody's seen Macrovision's new technology work," he says.

Looking for sales

No need to fight, boys: Analysts like Sterling Auty of J.P. Morgan say the labels may well hedge their bets, relying on several vendors to provide copy-protection technology.

But even if everyone's system works flawlessly, will the new CDs improve sales? Don't bet on it.

In Germany and Japan, where the labels began selling copy-protected CDs in 2000, sales have continued to decline.

ToC

Switching on PC is too technical for many users

By Robert Jaques

The results of a study released this week confirms what the world's BOFHs and sysadmins have known for ages: that users are a dangerous menace who should not be allowed near anything more advanced than a fridge.

A staggering one in seven technologically challenged employees needs help even switching their computers on and off, according to research commissioned by City & Guilds.

The UK vocational awarding body's study of 405 random UK financial directors revealed that, despite the fact that PCs have been around for over thirty years, getting to grips with the devices is totally beyond many British office workers. A fifth were found to struggle to save a document, more than one in five need assistance printing, while a quarter cannot understand a spreadsheet.

City & Guilds pointed out that, apart from greatly reducing productivity, this lack of IT proficiency is causing IT support cost to sky-rocket as beleaguered BOFHs struggle to distribute some clue to their gormless users.

British companies, according to the study, are forced to fork out an average of £49,000 per year for additional IT support to bolster this skills shortfall. Despite three quarters of businesses having in-house IT staff, a fifth admitted they cannot handle all technical problems internally with a third reliant on external support or helpdesks, and more than a quarter employing IT contractors.

Additionally the poll indicated that the nation's businesses are losing an average 312 employee hours as a result of technical incompetence.

According to City & Guilds, a lamentable lack of even basic IT training is one of the main problems. One in five firms responding to the study admitted employees have only basic IT skills and over one in ten said their workers have no IT qualifications at all. The problem is apparently compounded by the fact that more than one in 10 employers state that IT skills are non-essential when hiring recruits.

ToC

Haynie on PCs: A Counter View

by Kevin Hisel

[Editor's Note: In last month's newsletter, I put a few comments on the MSBlaster worm from Dave Haynie, one of the principle engineers in the creation of the Commodore Amiga. Our own Kevin Hisel took exception to some of the ancillary comments Dave made about Microsoft. So, in the spirit of the Fairness Doctrine (a tenet disposed of by the Reagan administration in August 1987), here are Kevin's concerns.]

Haynie is an Amiga god but I'm not so sure he's that clued in on the PC:

> If you're NOT using a firewall of some kind, get one TODAY. Microsoft will
> not protect you from this kind of thing.

Wrong. Microsoft provides a very bare-bones firewall with XP. It WILL protect you against the kinds of attacks he is talking about. Applying the fix they released a month before the worm was written would also do the trick quite nicely.

> Right... not everyone can keep up with the bazillion latest Microsoft
> patches, much less sort through them to isolate the "patch for me" from
> the "patch for Microsoft". And woe to the fool who lets MS do this
> automatically... you never know what kind of problems they'll install for
> you. The chance of an exploit like this one is rare; the chance of MS
> screwing you over to further their aspirations is a certainty.

I've applied every MS update to my five XP installations and have NEVER had any problems. His assertion that MS "screwing you over to further their aspirations" is a "certainty" is sour arrogance unsupported with any evidence whatsoever. The fact is, MS has never released an update that "screwed" the user in some way, but there have been many exploits released that do. The facts directly contradict His Holiness.

Also, in XP, MS makes it sooooo easy to download updates automatically and gives you the choice of whether you want to install them or not. It's so easy a grandma could do it. And I am happy to report that there are far fewer than a "bazillion" updates. I normally see about one every three weeks. There really is no excuse for not keeping up with the updates-- especially the ones MS classifies as "critical".

> I suspect MS has their own team, hard at work on new worm, virus, and
> similar annoyances. After all, if your fear of The Net exceeded your fear
> of MS's Evil Ambitions, you'd probably just check the "auto update" box,
> and get all of their new stuff pushed to you automatically.

Dave should go back and work on Amigas. I used to really respect him, but when someone starts saying this kind of stuff in public, he loses all credibility.

ToC

Kerio/Tiny Firewall

From: Skal Loret
Date: Thu, 28 Aug 2003 09:33:50 -0400

I setup an XP system with 2 user accounts on it yesterday. I want everything on the original account's menus to appear in the 2nd account. How do I do that?

Oh...I discovered something yesterday: Kerio Firewall. It is, in fact, the original Tiny Firewall, and as such, it is EXCELLENT!!! I recommend it without qualification.

From: Jim Belant
Date: Thu, 28 Aug 2003 20:22:36 -0500

Yessir, that is the firewall I recommended to Don F. I've been using it since January, and have been very happy with it. It is very 'automatic', you don't need to know how to setup forwarding rules at all.

It also lets me know when our corporate ITS department is performing a port scan. :)

From: Skal Loret
Date: Thu, 28 Aug 2003 21:29:56 -0400

Your recommendation only shows your good taste. Kerio/Tiny Original is an excellent tool, with really low system overhead and runs very tight. The rule-making/administration area is very simple to use. I loved it when it was Tiny, and I still love it. I will be installing it on all machines I am administering, because it really is, in balance, the best free firewall out there and a strong contender for the best personal firewall, period.

From: Jim Belant
Date: Thu, 28 Aug 2003 21:03:47 -0500

I agree with the low system overhead comment. I had originally tried the free version of ZoneAlarm, and it made my laptop (1.7 GHz PIV mobile, 512MB RAM) feel sluggish. I'm not sure why. When I run Kerio, I can't even tell it is there, until it alerts me. A great piece of code!

Addendum from Kevin Hisel:

I have seen similar comments about this program on the net, too. One thing these boys don't mention is that they are all advanced users and from what I have heard, you do not want to recommend Tiny/Kerio Firewall to grandma. It takes some knowledge of networking or computers to manage.

ToC

[Editor's Note: I would would just like to acknowledge the contribution of Kevin Hisel for providing nearly everything here in the PC Section. He has been a sustaining contributor for a very, very long time. Thank you, Kevin. ]

ToC

The Macintosh Section:

AirPorts Where the Buffalo Roam

by Glenn Fleishman (glenn@tidbits.com)
TidBITS#696/08-Sep-03

We've written in the past about the feature in Apple's AirPort Extreme Base Station that allows you to connect several base stations together wirelessly to form a larger network (see "AirPort Extreme: In the Key of G" in TidBITS-663_). This cool feature goes by the name Wireless Distribution System (WDS), and it's actually a semi-standard specification also found in devices made by manufacturers other than Apple. But Apple and other companies have told us that they are neither focusing on compatibility nor formally testing equipment from other makers. So we decided to try it ourselves.

http://db.tidbits.com/getbits.acgi?tbart=07047
http://www.apple.com/airport/

Buffalo Technology was kind enough to loan me a few of their WLA-G54 802.11g access points to test their version of WDS for the book Adam and I are working on right now, The Wireless Networking Starter Kit, 2nd Edition. I found that Buffalo's WLA-G54s easily attached themselves as "remote" nodes of an AirPort Extreme Base Station network. I opened the AirPort Admin Utility and connected to the AirPort Extreme Base Station in my office. I clicked Show All Settings, selected the WDS tab, and enabled the AirPort Extreme Base Station as a WDS. I then clicked the plus sign to specify the base stations to use as remotes and relays. Amazingly, the AirPort Admin Utility presented the Buffalo WLA-G54 for me to select as a remote. I hadn't yet configured the Buffalo access point - I had just turned it on. But the AirPort Admin Utility lists all of the access points that the AirPort Extreme Base Station can see. (Had that not happened, I could have manually entered the MAC addresses of the WLA-G54s in AirPort Admin Utility.)

http://www.buffalotech.com/wireless/products/airstation/wlag54.php

The Buffalo WLA-G54 is a pure wireless access point without any gateway features, like assigning IP addresses via DHCP. That's fine, since I'd have to turn off those features in a distributed network anyway. So what's the utility of the Buffalo WLA-G54 for Mac users? Cost: although AirPort Extreme Base Stations start at a reasonable $200, you can find the WLA-G54 for as low as $100, making it a cheaper way of extending your Wi-Fi network.

Keep in mind that using WDS does impact performance for the entire network, since each remote must receive every packet and retransmit them wirelessly with a single radio. That's probably not a huge problem with the 25 Mbps of real-world throughout that 802.11g is capable of in most situations, but you should be aware of it. If you need the fastest performance, stick with creating a roaming network by connecting multiple access points via 100 Mbps wired Ethernet and setting them to use different channels but the same network name. If you're interested in learning more about the nitty gritty of WDS, I've written a more technical article on the subject that appeared last week on O'Reilly Networks.

http://www.oreillynet.com/pub/a/wireless/2003/08/28/wireless_bridging.html

      PayBITS: Did Glenn help bridge a gap in your wireless network?
      Consider distributing a few bucks in his direction via PayPal!
      https://www.paypal.com/xclick/business=glenn%40glennf.com
      Read more about PayBITS: http://www.tidbits.com/paybits/

ToC

Eudora 6.0 Slams Spam, Concentrates Content

by Adam C. Engst (ace@tidbits.com)
TidBITS#696/08-Sep-03

Last week Qualcomm released Eudora 6.0, a major upgrade to the company's venerable email client. Eudora's marquee feature is SpamWatch, a new plug-in that employs Bayesian filtering to move spam-like messages to a new top-level Junk folder, but there are a few other welcome changes for users of both Mac OS 9 and Mac OS X.

http://www.eudora.com/

SpamWatch

There's no question that spam is by far the worst problem facing email users today. I've personally received about 39,000 pieces of spam this year, and that's even with our mail server performing (admittedly conservative) spam blocking. Eudora 6.0 addresses the spam problem with the addition of SpamWatch, a plug-in that employs Bayesian filtering to move spam-like messages to a new top-level Junk folder. Eudora ships pre-trained, so it will start working immediately, but you can (and should) still train it by marking spam it misses using the Junk command, and marking legitimate messages it catches incorrectly with the Not Junk command. A new Junk Mail settings panel lets you set the threshold at which Eudora should consider a message junk (mine is set to a score of 50; the range is 0 for mail that's definitely spam to 100 for messages that just ooze spaminess), and a host of other useful settings relating to SpamWatch.

http://www.eudora.com/email/features/spamwatch.html

In my use since it first appeared for testers in April of 2003, SpamWatch has proven quite accurate, with a false positive rate well under 1 percent. False negatives are low as well, with only a couple of mistakes per day. I can't be more specific because Qualcomm wasn't able to add spam-catching statistics to Eudora's statistics window in time for the 6.0 release. I strongly hope that will appear in Eudora 6.1.

The false positive rate is so low in part because Eudora whitelists messages from senders who are in your Address Book, and if you mark an incorrectly identified message as Not Junk, Eudora automatically records that sender in your Address Book so as to reduce the chance of a future mistake even more. That should work for most people, but for those like me, who receive mail from many people who would not otherwise be in your Address Book, try these two tricks to populate your Address Book. First, if you have mailing lists where you want to ensure that messages from those subscribers (like TidBITS Talk for me) are never marked as spam, add the Remember Sender action to the filter that moves messages to the appropriate mailbox. Second, consider using Robert Woodhead's free BoxSweeper program to extract all the email addresses from your stored mailboxes of legitimate mail; that way you can be sure no one who has sent you legitimate mail in the past will be caught, assuming they use the same address. Remember, though, that spam that forges an address in your Address Book (like your own address!) will always make it past SpamWatch, so you may need to prune your Address Book judiciously.

http://www.madoverlord.com/Projects/BOXSWEEPER.t

The fact that SpamWatch is a plug-in is significant, since it means that other developers will also be able to create anti-spam plug-ins for Eudora that are far better integrated than was possible in the past. In fact, Michael Tsai, developer of the SpamSieve spam fighting tool, is already working on a beta plug-in that will integrate Eudora 6.0 and the forthcoming SpamSieve 2.0. Although Eudora's own SpamWatch is doing an awfully good job right now, I think there will be room for other tools, particularly as spammers learn how to circumvent basic Bayesian filters.

http://www.c-command.com/spamsieve/
http://db.tidbits.com/getbits.acgi?tbart=07076

Content Concentrator

SpamWatch is designed to handle the massive influx of spam, but another new feature, the Content Concentrator, is aimed at helping you manage the influx of legitimate mail. The Content Concentrator enhances the preview pane in any mailbox window in two ways (click the expansion triangle in the lower left corner of a mailbox window to show the preview pane).

http://www.eudora.com/email/features/content_concentrator.html

First, it hides excessive quoted text in an effort to help you focus on just the new text in a single message. I find this useful in mailboxes where I keep the preview pane relatively small, since I can still get an idea for what's in the message without opening its window.

Second, if you use Eudora's Option-click shortcut to select multiple messages by sender or subject (a feature of unparalleled utility and all-around goodness that I use constantly), the Content Concentrator displays all the selected messages (hiding quoted text as appropriate) in the preview pane. It's great for reading mailing list threads quickly.

The Content Concentrator takes a little getting used to. I often use Eudora's type-to-select feature followed by the Option-click shortcut to select messages so I can find a specific one, and the Content Concentrator can get in the way a bit at that point. Also, if you read a mailing list thread in the preview pane using the Content Concentrator, Eudora doesn't currently mark those messages as read, nor does it differentiate in any way between concentrated messages that were read versus those that weren't.

Of course, remember that the Content Concentrator is just hiding headers and quoted text temporarily; if you open a message in its own window, everything appears as it should. If you don't like the Content Concentrator, or want to make it show more or less information, or work only with single or multiple messages, a new Content Concentrator settings panel provides the necessary options.

Look and Feel

People love to complain about how ugly Eudora is, although by now, I suspect that its interface is a major part of its charm for many long-time users. Qualcomm usually responds with a few cosmetic changes in each release, and Eudora 6.0 brings with it completely new toolbar and system icons. Also gone is the tow truck icon that you could use to drag an open message to a mailbox; now you drag an envelope icon in the title bar, much as you can drag folder icons in Finder window title bars.

More significant for Mac OS X users is the addition of a drawer to the right side of mailbox windows; you open and close it with a little button in the upper right corner of each mailbox window. The drawer essentially shows the contents of Eudora's Mailboxes window, with a hierarchical list of all mailboxes inside. You can click a mailbox to open it in the current window, double-click one to open it in its own window, drag messages to them, and so on. Mailboxes with unread messages appear with their names bold and underlined. You cannot add or remove mailboxes or folders from it; stick with the Mailboxes window for that.

I'm hesitant to recommend the mailboxes drawer. Eudora is designed around multiple windows, and my different mailboxes display differently. Some eschew the preview pane entirely, others display it relatively small, and a few use it as the primary viewing area. Using the mailboxes drawer to switch among mailboxes restricts me to one setting for the preview pane.

I also find transferring messages by dragging them to mailboxes much more difficult than using Eudora's Transfer menu (for which you don't have to keep the mouse button down the entire time). Finally, since many of my filters open mailboxes that receive new mail, I often ended up confused about which mailboxes were open and why. I turned off automatic mailbox opening to give the single-window view a chance, but I'll be going back to the multiple window approach as soon as I find the time to edit my filters. It simply doesn't match the way I like to work with email.

One last, and extremely welcome change: in Mac OS X, Eudora is now a self-contained application package, making it a better Mac OS X citizen. That also means you can turn plug-ins on and off via the Get Info window in the Finder.

What's Missing

In almost any major release, some people will be disappointed, and those looking for an overhaul of Eudora's increasingly creaky filtering system won't find any major changes in Eudora 6.0. Eudora still doesn't use Apple's Address Book, although the more I see other applications trying to tie into Apple's Address Book, the more I'm unsure that it's currently a good universal solution because different applications have different requirements from a contact database. Also unchanged is Eudora's HTML parser, which enables Eudora to display HTML mail in a readable way most of the time, but not much more. I hope Qualcomm will replace the internal parser with Apple's recently released WebKit, which is the HTML rendering engine at the heart of Safari.

That said, there are oodles of other minor tweaks, improvements, and bug fixes in Eudora 6.0, and you can read all about them in the release notes. There's also no question that Eudora remains the most configurable email client on the planet, thanks to the way it provides access to hundreds of internal settings that are off-limits in other programs. I've updated the list of x-eudora-settings that I maintain; get it by sending email to x-eudora-settings@tidbits.com. Put ADD in the Subject line if you'd like to receive future revisions automatically.

http://www.eudora.com/download/eudora/mac/6.0/Release_Notes.txt

Upgrading & Versions

Eudora remains available in three modes, switchable by choosing Payment & Registration from Eudora's Help menu. Paid mode provides all of Eudora's features for $50. Upgrades are free if you purchased a Paid mode subscription within the last 12 months; they cost $40 if you have a Paid mode registration code from Eudora 4.3 or later; and you must buy a new copy for $50 if you're a new user or have a registration code for a version of Eudora older than 4.3.

http://www.eudora.com/email/upgrade/

Sponsored mode is also free, and lets you use Eudora's entire feature set except for SpamWatch in return for showing you an ad window with rotating ads and using up to three toolbar buttons to link to advertisers. Personally, I couldn't survive without something like SpamWatch, but if you don't receive much spam and don't mind the ads, Sponsored mode works fine.

Light mode eliminates all the ads, but also reduces the feature set significantly, making it a fine option for someone who needs a basic email program without all the bells and whistles for free.

Eudora 6.0 is a 4.4 MB download for Mac OS 9 users, and a 4.2 MB download for Mac OS X users.

http://www.eudora.com/download/

      PayBITS: Did Adam's insights into Eudora help you tame
      your email? Consider sending him a few bucks via PayBITS!
      Amazon: http://www.amazon.com/paypage/P3AQT7G7WC4EUK
      PayPal: https://www.paypal.com/xclick/business=ace%40tidbits.com
      Read more about PayBITS: http://www.tidbits.com/paybits/

ToC

iMovie 3 Tips and Gotchas

by Jeff Carlson TidBITS#697/15-Sep-03

iMovie has become something of an odd duck in the Macintosh world. When Apple first introduced iMovie in 1999, the notion of easily editing digital video on a consumer Mac wasn't an easy sell. At the time, we described iMovie as "a consumer version of Apple's Final Cut Pro video editing software, which Apple apparently hopes will reveal a market for consumer video editing it has been trying to find for more than three years." (To our surprise, many readers expressed much interest in video editing then, via both TidBITS Talk and a poll we ran that week.)

http://db.tidbits.com/getbits.acgi?tbart=05591
http://db.tidbits.com/getbits.acgi?tlkthrd=814
http://db.tidbits.com/getbits.acgi?tbart=05622

Since then, iMovie has been a huge success for Apple, cited as much for its ease of use as for its capabilities as a video editor (even four years later, no Windows product has matched iMovie's features and ease of use). Although iMovie never displaced Final Cut Pro or Adobe Premiere in professional circles, it has provided a new outlet for expression to amateur filmmakers, vacationers, hobbyists, and school kids.

iMovie also helped give rise to Apple's digital hub strategy, which was especially evident in the release of iMovie 3 as part of the iLife suite of applications at last year's Macworld Expo in San Francisco (see "Apple Software Spices Up iLife" in TidBITS-662_). iMovie 3 imports music from iTunes 4 and images from iPhoto 2 with ease, and offers a direct route for turning movies into DVDs through iDVD 3.

http://db.tidbits.com/getbits.acgi?tbart=07040

So why do I say that iMovie is now an odd duck?

Unlike most Apple software - or, in fact, most software in general - iMovie took a lurch backward in terms of performance with version 3. This quickly became apparent as I began work on my most recent book for Peachpit Press, iMovie 3 for Mac OS X: Visual QuickStart Guide. Although the program introduced a number of welcome new features, performance was sluggish, the program crashed for no reason, and exporting data was problematic (see "iMovie, Take 3" in TidBITS-665_). iMovie 3 had become the new Word 6 (for those who remember that giant step backwards).

http://www.amazon.com/exec/obidos/ASIN/0321193970/tidbitselectro00/
http://db.tidbits.com/getbits.acgi?tbart=07059
http://db.tidbits.com/getbits.acgi?tbart=01884

Then again, it may not be that bad. It must be noted that some people report having no problems with the program at all. I salute those lucky souls, because for me and untold others with whom I've corresponded, iMovie 3 has been unexpectedly troublesome.

How this came about isn't clear, and Apple is characteristically mum on the subject. However, I've read reports that a big factor was an Apple mandate to rewrite iMovie as a Cocoa application, versus existing in Carbon as was the case with iMovie 2 (for that reason, iMovie 3 will run only under Mac OS X, whereas iMovie 2 works under both Mac OS 9 and Mac OS X). Another reason could be iMovie 3's greater reliance on QuickTime; as QuickTime improves, so does iMovie, which was evident when iMovie 3.0.3 and QuickTime 6.3 were released together in June with dramatically improved performance.

http://db.tidbits.com/getbits.acgi?tbart=07208
http://www.info.apple.com/kbnum/n120187
http://www.apple.com/quicktime/download/

That said, iMovie 3 isn't a lost cause. The latest updates above improve performance and fix many of the program's initial shortcomings. Since we haven't written much about iMovie 3 specifically in TidBITS, I want to cover some tips about a few of the new features and point out some areas where the program still needs work so that those who are using iMovie 3 won't be tripped up.

http://db.tidbits.com/getbits.acgi?tbart=07208

Working with iDVD

As part of the iLife integration, iMovie makes it easy to create an iDVD project of the movie you've built. You can also set up chapter markers in iMovie that the viewers of your DVD can jump to without fast-forwarding through every frame of your movie. The chapter markers are pretty rudimentary: move iMovie's playhead to the location where you want to start a chapter, switch to the DVD pane, and click the Add Chapter button. It would be nice to be able to edit a marker should you decide that the chapter should begin at a different location on the timeline, but instead you must delete the marker and create a new one. Once chapters are set, simply click the Create iDVD Project button, which launches iDVD 3 and assembles the project.

But what if you don't own iDVD 3? Perhaps you chose not to pay for the iLife upgrade (since iDVD 3 was the only iLife application not available as a free download), or perhaps you're using iMovie on a Mac that doesn't include a SuperDrive. In iMovie 2, you could save your movie using a "For iDVD" option in the Export dialog box, but choosing the same option in iMovie 3 results in a polite message that says you need iDVD 3. Fortunately, you can still export your movie in a format that iDVD 2 will read. In the Export dialog box, choose To QuickTime from the Export pop-up menu, and then choose Full Quality DV from the Formats pop-up menu. You can then import that QuickTime movie into iDVD 2, though you lose any chapter markers you may have set up.

Speaking of iDVD 3, remember that you can now run it on machines that don't include a SuperDrive by applying the iDVD 3.0.1 update (see "Using iDVD 3.0.1 on Non-SuperDrive Macs" in TidBITS-690_). When I wrote that short article, I said it wasn't possible to install iDVD 3 from the iLife discs because the installer checks to make sure your Mac has a SuperDrive installed. It turns out that I didn't dig far enough. If you have an iDVD 3 installation disc (which is a DVD, not a CD, so you at least need a media drive that can read a DVD), follow these steps sent to TidBITS Talk and linked below.

http://db.tidbits.com/getbits.acgi?tbart=07287
http://db.tidbits.com/getbits.acgi?tlkmsg=18476

QuickTime Reference Movie

Astute video editors may have noticed an extra file in each iMovie project folder. In addition to the project file itself and the Media folder where video and audio clips are stored, iMovie 3 creates a QuickTime reference movie that reflects the state of the timeline at the last saved state. The file itself isn't very large because, like the iMovie project file, it contains only pointers to which sections of the media files are in use, as well as which titles, transitions, and effects have been applied.

The reference file becomes useful when you want to preview your movie outside of iMovie, such as in QuickTime Player or other third party viewers. It's also a quick way of adding a movie to an existing iDVD project. That's because using the Create iDVD Project button in iMovie 3 causes a new iDVD project to be created. If you instead drag this reference movie into iDVD, it creates a new folder in the project containing the movie and all of its chapter markers. This approach also retains the Play Movie option in iDVD, which can play the movie from start to finish while still retaining the chapters.

Audio Export Gotchas

Unfortunately, the audio quality in exported iMovie movies remains one of the program's most annoying problems. Users report audible pops and sections where audio and video get out of sync.

One suggestion is to make sure your audio source is recorded at 16-bit audio instead of 12-bit. With 12-bit audio capture, the camcorder records audio in two separate stereo channels, which leaves room on the tape to go in and record more audio if necessary. 16-bit capture grabs audio at a higher quality level and leaves no room for more recording. However, since you're editing footage in iMovie instead of on the camera, the only benefit to using 12-bit audio is that it takes up less hard drive space when you import it; also, iMovie doesn't recognize separate audio channels the way other video editing software (such as Final Cut Express) does. If your footage is currently in 12-bit audio, export it from iMovie back to a blank MiniDV tape in your camcorder set to 16-bit audio, then re-import it into iMovie.

http://docs.info.apple.com/article.html?artnum=61636

Another suggestion sounds a bit more dubious, but seems to work. If, after exporting, audio fades aren't working, or if clips you had marked silent are still audible (which happened to me on one DVD project), the fix seems to be to have one clip selected in the timeline when you export your movie.

For clips whose audio has slipped out of sync, try extracting the video clip's audio to a separate track (select the clip and choose Extract Audio from the Advanced menu). Make sure the audio track is locked to the video track by positioning the playhead within the two clips and choosing Lock Audio Clip at Playhead from the Advanced menu.

Performance Issues

Perhaps the most sporadic issue with iMovie 3 is general performance. Although iMovie 3.0.3 greatly improved performance, I still see stuttering audio and video, and occasional sluggish response when selecting clips or switching between the different effects panes. One general recommendation is to reduce the size of iMovie's window (now that the program doesn't cannibalize the entire screen, as in iMovie 1 and 2). Also, remove any third-party iMovie plug-ins to see if that helps. Since iMovie (and Mac OS X) love to consume memory, quit other running applications, and consider installing more RAM if your budget permits (see dealram for current RAM prices).

http://dealram.com/

Sticking with iMovie 2

If the performance of iMovie 3 is unacceptable, and if you upgraded from iMovie 2, you can use it to open projects created in iMovie 3 as long as you don't mind abandoning iMovie 3's new features. If you haven't yet upgraded to iMovie 3, be sure to make a copy of iMovie 2 to ensure that the version 3 installer doesn't overwrite it. Or, if you have a set of your Mac's Software Restore discs that include iMovie 2, you can use a utility such as Pacifist to extract the iMovie 2-specific installer.

http://www.charlessoft.com/

No doubt I haven't covered some problems you may be facing with iMovie; Apple's support discussion boards are filled with people reporting unexpected crashes, for example, that appear to be sporadic or difficult to reproduce. Although frustrating, these types of issues can be solved only by Apple's engineers. Given the company's high-profile push for iLife and the digital hub lifestyle, it's hopefully only a matter of time before Apple works out these issues. Nonetheless, I strongly recommend letting Apple know what you're running into by going to the feedback Web page listed below or by choosing Provide iMovie Feedback from the iMovie menu. Apple employees have assured us that these feedback reports are read, and enough of them can encourage an executive to reapportion development budgets to address the reported problems.

http://discussions.info.apple.com/webx/iMovie
http://www.apple.com/feedback/imovie.html

      PayBITS: Did you learn something new or work around a bug in
      iMovie 3? Consider sending a few bucks to Jeff via PayBITS!
      https://www.paypal.com/xclick/business=jeff%40necoffee.com
      Read more about PayBITS: http://www.tidbits.com/paybits/

ToC

The CUCUG Section:

August General Meeting

reported by Kevin Hopkins (kh2@uiuc.edu)

August 21, 2003 - President Richard Rollins called the meeting to order at 7:27 PM. The preceding time had been used in a struggle to get Kevin Hisel's laptop to display on the TIMM for the upcoming PC SIG. The inferior resolution on the TIMM monitor had provided a bit of a technical challenge.

Richard began by talking about our meeting room move. He talked about our criteria for any meeting site. He then announced that we would be going to the First Baptist Church of Champaign in Savoy (at the corner of Prospect and Burwash, right across from the Windsor of Savoy). [Check out http://www.fbc-cs.org.]

Richard then asked if anyone had any questions, need for help.

Next, he asked if anyone had gotten hit by virus. Mark Zinzow, who works as a Systems Administrator at the U of I reported that he had 35,000 email messages since Monday. A few other stories were related. During the following discussions, it was related that Windows Update is notorious, on campus, for failing. It has a habit of updating the registry before the download is complete, so you think you've been updated when in fact you haven't. Also, the Updaters are not consistent, said Mark Zinzow.

Richard noted that 65% of the connects to the Internet are still from dial-up.

Mark Zinzow continued by saying "I'm still having fun buying in bulk." Mark then offered some high powered LED lighted keychains for those that would like to partake. He was selling them for $1.50 each. Related to the subject, President Rollins plugged the Starship CUCUG II Forums for great deal to take advantage of. Our former President Jim Huls has a knack for finding such items. One such was a watch with a built-in TV remote. You can have hours of fun messing with your friends with that one.

President Rollins then asked for Linux news: none. Then for Mac news: Ed Hadley noted the release of the new G5 machines. PC News: viruses, patches, and the Opteron processor were noted.

George Krumins reported on a nifty new digital camera from Sony, the Cyber-shot DSC-F828. It's an 8 megapixel ($1200 list price - $875 to $900 street price) camera. For those that are interested check out:

http://www.imaging-resource.com/PRODS/F828/F82A.HTM
http://www.imaging-resource.com/

Closing the general part of the meeting, President Rollins announced that this evening the Mac SIG would be looking at BootCD for OS X, recent updates for OS X and a couple of hardware devices, the iTrip and iCast. The PC SIG would be investigating some free software and doing some Question and Answers.

The Macintosh SIG: Emil Cobb shows BootCD, iTrip and iCast

reported by Kevin Hopkins (kh2@uiuc.edu)

Emil began his presentation on making a boot CD for OS X by looking on his hard drive for the utility that he had used to make the CDs he had at the meeting for those who wanted one. However, he seemed to have accidently deleted it. Not a real problem, though, because BootCD is readily available through VersionTracker. Emil said Boot CD 0.5.4 creates a disk image to burn a Mac OS X boot CD. It's 164k in size and, although a Beta (08/07/2003), BootCD works like a champ.

http://www.versiontracker.com/dyn/moreinfo/macosx/15196

Emil went on to describe the process. You have to have a working version of OS X on your machine. The program pulls the resources from your machine to make the disk image. You then use Disk Copy to burn the image to CD. You need BSD on your machine (which is already there with OS X). BootCD automatically puts on Disk Copy, Disk Utility, Terminal, System Preferences and Console. In default mode it uses 538 MB of the CD you make. BootCD allows you to add a few additional utilities. Emil recommended Drive 10.

Booting from the CD is a slow process, but it does work. You log in as user: root with the password: bootcd.

Emil then moved on to showing us a couple of broadcast devices for the Apple iPod. The theory is you can go on a road trip and have your own tunes to listen to on the drive. Emil showed the Griffin iTrip. He began by describing the software for the iTrip. It installs a lot of station choices, which is impressive. However, the iTrip, which snaps on to the top of the iPod, gets its power from the iPod itself. The iTrip Emil was showing was actually the second one of these he'd had. The first was DOA and the second one, when connected to his iPod, sucked the entire battery charged out of it and was dead in short order. Needless to say, Emil was less than impressed.

He then turned to the Belkin iCast, which is powered by two triple "A" batteries. Emil said the iCast usually stays in his van, because it works. Although there are only four station choices it broadcasts on, Emil said he didn't care, because, once again, it works.

We then walked outside into the parking lot, Emil fired up his iCast, and we listened to a selection of his iPod tunes either from his van's radio or those of other member's vehicles scattered around the lot. As Emil said, "It works."

ToC

August Board Meeting

reported by Kevin Hopkins (kh2@uiuc.edu)

The August meeting of the CUCUG executive board took place on Tuesday, August 26, 2003, at 7PM, at Kevin Hisel's house. (For anyone wishing to attend - which is encouraged, by the way - the address and phone number are both in the book). Present at the meeting were: Rich Hall, Richard Rollins, Kris Klindworth, Emil Cobb, Kevin Hopkins, Kevin Hisel, and Mike Latinovich.

Rich Hall: RIch said he did not have much to report. "Income has outstripped expenses.

Mike Latinovich asked Rich, "How's your new laptop?" "I like it a lot," Rich responded. He said the only real trouble he had was with converting from Macintosh Quicken to Windows Quicken: the dates got all screwed up. Rich said the real Millennium Y2K problem was that his year 2000 entries got changed to 1900. It was explained that this was caused by the fact that the date in Quicken is stored as an integer and that Unix (which the Macintosh took its cue from) starts dating at 1970, while the Windows starts at 1980. In the end, Rich said, he got it all straightened out.

Richard Rollins: Richard reported that the move to the First Baptist Church in Savoy has been solidified. Room rent will be $90 a night for two rooms. We will have use of the projection system, audio connections, and Internet access. There will no drinks or food allowed in the main room, but the secondary room is called the Cafe, so there seems to be no problem there.

The Linux SIG will meet in the Cafe at 6:15. Access to the building will be available at 6 pm.

Kris Klindworth: Kris announced that WebDav will be the subject of the Linux SIG next month. WebDAV stands for "Web-based Distributed Authoring and Versioning". It is a set of extensions to the HTTP protocol which allows users to collaboratively edit and manage files on remote web servers.

http://www.webdav.org/

Emil Cobb: Emil reported that there were 22 members and guests in attendance at the August meeting. He said the Mac SIG compared the iTrip and iCast devices for the iPod. As the presenter, he had also showed how to make a boot CD for OS X. The demo for next month's meeting is TBA.

Kevin Hopkins: Kevin had no new business, but he made inquiries about one of our attendees.

Kevin Hisel: Kevin reported that he had made a presentation of free software to the Windows SIG at the meeting just past. He said he reviewed about 10 programs.

Kevin wished to publicly thank Mr. Rollins for finding a new place to meet. He informed us that he had updated the web site to reflect the new meeting location information. As an aside, Kevin noted that the CUCG web site will be moving to a new server.

Mike Latinovich: Mike said, "The doughnuts were good, I guess." Mike's stock line, for those in the know. Everyone expressed their pleasure at seeing back.

Richard Rollins: Richard thanked Kevin Hisel for the PC presentation. For the September meeting, Richard will be doing a demo on the video editing program Studio 8. He will be burning a DVD to show the process.

Richard also thanked Kris and Emil for the SIG help.

October will be CUCUG's twentieth anniversary.

ToC

The Back Page:

The CUCUG is a not-for-profit corporation, originally organized in 1983 to support and advance the knowledge of area Commodore computer users. We've grown since then, now supporting PC, Macintosh and Linux platforms.

Meetings are held the third Thursday of each month at 7:00 p.m. at the First Baptist Church of Champaign in Savoy. The FBC-CS is located at 1602 N. Prospect Avenue in Savoy, on the NE corner of Burwash and Prospect. To get to the the First Baptist Church from Champaign or Urbana, take Prospect Avenue south. Setting the trip meter in your car to zero at the corner of Kirby/Florida and Prospect in Champaign (Marathon station on the SW corner), you only go 1.6 miles south. Windsor will be at the one mile mark. The Savoy village sign (on the right) will be at the 1.4 mile mark. Burwash is at the 1.6 mile mark. The Windsor of Savoy retirement community is just to the south; Burwash Park is to the east. Turn east (left) on Burwash. The FBC-CS parking lot entrance is on the north (left) side of Burwash. Enter by the double doors at the eastern end of the building's south side. A map can be found on the CUCUG website at http://www.cucug.org/meeting.html. The First Baptist Church of Champaign is also on the web at http://www.fbc-cs.org .

Membership dues for individuals are $20 annually; prorated to $10 at mid year.

Our monthly newsletter, the Status Register, is delivered by email. All recent editions are available on our WWW site. To initiate a user group exchange, just send us your newsletter or contact our editor via email. As a matter of CUCUG policy, an exchange partner will be dropped after three months of no contact.

For further information, please attend the next meeting as our guest, or contact one of our officers (all at area code 217):

   President/WinSIG:   Richard Rollins      469-2616
   Vice-Pres/MacSIG:   Emil Cobb            398-0149               e-cobb@uiuc.edu
   Secretary/Editor:   Kevin Hopkins        356-5026                  kh2@uiuc.edu
   Treasurer:          Richard Hall         344-8687              rjhall1@uiuc.edu
   Corp.Agent/Web:     Kevin Hisel          406-948-1999
   Linux SIG:          Kris Klindworth      239-0097     kris.klindworth@Carle.com

Visit our web site at http://www.cucug.org/, or join in our online forums at http://www.cucug.org/starship/index.php .

CUCUG
912 Stratford Dr.
Champaign, IL
61821

ToC