News Humor Common PC Mac CUCUG
The next CUCUG meeting will be held on our regular third Thursday of the month: Thursday, March 16th, at 7:00 pm, at the First Baptist Church of Champaign in Savoy. The Linux SIG convenes, of course, 45 minutes earlier, at 6:15 pm. Directions to the FBC-CS are at the end of this newsletter.
The March 16 gathering will be one of our split SIG meetings. Both the Macintosh and PC SIGs are open for anything anyone wants to bring in and will be focusing on Question and Answer sessions.
ToC
We'd like to welcome the newest members of our group, joining us in the last month: David L. Stevens (Windows PC), and Harold VanderVelde (Mac 680xx, Mac PowerPC).
We'd also like to thank renewing members James Dean Huls, John Baird, Anthony Philipp, Anderson Yau, Mark Zinzow, and Joseph Wayne Hamilton.
We welcome any kind of input or feedback from members. Run across an interesting item or tidbit on the net? Just send the link to the editor. Have an article or review you'd like to submit? Send it in. Have a comment? Email any officer you like. Involvement is the driving force of any user group. Welcome to the group.
ToC
Written and produced by John Anderson <mediaminutes@freepress.net>
Media Minutes: March 10, 2006
Audio: http://freepress.net/mediaminutes/archive/mm031006.mp3
Text: http://freepress.net/mediaminutes/transcripts/mm031006.pdf
The marriage of AT&T and BellSouth may seem like the reconstruction of Ma Bell, but the stakes are actually much higher than that. The $67 billion dollar deal will create a giant with nearly nationwide reach, controlling about half of all telephone landlines in the United States. But the real danger is in the control the new and improved AT&T will have over broadband connectivity, the common platform over which an increasing number of people get their phone, Internet, and video services. With the acquisition of BellSouth, AT&T will be the largest provider of broadband in the United States. This does not sit well with Free Press campaign director Timothy Karr.
Timothy Karr: "As you allow larger corporations really to dictate broadband policy in the United States, the end result is fewer people getting online and certainly fewer people in certain classes."
If past trends tell us anything about the repercussions of the AT&T/BellSouth deal, it will lead to higher prices, fewer service choices, and the continued exclusion of unprofitable populations, like rural and low-income communities. This is exactly why nearly half of all Americans have either just one option for broadband service, or can't get broadband at all. AT&T is also an outspoken critic of the principle of network neutrality, which guarantees online speakers equal access to the rest of the 'net. Under AT&T's broadband plans, the ability to speak will be determined by how much you're willing to pay for it.
Can this marriage be prevented? Possibly: the first step, says Karr, is to let lawmakers and regulators know that the public's watching their actions and is concerned about the acquisition.
Timothy Karr: "The regulators who are supposed to look out for the public's best interest in these types of deals have basically rubber-stamped mergers. We are asking people to get back involved in the process. To contact these regulators and say, 'Hey, bigger is not better. It's certainly not better for all of us who rely upon the Internet and rely upon access to this media in order to communicate to others.'"
Free Press has launched a correspondence campaign aimed at the Congress, FCC, and Department of Justice to do just that. As of now the FCC may be the most susceptible to public pressure, which Karr says could hang up the AT&T/BellSouth deal or at least make it less threatening to the public's right to send and receive information online.
Timothy Karr: "It's our hope that we can put conditions onto that that would protect net freedoms through network neutrality provisions, and would also ensure that there's some sort of a franchising agreement for local content providers - that they can actually get local content into local video programming."
For its part, AT&T is already looking at ways to create fast and slow lanes for the Internet, and they're not alone.
---
The process of dividing the online world into tiers that diminish democratic communication has already started. Jeff Chester, executive director of the Center for Digital Democracy, notes that companies such as Cisco Systems are already selling routing equipment that comes equipped with the ability to prioritize packets of data based on how much the sender is willing to pay for quick delivery. In addition, network managers at universities and corporations are implementing a technology called "deep packet inspection."
Jeff Chester: "The technology allows them to understand, to know what's in every packet, by application, going to every individual user. Aside from the issues of affordability it raises tremendous privacy issues."
At least one bill has been introduced in the Senate that would guarantee network neutrality online, but net neutrality language has already been removed from several drafts of telecom reform legislation in the House of Representatives.
While phone and cable companies hound Capitol Hill, some 50 corporations - including America Online, AT&T, Cisco, Time Warner and Verizon - are already developing an online environment governed by pay-to-play rules. They call it the "infranet," and it will allow network managers total control over how information is routed and how to charge for it.
---
And now here's a Media Minutes Fast Fact: Phone companies are pouring tons of funds into campaign coffers. According to opensecrets.org, the telephone utilities sector has contributed more than $3 million to congressional candidates in the 2006 election cycle: AT&T alone is responsible for more than a third of that cash. Two-thirds of all donations go to Republicans. And they provide other perks to lawmakers - for example, BellSouth lets members of Congress use its corporate jet at bargain-basement prices.
---
Related Links:
Center for Digital Democracy: From Open Network to a New, Business-friendly "Infranet"? - http://www.democraticmedia.org/news/marketwatch/Infranet.html
Center for Digital Democracy: Save the Net - http://www.democraticmedia.org/issues/netneutrality.html
Free Press: Net Freedom Now - http://www.freepress.net/netfreedom/
Free Press: Stop the AT&T Merger - http://action.freepress.net/campaign/stopatt
Internet Non-Discrimination Act of 2006 - http://thomas.loc.gov/cgi-bin/bdquery/z?d109:s.02360:
Opensecrets.org: Telephone Utilities Industry Summary - http://opensecrets.org/industries/indus.asp?Ind=B08
The New Media Monopoly - http://www.freepress.net/news/14263
ToC
Written and produced by John Anderson (mediaminutes@freepress.net)
Media Minutes: February 17, 2006
Audio: http://freepress.net/mediaminutes/archive/mm021706.mp3
Text: http://freepress.net/mediaminutes/transcripts/mm021706.pdf
Local input and control over those who provide wireline video services is under threat. Under current law, cable television service providers must negotiate franchise agreements with each community they wish to serve. Now, telephone companies are in the midst of building out fiber-optic networks over which they, too, plan to carry television channels, but they see the local franchise agreement approval process as too cumbersome. Proposed legislation would create state or national-level franchise agreements for video service providers, but the risk of such a regulatory change is a loss of local control over the type and quality of service communities receive.
At a recent Senate Commerce Committee hearing on video franchising, lawmakers took testimony from representatives of the cable and telephone industries as well as those intimately involved with local cable regulation. Lori Panzino-Tillery, president of the National Association of Telecommunications Officers and Advisors, says any change to the video franchising rules must guarantee non-discrimination of service between large and small communities.
Lori Panzino-Tillery: "The radical changes some are seeking would lead to communications redlining. Rural America will be last to gain competitive service."
Another potential threat from changes in video franchising regulation is a loss of revenue that video service providers pay to support public, educational, and governmental access cable channels. Support for such "PEG" channels are typically part of a community's franchise agreement, and represent an important element of independent media nationwide, according to Anthony Riddle, executive director of the Alliance for Community Media.
Anthony Riddle: "To secure diversity of voices required in a democratic society we must support a free-standing, independent space for public dialogue. Local PEG programmers produce more than 20,000 hours of new programs per week - more new programs than all of the broadcast networks combined...a vital, local communications resource that reinforces the unique character of thousands of cities, towns and hamlets across America."
It is not clear whether a standardized video franchise system at either the state or federal level would protect funding for public access television, much less give local communities any say in how video service should meet local needs. In addition to the debate on Capitol Hill, the FCC is in the midst of a rulemaking on the issue. Texas has already implemented a statewide video franchise template and three other states are currently debating a similar move.
ToC
By Ken Belson
URL: http://news.com.com/Senate+bill+to+address+fears+of+blocked+Net+access/2100-1034_3-6045027.html
http://select.nytimes.com/gst/abstract.html?res=F10E13FA3C550C718CDDAA0894DE404482
http://mediachannel.org/blog/node/3515
Story last modified Thu Mar 02 06:16:09 PST 2006
Sen. Ron Wyden, Democrat of Oregon, will introduce new legislation Thursday that would prohibit Internet network operators from charging companies for faster delivery of their content to consumers or favoring some content providers over others.
The bill is meant to ease growing fears that open Internet access may be blocked or compromised by the Bell phone carriers and cable operators, which may create tiers of service for delivering content to consumers, much the way the post office charges more for overnight mail delivery than for regular delivery.
<http://news.com.com//Playing+favorites+on+the+Net/2100-1028_3-6003281.html?tag=nl>
Consumer groups and Internet companies like Google and Amazon contend that any move by the network operators to levy fees for premium delivery service would harm Web sites that are unwilling to pay for faster delivery.
<http://news.com.com//Dont+blow+it%2C+Congress/2010-1023_3-6035094.html?tag=nl>
<http://news.com.com//Without+Net+neutrality%2C+will+consumers+pay+twice/2100-1034_3-6035906.html?tag=nl>
The Wyden legislation, called the Internet Non-Discrimination Act of 2006, aims to prohibit network operators from assessing charges that give some content providers better access than others or blocking its subscribers from accessing content.
"You best compete by letting every company play on a level field, but these proposals would tilt the field," Senator Wyden said of the plans discussed by some network operators. "The Net has been about access and equal treatment and giving everyone a fair shake, and people who own these fat pipes, these cable and telecommunications people who say that they can't keep doing this, want to undermine that."
He added that his bill would prevent network operators from giving preferential treatment to affiliated companies. Time Warner Cable, he said, should not be able to give other Time Warner companies better access to the network than their rivals.
The bill more squarely confronts the concerns of consumer groups than a broader bill proposed last summer by Sen. John Ensign, Republican of Nevada, which would prevent Internet service providers from blocking access, but would largely leave network operators to manage their own networks, including potentially charging content providers for a premium service.
<http://news.com.com//Bill+launched+to+overhaul+broadband+rules/2100-1036_3-5807278.html?tag=nl>
That bill has won support from 16 Republican senators.
The Federal Communications Commission has largely stood on the sidelines as this debate as evolved. Though the commission has said it supports the principle of open, undifferentiated access to the networks, it has not taken any regulatory action.
"One reason I'm hesitant to have the commission jump in is because we don't want to impede companies' ability to invest," said Kevin Martin, the commission chairman.
Phone and cable companies largely agree that they should have the right to offer Internet companies the option of paying for faster delivery of their content. They argue that since traffic over their networks is rising, companies may want to pay to ensure that their Web sites can be accessed quickly by consumers.
Executives at Verizon, for instance, want to give companies a chance to buy a dedicated link to Verizon's customers so that their data would be set apart from general traffic on the network.
But consumer groups say that creating a "fast lane" for those who can pay would ultimately result in a series of "walled" networks run by the phone and cable companies, which is very different from the open Internet model that exists now.
"We're concerned that even if you have a robust basic Internet and higher-speed lane, they will only make it available to their favorite partners, and that's discrimination," said Gigi Sohn, the president of Public Knowledge, an advocacy group that focuses on telecommunications and intellectual property issues.
ToC
Written and produced by John Anderson <mediaminutes@freepress.net>
Media Minutes: March 3, 2006
Audio: http://freepress.net/mediaminutes/archive/mm030306.mp3
Text: http://freepress.net/mediaminutes/transcripts/mm030306.pdf
A broad coalition of groups from across the political spectrum, representing more than 15 million Americans, is mobilizing to stop a proposed corporate e-mail tax courtesy of America Online. AOL, in conjunction with a service called Goodmail, plans to begin charging people who send bulk messages a premium to guarantee their delivery. Yahoo is considering a similar implementation. The companies claim charging to send e-mail is a good way to fight spam. But Craig Newmark, the founder of Craigslist, which got its start via e-mail, says the AOL plan does nothing in this regard.
Craig Newmark: "It will just enable spammers who won't be able to be detected well, and will draw resources from regular, everyday abuse handling."
Not-for-profit and charitable organizations, which rely heavily on e-mail to keep their members informed, stand to take a huge hit financially if they must pay for what until now has been a very cost-effective channel of information dissemination. That's why Giles Frydman with the Association of Cancer Online Resources says groups like the Human Rights Campaign, United Farm Workers, and the Humane Society all oppose AOL's e-mail tax.
Giles Frydman: "Our members are AOL members, too. The average organization that has a mailing list has about 20% to 25% of its membership on AOL e-mail addresses."
Although AOL has hinted that the service is targeted at commercial mass e-mailers, Eli Pariser with MoveOn.org says he's seen nothing to suggest it won't catch everyone who mass-mails.
Eli Pariser: "That's the implicit assumption behind all of this that either you pay-to-play, or you take your chances with their spam filters."
A big-picture view of the proposal is even more disturbing. Danny O'Brien with the Electronic Frontier Foundation says charging for sending e-mail is just a step closer toward doing away with principles of network neutrality, which guarantees the free flow of information online.
Danny O'Brien: "It introduces the machinery to tax individual e-mails. Ostensibly, for very good reasons, but you really don't know where this kind of thing leads. As soon as you put a spike onto the Internet where you can draw out money, any number of middlemen realize that they can take a cut, too."
For now, the coalition is pointing its members and the public to a new web site dearaol.com - where it's posted an open letter to America Online asking it to reconsider its pay-mail plan. But many coalition members, like Larry Pratt of the Gun Owners of America, say they won't hesitate to ramp up the pressure on AOL through other means - like boycotts - if necessary.
Larry Pratt: "I would say that if AOL actually, if you'll pardon the expression, pulls the trigger on this plan, then that would be our response."
For its part, AOL says it's undeterred by the criticism and still plans to roll out its pay-mail scheme sometime this month.
ToC
TidBITS#819/06-Mar-06
Writing a few weeks ago, Patrick Dennis reviewed the Blackberry 7100i handheld (see "Putting Blackberries in Your PocketMac" in TidBITS-815_) and noted that the device's slick email service was in danger of being shuttered due to a patent dispute between parent company Research In Motion (RIM) and NTP, Inc. Last week, the two companies announced a settlement: RIM will pay NTP $612.5 million, which puts to rest any further litigation and keeps the service active. Millions of "crackberry" addicts can be satisfied knowing that they can continue to check their email obsessively. [JLC]
<http://db.tidbits.com/getbits.acgi?tbart=08413>
<http://www.blackberry.com/news/press/2006/pr-03_03_2006-01.shtml>
By : Richard Owen
Published on : Wed, 22 Feb 2006 21:50
URL: http://www.abcmoney.co.uk/news/2220062008.htm
LONDON: The City of London Corporation is all set to have Wi-Fi network in place covering the entire city (The square mile). The project is being undertaken by the corporation in partnership with a private Wi-Fi firm, The Cloud. It is expected to be implemented in full in the next few months.
The Cloud, which will install the hardware and equipment, will make use of street furniture like the lamp posts and street signs for the purpose.
The network will make the city Wi-Fi-enabled and workers as well as visitors within the square mile will be able to make use of wireless devices to access the internet on streets and in open spaces. The project will support high speed internet access, email, music and video downloads and voice over Wi-Fi services.
The network also incorporates secure access and private data networks for emergency services.
Michael Snyder, chairman of the corporation's policy planning committee, said the corporation is responding to the increasing time pressures faced by City workers by providing the technology to stay uptodate. "We feel it is important to provide this technology to maintain our position as the world's leading international financial centre," he said.
The system will facilitate connectivity to as many as 350,000 workers while on the move through their laptop or palmtop computers. Users can opt for business subscriptions or pay-as-you-go accounts.
Wi-Fi hotspots function by broadcasting internet signals across radio frequencies. The hotspots enable anyone with a wireless-enabled device to surf the web. The Cloud will install some 150 beacons at strategic places to ensure coverage as there are several high-rises and narrow streets in the city.
The Cloud's chief executive George Polk said corporate users are increasingly turning to Wi-Fi for a range of services, including converged voice services. "We have strong demand from existing customers for coverage in high density and high profile locations like the City of London, and we expect this trend to continue."
The Cloud has opted for an open network concept, which means that any service provider can use the network for a price to provide services to its customers. The firm already runs several Wi-Fi hotspots in London, such as at Canary Wharf, the British Library and Coffee Republic, a chain of cafés. Operators, including BT Group and Nintendo, rent time on The Cloud's network.
ToC
Written and produced by John Anderson <mediaminutes@freepress.net>
Media Minutes: February 24, 2006
Audio: http://freepress.net/mediaminutes/archive/mm022406.mp3
Text: http://freepress.net/mediaminutes/transcripts/mm022406.pdf
Two new bills introduced in the Senate have enormous potential to dramatically expand the availability of wireless broadband access throughout the United States. The legislation would direct the FCC to recycle open channels on the analog TV spectrum for unlicensed wireless broadband use. J.H. Snider, research director of the Wireless Future Program at the New America Foundation, says analog TV spectrum is especially useful for this purpose.
J.H. Snider: "The most valuable spectrum for broadband is low-frequency spectrum because it can penetrate walls, trees and other obstacles."
The FCC's rules don't allow television stations to occupy every available channel in every available market. These unused channels, which are commonly called "white spaces" in regulatory lingo, represent a lot of valuable spectrum that is essentially going to waste.
J.H. Snider: "Our studies indicate that between 10 and 40 channels in a given TV market are lying fallow - they're guard-band space, basically, that's no longer needed."
Unlicensed use of this spectrum would lower the financial barriers to entry for wireless Internet service providers, and could be extremely helpful in providing rural areas with connectivity - areas where broadband cable or DSL service is unavailable. In short, recycling analog TV spectrum for wireless broadband represents the most realistic possibility to achieve universal and affordable broadband access nationwide.
Television broadcasters are in the midst of transitioning from analog to digital, which uses an entirely different area of the electromagnetic spectrum than analog broadcasts do. However, Snider says the powerful broadcast lobby is pressuring the FCC to let TV stations keep the analog spectrum and use it to increase their digital coverage areas.
J.H. Snider: "Currently broadcasters have basically a single tower that serves maybe a thousand square miles. And now they would have the right to put towers on, you know, every lightpost."
The FCC's own rulemaking proceeding on using analog TV spectrum for wireless broadband has been dormant for more than a year now, which may explain the Senatorial nudge. If either bill becomes law it would force the FCC to open up the spectrum for wireless broadband within six months.
ToC
How many list members does it take to change a lightbulb?
One to change the light bulb and to post that the light bulb has been changed.
Fourteen to share similar experiences of changing light bulbs and how the light bulb could have been changed differently.
Seven to caution about the dangers of changing light bulbs.
Seven more to point out spelling/grammar errors in posts about changing light bulbs.
Five to flame the spell checkers.
Three to correct spelling/grammar flames.
Six to argue over whether it's "lightbulb" or "light bulb." Another six to condemn those six as stupid.
Fifteen to claim experience in the lighting industry and give the correct spelling.
Nineteen to post that this group is not about light bulbs and to please take this discussion to a lightbulb (or light bulb) forum.
Eleven to defend the posting to the group saying that we all use light bulbs and therefore the posts are relevant to this group.
Thirty six to debate which method of changing light bulbs is superior, where to buy the best light bulbs, what brand of light bulbs work best for this technique and what brands are faulty.
Seven to post URLs where one can see examples of different light bulbs.
Four to post that the URLs were posted incorrectly and then post the corrected URL.
Three to post about links they found from the URLs that are relevant to this group which makes light bulbs relevant to this group.
Thirteen to link all posts to date, quote them in their entirety including all headers and signatures, and add "Me too."
Five to post to the group that they will no longer post because they cannot handle the light bulb controversy.
Four to say "didn't we go through this already a short time ago?"
Thirteen to say "do a Google search on light bulbs before posting questions about light bulbs."
Three to tell a funny story about their cat and a light bulb.
AND
One group lurker to respond to the original post 6 months from now with something unrelated they found at snopes.com (http://snopes.com/) and start it all over again!
AND 12,678 (if only!) to take one glance at the subject line and delete the post immediately without reading it!
[Editor's Note: My thanks to Tony Cooke for brining this one to my attention. You're a laugh, Tony!]
ToC
LOS ANGELES, Feb. 15, 2006
URL: http://www.cbsnews.com/stories/2006/02/15/eveningnews/main1321785.shtml?CMP=ILC-SearchStories
(CBS) The big Internet companies say they have to play by China's rules if they want to do business in China - and that means going along with government censorship. But as CBS News correspondent Sandra Hughes reports, that contention isn't going down well with some U.S. lawmakers.
"Can you say in English are you ashamed of what you and your company and the other companies have done?" Rep. Tom Lantos, D-Calif., asked Google spokesman Elliott Schrage at a hearing Wednesday.
Replied Schrage, "I don't think it's fair to say that we're ashamed of what we've done."
Rep. Christopher Smith, D-N.J., went even further, likening the companies' cooperation with China to helping Nazi Germany.
"If the secret police a half-century ago asked where Anne Frank was hiding, would the correct answer be to hand over the information in order to comply with local laws?" he asked.
Yahoo officials admit to handing over information that helped send Chinese dissidents to prison. But Yahoo senior vice president Michael Callahan says U.S. companies that want to do business in China "ultimately face a choice - comply with Chinese laws or leave."
The incentives to play ball with the Chinese government are enormous: More than 110 million Chinese use the Internet, and that number will only continue to grow.
But more freedom for Chinese Web surfers may be on the way.
Roger Dingeldine, a 28-year-old computer programmer, is doing what the big companies are not. He has created an anonymous Web browser called Tor that lets Chinese computer users access Web sites without anyone knowing - not even the Chinese secret police.
"It's all about freedom of speech and its all about freedom of learning," says Dingeldine. "There are tens of thousands of people in China right now who are using Tor. It's one of the tools that are available for them to get around the firewall."
Dingeldine's browser isn't the only way around the Great Firewall of China. There's everything from online free-speech sites to everyday folks in other countries adopting a blog so people a world away in China can use their uncensored servers.
And China may be feeling the pressure. In a rare move, the government tried to publicly defend its Internet controls - something U.S. Internet companies have had a hard time doing.
"In an imperfect world, we had to make an imperfect choice," Schrage says.
It's a choice no one seems willing to go back on.
Tor web site - http://tor.eff.org/overview.html
ToC
by Dmitri Popov
NewsForge - The Online Newspaper for Linux and Open Source
March 31, 2005 3:00 PM GMT
URL: http://business.newsforge.com/article.pl?sid=05/03/23/1552221
You may never think about it, but many of your online activities may be monitored and analyzed. Advertising companies, government agencies, and private users can use traffic analysis to gather information about which Web sites and pages you visit, what newsgroups you read, and whom you talk to on IRC. While there is no need to be paranoid (or is there???), you can keep your online communication private. The Tor project can help you with that.
Traffic analysis is based on the fact that every packet of data sent from your computer includes a header containing information about source, destination, size, timing, and other items. If you take a look at a packet header you can at the very least see who sent the the data packet. That's what traffic analysis in its simplest form is about: intercepting data packets and looking at their headers.
Tor tries to keep your packets private by distributing your transactions over several places on the Internet, so there is no direct connection to your destination. As Tor's Web site puts it <http://tor.eff.org/overview.html >: "The idea is similar to using a twisty, hard-to-follow route in order to throw off somebody who is tailing you -- and then periodically erasing your footprints."
The Tor network consists of servers known as onion routers. Instead of sending data directly to a destination server, your computer uses these onion routers. To do this, the computer obtains a list of onion routers from a directory server and then selects a random path to the destination server. The clever part is that each onion router along the way knows only which server data is received by and which server data is being sent to -- as each layer in an onion touches only the ones on either side of it. In other words, none of the onion routers know where the data packet originated from.
To be able to use the Tor network you have to install a Tor client on your machine. The Tor software is available for Windows, Linux, and Mac OS X platforms and is pretty easy to install.
To protect your Web browser from leaking information via DNS requests <http:// wiki.noreply.org/wiki/TheOnionRouter/TorFAQ#head- 22fc593265f361d294908a7708c02b79e9c03c45>, Tor client software relies on Privoxy <http://www.privoxy.org>, "a Web proxy with advanced filtering capabilities for protecting privacy, modifying Web page content, managing cookies, controlling access, and removing ads, banners, pop-ups, and other obnoxious Internet junk." This means that before you can use your Web browser with Tor software, you should install and configure Privoxy. Luckily, this is also an easy thing to do. Then add the following line to Privoxy's configuration file (on Windows right-click on the Privoxy icon in the System Tray and choose Edit > Main Configuration):
forward-socks4a / localhost:9050 .
Finally you have to "torify" your Web browser and other applications. This basically means that you have to specify proxy settings in the application. To configure, for example, a Firefox browser, choose Tools > Options, select the General section, and click the Connection settings button. Select the manual proxy configuration option, in the HTTP Proxy field enter localhost and in the Port field type 8118. Click OK, and you are done. If you need to configure other applications, check Tor's wiki <http:// wiki.noreply.org/wiki/TheOnionRouter/TorifyHOWTO>, which provides detailed instructions on how to "torify" different software.
To begin preserving your online privacy, make sure that Tor and Privoxy are started, launch your Web browser, and point it to Junkbusters <http://www.junkbusters .com/cgi-bin/privacy> Web site. If Tor is working properly, the Web page will display an IP address that is different from your own.
Tor was initially designed and developed as part of the U.S. Naval Research Laboratory's Onion Routing program with support from DARPA. Today it is supported by Electronic Frontier Foundation, among others.
As any other open source project Tor needs help. If you are not a developer you can help by setting up an onion server, provided you have spare hardware and bandwidth. The installed Tor client can easily be turned into an onion router by simply editing its configuration file. However, doing so requires you have a working knowledge of server configuration, and it's a good idea to check Tor's documentation <http://tor.eff .org/cvs/tor/doc/tor-doc.html#server> beforehand. If you are concerned about legal issues, check the Legal FAQ for Tor Server Operators <http://tor.eff.org/eff/ tor-legal-faq.html> as well.
/Dmitri Popov is a freelance contributor, whose articles have appeared in Russian, British, and Danish computer magazines./
Links:
ToC
- "Tor's Web site puts it" - http://tor.eff.org/overview.html
- "leaking information via DNS requests" - http://wiki.noreply.org/wiki/TheOnionRouter/TorFAQ#head-22fc593265f361d294908a7708c02b79e9c03c45
- "Privoxy" - http://www.privoxy.org/
- "Tor's wiki" - http://wiki.noreply.org/wiki/TheOnionRouter/TorifyHOWTO
- "Junkbusters" - http://www.junkbusters.com/cgi-bin/privacy
- "Tor's documentation" - http://tor.eff.org/cvs/tor/doc/tor-doc.html#server
- "Legal FAQ for Tor Server Operators" - http://tor.eff.org/eff/tor-legal-faq.html
It would replace $90M worth of e-voting machines with systems offering a paper trail
News Story by Marc L. Songini <marc_songini@computerworld.com>
URL: http://www.computerworld.com/governmenttopics/government/legislation/story/0,10801,109436,00.html
MARCH 10, 2006 (COMPUTERWORLD) - The state of Maryland stands poised to put its entire $90 million investment in Diebold Election Systems Inc. touch-screen e-voting systems on ice because they can't produce paper receipts.
The state House of Delegates this week voted 137-0 to approve a bill prohibiting election officials from using AccuVote-TSx touch-screen systems in 2006 primary and general elections.
The legislation calls for the state to lease paper-based optical scan systems for this year's votes. State Delegate Anne Healey estimated the leasing cost at $12.5 to $16 million for the two elections.
Healey is the vice chairwoman of the Maryland House Ways and Means Committee, which recommended the passage of the bill.
The bill was sent on to the State Senate for a vote after the House action, she said.
Healey said the effort was inspired in part by concerns raised by officials in California and Florida that the Diebold systems have inherent security problems caused by technological and procedural flaws.
"We've been hearing from the public for the last several years that it doesn't have confidence in a system without a paper trail," Healey said. "We need to provide that level of confidence going forward."
If the bill becomes law, the state's Diebold systems will be placed in "abeyance" and the vendor will be required to equip them to provide the requisite paper trail, she said.
Healey said the law would require the vendor to provide a paper trail before the 2008 elections or risk losing its contract to supply machines in the state.
The bill also requires that any leased optical-scan system be equipped to accommodate the needs of handicapped voters, to ensure compliance with the federal Help America Vote Act statutes.
Healey said she expects the Senate to vote on the bill sometime in the next few weeks, before the legislative session ends.
A Diebold spokesman said the company will "certainly work with the state of Maryland, as we always have, to support their elections as they see fit."
The spokesman noted that Maryland has been using Diebold machines for several years without problems. The state first contracted with the company to provide the systems in January 2002.
Maryland is following in the footsteps of several other states in expressing concern over the lack of a paper trail in the Diebold machines.
Earlier this month, Florida adopted a new set of security procedures for users of e-voting systems from all suppliers of e-voting machines.
The implementation of these new procedures in Florida was largely a response to reports issued last month by California Secretary of State Bruce McPherson that tests of the Diebold systems found them vulnerable to external access via hacking or bugs.
Nonetheless, McPherson has granted conditional certification for the Diebold machines in California's elections - with the proviso that supervisors adhere to new security guidelines when using the gear.
The guidelines require that administrators reset the cryptographic keys on every AccuVote-TSx machine from the factory-installed default before every election. Additionally, each memory card must be programmed securely under the supervision of the registrar of voters.
Over an unspecified long term, Diebold must fix the security vulnerabilities to retain the California certification.
In a statement, Diebold said it "wholeheartedly agrees" with the proposed security procedures and said it plans to improve the security of the optical-scan firmware in its machines and create digital signatures to detect tampering.
ToC
Feb. 24, 2006
URL: http://www.cbsnews.com/stories/2006/02/24/eveningnews/main1346076.shtml?CMP=ILC-SearchStories
(CBS) A federal judge put off ruling Friday in a patent-infringement lawsuit that could have shut down service to BlackBerry wireless e-mail devices nationwide. The suit was filed by a specialized firm that owns patented ideas and charges others to use them. Those who don't pay up get sued, reports Mika Brzezinski, and it can be a very lucrative business.
It starts with a piece of paper. Explains Alexander Poltorak, CEO of the General Patent Corporation, "If you have invented a new gadget or if you have invented a new process or method, go ahead and file a patent application."
Poltorak calls his clients technology inventors. Critics call them something else: Patent trolls.
It's a term that has been popping up in business and technology headlines. But these trolls don't invent and develop new machines. Instead they patent technology ideas, and wait for the moment to pounce when big companies like Microsoft and Yahoo start using the ideas -- or anything close.
What do they want? Money. A lot of it.
Yahoo's vice president of intellectual property, Joe Siino, says his company has battled patent trolls. "They have cost the industry in the hundreds of millions of dollars," he estimates.
Columbia Law Professor Tim Wu says trolls are taking advantage of a system created long before computers. Is this what the Founding Fathers had in mind?
"I think a lot of us think probably not," Wu says. "What they had in mind were discrete categories of real mechanical physical tangible inventions." Today, he says, you can patent virtually anything.
Take the plug-in, which allows people clicking on a Web site to launch programs such as video players. A court awarded a small company with the patent over $500 million in damages against Microsoft.
Is that really an invention? Wu says, "Well it's hard for the patent office to know. I think it's obvious."
Poltorak reasons: "you see every idea in hindsight looks trivial, 'Why didn't I think of that?' However for every idea there has to be someone who thought of it first."
But in the world of computers, Poltorak is reminded, you can think of anything. Then you can make millions off of keeping a big company from actually using it until they pay up.
"That's what the American spirit is all about," he replies.
Professor Wu says, "patent trolls aren't evil or bad in themselves. They are just taking advantage of a system that is broken."
The number of patent applications has doubled in the past decade, and so have patent lawsuits. Members of Congress are working to change the law, and the patent issue is now pending in front of the Supreme Court.
ToC
by Mike Evangelist
Posted on Feb 23, 2006 at 10:16 am in Editorials
URL: http://writersblocklive.com/part-156
This is important. I really want you to understand what's going on with the video industry's push towards HD. Under pressure from Hollywood, they are engineering a complete removal of the concept of fair use. They are setting up systems that will completely control how, when and where you can use content that you buy. Even worse, they can retroactively change the rules!
Today the AACS (aggressive automatic consumer screwing*) organization announced availability of the interim version of their system for protecting content providers from their criminal customers. Their noble intentions are pretty well summed up in this choice excerpt:
The AACS specification accelerates the ability of consumers to enjoy exciting, new, flexible entertainment experiences and storage options, while continuing to provide the traditional, straightforward playback mode, for the next generation of prerecorded and recordable optical media such as Blu-Ray and HD DVD. Additionally, AACS is designed to create unprecedented flexibility, portability and security for entertainment content to be enjoyed on networked home, portable PC or CE devices.
I especially love their mention of a 'traditional, straightforward playback mode'. I bet it pained them to have to include any way to play the content at all. Rest assured they have top minds working on making sure nothing will be straightforward in the future.
Further, if you download the AACS agreement itself, you find the frightening concept of the 'analog sunset' (it's on page 82). This is where device manufactures agree to not make analog devices after certain preset dates.
<http://www.aacsla.com/support/AACS_Interim_Adopter_Agreement_060215.pdf>
Both HD-DVD and Blu-ray have embraced this draconian system, and the studios are salivating at the prospect of you never actually being able to own content again.
My reaction to this abomination is simple: no way in hell. I will not buy any product that uses this crap, and I hope you'll join me in that boycott. Let these morons see the early adopters staying away in droves.
Please pass this on; post it on your blogs, 'digg' it; slashdot it; whatever it takes to stop this insidious plan.
Here is the AACS announcement - <http://www.aacsla.com/press/>
P.S.
I got some complaints about not giving the 'official' full name of AACS. Well, OK, if it's that important to you: Advanced Access Content System. There; feel better?
P.P.S.
At the advice of a reader I looked up an article from 2004 about DRM, written by Cory Doctorow of the Electronic Frontier Foundation. Absolutely brilliant description of the problems of DRM. You'll find it here.
<http://www.craphound.com/msftdrm.txt>
<http://www.eff.org/deeplinks/archives/001632.php>
URL: http://www.cnn.com/2006/US/02/10/netflix.renters.ap/index.html
Policy designed to reduce number of films rented for monthly fee
SAN FRANCISCO, California (AP) -- Manuel Villanueva realizes he has been getting a pretty good deal since he signed up for Netflix Inc.'s online DVD rental service 2-1/2 years ago, but he still feels shortchanged.
That's because the $17.99 monthly fee that he pays to rent up to three DVDs at a time would amount to an even bigger bargain if the company didn't penalize him for returning his movies so quickly.
Netflix typically sends about 13 movies a month to Villanueva's home in Warren, Michigan -- down from the 18 to 22 DVDs he once received before the company's automated system identified him as a heavy renter and began delaying his shipments to protect its profits.
The same Netflix formula also shoves Villanueva to the back of the line for the most-wanted DVDs, so the service can send those popular flicks to new subscribers and infrequent renters.
The little-known practice, called "throttling" by critics, means Netflix customers who pay the same price for the same service are often treated differently, depending on their rental patterns.
"I wouldn't have a problem with it if they didn't advertise 'unlimited rentals,' " Villanueva said. "The fact is that they go out of their way to make sure you don't go over whatever secret limit they have set up for your account."
Los Gatos, California-based Netflix didn't publicly acknowledge it differentiates among customers until revising its "terms of use" in January 2005 -- four months after a San Francisco subscriber filed a class-action lawsuit alleging that the company had deceptively promised one-day delivery of most DVDs.
"In determining priority for shipping and inventory allocation, we give priority to those members who receive the fewest DVDs through our service," Netflix's revised policy now reads. The statement specifically warns that heavy renters are more likely to encounter shipping delays and less likely to immediately be sent their top choices.
Few customers have complained about this "fairness algorithm," according to Netflix CEO Reed Hastings.
"We have unbelievably high customer satisfaction ratings," Hastings said during a recent interview. "Most of our customers feel like Netflix is an incredible value."
The service's rapid growth supports him. Netflix added nearly 1.6 million customers last year, giving it 4.2 million subscribers through December. During the final three months of 2005, just 4 percent of its customers canceled the service, the lowest rate in the company's six-year history.
After collecting consumer opinions about the Web's 40 largest retailers last year, Ann Arbor, Michigan, research firm ForeSeeResults rated Netflix as "the cream of the crop in customer satisfaction."
Once considered a passing fancy, Netflix has changed the way many households rent movies and has spawned several copycats, including a mail service from Blockbuster Inc.
Netflix's most popular rental plan lets subscribers check out up to three DVDs at a time for $17.99 a month. After watching a movie, customers return the DVD in a postage-paid envelope. Netflix then sends out the next available DVD on the customer's online wish list.
Because everyone pays a flat fee, Netflix makes more money from customers who watch only four or five DVDs a month. Customers who quickly return their movies to get more erode the company's profit margin, because each DVD sent out and returned costs 78 cents in postage alone.
Although Netflix consistently promoted its service as the DVD equivalent of an all-you-can eat smorgasbord, some heavy renters began to suspect they were being treated differently two or three years ago.
To prove the point, one customer even set up a Web site -- <www.dvd-rent-test. dreamhost.com> -- to show that the service listed different wait times for DVDs requested by subscribers living in the same household.
Netflix's throttling techniques also have prompted incensed customers to share their outrage in online forums such as <www.hackingnetflix.com>.
"Netflix isn't well within its rights to throttle users," complained a customer identified as "annoyed" in a posting on the site. "They say unlimited rentals. They are liars."
Hastings said the company has no specified limit on rentals, but "`unlimited' doesn't mean you should expect to get 10,000 a month."
Netflix says most subscribers check out two to 11 DVDs a month.
Management has acknowledged to analysts that it risks losing money on a relatively small percentage of frequent renters. And that risk has increased since Netflix reduced the price of its most popular subscription plan by $4 a month in 2004 and the U.S. Postal Service recently raised first-class mailing costs by 2 cents.
Netflix's approach has paid off, so far. The company has been profitable in each of the past three years, a trend its management expects to continue in 2006 with projected earnings of at least $29 million on revenue of $960 million. Netflix's stock price has more than tripled since its 2002 initial public offering.
A September 2004 lawsuit cast a spotlight on the throttling issue. The complaint, filed by Frank Chavez on behalf of all Netflix subscribers before Jan. 15, 2005, said the company had developed a sophisticated formula to slow DVD deliveries to frequent renters and ensure quicker shipments of the most popular movies to its infrequent -- and most profitable -- renters to keep them happy.
Netflix denied the allegations, but eventually revised its terms of use to acknowledge its different treatment of frequent renters.
Without acknowledging wrongdoing, the company agreed to provide a one-month rental upgrade and pay Chavez's attorneys $2.5 million. But the settlement sparked protests that prompted the two sides to reconsider. A hearing on a revised settlement proposal is scheduled for Feb. 22 in San Francisco Superior Court.
Netflix subscribers such as Nathaniel Irons didn't believe the company was purposely delaying some DVD shipments until he read the revised terms of use.
Irons, 28, of Seattle, has no plans to cancel his service because he figures he is still getting a good value from the eight movies he typically receives each month.
"My own personal experience has not been bad," he said, "but (the throttling) is certainly annoying when it happens."
ToC
Posted by Fred von Lohmann at 08:40 AM
February 15, 2006
URL: http://www.eff.org/deeplinks/archives/004409.php
It is no secret that the entertainment oligopolists are not happy about space-shifting and format-shifting. But surely ripping your own CDs to your own iPod passes muster, right? In fact, didn't they admit as much in front of the Supreme Court during the MGM v. Grokster argument last year?
Apparently not.
As part of the on-going DMCA rule-making proceedings, the RIAA and other copyright industry associations submitted a filing that included this gem as part of their argument that space-shifting and format-shifting do not count as noninfringing uses, even when you are talking about making copies of your own CDs:
"Nor does the fact that permission to make a copy in particular circumstances is often or even routinely granted, necessarily establish that the copying is a fair use when the copyright owner withholds that authorization. In this regard, the statement attributed to counsel for copyright owners in the MGM v. Grokster case is simply a statement about authorization, not about fair use."
For those who may not remember, here's what Don Verrilli said to the Supreme Court last year:
"The record companies, my clients, have said, for some time now, and it's been on their website for some time now, that it's perfectly lawful to take a CD that you've purchased, upload it onto your computer, put it onto your iPod."
If I understand what the RIAA is saying, "perfectly lawful" means "lawful until we change our mind." So your ability to continue to make copies of your own CDs on your own iPod is entirely a matter of their sufferance. What about all the indie label CDs? Do you have to ask each of them for permission before ripping your CDs? And what about all the major label artists who control their own copyrights? Do we all need to ask them, as well?
P.S. - The same filing also had this to say: "Similarly, creating a back-up copy of a music CD is not a non-infringing use...."
ToC
by Glenn Fleishman <glenn@tidbits.com>
TidBITS#819/06-Mar-06
Just when you've mastered the complexities of Wi-Fi standards like IEEE 802.11b and 802.11g, and after you've figured out that Bluetooth can work if you perform the steps just right, a new wireless player ambles into town. Make room for ultrawideband (UWB), which will probably be the death knell for cable USB connections in 2007.
Yes, yes, you've heard it before Bluetooth has been on the verge of killing USB for a few years now but that was always hype. Bluetooth typically runs at just 1 Mbps (the latest Bluetooth 2.0+EDR version, which ships on new Macs, is 3 Mbps). In comparison, the original USB 1.1 operates at 12 Mbps, while the current USB 2.0 flavor carries 480 Mbps. Bluetooth's reach may number in the tens of millions of devices, but it didn't kill USB.
So why should you pay attention to another wireless contender? UWB is a radically different approach to wireless data exchange that boasts the raw speed and flexibility necessary to become a peripheral replacement with less of the irritation that accompanies Bluetooth pairing.
UWB is a relatively recent wireless networking approach that turns Wi-Fi, cellular, and other wireless networks on their heads. Existing standards typically use very narrow slices of radio spectrum and pump as much signal power as possible through that band to get the greatest range and highest throughput. UWB uses a literal ultra-wide band - a swath of spectrum that's several gigahertz wide, hundreds of times wider than almost any existing wireless technology.
Since UWB devices use extremely low-power signals, their chatter is more or less undetectable by other equipment using the same range of spectrum. UWB pulses are very brief as well. Because of the low power and desire by the United States Federal Communications Commission (FCC) and other international regulators to avoid trampling on existing uses, current UWB standards can send usable signals only about 100 feet (30 meters). (The one technology that can faintly hear UWB? Wi-Fi operating in the unlicensed 5 GHz band; UWB has to "notch" or avoid transmitting across part of that range by FCC rules.)
Within 100 feet, the near-term versions of UWB that will hit the market can exchange data typically at the full rate of 480 Mbps - the same as USB 2.0. Beyond 100 feet or if obstacles are in the way, UWB rapidly drops in throughput. Signals can be detected at hundreds of feet, but reports indicate that only a few Mbps would be possible at that range, which is one reason why UWB won't replace Wi-Fi or Ethernet. Some newer flavors in testing can top 1 Gbps. There's more room in the technology in the future, too, as regulators may allow higher signal levels or even wider swaths of spectrum to be used, while companies become more clever about encoding data.
As in so many areas of computing, the standards process has reared its ugly head. An IEEE committee - named 802.15.3a for reasons you likely don't want to know - deadlocked about two years ago about what form of UWB to use as a short-range network standard. The only thing the group proved capable of agreeing upon was to disband last month.
Two opposing alliances that formed within that standards group remain: One comprises a few companies, foremost among them Freescale. Freescale is the semiconductor spin-off of Motorola and incorporates the Motorola acquisition of UWB pioneer XtremeNetworks. Their form of UWB is now seen as classical, using the entire stretch of FCC-allotted spectrum.
<http://www.freescale.com/webapp/sps/site/overview.jsp?nodeId=01J4Fs86282463>
The other organization, the WiMedia Alliance, has Intel and a host of other chip and electronics firms as members. The group's approach encompasses both radio technology and higher-level applications, such as hard-disk mounting over UWB and TCP/IP networking over UWB. The WiMedia Alliance merged with the Multi- Band OFDM Alliance, which divides the FCC-allotted spectrum into a few pieces and then uses orthogonal frequency division multiplexing (OFDM), in each piece. OFDM, also used in Wi-Fi flavors 802.11a and 802.11g, divides up spectrum into smaller subchannels, each of which sends data quite slowly compared to the overall bandwidth to make it easier to reconcile signal reflection and cope with interference that may exist in only a small part of the band in question.
The two UWB versions are incompatible and both claim performance, spectrum utilization, and manufacturing-cost benefits.
UWB by itself is just radio technology that sends data among compatible devices. Networking devices succeed or fail by the layers on top of the raw physical part. Ethernet's success came in part from an ecumenicalism that allowed many different protocols like TCP/IP, AppleTalk, and NetBEUI to run seamlessly on the same medium.
On top of those protocols sit applications that make use of packet delivery and routing over a network medium. For instance, AppleShare Filing Protocol works over AppleTalk and TCP/IP using any network medium on which AppleTalk and TCP/IP operate (Wi-Fi, Ethernet, and so on). Safari uses HTTP, which runs over TCP/IP, which operates over Ethernet, DSL, and other physical media.
The WiMedia Alliance expects to release its own TCP/IP stack that works over its UWB flavor, and has partnered with the Bluetooth SIG, the USB Implementers Forum, and the 1394 Trade Association (the folks behind the specification underlying FireWire).
The Bluetooth SIG is trying to avoid being stuck with its single radio technology and will work with Freescale as well to make its applications available: object exchange (file transfer), dial-up modem (remote connection), fax, business card interchange, audio, and other features. Because programmers already know how to work with Bluetooth applications, it's a simple matter to make those same features work over UWB.
The USB Implementers Forum has a Wireless USB specification that the WiMedia members' adapter will work with. Likewise, the 1394 Trade Association has a set of digital video transfer protocols that will work as well over UWB as over a FireWire cable.
The ultimate goal of the WiMedia Alliance is that new computers will contain a single radio that will be able to handle Internet or local networking over TCP/IP, applications over Bluetooth, hardware over USB, and video over 1394 simultaneously. That's a serious number of cables that could disappear.
But reaching this goal requires drivers and hardware integration, a point that's seen as still many months away, and may require Microsoft, Apple, and Linux backers (via IBM, HP, and other companies and individuals) to integrate UWB support at the operating system level. The first phase, therefore, will be driverless.
Without drivers, UWB devices must emulate existing cable standards. The first wave to hit the market from several different companies will almost certainly be USB 2.0 via UWB. In this scenario, a dongle will plug into your computer's USB 2.0 port while another dongle or a hub will be at the other end of the connection. They'll package USB 2.0 traffic within the UWB connection, looking just like a USB cable to the computer.
This first wave will probably include sets of equipment that are locked to each other: only a dongle and its paired hub or dongle will be able to communicate. Later hardware will add generalized pairing between compatible devices. Freescale and WiMedia have talked about pairing devices by pressing buttons on the side of desired devices, using near-field communications (bringing the devices very close and pressing a button or using software), or software configuration.
Ultimately, the radio will just be built into most computers, like Wi-Fi is now, and the application and network protocol layers will require no extra work to support.
The first generally available device in the U.S. may be a USB 2.0 hub that Freescale has licensed for production to two companies familiar to Mac users: Gefen, which specializes in video interconnection and extension, and Belkin, makers of networking equipment, cables, and a host of audio and iPod accessories. (Freescale has a Chinese partner, Haier, which will incorporate its equipment initially only in domestic Chinese consumer electronics.)
This hub uses a USB dongle powered by a computer's USB bus and a separate four-port USB hub that requires AC power. This first flavor runs at just over 100 Mbps, or above a fifth of the speed of UWB's early potential. Belkin expects to ship their version in July 2006 for roughly $130, according to Ben Bamdad, a Belkin product manager. (The press release linked below mentions their original planned shipping of several months earlier than July.)
<http://www.belkin.com/pressroom/releases/uploads/01_03_06CableFreeUSB.html>
While USB 2.0 is useful for a variety of peripherals, such as printers, scanners, and hard drives, it's likely that battery- powered portable electronics such as cell phones and MP3 players will eventually receive the biggest benefit from UWB because of its extremely low power usage. Wi-Fi is great, but even the lowest-powered chips designed for handheld devices will burn much more power than UWB radios.
UWB will also certainly find its way into consumer electronics because of the speed and potential simplicity. Imagine purchasing an LCD television/monitor, a DVD player, a digital home device (a Mac mini or a Microsoft media center), a stereo receiver, self-powered speakers, and a set-top cable/satellite receiver, all of which use UWB - you'd eliminate dozens of feet of different (and often wildly confusing) wires right there.
If the WiMedia Alliance's vision comes true, which I expect to happen with Intel behind it, a single radio would enable communication among all categories of devices using all types of standards: a Sony camcorder would play via any brand of TV, but also push standard DV or HDTV video to a computer.
If someone could just get to work on practical wireless power, we could cut all cables. But that's still science fiction.
ToC
From: "David L. Noreen" <d-noreen@uiuc.edu>
Date: Sat, 4 Mar 2006 18:12:36 -0600
I'm sending along a URL to a Daily Illini article that discusses a new Illini Union recycling program for batteries and ink or laser printer cartridges, a topic that's come up from time to time in both the PC User Group and the Champaign-Urbana Computer Users Group. The article also interviews the manager at Back in Business Cartridges on Green Street, which refills ink and laser cartridges. (We talked about this in last month's PCUG meeting.)
P.S. I still recommend taking your old, no-longer refillable cartridges to Staples and trading each one in for a $3 coupon good on the purchase of anything in the store (as many coupons at a time as you like), or taking them (one per day) to Office Depot and getting a $5 discount off your ink purchase. However, the Illini Union program sounds like a good way to get rid of your old batteries.
The Illini Union and Students for Environmental Concerns are collaborating to provide a recycling program for batteries and ink or laser printer cartridges. Batteries and cartridges release toxic chemicals into the environment and are a growing pollution threat because few places offer recycling opportunities for them.
The program, which was initially discussed and planned last semester, began about two weeks ago. It was created to provide a space for the University community to recycle all types of batteries and ink cartridges.
[Read more of the article at the link given above.]
ToC
Paul Thurrott
URL: http://www.wininformant.com/
Dan Warne wrote me this morning to tell me that he attended a late Microsoft briefing at the Intel Developer Forum (IDF) this week in San Francisco, where the software giant quietly dropped a major bombshell: Windows Vista will not support the EFI (*) BIOS found on Intel-based Macintoshes as expected, and thus will not be able to boot on those machines. This is a problem for me, personally, as I recently spent $2000 on a new Intel-based iMac, which is looking increasingly like an expensive white paperweight on my desk. According to Dan, this Microsoft revelation came after the conference had officially closed and most people had gone home. You can read his write-up on the Australian Personal Computer magazine Web site. (http://tinyurl.com/jttp2)
Jensen Harris, a lead program manager for Microsoft Office, wrote me yesterday to alert me to the fact that Microsoft has revealed the final user interface for Office 2007 (previously codenamed Office 12). Suffice to say, it's going to be controversial. We all knew about the ribbons and tabs replacing the menus and toolbars of previous Office versions. What we didn't know was that Office 12 would be so ... big. And ... colorful. It's got a vaguely Netscape 8 look to it, which isn't a compliment in any quarter, though I have to say I kind of like it, especially for a very high resolution screen. But I can see where people would be a bit unenthusiastic about the new UI. To see what I mean, check out Microsoft's Office 2007 UI Overview. (http://tinyurl.com/9p77l)
In a briefing with Microsoft yesterday, I was told that the company was winding down its development of Windows Live OneCare (previously called OneCare Live), its subscription-based PC health and protection service. The final piece of the puzzle? The product now integrates with Windows Defender, Microsoft's anti-spyware solution. Testers will begin receiving the new bits automatically over the new few weeks, and Microsoft expects to be selling the initial retail version of Windows Live OneCare by mid-year.
I'm just curious. If Google can't keep its own data secret, why would anyone trust them to keep their data secret? This week, Google inadvertently posted an internal document on its public Web site, ironically (ahem) revealing that it seeks to "store 100% of [its] user data" on the Web, including " emails, Web history, pictures, bookmarks" and more. To do this, of course, Google will need "infinite storage." Google is working on a Web-based storage system called GDrive (what else would it be called?) that will let users store files online. Anyway, once the company figured out its mistake, it pulled the document and announced it had nothing to announce. I have an announcement. I don't know if we can trust these guys.
And if we can conclude this week's odd Google mania, everyone's favorite search engine du jour purchased a Web-based word processing business called Writely yesterday, setting the stage for what will no doubt be an uneventful war between Web-based applications and more traditional Windows-based applications like Microsoft Word. Writely lets users compose and edit text documents, share them with others, and, presumably, print them to local printers. The company was founded in 2004, and probably has about 16 active users, so it will be interesting to see where this goes. According to Microsoft, Word is the "clear leader" in the marke with over 400 million users. Long story short, they're not particularly worried about Writely just yet.
ToC
Paul Thurrott
URL: http://tinyurl.com/pfzrj
As predicted, Microsoft's mysterious Origami project is simply a hardware reference design for a new generation of small Tablet PC devices now called the Ultramobile PC. First revealed at the Windows Hardware Engineering Conference (WinHEC) in 2004, these devices will run on Windows XP Tablet PC Edition 2005 and feature 7-inch touchscreen displays. Though touch screen support will be built into the Tablet PC software included with Windows Vista, XP had to be augmented with additional software for this feature to work.
Ultramobile PCs are true tablets, without a keyboard or pointing device. Instead, the onscreen cursor is controlled via a stylus, as with any Tablet PC device. Three relatively unknown companies in the PC realm, Asustek, Samsung, and The Founder Group, will release Origami-based devices between April and June this year.
Uncomfortably sized between a PDA and a more typical mobile PC, these Ultramobile PCs will be marketed as specialized ultra-mobile computing products that perform a number of tasks including personal information management, music playing, and even gaming. Like true PCs, they will include hard drives and wireless capabilities.
A Samsung representative said that the Ultramobile PC would take off in the market where other Tablet PCs did not because they offer, for the first time, a feature set and price structure that is impossible to duplicate on full-sized mobile PCs. Origami PCs will cost $599 to $999, about mid-way between a typical PDA and a typical mobile PC.
Microsoft is bullish about the devices' prospects. "We believe that Ultramobile PCs will eventually become as indispensable and ubiquitous as the mobile phone today," said Microsoft vice president Bill Mitchell. "The Origami project is really our first step toward achieving a big vision." It may be useful, however, to compare Microsoft's comments about these devices to comments made about the original Tablet PC, which still hasn't taken the market by storm over three years later. Also, it's notable that no major PC makers, such as Dell, HP, or Lenovo, are among the companies pursuing Ultramobile PCs. Perhaps they've been disappointed one time too many.
Another hurdle is battery life. While users are accustomed to multi-day battery life on PDAs, first generation Ultramobile PCs will struggle to achieve even four hours of battery life. Microsoft says it hopes to achieve "all day" battery life within a few years.
ToC
Paul Thurrott
URL: http://tinyurl.com/r2fyr
At its annual developer confab this week, Intel executives outlined a plan to move its desktop and server microprocessors to the same processor platform that it recently unveiled for mobile computers. The comments came at the Intel Developer Forum, being held this week in San Francisco.
"The Intel Core microarchitecture is a milestone in enabling scalable performance and energy efficiency," said Intel CTO Justin Rattner. "Later this year it will fuel new dual-core processors and quad-core processors in 2007 that we expect to deliver industry leading performance and capabilities per watt. People will see systems that can be faster, smaller and quieter with longer battery life and lower electric bills."
Intel says it expects to begin shipping "Conroe," its desktop processor-based replacements for the Pentium series in the third quarter. These new chips will be based on the company's Core microprocessor, but will utilize some Pentium features, such as wide data pathways and streaming instructions. Like the Intel Core processors that are now shipping, Conroe will be based on a 65 nm manufacturing process, which will makes the chips smaller and more energy efficient than today's desktop processors. Intel says that Conroe chips will be 40 percent more powerful and 40 percent more energy efficient, when compared to today's Pentium designs.
Today's dual core Pentium design, dubbed the Pentium D, was widely criticized for its inefficient design, which hardware experts say is inferior to that of AMD's dual core microprocessors, the Athlon-64 X2 and the Opteron. Conroe is designed to overcome those deficiencies and help Intel regain its technological lead over rival AMD, which has been making market share inroads for the past few years.
Intel will also be shipping a Core-based server microprocessor that's codenamed "Woodcrest." This chip will provide an 80 percent performance improvement over today's Xeon chips will providing a 35 percent reduction in power. A dual core Woodcrest design will ship in the third quarter of 2006, while a quad-core version is on the slate for 2007, Intel says. Woodcrest is designed to overtake AMD's Opteron, which is widely acclaimed for its efficient design and performance.
Intel CEO Paul Otellini said that Intel's days of following AMD are over, and that the Core-based processor lines will help the company regain its technological edge and some lost market share. "We've tended to do best when we've had a new microarchitecture," he said, alluding to previous platform shifts, such as when Intel moved from its i486 chip to the original Pentium, or from the Pentium III to the Pentium 4. But AMD executive vice president Henri Richard said Intel's problems were of its own making. "[Intel] has been failing time and time again," he said. "It was their poor execution and poor product road map that opened up a great opportunity for us."
ToC
Paul Thurrott
URL: http://tinyurl.com/qogw6
Responding to a UK government request, Microsoft says that it will not be adding any kind of backdoor into Windows Vista, which might allow law enforcement officials bypass the system's encryption-based controls. The UK had been asking for a backdoor so that it could access information stored on Vista-formatted hard drives owned by criminals.
"Microsoft has not and will not put 'backdoors' into Windows," a Microsoft representative said. Niels Ferguson, a cryptography expert at Microsoft took the argument a bit further late last week in a blog posting. "The suggestion is that we are working with governments to create a back door so that they can always access BitLocker-encrypted data," he wrote. "Over my dead body."
BitLocker is a new feature in Windows Vista that allows the user to encrypt an entire hard drive. Previously known as Full Drive Encryption, BitLocker will protect data on a disk from being read if the PC is stolen or lost.
"Law enforcement organizations ... foresee that they will want to read BitLocker-encrypted data, and they want to be prepared," Ferguson added. "Back doors are simply not acceptable. Besides, they wouldn't find anybody on this team willing to implement and test the back door."
ToC
Scot Finnie
URL: http://www.scotsnewsletter.com/78.htm
Last month Microsoft released a major upgrade of its free anti-spyware software program that I've written positively about in the past. Previously known as Microsoft AntiSpyware, Microsoft has renamed the utility Windows Defender. The Beta 2 version of it is available on this Microsoft page. (http://tinyurl.com/s2dp4)
Whatever you call it, the new Beta 2 version of the anti-spyware utility is a significant upgrade. It offers a new detection-and-removal spyware engine, an increased number of Windows monitoring points it watches for possible spyware symptoms, a heavily streamlined user interface, fewer pop-ups from its real-time protection asking for user input, and protection for all Windows user accounts. It also runs on Windows 2000, Windows Server 2003, and Windows XP (Service Pack 2 required). Microsoft has committed to making this software freely available for download, so long as you're downloading to an authorized copy of Windows.
For more details about Windows Defender Beta 2, please see my Desktop Pipeline story, Microsoft Updates Anti-Spyware Utility, Renames It Windows Defender. (http://tinyurl.com/r2jh7)
Windows Defender will also be included in Windows Vista, and first made an appearance there in the December CTP version. I wrote about that version of Windows Defender in the Desktop Pipeline story, Visual Tour: Windows Vista Begins to Get Real. (http://tinyurl.com/rvpd8)
So is Windows Defender a good product? It's a tale of two installations. I have had no end of trouble with Windows Defender Beta 2 installed on a machine that previous ran both Microsoft AntiSpyware and an early pre- release version of Windows Defender Beta 2 that Microsoft sent me in advance of Beta 2's formal release. I did properly uninstall each previous version of the product before installing each new version. I also uninstalled Windows Defender Beta 2 twice after the initial install. But in all three attempts the experience was the same. It would work for a while, but then serious error messages would appear, and before I uninstalled it for the last time the utility brought my computer to a crawl.
Even so, I also installed Windows Defender on a brand new PC just purchased for SFNL Labs, and the utility has been working fine there for several days. So my Windows Defender Beta 2 woes could be related to conflicts with things left behind in the System Registry or elsewhere in Windows by earlier versions of Microsoft's anti-spyware utility. It might be related to the Windows Defender Beta 2 pre-release software I was given (which was not widely distributed), because I have not heard widespread complaints.
But then ... something strange happened. Just as this newsletter was being readied, one of the two computers running the February CTP of Windows Vista, which includes an almost identical version of Windows Defender, starting throwing off the same error messages. This Vista installation was cleanly installed to its own partition, and I have installed no software over it other than software that supports onboard hardware. So ... it appears there is a problem with the code of some sort. Interestingly, both computers that are having troubles with Windows Defender Beta 2 are IBM ThinkPad T43s. On the other hand, the computer that isn't having trouble is also a T43. Go figure.
For what it's worth, I have tried to report my Windows Defender problems through the PR channels to Microsoft, but have not been successful in doing so. They have not gotten back to me. So, at this point, I might advise hanging back on Windows Defender Beta 2. If you have installed it, I'd be interested to hear about your experiences.
All in all, though, I consider Windows Defender to be an improvement over Microsoft AntiSpyware, and it continues to be the only real-time anti-spyware protection running on most of the machines in my care. I'm sure Microsoft will work out the glitch I'm currently experiencing in the latest beta.
ToC
by Adam C. Engst <ace@tidbits.com>
TidBITS#818/27-Feb-06
Next time I visit Cupertino, I'll be looking to see if Apple has co-opted one of those McDonald's signs touting the number of burgers served to advertise the number of songs sold on the iTunes Music Store. If such a sign existed earlier this month, it would have had to add an extra digit on February 23rd, 2006, when the iTunes Music Store sold its one-billionth song (that's an American billion, not a British billion, though you probably would have assumed as much).
<http://www.apple.com/pr/library/2006/feb/23itms.html>
<http://www.askoxford.com/asktheexperts/faq/aboutwords/billion>
That one-billionth song was "Speed of Sound" from Coldplay's X&Y album, purchased by Alex Ostrovsky from West Bloomfield, Michigan. For clicking the Buy button in iTunes at just the right moment, Alex won a 20-inch iMac, 10 fifth-generation iPods, and a $10,000 gift card to the iTunes Music Store (I have this great mental image of the guy being presented with an iTunes Music Store gift card the size of a sheet of plywood). Apple also established a scholarship in Alex's name to the Juilliard School of Music to commemorate the one-billionth sale.
Apple's milestone press releases are doubly interesting because they usually contain additional information about the contents and sales of the iTunes Music Store at the time (Wikipedia appears to collect much of this information, though I'd be interested to see a graph of the sales as well). For instance, the iTunes Music Store has sold more than 15 million videos and currently contains roughly:
<http://en.wikipedia.org/wiki/ITunes_Music_Store>
ToC
TidBITS#816/13-Feb-06
In a move sure to stymie competitors' attempts to offer less-expensive MP3 players than the wildly popular iPod line, Apple last week lowered the prices of its tiny iPod shuffle players and introduced a new, less-expensive 1 GB model of the sleek iPod nano. The new $150 nano joins the existing 2 GB and 4 GB models, which remain $200 and $250, respectively, and is available immediately in black or white, worldwide. In the meantime, the 512 MB and 1 GB models of the iPod shuffle fall to $70 and $100.
<http://www.apple.com/pr/library/2006/feb/07ipod.html>
<http://www.apple.com/ipodnano/>
Apple also announced that cable TV network Showtime is tossing its hat in the episodes-for-sale ring. The complete first seasons of Weeds, Sleeper Cell, and Fat Actress are available now for $2 per episode, joining a selection of programs from MTV, Comedy Central, and Nickelodeon that were added late last month, such as South Park, Jackass, and Dora the Explorer. Television shows on the iTunes Music Store are available only in the U.S. [MHA]
<http://www.apple.com/pr/library/2006/jan/26itms.html>
<http://www.apple.com/pr/library/2006/feb/07showtime.html>
TidBITS#817/20-Feb-06
The MacBook Pro starts shipping last week with faster processors than promised. Apple said pre-orders started moving out 14-Feb-06 and will be available in retail Apple Stores and resellers. However, anecdotal evidence suggests that Apple's idea of "shipping" referred to the laptops leaving the factories in Asia, since as of press time it appears the first orders are due to arrive in customers' hands early this week.
<http://www.apple.com/macbookpro/>
The 15-inch laptop was originally announced to include a 1.67 GHz Intel Core Duo processor, but Apple said that the lowest speed to ship is now 1.83 GHz (the former top speed for this model; see "Intel-Based iMac and MacBook Pro Ship Earlier than Expected" in TidBITS-812_ for the machine's full specifications). The higher- speed standard model now features a 2.0 GHz processor, which can be reconfigured to have a 2.16 GHz processor for an extra $300 - that's $300 for a one-twelfth faster processor. The 1.83 GHz model does not offer the processor speed bump as a build-to-order option. Apple said that outstanding pre-orders can be tweaked for faster speeds. (However, if your machine has already shipped that might be problematic!) [GF]
<http://db.tidbits.com/getbits.acgi?tbart=08392>
ToC
by Joe Kissell <joe@tidbits.com>
TidBITS#819/06-Mar-06
At a special press event in Cupertino last week, Apple announced the next member of the Intel-based processor lineup: the Mac mini, available in two configurations.
One model features an Intel Core Solo (single-core processor) chip, which, according to Apple's tests, runs between 2.5 and 3.2 times faster than the PowerPC G4-based Mac mini, which is no longer available. The other model contains a Core Duo processor, with claimed speeds between 4.8 and 5.5 times that of the G4.
<http://www.apple.com/macmini/>
Both versions of the Intel-based Mac mini feature significant improvements to their connectivity. Ports on the back include gigabit Ethernet, DVI+VGA video out, one FireWire 400, four USB 2.0, and both analog and SPDIF (5.1) audio in and out ports. Steve Jobs also said the new minis are exceptionally quiet. As widely expected, the Mac mini now includes Front Row, along with the infrared remote control included with Intel-based iMacs and MacBook Pros.
Not highlighted at the event - but picked up by several outlets - is the fact that the new Mac mini does not include a dedicated graphics card, relying on the graphics core component of the Intel processor. Instead of using a separate store of memory, graphics processing is handled by the main processor(s) and eating up to 80 MB of system memory. (Macworld's Jonathan Seff has more information based on talking with Apple at the link below.)
<http://www.macworld.com/weblogs/editors/2006/03/miniboger/index.php?lsrc=editorsblog>
The 1.5 GHz Core Single model includes 512 MB of RAM, a 60 GB SATA hard drive, and a combo drive and sells for $600. The 1.67 GHz Core Duo model includes 512 MB of RAM, an 80 GB hard drive, and a SuperDrive (with double-layer support) and costs $800. Both models are now available.
ToC
by Joe Kissell <joe@tidbits.com>
TidBITS#819/06-Mar-06
In addition to the new Mac mini announced at Apple's special press event last week, the company added two new iPod accessories to its product lineup. The least interesting is a $100 leather case, in sizes for the full-sized iPod and iPod nano. The other is more ambitious: an amplified speaker enclosure called the iPod Hi-Fi. Apple claims that unlike some other iPod boom boxes on the market, the new system produces "home stereo quality" sound.
<http://www.apple.com/ipodhifi/>
The iPod Hi-Fi has a three-driver system, with two 80mm mid-range drivers and a 130mm dual voice coil woofer with a ported bass reflex design. On the top is a universal iPod dock, which includes plug-ins for every iPod model that uses a dock connector; an audio port on the back lets you plug in an iPod Shuffle or an older iPod without a dock connector.
For portable use, the iPod Hi-Fi has built-in handles and runs on six D-cell batteries (though at 16.7 pounds (7.6 kg), you may not be quick to blast your tunes from your shoulder around the neighborhood). It also has an integrated power supply and an industrial design meant to look good on a living room bookshelf.
Thanks to a new iPod software update, iPods plugged into the iPod Hi-Fi will have a new Speakers item in the main menu to adjust speaker settings. The iPod Hi-Fi also includes the same Apple Remote included with Front Row-capable Macs.
The iPod Hi-Fi is available now for $350.
ToC
TidBITS#817/20-Feb-06
Apple last week released Mac OS X 10.4.5, a bug-fix update that offers oodles of small changes. Most notable are a fix that prevents Safari from crashing when deleting AOL email messages via AOL webmail, proper functioning of Apple's IPsec VPN client with Cisco servers whether or not NAT (Network Address Translation) is used, a fix for synchronizing with an iDisk larger than 4 GB, and a fix that enables some previously problematic Epson printers to be used successfully via an AirPort Extreme base station. A number of changes affect only Intel-based Macs, including two fixes to Rosetta: one that enables applications to open files located via the search field in Open dialogs and another that enables Rosetta-translated applications to receive Keychain notifications correctly. Many of the other changes are cosmetic (Fast User Switching's rotating cube now appears as expected on primary and mirrored displays) or highly specific (the Setup Assistant no longer crashes if Kotoeri is selected as the keyboard type following an English language installation of Mac OS X). Mac OS X 10.4.5 is available as separate delta updates for Mac OS 10.4.4 (16 MB for PowerPC, 98 MB for Intel), and as a 125 MB combo update for PowerPC-based Macs that will update any previous version of Mac OS X 10.4. The delta update via Software Update is only 6.4 MB for PowerPC-based Macs, while the update for Intel-based Macs is 40 MB. [ACE]
<http://docs.info.apple.com/article.html?artnum=303179>
<http://www.apple.com/support/downloads/macosxupdate1045.html>
<http://www.apple.com/support/downloads/macosxupdate1045combo.html>
<http://www.apple.com/support/downloads/macosxupdate1045forintel.html>
by Adam C. Engst <ace@tidbits.com>
TidBITS#817/20-Feb-06
Apple released updates to five of the six applications that make up the iLife '06 suite last week, providing bug fixes and minor enhancements for iPhoto, iMovie HD, iDVD, iWeb, and iTunes. Details remain scarce, but Apple claims that iPhoto 6.0.1 (a 13.7 MB download) fixes bugs related to photocasting; viewing thumbnails in large libraries; and ordering cards, calendars, and books. iMovie HD 6.0.1 (52.6 MB) resolves problems with the rendering performance of the Ken Burns Effect, editing performance with the Scrubber Bar, and image quality in iMovie's themes. iDVD 6.0.1 (5.3 MB) fixes integration troubles with other iLife applications, importing of legacy projects, and some theme-related issues. iWeb 1.0.1 (19.1 MB) addresses issues related to publishing and blogs. Lastly, iTunes 6.0.3 (18.7 MB) contains stability and performance improvements over the previous version. All of the updates reportedly fixed "a number of other minor issues" as well, and I suspect that those bug fixes may in fact be the most welcome.
<http://www.apple.com/support/downloads/iphoto601.html>
<http://www.apple.com/support/downloads/imoviehd601.html>
<http://www.apple.com/support/downloads/idvd601.html>
<http://www.apple.com/support/downloads/iweb101.html>
<http://www.apple.com/support/downloads/itunes603.html>
When I first tried to run these updates, a dialog kept popping up, telling me to quit iWeb before installing the update. The only problem was that iWeb was not running, and launching and quitting it again made no difference. Restarting my Mac and running Software Update again did solve the problem, but the only reason it worked is that OmniWeb wasn't running when I tried the update the second time. I should have remembered instantly, since I'd seen this problem some months ago when trying to update iTunes: if there is any running application whose process name contains the name of an iLife application, the updater will fail in this manner, since Apple's code isn't very smart about checking names. So, in the case of iWeb, notice that "OmniWeb" contains "iWeb" and in the case of iTunes, my problem was caused by the SizzlingKeys preference pane (which lets you control iTunes from the keyboard in any application), since its process name is "SizzlingKeys4iTunes". To determine what application might be causing the problem, launch Activity Monitor, select All Processes from the Show pop-up menu, and in the Filter field, type "iWeb". If you're comfortable at the command line, type the following line into Terminal:
ps -aux | grep iWeb
Either way, if your search finds anything, quit the offending application and run the update again.
ToC
TidBITS#819/06-Mar-06
Apple last week released iTunes 6.0.4 and iPhoto 6.0.2 to address minor problems with Front Row, Apple's media-center interface software for playing music, photos, and videos on the iMac, MacBook Pro, and just-released Intel-based Mac mini. Unsurprisingly, they were accompanied by an update to Front Row 1.2.1, which claims to improve compatibility with iTunes and iPhoto sharing. The new version of iTunes reportedly fixes stability- and performance- related related to Front Row, and the iPhoto update resolves problems related to playing shared slideshows in Front Row. iTunes 6.0.4 is an 18.7 MB download via Software Update, iPhoto Update 6.0.2 is a 13.7 MB download, and Front Row 1.2.1 is a 5.5 MB download. Given the specific nature of these changes, I'd suggest that anyone not using Front Row could skip these updates or at least put them off until convenient. [ACE]
<http://www.apple.com/support/downloads/itunes604.html>
<http://www.apple.com/support/downloads/iphoto602.html>
<http://www.apple.com/support/downloads/frontrow121.html>
TidBITS#819/06-Mar-06
Apple posted GarageBand 3.0.1 last week, which fixes a specific podcast problem in the French or Finnish localized versions of the audio-creation software. The update is available via Software Update or as a 1.5 MB download. [JLC]
<http://www.apple.com/support/downloads/garageband301update.html>
ToC
by Adam C. Engst <ace@tidbits.com>
Responding with reasonable alacrity to the recent Leap-A and shell script exploits, Apple released Security Update 2006-001 last week, fixing a slew of problems. Most notably, an update to Safari and LaunchServices performs additional download validation when the "Open 'safe' files after downloading" option is on to warn the user (in Mac OS X 10.4.5) or to avoid opening the download entirely (in 10.3.9). A similar update to Mail makes sure Download Validation can better detect unsafe or unknown file types in attachments. Also, an update to iChat in Mac OS X 10.4.5 now uses Download Validation to warn users of unknown or unsafe file types during file transfers.
<http://docs.info.apple.com/article.html?artnum=303382>
In general, increased warnings are a good thing unless they become so commonplace that users automatically agree to actions without considering the specifics. Plus, despite these changes, Apple still encourages all users to be careful about handling email attachments and opening downloaded files; see Apple's safety tips if you're not sure how to evaluate a given attachment or file. Even still, we'd like to see Apple going further to prevent the kind of deceptions that allow a malicious application to masquerade as a harmless document. Matt Neuburg's suggestion last week (see "Of Files, Forks, and FUD" in TidBITS-818_) of badging all executables in some obvious way would be a step in the right direction, although deception (such as a malicious application mimicking a well-known legitimate one) remains possible.
<http://docs.info.apple.com/article.html?artnum=108009>
<http://db.tidbits.com/getbits.acgi?tbart=08437>
Also important in Security Update 2006-001 is an update to apache_mod_php that includes PHP 4.4.1, a security update to the PHP scripting language. Holes in PHP - specifically in Web forms that are being exploited by spammers - are the largest security issue in the Web server world right now, and PHP 4.4.1 does not fix all of these problems. PHP is disabled by default in Mac OS X, so only people who have explicitly turned it on need worry about these concerns; see the link below for more information.
<http://www.forest.net/support/archives/2005/12/000668.php#000668>
Other updated components of Mac OS X include automount, BOM (Mac OS X's archive unpacking code), Directory Services, FileVault, IPsec, LibSystem, perl, rsync, Safari (in more ways than just increased download validation), and Syndication (Safari RSS). While some of Apple's security updates feel like fixes to issues that few people would ever encounter, a number of the problems addressed by Security Update 2006-001 are quite concerning, and we encourage everyone to install it right away. Security Update 2006-001 comes in versions for Mac OS X 10.4.5 for PowerPC (12.5 MB download) and Intel (22.5 MB), and Mac OS X 10.3.9 Client (25.3 MB) and Server (38.6 MB); all sizes are for the stand-alone version and may be somewhat different for Software Update, which provides the right version for your Mac.
<http://www.apple.com/support/downloads/securityupdate2006001macosx1045ppc.html>
<http://www.apple.com/support/downloads/securityupdate2006001macosx1045clientintel.html>
<http://www.apple.com/support/downloads/securityupdate20060011039client.html>
<http://www.apple.com/support/downloads/securityupdate20060011039server.html>
by Mark H. Anbinder <mha@tidbits.com>
TidBITS#817/20-Feb-06
A malicious file uploaded early this week to the MacRumors Forums site is a Trojan horse designed to fool Mac users into thinking they'll get to see preview pictures of Mac OS X 10.5 Leopard, the next version of Apple's operating system software. Instead, the file, named "latestpics.tgz," attempts to send itself to the user's iChat contacts, and damages applications on the user's computer. Your computer can't be infected unless you open the file.
<http://www.macrumors.com/pages/2006/02/20060216005401.shtml>
Andrew Welch of Ambrosia Software appears to be the first to post a thorough analysis of the malware, which he dubbed "Oompa-Loompa," or "OSX/Oomp-A" in the standard taxonomy. Both Sophos and Symantec appear to be using the name "OSX/Leap-A," and both are offering definition downloads.
<http://www.ambrosiasw.com/forums/index.php?showtopic=102379>
Welch says Leap-A appears to try, but fail, to spread itself through other applications the user launches. The resulting damage to these applications renders them unusable.
The easiest thing you can do to protect your computer is not download and open "latestpics.tgz" or any other archive you're not expecting. If you receive a file via email or instant message that you're not expecting, even from someone you know, always ask before opening it. This malware can't spread itself; it relies on a "social engineering" to trick users into activating it. (See "Are Input Managers the Work of the Devil?" elsewhere in this issue for more on the vulnerability that Leap-A is exploiting.)
If you run anti-virus software, make sure it is set to obtain updates automatically at least weekly, or check manually for updates over the next few days. Dan Adinolfi of Cornell University's IT Security Office has provided the first two links to Sophos's and Symantec's pages, which offer a growing set of info about the Trojan horse. Macworld has also posted a Leap-A FAQ.
<http://www.sophos.com/virusinfo/analyses/osxleapa.html>
<http://www.sarc.com/avcenter/venc/data/osx.leap.a.html>
<http://www.macworld.com/news/2006/02/16/leapafaq/>
Shortly after Leap-A made headlines, a second piece of malware appeared. Inqtana-A is described as a Java-based proof of concept that takes advantage of an old Bluetooth vulnerability in Mac OS X. If you've applied the Apple Security Update 2005-006 for Mac OS X 10.3.9 and Mac OS X 10.4.1 or the general Mac OS X 10.4.1 release, then your Mac is unaffected by Inqtana-A.
<http://www.macworld.com/news/2006/02/17/inqtana/>
<http://docs.info.apple.com/article.html?artnum=301528>
<http://docs.info.apple.com/article.html?artnum=301742>
<http://docs.info.apple.com/article.html?artnum=301630>
Although both threats are minimal - especially compared to far more dangerous malware that Microsoft Windows users encounter - they've served as a reminder to the Mac community that no computer system is entirely immune to Trojans, worms, and viruses.
ToC
by Geoff Duncan <geoff@tidbits.com>
TidBITS#818/27-Feb-06
A potentially critical security flaw has been uncovered in Apple's Safari Web browser, which may enable attackers to execute arbitrary Unix shell scripts on a user's machine simply by following a link on a Web site. Apple has yet to comment or release a patch, but in the meantime, we'd urge Safari users to disable the "Open 'safe' files after downloading" option in General pane of Safari's preferences. (In fact, we've recommended disabling this option since May 2005, when a weakness involving Dashboard widgets was discovered).
<http://db.tidbits.com/getbits.acgi?tbart=08119>
The root of the exploit involves the way Mac OS X determines which program should launch files of a particular type. Under Mac OS 9, applications were associated with files using four- letter creator codes stored in a file's resource fork; under Mac OS X, applications are associated with file via a more arcane system involving metadata and a file's extension. By renaming a Unix shell script to a "safe" extension (like .pdf, .jpg, etc.), setting the script file's executable bit, and compressing the script with the Zip archiving utility, Safari will happily download the script, decompress it, assume the script is "safe," then blithely pass it off to the Mac OS X Terminal application for execution. An attacker could easily use such a script to delete a user's home directory, damage the computer's configuration, or obtain personal data. (For more information, see Matt Neuburg's "Of Files, Forks, and FUD" elsewhere in this issue.)
Safari is the only Web browser known to be affected, although it is possible other programs could be vulnerable to similar attacks. The Camino and Firefox Web browsers are not vulnerable to this particular exploit.
Danish security firm Secunia has listed the flaw as "extremely critical," and has posted a harmless sample exploit of the flaw so users can test if their systems are vulnerable. Heise Online has another demonstration of the exploit.
<http://secunia.com/advisories/18963>
<http://secunia.com/mac_os_x_command_execution_vulnerability_test/>
<http://www.heise.de/security/dienste/browsercheck/demos/safari/Heise.jpg.zip>
Users may also be able to protect themselves from the exploit by removing the Terminal application from its default location in Applications > Utilities. (However, doing so may confuse future system updaters, so users would probably have to remember to put it back before installing new software.)
By default, Safari's "Open 'safe' files after downloading" option is disabled on new Mac OS X 10.4.5 installations, so many users may be safe from this exploit by default. However, merely running Mac OS X 10.4.5 is no guarantee of safety: we've confirmed systems updated to Mac OS 10.4.5 from earlier versions may well leave Safari's "Open 'safe' files after downloading" option enabled. So, to be safe, check that the option is disabled on your system regardless of the version of Mac OS X you're using.
ToC
by Adam C. Engst <ace@tidbits.com>
TidBITS#818/27-Feb-06
As the Macintosh has matured over the years, some people moved on, and the Mac world was the poorer for it. But one familiar face from the days of yore has been popping up again lately: ex-Apple evangelist Guy Kawasaki. Guy is a managing director of the Garage Technology Ventures venture capital fund, and he was all over Macworld Expo in San Francisco showing off FilmLoop. It was great to see him back in the Macintosh community again, and thanks to the blog at the very end of 2005, I think he'll once again be something of a public figure.
<http://blog.guykawasaki.com/>
In classic Guy fashion, this isn't Just Another Blog (its tagline is "Blogger. n. Someone with nothing to say writing for someone with nothing to do." Ouch). Instead, Guy's blog is filled with the kind of practical wisdom he's been dispensing in his books since the days of "The Macintosh Way." His more recent books have, needless to say, taken a bit more of the venture capitalist point of view (hence the titles: "The Art of the Start," "Rules for Revolutionaries," "Selling the Dream," and "How to Drive Your Competition Crazy.") but they're amusing, insightful, and useful for almost anyone starting a new project, giving a presentation, or trying to figure out how to stand out from the crowd. Guy's blog postings have exactly the same qualities, and the blog format may actually be a more effective presentation method for some of his ideas, since they come in small, periodic chunks. Much as I like Guy's books, I find that I read them, get all fired about implementing some of his ideas, find myself snowed under by some project, and never get around to doing what I'd planned. Perhaps the constant nudges from Guy's blog will actually cause me to think and act.
(And if you're new to the Macintosh world and haven't the foggiest idea who Guy Kawasaki is, pick up a copy of "The Macintosh Way" and read it - used copies are about $5 on Amazon and the blog has links to all of his books.)
One area in which Guy has long excelled is in community building. He was always a huge supporter of user groups within Apple, and in fact, I chatted with him in-between our talks at the User Group University (the attendees were all user group leaders) the day before Macworld Expo in San Francisco. I'd just finished speaking to the group - along with Chris Breen and Bob LeVitus - on how user groups can revitalize themselves and stay relevant in today's age, so it was particularly interesting to see Guy's recent post on community building. Excellent points, and the comments are also equally as worthwhile for anyone interested in user groups or just bringing people together. [ACE]
<http://blog.guykawasaki.com/2006/02/the_art_of_crea.html>
ToC
reported by Kevin Hopkins (kh2@uiuc.edu)
February 16, 2006 -- The General Meeting began with President Richard Rollins doing the traditional introduction of officers.
We then moved directly into the Question and Answer portion of the meeting.
Someone asked if there was a way to save Search results? The answer was "No." Saving the search just saves the criterion for searching the same thing next time. However, you can Control-A to select all, Control-C to copy all the files, Control-V to paste the files into a newly made folder. Another alternative is to Control-A, Right click and select Enque in Winamp, which saves it as a playlist.
Joe DeWitt had a question about getting a no-name computer fixed. By taking the model number, which was the only visible information on the laptop, Kevin Hisel worked his magic and found out it was a Kobian Deskknote A907 laptop from Elite Group Computer Systems. It's a Dutch company. Joe wants to get it working for a relative and wondered if there was a local repair shop that could do that in an economically sane framework. A discussion of his options followed. (Likewise, the guys fell on the box like a pack of jackals - nothing's more of a challenge than an uncooperative piece of hardware.)
Emil said he has a friend who's Firefox keeps crashing no matter what. The possible diagnosis offered was that they have a corrupted profile, which is almost always the problem. Creating a new one fixes it. Emil said the same friend had another problem, with Adobe. They have plenty of memory. he consensus was this would require a little more hands on tinkering.
Another Firefox problem was raised. Again, the Profile was fingered as the culprit. Kevin Hisel said go to Firefox, select the shortcut, open it up, put -p after it to delete the profile. Or, you can go to Documents and Settings, Folders View - Show hidden files. For this latter solution, using the overhead projector, Kevin showed step by step how to delete the profile to correct these problems.
There was a Thunderbird mail question. As described, it was thought it could be a Indexing problem, or compacting folders on start-up.
Joe Dewalt asked how to Customize, change any icon in Properties (right click) in Windows 2000.
Mark Zinzow reported that someone in his house has a problem with spilling beverages on keyboards. So, he purchased a case of 16 waterproof keyboards and was offering the extra keyboards for sale for $6 each. Delivering his wry sales pitch, Mark said, "Everybody should have a spare." You gotta love Mark and his deals!
David Noreen offered up free movie passes he discovered online.
Phil Wall had a question about cleaning an beloved, old IBM keyboard. Phil was really worried about breaking the key caps off. Richard Rollins showed him how to do it. All you need is a key cap puller. Kevin Hisel leaped in with another of his increasingly famous Google searches: "Clean IBM keyboard." Up came <http://www. Clickykeyboard.com/buyersguide.htm>. Everything you ever wanted to know about clicky IBM keyboards, including how to clean the. In the discussion that followed it was learned that you can use a Cyberguys USB adapter to hook up this kind of keyboard and a mouse to newer computers.
<http://www.cyberguys.com/templates/searchdetail.asp?s=SD&T1=104+0444>
Norris Hansell reported a "Word 2004 for Mac" save problem he had after upgrading to OS 10.4.4. The Save feature in the menu was missing. He found that by going to Customize menus on Toolbars and taking the save icon and dragging it across the file menu and it lodged there and works. he said repairing permissions should have
