a little slice of geek

Recent News Round-Up : June 18th

It’s been a while so bare with me while i remember where the SUBMIT POST button is…

I thought I’d mix it up a little for this one, time to recap all those little stories from the past few weeks. The ones that nobody gets to hear about due to the massive influx of blog posts about either Ubuntu, Debian’s security flaws, team fortress 2 or indeed Firefox managing to DDoS itself. Let’s go…

Wii Menu Version Update Removes Homebrew Hopes

This was probably always on the cards, but yes, Nintendo have now updated all Wii consoles to Wii Menu Version 3.3. In short this stops any and all homebrew attempts dead in their tracks. All suspicious save game files (commonly used to exploit the menus) are detected and removed entirely. No more homebrew goodness for wii owners for now.

A Trojan For Your Router, What Next!

Indeed, a new variant on an existing Trojan, now named DNSChangerTrojan, is targeted specifically against week public use, consumer level routers. The theory behind it is all in the name… A DNS record is stored for every website known to man, its a small line of text that translates a domain name, like www.google.com for example into it’s base IP address. With he IP address your router/ISP can go and fetch whatever it is you requested. The DNSChangerTrojan infects and modifies the most common of these records, for example, again, google.com. Instead of translating that domain to googles’ IP address it will falsely translate it into the IP of something a bit more sinister, usually a known malware site, a known phishing site or hardcore gay midget pornography… If you only saw two negatives in that list, you need help…

Lancashire Police Persued For Illegal Broadcasting

This is a strange one, to cut a logn story short, Chief Constable Steve Finnigan of Lancashire police authorised someone to pump live radio stations to each of the 34 police stations in the area, so that the officers could listen to the radio whilst in the office. Seems reasonable, until you realise that the radio is not yours to re-broadcast, in fact, any broadcasting of any material that wasn’t yours to begin with needs a license. Remember a “broadcast” is classified as more than one person being able to hear something that you are playing…

The PRS (performing rights society) have come down hard on the police, requesting an immediate application for a license be made, in the mean time they have gone to the high courts to seek an injunction against the broadcasting taking place.

Silly Billy’s

Western Digital :: 20,000rpm And Silent As A Whisper

Western Digital are mostly known for their Raptor line of hard drives. In the beginning there was the 36Gb Raptor, they then kept the same body and housing, but crammed 74Gb in there. Next they took the 74Gb platter of the 2nd generation of Raptors and put two of them into a single drive. This gave birth to the 150Gb Raptor (the third in the series). Obviously after this they ran out of money or their lead technical engineer died or something, because all they came up with was renaming the existing 150Gb raptor to the RaptorX 150Gb and stuck a poncy window on the front of it. Now we have the 300Gb monster, dubbed the VelociRaptor (very clever WD). All of these drives spin at 10,000rpm.

Recently we got wind of WD’s new plans. Completely redesign the housing and drive mechanisms, achieve a sustained spin rate of 20,000rpm and the drive must be silent. Sure if they can do that it would be awesome, possibly even rivaling the might of SSD’s (which will start to become affordable in about 12-18months.

We must wait and see, they have a release planned for the start of 2009…

That is all for this recent news roundup, read it and be happy.

Fin

OpenSSL Security Flaw Found In Debian

Linux users can stop being so smug as of right now, no longer are they untouchable in the realms of e-security. The debian team themselves highlighted and announced today they have discovered a rather large flaw in the system used in generating cryptographic keys for things such as SSH and OpenVPN.

The flaw? Well, all keys are made up using an algorithm involving a pre-generated random number, something which in itself is impossible to get and must be equated using a calculation or seperate algorithm. Herein lies OpenSSL’s flaw.

With this in mind, the one point of weakness in the entire system of generating security keys is the beginning random number, if this number is known to an outsider, the entire system of security is compromised as the cryptographic keys can be reverse-calculated using the same algorithm and the known random numer.

As you can imagine, this is a rather large flaw considering it affects every system using a debian linux kernel, this includes every variant of ubuntu (xubunut and edubuntu). A patch has been released by the dev team at debian now so all users need to do is upgrade and it will be fine… Better do it wuick before the hackers come and find you!!!

Pfft… and you thought linux was safe

Demonoid is alive and kicking!

That’s right, the popular, semi-private, Netherlands Canadian Brazilian/Ukranian (sp?) hosted bit-torrent search engine and tracker is now back on-line and fully functioning for the first time in EXACTLY 6 months.

To recap for those who have been living under a rock for the past year, here’s a quick account:

• Demonoid is hosted in the Netherlands
• Dutch anti-piracy authority BREIN pressures demonoids’ ISP, “Leaseweb” for a takedown
• Time passes and Deimos (demonoids’ admin and owner) decides the Netherlands are not safe anymore
• Demonoid servers are moved to Canada (the apparent safe-haven due to lack of copyright laws)
• After a few weeks downtime, demonoid is back up and running in Canada, but not for long (for reference, this is June 07)
• Canada didn’t last long, at the beginning of September 07, the CRIA put pressure on demonoids ISP’s and forced a momentary takedown. This takedown was reversed and demonoid came back online, still in Canada but blocking all traffic from Canadian sources, both to the tracker and the HTTP server side of things
• November 9th, the fateful day, after continued and extremely persistent pressure and hassle from the CRIA demonoid closed it’s doors, seemingly for good. Until now that is.

TO fill in the gaps after novemebr 9th to present day, well, a lot of small thigs happened, for example around mid-February demonoids trackers came online, aparently in the ukraine, this was short lived, approx 2 days later they disappeared again.

A forum was quickly set up on the day of demonoids closure, there was very little ACTUAL information in this forum, there was a lot of people offering money, alot of people offering solutions on where to host the new servers (obviously assuming there would still BE servers) but only one or two official words of wisdom from Deimos, which mainly consisted of telling us he had personal issues he needed to sort out before the site would come into play.

Well, it seems these personal issues, whatever they may be, are still present, Deimos has officially signed off from demonoid and handed over the running and administration to a personal friend, he has asked that respect be given to him the same as it was to Deimos.

As a side note, all existing user accounts are active, as long as they were active at the time of closure in November. Registrations are closed, so for the moment at least, demonoid is remaining private.

Rule No1. Stay Away From Wordpress 2.5

Right, where to start… If, like me, you can’t stand the annoying prompts and orange-ish notification bar in the admin panel, you will probably end up succumbing to the messages and installing the latest offereing from the… people… at wordpress. Enter, Wordpress 2.5.

Supposed to fix a lot of things, supposed to make doing a lot of things easier, supposed to… well, work for a start. Upgrading was painless, all the files went up, the details changed in the sample config file, went to see what difference it made, ah, ok, well before i started I had a working blog, now I have a page with an error on it, nice, no matter what way i tried to make the error message look cool, it just couldn’t beat my _actual_ content </sarcasm>

Now, I’ve heard a lot of things about wordpress support, the forums are usually held in quite high regard, so i whizzed on over, typed in the error message that I got and went to the first thread i found… This one here. Needless to say I was less than impressed user “selfobliged” should feel ashamed.

After about 30mins of testing different things, following leads on certain error messages, changing bits in the config file, making sure every file had been uploaded properly, I gave up, and right now I’m still sitting on WordPress 2.3.2

I don’t know about you, but I’d rather have all my plugins work, have a working blog, and deal with the annoying alerts than have no blog at all.

This is a public message of thanks to the developers at wordpress, good job, no i mean it, it takes dedication to make a complete load of crap last so long in development, seriously, kudos on that one.

Bunch of ass hats…

So… Creative Are Getting A Bit Nasty

Ok, ok, let’s all stop the fighting and arguing for a second… Take a step back, here’s my account of what’s gone on thus far:

• Creative release drivers for vista
• Users download vista driver pack and find it to be nearly unusable in any productive way
• Users complain
• Users complain
• Users complain
• One user doesnt complain and actually uses his brain (wow, on the internet??)
• This user was “daniel_k” or Daniel Kawakami to be exact
• DK ripped apart creative’s vista driver pack, he rebuilt it, enabled the crippled features, turned on the disabled options and generally made it work!
• DK distributes new driver pack to everyone and all for nothing but the request of a voluntary donation
• Creative go all legal-law whoop-ass on DK and pull the ol’ Intellectual Property shizzam on him
• DK is forced to remove the driver pack from any and all forum posts or else get taken to court (I don’t know about you but I dont fancy being on the defense against creatives lawyers)
• Calm
• Calm before the storm
• Storm
• Internet erupts
• Users globally start to ditch Creative products
• 100’s of thousands of posts and views to creatives forums in anger
• Brings us to present day

My own view is Creative are most definately in the wrong, first they cripple the drivers in vista for no apparent reason, then they crush the efforts of free help they got from DK, then threaten him with legal action, then alienate the entire internet, lol…

If ever there was a time to keep your mouth shut Creative, it would have been about 3 days ago *clap**clap*

BD+ Copy Protection Cracked - BluRay DRM

Looks like slysoft have done it. In their latest offering of their popular “AnyDVD” application (named “AnyDVD HD“), the eye-catching bullet in the feature list is:

• New (Blu-ray): Removes the BD+ protection from Blu-ray discs!
  (for increased compatibility with titles released by Twentieth
  Century Fox)

Sounds good to me, for those who don’t know BD+ is the content protection and Digital Rights Management (DRM) component of Blu-Ray Movies, invented by the smart arses at Cryptography Research Inc. This is the little blighter that prevents copying and tracks playing on different machines. Without it, the content on these discs is open for all to play with, copy as you like (if you can afford the hardware) and play on any amount of players… Tasty!

More info on BD+ is available from Cryptography Research Inc. HERE

UK Retail Games Sales Surpassed Music Sales

The ERA (Entertainment Retailers Association) have published the latest figures for the UK’s public buying habits with regard to Music, DVD and Games. What has been forcasted for years has now happened, sales of video games have surpassed that of music. Take a peeka t the figures below:

2005:
Video/DVD: £2,196m
Music: £1,839m
Games: £1,345m

Total: £5,380m

2006:
Video/DVD: £2,122m
Music: £1,651m
Games: £1,361m

Total: £5,134m

2007:
Video/DVD: £2,164m
Games: £1,719m
Music: £1,417m

Total: £5,300m

What can we conclude from this? Well despite public buying being on the rise again as a whole (recovering from 2006’s slump), two things are quite clear, buying music from retail outlets is on the fall, possibly due to people being lazy, possibly also due to Record Labels alienating themselves through bad press (10 points for obvious links to people like the RIAA and the MPAA) and that games sales are on a dramatic rise. An increase of £374m in just three years isn’t too shabby. This is quite possibly due to the release and flourishing of next gen consoles such as the Xbox360, Wii and PS3.

Well, whatever the reason behind it, yay for gaming, down with music industry, no doubt these published figures will spark more moaning from the record industry about how they aren’t making any money… Make decent music at a decent price then perhaps people would feel inclined to buy it again, muppets…

Microsoft Reduces Vista Prices - Upgrade Retail Versions

Microsoft announced a few days back that they are now dropping the price of certain versions of windows vista. Most notably, the retail boxes of the upgrade versions. Microsoft said that they have sold over 100 million units since the OS’s January 2007 launch date, but still think theres room for increased sales figures if the price was lowere just that tiny bit more.

For example, the Home Premium Upgrade has come from $159 to $129 USD (£80 and £64 GBP respectively), another key version that is dropping in prce is Ultimate Upgrade, coming from $299 to $219 (£150 and £110 GBP respectively). Not too shabby, although I would never recommend the upgrade versions myself, this is still a quick cheap and easy way to get vista on the cheap (yet legal) route.

Other versions have also dropped in price, see Microsoft’s Press Release for more info.

Comcast Traffic Management Called To FCC Hearing

Internet users everywhere are holding their breath in anticipation today as Comcast are called to the second part of an FCC hearing to address issues surrounding their rather promiscuous traffic shaping, peer resest and network management techniques.

For quite a while now Comcast has been the top runner of “bad” ISP’s, notorious for the “TCP Reset” method of traffic handlin, an act in which as soon as you connect to a peer in a bittorrent swarm, comcast will issue a peer reset message (called an RST Flag), this immediately disconnects any upload connection that may have been established. Not exactly a friendly way of dealing with a “problem”

Several industry professionals and topical experts have been giving insights and information in the hearing.

Richard Bennett (co-inventor of the twisted-pair system for ethernet, and its protocol, 1BASE5) targeted those opposed to any sort of traffic management in his opening statement saying, “if we can’t control network management, we’ll have to shut down the internet”. David Clark, of the MIT computer science lab, opened by saying that ISPs can either see enemies, or they can see partners, and suggesting that right now, they see the former. He, like almost all the panelists, called the current usage of Sandvine technology ‘troubling’, and said that the user should pick the Quality of Service (QoS) level, not an ISP.

Daniel Weitzner, Director of the Massachusetts Institute of Technology Decentralized Information Group summed up bad traffic management with: “Maybe it’s a bit like the old adage about pornography ‘I know it when I see it’. In this case I know what Comcast is doing is in the camp of unreasonable. These are techniques that hackers would use to deny service to any application on the web, very similar in that regard. It might be interesting to hold a panel of security experts to talk about those kind of mechanisms, I’m certainly not one. But, forging data on the internet is probably outside of the realm of reasonable, and any standards body would deem it to be.”

However, one of the most succinct criticisms of Comcast’s actions came from Prof. David Reed, of MIT’s Media Lab, who suggested that any ISP that didn’t follow the standard solutions evolved over the last 30 years should not advertise themselves as an Internet provider, but instead as a company “offering selective access to portions of the net only”, a description many of Comcast’s customers will probably agree with.

Credit: TorrentFreak.com

Accused of employing techniques favoured by hacking communities, Comcast officials have a lot to answer for. Let’s hope for the internets sake they answer quickly…

Ubuntu 8.04 Alpha 5 Released (Hardy Heron)

The latest alpha of the next version of ubuntu has surfaced on the internet. The final build of 8.04 (named Hardy Heron to continue ubuntu’s strange alphabetical naming system…) is due to be released mid-april this year (2008).

Now, back to this alpha (alpha 5) it’s already starting to show some fo the goodies that we shoudl expect in the final build. For starters it’s now running on the latest linux kernel, version 2.6.24, this is a good thing, a very good thing, especially if you’re a lover of obscure hardware. 2.6.24 makes emphasis on it’s ability to work with a wider range of new and older hardware than previous kernels did.

The second point to highlight is the GUI is now handled by Xorg 7.3. This now uses a simplified configuration file and a new control panel to make things a bit easier for the novice user.

Also included int he alpha release is Firefox 3 Beta 3, not quite sure why, theres nothign wrong with Firefox 2, I suppose it’s just keeping up with times, or perhaps that they are planning to incorporate the final build of Firefox 3 into the final build of Hardy Heron…. who knows, strange decision.

The last major point I want to highlight here is that it uses the wonderful Wubi Installer. This allows people who enjoy the comfort of Windows (either Vista or XP) to install 8.04 without leaving the Windows Desktop Environment, no command line, no bash terminal, no partitioning, just a windows GUI to install ubuntu 8.04 Alpha 5, perfect… Bring on the final release!