Microsoft has developed a small plug-in device that investigators can use to quickly extract forensic data from computers that may have been used in crimes.
The COFEE, which stands for Computer Online Forensic Evidence Extractor, is a USB "thumb drive" that was quietly distributed to a handful of law-enforcement agencies last June. Microsoft General Counsel Brad Smith described its use to the 350 law-enforcement experts attending a company conference Monday.
The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer.
It also eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power and potentially losing data. Instead, the investigator can scan for evidence on site.
More than 2,000 officers in 15 countries, including Poland, the Philippines, Germany, New Zealand and the United States, are using the device, which Microsoft provides free.
Remember a few years back when Microsoft launched a new type of DRM under the name "PlaysForSure"? The idea was to create a standard DRM that a bunch of different online music download stores could use, and which makers of digital music devices could build for. Except... like any DRM, it had its problems. And, like any DRM, its real purpose was to take away features, not add them, making all of the content hindered by it less valuable. Yet, because Microsoft was behind it, many people assumed that at least Microsoft would keep supporting it. Well, you've now learned your lesson. Playsforsure was so bad that Microsoft didn't even use it for its own Zune digital media device. Along with that, Microsoft shut down its failed online music store, and now for the kicker, it's telling anyone who was suckered into buying that DRM'd content that it's about to nuke the DRM approval servers that let you transfer the music to new machines.Anyone out there on my flist dumb or careless enough to have fallen for PlaysForSure music? Sorry about that.
Well, the flakiness seen yesterday expanded into full-blown falling-apart today: I couldn't even boot. And I'll note in passing that an 8-day-old install CD of Hardy alpha required 600-odd updates. I don't think it's stable yet. I'm going to assume both that the drive is unhappy, and that Hardy Heron isn't ready; I put the old drive back.
On the plus side, I found the install disk for my 802-11g wireless card, and it worked in the Win98 partition. So the machine will be usable regardless. At some point I'm going to try both Gutsy (from the text installer) and Lenny. But not right now: there's a lot on my schedule today.
The code, published over the weekend by researchers Adrian Pastor and Petko Petkov, exploits features in two technologies: The UPnP (Universal Plug and Play) protocol, which is used by many operating systems to make it easier for them to work with devices on a network, and Adobe Systems' Flash multimedia software.The InfoWorld article's title is "Flash attack could take over your router", but it's really much more general than that: a maliciously-crafted flash movie could theoretically take over any UPnP device as long as it could guess its local IP address. Routers just happen to be ubiquitous, and come with only a limited number of default setups.
By tricking a victim into viewing a malicious Flash file, an attacker could use UPnP to change the primary DNS server used by the router to find other computers on the Internet. This would give the attacker a virtually undetectable way to redirect the victim to fake Web sites. For example, a victim with a compromised router could be taken to the attacker's Web server, even if he typed Citibank.com directly into the Web browser navigation bar.
Turn off UPnP on any device where it's not absolutely essential. The article says, "Users could avoid this attack by turning UPnP off on their routers, where it is normally enabled by default, but this would cause a variety of popular applications, such as IM software, games, and Skype, to break and require manual configuration on the router", but it's not as bad as all that. Skype, IM, and games work perfectly well on my kids' Windows boxes, and my router is a Linux box without UPnP.
Not surprisingly, Microsoft is a major promoter of UPnP -- it stands for "Universal Plug and Play" and, like so many "features" from Microsoft, it's supposed to make things easier for their users. If they made cars, they'd all have the same key because somebody with two cars might get them mixed up.
Gratuitous Icon Post: The icon comes from the print I bought recently from ohiblather's shop on deviantART.
( page image behind cut )
(from Gizmodo. Looks like a digital camera rip-off at CES. There's a version at http://www.stayathomeserver.com/book.asp
It seems some SATA drives have a tendency to spin down and not come back to life quickly enough to suit the drivers -- or even the BIOS. My fileserver, which has a pair of 400GB Seagates, seems to be afflicted. Twice, recently, I've come home and found it hung, and when I power-cycled the thing it took no less than two resets before the drives were happy. This does not make me happy.
As far as I can tell, every damned one of my four SATA drives has this problem, in varying degrees. Grrr. I seem to have it most often with drives that are left unused for a long time -- it mostly seems to hit the backup drives (though not always). For now I'm enabling swap on my mirror drive; I don't think it was this bad back before I disabled it to save wear and tear on the drive.
But I'm seriously considering sticking them in a RAID box where they'll get plenty of exercise, and replacing them with IDE drives. Not what I was planning to spend money on, though.
Meanwhile, I've been spending the last hour or so running malware scans on the flower_cat's stupid Windows machine. And disabling the virus scanner, which seems to be causing a host of problems all by itself. Did I mention that I *HATE* Windows?
22:19 Did I mention that I'm an idiot? Seems the fileserver's bootloader menu is a mix of various and sundry old bits that don't go together anymore. No, I do not want to boot from the swap partition! Nor do I want the year-old multimedia kernel that seems to have stuck itself in for the hell of it. That's the problem with not rebooting for a long time...
A couple of fascinating (in the same way that horror movies and trainwrecks are fascinating) articles about Microsoft have come my way in the last couple of days.
"The problem isn't 100% reproducible and depends on quite a few different factors," explained Todd Headrick, the product planning manager on the Windows Home Server (WHS) team. "Home Server has to be under an extreme load while doing a large file copy," he said, adding that the flaw comes into play only in instances when the file server's cache is full and the user is editing a file previously saved to a shared folder.
"But we thought it was important enough to generalize [the bug] so people would take it seriously, even though we took a [public relations] hit," Headrick added.
On Wednesday, Microsoft warned users in a tightly worded support document not to edit files stored on their servers with certain programs. "Files may become corrupted when you save them to the home server," the company said in advisory KB946676, which it published last week to its support site.
Saying that the bug was in the shared folders feature of WHS, the document urged users to stop using seven Microsoft applications, including Windows Vista Photo Gallery, Windows Live Photo Gallery, OneNote 2003, OneNote 2007, Outlook 2007, Microsoft Money 2007 and SyncToy 2.0 Beta under some conditions. "We recommend that do not use the programs to save or to edit program-specific files that are stored on a Windows Home Server-based system," the document read.
Folks, I've been using Unix- and Linux-based shared file servers for two decades now, at work and at home, often under loads that Windows Home Server is unlikely ever to encounter, including flinging large audio and video files around. Know how many times I've had files corrupted by anything but a hardware problem? Zero. Microsoft has a problem here.
Meanwhile technoshaman points us at a blog post about last night's fireworks show on Seattle's Space Needle. In his follow-up he points us to this story at seattlepi.com. Their front page has a followup. Guess what? File corruption on a Windows machine. Hmm.
Look, if you're going to have an expensive, high-visibility show
controlled in real-time by a computer program, you start by simulating the
heck out of it. Then you put the app, and enough of an OS to run it, on a
fsck(1) it, adjust
that it's mounted read-only, and run a couple of tests with the fireworks
replaced by dummy loads but everything else in place. After that, if it fails in
the next decade or so, it's because you damaged the box.
technoshaman assures us that he could write the controller app from scratch in a couple of months; I'd be inclined to use a MIDI sequencer and a bunch of current-loop-controlled relay controllers. This isn't exactly rocket science. Mortar shells, maybe.
Meanwhile cheap, rugged, Linux-based diskless laptops are getting a lot of attention, and corporate IT departments are staying away from Vista in droves. Wonder why.
You can download Ubuntu Linux here for free.
The project for yesterday was getting Dorsai, my "new" recording box, set up with a realtime kernel and the right set of applications. Specifically, the plan was to install the 64-bit version of Debian Etch (the base for 64Studio), and the 64-bit version of UbuntuStudio (which, being based on Gutsy Gibbon, includes Audacity 1.3.3). Along the way, I wanted to make the multi-OS Grub menu work properly. It took all afternoon.( the details, for the technically inclined )
This afternoon's challenge is completely different. The Wolfling has a batch of documents, taken off her old computer, that she needs to print. Unfortunately, they were written in Microsoft Works, which has a proprietary format incompatible with everything in the known universe, and the only copy in the house is on that old computer. So I have to get it back in operation somehow I have it in the office hooked up to my KVM switch, so with luck it will Just Work[tm], but this is Windows we're talking about. (... OK, it boots. But I never made myself an account on it, so she'll have to deal with it when she gets home, unless I can do it from the guest account. The fact that it won't shut down properly doesn't help.) Maybe the recently freed version of Works will work on Colleen's machine. Maybe.
5:45pm Guest was able to print from the keychain drive. And there is much rejoicing.
Y'know, I probably shouldn't post these two headlines together, but I couldn't resist.
It sounds like science fiction but it's true: A killer amoeba living in lakes enters the body through the nose and attacks the brain where it feeds until you die.
Today, I think of Vista as the zombie operating system. It stumbles around, and from a distance you might think it's alive, but close up it's the walking dead.
And I'm not too fond of HP, either. No, I don't mean Lovecraft, though HP's printer software install on my Windows 98 laptop had a distinct whiff of the loathsomely undead about it.
And at the end of it all, after rejecting my registration password twice and changing a checkbox each time, I forgot to uncheck the box one final time. So now I've been signed up with Shutterfly, which has terms of service that say they're going to send me spam. Bustards. Not to mention the fact that the install took two blasted hours, froze the machine once, and required the usual "you have moved the mouse; please restart Windows" several times.
And at the end of it all, the software that lets it print on CDs doesn't fsking run on Windows 98, which means that I'll have to drag the Mac home from work or see if I can convince the flower_cat's machine to use it over a network. If I can get the blasted print server running again. Maybe I'll just run samba on the laptop and cups on the lappy for now; I don't think the
If I'd known before I started that the Epson R200 would manage to get its print heads completely unclogged, I don't think I would have bothered. Or I might have let the Y.D. have the HP and kept the Epson downstairs in the office. The HP is a better printer, I think, and HP definitely has better Linux support, but...
Oh, and did I mention that I had to take the first HP back to Fry's -- The YD spotted a broken-off plastic part (looks like a roller of some sort) in the bag when I unpacked it yesterday.
I see a visit to .hp.com/support in my near future.
After pulling XP from its desktop and laptop lines, Dell changed its mind and announced that it would offer it on new Inspiron 1405, 1705, 1505 and 1501 notebooks, and Dimension E520 and E521 desktops. The decision was driven by an overwhelming outcry on Dell's IdeaStorm feedback center, which at the moment reads like a meeting of the He-Man Vista Hater's Club...It's apparently only available on a few models favored by business users, but it's a step in the "right" direction.
Meanwhile, you can get the latest release of the OS Michael Dell uses on his desktop machine right here from Ubuntu.
The Cat6 cable I installed a couple of weeks ago to the back of the house seems to be defective. If I'm lucky it's just a connector -- it seemed flaky when I plugged it into the hub. Fortunately the Cat5 cable it replaced seems to work just fine at 1GHz.
On top of which, somebody seems to have installed the Mavis Beacon typing tutor program for all users, and it pops up and tries to remind you to practice. Or maybe that's the only way to install it. Who knows? It's Windows.
Got good takes from Joyce on "High Barratry", "TEOTWAWKI v2.0", "Little Computing Machine", and "Mushrooms". Still need to do the mixing, and I think the sync could be better in spots -- Audacity 1.3 added some additional parameters for latency correction, and I still haven't figured them out. But progress has been made.
Check out the new album cover page.
Trying yet another kernel in the fileserver. I really don't have the time to reinstall and reconfigure the damned thing.
Moved the office Windows box into the bedroom for the flower_cat to replace her dead Fry's box. It's noisier, and because she's never used it, it took me a fscking hour to get Realplayer installed and Live365 set up. Bloody Windows. Had me within seconds of bashing my brains out on the keyboard to make the pain stop. I don't have time for this.
Now I don't have a Windows machine hooked up to the color printer, so how I'm going to print sample disks for Consonance remains a mystery. Hopefully I'll be able to get my little dedicated print server going; it's been sitting around for almost a year since I bought it on sale at Fry's. I don't have time for this.
Last night the flower_cat's computer (a cheap Fry's Windows
box, two or three years old) fell down and couldn't get up. It doesn't
even put a BIOS message on the screen, though the disk spins up and the
monitor shows that it has sync for a second or so before it goes back to
sleep. Swapping power supplies got me to boot, but a few minutes later it
was back to its old habits -- this strongly suggests a motherboard
problem. There are parts of the motherboard that stay powered up; my
working hypothesis is that pulling the power supply let something cool
down. Could conceivably be RAM -- I'll try that this evening -- in which
case it's an easy fix. (update 6:30 it's not the RAM.)
Otherwise, So we're one box closer to a
The Cat is not a heavy computer user, and she already reads email on Linux. Her other main computer activities are web browsing (in Firefox), streaming audio from filk.com (Live365), and Mahjong. Hmm. The other option, if she really wants to continue playing other Windows games, is to move the other Fry's box in from the office.
The latest bit of entertainment from Microsoft is that if you have speech recognition turned on in Vista, your computer will blythly listen to whatever comes out of its own speakers. So you can create a sound file or a movie, put it on a website, and give commands to the computer of anyone stupid enough to be running Vista and speech recognition when they listen to it.
I'm waiting for somebody to combine this with Goodbye-Microsoft.com. There's a song in there somewhere, I fancy.
(From techdirt.com; spotted by mr_kurt.)
At this point you have the choice between restarting your stupid old Windows, or booting into the clever and friendly Debian installer. You can even make your system dual-boot. You might want to make backups first, unless it's a brand-new machine.
Ubuntu users can use the somewhat similar install.exe, which downloads Ubuntu using bittorrent and installs it into an image file so that you don't even have to repartition your disk.
No matter how much spin is put on this launch, it's a disaster. There's simply no excitement about it. Most quotes from businesses are about how much of a chore it will be to upgrade, with warnings about how much old software will be incompatible and how people will have to buy new machines just to run it. No one actually wants this new system, except Microsoft and some of the hardware vendors who are desperately hoping Vista will revitalize moribund computer sales.
I think the day of the big-bang operating system release will die with Vista. This kind of upgrade has become obsolete. It might have made sense in the age of disconnected computers, where an upgrade involved a PC technician going to each desktop with a CD-ROM, but with the advent of Internet-connected PCs it's crazy. People want to simply keep patching their existing systems remotely and securely until eventually all of the original code has been replaced and you're running a new operating system. This at least is something we in the Open Source/Free Software community have become very good at, as it mirrors the very environment we need to create our software in the first place.
After months of testing Vista on multiple computers, new and old, I believe it is the best version of Windows that Microsoft has produced. However, while navigation has been improved, Vista isn't a breakthrough in ease of use. Overall, it works pretty much the same way as Windows XP. Windows hasn't been given nearly as radical an overhaul as Microsoft just applied to its other big product, Office.In other words, it's the best Windows yet, but that's not saying much. Especially when you consider that many of the features of MacOS X came from the Unix of a decade ago.
Nearly all of the major, visible new features in Vista are already available in Apple's operating system, called Mac OS X, which came out in 2001 and received its last major upgrade in 2005. And Apple is about to leap ahead again with a new version of OS X, called Leopard, due this spring.
What it all comes down to is Microsoft is turning the screw on me too hard. I can't legitimately use its software without becoming a criminal or spending tens of thousands of dollars. If it gives me a truckload of free copies, I will still be spending the majority of my time on the phone with people in Bangalore typing in licence keys to stay legal.Admittedly, he appears to be a hardware reviewer -- not everybody swaps out their motherboard every couple of months, and their graphics card every couple of days. But a few upgrades per year aren't too unusual even in a household like mine where the tendency is to throw a machine into a kid's room and never see it again until the CPU fan dies from an over-accumulation of lint.
It simply is not worth it anymore, I can't use Vista. Believe it or not, I was pretty neutral on XP, it did what I needed and usually worked in a mostly acceptable fashion. It has been mostly secure because I was not abjectly stupid. I had no reason to switch, but Microsoft has given me the choice of becoming a criminal or going to Linux. In a few weeks, I don't plan on looking back.
Good article by Eric Raymond and Rob Landley about why 2008 is a hard limit by which the dominant OS for the next 30-50 years will be chosen, and what Linux has to do to be the one.
The industry-wide switch to 64-bit hardware is opening a critical transition window during which the new dominant operating system will be determined. This window will close at the end of 2008, a hard deadline. The last such transition completed in 1990, the next one cannot be expected before 2050.
The three contenders for the new 64-bit standard are Windows-64, MacOS X, and Linux. The winner will be determined by desktop market share, the bulk of which consists of non-technical end users.
This paper tries to answer a number of questions: Why is 2008 is a hard deadline? What is the current state of the three major contenders trying to become the new 64-bit standard? What are the major blocking issues to to each platform's desktop acceptance? What specific strategies and tactics can Linux use to cope with its most pressing problems? We close with a sober consideration of the costs of failure.
VISTA'S CONTENT PROTECTION specification could very well constitute the longest suicide note in history, claims a new and detailed report from the University of Auckland in New Zealand.The actual report is here; I originally found it on cryptome.
"Peter Gutmann's report describes the pernicious DRM built into Vista and required by MS for approval of hardware and drivers," said INQ reader Brad Steffler, MD, who brought the report to our attention. "As a physician who uses PCs for image review before I perform surgery, this situation is intolerable. It is also intolerable for me as a medical school professor as I will have to switch to a MAC or a Linux PC. These draconian dicta just might kill the PC as we know it."
From this post on Groklaw, we learn that Jeremy Allison of the Samba project has resigned from Novell over their patent deal with Microsoft. His statement is quoted in full in the Groklaw article, and includes a letter to management.
As many of you will guess, this is due to the Microsoft/Novell patent agreement, which I believe is a mistake and will be damaging to Novell's success in the future. But my main issue with this deal is I believe that even if it does not violate the letter of the licence it violates the intent of the GPL licence the Samba code is released under, which is to treat all recipients of the code equally.
In case anyone might think I gave up too easily, here is a copy of a letter I recently sent to management on this matter.
I know you don't want to hear this, I know *nobody* wants to hear this but I'll not be able to live with this if I don't say it publicly at least once.
Whilst the Microsoft patent agreement is in place there is *nothing* we can do to fix community relations. And I really mean nothing.
As far as I know this is the first such departure, but it is unlikely to be the last.