Alex K's Blog

Keep your filthy, money-laiden hands off my propperty!

2006-10-30T19:38:00.000-07:00

The inspiration for this rant came from a BetaNews article. Seagate will be releasing new hard drives. But what makes these hard drives special, in a bad way in my opinion, is that they will have encryption at the hardware level.
"Well that's great!" you're probably thinking. But further down the article, ahem, past the banner ad about something or other is this.

Along with this arguably compelling new technology, though, will come a component that has been a perennial wellspring of controversy ever since its inception: hard-wired digital rights management, such as the capability to lock down write operations
within a DV-R based drive to only those that have been authorized by a certified server.

This probably includes drives on PC's. So they want to control exactly what is written to the drive, eh?

So Seagate is being very careful today how it positions its announcement of the unveiling of hard drives with a Trusted Platform Module (TPM) component for PCs, knowing full well that the capability for one's hard drive to overrule the operating
system -- and, with it, the authority of the user or administrator with regard to what files can be written, where, and when -- is not necessarily something consumers automatically view as a "feature."

That's quite right. I don't view this as a feature. I don't want anybody or anything controlling what i can or cannot write to the hard drive.. After all, I bought it, so it should be legally mine, unless i have to sign a contract saying that I don't actually own the drive, I just 'use' it, in which case I won't be buying it. Not that i would buy a drive with hardwired DRM in the first place.

As you can probably tell, I dislike DRM. Now, the RIAA and MPAA would say that I dislike it because I pirate movies and music. I don't. I dislike DRM because I don't want a power-hungry psychopath controlling what I can or cannot do on a computer.

Key to the success of Seagate's architecture will be the integrity of the chain of communication between the TPM module on the PC -- upon whose existence DriveTrust will depend -- and the TPM on the hard drive (HDD). With the hard disk drive
itself being one of the most closed systems in a computer assembly, it becomes relatively easier to secure the chain of communication between the CPU and HDD using hardware-based authentication. This disables any third party or unauthorized
device from siphoning off portions of the bit stream, whether using hardware or software.

This kind of copying is a concern to content providers, including movie studios, that have to date been reluctant to throw their support behind any form of digital content recording system, until it can prove itself impenetrable to incursion
for the purpose of making surreptitious copies.

Of course they wouldn't like it. Not only would people be able to sell copyrighted media, but then people would be able to listen to their music and watch their movies any way they wish. That would be absolutely horrible! We certainly don't want people being able to listen to music or watch movies anywhere, we want them to sit in front of their computers all day.

The whole design behind viruses involves the ability for malicious code to hide in unmonitored locations (perhaps in plain sight) on hard drives, and replicate itself to similar locations elsewhere, these days using networks. With a new, TPM-anchored
root-of-trust scheme in place, and with the operating system supporting the TCG stack (as Microsoft's already does), only authenticated transactions could enable data to be written to hard drives.

That's all well and good, but how would the hard drive know if a program that wants to write to the hard drive is a virus or legit. Are they saying that I'll have to authenticate every program i want to be able to write to the drive? Sorry guys, that's not gonna happen.

But that raises the question. Do they mean that "You" will be able to authenticate write operations, or will some over-payed slob decide all that for me. I can just imagine buying a computer, booting it up, and receiving this message. "Your write operation request has been submitted for authentication. Please allow five to ten business days to receive authentication. WARNING: Any unauthorized write operations to this disk will result in severe penalties, and you will be tried by the Supreme Court of the united States of America. And don't think you're safe just because you live in another country. We will use any means necessary to punish you for this evil crime against society."

Defending the big guy

2006-10-27T21:34:00.000-06:00

"Get Firefox, and never have to worry about security again!" "Get Firefox today, and avoid spyware forever!" "Firefox is the best browser in the world!" "Get Firefox today, because Internet Explorer suck!" "Screw IE! Get Firefox!" "Microsoft is evil, they suck, and they're trying to take over the world using mind-control devices created by alien races who are much more technically advanced than we are! They are working with the Borg! O, and did I mention they're evil?"

Like so many others, I was taken in by the 'Firefox frenzy' as I like to call it. I was convinced by people like Leo Laporte, whom i don't trust anymore for various reasons, as well as hundreds of other articles and ads all over the Internet and other media, that Firefox was way more secure than IE. I was convinced that Firefox would keep me safe from all the bad guys out there on the net, as so many others were. However, after doing some research, and using plain old common sense, i have come to different conclusions.

Firstly, take a look at how many people who work full-time on developing Firefox. From an article I read that was written in 2004, I gathered that there were about ten full-time, payed developers. (I can't provide the link for the article right now, because either my or my ISP's DNS is screwed up.) That's right, ten! I'm not sure how many there are today, but surely there can't be as many payed developers working on firefox as there are working on Internet Explorer.

Many people claim Firefox is more secure just because IE is so widely used that all energy is being focused on exploiting it instead of Fiefox. But as more people start using Firefox, all these guys who create exploits for IE will change their focus. They will start targeting Firefox users, many of whom probably think that by using Firefox, they are automatically safe on the net. Sorry guys, but security through obscurity is only effective for so long.

I am in no way bashing Firefox here. It is a great browser, and I do use it often, particularly when downloading large files, because of its resume capabilities and because it seems to download files much faster than IE. Sure, you can get download accellerators fo IE, but I prefer to keep things simple. But nothing beats the web pge compatibility that IE has. There are quite a few pages that do not work propperly in Firefox. This brings me to another thing that you see quite often. Those "This page is best viewed in Firefox." messages. People who use these messages are either trying to get people to download Firefox, or they are clueless, incompitent web designers who only know how to design pages specicically for one browser.

This 'Firefox frenzy' has taught me a pretty valuable lesson. Never trust the media until doing reaearch, no matter how hard they're tring to push something. Common sense is also pretty handy too.

Trojan horse installs antivirus software to remove competing malware

2006-10-23T20:52:00.000-06:00

Hmmm...This is very interesting.

In addition to setting up a compromised computer to relay spam, one example of malicious software also installs Kaspersky Lab's antivirus program to get rid of
competing malicious software.

The culprit is a Trojan horse sometimes called "SpamThru," according to
a write-up by Joe Stewart
, a researcher with SecureWorks. "SpamThru is a money-making operation, and the author takes great care to make sure that detection by the major vendors is avoided by frequently updating the code," Stewart wrote last week.

When it first gets onto a PC, SpamThru connects to a control server and subsequently installs a pirated copy of Kaspersky AntiVirus, Stewart wrote. The system then starts a scan for malicious software, skipping files that it detects are part of its own
installation, he wrote.

"SpamThru takes the game to a new level, actually using an antivirus engine against potential rivals," Stewart wrote. "Any other malware found on the system is then set up to be deleted by Windows at the next reboot."

(CNET News)

Internet Explorer 7 is out

2006-10-22T20:08:00.000-06:00

Actually, it came out on Wednesday, but I didn't get around to blogging about it. Here is the download link.

Mozilla Firefox 2.0 RC3 is out

2006-10-16T20:32:00.000-06:00

For anyone who's interested, Mozilla Firefox 2.0 RC3 is now out.
You can download it here.

Windows XP Service pack 1 no longer supported

2006-10-10T18:48:00.000-06:00

Personally, I don't think ending support for SP1 will cause many people to update to SP2. Almost all technically inclined Windows users have updated already. And most of the new users out there never update Windows anyway. As for people who have had problems with updating to SP2, it's probably because you've got spyware. It's best to install sP2 with the cleanest system possible.

Microsoft is officially
ending support
for Windows XP Service Pack 1 and SP1a Tuesday, with users being recommended to install SP2 as soon as possible. The move means that no more security updates will be released for the now-obsolete version of Windows.

Windows XP SP2 was released on September 17, 2004, and Microsoft notes that it provided two years of support to SP1 customers since that time. The company traditionally offers only 12 months of support for previous service packs, but because SP2 was a
major upgrade to Windows XP, Microsoft opted to give customers additional time for deployment.

(Betanews)

Microsoft may offer discounted copies of Vista to computer customers who purchase during the holiday season

2006-10-07T23:07:00.000-06:00

It sure would be cool if Microsoft went ahead and did this.

Microsoft is set to offer either free or discounted Vista upgrades to those who purchase new computers during the holiday season, press reports indicate. To qualify for the coupons, a PC would need to be purchased after October 28 of this year, and the
upgrade would be good through March 15, 2007.
The Redmond company would not confirm the program publicly, other than saying "we're working with partners on this." Reports indicate that the free or discounted upgrade would be based on the version of operarting system installed.

(Betanews)

Windows Vista is out -- Last build before RTM

2006-10-07T15:23:00.000-06:00

As expected, Microsoft on Friday issued the second release candidate of Windows Vista - the last public build before the next-generation operating system is released to manufacturing. As with the interim build before it, RC2 will be available to a limited
number of CPP participants, beta testers, as well as TechNet and MSDN subscribers.
"Since the release of Windows Vista RC1, Microsoft has continued to receive excellent feedback that is helping to improve the overall quality and performance of the product," a company spokesperson told BetaNews. "RC2 reflects that feedback and includes
important improvements in performance, application compatibility and fit and finish work. Customers should verify any outstanding issues not addressed during their RC1 testing."

(Betanews)

Small hole found in the space shuttle Atlantis, but no vital systems were damaged

2006-10-07T00:06:00.000-06:00

(CBS/AP) NASA workers inspecting space shuttle Atlantis this week discovered that a tiny piece of space debris had punched a hole in a radiator panel during the shuttle's recent mission, but officials said the damage never endangered the crew.

The first reports said nothing hit Atlantis in flight, but now, NASA says a micro-meteoroid struck a radiator panel and caused a hole about a tenth of an inch wide, reports CBS News correspondent Peter King.

The debris struck a panel that extends from payload bay doors on the shuttle. The object did not hit the sensitive tiles or thermal panels that help protect the shuttle when it returns to Earth.

The damage "didn't endanger the spacecraft or the crew, nor did it affect mission operations," NASA said.

So why wasn't it found during one of the three detailed inspections in space during the mission? King reports NASA says it was in a spot that's not exposed to the fiery reentry, and the inspections focused on the areas that were, such as the shuttle's
heat shield, which checked out fine.

The radiators were brought inside the bay before the shuttle's landing last month.

In 2003, space shuttle Columbia broke apart during re-entry when superheated gases entered a hole in the shuttle's wing. A breakaway chunk of hard foam from Columbia's external fuel tank had punctured that wing during liftoff. After the Columbia disaster,
NASA began intense inspections of the shuttle, both by camera during liftoff and by the astronauts once in space.

Otherwise, Atlantis' land Sept. 21 was a graceful ending to a strange flight, reports CBS News correspondent Bob Orr. First there was trouble getting off the ground — launch was delayed four times, twice by weather and twice by technical glitches — and
then more trouble coming home. Several objects seen floating near the orbiter after it left the space station.

(CBS News)

parents kidnap bride to prevent marriage

2006-10-06T19:06:00.000-06:00

These parents must have been really desperate! Either that or they were too stupid to know that kidnapping is illegal.

SALT LAKE CITY -- A pre-wedding shopping trip for a 21-year-old bride ended with felony charges against her parents, who she says kidnapped her and drove her 240 miles to Colorado, trying to talk her out of the nuptials along the way and holding her until
she missed the ceremony.

"I've never had a case quite like this," Utah County Attorney Kay Bryson said Tuesday after charging Lemuel and Julia Redd with second-degree felony kidnapping.

Bryson said he met with the couple's daughter, Julianna, and her now-husband, Perry Myers, before charging the parents. "It is strange that parents would go to that extent to keep an adult daughter from marrying the man that she had chosen to marry," he
said.

The Redds told their daughter they were taking her on a shopping trip Aug. 4 and then drove from Provo to Grand Junction, Colo., according to Provo police Capt. Rick Healey. Myers, 23, called police when his bride didn't attend a pre-wedding dinner with
his parents that night.

The Redds spent the night in Colorado and drove back to Provo, about 40 miles south of Salt Lake City, the next day, Healey said. They arrived after the young couple was supposed to have been married in a ceremony that day at The Church of Jesus Christ
of Latter-day Saints Temple in Salt Lake City.

"I was totally confused and manipulated," Julianna Myers told KTVX-TV in Salt Lake City. She said she supports the charges and hopes her parents get help.

"They had their concerns, their reasoning," she said. "Honestly I don't understand. It had nothing to do with Perry."

Bryson said after reviewing the police investigation it was clear a crime was committed.

The couple, both students at Brigham Young University, were married in the temple on Aug. 8, Myers said. They are expecting their first child in May.

"We were just glad the way it ended and she just came back and she was OK," Myers said. "We've gone forward since then.

Lemuel Redd, 59, and Julia Redd, 56, were charged Friday and are scheduled to make an initial court appearance Oct. 26. If convicted, they could face one to 15 years in prison.

A call to a listing for Lemuel H. Redd at the address in Monticello, Utah, listed in court documents went unanswered Tuesday. No attorney for the Redds is listed in court documents.

(Seatlepi.com)

Microsoft to release 11 security updates on Tuesday

2006-10-05T15:37:00.000-06:00

On October 10, Microsoft will issue 11 security bulletins as part of this month's Patch Tuesday. Six of the updates affect Windows, with the highest severity being "critical." Another four patches will cover Microsoft Office, also with critical severity,
while a moderate fix is slated for the .NET Framework.

(Betanews)

Comment moderation Disabled

2006-10-05T15:35:00.000-06:00

i have dcided to disable comment moderation and see how things will work out. Hopefully we won't be receiving a comment like the one that made me decide to turn it on.

Looks like Windows Vista wil include a "kill switch"

2006-10-04T17:33:00.000-06:00

Microsoft has denied that Windows Genuine advantage, the Microsoft anti-piracy tool, would have a "kill switch" to disable non-validated copies of Windows. Now, it appears Microsoft will include one in Windows Vista. Wel actually, it's not a "kill switch", but it's as close to one as you can get. Basically, if Microsoft thinks your copy of Windows is not a legal copy, or if it isn't, (which hopefully will be the case 100% of the time), Windows Vista will go into a "reduced functionality mode" where certain features of Vista are unavailable. If you still do not validate your copy of Windows, Windows will not become unusable, but it will be almost completely useless. You will only be able to browse the web. There will be no Desktop or Start menu, and the desktop background will be completely black.

For more info, read this article.

Comment Moderation Now Enabled

2006-10-01T21:21:00.000-06:00

In light of the recent comment posted to the blog, I have decided to enable comment moderation. Any comment like this one will NOT be let through.

My Two Cents on the Mac vs. Windows Ads

2006-09-29T19:07:00.000-06:00

We've all seen those Mac ads that have been around since June. You know, the ones with the lovable PC character and the snobby arrogant Mac character. Well, today I'm going to talk about that snobby Mac guy.

Ever since these ads started aring, I wondered why they had the guy act all arrogant and stuck-up. Are they saying that Mac users are arrogant and stuck-up? I'm not a Mac user, but if I were, I would probably be slightly, or maybe greatly offended by these ads, which would portray me, a Mac user, as a snobby, arrogant jerk. Or maybe the guy just reflects the personalities of the Apple marketing team.

Yet Another Zero-Day Exploit Attacks Windows

2006-09-29T12:34:00.000-06:00

When will it ever end!

Sample code is circulating on the Internet for an attack using a flaw that Microsoft knows about, but has not yet fixed.
On Thursday, Microsoft warned people about a vulnerability in the Windows Shell, the part of the operating system that presents the user interface. The flaw affects Windows 2000, Windows XP and Windows Server 2003 and could be exploited via the Internet
Explorer Web browser through a component called WebViewFolderIcon, the company
said in an advisory.
"An attacker could host a specially crafted Web site that is designed to exploit this vulnerability through Internet Explorer," Microsoft said. "An attacker who successfully exploited this vulnerability could gain the same user rights as the local user."

While sample exploit code has been published, Microsoft said it has not yet seen any related attacks. The vulnerability was actually discovered two months ago, but the code only surfaced this week, according to the
French Security Incident Response Team.
Security monitoring company
Secunia deems the issue "extremely critical
," its most severe rating. Microsoft said it is working on a fix and plans to release it on Oct. 10 as part of its regular patch cycle. Meanwhile, it suggested several workarounds in its advisory to protect Windows systems. [CNET News]

HTMl Test

2006-09-25T17:45:00.000-06:00

This is just a test to see if it lets me use HTML tags. It better!

Aren't Macs PC's?

2006-09-25T17:42:00.000-06:00

the mac vs. PC debate has been going on for years. Everywhere you look on the net, people are arguing about, causing flame wars over, and very occasionally discussing the advantages and disadvantages of the two. And now, Apple is airing “Get a Mac” commercials,
some of which are extremely inaccurate… But that’s for another rant.

However, I think Mac vs. PC is not correct. It should be Mac vs. Windows, not Macs vs. PC’s. Are Apple and Mac supporters, then, saying Macs aren’t PC’s? What are they then? Servers? (And I’m talking about standard OSX here.) Are they work stations perhaps?
Supercomputers? Nuclear weapon control centres?

Macs are personal computers. Therefore they are PC’s. They are PC’s made by Apple, with Mac OSX on them. I find it pretty funny that Apple doesn’t realize that they are, in fact, making PC’s. Or maybe they do, they are just trying to doop people, or fool
themselves. Or they just don’t want to associate themselves with those dull grey boxes.

So, I don’t think it should be Mac vs. PC’s. It should be Mac vs. Windows.

Welcome to the New Blog!

2006-09-25T17:35:00.000-06:00

Hi, and welcome to the new blog. For various reasons, I have decided to switch from Wordpress to Blogger. the last Wordpress blog post will be coming shortly.