Month: April 2004

Posted on
by

I finally get around to downloading Mandrake Linux 10 Community Edition, and they release the “Official” edition.

(Mandrake has moved to a release model where they release a download-only “community” version, refine it and fix bugs for a couple of months, and then release the “official” version to put on CDs and sell in boxes. Essentially, it’s recognizing the fact that new bugs are always found shortly after release of any software, because the average user and average beta tester are not the same, and a lot more people will install the “final” version of a product than will beta test it.)

Posted on
by

Last week, Sci Fi Wire announced casting for Earthsea*, a 4-hour miniseries to air in December. This was promptly lost amid all the cries of “Why the frell is Sci Fi picking up the Farscape miniseries?”

(Trying to keep this spoiler-free for those who haven’t read the books…)

As I understand it, they are only adapting the first two books. This in itself is odd, as the original trilogy is essentially one work about Ged’s life – youth, adulthood, and age – and key events in his life’s quest. Additionally, the books serve as a travelogue, and by the end of the trilogy you’ve seen nearly every part of the Archipelago. When originally announced (three years ago!) in May 2001, they planned to adapt all three novels*, and announced it as a 6-hour mini when Philippa Boyens was attached to the project* in August of that year. Well, we’re only getting 4 hours, and there’s been no mention of Boyens at all in the last two press releases. (I imagine if she were still on board, they’d be shouting about the Oscar-winning screenwriter.)

Presumably someone declared they were only getting 4 hours, and they decided it would be better to give full time to two books than chop up all three.

Casting includes Shawn Ashmore (Bobby/Iceman in X-Men) as the young wizard Sparrowhawk, Danny Glover as his master Ogion (from book one, A Wizard of Earthsea, and Kristin Kreuk as his opponent/ally Tenar (from book two, The Tombs of Atuan).

Glover sounds like a good choice, and Ashmore should do well at least as the younger Ged. I’ve never actually watched Smallville, so I’m not familiar with Kreuk’s acting.

What’s interesting about this casting is that they’ve (sort of) reversed the races of Tenar and Ged. Earthsea is set in an island archipelago not unlike the South Pacific, and the people tend to look like Pacific Islanders, with skin ranging from light brown or red to dark brown. Tenar’s people are considered unusual for having very light skin (and sometimes blond hair, though Tenar’s is black). When she becomes known outside her homeland, they call her the White Lady. Ged is often described as having red skin. It’s probably a business decision to maximize viewership, since there is a prevalent notion that films with minority leads are geared toward that minority. [Edit: I regret that this didn’t make me angrier at the time, rather than just reacting as “huh, that’s weird.”]

Anyway, I’m straddling the line between cautiously-optimistic and cynical. Hey, if nothing else, knowing the series was finally on its way prompted me to pick up the books again.

Look in the Sci-Fi/Fantasy section for Ursula Le Guin.

*In 2009, when SciFi changed their name to SyFy, they dropped all their old news articles. Fortunately, archive.org has most of them.

Posted on
by

CNET posted an article today, Concern grows over browser security, about the rise in browser-based attacks (mostly spoofed sites for phishing, but also attempts to install viruses and other malware through web browser security holes).

What’s interesting about the article is that nowhere does it mention Mozilla, Opera or Safari.

Could it be that attacks through these browsers are less common than attacks through Internet Explorer, even adjusted for market share? (Sure, IE has more than 90%, but there are a lot of people using the others.)

Or could it be that the author has succumbed to the “Web Browser = MSIE” belief?

If nothing else, you’d think that their statistics would have a bit more information, but it’s a single number for “browser” attacks. Nothing more detailed than that.

To be fair, the press release doesn’t provide any better numbers. In fact, it mentions no browser by name at all. (One can hope their data is a bit more detailed, but the purpose of the study appears to have been to identify trends in types of attacks, not in the software targeted.) And yet IE is the only browser CNET mentions, despite the alternatives’ better security records.

Posted on
by

Apparently a security firm has discovered a way to trick Mac OS X into running a trojan horse. The technique involves creating a data file, but embedding a Carbon program in it. (Carbon is a programming interface aimed at making it easy to convert older Mac applications to run on Mac OS X without switching into Classic mode.)

According to Intego, Finder will see only the file type data display a spoofed icon identifying the file as (in their example) an MP3, but actually double-clicking on the file will cause the OS to notice the program code and run it. Their proof-of-concept code runs itself, then opens the file in iTunes in order to avoid looking suspicious.

This is very similar to a (fixed, but still present in a zillion unpatched systems) bug in Internet Explorer for Windows that was exploited by many mass-mailing viruses. In that case, IE would decide whether a file was safe by checking the MIME type sent by the server, then use the file extension to decide how to load the file. Viruses would generate messages embedding supposed MIDI files that Outlook would try to play, but instead of handing it to a MIDI player, it would ask the OS to open the file. Without the MIME info, Windows would see it was a program file and run the virus.

If this is confirmed, it will probably not be a vector for e-mail viruses, because the standard mail and web apps for Mac OS X don’t automatically run things the way Outlook, Outlook Express and Internet Explorer do.

No, the real danger will be viruses that spread through peer-to-peer file sharing networks. Download a supposed MP3 off of Gnutella, open up your music folder, double-click on it, and you’re infected.

Apple has said they “are aware of the potential issue… and are working proactively to investigate it.”

(Why is this news? Because it’s Apple, and because it’s so similar to a popular virus vector in Windows. Exploitable vulnerabilities are found so often in Windows I hardly blink.)

Updated slightly based on some real analysis (see comments).