Change is inevitable. And this column’s frequency on Cyber India Online (CIOL) is changing soon too. My editors have announced beginning September 2005 the Freeloader column ceases publishing. I’m now beginning to understand what fighting soldiers go though mentally when facing impending death (and doom). It’s never been so hard to put together a column as this one. And I think preparing the next (and final) one too will be hard. But I’m not going quietly. More details about what I plan in next week’s edition.
I think the CIOL version’s being axed because it no longer fits my publisher’s strategic publishing goals. And perhaps because I’ve been somewhat difficult in adapting a column with its roots in reviewing free software available on the Internet. To one addressing a narrow developer band interested in programming content!
Readers really interested in staying abreast of open-source should bookmark its Mecca: SourceForge.Net. This portal lists the 10 most popular downloads and 10 most active projects. It also showcases one project every month. And August 2005’s choice is Gourmet Recipe Manager (GRM). Although designed for Linux, GRM also runs on Windows with GTK installed. And makes it “easy to search for recipes, generate shopping lists, and import recipes from other sources, such as MealMaster archives or Web pages. Gourmet’s shopping list generator includes features such as tracking ingredients users already have and sorting their list into categories.” Sourceforge is one of over 10 separate open-source technology focused portals offered by OSTG (Open Source Technology Group).
Speaking of GTK, GAIM‘s another great application that also uses this ‘Kit. GAIM’s an excellent multi-service, and platform, open-source messaging application. You can access AIM (AOL Instant Messenger), ICQ, Yahoo, MSN, IRC, Jabber, Zephyr and Gadu-Gadu messaging services simultaneously. Even while using more than one subscription for each service. Gaim 1.0.5 release offers several major security fixes. As well as privacy improvements like requiring authorization for Yahoo! buddy requests. And a new ability to define an on-quit message for IRC channels.
Another application I use a lot is WinRAR. This file archiving utility backs up data and can reduce the size of email attachments. It decompresses its native RAR format, as well as ZIP, ARJ, LZH, 7z (7-zip), ACE, GZ2 (Gzip2) and BZ2 archive file formats. However you can only create new archives in RAR and ZIP formats. You can customize the application using special themes. WinRAR 3.50 now supports Microsoft’s multi-volume .CAB archive format. And integrates with Windows 64-bit edition shell. An updated archive wizard lets users add a password when updating an archive. Typically you can only set passwords when creating a new archive file. WinRAR 3.50 is available as a 30-day trial.
Or if you want more power for almost nothing consider its free alternative: 7-Zip. This open-source utility can browse, decompress and archive to its native 7z format as well as ZIP (including Deflate64), GZIP, TAR and BZIP2. It can only browse and extract files from RAR, CAB, ARJ, Z, CPIO, RPM, DEB, and SPLIT. But I don’t really miss not having RAR compression (a proprietary format). And to see just what I was missing (if anything), I decided on a test. I used a 42 kB Word (.DOC) file as the source. Then applied various archive formats to it. 7z emerged the clear winner at 8,750 bytes. Runner-up was RAR at 9,828 bytes. Followed by .GZ (9,875 bytes) and .ZIP (9,996 bytes). BZip2 was the least efficient at 10 kB.
Subsequent to last week’s review of Nostrum AudioManage, now available in v1.20f, the developer clarified that you could add MP3 CD-ROMs to your library. And while their contents would be listed as duplicates (assuming the identical track exists on your hard drive), there is a tiny CD overlay icon to indicate the duplicate source is a CD. And as a responsible AudioManage fan I also recommend an immediate upgrade to the latest 1.20f release as this includes several bug fixes that improve usability.
And while on the topic of updates, if you still haven’t installed Microsoft’s August patches. There’s no time like the present. Updates released are:
- Cumulative Security Update for Internet Explorer (MS05-038) to prevent an attacker from assuming complete control of an affected system.
- Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (MS05-039) to fix a remote code execution vulnerability in Plug and Play (PnP) that could allow an attacker take complete control of an affected system.
- Vulnerability in Print Spooler Service Could Allow Remote Code Execution (MS05-043).
- Vulnerability in Telephony Service Could Allow Remote Code Execution (MS05-040).
- Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (MS05-041) to fix a issue where an attacker could cause a system to stop responding.
- Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure and Spoofing (MS05-042).
I was unable to install (and test) a copy of Microsoft’s OneCare service as the Beta is limited to US and Canada. But The Flexbeta site has a very extensive review of the service. Read Beta Testing Windows OneCare. And in case you missed the news, Microsoft’s clarified its Anti-Spyware product Beta won’t end any time soon. Windows AntiSpyware (will be) available at no charge to licensed users who validate their Windows install through Windows Genuine Advantage (WGA). Microsoft plans a separate paid enterprise version for companies wanting to centrally manage their AntiSpyware infrastructure.
If you use Windows XP and Internet Explorer 6 be advised of a newly discovered flaw that could allow attack through arbitrary code execution. The French Security Incident Response Team that discovered the flaw published full disclosure to the Internet! The hole is created by a memory corruption error when executing msdds.dll object as an ActiveX control. Theoretically this DLL can be used to take control after a Web page designed to exploit the vulnerability is opened. However the problem DLL has only been traced to computers with Microsoft’s Visual Studio installed.
And if you were wondering why no news, or advance on combating the Zotob worm. Its because none is really needed. As the code suffers an internal flaw that cause it to self-destruct! A key mistake was in causing infected computer to continuously reboot instead of more productively spreading the virus. Zotob lacks a destructive pay load but includes backdoor capabilities using an IRC chat channel. And if you have applied the patches listed earlier in this column, Zotob won’t infect you as the vulnerability has been closed by Microsoft. f you want to see how Zotob affects computers, Trend Micro has a very nice process map.
Stay safe until the next time we meet!