Wikipedia:Reference desk/Archives/Computing/2007 September 18

= September 18 =

Ebay fraudster
Hi all, thanks for any helpful suggestions regarding this issue...

I have reason to believe that recent communications about a second offer option for a ebay item to me are actually from a fraudster (after an initial email message which I believed, they sent me obviously fake "official" ebay transaction emails (from a website which was registered *yesterday*) and asked me to send money to them via Western Union. I certainly won't do that (its an ebay payment no-no), but I am a bit concerned that in reply to the initial email, I disclosed my real name, address, email and ebay ID. That's it - none of this is confidential information (except perhaps the relation between the ebay ID and the name/address/email details). I have already taken the precaution of changing my ebay password, and may try to change my ebay ID. What other precautions should I take? (I am hesitant to report this suspected fraudster to ebay as the website domain registration was linked to an address in the same city where I live (and they know my real address)). what do people suggest about precautions I should take? —Preceding unsigned comment added by 207.151.241.109 (talk) 00:23, 18 September 2007 (UTC)
 * Isn't your ebay ID public, and your other information a matter of public record as well? If you didn't disclose your password the situation is the same as before the correspondence.. --⁪frotht 01:44, 18 September 2007 (UTC)
 * Well this is true (except perhaps that the connection between my ebay ID and my email and my name/address is not public. Also while my name and address are not confidential, they did not know these pieces of info but i disclosed them). I have seen identity theft information websites that claim that a dishonest person only needs to have your name and address to get your social security number from online databases or something. Perhaps these websites are a bit over-the-top? I don't know...  —Preceding unsigned comment added by 76.171.0.166 (talk) 02:22, 18 September 2007 (UTC)


 * You need more than a name and address to get your SSN or to do real identity theft, generally speaking. If that wasn't the case they could just use the white pages. --24.147.86.187 13:48, 18 September 2007 (UTC)
 * thanks all.. I have also put a fraud alert on myself to be on the safe side. —Preceding unsigned comment added by 207.151.242.156 (talk) 19:02, 18 September 2007 (UTC)

PHP question
I'm on shared hosting that has both php4 and php5 installed. However, I keep trying to install a file that requires php5 and it keeps erroring on me. Is there any way to force the server to use php5 for this particular file? --MZMcBride 00:50, 18 September 2007 (UTC)


 * The version of PHP used is normally set in the web server's configuration. This is normally Apache (but could be IIS).  If you do not have access to the web server's configuration file, you will not be able to alter the file handler for the web server. --  k a i n a w &trade; 01:09, 18 September 2007 (UTC)


 * You might, on a lark, try naming the file "filename.php5" instead of ".php", to see if Apache will handle it differently, but other than that.... --24.147.86.187 13:46, 18 September 2007 (UTC)

Do computers that are connected to a wireless network need antivirus/firewalls, etc?
I have a computer linked to the internet via a wireless network rather than directly, and I'm not sure if I should download antivirus/firewalls separately for it, or if the ones on my directly-connected computer cover the other computers. Thanks.--Avant Guard 02:52, 18 September 2007 (UTC)
 * No need to block incoming connections if your router does it anyway. Outgoing blocking firewalls, yes. Antivirus yes if you dont trust the code on your machines --⁪frotht 04:08, 18 September 2007 (UTC)
 * I think he's asking if he need a separate firewall and anti-virus for his wireless network when he switched from wired, then I don't think you would need it as they should cover all network adapters connected to the computer. --antilivedT 10:28, 18 September 2007 (UTC)


 * I think he's asking if having protection on a wired PC will magically protect the wireless computers also. The answer is NO.  It will not.  The firewall/anti-virus programs protect the computer on which they are installed.  Because I teach college students, I always use sex as a metaphor.  What you are asking is equivalent to "If Bill wears a condom when he has sex, am I protected when I have sex in the next room?"  As for your "wireless/direct connect" issue - it doesn't matter.  The physical cable has nothing to do with it.  It is the data that travels either by wire or air. --  k a i n a w &trade; 12:29, 18 September 2007 (UTC)

Any list of commercial programs with the equivalent free programs?
Is there such a list anywhere? For example such a list would include MSWord = OpenOffice, Simcity = Lincity, and many more. Thanks. 80.2.204.120 12:33, 18 September 2007 (UTC)


 * Wouldn't a much shorter list be "commercial programs without an equivalent free program"? --  k a i n a w &trade; 12:47, 18 September 2007 (UTC)


 * Uh, sure, but that wouldn't help people find said free programs, which is I presume the goal here. --24.147.86.187 14:28, 18 September 2007 (UTC)


 * Wikipedia has this List of open source software packages, which is by category. Near the bottom is a link to a site which has "Equivalents to proprietary software".  -- LarryMac  | Talk  14:34, 18 September 2007 (UTC)


 * Here's a bit of a list I saw on Digg yesterday. . iames 14:35, 18 September 2007 (UTC)


 * http://www.osalt.com/ is what you are looking for. 145.97.227.192 22:17, 23 September 2007 (UTC)

yahoo mail
how do i get yahoo as my pop3 service?220.225.244.123 13:28, 18 September 2007 (UTC)
 * This question was already answered here: Reference_desk/Computing. --  JSBillings  13:31, 18 September 2007 (UTC)
 * Try options. The UK version has an option - just select it. --h2g2bob (talk) 05:43, 19 September 2007 (UTC)

ASP.NET and Windows authentication
I am developing an ASP.NET application on Microsoft IIS. The application has to authenticate the user with Windows authentication. Is it possible to make a page that asks the user to authenticate, and then displays one content if the user authenticated successfully, and another if he/she did not? I tried all kinds of settings, and always ended up with only two kinds of pages: I want a page that can say both "Hello, user such-and-such" and "You are not authenticated, please click here to log in". Is this possible? J I P | Talk 15:51, 18 September 2007 (UTC)
 * Pages that anyone can view, even without authenticating.
 * Pages that only authenticated users can view, unauthenticated users get an IIS error message.
 * Windows authentication? Like some kind of NTLM-over-IP setup? If this is done with some IIS plugin that handles authentication from login to session registration then I have little idea of how to answer. My school has webmail access to the Exchange server, and it presents a little password popup box like what you get when you use apache's authentication/access control. If this is what you mean, maybe try setting up a custom error message for http error 401 (iis5). If there's no easy option, why not just write the authentication code yourself in ASP? Or is it impossible to interface directly with "windows authentication" without using the prewritten code? I don't know but it seems like there should be a way to interface from your code rather than just calling the whole thing and having it return the session information, or keep track of it transparently (I assume that's how this is working). I don't know, hopefully someone more knowledgeable on IIS can respond. I'll warn you though, if you try to use NTLM based authentication than you'd better be working on the local network only. Last year I was at a school that used a non-gateway proxy for campus internet access, and there was some site that it was extremely difficult to access, since the school proxy blocked outgoing NTLM connections, and the server only accepted secure NTLM-authenticated connections. I can't remember the website or the program that was trying to connect (an old wget maybe?) but NTLM was totally unsupported by the program and the network. It's really a nasty protocol to try to use over the internet, it doesn't work well with inter-network architecture. --⁪frotht 18:42, 18 September 2007 (UTC)
 * Oh wait, now I remember. It was the proxy itself- if you wanted to log into the netware "border guardian" or whatever proxy, then normally you just try to visit a site outside the intranet and it would give you a splash login page, but if you need the request to always work, even if you're not logged in, then you have to embed your user login information in the proxy URI (in your proxy configuration) with the HTTP authentication format

username:password@proxy.whatever.edu
 * Unfortunately (as I found on one of novell's documentation pages) netware only supports ntlm authentication, so (as far as I can tell) it's impossible to just

export http_proxy="username:password@proxy.whatever.edu"
 * and have things automagically work in linux.. since http_proxy apparenly doesn't work with NTLM authentication, you actually have to open a browser that does and ping and apt-get don't work until you do. Unfortunately, being on Ubuntu Server (CLI only) and having no other linux installations at the time from which to export packages, I had no browser. Ended up just FTPing the apt servers (no proxy login needed) and apt-getting Links to log in in the future. But NTLM authentication is still a pain. Sorry for the rant --⁪frotht 19:00, 18 September 2007 (UTC)
 * Yes, this is NTLM authentication, and for an intranet application, not visible outside the company, and inside the same Windows domain. What I want is a page that renders OK both non-authenticated and authenticated, but has some functionality disabled when non-authenticated. I tried the asp:LoginView control, but it turned out useless with NTLM authentication. It's either always non-authenticated or always authenticated, depending on the page's configuration. If I allow both anonymous access and Windows authentication in IIS, pages not requiring authentication are always non-authenticated, and pages requiring it are always authenticated. If I disable anonymous access, then all pages everywhere require Windows authentication. If I disable Windows authentication, then no pages anywhere are authenticated. J I P  | Talk 19:15, 18 September 2007 (UTC)
 * But surely part of your application can be protected and part unprotected right? Just make 2 entirely separate frontends to the same code. Put them in separate directories and protect one. Put the shared code somewhere else and make sure it can't be called directly (put it outside the server root). Would this be possible? --⁪frotht 19:38, 18 September 2007 (UTC)

latest computer scams
Hi, I went on full-albums.net ...lot of pop ups etc.

Is it possible to tell me what kind of scamming/phishing is going on there (if any?) I am a bit out of the loop when it comes to security...how dangerous is it??

you can download a RAR file and they want a password, the password is a website in br...brazil.

sounds scary!

thx —Preceding unsigned comment added by 91.105.120.237 (talk) 15:52, 18 September 2007 (UTC)


 * I'm not sure I follow. If they want you to create a new password for a new account, the only danger there would be if you use the same password as for an existing account you have elsewhere. StuRat 16:36, 18 September 2007 (UTCI

(from OP) sorry it seems to offer "free" albums you see. Cant be legit?
 * Possibly legit, doubtfully legal.. most musical artists don't release their work at no charge. If you mean the password is a website in brazil, then no problem it's just a password string. It's a common practice in warez topsites to password-protect the archive with the name of the topsite. I don't know about music though.. probably the same thing (though I've never heard of a music topsite..) and it's probably just a password. Don't execute any program code within the archive (exe, scr, com, bat, vbs, many others) but if it's just music that's fine. Again don't worry about security if it's just a password ⁪frotht 19:06, 18 September 2007 (UTC)

Defragmentation Research
hello

i am doing a research on Defragmentation programs, i am trying to find on what year was the first defragmentation program made,the name, and for what OS.

thanks. —Preceding unsigned comment added by Bl0ckc0t (talk • contribs) 18:09, 18 September 2007 (UTC)
 * Check out the jargon file.. try to find an old version. It goes back very far.. the earliest one you can find with the "slack" entry could represent a lower bound on the age of the first defrag utility, or at least be around that time. Hackers of old couldn't tolerate waste of any kind, so I'd say they were likely to write a defragger as soon as the phenomenon was discovered --⁪frotht 19:20, 18 September 2007 (UTC)

Antivirus software
Whats a good antivirus program? I'd like one that lets you allow/deny operations. I have Kaspersky on my laptop which doesn't do this and Panda on my computer which also does not let you do this which is very annoying when it says something is harmful when I know its not.--Boatgoodso1 21:45, 18 September 2007 (UTC)
 * Why have "realtime scan" at all? It consumes an unholy amount of your system resources. Just scan any code that you download (AVG can "scan this folder", im sure others can) and it'll afford similar protection without running all the time. Realtime security is supposed to be provided by the operating system, not AV vendors. But if you're running the code the OS trusts you, so just make sure the code you're running is safe by scanning with an antivirus, and don't worry about worms.. they're rare and microsoft tends to patch it eventually so if you're up to date on security updates you should be fine on that front. I don't put much stock in antivirus anyway.. with polymorphic virii and other self-modifying code, it's impossible for viruses to be identified automatically by the software- definitions have to be reverse engineered and coded by hand. I'd rather just know what code I'm running and not gamble with my computer's security --⁪frotht 22:57, 18 September 2007 (UTC)
 * I'll admit, though, that some antiviruses do have protection that extends into browsers and IRC and things.. that ancient IRC virus with the mIRC exec command is blocked by norton even though it's just text. Also it can help with things like this, which was just now patched and has been around since the dawn of quicktime.. (seriously). --⁪frotht 23:05, 18 September 2007 (UTC)

changing cms
how easy is it to change from one content management system to another? i heard they can be tricky to install for inexperienced users but what about getting rid of one and replacing it with another? my sites not hosted with an actual provider so i cant just ask them --Colsmeghead 22:57, 18 September 2007 (UTC)
 * Depends on what you're switching from and to. Some should have an export feature, others an import feature. --⁪frotht 23:06, 18 September 2007 (UTC)

Most content management systems, by their nature, have the content structured in a logical format. So, I'd guess, if you pointed a technical wizard towards the problem it would take them about 4 weeks of work to get the job done. This wild generalisation should be explained further - if i was faced with that problem, i'd earmark at least four weeks of work to deal with it. ;o) Ronnystalker 21:03, 21 September 2007 (UTC)