nethub.org

Sorry, but I couldn’t resist.

I’ve been running Windows Vista on my laptop for several weeks now to try it out and figure out some of the headaches that it will undoubtedly cause for those responsible for maintaining and supporting computers around the world. I’ll give it to Microsoft, they definitely know how to make you feel like you need to upgrade. My laptop, a Dell 600m with a Pentium M 1.6 GHz processor, ran sluggishly with Vista and 512 MB RAM. So, I upgraded to 2 GB and it runs a little better. My computer, which is fairly up to date hardware-wise, got Vista’s lowest performance rating of 1. I’m betting that greater than 90% of computers out there will get this rating (if they’ll even run Vista at all!).

My brand new Microsoft Wireless Notebook Optical Mouse 4000 doesn’t work right at all in Vista. The scroll wheel works sometimes, and the software won’t install because it requires Windows 2000/XP to install. My ATI Radeon graphics chipset does not perform even close to the same in Vista as it did in Windows XP. Don’t even bother trying to hook up an external monitor with a different resolution, it will cause problems. If you like to suspend your computer at night when you go to bed, count on Vista locking up about 75% of the time when you try to resume.

I’ve run into quite a few programs that simply refused to run on Vista, and others that are severely broken when you try to run them in Vista. While I applaud Microsoft for trying to make things more secure, they have made accessing the Application Data folder very difficult, and have blocked off some things that should be more easily accessible if you have administrative clearance. In Linux, if you type in the root password, you have root access to do what you need to do, even if it’s just change some settings. In Vista, if you want to do something that requires administrative access, sometimes it’s as simple as clicking continue, other times, it’s near impossible without significant effort to make something happen.

I just ordered in a new hard drive so I could have one drive for Windows and one for Linux. However, I will be loading Windows XP and dumping Vista when the drive comes in. I’m done with the hassles of broken programs and having to fight with the security to let me access simple settings.

BitTorrent has received $8.75 million from a venture capital firm. Their goal is to make the BitTorrent technology attractive to Hollywood and legitimize their business. Many have viewed BitTorrent as a program that promotes piracy, but BitTorrent is very useful in the distribution of legitimate content without the large bandwidth cost of offering that content for direct download. I’ll be very interested to see what direction they take. I hope BitTorrent doesn’t become some kind of ad-supported spyware nightmare.

I always figured BitTorrent would be acquired by Google. Maybe someday it will be.

Well, it was bound to happen.

Microsoft is releasing a competitor to the popular PDF format in their next release of Windows called Metro. Metro will be based on XML and will have royalty-free licensing.

Not at all surprised. Could actually be a good thing, because I hate the proprietary nature of PDF. I’m sure there’s a catch… after all, it is Microsoft.

phpBB Group announces the release of phpBB 2.0.13, the “Beware of the furries” edition. This release addresses two recent security exploits, one of them critical. They were reported a few days after .12 was released and no one is more annoyed than us, having to release a new version in such a short period of time.
Fortunately both fixes are easy and in each case just one line needs to be edited.

The first issue is critical (session handling allowing everyone gaining administrator rights) and we urge you to fix it on your forums as soon as possible: (code removed)

A second minor issue reported to bugtraq several days ago was the path disclosure bug in viewtopic.php which got fixed by applying the following steps: (code removed)

As with all new releases we urge you to upgrade as soon as possible. You can of course find this download available on our downloads page. As per usual three packages are available to simplify your upgrade.

I had to remove the code because b2evo doesn’t like code. The code is available at http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=267563.

version 1.1.4 (2/24/2005):
* Fixed a bug where Yahoo! would lose messages (and any other packet really)
* Correctly show the time when incoming Gadu-Gadu messages were sent (Carl-Daniel Hailfinger)
* Fixed crashes with glib 2.6
* Fixed MSN crash when conversations time out after the conversation window was closed
* Fixed an html parsing bug, CAN-2005-0208

All Firefox users are encouraged to download security update at mozilla.org

February 24, 2005, (Mountain View, CA). The Mozilla Foundation, a non-profit organization dedicated to preserving choice and promoting innovation on the Internet, today released an update to its award-winning Firefox 1.0 browser. The Firefox security update is available for the 27 million users who have already downloaded the free browser. The Mozilla Foundation encourages all users to download the update, which is available now on all platforms at www.mozilla.org.

“Regular security updates are essential for maintaining a safe browsing experience for our users,” said Chris Hofmann, director of engineering for the Mozilla Foundation. “The Mozilla Foundation has developed a community of users and developers who continuously provide feedback on Mozilla software, and as a result of that constant vigilance, we are able to provide quick and effective responses to security vulnerabilities.”

The Mozilla Foundation evaluates security issues on an ongoing basis and will issue security updates as warranted. The security update for Firefox includes several fixes to guard against spoofing and arbitrary code execution. More information is available in the release notes at http://www.mozilla.org/products/firefox/releases/.

Firefox has been widely praised for its stability, trustworthiness and innovative features including tabbed browsing, live bookmarks, built-in pop-up blocking, and hundreds of available extensions. SC Magazine, a leading security magazine, recently awarded the Mozilla Foundation with its Editor in Chief award. The browser has been downloaded more than 27 million times and is available in 28 languages.

phpBB Group are pleased to announce the release of phpBB 2.0.12 the “Horray for Furrywood” release. This release addresses a number of bugs and a couple of potential exploits. It also adds a new feature in the form of an ACP based version checker (maintainers of language packages please take note of the need for the additional localised string!).

Please note, the exploits of which we’ve been notified and which are addressed in 2.0.12 are in absolutely no way to blame for the loss of www.phpbb.com which we are still extremely confident was the fault of an outdated awstats and kernel.

However one of the potential exploits addressed in this release could be serious in certain situations and thus we urge all users, as always, to upgrade to this release as soon as possible. Mostly this release is concerned with eliminating disclosures of information which while useful in debug situations may allow third parties to gain information which could be used to do harm via unknown or unfixed exploits in this or other applications.

As with previous releases three different packages are available:

* Full Package
Contains entire phpBB2 source and English language package
* Changed Files Only
Contains only those files changed from previous versions of phpBB. Please note this archive contains changed files for each previous release
* Patch Files
Contains patch compatible patches from the previous versions of phpBB.

Select whichever package is most suitable for you.

Please ensure you read the INSTALL and README documents in docs/ before proceeding with installation or updates!.

Note to 2.0.3 users intending to use the patch file version

Users of 2.0.3 intending to use the patch version may (but not necessarily will) need to run fixfiles.sh (found in the contrib/ directory with the downloaded archive) before patching.

We recommend that all 2.0.3 users do a “dry run” patch first to see whether this you need to use this fix. To do this append –dry-run to the patch command, e.g. patch -cl -p1 –dry-run phpBB-2.0.3_to_2.0.12.patch. This will prevent any permanent changes being made to your installation. If you experience numerous (literally dozens and dozens) of hunk failed messages this applies to you.

To correct this problem go to your phpBB root directory, copy the fixfiles.sh to this location, chmod u+x fixfiles.sh and type ./fixfiles.sh. This will strip windows style carriage returns present in the 2.0.3 source

What has changed in this release?

The changelog (contained within this release) is as follows:

* Added confirm table to admin_db_utilities.php
* Prevented full path display on critical messages
* Fixed full path disclosure in username handling caused by a PHP 4.3.10 bug - AnthraX101
* Added exclude list to unsetting globals (if register_globals is on) - SpoofedExistence
* Fixed arbitrary file disclosure vulnerability in avatar handling functions - AnthraX101
* Fixed arbitrary file unlink vulnerability in avatar handling functions -AnthraX101
* Removed version number from powered by line
* Merged database update files to update_to_latest.php file
* Fixed path disclosure bug in search.php caused by a PHP 4.3.10 bug (related to AnthraX101’s discovery)
* Fixed path disclosure bug in viewtopic.php caused by a PHP 4.3.10 bug - matrix_killer

This new release fixes two critical security issues:

- Remote DoS on receiving malformed HTML
- AIM/ICQ remote denial of service

I recommend downloading the new version ASAP! Good work to the gaim team!

Reuters
Microsoft Buying Anti-Virus Software Maker
Tuesday February 8, 2:34 pm ET
By Reed Stevenson

SEATTLE (Reuters) - Microsoft Corp. said on Tuesday it would buy anti-virus software maker Sybari Software Inc. in a direct challenge to Symantec Corp. and McAfee Inc., which currently dominate that market.

If Microsoft, the world’s largest software maker, bundles anti-virus features into its Windows operating system, security software makers could feel the pressure, analysts said.

“Microsoft’s acquisition of Sybari will get them into the (business) anti-virus market specializing in e-mail protection, a negative for Symantec and McAfee,” said Sterling Auty, an analyst with JP Morgan.

McAfee shares were down 8.55 percent, or $2.24 to $23.72 in afternoon trade on the New York Stock Exchange. Symantec, which recently bought storage software company Veritas to diversify and reduce its dependence on security, was down 5.64 percent or $1.33 to $22.27 on the Nasdaq.

The DOJ needs to step in here. Microsoft should not be entering new markets so it can force all of the other companies out of business. McAfee and Symantec are synonymous with security software, but if Microsoft gets its way, those companies will be out of business.

Abuse of monopoly power much, thanks?

K-Meleon is another browser based on the Mozilla/Gecko engine, but runs a bit faster than Firefox. Sorry Linux guys, it’s Windows-only. They just released version 0.9, which is based on Mozilla 1.7.5.

K-Meleon 0.9 Released

K-Meleon 0.9 is the latest release of the fast and customizable browser that can be used instead of Internet Explorer on Windows. Powered by the same Gecko engine as the Firefox and Mozilla browsers, K-Meleon provides users with a secure browsing experience. K-Meleon features include:

* Support for Bookmarks, Favorites and Hotlists
* Layers(Tabbed Browsing)
* Integrated search tools to search Google or configurable to use your favorite web resources
* Enhanced privacy and security features to protect against spyware and viruses - block pop-ups and web sites that try to change your home page or download spyware!
* Unique right-click toolbar buttons allow quick access to additional features and settings
* Complete customization of all menus and toolbars
* Configurable to use your mail and news programs

K-Meleon 0.9 can be downloaded from:

http://prdownloads.sourceforge.net/kmeleon/kmeleon09.exe?download

Releases Notes:

http://kmeleon.sourceforge.net/wiki/index.php?id=ReleaseNotes09

Additional resources are available at:

http://kmeleon.sourceforge.net/

K-Meleon - It’s Your Browser

I downloaded it from Sourceforge, and after playing with it a little, I really don’t see much of a difference on this computer. From what I’ve heard, it may be an ideal choice for those out there with a slower processor. I’ll continue to play with it over the next few days and revisit it after I’ve had more time to play around with it.

-Jeff