Mara's weblog

I have missed it, but Qt version 4.0 has been released. Many new features, but it seems that the most important on is that there's GPLed version for Windows (Linux and MacOS X versions are also available).

It can be downloaded from Trolltech FTP site.

Short note: I've added 'blogs i read' category to the blog sidebar (on the right). Currently there's only one link, more will come.

I have discussed a number of security-related papers in my blog. The thing is that not all I want/need access to are accessible. To read many you need to pay. When searching for certail copies I even realized that I agree with Prof. Bernstein!

Sidenote for those who don't know who's Prof. Bernstein. He's a well-known person in security area, but also very controversial.

example.com is domain used for documentation, manuals and such things. You can't register it. What has it in common with Norwegian goverment?

Slashot is running a story about Norwegian goverment moving to open format. At the time I'm writing this I can't access the orginal material it links to. The site resolves to example.com. What it means? The material may not exist or, more likely, the site is under so high load that the owner decided to switch resolving to survive. Such effect is called a Slashdot effect.

Business Week writes about big companies beeing caught on advertising using adware. What's interesting is their explanations: it's just a method of adverising or just pay for ads and don't know how they're delivered.

Slashot discussion brings some interesting points. And I agree that it's probably ignorance. Well..ignorance in the best case.

I came across dzieckowsieci.pl (page in Polish). The initiative's goal was (is) to make children and parents more avare of the dangers Internet brings. It's a good idea, but I have my notes about the material I read.

First thing is that one of the points from parents' guidelines says not to use multiple accounts, because it's easier to trace child movements this way. For me, children should have their privacy and looking into their browser history is something that shouldn't be done. It's acceptable only in extreme cases.

What's more? Authors of the site concentrate on sexual abuses. They write nothing about people making children install troyan horses, spam-sending software and such things.

Slashdot writes about the fact that both SPF and Sender ID were accepted as experimental standards by IETF.

IEFT is the organization that handles Internet standards. SPF and Sender ID are two technologies to stop spam. In short, they require sender to authenticate. It means that it's easier to check if the message is spam or not.

The thing is that Sender ID uses many patented technologies and cannot be used in Open Source products. SPF, on the other hand, is already implemented in many programs, and free of patents.

As the battle about software patents progresses, many people express their views on the subject. The Guardian publishes a paper by Richard Stallman, founder of the FSF.

Stallman is agains software patents and shows it in his article. He compares patent system and copyright law using examples from literature. The text should be easy to follow for nearly everyone, not only people who know how programs are written.

KDE 3.5 is a very misterious KDE release. When the project is moving to version 4, which will be based on Qt 4 library, it's hard to say how much time it will take.

CVS version screenshorts were posted. From a post on kde-core-devel it looks there will be KDE 3.5. When? Hard to say. It probably depends on Qt4 and KDE4.

As I wrote some time ago, there are people who delete cookies quite often. It's not what advertising companies want you to do, so there are different initiatives to stop it.

Cookies can be used for both bad and good things. They allow shopping carts in online stores, seeing visited threads on a forum, automatic login and many others. Why people remove (or block) them is that can be used to trace you and store information about you. Marketers use this possibility too often, so there's a response. Web browsers allow to block cookies and manage them.

Marketers are also afraid that removing cookies breaks advertising. Well... Adblock is much more powerful here. I see ads only when I want it.

Making less users remove cookies by asking vendors of anti-spyware programs not to remove them has no chance to suceed IMO. There are many such programs and if someone wants one that deletes cookies - there are (and will) many possibilities available.

There are also different ideas: list of companies that meet certain criteria, use Flash tracking etc.

The authors don't realize one thing: there are many people who really don't want to see ads and be tracked. Every method used to make them see ads or store cookies will result in a methods to remove them. The solution is to use such way of advertising that people want to see, not one they are forced to.

Mandriva is a new brand in the Linux world. It's a result of a merge between Mandrake and Connectiva. Currently Mandriva is acquiring another Linux distribution vendor - desktop oriented Lycoris.

DesktopLinux has an interview with Lycoris creator Joseph Cheek. He says not many new things. For me the most important question was about big players on the Linux desktop market. RedHat has lefr (for now?) leaving only Fedora. Mandriva, after financial problems, is most important here. Novell (SuSE) doesn't seem to push for desktop as hard. Mandriva new versions may be very interesting with features from both Lycoris and Connectiva.

PayPal is now available in Poland (it wasn't even sending money). Their country list has been updated.

Good news. It doesn't allow to get money, so there's still a big limitation for many people.

Sun has released Solaris code to the public recently. It's not the whole system, however, only kernel with some additional libraries. It's clear that it's intended for developers. The file to download is rather big (40MB+) for kernel with libraries.

OpenSolaris is a very new project and it's hard to say if it will make Solaris (good system) more popular than it is now. For sure we will probably see ideas moving between Solaris and Linux and BSD family kernels.

Astronomers have discovered a rocky planet orbiting Gliese 876 star, just 15 light years away (also: Slashdot story, Berkeley press release).

The planet has 7.5 mass of Earth and radius twice as Earth. It's distance from the star is just 0.021 astronomical units (AU).

It's smallest planet discovered so far and third in Gliese 876 system (there are also two Jupiter-like planets).

A paper (PDF format, approx. 20 pages) was released about possible usage of the difference in HTTP parsing methods used by HTTP services (cache server, firewall etc and web server).

The authors show, for example, how to poison cache using only one special request. The techniques are interesting, but they apply only to specific software combinations. Still, they may be very dangerous if they happen more often than we exapect and/or more servers are vulnurable.

Gartner has published a list of most hyped security threads. Here it is with my comments:

• Unsafe Internet telephony — it is unsafe (the same as standard telephony). Sniffing in a local network to get it is as hard(?) as doing the same for data. If someone thinks that it's easier — rather not.
• Mobile malware — viruses, worms for cell phones, PDA and so on. Not yet a big danger, but if software developers won't think about security...
• "Warhol Worms" — worms spreading very fast. So far there was none. Mostly because worm writers don't use zero-day exploits (release a worm using previously unknown bug).
• Regualtion means security — I agree it's not true. Security problems are very dynamic and procedures may not help and only (when used without thinking) make things worser.
• Unsafe hotspots — they are unsafe. It's the easiest way to sniff for password, personal data etc. Most people don't visit banks this way, but hotsports are not yet very popular.

Polish national registrar NASK announced support of IP version 6 protocol in top level domain .pl. DNS servers for .pl domain are now available in IPv6 and new domains can be registred pointing to IPv6 addresses.

IPv6 is a newer version of popular IP protocol (the one Internet is based on). There are many problems with currently used version 4. The most important one is very limited number of possible addressed. That's why technologies like NAT (Network Address Translation) were designed. IPv6 is known for many years, but it's not popular. The main reason is that it's not compatibile with version 4. Current NASK move gives it a bigger chance of faster adoption, but the rate will still probably remain slow.

Nearly 3 years after version 3.0, Debian GNU/Linux version 3.1 (codename: Sarge) was released. 3.1 is now Debian stable version.

Debian is one of the longest running Linux distributions - it's more than 10 years old.

As hacking.pl writes (in Polish) one of new Polish banks (with huge growth rate) has problems after storm. Such things happened, but in this case the problems last for more than a week. I was thinking that banks have backup systems...

Update: Today (June 7th) the problem seems to be solved. It's longest bank downtime I've heard about.

Many sources (news.com, Slashdot) write about Apple switching from IMB PowerPC processors to Intel.

If it's true, not Job's bluff, it's a huge risk for Apple. First, not all software will work on new processor (the system will as Mac OSX is based on BSD). Second, it means Mac OS on Intel and non-Apple hardware (less profits from computer sale). Very interesing. It'a also a move from 'cleaner' architecture to compatibility mess of Intel chips.

Slashdot has post about one of Wikipedia developers who put a list of users with identical passwords online. For users with weak passwords (very large number) it's equal to posting the pass.

Interesting thing that it was taken down long time after posted.