Article 43

 

Tuesday, April 22, 2008

DNS Abuse Just Got Worse

Save

ISPs like EMBARQ and their SANDVINE BASED solution using Sandvine’s DNS REDIRECTION SERVICE to make a buck, is putting us all in jeopardy.

---

ISPs’ Error Page Ads Let Hackers Hijack Entire Web, Researcher Discloses

By Ryan Singel
Wired
April 19, 2008

Seeking to make money from mistyped website names, some of the United States’ largest ISPs instead created a massive SECURITY HOLE that allowed hackers to use web addresses owned by eBay, PayPal, Google and Yahoo, and virtually any other large site.

The vulnerability was a dream scenario for phishers and cyber attackers looking for convincing platforms to distribute fake websites or malicious code.

The hole was quickly and quietly patched Friday after IOACTIVE security researcher Dan Kaminsky reported the issue to Earthlink and its technology partner, a British ad company called BAREFRUIT

Earthlink users, and some Comcast subscribers, were at risk.

Kaminsky warns that the UNDERLYING DANGER LINGERS ON.

“The entire security of the internet is now dependent on some random-ass server run by some British company,” [or SANDVINE - ed.] Kaminsky said.

At issue is a growing trend in which ISPs subvert the Domain Name System, or DNS, which translates website names into numeric addresses.

When users visit a website like Wired.com, the DNS system maps the domain name into an IP address such as 72.246.49.48. But if a particular site does not exist, the DNS server tells the browser that there’s no such listing and a simple error message should be displayed.

But starting in August 2006, Earthlink instead intercepts that Non-Existent Domain (NXDOMAIN) response and sends the IP address of ad-partner Barefruit’s server as the answer. When the browser visits that page, the user sees a list of suggestions for what site the user might have actually wanted, along with a search box and Yahoo ads.

The rub comes when a user is asking for a nonexistent subdomain of a real website, such as webmale.google.com where the subdomain webmale doesn’t exist (unlike, say, mail in mail.google.com). In this case, the Earthlink/Barefruit ads appear in the browser, while the title bar suggests that it’s the official Google site.

As a result, all those subdomains are only as secure as Barefruit’s servers, which turned out to be not very secure at all. Barefruit neglected basic web programming techniques, making its servers vulnerable to a malicious Javascriptattack.  That meant hackers could have crafted special links to unused subdomains of legitimate websites that, when visited, would serve any content the attacker wanted.

The hacker could, for example, send spam e-mails to Earthlink subscribers with a link to a webpage on money.paypal.com. Visiting that link would take the victim to the hacker’s site, and it would look as though they were on a real PayPal page.

Kaminsky demonstrated the vulnerability by finding a way to insert a YouTube video from 80s pop star Rick Astley into Facebook and PayPal domains. But a black hat hacker could instead embed a password-stealing Trojan. The attack might also allow hackers to pretend to be a logged-in user, or to send e-mails and add friends to a Facebook account.

Earthlink isn’t alone in substituting ad pages for error messages, according to Kaminsky, who has seen similar behavior from other major ISPs including Verizon, Time Warner, Comcast and Qwest. Earlier this month, Network Solutions, one of the net’s largest domain name registrars, was caught creating link farms on nonexistent subdomains of websites owned by its own customers.

DNS expert Paul Vixie, who is the president of the nonprofit Internet Systems Consortium, says the problem Kaminisky found isn’t with the core internet protocols, which he could fix, but instead is a “problem EXACERBATED BY INAPPROPRIATE MONETIZATION OF CERTAIN DNS FEATURES.”

Vixie compared this ISP behavior to VERISIGN’S 2003 SITEFINDER project, which it unilaterally launched in September 2003 and then SHUT DOWN a month later.

In that case, VeriSign, which controls the sales of .com and .net top-level domains through a contract with the U.S. government, began directing users who mistyped domains names to its own servers, where it presented paid search results.

The move outraged the technical community and eventually led to an ICANN COMMISSION REPORT (.pdf) condemning the practice and an unsuccessful VeriSign lawsuit against ICANN.

“Sitefinder showed that [Non-Existent] domain re-mapping is bad for the community,” Vixie said. “This would be an example of why it is bad.”

While Barefruit fixed the immediate Javascripthole, the underlying problem—that large ISPs are ignoring a core internet practice to make money and pretending to be sites that don’t exist—means every site on the net remains vulnerable in ways they have no control over, according to Kaminsky.

Kaminsky said he’d talked this week to many internet companies who were pissed, though not at him.

“I can’t secure the web as long as ISPs are injecting other content into web pages,” he said.

The hole shows the risks of allowing ISPs to violate NET NEUTRALITY principles that seek to keep the internet a series of dumb pipes, according to Kaminsky.

“We offer DNS error functionality for our customers through Barefruit to enhance our users’ experience, and we work closely with Barefruit to provide a safe and convenient way for them to find the destination they’re looking for online,” Earthlink spokesman Chris Marshall said via e-mail. “We believe that the service provides a positive experience for our Internet users.”

Barefruit echoes the sentiment.

“Barefruit endeavors to ensure online security while providing an improved internet user interface by replacing unhelpful and confusing error messages with alternatives relevant to what the user was seeking,” Barefruit’s Dave Roberts said via e-mail.

For Vixie, however, the issue is simple.

“I really feel if someone goes to a website that does not exist, they ought to see an error message,” Vixie said.

Earthlink customers who do not wish to use the service can instead use different Earthlink DNS servers. Anyone can also use OpenDNS, a start-up that also provides ad pages on domains that don’t resolve, but does so without pretending to be the other site.

The news of the massive security breach by compromising net nuetrality for profit comes just two days after the Federal Communication Commission held a HAND-WRINGING PUBLIC FORUM at Stanford University over whether it should punish Comcast for its violation of standard internet practices. The broadband provider was caught sending fake packets to its users in order to reduce the bandwidth consumed by peer-to-peer applications.

Kaminsky is demoing the hole publicly on Saturday at the TOORCON SECURITY CONFERENCE in Seattle.

Kaminsky, a well-respected security expert, is perhaps best known for cleverly proving that a spyware rootkit Sony included on music CDs infected computers in more than half a million computer networks in 2005.

“There’s no contractual obligation for ISPs not to change content and inject ads,” Kaminsky notes.

For its part, Earthlink says the Barefruit ad pages are useful to users.

SOURCE

---

Money-Hungry ISPs Sacrifice Customer Safety To Make A Buck

By Joel Hruska
ARS Technica
April 21, 2008

ISP’s have long sought to monetize their consumer’s “Internet experience"there’s a reason why Bellsouth/AT&T will offer to set your homepage to http://www.bellsouth.net when you install the company’s software instead of, say, CNN - but certain internet service providers have apparently gone too far in their search for additional revenue streams. ACCORDING TO DAN KAMINSKY and Jason Larsen and as REPORTED by the Washington Post, certain ISPs have turned the responsibility of ad streaming over to a third-party vendor, Barefruit, who managed to bungle the job.

A number of ISP’s have adopted the now-common practice of injecting ads into the browser when a user reaches a page that doesn’t exist. One of the trends Kaminsky and Larsen identified, however, is that this practice has been extended to the subdomain level. For example, http://www.gamingwebsite.com might be a valid URL (it isn’t in real life), but http://games.gamingwebsite.com could be an an unassigned sub-domain that the ISP has converted into an advertising platform without the knowledge of the site owner.

The ads, moreover, aren’t always being handled by the ISP itself. Qwest, Verizon, and Earthlink have all contracted with a company named Barefruit to handle their advertising interests. This, in and of itself, has caused some problems. While investigating the subdomain advertising issue, Kaminsky and Larsen discovered that Barefruit’s ads were vulnerable to cross-scripting exploits that allowed the two men to force the ads to load content from other locations. In this case, clicking a link at http://games.gamingwebsite.com might take you to a legitimate web sitebut with a bug attached. Once activated, a cross-scripting exploit can accomplish a wide range of tasks, and might be used to display different ads on a web site, sniff cookies off the system, or download other spyware/malware.

This, surprisingly, is not the major issue. The Kaminsky-Larsen team may not have been thrilled to discover a vulnerability in Barefruit’s advertising service, but they commended the company for fixing the problem in less than half an hour after being made aware of it. The greater problem with this type of advertising contract is that the ISP in question has effectively turned the security of its customers over to a third party. In this case, a vulnerability in Barefruit’s ad-serving system had placed customers of Earthlink, Qwest, and Verizon in danger of being compromised, and neither the ISPs nor their customers were aware of it.

This isn’t the first time we’ve seen evidence of site-altering behavior. A collaborative STUDY between the University of Washington and the International Computer Science Institute found that approximately 1.3 percent of the data flowing across the ‘Net at any given time is altered in-flight between its source and its destination. Many of these alterations are not malicious, but ad injection is one factor responsible for changes that occurred as the requested information flowed down the Internet tubes.

The best way to avoid these problems is to handle such online advertising in-house. If that’s not an option, ISPs should, at a minimum, create better lines of communication between themselves and their advertising companies. Malware authors have already done a fine job seeding the Internet with traps set to snare the unwary; the last thing consumers need is to have their online security further jeopardized by a company that’s supposedly one of the good guys.

SOURCE

DNS INVENTOR WARNS OF NEXT BIG THREAT
EMBARQ’S DNS ABUSE

READ MORE...
Posted by Elvis on 04/22/08 •
Section Privacy And Rights • Section Broadband Privacy
View (0) comment(s) or add a new one
Printable viewLink to this article
Home

Monday, April 21, 2008

Flattening Another Education Myth

homework.jpg

Report distorted the debate
Education reform is no cure-all for low-income, low-achieving schools

By Lawrence Mishel
Economic Policy Institute
April 18, 2008

FOR A QUARTER CENTURY, A Nation at Risk has set the terms of debate on education, with mixed results. Risk inspired reformers to prescribe high-stakes testing, culminating in No Child Left Behind. Schools are cutting back history, civics, the sciences, art and music, just to prepare for tests in math and reading.

Worse yet, Risk has distorted the debate on economic policy. In 1983, the economy really was at risk. Industries such as auto, steel, consumer electronics, and clothing and textiles were closing factories; unemployment approached 10%; and workers’ wages were flat lining.

Risk offered an explanation that was simple, seductive and wrong. The report claimed that increased market shares for Japanese automobiles, German machine tools and Korean steel reflected those nation’s superior schools. This analysis should have seemed flimsy then - and foolish later.

Didn’t automakers move plants to Mexico, where education levels are lower than in the USA? Meanwhile, foreign and domestic manufacturers set up low-wage, non-union factories in the southern states, where the schools were worse than in the industrial Midwest. Then, a decade after Risk was released, American workers’ productivity increased dramatically. Presumably, the graduates of the same schools that Risk decried were mastering modern technology.

Now that the economy is in a tailspin, Bush administration officials are blaming the schools. Yes, we need to improve education from kindergarten through grade 12, as well as expand opportunities for college education and career training. But we also need to fix the credit crisis, expand health coverage, renegotiate unfair trade deals, invest in transportation and technology, and restore workers’ rights to organize unions and bargain for better pay and benefits.

In fact, education reform, by itself, isn’t even the cure-all for low-performing schools in low-income neighborhoods. Kids in these communities need better nutrition, health care and dental care so that they can come to school ready to learn. As long as adults don’t have decent jobs with health coverage, children will have a hard time breaking the cycle of poverty. That’s a sobering thought on the 25th anniversary of A Nation at Risk.

SOURCE

Related Articles
FLATTENING THE GREAT EDUCATION MYTH
2008 JOB OUTLOOK
RISING OF THE TELECOM UNDERCLASS PART 7

Posted by Elvis on 04/21/08 •
Section Dying America
View (0) comment(s) or add a new one
Printable viewLink to this article
Home

Sunday, April 20, 2008

Looking For Reasons To Keep Away From MS Office? Part 2

badwindows.jpg

KB949810 Breaks Office Applications

Last Tuesday at work, our eagle-eyed sysadmin spotted and and stopped another piece of POORLY-IMPLEMENTED Microsoft anti-piracy software - masquerading as a critical system patch - from automatically installing itself on our 150+ workstations, else we may have lost our ability to use Microsoft Office - or worse.

Apparently Microsoft’s new OFFICE ANTI-PIRACY PILOT PROGRAM meant for four overseas countries - accidently got released to everyone, including US business customers using WINDOWS SERVER UPDATE SERVICES for patch management - causing a lot of pain to those whose computers got infected with their newest bug-ridden spyware - from errors to false positives - breaking installed MS office apps.

From Ed Foster’s GRIPELINE:

On April 15th, a day when many of us are busy enough as it is, a reader saw a “critical update” for Microsoft Office in Windows Software Update Services (WSUS). As he always tries to keep the Windows and Office users at his company up-to-date, he started to download it until he saw it was something called Office Genuine Advantage Notifications (KB949810). The reader is familiar with OGA and was certain all of his Office installations were good, but he also knew he wanted no part of OGA Notifications.

I called Microsoft and found out that by mistake the OGA Notification software was available to all briefly on tax day. “The Office Genuine Advantage notifications update (KB949810) is intended only for Microsoft Office users in Italy, Spain, Turkey and Chile,” said Cori Hartje, director of Microsoft’s Genuine Software Initiative. “For a short time on the 15th of April, it was made available to users in other countries. A number of users who proactively sought product updates in this time frame were able to download Office Genuine Advantage notifications. We commend those users who actively seek product updates and apologize for any inconvenience or confusion this update may have created. We have taken steps to limit access to this update only to those users in Italy, Spain, Turkey and Chile.”

Some horror stories can be found HERE and HERE on Microsoft’s WGA FORUM:

Well I live in England, and we are if we’re not English speaking I don’t know who is!

Update KB949810 arrived via WSUS yesterday and now all my XP workstations running Word 2002 are telling me it needs activating. The only problem is that the software is genuine and was activated 3 years ago.

Mark

---

I submitted a support request, but another kicker is that you can’t paste the results from the diagnostics tool because there’s a 3500 char limit on the support request.  Nice going.

I can’t use my office applications, and so far (luckily) I’m the only one at my organization who’s affected.  There hasn’t been a fix for this released, nor has there been instructions on how to remove it.

At the VERY LEAST, can you please just publish how to remove this update as it’s not listed a) in my add/remove programs, nor b) in a $NtUninstall folder.

Thank you,
Jeff

---

Problem: The product key used to install Office has been identified by Microsoft as a key that was issued to a large, corporate customer. This key is reserved for the exclusive use of this customer, and cannot be used to install other copies of Microsoft Office.

Solution: If your computer belongs to a large organization and you believe you are receiving this message in error, talk to your system administrator.

Bigger problem - I am the system administrator and I don’t know the answer either!!!  I have 100s of systems now giving me errors.  These are US Government computers with legitimate licenses!  MS needs to fix this FAST!!!

James - US Army

---

I am an OBA developer, so I have Office set to alert me when there is an add-in error at startup.  After installing KB949810, I receive numerous error dialogs after opening Office applications with the following info.

Title: Custom UI Runtime Error in Office Genuine Advantage Add-in
Error found in Custom UI XML of “Office Genuine Advantage Add-in”:

I have screen shots and more details on MY BLOG.

Andy

---

I too received this update, I tested it on a couple of Dell’s with Office preinstalled (OEM) and one PC has come back not genuine even though I have the license key and disk in my hand from Dell so this update does not accurately reflect MS Office licensing status correctly (like I’m surprised). My suggestion is to decline that update (KB949810) and not install it anywhere. Luckily I took backup images of the test machines so I’m restoring the problem PC as we speak. Thanks Microsoft!!!! I just wish you guys would give up on this whole “genuine advantage” farce because all it does is harass the paying customers while doing zero to stop people from using your software illegally. Genuine Advantage is a failure, will always be a failure and has no chance of being successful in anyone’s lifetime. The writing’s on the wall, time to lay GA to rest. I’m including a link to the Microsoft GA Blog, go over there and rip this guy a new one, he deserve’s it for believing in this whole stupid GA project is actually helping people........

ioniancat21

---

It seems that the add-in is continuously readding itself.  Even after removing the add-in, after I close the Office app and reopen it, it comes back, now.  I’ve seen this behavior before, but that was always in malware.

How do I uninstall this KB permanently?  Especially since I NEVER SHOULD HAVE RECEIVED IT IN THE FIRST PLACE.

Andy

---

There are a few things that really gall me about this whole issue:

This update was deployed as a CRITICAL Update? While this may be critical to Microsoft’s bottom line, any clear thinking IT person would assume (silly me) that a critical update would be critical to IT in the sense of stability or security. I would suggest a new classification of update titled “Revenue Generation”. As a corporation, we have exerted much blood, time and money on compliance. Doing everything possible to be a good corporate citizen to be treated like this.

Again, ANOTHER problem with WSUS distribution control. They got a pass on the 1st error. As my corporations WSUS Admin, I am considering suggesting using WSUS to block updates, not distribute them!

There is nothing more frustrating than being a loyal customer only to be treated poorly and incompetently.

Chris Edwards

---

Paul,

thanks for replying. In the mean time I have found out that this is normal: Normal for Microsoft, not for us though.

Normal companies will have their Enterprise licenses in place (so do we) and do not really appreciate it when all of a sudden 2 tasks are running without knowing exactly what they are doing: It does NOT fit in our security plan and I have this on over 400 computers updated through our WSUS servers without user interaction!.

Can I delete them? Is OGAVerify.exe really just checking the licenses?

I have problems with the office products: Opening an Office Application brings up an addin as macro called OGAAddin.dll, a part of this so called critical update. Normal procedure is to disable these kind of macros when they come up. This macro does not really care though and will come up every time I start an Office application.

This ‘not wanted’ update causes me a lot of work, that is not really planned on. Do you understand that I would like to have this update OUT of my systems again? So the question again: What can be done to reverse this?

What will Microsoft do to help?

Wim

---

Microsoft released an alleged fix HERE.

We have FEDORA and OPEN OFFICE ready to install on our workstations - waiting for the day all our Windows computers stop working for whatever reason.

It’s just a matter of time.

Looking For Reasons To keep Away From MS Office?
PART 1 - PART 2

Looking For Reason to Keep Away From Windows?
PART 1 - PART 2 - PART 3 - PART 4 - PART 5
PART 6 - PART 7 - PART 8 - PART 9 - PART 10
PART 11 - PART 12 - PART 13 - PART 14 - PART 15
PART 16 - PART 17 - PART 18

MICROSOFT VS THE FREE WORLD
VISTA ACTIVATION WORRIES
VISTA ULTIMATUM
MICROSCUM’S PRODUCT ACTIVATION FAQ
WINDOWS PRIVACY FLEW OUT THE WINDOW
A CONTRACT ONLY MICROSOFT CAN BREAK
MICROSOFT WGA FORUM
MICROSOFT EMAIL SUPPORT
MICROSOFT FACES LAWSUIT OVER WGA
MICROSOFT DENIES WINDOWS XP KILL SWITCH
A GRIPELINE WGA POST
LAUREN WEINSTEIN’S WGA POSTS
GROKLAW - IT’S A MATTER OF INFORMED CONSENT
WGA - WORSE THAN EXTORTION
WINDOWS MEDIA PLAYER EULA
BAD VISTA DOT ORG




Posted by Elvis on 04/20/08 •
Section Privacy And Rights • Section Microsoft And Windows
View (0) comment(s) or add a new one
Printable viewLink to this article
Home

Adobe DRM Ills

I have a policy of not gracing ANY VENDOR that makes DRM-TAINTED software with any of my business. 

Here’s another case in point to back it up.

---

Adobe, Activation, and Aggravation
Binary Formations Blog
January 12, 2008

This is going to be a long and angry post. In fact, it is a masterpiece of vitriol concerning a technique that is being widely adopted by software companies to screw over their customers, with a focus on one such company in particular (*cough* Adobe, you freaking jerks *cough*). There are no unicorns or rainbows to be found here. You have been warned.

I have been trying to writethis blog post for over a week now, but every time I went to type the word Adobe my fingers instead found the combination of keys that made up two words, six letters each, the first being a type of parent. A decidedly less than wholesome, definitely not FCC-approved couple of words, apropos though they may be. Even now I have a hard time just saying the name without it coming out sounding like something that rhymes with other truckerђ.

Why am I so furious with Adobe? Activation, thats why. Activation, in its simplest form, is a piracy protection scheme based on a two key system. The first key is the product key or serial number you are given at the time of purchase. When you install the software and enter the key, the activation system contacts the vendor to see if the key is in the vendorҒs active list, indicating the software is already in use elsewhere. If the key does not appear in the vendors list as already being in use, you are given the second key, often referred to as an activation code. Sometimes you are given the second key directly, but most of the time it is sent back to the program under the covers and the user is never allowed to see it. In either case, both keys are required for the software to become activated, allowing the user full access to the program or features they paid to use.

The more complex forms of activation take the concept from the annoying, ғMother, may I please use this software I already paid for?, mechanism to a highly distilled form of binary evil (you can see that the 1s and 0s that make up the activation routines actually all have devil-horns, hooves, and pointed tails when you look at them under a microscope). Microsoft is widely considered to be the grand poo-bah, a master practitioner, of this form of activation by adding some innovative new twists to the scheme, such as having to reactivate if you make too many changes to your computerԒs hardware or risking the possibility of Vista going into an un-usable, so-called reduced-functionality mode if the scryers in Redmond determine your operating system is no longer genuine (supposedly service pack one for Windows Vista will contain a version of WGA that contains 50% less evil than the current version weגll have to wait and see).

As for Adobe, Im not entirely sure how far their activation mechanism goes. And though I have read quite a few anecdotal accounts of some of the onerous behavior employed by AdobeҒs activation system, I havent been able to verify any of it. I do know it goes well beyond the simple approach I described earlier. I also know that when it fails it can destroy your spirit, leaving behind a burned-out cynical husk that believes the world is actually some sort of gigantic torture device that exists solely for the amusement of its creator, which if I had to guess is probably the board of directors at Adobe.

A little over a week ago I was screwed over by activation twice in a period of ten minutes, first by MindVision and then by Adobe. IҒm not fond of either company anymore, but it is Adobe that has earned the bulk of my ire with its sucks to be youђ attitude when their activation systems fails and does so catastrophically (this is not hyperbole, the error message actually uses the word catastrophically).

So what happened? Well, I had installed Leopard on my MacBook Pro laptop just after it was released a few months ago. I like a clean system so it was a fresh install. Plus, it doesnt take long to re-install all of the applications I use and restoring custom settings is no big deal under OS X(unlike with Windows where application settings are stored in a multi-megabyte tree of confusion called the Registry).

Everything worked fine except FileStorm, the application I use to create the disk images for Home Inventory and tesl8. I kept getting an error number -2004 whenever I entered the serial number I was given when I purchased the product. I e-mail MindVision support and was told I needed to install an updated version of the eSellerate framework. Having a lot of other things to deal with at the time, I let it slide and didnҒt get around to it until it came time to push Home Inventory version 1.7 out the door.

Not wanting to create the disk image for the new Home Inventory version manually, I installed the updated framework, got FileStorm up and running, and was able to create the image file. Everything seemed fine until just after making the image file I tried to launch Dreamweaver and was greeted with this:

The licensing subsystem has failed catastrophically.Ӕ What a wonderful message! And it wasnt just Dreamweaver. Nope. It was every major component in Adobe Create Suite 3. Photoshop: Fail! Flash: Fail: Illustrator: Fail! Contribute and Acrobat: well, they would have failed IҒm sure, but those programs are such crap I didnt bother installing them. I paid for these applications and now after working just fine for months they all just up and quit.

Time to get in touch touch with AdobeҒs support, but first I needed to find out exactly what was in that framework MindVision had said I needed to install. A little poking around and IŒm sure you guessed by now what I found: FileStorm uses activation, albeit a simple version of the technique, and it was the activation mechanism that was failing. Bad MindVision! No more money for you! You guys are now on my do not buy fromђ list.

Before continuing with my story I need to take a moment to clear something up. I use eSellerate to handle the processing side of things when you purchase Home Inventory. When you buy a copy, you receive a serial number that you enter to remove the 25-item demonstration restriction. Home Inventory does not, nor will it ever, use activation. Nor does it require any external framework, server, or anything else. That serial number is all you need. It is validated locally in the application itself, using a simple mathematical algorithm. Home Inventory does not call home to Binary Formations, eSellerate, or anyone else to do this validation.

Back to the story. At this point I call Adobe support and am put through to a nice and apologetic first tier support person who gives me a few things to try to get the Creative Suite applications running again. Unfortunately none of those things work so I am transferred to a second tier support engineer who was a complete and utter douche bag.

The bulk of our conversation went something like this:

Complete Douche Bag: You need to try the next thing on the sheet.

Me: What next thing? What sheet?

CDB: (silence)

Me: Hello?!?

CDB: Did you do it yet?

Over and over this guy ignored my questions. Often I was met with silence and when he did manage to utter a response more often than not it had little to do with the question I had asked. I can only assume this guy was either distracted or stoned. Actually, Id guess it was a combination of the two: he was stoned and kept getting distracted by the little blinky thing on his computer screen (that would be the cursor, for those of you who work in second tier support at Adobe).

After some more prodding I was finally able to get him to explain the whole deal with this mythical ґsheet. It turned out to be a knowledge base article on what to do if you get an activation failure and you are a nice, honest person who does not want to steal from Adobe. It has six possible solutions for the problem. The last solution suggestions you uninstall the entire Creative Suite software and re-install it. Before doing so it tells you to do the following:

For all Creative Suite 3 applications: before you uninstall, you must deactivate the application. If you have an entire Suite installed, then you only need to deactivate from one application.

To deactivate the component or suite: From the CS3 application, Choose Help > Deactivate and follow the on screen instructions.

It made me actually want to cry. Not just tear up a little, but one of those down on your knees, head thrown back, snot coming out of your nose, arms raised toward the sky, screaming, ғWhy God? Why?, kind of cries. Adobe, in case you cannot figure out why this statement is so stupid, let me try to clarify it for you: I CANNOT DEACTIVATE THE APPLICATION BECAUSE I HAVE TO RUN THE APPLICATION TO DO IT AND YOUR DEVIL-SPAWNED LICENSING SYSTEM ALLOW ME TO! Is this a hard concept?!? Why donԒt you have an external tool that I can run to deactivate everything?

Unable to get any of the non-destructive solutions to work, the support guy told me to search for cs3 clean scriptӔ on the Adobe website and follow the instructions. If that didnt work he said I would need to reformat my hard drive and install everything again from scratch.

Are you freaking kidding me? Not only can this stupid activation software fail in such a way that I have to spend the better part of an hour on the phone with an absolute moron trying to get it working again, but it can fail so badly that I might have to re-install my entire system! A quick google search search showed that not only can AdobeҒs activation scheme fail so spectacularly, but it does a lot.

What irritates me to the point I am almost shaking with anger is this seems perfectly acceptable to Adobe. The donŒt care that they actually screw over paying, honest customers by wasting countless hours of their time, causing them to miss critical deadlines, and lose untold amounts of productivity just so they can thwart some software pirates. Way to go Adobe! Forgive me if I secretly hope you get hit with the mother of all class action lawsui s and lose.

But the insanity didnt stop there. Oh no. The article the support engineer had me search for is titled, Remove CS3 prerelease software (Creative Suite and individual applications). Say what? I tell him that this is not a pre-release version of CS3 and that I never had any pre-release versions of the software installed on this machine. His response is to go ahead and run it anyway. Oh what fun. Since it took so long for him to respond the question I had time to read through the knowledge base article and found something else to shake my faith in Adobe. Near the top of the article is this little warning:

Warning: Before you use the Adobe CS3Clean Script, it is critical that you back up your hard drive including all data, content, software programs, etc. Failure to do so, and failure to follow the instructions below, could result in a loss of the contents of your hard drive.

As you can imagine, this made just a teeny bit concerned about running the script. And what was Captain Herbal LifeҒs response when I asked him about the warning? IӒve never heard of that happening, but I guess it could. Delicious. Oh well, since it appeared that I had no alternatives left I hung up and prepared to torpedo my laptop.

With the CS3 suite uninstalled (though not deactivated), and against my better judgement, I fired up the clean script. It began with a license agreement, that of course you must agree to before it will do anything, that basically says no matter what kind of damage this thing does to your system, Adobe is not responsible so donԒt even try to hold them accountable. Pretty standard stuff. The rest of the process involved answering a few questions and then the scriptwent and did its thing.

Thankfully, it worked. When the scriptwas finished, I went through the CS3 installation process (which takes for-frickin-ever, by the way) and a few hours after this whole mess began, both FileStorm and the CS3 apps were working and I was able to finish up doing what I needed to do.

This is not the first time an activation failure has bitten me in my glorious behind. In fact is was MicrosoftҒs decision to put activation in Windows XP and the Windows versions of Office that led to me buying a PowerBook and making the Mac my computing platform of choice. At that point I had vowed never again to purchase any software that used activation or any other draconian anti-piracy scheme.

FileStorm was a mistake. If I had known it used an activation system I never would have purchased it. I know now and will not be doing business with MindVision in the future. I confess that I did know Adobes Create Suite 3 made use of activation. Normally I would never have even considered buying if not for one thing: AppleҒs transition to the Intel platform. Photoshop CS, which I would have been quite happy to continue using, ran like a dog on my MacBook Pro, so I put my principles aside and purchased CS3 as soon as it was available.

I did search for more consumer friendly alternatives to CS3 before it came out, but I couldnt find anything that fit the bill, especially for Photoshop. I know I wonҒt be upgrading to Creative Suite 4 or buying anything else from Adobe as long as they continue to use activation in their products. The good news is CS3 is feature-rich enough to stay useful for a long time. By then there should be some sort of viable alternative. Right? Anyone?

My experience isnt the only type of failure that can occur with activation. Some implementations wonҒt work with certain hardware setups (Adobes activation scheme has suffered from this), there can be clashes with other activation schemes, you can be stuck with useless software if the vendor doesnҒt update the activation system to work with newer operating system versions or if they just flat out quit supporting the product, and on and on.

Software vendors will tell you activation keeps honest users honest. This is utter garbage. By definition an honest user is, well, honest and there is no need for computer program to keep him that way. They also claim activation does not come at the expense of other features. Another lie. In the real world of commercial software development you do not have unlimited time and resources. Each feature takes time and resources to design, implement, test, document, maintain, and support. Activation is a feature just like any other. Depending how far a particular implementation goes, it activation can be a fairly complex feature to implement. The time and resources devoted to designing, implementing, testing, maintaining, and supporting an activation scheme could have been used for features users might actually find useful.

Activation helps prevent casual piracy by allowing software vendors to check up on where and when their software is installed. It is inconvenient enough to circumvent for the average user that many wont bother to even try. In this it is likely effective in its purpose. However, it does not in any way benefit the consumer who paid for the software. Sure, vendors talk a big game about how piracy keeps the price of software high, but have you ever heard of a major software vendor dropping the price of their wares after introducing activation? I didnҒt think so. Activation is of no use to the honest customer. At best it is an affront to his integrity by assuming he has none, but otherwise is harmless. At worst what I went through does not even begin to come close to the worst.

Shame on you software makers who use this junk. Shame on you for not treating your paying customers with more respect. And shame on those software reviewers who do not disclose whether or not the programs you are reviewing use activation. And for those that do, the activation scheme itself should be reviewed. Does it conflict with any particular hardware configurations or other software? What recourse does the customer have if it fails? Is access to free support available 24 hours a day, seven days week in case the licensing system stops working? Is there a guarantee in the license (not some PR personŒs word, but an actual legal statement) that the activation scheme will be disabled via an update if the company stops supporting the software? Not having the answers to these questions can lead to disaster when mission critical and production applications are involved.

Folks, this activation stuff is bad news. Avoid it if you can. Do not let software vendors treat you like a would-be thief when you know you are not. Dont let them put your productivity at risk.

SOURCE

GOOD SOFTWARE GONE BAD
MORE GOOD SOFTWARE GONE BAD
VSO AND SHARE-IT
SCREWED BY GOOGLE’S DRM
WINDOWS GENUINE ADVANTAGE
OFFICE GENUINE ADVANTAGE

Posted by Elvis on 04/20/08 •
Section Privacy And Rights
View (0) comment(s) or add a new one
Printable viewLink to this article
Home

Saturday, April 19, 2008

AT&T Layoff News 4/18/08

jobs.jpg

AT&T To Lay Off More Than 4,000 Employees.
Telecom giant will primarily target management in layoffs aimed at streamlining its operations

By Grant Gross
IDG News Service
April 18, 2008

Telecom giant AT&T plans to lay off 1.5 percent of its employees, primarily in management, in an effort to streamline its operations, the company announced Friday.

AT&T had about 310,000 employees at the end of 2007, meaning the layoffs would affect about 4,650 workers. The layoffs are the “next step” in STREAMLINING [US ed.] company operations in an effort to operate more efficiently after recent mergers between parent company SBC, the old AT&T and BellSouth, the company said in a filing with the U.S. Securities and Exchange Commission.

AT&T expects its total number of employees to remain stable in 2008 “as the company hires additional employees to support growth areas,” AT&T said in the filing. In 2007, the company added about 7,000 employees, said Walt Sharp, an AT&T spokesman.

“We do have a lot of growth in other areas,” Sharp said.

The company began notifying the affected employees on Friday, and AT&T gave the employees a 60-day notice, Sharp said. “The bottom line is that we remain one of America’s largest employers,” AT&T said in a statement. “And we are putting jobs where our customers are.”

The streamlining effort is focused on jobs that don’t interact with customers, the company said.

“This initiative is part of the company’s move from a collection of regional companies to one AT&T focused on customers,” AT&T said in the filing.

The layoffs mean AT&T will take a one-time charge of $374 million during the first quarter of 2008. AT&T is scheduled to announce its first-quarter earnings Tuesday.

AT&T reported a net income of $3.1 billion for the fourth quarter of 2007. It’s revenue for the quarter was $30.3 billion.

SOURCE

Posted by Elvis on 04/19/08 •
Section Dealing with Layoff
View (0) comment(s) or add a new one
Printable viewLink to this article
Home
Page 3 of 7 pages « First  <  1 2 3 4 5 >  Last »

Statistics

Total page hits 9702127
Page rendered in 1.9540 seconds
40 queries executed
Debug mode is off
Total Entries: 3222
Total Comments: 337
Most Recent Entry: 05/04/2020 08:41 am
Most Recent Comment on: 01/02/2016 09:13 pm
Total Logged in members: 0
Total guests: 7
Total anonymous users: 0
The most visitors ever was 172 on 12/25/2019 07:40 am


Email Us

Home

Members:
Login | Register
Resumes | Members

In memory of the layed off workers of AT&T

Today's Diversion

The stoical scheme of supplying our wants by lopping off our desires, is like cutting off our feet when we want shoes. - Jonathan Swift

Search


Advanced Search

Sections

Calendar

April 2008
S M T W T F S
   1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30      

Must Read

Most recent entries

RSS Feeds

Today's News

ARS Technica

External Links

Elvis Picks

BLS Pages

Favorites

All Posts

Archives

RSS


Creative Commons License


Support Bloggers' Rights