I've just discovered a handy hacker tool that copies the contents of any inserted USB drive. It does so automatically and stealthily, not just duplicating existing files but actually imaging the entire device.

Imaging of course means copying everything - including deleted files. Its author claims to have recovered confidential documents, software, music and pictures their owner thought they'd long ago wiped. Of course it's also a good way of backing up a USB drive.

Executing the program - called USBDumper - appears to do nothing. In the background however it starts a process on the system that watches and waits for a USB drive to be plugged in. On spotting one, it silently images the drive to a folder named with today's date.

I'll leave a consideration of the consequences of installing USBDumper on a shared or publicly accessible PC up to you. But you can spot it - and kill it - by doing a Ctrl-Alt-Del and checking the process table.

Just another reason to be careful out there...

USBDumper, complete with Windows executable, source code and a Powerpoint presentation (in French) is available here.

Posted by Geoff Palmer at 12:35 PM | Permalink | Comments ( 3 )

Will Microsoft nobble the first Xbox 360 mod chip? It seems likely.

The NME-360 chip from Team Underdog allows the XBox to play backups of original games;

The NME-360 autodetects the inserted media. If the inserted media is a backup NME-360 injects the necessary information to the DVD drive enabling it to boot smoothly ahead! If the media is an original game, or anything else, which doesnt require any further action of the NME-360 then it simply falls asleep so there is no need for an external switch whatsoever. This way it can not be detected online when you play an original online game..

Installation requires a little soldering - four wires if your Xbox runs a Samsung DVD drive or five if uses an Hitachi-LG. The home site has full installation details and a list of suppliers. Cost is around A$65. Get in quick before the lawsuits start flying.

Posted by Geoff Palmer at 12:10 PM | Permalink | Comments ( 0 )

Once upon a time the world was a jolly, happy place. Then the internet came along and spoiled it. That at least is the sub-text of many media reports, especially in the wake of recent so-called “liquid bomb” threat.

The bomb recipes, we're told breathlessly, were found on the internet, conveniently forgetting that most of this stuff - and the chemistry behind it -  has been known about for decades. TNT, napalm, the atomic bomb and C4 are all pre-internet inventions, yet the absence of an internet did little to slow their dissemination - or use.

In a recent piece for The Register entitled Mass Murder In The Skies: Was The Plot Feasible? Thomas C Greene examined the science behind the subject;

We're told that the suspects were planning to use TATP, or triacetone triperoxide, a high explosive that supposedly can be made from common household chemicals unlikely to be caught by airport screeners. A little hair dye, drain cleaner, and paint thinner - all easily concealed in drinks bottles - and the forces of evil have effectively smuggled a deadly bomb onboard your plane.

Or at least that's what we're hearing, and loudly, through the mainstream media and its legions of so-called "terrorism experts." But what do these experts know about chemistry? Less than they know about lobbying for Homeland Security pork, which is what most of them do for a living.

In fact in-flight TATP manufacture is anything but easy. Apart from the raw materials you'll also need to smuggle aboard “several frozen gel-packs..., a thermometer, a large beaker, a stirring rod, and a medicine dropper.” And you'll need to commandeer the loo for most of the flight in order to prepare your concoction.

After a few hours - assuming, by some miracle, that the fumes haven't overcome you or alerted passengers or the flight crew to your activities - you'll have a quantity of TATP with which to carry out your mission. Now all you need to do is dry it for an hour or two...

Greene's analysis is more chilling than any bomb recipe;

...the Hollywood myth of binary liquid explosives now moves governments and drives public policy. We have reacted to a movie plot. Liquids are now banned in aircraft cabins (while crystalline white powders would be banned instead, if anyone in charge were serious about security). Nearly everything must now go into the hold, where adequate amounts of explosives can easily be detonated from the cabin with cell phones, which are generally not banned.

And, of course, you're still allowed to carry on your laptop.

Posted by Geoff Palmer at 1:00 AM | Permalink | Comments ( 0 )

Spam ain't what it used to be. I've just finished de-sludging my email filters. The junk that gets past my ISP usually gets nuked by SpamAssassin or Bogofilter and dumped into a special mailbox folder named Spam Suspects. Any that slip through the net get dumped there manually, and now and then I re-feed the suspects back into the filters to improve their accuracy. At that point I like to imagine heart-rending cries from the hapless messages as they're torn to shreds by the filters but that may be getting a little fanciful.

Occasionally I take a look at some of the exciting offers I've missed. I've thrown away millions in unclaimed lottery prizes, more millions in failing to assist embezzelers from third-world countries, and my future financial security is in tatters after skipping stock tips from pump-and-dump merchants. Or perhaps not. One tip sheet I looked at enthused, "This could be the next Enron!!!"

And how about those mangled subject lines? Even without filtering I think I might have spotted the following;


and the delightful


Then there's the guild of dyslexic chemists with their offers of VIfAGRA, VIAGfRA, VlfAGRA, VlxAGRA and VxIAGRA. It's seems a fundamental rule of online shopping that if the seller can't spell what they're selling you're likely to end up with Valium instead of Viagra. It might not do your sex life any good but then you'll probably be past caring any more.

Spelling and grammar take a pounding too: "It is common to have some problems with erecxtion", "Buy direct from the manufactuerer" and the eternally puzzling "100% Natural and No Side Effects - in contrast to well-known bands.".

But weirdest of all is that folks still buy this stuff. Someone, somewhere must be doing it because these marketers don't exist in a vacuum. But then the computing world is full of mysteries. Believe it or not, some some people out there still use Windows. Very weird!

Posted by Geoff Palmer at 11:55 PM | Permalink | Comments ( 2 )

The recent recall of 4.1 million Dell laptop batteries appears to be just the tip of the iceberg. This list of recent laptop battery recalls includes dozens of models from Apple, Dell, HP and Compaq.

The main culprits are Lithium Ion (Li-Ion) batteries and the danger's been openly discussed for a while now.

Some "lucky" users have been quick enough to capture the action - or the aftermath. Click the pics to visit the sites and witness more destruction.


A Dell barbeque at a Japanese conference.


Another day, another Dell.


This is what they mean by "overheating".


Results of the "venting with flame" syndrome.


Another PowerBook meltdown.

There have even been some incidents on aircraft - none too nasty... yet.

Posted by Geoff Palmer at 10:56 PM | Permalink | Comments ( 0 )

The two most popular anti-virus products on the market miss 80% of new malware threats, Australian Computer Emergency Response Team (AusCERT) general manager Graham Ingram reported late last month. Though he refused to name names, he did suggest they were the most popular products on the market;

"At the point we see it [at] CERT, which is very early on - the most popular brands of antivirus on the market … have an 80 percent miss rate. That is not a detection rate, that is a miss rate."

Why? Because malware makers are testing their products before release;

"I am not suggesting that there is a difference in the quality of the antivirus products themselves. What is happening is that the bad guys, the criminals, are testing their malicious code against the antivirus products to make sure they are undetectable."

His figures are borne out by the crew at Offensive Computing;

"Using our malware database we can confirm this fact. What's interesting is that AV programs fail differently. This is more proof that the closed-source, closed analysis methods have been woefully inadequate, albeit extremely profitable."

Posted by Geoff Palmer at 5:42 PM | Permalink | Comments ( 3 )

There's no doubt about the general fabulousness of OpenSUSE 10.1. UK magazine Linux Format rated it "the perfect distro for everyone" while Mad Penguin reckoned it was "one stellar release". That's led to high expectations for its corporate follow-up, SUSE Linux Enterprise Desktop 10 – or SLED 10 to its friends.

There's no doubt about the general fabulousness of OpenSUSE 10.1. UK magazine Linux Format rated it "the perfect distro for everyone" while Mad Penguin reckoned it was "one stellar release". That's led to high expectations for its corporate follow-up, SUSE Linux Enterprise Desktop 10 – or SLED 10 to its friends.

Like Red Hat's Fedora project, OpenSUSE is the precursor and test bed for ideas that find their way into the commercial release. Novell purchased SUSE three years ago and have since become one of Linux's biggest stalwarts, throwing shovelfuls of money into OpenOffice.org, Firefox, Beagle, Banshee and many other projects. The result, along with SUSE Linux Enterprise Server, is SLED 10 – the US$50 desktop.

I have to warn you; SLED is huge. Not in terms of disk space consumption or application count but in terms of functionality. For the typical user it has everything a desktop should; web browser, office suite, collaboration tools, instant messaging – all, I have to say, focussed on seamless interoperability with its Redmond rival. Novell's participation in OpenOffice.org for example has yielded full compatibility with Excel Visual Basic macros. But where its hugeness really shows is in the way the back-office boys will love it. It connects to and interfaces with everything. Just tick the boxes; Microsoft Exchange [tick], Novell GroupWise [tick], any other collaboration server using IMAP, SMTP and POP [tick], Lotus Notes [tick], Active Directory [tick]...

Then there's the desktop user treats not immediately apparent on start-up. XGL, SUSE's glorious graphical 3D interface, (which I've covered before), and Beagle, a friendly looking mutt but a killer application. In fact Beagle's become this man's best friend since I switched to OpenSUSE almost a year ago.

Prosaically renamed Desktop Search, Beagle sits in the background indexing... well... everything in your personal desktop space. Files, emails, instant messages, appointments, web pages, PDFs, and even the contents of zipped archives. Results are displayed complete with a snippet that encompasses your search string so locating stuff's a doddle. Honestly, once you've used Beagle you'll wonder how you ever lived without it!

Personal Grievances

SLED's default Window Manager is Gnome. I've never been a Gnome fan. I know that it's supposed to be good for newbies, that it's safe and solid and reliable. But it's also bloody boring.

My demo HP laptop, came with a glorious 1920 x 1200 display containing 2.3 million pixels, each of them capable of showing any one of 16.7 million colours. So why does Gnome only use five of them? Gnome graphics developers apparently think khaki's the most exciting colour on the planet; they use an awful lot of it. Compare these two icon sets from the OpenOffice.org menu. The Gnome one is functional but dull, drab and dreary. See if you can guess which it is...

Yup, you got it. It's an icon set called "Industrial". An entirely appropriate name since it's about as exciting as an industrial suburb. Unfortunately this schema isn't just restricted to OOo. The whole installation's infused with it.

There are least zillion flashy wallpapers available for Linux, so why have the SLED team settled for a default best described as blue-blah? Walk through a computer showroom and Windows XP machines are instantly recognisable. Macs seem to beg attention with their bright bouncy bottom-screen icons. But if you were to stick a SLED machine in there with them, no one would notice. Your eyes just slide right past it.

It gets worse. They've also gone for the moron's menu. I hate these things. Microsoft started it with that crappy menu in XP, and now everyone wants one.

Menus have been around for thousands of years. The idea is to give the customer an appreciation of the full range available in a simple, organised format. I don't go into my local Chinese and open up the glossy pages expecting to find only the five most popular dishes. Nor do I expect to have to ferret under the table cloth if I happen to fancy something different. But that's exactly what you have to do in Gnome.

You may not think appearance is important. You'd be wrong. Microsoft – always savvy marketers – are currently suggesting design guidelines for the outside of Vista machines so that users are drawn to them even before switching them on. And yes, yes I know all these things can be changed and that Linux is the bee's knees when it comes to alternative configurations, but this is the default. I reckon a default should show your best side, not your backside.

Installation Woes

My demo machine came ready-running. It also came with an installation DVD and the advice from my Novell handlers that I could do anything I liked with it. Resisting the temptation to take a $4,000 laptop swimming or use it to drive in nails, I settled for something I thought might be a less demanding; reinstalling the operating system.

What I really wanted to see was how good commercial Linux installations had gotten, especially with that perennial bogey, proprietary hardware. Oh dear...!

Right after you choose to install SLED everything goes dead – or seems to. A branded blue-blah screen appears  with no indication of any activity from the machine whatsoever. Years of Windows use have taught me to regard stationary graphics and no response from either mouse or keyboard as a crash. But don't be fooled. After 70 seconds of this Blue Screen of SLED – I timed it after [blush] rebooting – the DVD spun up and, after a further 25 seconds of at least audible activity, signs of life appeared with the opening of the graphical installation menu.

From then on it's plain sailing. You need only supply your preferred language, time zone, the installation type (new or update), tick the license agreement and add any installation extras (I added KDE). Within 30 minutes it you're adding users and choosing a root password.

There was a nice touch at the conclusion of this. No need to reboot; the system just opens up.

It was a good job I'd seen Novell's installation otherwise I might have believed the HP only came with an 800 x 600 graphics adapter. The YaST system tool correctly identified the relevant hardware and even encouraged me to change the resolution – right up to a staggering 3200 x 2400 – but no matter what I did the changes wouldn't stick.

No matter what I set it on, no matter how much I tested it, the SAX2 display configuration was locked on 800 x 600 @ 47 KHz.  

Now I'm no Linux newbie. I knew I needed a driver, and the system obviously knew I needed a driver because it wouldn't let me set beyond the defaults. So why the hell couldn't it tell me? (Note to SUSE Helpdesk: you're going to get a lot of calls about this so you might like to set up a pre-recorded message....)

The installation notes mentioned an additional step for installing XGL. Knowing this would add the needed ATI graphics driver, I followed them. Or tried to. Selecting Novell Customer Configuration from YaST's Software menu produced this gloomy warning...

...which, after a minute or so, turned into a "Couldn't connect to host" message. Novell assured me this was because I was looking at SLED prior to release and that the servers were still being configured. Fair enough. Next day the connection worked just fine and I was finally graphically satisfied.

One natty nicety was plugging and unplugging a network cable. The machine automatically switched between wireless and wired connection, preferring the latter if it was available. And the range of wireless reception was impressive too. I discovered a couple of wireless LANs near my office that I didn't know existed.

Not so nice was the battery/mains power switching. It worked on Novell's installation but not my own. Or rather, it worked after a fashion.

The status indicator warned me the battery was getting low so I plugged it into the mains. The indicator switched to show it was charging. 

Concluding that the SLED team had either mastered the art of wireless charges or that there was a fault, I left the machine running. The result – what one might call the Black Screen of Extinction – unfortunately proved it was the latter.

There were other problems too. Dropping an audio CD into Gnome played it just fine. Under KDE I had two player choices, KsCD or Kaffeine; neither worked. The former played to all intents and purposes but just forgot to actually output any sound while the latter threw up its hands muttering something about missing codecs.

DVD movies fared even worse. Gnome simply treated them like file systems while KDE's Kaffeine at least recognised their potential but continued to lose its lunch. My expectation that a commercial release would at least include the necessary codecs was dashed by my Novell minders. If you want those extras you've still got to go to Packman.

Conclusion

I really wanted to enthuse about SLED 10 – there's a lot to enthuse about – but in the end it left the desktop user in me a little disappointed. Not, I hasten to add, from lack of features or functionality, but if I've got the best damn desktop of the market, I want a little bling too. SLED's default is like having a Ferrari/Humvee cross; a high-performance, immensely capable, comfortable, rugged work-horse that some idiot has stuck in the body of a Toyota Starlet. Instead of an interface that makes people go "Wow! What's that? Can I have a try?" Novell have managed to produce one that'll put shoulder jockeys to sleep. Maybe that's what corporate stiffs want, but it won't draw new fans to Linux, and it's not what the opposition are producing.

My installation troubles also left me leery. I was hoping for a DVD that I could throw at any non-Linux using techy and leave them to it. Like Linux through the ages, this is almost there but not quite. And to leave out the CD and DVD codecs – without even the option of adding them through official Novell channels – is just plain stupid.

The price though is fantastic. An utterly complete desktop system with all these features, back-office connectivity and support for US$50 is stunning. But it leads me to another beef; lack of local resellers. That means that small New Zealand businesses – the ones that make up most of our business economy and the ones that stand to gain most from SLED's security, robustness and ROI – are unlikely to learn of it.

(And while I'm on the subject, notice to Americans: NEW ZEALAND IS NOT PART OF AUSTRALIA! Sorry for the shouting but according to this link – Novell Resellers and Distributors in New Zealand – you'll find NZ agents in Melbourne, Croydon, Sydney, Asquith...)

Read more about SLED's features here (PDF file).

SUSE Linux Enterprise Desktop10 is available by eLicense here. A one-year, one-device subscription costs US$50. Three years costs US$125.

Posted by Geoff Palmer at 11:52 PM | Permalink | Comments ( 6 )

The hit video site YouTube, which serves up 70 million video clips a day, is the latest to try the old EULA land-grab trick. Put it on YouTube and they own it forever. At least that's what they claim.

In classic "bold print giveth and fine print taketh away" style their Terms of Use has been recently amended;


So that means they could put your video clip on a "Best of YouTube" DVD, sell a "YouTube Bloopers" show to TV networks around the world and even stamp your image on coffee mugs without paying you a cent.

Or maybe not. According to Lawrence Lessig, professor of law at Stanford University and father of the wonderful Creative Commons licenses, you don't need to worry as long as the owner of the material doesn't actually make the submission. If film your dog doing handstands and put it on YouTube yourself, it's theirs. Get a friend to do it for you and they can't touch it without your permission. Crazy!

Lessig agrees. "YouTube does need to be pushed on this, as these terms are ridiculous,"  he says. [More here.]

Posted by Geoff Palmer at 8:56 AM | Permalink | Comments ( 0 )