Urgent Warning for Shareaza Users – Shareaza.com Hijacked

Shareaza, a popular file-sharing application that allows users to access Gnutella, Gnutella 2, ED2K (eDonkey) and BitTorrent networks has been hijacked by a company aiming to spread malware throughout the internet. The Shareaza.com site had been down since 22nd October 2007, however since 20th December, the domain has been hosting a scam site. Straight away you can tell something fishy is going on by the copyright notice on Shareaza.com:

© 1999-2008 Discordia Ltd. All rights reserved. See our Privacy Policy & License Agreement.

Users should be aware that Shareaza was always an open-source community project and so no company should have copyright to the web site and certainly “all rights reserved” looks out of place. Worst of all, the bastards changed the flag on the English language icon from a Union Jack to an American flag!

Shareaza Client Compromised – ShareazaV4.exe

It’s not just the web site that’s been compromised though. Somehow this Discordia crowd, who may (or may not) be a front for the French equivalent of the RIAA, have managed to use their ownership of the Shareaza.com domain to manipulate the update notification feature of Shareaza so that on opening the client users of Shareaza 2.3.0.0 and below are advised that a new version has been released and given the option to upgrade to version 4. Cleverly the message advises users to check the hijacked Shareaza.com site for further information. This version 4 (ShareazaV4.exe) is not a new version of Shareaza and should not be downloaded under any circumstances. Instead, users should upgrade to 2.3.0.1 from the real Shareaza site on Sourceforge (the filename is Shareaza_2.3.1.0_Win32.exe, though a x64 version is also available on the project site). This new version eliminates the aforementioned upgrade notice.

the software on offer from the hijacked site although labeled “ShareazaV4.exe”, is not Shareaza at all but likely a clone of the new malware infested iMesh/Bearshare client and should not be downloaded under any circumstances. Once installed, the software wants to install a search bar and make contact with a central server.
“Wildcard”

Breaking the Law

It turns out the owner of the Shareaza.com domain sold it to New York-based Discordia ltd who are using it to promote a file-sharing application that installs all sorts of other applications (including third-party ones) on an infected system. There have been claims that the Discordia software hosted at Shareaza.com is illegal and breaks the terms of the GPL, the licence under which genuine versions of Shareaza are released, as well as violating the United States’ Digital Millenium Copyright Act.

Hopefully the Shareaza community can win their legal challenge, however they are loose-knit and may find it difficult to organise. Initially I wondered if they should give up and rebrand altogether, possibly the path of least resistance. Doing that, however, would not only be allowing the vermin at Discordia to walk

all over them, but it could also leave them open to the same action again. Incidentally, Discordia is the Roman goddess of strife. I’m sure that’s not a coincidence.

I just hope this post helps spread the word. See also the forum discussions by Shareaza users on the Shareaza.com Takeover over at ShareazaSecurity.be.

OddsNPods.co.uk – Pretty Shite

On Wednesday 12th December I placed an order with OddsNPods.co.uk, whom I’d come across during a price comparison using Google. That was my first mistake. The item was a Christmas present for my girlfriend and I believed that by ordering almost 2 weeks before Christmas I was giving them plenty of time to dispatch before the last posting date (they say they post at the latest the end of the next working day).

By Friday I was starting to get worried that my order was still “Awaiting Dispatch” so sent a message via their contact form (ticking the “Urgent” box). On Monday morning still nothing so I called the number on their web site to be greeted by a foreign-sounding lady.

“Hello?” she said. Puzzled by the lack of a company-branded welcome, I went on to say I was calling about an order that hadn’t been dispatched to find out what was going on.

“What company are you calling?” she asked.

Getting suspicious now I asked her “What company is this?”

“I can’t tell you that information.”

WHAT?! Alarm bells were ringing now. I asked if this was OddsNPods and she said “No, it’s a different company,” although it didn’t sound like a company at all.

A quick google search revealed that OddsNPods were related to DataKits.co.uk, a company with whom some people had previously had problems (despite a supposedly good rating on Kelkoo). The WHOIS for OddsNPods revealed they were indeed part of DataKits but had hidden their phone number from the whois results because “The registrant is a non-trading individual who has opted to have their address omitted from the WHOIS service.”

I fired off an email to their email address (bypassing the online form this time), telling them if I’d heard nothing by the end of today I’d be taking matters up with my credit-card company, and then fired another email off to Nominet telling them to update their WHOIS entry (they’ve since done this and now show the address of OddsNPods.co.uk as: 9 Frensham Road, Southsea, Hampshire, PO4 8AD, which seems to be a residential address to me).

As of11:53 their web site seems to be down.

Warning: mysql_connect() [function.mysql-connect]: Can’t connect to local MySQL server through socket ‘/var/tmp/mysql.sock’ (11) in /home/oddsnpod/public_html/includes/functions/database.php on line 19
Unable to connect to database server!

Not reassuring!

Anyway, come Tuesday afternoon (pretty much a week after I placed the order) I finally heard back and they asked if I still wanted it.

I said if they could send it out first class the following day to go ahead with the order and they did. It arrived on Friday, safely in time for Christmas. It seems it’s not a scam after all but this “company” has serious customer service issues. Despite their good prices I’d think twice.

Buffalo Linktheater – Workaround for DivX Codec Issues

I was treated to a Buffalo Linktheater Wireless A & G (that’s the version with no DVD player, I think that was a US-only thing) media streamer by my wonderful girlfriend for Christmas. I’ll post a review (hopefully) in the near future, but first I need to get it set up properly. I successfully streamed some video files to it while at my parents’ house for Christmas week. I finally got round to setting it up in my own house tonight to discover a few kinks.

I have been using Windows Media Player 11 (as it’s already built in to Vista, it’s also a free download for XP) as the server to stream from. The problem is that when I tried to browse a particular folder the Linktheater seems to freeze for a while before opening it, and then showing it as empty. When I checked my PC an error message had appeared informing me that “Windows Media Player Network Sharing Service has stopped working”. On clicking “search online” for more information Windows informed me that:

This problem was caused by DivX Codec. DivX Codec was created by DivX, Inc..
DivX, Inc. is aware of this problem and working as quickly as possible to make a solution available.

The Application Event Log contains an entry for each crash with Event ID 1000 and Task Category 100 and a description something along the lines of:

Faulting application wmpnetwk.exe, version 11.0.6000.6324, time stamp 0x4549b540, faulting module divxdec.ax, version 6.8.0.0, time stamp 0x47547cff, exception code 0xc0000005, fault offset 0x0005c021, process id 0xe1c, application start time 0x01c84be4834cb5f8.

which doesn’t really help much.

Workaround

I split the folder in two, and one of the new ones worked fine. I continued like this until I had narrowed the culprit down to be one of two files. However at this stage the folders all displayed their contents fine, including the one containing only the suspects. Now they just wouldn’t play.

After a lot of moving files and much more crashing and restarting of the Windows Media Player Network Sharing Service, I narrowed the culprit down to a particular video file. I’m not sure what the problem was as it had worked fine when streamed from an XP computer also using Windows Media Player 11; in fact it was watched start to finish without any problems.

It may be an issue specific to Vista or the DivX 6.8 codec, either way I’m happy it’s sorted.

If anyone finds out any more about the cause of this kind of problem or a quicker solution, please do let me know. Meanwhile I hope the above helps someone. Oh and the Buffalo Linktheater Wireless A & G is available from Dabs for about £95.

Christmas Present from Orange?

A couple of months back I switched to Pay as you Go on Orange. This is my first time on a pre-pay mobile phone plan so I’m new to this lark. Anyway I just received a text that said:

Hi from Orange. You now have 60 free minutes to call your friends and family. This can be used to any network or landline within the UK at anytime. Enjoy.

My immediate reaction was concern that they’d given me talk time as a reward instead ofmy 300 texts for topping up by £10 in the month ending 12th December. I phoned 453 to confirm the message was genuine as it came from +447973100610 and not “Orange” or something similar (O2’s messages always had “O2” in the From field).

According to 453 I have 278 messages left to use by midnight on 10th January so that’s about right, but I also have “60 minutes of free calls to phones in the UK” to be used by midnight on 13th December 2008.

Nice one, but why?

I can only assume it’s a Christmas present of sorts, since there’s been no explanation in the text or at 453, and all bundle-related information seems to have dropped off the “My Account” section of their web site altogether. Since I refuse to pay 25p to talk to some muppet at Orange’s call centre unless I absolutely, no other choice, end of the world have to, and they refuse to answer account-related questions by email, I suppose it’ll have to remain a mystery.

Update: 17th December 2007

I’ve just received a text which seems to go some way to explaining the above.

From: Orange
Thanks for topping up. You have won 60 free minutes of talk time for 12 months. We will send yo ua text in the next few days and then they will be ready to use.

That’s handy since I’ve already used 8 of them!

Driven to Plus.net by Awful Tiscali Service

After a long time looking I’ve finally left Tiscali with whom I had broadband and phone for over 2 years and I can’t believe I lasted that long.

Terrible Tiscali

For the last 6 months (probably a lot longer) I’ve not been able to do anything but basic web browsing and emails from mid-afternoon until about midnight, each and every day. This means no Peer-2-Peer downloads (I couldn’t use the BBC iPlayer, for example, and I’m fairly sure Channel 4’s On Demand service uses the same technology). It means no online gaming on my PlayStation 2 or, more recently, my Nintendo Wii. For other users it seems they have problems with PC gaming.

I’d be a little annoyed that Tiscali offered me “unlimited” 2MB broadband and then deliberately restricted the speeds during peak times. I’d be quite a lot more annoyed that they weren’t even honest about it at first, denying that they used traffic-shaping. But the fact that their traffic shaping stops me from using a lot of these services altogether (they say it’s a problem, I’m not sure whether it might be deliberate) is an outrage. Tiscali’s forums have seen reports flooding in from other users being affected and yet this has been ongoing for months.

As if that’s not bad enough, Tiscali “customer service” staff don’t want to know. In fact, Tiscali don’t even want you to contact them, so they make you call a rip-off 0871 number. This would be fine if I needed advice about what to plug in where to get my broadband going, but why should I line their pockets by calling their premium rate number to report a network problem that they have caused?

Pastures New – PlusNet

Anyway, as of Wednesday, I’m out. I’m now with Plus net on a 90-day trial (offer runs until 20/12/07), so we’ll see how that goes. At least they’re honest about their traffic-shaping and say that they limit speeds from P2P software during peak hours. That I can live with, as long as it’s not blocked altogether.

They also have an 01 geographic number so I know I can phone them if I have a problem and not run up a big phone bill doing so. Since it’s a trial, if their traffic-shaping is anything like as broke as Tiscali’s I know I can leave without penalty. My main worry is that their 8GB package won’t be enough since it covers both uploads and downloads during the day (8am to midnight). Hopefully I can get any big downloads I need done overnight (downloads from midnight to 8AM are unlimited – they don’t count towards your allowance) and even if I can’t, I can find out without worrying about being stuck in a 12-month contract thanks to their trial offer.

This probably sounds a bit like an advertorial (I would get a referral bonus if anyone did sign up from my site) but the whole thing all sounds a bit too good to be true, when you factor in that you can get a free Static IP and a user survey by Uswitch.com rated them number 1 on customer satisfaction as well.

I’ve only starting with Plus.net 2 days ago and the speeds don’t seem tremendous (but still better than the 1.5-ish Mb/s I was getting with Tiscali) so I can’t say too much about my own experience yet, but as a company they’re already looking a whole lot better than Tiscali. I’ll post a follow-up after I’ve had a couple of weeks to find out how good they are.

If you decide to sign up, please make sure and tell them you were recommended by “ferson” (no quotes). Cheers.

Microsoft Want to Own You

Installing Microsoft’s Virtual Earth 3D plugin for Firefox (yes, they wrote something that works in Firefox) I was reminded of one more reason why I hate Microsoft.

You’d think with all the anti-competitive suits being filed against them they’d get over this, but apparently not.

Have a look at what’s presented to you when you install the Microsoft Virtual Earth 3D plugin.
Microsoft Want to Own Your PC

Yes, that’s right, when you install Virtual Earth 3D, Microsoft try to take over your home page and default search engine: two completely unrelated services. If they must give us the option then fine, but they have the boxes ticked by default and that is where I believe they cross the line from opportunistic cross-selling to scummy, underhanded manipulation. Not that it’s a big surprise, they do the same thing with their Windows Live Messenger product. This is an even more blatant example of what they’re trying to do here, which is using their strength (and in the case of Messenger, dominance) in one market to try and dominate in another.

If it takes another legal case to sort this out then it should be done, but Microsoft should be fined and forced to pay legal costs. The previous controversy over their bundling of Media Player in Windows obviously hasn’t taught them anything.

“This generation does not want an archive of music” – Vodafone

Vodafone‘s head of internet and content services made this bold, and rather hasty, claim in promotion of MusicStation, Vodafone’s new subscription music service, which offers unlimited music downloads – downloads which all become useless the inst ant

you stop making regular monthly payments to Vodafone.

“This generation does not want an archive of music. We offer unlimited music on a rental model – no-one has done this in the marketplace, and certainly not the iPhone.”
Al Russell, Vodafone’s head of internet and content services

Maybe this blogger, in his early-to-mid-twenties, is too old not part of whatever Mr Russel means by “this generation” any longer, but the last thing I want is to pay over £100 a year (£2 a week) and have nothing to show for it at the end should I decide to change networks. I’ve always avoided subscription-based download services like Napster for exactly this kind of reason (even they now offer Napster Light: a pay-per-download service). I will use it if it’s included free when I happen to take out a Vodafone contract (which I might have to if they’re the only network to get the N95 8GB which I desperately want, just not at £50 a month!), but MusicStation will not be a factor in my decision.

Perhaps Vodafone should take a look at the experience of Bango who manage, among other services, The Sun newspaper’s download service.

Trusted brands are keen not to be tarred with the subscription brush. For example, The Sun newspaper that uses Bango to power the pay per downloads on Sun Mobile, print “No subscriptions – No hidden charges” on its ads to reassure consumers it is not a subscription service. Mobile operators have also expressed a desire to move away from this type of payment as subscriptions are a major cause of consumer dissatisfaction.
Network for Online Commerce – Pay-per-download gaining popularity…

The ‘archive of music’ as Mr Russell describes it, is the modern equivalent of the CD collection. It doesn’t make a difference if you only listen to the CD once in 5 years, you keep it because you can.  It comforts the inner-hoarder in all of us. The long and short of it is, I think, that we do want it.

The push for subscription based downloads has nothing to do with what Vodafone’s (or anyone else’s) consumers want, it’s all about the interests of the big service providers and record labels, and any push towards this should be resisted. It will by this consumer anyway.

BT Marketing People Are Evil

There is a sick practice in marketing in telecoms that is much worse than the misleading speeds issue Ofcom and the ASA have recently been looking at. Let’s face it, anyone who knows what a Megabit actually means is likely to realise the quoted “up to” speed means very little in real terms. No, a much bigger issue with the broadband industry is misleading price claims, which have been a pet peeve of mine for some months now. BT are not the only ones guilty of this, but from what I’ve seen they are the worst offenders – employing similar tactics for other products, like their mobile plan.

BT Broadband Advertising - misleading?Without the slightest hint of shame, BT advertise their unlimited option 3 broadband service is advertised on their site, on a page comparing their three plans, as “From only £18.99 a month”. Normally you expect a catch when you see the words “from only” preceding a price, and that’s fine if you’re adding extras on top of a basic plan, but here, the advertised price is essentially a headline-grabbing lie. Contrast with Virgin Media, who advertise their headline introductory price first, but immediately followed by their regular price (and applicable conditions) given virtually equal prominence.

You see, when you click on “more about option 3” (the ads for other plans or ‘options’ all contain similar lies) you’re taken to a page explaining that it’s really £18.99 for just 6 months of an 18 month contract, then £24.99. Basically, I don’t see why BT (and others) should be allowed to get away with advertising a price of £18.99 for a service that actually costs £22.99 a month over the minimum term and obviously more if, as BT would like, you stay on the plan at the full price once that term has ended. Worse yet, the “order now” link takes you directly to the Option 3 sign-up page without the slightest hint that you’ll be paying over 20% more than you they told you. I wonder would they actually let you complete the registration without informing you?! (I got as far as them asking me for my MAC number).

Continue reading “BT Marketing People Are Evil”

nerd. links – Fix Firefox/Flash CPU Thrashing

I love FireFox, both as a web browser and as a web designer. I love it because it works, I love it for adhering (much better than IE ever will anyway) to web standards and I love it for the handy plugins that you can get.

I hate it though, for thrashing my CPU to 99% whenever I load some pages with flash animations in them. UnitedWebHosting which, as of this date, hosts this site (though probably not for long) is one that’ll do it. Today, I went to ZDnet UK only for a couple of Intel ads to do the same.

It seems like a bit of a joke that a company the size of Adobe (the makers of Flash: they write the plugin, not Mozilla) haven’t managed to resolve this, fairly major, bug. I’m sure they know about it, I mean different people seem to have been talking about since at least January last year.

FlashBlock inserts placeholders for Flash animationsObviously while FireFox is hogging 99% of your CPU there’s only 1% to share among the rest of the programs you have running, so Outlook and the rest didn’t have much of a hope of doing anything at all until I killed the FireFox process in task manager. As this wasn’t the first time this had happened, I decided to go hunting for a solution – which brings me to FlashBlock (hat-tip to The Idiot).

FlashBlock uses JavaScript to replace flash animations in web pages with placeholders (an empty square with a flash logo in the middle). Don’t worry though, clicking this will run the flash animation if you really want to see something (e.g. if you visit YouTube or another site where the primary content is encoded in Flash files). In fact you can even specify a ‘white-list’ of sites in which flash content will run automatically.