Slashback: Zip, Language, Opportunism 321
Funny name, well-executed idea. YourMother writes "After almost 4 days of being offline, the social network Orkut is back online. The Orkut development team has been working nonstop since bringing it down on Sunday afternoon and quite a few new security features have been implemented to protect users information. Within the first 48 hours it was up, it gained almost 100,000 users, growing many times faster than other social networks like Friendster or Tribe. Did Google hit the social network bulls-eye?"
glinden points to a story with some more information about those security holes. "From the article, 'Sources close to Google suggest widespread XSS (cross-site scripting) hacks forced the closure of the service. It isn't clear how much personal data or communication was disclosed.'"
Playmate. Playmate, playmate playmate. An anonymous reader writes "A week after an appeals court ruling revived a Playboy Enterprises Inc. trademark infringement lawsuit against Netscape Communications Inc., the companies have reached a settlement in the case (See a ZDNet report) The terms of the settlement have not been disclosed. This puts an end to a closely watched case in the search engine advertising field. Several other lawsuits over misuse of trademarks in search engine ads are still in place. Google e.g. is embroiled in a lawsuit with Luis Vuitton regarding keyword-based ads in France and asked for a California court's ruling to back its trademark policy for AdWords after facing the threat of a lawsuit from American Blind & Wallpaper Factory Inc."
You have to admire such brave nomenclature. Michiel Frackers writes "Thanks for the link to my site, I got 3 gigabyte of traffic in a few hours! If I would have known, I would have written something in English. I have added an update about the Strangeberry product and its relation to Tivo at the URL you linked to.
I also included a link to my private blog (as www.frackers.com is more about my work in media & technology). Hopefully this clarifies some things for your readers, I did not intend to make this some kind of quest or game at all: it's just that I promised Arthur and his colleagues not to disclose what they are exactly doing, as you will understand."
And Anonymous joe writes with this link to an intriguing bit of Strangeberry speculation at the Register.
Nokia to port Python to Mobiles, not Perl An anonymous reader writes "Nokia was mistaken. In fact, El Reg reports that Python, not Perl, is the preferred language for scripting on its smartphone platforms. The availability of a Python implementation for mobile phones is part of a broader plan, including a JVM-based BASIC interpreter."
However, the Register article linked says that Perl is being considered, it's just that Python is being looked at as the primary language.
I wouldn't trust their pearls, either. Blade Leader writes "OCZ has issued a recall of OCZ Ultra 2 thermal paste after the Overclockers.com article on their lack of silver content. They blame the lack on their supplier, and claim they will be pursuing legal action."
A piece of history (or at least a piece of somethin' ...) Artemis writes "Searching along E-Bay and MikeRoweSoft.com I noticed that Mike Rowe has decided to sell the Microsoft Cease-and-Desist Letters and WIPO book he received on E-Bay. He is selling the WIPO book with the 25-page letter received from Microsoft's lawyers on January 14/2004.This inch-thick book contains copies of web pages, registrations, trade marks, other WIPO cases, emails between me and Microsoft's lawyers and much more. There are 27 annexes filled with information. This package also comes with the 25-page complaint transmittal coversheet that was sent with the inch-thick book."
What's wrong with gunzip, tar? whitefox writes "CNet News is reporting that PKWare & WinZip have settled their differences and will maintain Zip file compatibility for the foreseeable future with each supporting the other's security extensions. In addition, PKWare will include its SecureZip in the code it licenses to other software makers. This is good news in deed for users and developers alike!"
No Stranegberry content in Anonymous Joe's link (Score:3, Informative)
Re:Selling legal documents? (Score:3, Informative)
-Kilka
High ebay bid (Score:2, Informative)
Re:Zip (Score:1, Informative)
not that hard. no really - its quite easy!
Re:Hum... (Score:2, Informative)
Slashback is a general summary of the last few days/weeks top stories that have a followup. Kinda like the update tag on FARK.com, but compressed into one stories heading.
Re:thoughts (Score:2, Informative)
that does unpack everything only to throw away all but the file you wanted, though. try unpacking only the middle-most file in the kernel source tarball, see how long it takes.
of course, zip has to put up with (very marginally) worse compression because each file is compressed individually to solve this problem. also, tarballs can be treated as streams since all the metadata is interleaved in with the files - a zip has all the directory data in dedicated portions of the file, which means you might have to seek backwards in certain situations. that, of course, is not always possible in some of the situations where a tarball will still work for ya.
Re:Zip (Score:3, Informative)
I'll second this. Since I started using it, 7z has become my archival tool of choice. Even for creating plain old
And, 7z exists as open source! Can't go wrong with that (unless you work for SCO).
One complaint, though, its GUI really sucks (or at least the last time I reinstalled it did, I haven't checked for a new one in a while). They need to make it behave more like the standard Windows Explorer view (not that I think the world of Windows Explorer, but on a 'doze system, for the most part you can count on "things having to do with files" behaving like it, by default)... Just the standard drag-n-drop behavior would make it 10x easier. But, I use it mostly from the command line anyway (Try doing that with WinZip), so the GUI doesn't bother me all that much.
Re:Zip (Score:4, Informative)
by going to http://www.winzip.com/wzcline.htm you can add command line support to WINZip.
Not trying to to be a jerk, just wanting to inform people who need to use it (Corporate policies... ewww)
Re:The Zip Rip (Score:1, Informative)
And now for the truth: the .zip format wasn't "perversely incompatable." It was intentionally different from .arc because SEA didn't like PKWare making interoperable software. So PK made .zip and released the specs and declared that it's ok if anyone wants to be compatable.
Re:thoughts (Score:5, Informative)
that does unpack everything only to throw away all but the file you wanted,
Well, actually it only unpacks the stuff that comes before the file in the archive. If the file in question is near the top, most of the archive is not unpacked.
Re:Stupid Guy Asks... (Score:1, Informative)
Problems arise when a user hits the page the "malicious user" has tampered with. What can happen is:
- User's cookies (username/password) stolen (this is the most typical attack)
- User's browser window closes
- User is pushed to nasty pictures
- Basically anything the user can do the "malicious user" can do.
The main problem is cookie theft. Cookies are designed only to give their data if the site requesting them is the site that gave them. (Eg. Slashdot can't read your Hotmail cookies). But since the "malicious user" can execute code on the site that did give out the cookies, it can send that information to the "malicious user" in some way.
Re:Zip is old school (Score:2, Informative)
There was, however, the ZIP support that was added to XP, but that support seemed (at least to me) limited.
Re:Stupid Guy Asks... (Score:3, Informative)
What is Cross Site Scripting" [cgisecurity.com]
Re:thoughts (Score:3, Informative)
tar made the assumption that it was sending/receiving it's data from a sequential access device, not a random access one. This assumption heavily influenced the file format. So even on a random access device, it still has to slog through the preceeding data to get what it wants. But it has some nice advantages for data recovery. If you lose half the tape, you can still get the files back on the part you have. It doesn't matter if you only have the first half, the last half, or the middle half. As long as the complete file exist on a piece of tape you have, you can get that file back.
Because of this, tar won't even exit early if you only want one file and it's at the beginning of the archive.
Watch:
crlewis@localhost % time tar tvf test1.tar
-rw-r--r-- clewis/users 439 2004-01-13 13:41:20 win2000Serv.cfg.bz2
-rw-r--r-- clewis/users 14735 2004-01-13 13:41:20 win2000Serv.log.bz2
-rw-r--r-- clewis/users 1006 2004-01-13 13:41:20 win2000Serv.nvram.bz2
-rw-r--r-- clewis/users 342346881 2004-01-13 14:09:11 win2000Serv.vmdk.bz2
0.080u 2.280s 0:13.95 16.9% 0+0k 0+0io 191pf+0w
crlewis@localhost % time tar tvf test2.tar
-rw-r--r-- clewis/users 342346881 2004-01-13 14:09:11 win2000Serv.vmdk.bz2
-rw-r--r-- clewis/users 439 2004-01-13 13:41:20 win2000Serv.cfg.bz2
-rw-r--r-- clewis/users 14735 2004-01-13 13:41:20 win2000Serv.log.bz2
-rw-r--r-- clewis/users 1006 2004-01-13 13:41:20 win2000Serv.nvram.bz2
0.170u 2.070s 0:13.59 16.4% 0+0k 0+0io 191pf+0w
clewis@localhost % time tar xvf test1.tar win2000Serv.cfg.bz2
win2000Serv.cfg.bz2
0.170u 1.940s 0:14.54 14.5% 0+0k 0+0io 250pf+0w
clewis@localhost % time tar xvf test2.tar win2000Serv.cfg.bz2
win2000Serv.cfg.bz2
0.160u 1.970s 0:12.31 17.3% 0+0k 0+0io 250pf+0w
It takes just as long to extract a single file from the beginning or end of the archive, and they both take the same amount of time as processing the whole archive. Now, extracting the whole archive is much slower, because that big file takes a lot of bidirectional Disk I/O, but it's the same time whether it's at the begin or the end.
Now watch this, we'll "Lose" the first 15KBytes, and everything after 30KBytes.
clewis@localhost % dd if=./test1.tar bs=1k skip=15 of=test1.1.tar
clewis@localhost % ls -la test1.1.tar
-rw-r--r-- 1 clewis users 15360 Jan 29 17:53 test1.1.tar
clewis@localhost % time tar tvf
tar: This does not look like a tar archive
tar: Skipping to next header
-rw-r--r-- clewis/users 1006 2004-01-13 13:41:20 win2000Serv.nvram.bz2
-rw-r--r-- clewis/users 342346881 2004-01-13 14:09:11 win2000Serv.vmdk.bz2
tar: Unexpected EOF in archive
tar: Error is not recoverable: exiting now
0.010u 0.000s 0:00.03 33.3% 0+0k 0+0io 195pf+0w
I still got back the data that existed in the part that was saved. win2000Serv.vmdk.bz2 is corrupt, but win2000Serv.nvram.bz2 is fine.
Solid vs. segmented archives (Score:5, Informative)
The .tar.gz and .tar.bz2 formats are "solid" archives: they enchain the files into a single archive, the .tar file, and then compress that as a whole. This allows them to achieve better compression because they can compress redundancies between files as well as within them. Zip, OTOH, is what I call a "segmented" archive: the files are individually compressed and the compressed images are enchained.
Solid archives can be smaller than segmented, but are more difficult to manipulate after the fact:
Zip, furthermore, has a feature that can preserve arbitrary file metadata such as NTFS file permissions. Tar, OTOH, is meant for Unix, and can only preserve metadata relating to Unix.
There's no technical reason that you couldn't create a .zip.gz or .zip.bz2 file, getting a solid archive that preserves all the metadata, but alas, you'd probably confuse most people doing that :-(
Re:thoughts (Score:1, Informative)
First, use your computer's multitasking capability to uncompress and extract a tarball archive member at the same time:
Or, for those without the POSIX utility:
Second, if you don't want to have to uncompress the entire archive, use gzip and tar in the reverse order (though admittedly without the pipe):
You extract and uncompress in the reverse order. You also fail to compress header data (much like with zipfiles), fail to take advantage of redundant data between archive members (same as with zipfiles) and can still extract uncorrupted members from an archive where a compressed member has been corrupted (much like with zipfiles).
There's bzip2 as well. POSIX pax and Jrg Schilling's star [fokus.gmd.de] follow well-defined standards, and both are able to handle large (>2GB) files, as is bzip2. Last i knew, Info-Zip's zip and unzip showed their age and had troubles with files larger than 2GB on ILP32 platforms....
Re:What about infozip? (Score:5, Informative)
WinZip's AES encryption is documented here [winzip.com]. PKWare's format is apparently proprietary.
Re:thoughts (Score:2, Informative)
i'll invite whomever wants in (Score:2, Informative)
Re:The Zip Rip (Score:2, Informative)