We’ve been using the brilliant ZipGenius for some time now on our old Windows XP machines.  It’s worked flawlessly for years, so now we’re rolling out Windows 7 x64 across the company, we naturally decided make ZipGenius part of our default installation.

We instantly hit a snag!  The software installed fine using the domain administrator account, however when logging in as a domain user, the following error appears and the program hangs

c:usersadministratorappdataroamingzipgeniustbskin” – Native error:00020 file processing error disk is possibly full

You then have to kill the process using Task Manager.

Well, I’m happy to report the following fix!

Open Regedit and browse to

HKEY_LOCAL_MACHINESOFTWAREWow6432NodeM.Dev SoftwareZG5

Look for the string called IniPath, you’ll see it’s populated with a hard link, rather than a relative one :

e.g. C:UsersadministratorAppDataRoamingZipGeniuszipgenius.ini

You can fix the problem by using %appdata% in the string to make it work for every user who logs in :

e.g. %appdata%RoamingZipGeniuszipgenius.ini

Over the last couple of weeks, some users of DoubleClick may noticed server outages and massive spikes in server connections.  The connections were apparently referrals from DoubleClick banner adds, but coming in such massive waves that they caused the target servers to overload and stop serving pages. The flood of connections peaked between 6000 and 10000 connections in a 15 second sample.   In terms of website security, we call this a Denial Of Service (DOS) attack and would only ever expect to see it from a malicious source, such as a hacker or botnet.

Google don’t seem to have publicised this amazing blunder, although they have issued this statement to marketing campaigners who reported the issue :

Recently Google was notified of a problem being experienced by a small number of advertisers who were seeing large volumes of server requests from activity on the Google platform.  Following an investigation Google identified the problem and resolved the cause of the issue.  The problem related to ads being delivered across the platform that triggered a server request at the same time as the ad impression was delivered.

This issue was unforeseen, Google is sorry that the select client sites experienced problems with the volume of server requests.

Such heart warming remorse from the company comes only weeks after Chinese hackers launched attacks against Google’s systems and penetrated their security.  In those attacks, servers and accounts were compromised resulting in trojan horses and viral code being uploaded to Google’s systems.

In Google’s brief explanation of DoubleClick’s recent strange behaviour, they have not confirmed if the events are in any way linked and if DoubleClick’s servers have also been compromised.

http://www.w3counter.com/globalstats.php

The highlights :

Operating Systems

• At 60.55%, Windows XP is still three nearly 3 times more popular than Vista
• OSX sits at 7.11%
• Windows 7 is about to overtake Linux, and it’s not even out to retail yet
• iPhone OSX sits between the deceased Windows 98 and server based Windows Server 2003.  (I find it interesting that Server 2003 racks up a higher percentage than iPhone as by default it blocks trackers and cookies, also being a server OS, it typically isn’t used for web surfing)

Browsers

• IE 7 dominates, with Firefox 3 lagging 6% behind
• IE 8 is close on the heels of Firefox 3
• The aging IE 6 is still hanging in there with 14% of the share
• Buggy Firefox 3.5 is down in 5th place
• Slow on the uptake, Chrome is way down in 7th place with a measly 3.23% of the share

Screen Resolutions

• 1024×768 is still top dog
• VERY closely followed by 1280×800, which is a wide screen resolution, typically not found on new monitors having been superseded by :
• 1440×900 (as used by our office Dell desktops) which is in 4th with 8.68%, that’s a bigger share than the total OSX users – this will eventually overtake 1280×800 as the standard wide desktop resolution.

Summary
IE6 has double the market share of OSX as a whole.  So let’s stop banging on about ditching IE6 and get rid of OSX instead.

This seems to be linked to the “Web Developer” add-on for Firefox, if you uninstall the add-on, the problem goes away. We have tested this with Web Developer 1.1.6 in FireFox 3.0.9. Other versions may not have this problem.

UPDATE :  I received an e-mail from the author of Web Developer : Chris Pederick.  It seems that although we found that removing the Web Developer add-on solved the issue, the fault actually lies with the HTML Validator add-on.    You will all be glad to know that an update for HTML Validator was pushed out this morning : Version 0.8.5.2.

HTML Validator Update 0.8.5.2

This is a statement from the author

- Previous versions hit a bug of FIREFOX 3.0.9 in DOM API ! The real solution is Firefox 3.0.10 but it will not be available before 1 month.  Practically, you do view source in Firefox 3.0.9 then crash ! Some lines of code that were working since Firefox 1.0 are now crashing Firefox… Due to this, I have to release very fast 0.856 to work-around the Firefox 3.0.9 bug So, the highlight of the lines with HTML errors is now disabled ! Unhapilly, I had no better solution.

E-mail harvesting and website hacks are the main ways for spammers to get to you. For example, a plain text e-mail address on a webpage can be harvested by e-mail “bots” then added to mailing lists and sold to the highest bidder.

To stop this, developers quickly adopted the use of graphical representations of the letters, displayed using a static JPEG or GIF image. But the bot programmers began to use Optical Character Recognition (OCR) to read that address just like the human eye.

In response, developers got smart and started to use contact forms. That was a good idea, only humans can fill in a web form, right? Wrong! It didn’t take long for the bots to get smarter. E-mail bots can now fill in those contact forms themselves.

Give us this day our daily spam.

So, what’s wrong with that? If you get spammed with your website form, you just delete when the spam hits your mailbox? That will work for maybe 1 or 2 spams a day, but what about 20? 200? Once your contact form is found by the bots, then you will start getting hit with more offers for fake Rolex watches and Viagra than you can deal with.

What is worse, this will impact on your e-mail server. If your e-mail server is a shared server from your ISP, you could find yourself in breach of their terms of service, and have your site shut down. Worse still, often those forms will be filled in using already harvested addresses, meaning any automated replies could be sent to innocent victims using YOUR mail server, from YOUR e-mail address. This could result in you and even your ISP being blacklisted which may again find you in breach of contact. In the worst case, compensation may be sought by your ISP or third parties as a result of system downtime, loss of revenue and time for remedial work.

So what can be done? How can you tell the bots from real people?

It’s actually relatively easy to spot a robot. The Turing Test has been around for a while, and so far no one has made a computer which can fool a human into thinking they’re real. What is needed then is a reverse Turing Test which challenges anyone using the form, with a question only a human could possibly answer. You will be glad to know that there are many different kinds of test which have been developed and are collectively referred to as CAPTCHA: “Completely Automated Public Turing test to tell Computers and Humans Apart”

You may already have used a CAPTCHA, they typically take the form of a graphical rendering of a word. The user must type the word in response thus passing the test. Early versions were easily broken using the same OCR methods as with e-mail harvesting, but the test have quickly been made harder by deforming the words, and adding extra graphics to make the words hard for the OCR to decode.

CAPTCHA done the right way. Care of reCAPTCHA

As a result, some CAPTCHA systems are very hard to read and have serious usability and accessibility issues, but systems such as re-CAPTCHA give very useable results and have audio versions of the code for increased accessibility.

Many ISPs are now making it mandatory for CAPTCHA systems to be installed on any web form they host, and with the risks discussed above, it’s clear why this is the case. No ISP wants to be blacklisted, accused of spamming and they certainly don’t want the performance of their servers compromised either.

This is why CAPTCHA systems are here to stay and anyone not taking on the new technology will be left behind … Still clearing their inbox probably.