I’m finally switching over to 1and1’s DNS servers. This means that some of my _____.invisibill.net forwards won’t work, at least until I remake them, if I do. Everything on my site should work fine, but I did have some bookmarkish forwards set up, and I know I’ve posted some of them before. Most of them I haven’t used in forever anyway, but just be warned that if you’re using one of those, it will stop working soon. However, this means that my site will no longer be in the stupid forwarding frames. It won’t look any different, but it’s just one less thing to get in the way. For example, the example I posted on December 12 with the URL spoofing exploit should work right from here now. I’ve got the DNS changes made, now they just have to filter through the internet. For me, some are already working and some are still on the old server. invisibill.net works, but www.invisibill.net doesn’t yet. Just letting all my diehard fans (both of you) know what’s up in case things are acting funny.

More on the SCO Linux thing…

Novell has released a bunch of correspondence with SCO about this whole Linux infringement accusation. They also list their copyrights on this page. This Slashdot posting is a good summary of the letters. http://www.sco.com/novell/ has the Purchase Agreement and other stuff. GROKLAW is working on converting all the PDFs to text.

It’s up to the courts to figure things out, but SCO seems to be making lots of claims that they own things and there are infringements against SCO’s stuff in Linux (starting with 2.4, so you people running older stuff are safe too). If you read certain extracted parts of the agreement, it sounds like Novell basically handed off anything and everything UNIX to SCO. But they also mention that it’s everything but the specified exceptions. If you look at the exceptions, Novell still retains ownership of most of the stuff. SCO’s actions back this up, like recently requesting that Novell transfer copyrights for UNIX stuff to them (and being denied). Basically, it’s questionable if this code which may or may not be in Linux (you have to sign an NDA to see SCO’s “trade secret” code which has been put into Linux, and I don’t know of any unbiased source who has done so and verified SCO’s claim) is even SCO’s property to begin with. Novell also says that the agreement expressly forbids SCO from terminating licenses without Novell’s permission. SCO has talked about terminating IBM’s license for doing stuff with the AIX source code. Novell says that IBM’s AIX code is IBM’s and has nothing to do with SCO, but that they’re not giving SCO permission to cancel the license anyway. The whole situation with SCO’s IP being in Linux is confusing, but Novell is simply taking out SCO’s legs, saying it’s not their IP so this whole issue is a moot point.

Depending on how the whole Purchase Agreement is interpreted, some of SCO’s actions could be a breach of contract with Novell. For example, SCO claims some of their sales are new ones and not revisions of old ones. If they are determined to be revisions, Novell gets 95% of “their” sale and SCO gets a 5% “commission”. If they knowingly did this, that’s fraud and SEC stuff. According to a /. poster, the employee responsible for doing the SEC filings mysteriously left right before their last earnings report was due. Hmmmmm… Man, it’d suck to be SCO and find out that you didn’t actually have all that money that you just spent on lawyers to get back your property, which turned out to not be yours.

I’m not a Linux zealot or anything, but I don’t like to see innocent people/companies get screwed. I don’t mind seeing money-grubbing, dishonest people/companies go belly-up though.

Another interesting thing that has come about from the /. posts… They’re trying to “Hack Google” by creating lots of links to make the results show what they want. To see examples, type in “miserable failure”, “French military victories”, or “Weapons of Mass Destruction” and hit the “I’m Feeling Lucky” button. The idea is to make SCO’s website come up when you use the phrase “litigious bastards”. To do so, they need to get as many pages as possible out there with the words “litigious bastards” linked to “www.sco.com”. In order to make things more fun for SCO, they also thought it would be good to use “www.sco.com/?sco=litigious%20bastards” instead of just “www.sco.com”. This will put lots of lines with “sco=litigious bastards” into their webserver logs. Like this: litigious bastards Hehe.

A post on a tech board brought to my attention a program which does something I dislike a great deal. Someone was looking to convert their old audio tapes into MP3s. He said that Magix Audio Cleaning Lab 2004 works great, but you have to pay extra to encode MP3s.

-> Fast audio CD burning and autoplay-capable MP3* CDs (burn-proof support, disc-at-once)

-> Export as WAV, OGG Vorbis, Internet Streaming Format (WMA) or MP3* files

* 20 demo runs

I am very much in favor of supporting programs that do what I want for a reasonable cost. I equally support the idea of boycotting programs that charge for the same thing a free program does, or for doing something I don’t want. If this program does the audio cleanup part well, buy that part of it. Then completely ignore their request for more of your money, and use a different MP3 encoder on the exported WAVs. If enough people refuse to buy their MP3 encoder addon, they’ll get the hint that people don’t see it as being worth the extra cost. They’ll either lower the price (include it for free?) or stop pushing it at you. It’s up to you if it’s worth the extra cost to not have to do another step in a separate program.

Getting analog audio is a bit more complicated than just ripping a CD to MP3s, but Exact Audio Copy works great for converting your CDs to MP3s and is free. As I said, use MACL2004 to convert the tapes to digital music files if it does a good job, then use a cheaper and/or better program do the MP3 conversion. Eventually we will teach these companies that their success depends on us, the consumers.

Here’s something cool in a geeky sort of way. A friend’s project just got /.ed. For those of you who don’t know what that means, an article about it was posted on slashdot.org. As a result, a huge number of people flocked to his site, overloading the server.

Internet Archive Opens Wayback Code Under LGPL

However, he had some corrections to make.

And of course they got it all wrong. Heritrix != WayBackMachine.

Heritrix gathers web pages (harvests)
The WayBackMachine gives access to harvested material.

Also Heritrix is a new web crawler meant to replace the one that IA has been using (which is owned by Alexa Internet).

Both the /. post and the linked article say that it’s actually the crawler code that’s being released. The Wayback Machine is actually a separate part, and its code is not being released at this time.

Heh, since I started looking at the article, the title has changed. “Internet Archive Opens Crawler Code Under LGPL” is what it’s called now, which is accurate.

http://www.microsoft.com/downloads/details.aspx?FamilyID=e70a0d8b-fe98-493f-ad76-bf673a38b4cf&displaylang=en

Microsoft has finally released a tool to remove the Blaster worm. You know, the one that was running rampant months ago… A situation has been identified where the Blaster worm could have infected some systems before the application of MS03-026 [KB823980]. This tool will help remove the Blaster worm from these systems. For systems with MS03-026 [KB823980] or MS03-039 [KB824146] already installed, no further action is needed once this tool is installed. Install this tool to help remove this worm from your PC.

Someone got infected before MS released the patch to fix it? No way! Well, at least something can be done about it now. Better late than never I guess…

Also, check out Above The System Technologies, LLC. It’s something started by some friends of mine that I’m sort of involved with. It’s just taking off, but we’re a pretty well-rounded group of computer geeks. Check us out if you need hosting or some computer services.

Good news. McAfee VirusScan 7’s On-Access Scanner will catch the URL Spoofing vulnerability that I posted about before. If you get that warning when you try to view this page, it’s because of that post. As long as you don’t follow the example links, or don’t believe that the invisibill.net blog is actually at microsoft.com, you have nothing to worry about. My post contains exactly what VS7 says – a spoofed URL. The only thing it can do is trick you into going somewhere (invisibill.net) thinking it’s something else (microsoft.com).

I’ve also been informed that the Plane game I posted will run in Linux via WINE. For all of you who have been on the edges of your seats and biting your nails wondering about that…

In other news…

Plane! (27KB)

Another great time waster. Simply use your arrow keys to move your ship around so you don’t get hit. When you do get hit, you will be shown how long you lasted. Your time in seconds is at the end of the first small line of text. Note that is an executable, so save it to your hard drive and play it anytime you want. Friends have gotten as high as 33.448 if you want a goal. =)

And the latest web browser vulnerability. This one is a major problem on IE, a slight problem on Gecko browsers, and reportedly not an issue on Opera. It’s a new trick that makes an old trick harder to detect.

The “@ URL” trick has been around for a while. You can log into a website with http://username:password@www.something.com/. The trick involves creating a URL for your site that had a username consisting of what appeared to be a good domain name. For example, http://www.microsoft.com@www.invisibill.net/. This will take you to http://www.invisibill.net/ as user www.microsoft.com. Generally people would use character encoding (see NATATA Anti-Spam in my software section) to create a really long URL. Users would only see or understand the first part, www.microsoft.com. Opera has a neat method that warns a user when they click on a URL like this, and Bugzilla already has talk of adding a similar feature to the Mozilla browsers.

This is where the new vulnerability comes in. %01 is one of these encoded characters. It’s a special character that causes the browser to think it’s the end of what should be displayed. Like the above example, http://www.microsoft.com%01@www.invisibill.net/ will send you to http://www.invisibill.net/ as user www.microsoft.com%01. However, the %01 cuts off the browser display. Rather than relying on the fact that most people won’t notice or at least won’t understand everything after the first part of the URL, scammers can now completely hide the rest of the URL. In Mozilla, only the status bar is affected by this; the mouseover URL will be cut off. In IE, the status bar and the Address bar will both be cut off. If you click the Test button below in IE, you will see this page in your browser window, but the Address bar will still show http://www.microsoft.com.

Note that my domain’s URL forwarding puts the actual site into a frame with an unchanging URL showing. Use http://s87708598.onlinehome.us/ to access it without the URL forwarding stuff.

With this trick, and clever mouseovers and link names, even pros could be fooled, due to all the redirects that now result in a much longer URL than you originally used. This trick could make it much easier for scammers running copies of popular websites (in order to get you to submit information like passwords or credit card numbers) to fool people into believing it’s the legitmate site. Be extremely careful until this is fixed, and hand-type URLs just to be sure if you have to. Rather than following a link in an email to verify your information with some site, open your browser and type in the URL. It’s the best way to be 100% sure you aren’t being tricked into going somewhere else.

When I started my computer up this morning, KPF warned that my trial period was almost done. Trial period? It’s supposed to be free for home users…

Apparently that’s changed in the new version.

” After installation, KPF works as the full edition for 30 days, after which it becomes the limited free edition. … Limited free edition does not provide the content filtering capabilities such as blocking pop-up windows, ads, VB scripts, cookies, etc. and other extra features. Please see the comparison table for more details.”

http://www.kerio.com/kpf_comparison_version.html

It’s mostly just the content filter and a few other little things that stop working after the first thirty days. You can easily compare the free version against the full paid version, as well as version 2.1.x. Take a look at that and figure out which one suits you best. Also note that you get a 12 month subscription for updates and upgrades when you register, not the old-fashioned type a license for the current major version. You might end up with v4.0.0.0.1 after that year, or you might end up with v6.5.