Slashback: Zip, Language, Opportunism

Slashback tonight brings you updates and corrections from recent and ongoing stories, including (this time around) non-silver silver paste, the return of the Orkut, Mike Rowe and his not-so-epic battle with Microsoft (one last time, I hope), the future of Zip for Microsoft Windows, and more. Read on below for the details.

Funny name, well-executed idea. YourMother writes "After almost 4 days of being offline, the social network Orkut is back online. The Orkut development team has been working nonstop since bringing it down on Sunday afternoon and quite a few new security features have been implemented to protect users information. Within the first 48 hours it was up, it gained almost 100,000 users, growing many times faster than other social networks like Friendster or Tribe. Did Google hit the social network bulls-eye?"

glinden points to a story with some more information about those security holes. "From the article, 'Sources close to Google suggest widespread XSS (cross-site scripting) hacks forced the closure of the service. It isn't clear how much personal data or communication was disclosed.'"

Playmate. Playmate, playmate playmate. An anonymous reader writes "A week after an appeals court ruling revived a Playboy Enterprises Inc. trademark infringement lawsuit against Netscape Communications Inc., the companies have reached a settlement in the case (See a ZDNet report) The terms of the settlement have not been disclosed. This puts an end to a closely watched case in the search engine advertising field. Several other lawsuits over misuse of trademarks in search engine ads are still in place. Google e.g. is embroiled in a lawsuit with Luis Vuitton regarding keyword-based ads in France and asked for a California court's ruling to back its trademark policy for AdWords after facing the threat of a lawsuit from American Blind & Wallpaper Factory Inc."

You have to admire such brave nomenclature. Michiel Frackers writes "Thanks for the link to my site, I got 3 gigabyte of traffic in a few hours! If I would have known, I would have written something in English. I have added an update about the Strangeberry product and its relation to Tivo at the URL you linked to.

I also included a link to my private blog (as www.frackers.com is more about my work in media & technology). Hopefully this clarifies some things for your readers, I did not intend to make this some kind of quest or game at all: it's just that I promised Arthur and his colleagues not to disclose what they are exactly doing, as you will understand."

And Anonymous joe writes with this link to an intriguing bit of Strangeberry speculation at the Register.

Nokia to port Python to Mobiles, not Perl An anonymous reader writes "Nokia was mistaken. In fact, El Reg reports that Python, not Perl, is the preferred language for scripting on its smartphone platforms. The availability of a Python implementation for mobile phones is part of a broader plan, including a JVM-based BASIC interpreter."

However, the Register article linked says that Perl is being considered, it's just that Python is being looked at as the primary language.

I wouldn't trust their pearls, either. Blade Leader writes "OCZ has issued a recall of OCZ Ultra 2 thermal paste after the Overclockers.com article on their lack of silver content. They blame the lack on their supplier, and claim they will be pursuing legal action."

A piece of history (or at least a piece of somethin' ...) Artemis writes "Searching along E-Bay and MikeRoweSoft.com I noticed that Mike Rowe has decided to sell the Microsoft Cease-and-Desist Letters and WIPO book he received on E-Bay. He is selling the WIPO book with the 25-page letter received from Microsoft's lawyers on January 14/2004.This inch-thick book contains copies of web pages, registrations, trade marks, other WIPO cases, emails between me and Microsoft's lawyers and much more. There are 27 annexes filled with information. This package also comes with the 25-page complaint transmittal coversheet that was sent with the inch-thick book."

What's wrong with gunzip, tar? whitefox writes "CNet News is reporting that PKWare & WinZip have settled their differences and will maintain Zip file compatibility for the foreseeable future with each supporting the other's security extensions. In addition, PKWare will include its SecureZip in the code it licenses to other software makers. This is good news in deed for users and developers alike!"

No Stranegberry content in Anonymous Joe's link

[winkydink]

Nice write-up on Netflix, but nothing really earth-shattering there either.

Re:Selling legal documents?

[Kilka]

Had you read the post you would have noticed that he's got two copies, one of which he is keeping for himself.

-Kilka

High ebay bid

[digital bath]

Wow. The highest bid on the cease and desist letter is currently $3,751.00. Not bad.

Re:Zip

[Anonymous Coward]

right click, send to -> 3 1/2 floppy A:

not that hard. no really - its quite easy!

Re:Hum...

[stephenisu]

While I am burning my karma .....
Slashback is a general summary of the last few days/weeks top stories that have a followup. Kinda like the update tag on FARK.com, but compressed into one stories heading.

Re:thoughts

[random_static]

tar -xzf tarfile.tgz path/to/thefileyouwant

that does unpack everything only to throw away all but the file you wanted, though. try unpacking only the middle-most file in the kernel source tarball, see how long it takes.

of course, zip has to put up with (very marginally) worse compression because each file is compressed individually to solve this problem. also, tarballs can be treated as streams since all the metadata is interleaved in with the files - a zip has all the directory data in dedicated portions of the file, which means you might have to seek backwards in certain situations. that, of course, is not always possible in some of the situations where a tarball will still work for ya.

Re:Zip

[pla]

Download 7-zip instead. Totally free, no fancy crap, and works great for all kinds of archives.

I'll second this. Since I started using it, 7z has become my archival tool of choice. Even for creating plain old .zip files, it gets around 10% better compression than anything else out there. And for it own .7z format, you can easily get 33% better, and I've seen more than 10 times better (7z includes solid archive support, one of the features people rave about in RARs (ick!), which for packing a collection of similar files in the same archive, means all of them after the first compress to almost nothing).


And, 7z exists as open source! Can't go wrong with that (unless you work for SCO).


One complaint, though, its GUI really sucks (or at least the last time I reinstalled it did, I haven't checked for a new one in a while). They need to make it behave more like the standard Windows Explorer view (not that I think the world of Windows Explorer, but on a 'doze system, for the most part you can count on "things having to do with files" behaving like it, by default)... Just the standard drag-n-drop behavior would make it 10x easier. But, I use it mostly from the command line anyway (Try doing that with WinZip), so the GUI doesn't bother me all that much.

Re:Zip

[stephenisu]

Just a public sevice announcement,
by going to http://www.winzip.com/wzcline.htm you can add command line support to WINZip.

Not trying to to be a jerk, just wanting to inform people who need to use it (Corporate policies... ewww)

Re:The Zip Rip

[Anonymous Coward]

Oh look, how cute. A bitter old SEA employee.

And now for the truth: the .zip format wasn't "perversely incompatable." It was intentionally different from .arc because SEA didn't like PKWare making interoperable software. So PK made .zip and released the specs and declared that it's ok if anyone wants to be compatable.

Re:thoughts

[DunbarTheInept]

that does unpack everything only to throw away all but the file you wanted,

Well, actually it only unpacks the stuff that comes before the file in the archive. If the file in question is near the top, most of the archive is not unpacked.

Re:Stupid Guy Asks...

[Anonymous Coward]

An XSS attack would have the "malicious user" (hacker) inserting Javascript into a page on the site.

Problems arise when a user hits the page the "malicious user" has tampered with. What can happen is:

- User's cookies (username/password) stolen (this is the most typical attack)
- User's browser window closes
- User is pushed to nasty pictures
- Basically anything the user can do the "malicious user" can do.

The main problem is cookie theft. Cookies are designed only to give their data if the site requesting them is the site that gave them. (Eg. Slashdot can't read your Hotmail cookies). But since the "malicious user" can execute code on the site that did give out the cookies, it can send that information to the "malicious user" in some way.

Re:Zip is old school

[value_added]

Someone correct me if I'm wrong, but I don't believe M$ has supported anything natively but its own .CAB format.

There was, however, the ZIP support that was added to XP, but that support seemed (at least to me) limited.

Re:Stupid Guy Asks...

[key45]

I'll bite:
What is Cross Site Scripting" [cgisecurity.com]

Re:thoughts

[lewiscr]

Actually, no. tar (Tape ARchiver) would still have to process all the crap in front to find the gzipped file.

tar made the assumption that it was sending/receiving it's data from a sequential access device, not a random access one. This assumption heavily influenced the file format. So even on a random access device, it still has to slog through the preceeding data to get what it wants. But it has some nice advantages for data recovery. If you lose half the tape, you can still get the files back on the part you have. It doesn't matter if you only have the first half, the last half, or the middle half. As long as the complete file exist on a piece of tape you have, you can get that file back.

Because of this, tar won't even exit early if you only want one file and it's at the beginning of the archive.

Watch:
crlewis@localhost % time tar tvf test1.tar
-rw-r--r-- clewis/users 439 2004-01-13 13:41:20 win2000Serv.cfg.bz2
-rw-r--r-- clewis/users 14735 2004-01-13 13:41:20 win2000Serv.log.bz2
-rw-r--r-- clewis/users 1006 2004-01-13 13:41:20 win2000Serv.nvram.bz2
-rw-r--r-- clewis/users 342346881 2004-01-13 14:09:11 win2000Serv.vmdk.bz2
0.080u 2.280s 0:13.95 16.9% 0+0k 0+0io 191pf+0w

crlewis@localhost % time tar tvf test2.tar
-rw-r--r-- clewis/users 342346881 2004-01-13 14:09:11 win2000Serv.vmdk.bz2
-rw-r--r-- clewis/users 439 2004-01-13 13:41:20 win2000Serv.cfg.bz2
-rw-r--r-- clewis/users 14735 2004-01-13 13:41:20 win2000Serv.log.bz2
-rw-r--r-- clewis/users 1006 2004-01-13 13:41:20 win2000Serv.nvram.bz2
0.170u 2.070s 0:13.59 16.4% 0+0k 0+0io 191pf+0w

clewis@localhost % time tar xvf test1.tar win2000Serv.cfg.bz2
win2000Serv.cfg.bz2
0.170u 1.940s 0:14.54 14.5% 0+0k 0+0io 250pf+0w

clewis@localhost % time tar xvf test2.tar win2000Serv.cfg.bz2
win2000Serv.cfg.bz2
0.160u 1.970s 0:12.31 17.3% 0+0k 0+0io 250pf+0w

It takes just as long to extract a single file from the beginning or end of the archive, and they both take the same amount of time as processing the whole archive. Now, extracting the whole archive is much slower, because that big file takes a lot of bidirectional Disk I/O, but it's the same time whether it's at the begin or the end.

Now watch this, we'll "Lose" the first 15KBytes, and everything after 30KBytes.

clewis@localhost % dd if=./test1.tar bs=1k skip=15 of=test1.1.tar
clewis@localhost % ls -la test1.1.tar
-rw-r--r-- 1 clewis users 15360 Jan 29 17:53 test1.1.tar
clewis@localhost % time tar tvf ./test1.1.tar
tar: This does not look like a tar archive
tar: Skipping to next header
-rw-r--r-- clewis/users 1006 2004-01-13 13:41:20 win2000Serv.nvram.bz2
-rw-r--r-- clewis/users 342346881 2004-01-13 14:09:11 win2000Serv.vmdk.bz2
tar: Unexpected EOF in archive
tar: Error is not recoverable: exiting now
0.010u 0.000s 0:00.03 33.3% 0+0k 0+0io 195pf+0w

I still got back the data that existed in the part that was saved. win2000Serv.vmdk.bz2 is corrupt, but win2000Serv.nvram.bz2 is fine.

Solid vs. segmented archives

[L. J. Beauregard]

I suppose by gzip and bzip2 you mean these two programs combined with tar. By themselves they compress only single files. In fact, on a single file, gzip achieves only slightly better compression than zip -- it uses the same compression method, and any improvement is solely due to its simpler structure. Bzip2 still gets somewhat better compression.

The .tar.gz and .tar.bz2 formats are "solid" archives: they enchain the files into a single archive, the .tar file, and then compress that as a whole. This allows them to achieve better compression because they can compress redundancies between files as well as within them. Zip, OTOH, is what I call a "segmented" archive: the files are individually compressed and the compressed images are enchained.

Solid archives can be smaller than segmented, but are more difficult to manipulate after the fact:

• To extract a single file from a solid archive, you have to read everything in the archive, at least up to the file you're extracting. A zip file has a directory at the end that quickly locates the desired file.
• To add, delete, or replace files in a preexisting archive, you have to decompress the whole thing, manipulate the files, and then compress the whole thing again. It can be done, but it's slow and can take up lots of disk space. Zip can do these things directly, leaving unaffected files unchanged.
• Finally, solid archives are more fragile than segmented ones. If a solid archive is damaged, everything from the point of the damage onward is lost. With zip, however, only the files at the damaged portion are lost, and subsequent files are still recoverable.

IIRC RAR can generate either a solid or a segmented archive.

Zip, furthermore, has a feature that can preserve arbitrary file metadata such as NTFS file permissions. Tar, OTOH, is meant for Unix, and can only preserve metadata relating to Unix.

There's no technical reason that you couldn't create a .zip.gz or .zip.bz2 file, getting a solid archive that preserves all the metadata, but alas, you'd probably confuse most people doing that :-(

Re:thoughts

[Brainchild]

What's wrong with gunzip, tar?

Have you ever tried to extract a single file from a gzip'ed tar archive? It's not possible without unpacking everything and throwing away the bits that you don't want.

First, use your computer's multitasking capability to uncompress and extract a tarball archive member at the same time:

gzip -dc blah.tar.gz |pax -r blah/haha.txt

Or, for those without the POSIX utility:

gzip -dc blah.tar.gz |tar xf - blah/haha.txt

Second, if you don't want to have to uncompress the entire archive, use gzip and tar in the reverse order (though admittedly without the pipe):

gzip -9 blah/*
pax -w blah.tar blah

You extract and uncompress in the reverse order. You also fail to compress header data (much like with zipfiles), fail to take advantage of redundant data between archive members (same as with zipfiles) and can still extract uncorrupted members from an archive where a compressed member has been corrupted (much like with zipfiles).

There's bzip2 as well. POSIX pax and Jrg Schilling's star [fokus.gmd.de] follow well-defined standards, and both are able to handle large (>2GB) files, as is bzip2. Last i knew, Info-Zip's zip and unzip showed their age and had troubles with files larger than 2GB on ILP32 platforms....

Re:What about infozip?

[DeadMeat (TM)]

There's actually 2 encrypted .ZIP formats: the announcement is just that PKZIP will read WinZip's format, and vice-versa.

WinZip's AES encryption is documented here [winzip.com]. PKWare's format is apparently proprietary.

Re:thoughts

[Daengbo]

Yeah, but, wow, you're tarring bzipped files, not bzipping a tarred file. The latter is the standard and what is built into tar, and (I undrstand) will render an archive unreadable pretty easily.

i'll invite whomever wants in

[shelleymonster]

yes, i'm in. shoot me an email [mailto] and you can be too.

Re:The Zip Rip

[AwesomeJT]

Up yours! SEA sued the hell out of PK because he made a superiour ARC program that actually worked. The folks at SEA didn't like that because they were losing customers. Not much competitions when you compare pricey crap to cheap stuff that works. Of course, PK had to settle b/c he was a small fry at that time and didn't have any money for legal fees. He was banned from making software that was compatible with ARC. SEA also won the source code that PK had developed -- gosh I wonder why? So, after a little bit, PK came out with the now famous PKZIP. He released it. Since he was banned from writting ARC compatible software, someone else wrote a nice utility to convert ARC to ZIP. For some reason, almost overnight, entire BBSes (pre-Internet days) were converted to ZIP. Nowadays, SEA and ARC are only footnotes in the annuals of computing history. Long forgotten and relatively unknown by today's Internet generation. The story almost feels like our SCO vs Linux issue of today. Historical Deja Vu.