The hotfix KB972582 and how it fixes the empty dialog you see when opening "Organize Favorites" in Windows Explorer in XP when IE8 is installed

The KB article itself: http://support.microsoft.com/kb/972582

The download link: http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=972582

If you are wonder what does the title "You receive an empty dialog box when you run the "Rundll32.exe shdocvw.dll, DoOrganizeFavDlg" command on a computer that is running Windows XP or Windows Server 2003 if Internet Explorer 8 is installed" have to do with it, DoOrganizeFavDlg is the export called by BROWSEUI when clicking Tools->Organize Favorites. An update to XP SP2 and Server 2003 SP1 shipped with IE7/8 for these OSes (and incorporated into later service packs of course) updated SHDOCVW and some other related DLLs to add a wrapper to some functions that detected the availablity of IEFRAME and jumped to the IEFRAME version if it existed. IEFRAME was introduced in IE7, and it was key to separating Explorer's UI from IE's UI. Unfortunately the original wrapper for DoOrganizeFavDlg incorrectly always jumped to the original SHDOCVW version making it useless (a one-instruction mistake). This hotfix fixes that. However it does not fix the case where you show the Favorites sidebar using the menus in Explorer then you click Organize..., because in this case SHDOCVW itself calls the internal version of DoOrganizeFavDlg bypassing the wrapper. I know all this because I debugged this issue using IDA and WinDbg.

BTW, on "To resolve this problem, install the most recent cumulative security update for Windows Internet Explorer.", what this really mean is that you can solve this problem by installing the latest cumulative security update for IE6 before you install IE8 to get the updated SHDOCVW. It is useless if you already have installed IE7 or IE8.

The history of CSS - part 1

 Back in October 1994, the first draft of  "Cascading HTML Style Sheets" was released. Around the same time, what was then called Mosaic Communication Corp. released Netscape 0.9, with new tags and attributes including CENTER and FONT tags.

In December 1994, Netscape 1.0 was released. By March 1995, Arena and emacs-w3 was supporting the then-drafts of CSS. In April 1995, Netscape 1.1 was released introducing more new elements. By August 1995, Netscape 1.2 was released and Netscape has gained a monopoly in web browsers.  Other browsers (including early MSIE) had to copy the new elements Netscape introduced. And Netscape did not support CSS and had no plans to do so. In fact, Netscape with it's monopoly effectively killed HTML 3.0 which Arena and emacs-w3 also supported, preventing it from becoming a standard and forcing W3C to create HTML 3.2 instead.

A weakness in the key descriptor version 1 used in TKIP mode of WPA/WPA2 (802.11i)

From Section 8.5.2 of the 802.11-2007 standard:

"Key Descriptor Version 1: ARC4 is used to encrypt the Key Data field using the KEK field from the derived PTK. No padding shall be used. The encryption key is generated by concatenating the EAPOL-Key IV field and the KEK. The first 256 octets of the ARC4 key stream shall be discarded following ARC4 stream cipher initialization with the KEK, and encryption begins using the 257th key stream octet."

In theory, this is vulnerable to the attack described in A Practical Attack on the Fixed RC4 in the WEP Mode. Also New Form of Permutation Bias and Secret Key Leakage in Keystream Bytes of RC4 has more biases in the 256th and 257th keystream bytes. Note however that in order to get 50000 keystreams, 50000 group key handshakes using the same KEK must be captured, and these happen less often than the actual data encryption.

Artificial Scarcity - Bibliography

• http://en.wikipedia.org/wiki/Open_Letter_to_Hobbyists
• http://en.wikipedia.org/wiki/Audio_Home_Recording_Act
• http://en.wikipedia.org/wiki/Digital_Audio_Tape
• http://en.wikipedia.org/wiki/Altair_8800
• http://en.wikipedia.org/wiki/Richard_Stallman
• http://www.gnu.org/gnu/thegnuproject.html
• http://oreilly.com/openbook/freedom/index.html
• http://en.wikipedia.org/wiki/Sony_BMG_CD_copy_protection_scandal
• http://blogs.technet.com/b/markrussinovich/archive/2005/10/31/sony-rootkits-and-digital-rights-management-gone-too-far.aspx
• http://arstechnica.com/microsoft/news/2008/04/drm-sucks-redux-microsoft-to-nuke-msn-music-drm-keys.ars
• http://arstechnica.com/old/content/2008/07/drm-still-sucks-yahoo-music-going-dark-taking-keys-with-it.ars
• http://en.wikipedia.org/wiki/Media_Key_Block
• http://www.cs.cmu.edu/~dst/DeCSS/FrankStevenson/analysis.html
• http://digital-law-online.info/lpdi1.0/treatise17.html
• http://arstechnica.com/tech-policy/news/2010/04/acta-is-here.ars
• http://en.wikipedia.org/wiki/Digital_Millennium_Copyright_Act
• http://www.wipo.int/treaties/en/ip/wct/trtdocs_wo033.html
• http://lwn.net/Articles/227642/
• http://kotaku.com/5016515/a-history-of-copy-protection
• http://www.eff.org/deeplinks/2010/06/judge-orders-user-friendly-notices-does-targeted
  

Artificial Scarcity - Intellectual Property

Intellectual property is a term often used for a category of law used to create artificial scarcity, such as copyright, patent, or trademark laws. To understand the term, you must understand that real property is fundamentally scarce by it's nature. Intellectual property laws are laws that create artificial scarcity out of copyable goods or ideas by making copying by anyone other than the owner illegal, thus making them more like real property, hence why it is called "intellectual" property. A derogatory term for this is "intellectual monopoly", so-called because it grants a monopoly on copying. One problems with this term is overgeneralization as mentioned by the FSF.

Artificial Scarcity - DRM

Digital Rights Management (DRM) systems is a category of systems which seeks to impose restrictions on the use of digital content, often to enforce artificial scarcity. Thus the FSF calls it "Digital Restrictions Management". Some of the general problems with DRM are:

Dependence on servers

Many DRM systems depends on central servers, which can be a bottleneck, for example if it goes down, like what was about to happen to MSN Music and Yahoo Music servers back in 2008.

Central control

Many DRM systems allow central control of content, like what happened in mid-2009 when copies of Animal Farm and 1984 was taken away from Amazon Kindle customers this way.

Trusted client problem

Most DRM systems have the trusted client problem, which is fundamental as any digital bits are easily copiable and relies on the client to enforce the restrictions. The only way to solve the problem would be to use something like Trusted Computing.

Fair use rights

DRM is often used unintentionally or intentionally to take away fair use rights and sometimes sell them back, assisted by anti-circumvention provisions in laws like the DMCA that applies regardless of things like fair use rights.

Artificial Scarcity - E-Books

Back in the olden days of books, books was not easy to copy. Before the invention of the printing press, books had to be copied by hand. With the invention of the printing press, mass production of books can begin. However because they were so big and expensive, only companies could afford printing presses needed to easily copy books, not the average person. This made copyright on books relatively easy to enforce. In fact, copyright was originally intended to prevent other publishers reprinting work without permission of the original publisher.

This changed with the introduction of e-books, which like any other digital bits, are easily copyable, threatening scarcity-based business models. The e-book device vendors, as with other industries affected by this, responded by creating DRM schemes. One of the features of many of them is that they allowed remote control that is not possible with real property. For example, back in mid-2009, the copies of the "Animal Farm" and "1984" e-books Amazon Kindle customers bought disappeared this way. The FSF has critised the Kindle, calling it the "Swindle", for it's DRM scheme.