handyfloss

Because FLOSS is handy, isn’t it?

Archive for the ‘Evil software’ Category

IMAP access to GMAIL with KMail

Posted by isilanes on February 3, 2008

I recently discovered that Gmail offers IMAP access to the service. I must admit that I have never used IMAP, but it is a very good idea for simplifying the access to one’s account from anywhere, and having your e-mail always up to date in any number of computers. You can think of IMAP as all the good things of POP3 (custom UI, great flexibility) and web-mail (central repository of messages) together, without their drawbacks.

Although I think Google is an evil company that wants to take the world over, I have surrendered to their superb e-mail service, Gmail, with its huge inbox and fast and reliable access. I was happy with POP3, go figure with IMAP…

Of course, I have had to configure my e-mail client, KMail, to use IMAP. For that, I have followed the instructions, e.g., in linux.wordpress.org.

First, you have to allow IMAP connection to Gmail. For that, you just need to go to Settings in your Gmail account, then Forwarding and POP/IMAP, and Enable IMAP (I think it’s on by default).

Second, create an IMAP account in KMail: Settings -> Configure KMail -> Accounts -> Add -> IMAP. You will be prompted for some info:

  • Account name: anything to let you identify it.
  • Login: your full Gmail address.
  • Host: imap.gmail.com
  • Port: 993

Small trick: the default Trash folder is “Local Folders/trash”. If you keep this, when you “delete” a message from the IMAP account, it will be moved to the “General” KMail trash. The problem is that it means moving the message outside the IMAP tree, and I have found that the IMAP mechanism (probably as a security measure) keeps a copy of the message in the original location (i.e., it is actually not erased). To avoid that, you can put something like “Gmail IMAP/[Gmail]/Trash” as Trash folder, and make the deleted message be moved to the Trash inside the IMAP folder. There, it is deleted exactly as if you access your Gmail account from the web and click on “Delete”.

Third, in the Security tab of the dialog window we have just filled, choose “Use SSL for secure mail download” in Encryption and “Clear Text” in Authentication method.

That’s it, you’re done!

So far I have only used IMAP at home (lousy 300 kb connection), and I think it is a bit on the slow side of the scale, but except for that, I am starting to love IMAP.

Posted in Evil software | Tagged: , , , , | 2 Comments »

SpyPig: another annoyance against your privacy

Posted by isilanes on January 27, 2008

I’ve read in a post in Genbeta [es], about a “service” for e-mail senders called SpyPig. It basically boils down to sending a notification to the sender of an e-mail, when the recipient opens it. This way, the recipient can not say that she hasn’t read it.

I will deal with two issues: moral and technological. Morally, I think this kind of things suck. I have received these e-mails asking for confirmation of having been read, and I never found appealing to answer. But at least you were asked politely. What these pigs SpyPigs do is provide a sneaky way of doing it without the recipient knowing. Would you consider someone doing it on you a friend? Not me.

Now, technologically, the system is more than simple, and anyone with access to a web server could do it. The idea is that the sender writes the e-mail in HTML mode, and inserts a picture (can be a blank image) hosted at some SpyPig server. When the recipient opens the HTML message, the image is loaded from the server, and the logs of the server will reflect when the image was loaded, and hence the e-mail opened. When this happens, the server notifies the sender.

The bottom line of this story is that HTML IS BAD for e-mails. My e-mail readers never allow displaying HTML messages, and show me the source HTML code instead (of course, I can allow HTML, but why would I?). So this SpyPig thing will never work for against me. And this SpyPig story is just one more reason not to allow displaying HTML in the messages you read. Of course, for the e-mails you send, consider sending them in plain text. Your recipients will be a bit happier.

For more tips on what NOT to do on web/e-mail issues, check the e-mail/web tips section in this blog.

Posted in Evil software | Tagged: , , , , , | 6 Comments »

Windows 7 wishlist

Posted by isilanes on November 18, 2007

I came across a blog post [es] talking about Windows 7, the planned sucessor of the current Windows Vista. The same can be found elsewhere, e.g. in Ars Technica.

The article summarized some features that Windows users would like to see in W7. You can also see a picture with the whole W7 wishlist. What struck me was that, although the Redmond giant tried its best to copy every single innovation from free software, they still missed important points that users value enough to make a wishlist out of them.

Some points in the list are new and exciting. Some others are everyday things for us free software users, and it’s so amazing that Windows still does not include them:

  1. Request for an integrated font manager
    One of the problems of proprietary software: the pieces each programs uses (including fonts) are property of the maker, so sharing is largely hindered. In Debian we have things like Defoma, and font management is quite lean in any distro, anyway.
  2. Explorer toggle button to quickly show/hide hidden files or system files
    Files starting with a dot are hidden in Linux. All file managers I know of have the hability to show/hide them with a click or a shortcut (Ctrl-H in Thunar and Nautilus, no default but configurable shortcut for Konqueror).
  3. Network/Internet bandwidth monitor
    Most, if not all, docks/taskbars in FLOSS desktops (Xfce, GNOME, KDE…) have a widget for that.
  4. DirectX update on Windows Update/Microsoft Update
    I use Debian, and it manages the installed software with APT (other distros have other systems). With it, I run “aptitude update” and it searches the online repositories for the last version of all the packages that exist in them. When I do “aptitude safe-upgrade“, it automatically upgrades all the packages for which there are updates, and notifies me if some upgrade requieres to install a new package (without upgrading it until I agree to install that new package). And it’s been like this for years.

  5. Infinite desktop, virtual desktop idea
    Although it probably refers to zooming interfaces, Linux has had the idea of virtual desktops for years.
  6. Profile data: Move locations of all user folders and data to another location
    This is trivial in Linux since the dawn of its times.

  7. Option to “Reopen Closed tabs” in IE
    Firefox has this option through add-ons like Tab Mix plus. Not only that, but many other things are possible, like: periodic reloading of some or all tabs, closing all tabs but the current one, duplicating tabs (along with all their history), freezing tabs (so they can not be accidentally closed or moved away from), change the name of the tab…
  8. Auto clean of Temp folders
    Temporary file management in Linux is flawless. I never saw a tmp location full because the system forgot to clean it.
  9. Provide Manual Duplex Printing in Windows Pring Dialog
    It is really lame to need to ask the maker of a big, monolithic, OS for stupid changes like that. The printing dialogs should be made by the desktop environment (a small part of the OS), or the application, and it should communicate with the printing server (another smaaaaall part of the OS). Details like that one should be fixed by updates in only one/some small packages related to the desktop environment.
  10. IE should have a close button on each tab
    See point 7.
  11. Disk Manager needs to have the ability to expand partitions
    Tools like GParted make partition management a breeze. In Windows, you need commercial third party tools for that. Tough luck.
  12. Image (ISO, BIN) support in Windows
    What? In Windows you can not mount ISO images as if they were actual filesystems? In Linux, you sure can.
  13. Family license
    It must suck to buy a copy of the OS and being able to use it only in one PC. With Linux and free software, you obviously don’t have this problem, and you don’t need to go crying to your dealer for a more mercyfull license
  14. No dialog should take keyboard focus away from what you are doing
    With all serious desktop environments, you can configure this behaviour, as well as if focus follows mouse, or if you have to click on a window to make it active and so on.
  15. Patch operating system without having to reboot
    With Linux, you only need to reboot if you install a new kernel (you can’t use a different kerner without rebooting). For everything else, you don’t need to.
  16. Add folder size to data displayed by Windows Explorer
    Wow, it must suck being stuck with a single choice for a file manager (or any other task), and not being able to configure stupid things like that to your liking. Another con of Windows, I guess.
  17. Live CD or DVD to boot from to recover from a crash or virus that would allow to transfer files
    But there is a tool for that task on Windows! It is called “Linux Live CD”, and many distros have it. I have read that it is pretty popular among some Windows users: when their system is utterly destroyed, a Linux Live CD can save the precious data in their disks.
  18. Disallow removable (USB/Firewire) drives to default to next available drive letter when the letter is already used by other network drives
    I know the issue of wanting to have permanent names for given devices, no matter what. The solution is called udev.
  19. Windows Mail should be minimizable to the system tray
    I use KMail and it is. Probably Thunderbird is, too. By the way… ever guess how similar to the former two Windows Mail is (by the looks in the Wikipedia article)?
  20. Command Prompt should be improved
    Hehehe. I have no words.
  21. Integrated Anti-Virus
    What is a virus? Please explain, I’m an ignorant Debian user!
  22. More desktop themes should be offered in the default installation of the next version of Windows
    I thought Windows users wanted consistency and simplicity, and everything to look the way uncle Microsoft wanted. In Linux, we have soooo much to choose from. You doubt it? Take a look at KDE-look.org, or Xfce-look.org.
  23. IE direct download – do not download to temp folder
    With any free browser (e.g. Firefox) you can choose the default dir for the downloads, and you can choose for each download where to put it (if you don’t want it in the default folder). Is it not like that in IE?

Maybe some slipped through, but I’m too tired to be more throughout.

Posted in Evil software | Tagged: , , , , | 1 Comment »

handyfloss meets Windows Vista

Posted by isilanes on November 10, 2007

The setup

A colleague wanted to edit a video (actually, three) for a presentation she intended to make in a laptop with Windows Vista and MS Office 2007. The video was a WMV, and the required edition included removing fragments, changing the speed of one of the fragments (and join it back with the others), and adding a soundtrack.

The problem

She could not, for the life of her, edit the damned thing on a Windows computer.

The solution

Why, Free Software, of course.

The motivation of this post

To help dispell two ideas: that “Windows is easy”, and that “With Linux, you waste your time finding out how to do things”.

The story

Part I – Linux

OK, so I proposed her to use some Free Software called Avidemux. Our first problem was that apparently Avidemux was unable to cut the video in pieces (it crashed at the attempt). After much perusing, and using the humble file command, I found out the reason: the WMV had no playing FPS set. Players, like MPlayer would reproduce it by guessing 25 or 30 frames per second, but editors need a precise value to count on. I readily fixed it by reencoding the video to 25fps with MEncoder:

% mencoder in.wmv -ovc lavc -nosound -fps 25 -lavcopts vcodec=wmv1 -o out.avi

Once a proper FPS given, I used Avidemux to split the file. However, I encountered a second problem: I couldn’t split the file anywhere. I could only cut it at points 10 seconds appart. I had to sweat a bit more to fix that, but I also learned something more in the way. Most (all?) compressed video formats use at least two kinds of frames: normal frames and keyframes. The latter are the frames where any player can seek to in the video. According to the man page of MEncoder:

keyint
maximum interval between keyframes in frames (default: 250 or one keyframe every ten seconds in a 25fps movie. [...] Keyframes are also needed for seeking, as seeking is only possible to a keyframe – but keyframes need more space than other frames, so larger numbers here mean slightly smaller files but less precise seeking. 0 is equivalent to 1, which makes every frame a keyframe. [...]

So here you are: the problem was the default value of some variable called keyint. To make the video seekable to any frame (so it could be cut at any point), I set keyint to 1:

% mencoder in.wmv -ovc lavc -nosound -fps 25 -lavcopts vcodec=wmv1:keyint=1 -o out.avi

Once the movie was split into parts with Avidemux, and the unwanted parts were removed, the next step consisted on playing one fragment faster. The problem here is that I don’t know how to make a variable FPS video, so we had to make it so all the video played at the same FPS, but a part was faster. How? Removing frames, of course. I used MPlayer to deconstruct the relevant fragment into individual frames (in PNG format):

% mplayer -vo png:z=2 fragment

The command above generates a whole lot of 0000xxxxx.png files, with frames ordered by the number in the filename. Next, I deleted every second frame. How? With a stupid GUI I don’t know, but from the command line it is trivial:

% rm -f 00*[13579].png

Now, I just re-constructed the video with half the frames, to get an effectively double-speed video, with same FPS as original:

% mencoder "mf://*.png" -mf fps=25 -o output.avi -ovc lavc -lavcopts vcodec=wmv1

If I am allowed to say it, the effect is really great. You wouldn’t tell the sped-up video from the original, except from the increased play speed.

Using Avidemux for joining the video fragments was a breeze, and it could even be done from the command line:

% avidemux fragment1.avi --append fragment2.avi --append fragment3.avi --save total.avi --quit

The last (Linux) part consisted on adding a soundtrack, which Avidemux can do, from a MP3, WAV, or another video. This was easy.

Part II – Windows Vista

OK, the last Linux step consisted on reencoding the video in some format that Vista could read. This was no immediate task, but after some tests, we made it. Windows Media Player could reproduce the movie with no problem.

Finally, we opened the wonderful Office 2007 in the shiny and new Vista laptop, and created a PowerPoint slide to insert the video (the rest of the presentation was already done). Everything seemed to work, but when we played the presentation, we discovered that either the video or the sound could be played (depending on how we had encoded the video in Linux), but not both simultaneously. WMP would play the videos just fine, but the embedded player in PowerPoint would not… go figure why. After at least 3 crashes of Office (yes, Office crashes), some bitching because we could not make any sense of the new Office interface (we are experienced pre-Vista and Linux users, and Windows is for idiots, right? We must be idioter than average) having to stand the fact that the semitransparent border of a window refused to disappear when we closed it (so we kept working with a blue-greenish stripe across a part of the desktop), and one Windows reboot (yes, Vista still hangs from time to time), we managed to insert and play the darned video. How? We just inserted two videos: one for which only the audio was playing, and another one for which only the image was showing. We then make these two objects to kick off at the same time, et voila!. Not the cleanest of solutions, but with Windows “everything just works”, right?

The moral

The moral of the first step (the FPS not being set) was that I had to play around for a while with my Linux tools, but the culprit was MS, and their lousy WMV. I have never produced a video with no FPS (and all other necessary metadata) set, because my FLOSS tools do it automatically. Secondly, I didn’t waste my time. Thanks to the usefulness of the FLOSS tools, I ended up learning something about movies, FPSs, and that they are required. I also learned about key frames, and seeking and cuting video streams.

On the other hand, for a much simpler job, we spent relatively (and maybe absolutely) longer with Windows, and we did lose our time with it. The problems we encountered with Linux were difficulties of the situation itself: the original WMV was flawed, the AVI we created had too high an inter-keyframe interval… and the FLOSS tools we used helped us fix them and learn in the process. In the case of Windows, the task was so simple, and all the problems we met were created by Vista. We didn’t learn anything from all of our struggle, because we only struggled against Windows (the GUI, the crashes, how to encode the video in Linux so that Vista could read it, why the darned Office would not play the audio or the video), not our problem (editing and embedding the file). All the time was devoted to learning how to overcome the limitations and errors of our tool, not to how to use our tool to perform some task, learning about the task itself in the process. Thus, it was wasted time.

Posted in Evil software | Tagged: , , , , , , , , , | Leave a Comment »

Exploitable bug in Oracle 10g databases

Posted by isilanes on November 10, 2007

I read in The Register that a zero-day vulnerability has been reported in Oracle 10g databases. I am by no means an expert in databases (“not an expert”, wow, what an understatement! I’m an ignorant), but I have my small war against people who regard proprietary DBs such as Oracle or IBM DB2 as far above free software alternatives such as MySQL or PostgreSQL. To put an example company with HUGE databases, Google uses MySQL. Actually, I just found in the previous link this post in an ex-Google employee’s blog, and I plan to show it to any half-wit parroting the motto that “big commercial solutions” are by default better than “hobbyist things” like free software (specially for DBs).

So, when I read the Register headline, I immediately thought of writing a post on how “bad” Oracle was. However, after actually reading the (short) article, I decided to change the main point of the post. Actually, what this case shows is how “bad” depending on proprietary software is. Quoting the Register article:

Oracle has reportedly created a fix but is not willing to break its quarterly patch release cycle to issue an update. The database giant’s next update is schedule for 15 January. In the absence of a patch no ready workaround is available, iDefense reports.

Holy crap! Oracle acknowledges that the bug is there, that it is dangerous, and that they do have a fix, but they friggin’ don’t want to release it!. Just because “it doesn’t fit” in their well-laid plans! No need to say that with free software this can not happen: there is no reason to hold on on bugfixes. And even if there was, anyone can write a patch, and release it, so there is no vendor locking the users to it, and deciding what to release and when.

Posted in Evil software | Tagged: , , , , | Leave a Comment »

Remote graphical applications with NX

Posted by isilanes on April 28, 2007

I have been recently (re)made aware of NoMachine’s NX communication programs by my colleage Txema. NX technology is a way of stablishing a connecting from one computer to another one, and create some sort of tunnel through which displayed info (graphics) is transmitted compressed. The communication, of course, is made through SSH secure connection.




Molden opening a file at Arina, a supercomputation cluster I have connected to from Bart, my computer at work, to which I have stablished a NX connection from Heracles, my computer at home. Screenshot taken from Heracles.
(Clic to enlarge)

Veteran Linux users will say “So what’s the big deal?”. Remote connections via telnet, and later with SSH, have been available a long time ago. Exporting the display (that is, making graphical programs opened in the remote computer appear in the local screen) has always been a simple task, and more recently even SSH tunneling has been made available for that task.

However, the key point here is the compression. When running a NX connection, we open a communication channel, running a custom application in the remote machine (for example, we can open the desktop environment, and work as if we were sitting in front of the remote machine), and all the information is compressed, so that the responsivenes of the remote application is as close as possible to applications run in the local computer.

Even though the core NoMachine’s NX code is free software, the client and the server themselves are not, I think. That is a pity, but free alternatives, such as FreeNX are being built upon the free core. From here I wish the best of successes for that project.

Posted in Evil software | Tagged: , , , | Leave a Comment »

Vista vs Mepis

Posted by isilanes on February 24, 2007

Wanna see how a humble GNU/Linux distro such as Mepis compares to Windows Vista? We are not talking of Ubuntu, Debian, Mandriva or SuSE Enterprise Edition here. No big-fat distros. Just Mepis, a distro that fits in a single CD that can be used to install it, or run it as a LiveCD.

You can read a throughout article at DesktopLinux.com. Enjoy!

Posted in Evil software, Free software and related beasts | Tagged: , , | Leave a Comment »

Malware: Vista Capable

Posted by isilanes on January 26, 2007

I read, via Kriptopolis (es), that “Tim Eades, senior vice-president of sales at security company Sana Security said that 38 per cent of malware is already Vista-compatible.”

Apparently, and according to an article at ITPro.co.uk, more malware than anti-malware has been already ported to Windows Vista.

Go, Vista, go!

Posted in Evil software | Tagged: , , , , | Leave a Comment »

Malicious BitTorrent clients

Posted by isilanes on January 21, 2007

Another post stressing the fact that freeware is not free software.

A while ago I warned about Browsezila (a freeware web broser, infected with malware), and now I warn about Bitroll and Torrent101. They are freeware, but, since they are proprietary, and closed source, no-one can read the code behind them. Is this important? Does someone actually read the code of free software programs? Well, it seems it is important, and it seems that free software programs do get read, because I am yet to see these problems in free BitTorrent clients.

Posted in Evil software | Tagged: , , , , | Leave a Comment »

PDF exploits for all readers and platforms?

Posted by isilanes on January 7, 2007

I have read in Kriptopolis some posts about new PDF exploits (in Spanish). The articles say that web broser PDF plugins are vulnerable, dedicated PDF readers are also vulnerable, and new exploits may be created. The Kriptopolis site keeps on talking about new vulnerabilities in PDF documents, and how they affect all platforms. Do they?

If you go to the SecurityFocus site, where they cover the new, you can download an example PDF, that exploits this vulnerability. If you open it with any (vulnerable) PDF reader, the program will freeze, and the CPU usage will go over the roof.

Well, bold as I am, I did the test. I opened it with Acroread 7.0 for GNU/Linux and… it froze, and… the CPU usage hit the roof. I could not Ctrl-C the beast, and a kill would not kill it. Fortunately, a kill -9 did the job :^(

Now, I tried Evince:


Heracles[~/Downloads]: evince MOAB-06-01-2007.pdf
Error (3659): Illegal character ')'
Error (0): PDF file is damaged - attempting to reconstruct xref table...
Segmentation fault

and Xpdf:


Heracles[~/Downloads]: xpdf MOAB-06-01-2007.pdf
Error (3659): Illegal character ')'
Error (0): PDF file is damaged - attempting to reconstruct xref table...
Segmentation fault

Ta-chan!! Yes, they crash, but refusing to open the damned thing! They both complain, and don’t fall for it.

Perhaps it’s worth reminding the reader that Evince and Xpdf are free software, whereas Acroread is not. Acroread is merely free of charge, but not free as in freedom.

Posted in Evil software | Tagged: , , , | Leave a Comment »

 
Follow

Get every new post delivered to your Inbox.