Oracle (and Java) delenda est

In case you haven’t seen, there’s a terrible unpatched vulnerability in Java right now that baddies are using to install randomware on PCs. Then, this morning, I saw that Oracle has known about this vulnerability since August, and hasn’t bothered to fix it properly yet. That should be criminal negligence, but the rules are different for billionaires.

Of course, I’ve been saying for ages that we’d all be better off if we just uninstalled Java completely, but I know very few people who’ve done it, out of fear they’ll break something. (Those same people often refuse to patch Java, out of the same fear.) I was trying to figure out why anyone would want to run Java these days anyway, and then I saw this quote, via David Huff:

“Given a choice between dancing pigs and security, users will pick dancing pigs every time.”  –Edward Felten and Gary McGraw

That explains everything. Java is exceptionally good at making animated dancing pigs.

All of the major sites are recommending that you disable Java in your web browser. I continue to recommend just uninstalling it entirely, since Oracle is more interested in dancing pigs than in security.

Things to look for in a flatbed scanner

David Huff asked today about scanners, and I started to reply as a comment but decided it was too long-winded and ought to be a separate discussion.

So, how does one cut through the hype and get a really good scanner for not a lot of money?The short answer to David’s question is that I like the Canon Canoscan LIDE series. Both my mom and my girlfriend have the LIDE 80 and have been happy with it.

For the long answer to the question, let’s step through several things that I look for when choosing a scanner.

Manufacurer. There are lots of makers of cheap and cheerful scanners out there. Chances are there are some cheap and nasty ones too. Today’s cheap and nasty scanners will be a lot better than 1995’s crop of cheap and nasties, since the PC parallel port was a huge source of incompatibilities, but I want a scanner from a company with some experience making scanners and with good chances of still being around in five years.

Driver support. Much is made of this issue. But past track record isn’t much of an indicator of future results. HP and Umax infamously began charging for updated drivers, for example. But at least I could get a driver from HP or Umax, even if it costs money. My Acer scanner is forever tethered to a Windows 98 box because I can’t get a working driver for Windows 2000 or XP for it.

Umax used to have a stellar track record for providing scanner drivers, which was why I started buying and recommending them several years ago. I don’t know what their current policy is but I know some people have sworn them off because they have charged for drivers, at least for some scanners, in the recent past. But you can get newer drivers, in many cases, from Umax UK.

But that’s why I like to stick with someone like Canon, HP, Umax, or Epson, who’ve been making scanners for several years and are likely to continue doing so. Even if I have to pay for a driver, I’d rather pay for one than not be able to get one. Keep in mind that you’ll be running Windows XP until at least 2006 anyway.

Optical resolution. Resolution is overrated, like megahertz. It’s what everyone plays up. It’s also a source of confusion. Sometimes manufacturers play up interpolated resolution or somesuch nonsense. This is where the scanner fakes it. It’s nice to have, but there are better ways to artificially increase resolution if that’s what you’re seeking.

Look for hardware or optical resolution. Ignore interpolated resolution.

Back to that overrated comment… Few of us need more than 1200dpi optical resolution. For one thing, not so long ago, nobody had enough memory to hold a decent-sized 4800dpi image in memory in order to edit it. If you’re scanning images to put them on the Web, remember, computer screen resolution ranges from 75 to 96dpi, generally speaking. Anything more than that just slows download speed. For printing, higher resolution is useful, but there’s little to no point in your scanner having a higher resolution than your printer.

I just did a search, and while I was able to find inkjet printers with a horizontal resolution of up to 5760dpi, I found exactly one printer with a vertical resolution of 2400dpi. The overwhelming majority were 1200dpi max, going up and down.

Your inkjet printer and your glossy magazines use different measurements for printing, but a true 1200dpi is going to be comparable to National Geographic quality. If your photography isn’t up to National Geographic standards, megaresolution isn’t going to help it.

Bit depth. If resolution is the most overrated factor, bit depth is the most underrated. Generally speaking, the better the bit depth, the more accurate the color recognition. While even 24 bits gives more colors than the human eye can distinguish, there is a noticeable difference in accuracy between scans done on a 24-bit scanner and scans from a 36-bit scanner.

If you have to choose between resolution and bit depth, go for bit depth every time. Even if you intend to print magazines out of your spare bedroom or basement. After all, if the color on the photograph is off, nobody is going to pay any attention to how clear it is.

Size and weight. Some flatbed scanners are smaller and lighter than a laptop. If they can draw their power from the USB port, so much the better. You might not plan to take one with you, but it’s funny how unplanned things seem to happen.

This unusual case wants to house your next PC

The Lope I-Tee computer case is, well, shaped like a T.
When David Huff e-mailed me about it, he called it interesting. I’ll certainly agree with that.

Here’s the idea: You mount the motherboard up against the back plane of the case and put the drives and the power supply up front, yielding a case that’s not as deep as a conventional case and cools better. Allegedly.

I hesitate to write about it because I haven’t worked with one, I haven’t tested one, and I haven’t even seen one. Hmm. I really don’t know anything about it but of course I have an opinion about it. I feel so Slashdotty.

One big advantage of a layout like this is that all the ports are on the side where you can see them and get to them easily. The biggest disadvantage of a layout like this is that all the ports are on the side where you can see them, and depending on the way your desk is set up, they might be on the wrong side.

USB peripherals and front-mount USB ports are the usual cure for fumbling around the back–you can plug your digital camera or other things that move around a lot up there–but plugging your other peripherals in the back hides the cables and prevents things from getting too unsightly. Let’s face it, plugs and cables don’t fit traditional, conventional ideas of a thing of beauty.

On the plus side, cases that disassemble easily are always nice, as are cases that take up less space. But a couple of minutes with my ruler and my ATX cases shows this case isn’t any less deep than most of my mainstream cases, and due to its shape, it is considerably wider. I’d love something that genuinely took up less space on or under my desk, but this case won’t be it.

This case won’t flop on the marketplace though. They claim it improves cooling. Whether that’s true or not doesn’t matter. People buy aluminum cases because they supposedly conduct heat better. The reality is the difference in heat conductivity between expensive aluminum cases and cheap steel cases is nearly zero, and what difference you can measure is more likely due to aiflow than its material. Enthusiast overclockers still buy them anyway, hoping to get an extra 5 MHz out of their overclock. The same kind of people who buy aluminum cases for overclocking will go for the I-Tee, especially if the I-Tee’s cost is close to that of a mainstream case.

I can’t make any recommendations for or against it, based on not seeing it. But I’m willing to go out on a limb and say this–or a design like it–will survive at least as a niche product.

Cheap laptops from Sotec

David Huff e-mailed me this morning about a Sotec 3120X laptop that sells at Office Depot, Wal-Mart, Sam’s, Bestbuy.com, and possibly other places, for around $900 and asked if I knew anything about it.
It would appear not many people do. I found a handful of discussions on Usenet, including a couple of people who claim to have bought one. They described it as quiet, cool-running, and fast. One user said it was faster than his Dell 1.4 GHz P4 at work. (Which I don’t doubt, because the P4 is a horribly inefficient chip–the Tualatin-based Celeron is the better processor, and with its 100 MHz FSB and 256K onboard cache, it’s very nearly a P3. Its specs aren’t far off from the last P3s, the chip Intel didn’t want to sell because it made the P4 look so bad.)

One user complained about the keyboard. The itty-bitty spacebar would drive me nuts. But the only laptop keyboards I’ve ever used and halfway liked were Thinkpads. You definitely pay for the privelige–the keyboards had better be good, considering the price.

Back to the Sotec. One user reported it’s less than an inch and a half thick. It has a mobile Celeron 1.2 GHz, a SiS 630T chipset (with integrated video), a 20 GB HD, 256 MB of SDRAM, 12.1″ LCD screen, LAN and modem built in, a combo DVD/CD-RW drive, and a PCMCIA slot for expansion. It weighs 4.4 pounds, and its lithium ion battery specifies a life expectancy of about 2.5 hours. It runs Windows XP Home.

What it doesn’t have: serial or parallel ports, floppy drive, or PS/2 ports. Definitely legacy-free here. Depending on your intentions, that may or may not matter to you. (I find myself dealing with floppies a lot more often than I’d like, but part of that is because of my job.) No Firewire either, so this isn’t an instant portable video-editing machine. One user reports its memory maxes out at 384 megs. Apparently there’s 128 megs non-replaceable, and another 128-meg stick you can replace with a 256 to get to 384.

So what about Sotec? A Usenet suggests they’re not a newcomer. A post from 1995 asked for parts for a 386sx notebook manufactured by the company. There are suggestions that Sotec has made notebooks for Gateway, Dell, and Winbook in the past.

The price is definitely right, and the feature set is definitely right. It’s not a performance laptop, but most people don’t need performance laptops. It’ll read e-mail and run a word processor and presentation graphics and browse the Web just fine.

Is it a risk? Absolutely. Any laptop is. But having all the stuff integrated minimizes compatibility concerns. One of my biggest gripes about laptops has always been getting them onto networks. Usually it’s easy. When it’s not, you can just about forget it. Or you can count on networking breaking something else.

That leaves reliability. The part that most often fails is the hard drive. That’s luck of the draw. I’ve seen a lot more dead Hitachi laptop drives than IBMs. Some of my readers agree with me. At least one tells me he sees lots of dead IBMs and never sees a dead Hitachi. But I know you can’t count on getting an IBM laptop drive even in an IBM Thinkpad–occasionally those ship with Hitachi drives.

All I can say is, keep a backup of any important data you’ll keep on this or any laptop. And be ready to buy a replacement hard drive in a year or two. At least they’re not terribly expensive.

Can I recommend it? Not without seeing it and spending some time with it. From looking at the picture, I think they tried to cram way too many keys into too small of a space and they’d have been much better off without some of them.

But the price is definitely right. It’s powerful enough to be useful until it dies. With 1.2 GHz of CPU muscle and 256 megs of RAM, it’ll always run Windows XP well, and if some future version of Windows manages to outgrow it, there’ll always be a Linux that’ll run very nicely on it. It’ll give much better battery life than a P4, and it’ll outrun any low-end P4 as well. (P4-based laptops aren’t a good buy right now.)

And it’s small and light, which I know matters a lot to some people. (I’m old enough to have serviced one of the old Compaq luggables. I never had to carry one with me, but since I know and remember those, I have a hard time listening to anyone complain about the size and weight of any modern laptop.) Don’t buy one sight unseen. But don’t write it off sight unseen either.

Linux reliability

Linux reliability. Steve Mahaffey brought up a good point yesterday, while I was off on a consulting gig, where I learned one of the secrets of the universe–but since it’ll bore a lot of people to tears, I’ll save that for the end.
I’ve found that text-based apps and servers in Linux are extremely reliable. As David Huff’s tagline reads, “Linux: Because reboots are for upgrades.” If you’re running a server, that’s pretty much true. Unless you have to upgrade the kernel or install hardware that requires you to open the case, you can go for months or years without upgrading it.

The problem with Linux workstations is that up until very recently, the GUI apps people want to run the most have been in beta. The developers made no bones about their quality, but companies like Red Hat and Mandrake and SuSE have been shipping development versions of these apps anyway. On one hand, I don’t blame them. People want programs that will do what they’re used to doing in Windows. They want word processors that look like Word and mail clients that look like Outlook, and if they’re good enough–that is, they don’t crash much more than their Windows equivalents and they provide nearly as much functionality, or, in some cases, one or two things MS didn’t think of–they’ll put up with it. Because, let’s face it, for 50 bucks (or for nothing if you just download it off the ‘net) you’re getting something that’s capable of doing the job of Microsoft packages that would set you back at least $1,000. Even if you just use it for e-mail and Web access, you come out ahead.

The bigger bone I have to pick with Red Hat and Mandrake and, to some extent, even SuSE is where they put experimental code. I don’t mind experimental desktop apps–I’ve been running Galeon since around version 0.8 or so. But when you start using bleeding-edge versions of really low-level stuff like the C compiler and system libraries just to try to eke out some more performance, that really bothers me. There are better ways to improve performance than using experimental compilers. Not turning on every possible daemon (server) is a good start.

Compile beta-quality apps with a compiler that’s beta quality itself, and throw in every other bleeding-edge feature you can think of, and you’ll end up with a system that has the potential to rival Windows’ instability. Absolutely.

That’s one reason I like Debian. Debian releases seem to take as long as the Linux kernel does, and that’s frustrating, but reassuring. You can install the current stable Debian package, then add one or more of the more desirable apps from either the testing or unstable tree (despite the name, Debian unstable’s stability seems comparable to Mandrake) and have the best of all worlds. And when a .01 release of something comes out (which it always seems to do, and quickly) it’s two commands to upgrade to it.

It’ll be interesting to see how Lycoris (formerly Redmond Linux) pans out. Lycoris appears to take a more conservative approach, at least with the number of apps they install. If that conservatism extends to the versions of those packages they install, it’ll go a long way towards extending server Linux’s reliability to the desktop.

Debian is intimidating. I find it less intimidating than Slackware, but it does zero handholding during installation. So generally I recommend someone start with SuSE or Mandrake or Red Hat, get comfortable with how things are laid out, and get familiar with PC hardware if not already, and then, once feeling brave, tackle Debian. Debian is hard to install, but its quality is pristine and it’s exceptionally easy to maintain. Debian developers try to justify the difficulty of installing it by saying no one ever has to install it twice on the same PC, and they’re right about the second part. Eventually I expect they’ll take the installer from another distro that’s based on Debian to make it easier, but it won’t be in Debian 3.0 and it may not make it into 3.1 either.

The secret of consulting. My employer sent me off on a consulting gig yesterday. The main reason for it, I suspect, is because of my training as a journalist. It means I can ask questions, keep track of the answers, and make a PowerPoint presentation that looks decent.

Consultants get a bad rap because they’re notorious for not knowing anything. You pay lots of money to have someone who knows nothing about you and potentially nothing about your problem come in and ask questions, then come back later and give you a dog-and-pony show featuring sugar-coated versions of your answers and little else.

I won’t say who my client is, nor will I say who my employer is. What I will say is that my partner in this endeavor knows a whole lot more about the subject matter than I do. I’ll also say that the two of us are good researchers and can learn very quickly. Our regular job titles attest to that. We both have liberal arts degrees but we primarily work as systems administrators. We didn’t learn this stuff in school.

Up until Monday, I knew nothing about our client. Absolutely nothing. Up until yesterday afternoon, I knew nothing meaningful about the client. I knew its name and what its logo looked like, the name of one person who worked there, and I had a vague notion what they wanted to know.

I think that was an advantage. We both asked a lot of questions. I wrote down the answers quickly, along with whatever other information I could gleen. We left three hours later. I had six pages of typewritten notes and enough documents from them to fill a standard manilla file folder. We knew what they didn’t want, and we knew they were willing to throw money at the problem.

There’s such thing as knowing too much. One of the solutions they’re considering is overkill. The other is underkill. The difference in price between them is about 3 times our consulting fee. It took me another hour’s worth of research to find something that will give them the bare minimum of what they need for about $500 worth of additional equipment on top of the low-ball figure. When you’re talking the high-ball figure costing in excess of $40,000, that’s nothing. I found another approach that basically combines the two that will double the cost of the low-ball figure, but still save them enough to more than justify our fee.

I don’t know their internal politics or their priorities on the nice-to-have features. My job isn’t to tell them what to buy. Nor is it my job to give them my opinion on what they should buy. My job is to give them their options, based on the bare, basic facts. Whatever they buy, my feelings won’t be hurt, and there’s every possibility I’ll never see them again. They’ll make a better-informed decision than they would have if they’d never met me, and that’s the important thing to all involved.

I never thought I’d be able to justify a role as a high-priced expert on nothing relevant. But in this case at least, being an expert on absolutely nothing relevant is probably the best thing I could have brought to the table.

And since we haven’t done a whole lot of this kind of consulting before, I’ll get to establish some precedents and blaze a trail for future projects. That’s cool.

That other thing. There’s a lot of talk about the current scandal in Roman Catholicism. It’s not a new scandal; it’s been a dirty little — and not very well-kept — secret for years. There’s more to the issue than we’re reading in the papers. I’ll talk about that tomorrow. I come neither to defend nor condemn the Roman Catholic church. Its problems aren’t unique to Catholicism and they’re not unique to the Christianity either. Just ask my former Scoutmaster, whose filthy deeds earned him some hefty jail time a decade and a half ago.

Stay tuned.

Linkfest.

I felt downright awful yesterday, but it’s my own fault. I remember now why I don’t take vitamins with breakfast. Very bad things happen.
So I’m whupped, and I’m not going to post anything original today. Just some stuff I’ve found lately and haven’t gotten around to posting anywhere.

But first, something to keep in the back of your mind: If The Good News Players, a drama troupe from the Concordia University system, is ever visiting a Lutheran church near you, be sure to go check it out. They are amazing. I put myself together enough to catch them at my church last night and I didn’t regret it in the least. They tell Bible stories in the form of mini-musicals; they’re easy to understand, professional, and just plain funny.

Linux OCR. This is huge. It’s not quite production-quality yet, but then again, neither is the cheap OCR software shipped with most cheap scanners. Check it out at claraocr.org.

It would seem to me that this is the missing link for a lot of small offices to dump Windows. Linux has always been a good network OS, providing fileshares, mail and Web services. Put Zope on your Web server and you can update your company’s site without needing anything like FrontPage. WordPerfect for Linux is available, and secretaries generally love WordPerfect, as do lawyers. ClaraOCR provides an OCR package. SANE enables a large number of scanners. GIMP is available for graphics work. And we’re close to getting a good e-mail client. And the whole shebang costs less than Windows Me.

Linux VMs, without VMware. This is just plain cool. If, for security reasons, you want one service per server, but you don’t have the budget or space for 47 servers in your server room, you can use the User-Mode Linux kernel. (The load on most Linux servers is awfully light anyway, assuming recent hardware.) This Linux Magazine article describes the process. I could see this being killer for firewalls. On one machine, create several firewalls, each using a slightly different distribution and ruleset, and route them around. “Screw you, l337 h4x0r5! You are in a maze of twisty passages, all alike!”

And a tip. I find things by typing dir /s [whatever I’m looking for] from a DOS prompt. I’m old-fashioned that way. There’s no equivalent syntax for Unix’s ls command. But Unix provides find. Here’s how you use it:

find [subdirectory] -name [filename]

So if I log in as root and my Web browser goes nuts and saves a file somewhere it shouldn’t have and I can’t find it, I can use:

find / -name obnoxious_iso_image_I’d_rather_not_download_again.iso

Or if I put a file somewhere in my Web hierarchy and lose it:

find /var/www -name dave.jpg

Windows XP activation cracked. Here’s good news, courtesy of David Huff:

Seems that the staff of Germany’s Tecchannel has demonstrated that WinXP’s
product activation scheme is full of (gaping) holes:

WinXP product activation cracked: totally, horribly, fatally and
Windows Product Activation compromised (English version)

We can’t give hackers anything else to work with

Thanks to David Huff for pointing this link out to me (the good Dr. Keyboard also passed it along). Steve Gibson was hacked last month, and he wasn’t very happy about it. So he set out to learn everything he could about l337 h4x0rs (elite hacker wannabes–script kiddies). What he found out bothers me a lot.
Kids these days. Let me tell you…

In my day, 13-year-old truants (those who had computers and modems) used their modems to dial 800 numbers over and over again long into the night, looking for internal-use-only numbers. Armed with a list, they then dialed every possible keycode combination looking for PINs. Then they’d use that information to call long-distance on the telco’s dime. They’d call BBSs, where they’d swap the previous night’s findings for more codez, cardz (credit card numbers), warez (pirated software), or porn.

I never did those things but I knew a lot of people who did. They’d drop off the face of the earth on a moment’s notice, and rumors would go around about FBI busts, computer equipment being confiscated, kids being hauled off to juvenile detention center… And some of them never came back. Some of them cleaned up. Others, who knows? I heard a rumor about one of them running away to Las Vegas after he got out. And some just got hold of their old contacts and went right back to business. One of my friends cleaned up–the huge phone bill he got was enough of a reality check that he stopped. Whether it was a moral reason or just fear of getting caught again, I don’t know. I knew another who got busted repeatedly, and he’d call me up and brag about how his line was tapped, throwing in the occasional snide remark to whoever else might have been listening. I remember our last conversation. He sent me some code (all of the guys I knew were at least semi-competent 6502 assembly language programmers) and we talked music. I’d been fascinated by that subculture, though I never did anything myself–I just talked to these guys (partly out of fear of getting caught, partly because I did want to have some semblence of a life, partly because I didn’t want to kiss up to a bunch of losers until I’d managed to prove I was elite enough), but at that point I was 16, I’d published once, and I realized as the conversation ended that my fascination with it was ending also. It was 1991. The scene was dying. No, it was dead and pathetic. These “elites” had become the butt of jokes–they were risking arrest so they could call Finland for free and pirate Grover’s Magic Numbers, for Pete’s sake! I guess I was growing up. And I never talked to him again. (I don’t even remember this guy’s real first name anymore–only his handle.)

I guess if I’m going to be totally honest, the only thing that’s really changed are the stakes. I want to say my generation wasn’t that bad… But I don’t know.

Essentially, some guy going by “Wicked” had zombies running on 474 Windows PCs. Some of “Wicked’s” buddies took issue with Gibson talking about script kiddies–they thought he was talking about them–so they told “Wicked” to take him down. And he did. And he bragged about it.


"we will just keep comin at you, u cant stop us 'script kiddies' because we are
better than you, plain and simple."

Now, when someone annoys me, I find out what I can about the guy. At 26, I do it to try to get some understanding. At 13 I didn’t necessarily have that motivation, but I did at least have some basic respect. And anyone claiming to be better than Steve Gibson… Gimme a break! That’s like walking up to Michael Jordan and saying you’re better on the basketball court, or walking up to Mark McGwire and saying you can hit a baseball further, or walking up to Colin Powell and telling him you can beat him in a war. And anyone who’s ever written a line of assembly language code and read any of Steve Gibson’s stuff knows it. And it’s not like the guy’s exactly living in obscurity.

Well, Gibson was diplomatic with this punk. And his reasoning and his respect softened him. He called the attacks off. Then they suddenly started again, and Gibson got this message:


is there another way i can reach you that is secure, (i just ddosed you, i aint stupid, im betting first chance ud tracert me and call fbi) you seem like an interesting person to talk to

Say what? You want to talk to someone, so you blow away every other line of communication and ask if you can talk? Now I can just picture this punk once he gets up the nerve to go talk to a girl. He knocks on the door, and the first words out of his mouth are, “I just tesla coiled your phone line so you couldn’t call the cops, but…” Then he’d toss some Kmart pickup line every girl’s heard a million times her way, and hopefully she’d smack him and run to the neighbors’ and call the cops.

For some reason people get hacked off when you do something malicious to them.

Well, Gibson reverse-engineered some Windows zombies and followed them into a l33t IRC channel where he had another interesting conversation. I won’t spoil the rest of it.

Now, I admit when I was 13, I was a mess. I was insecure, and I had trouble adjusting. My voice was cracking, my skin was oily, and I was clumsy and gawky. And I didn’t like anyone I knew when I was 13, because I was the class punching bag. Part of it was probably because I was an outsider. This was a small town, and I wasn’t born there, which was a strike against me. If you got all your schooling there you were still OK. I came in the third grade, so strike two. And I didn’t want to be a hick, so strike three. I liked computers, and in 1987 that was anything but cool, especially in a small town. And everyone thought I was gay, because I didn’t hit on girls and I didn’t have a huge porn collection–and there aren’t many worse things to be in southern Missouri, because it’s still a really bigoted place (and since girls made me stammer, it’s not like I could have proven I was straight anyway). And I had goals in life besides getting the two or three prettiest girls in the class in bed. (Yes, this was 7th grade.) So I guess I was oh-for-two with two big strikeouts. And since I was five feet tall and about 90 pounds, if that (I’m 5’9″, 140 now, and I was scrawnier then than I am now) I couldn’t exactly defend myself either. So I was an easy target with nothing to like about me.

I guess “Wicked” sees Steve Gibson as a five-foot, 90-pound outsider with a really big mouth, so he’s gonna go pick on him. Then he’s gonna go hit on the 13-year-old girl who looks 18, and he thinks taking down grc.com is going to make her swoon and tell him to take her to bed and lose her forever. But since she has a life, she doesn’t give a rat’s ass about whether grc.com is up or down, so hopefully she’ll smack him but I doubt it.

Yeah, I want to say the solution is to make things like they were in 1987 but bullies are bullies, whether it’s 2001 or 1987 or 1967. AD or BC, for that matter.

I want to say that accountability to a higher being will solve everything and make kids behave, but I know it won’t. That grade-school experience I just described to you, with 13-year-olds making South Park look tame and trying to get in girls’ pants? You know where that happened? A Lutheran grade school. Introducing the kids to God won’t fix it. Establishing a theocracy won’t fix it. In college I wrote a half-serious editorial, after a pair of 6-year-olds in Chicago murdered a four-year-old by dropping him out of a 20th-story window after he refused to steal candy for them, where I advocated the death penalty for all ages–maybe then parents would keep an eye on their kids, I reasoned. But I know that won’t fix anything either.

Steve Gibson doesn’t offer any answers. He’s not a social engineer. He’s a programmer–probably the best and most socially responsible programmer alive right now. And what Gibson wants is for Microsoft to cripple the TCP/IP code in Windows XP, so the zombies these script kiddies use don’t gain the ability to spoof come October.

Frankly, I wish such a castrated TCP/IP stack, with raw sockets capability removed, were available for Linux. My Linux boxes are a minimal threat, being behind a firewall and only having a single port exposed, but I’d cripple them just to limit their usefulness to a script kiddie just in case.

Why? Screw standards compliance. The standard for mail servers used to be to allow them to be wide open so anyone could use one, just in case their mail server was down. It was all about being a good neighbor. Then spammers trampled that good faith, so open relays are now the exception, not the rule.

Maybe there’s some legitimate use for raw sockets. I don’t know. But I know nothing I use needs them. So why can’t I run a stripped-down TCP/IP on all my boxes, so that in the event that I do get compromised, my PCs’ usefulness is limited?

If software companies want to provide a full, standards-compliant, exploitable TCP/IP stack for esotetic purposes that need them, fine. Do it. But don’t install it by default. Make it a conscious decision on the part of the systems administrator.

Let’s just get one myth out of the way. The Internet isn’t going to change the world. So when the world does stupid things, the Internet’s just going to have to change instead.

CD’s; Duron deal; Journal site; Cheap nic; DMA problem;

MAILBAG:
From: Steve Delassus
Subject: Cheap CDs. Too cheap?

Hey, I found a spindle of 100 16X 80-minute CDs at Best Buy for $25 after rebate. Seemed like a good deal, so I grabbed it. They’re imation CDs, which I thought had at least a decent reputation. Have you heard anything to the contrary?

Steve
~~~~~
I’ll take that over private label who-knows-what. I like Kodaks best, but Imations are certainly better than, oh, Infodisc… But what were you doing at Best Bait-n-Switch?
~~~~~~~~~~
From: “David Huff”
Subject: good Duron deal

Dave,

Here’s another good deal for those wanting to build an inexpensive PC:

AMD Duron 750 OEM – $38.00 http://www.gpscomputersvcs.com/amdprocessors.html

Not too shabby 🙂

Regards,
Dave
~~~~~
Wow. Thanks much. A Duron for a song. A Backstreet Boys song.
~~~~~~~~~~
From:
Subject: A good journal site.

Dave,

I would like to suggest Blogger.com. I’ve used it since February and haven’t had a problem with it. You can setup your own templates or use one of theirs. You can use your existing FTP account or they can provide one at blogspot.com. I set my journal up and just copied their template information to use my existing page format. I have my journal online at http://mkelley.net/notes .

I also must say that we have the same tastes in music, with the Pixies and the Church and some of the others you’ve listed. I have a video that came out for the album after Starfish and it has all of the Church’s music videos from the early 80’s to their end in the 90’s. If I can find it’s name I’ll pass that along. It should be cheap at your local used video/music stop.

ever listen to the Smiths?

Thanks, Mike Kelley
~~~~~
I’ll look into Blogger, but I’d really prefer something Linux-based, preferably Open Source so I can make changes to it down the line if I need a feature, and something using a database backend so I can rapidly make changes. If I’m going to change, I want to make a change that’ll give me lots of versatility.

I’m familiar with The Smiths but never really got into them. As far as Manchester bands go, I pretty much stuck with Joy Division and to a lesser degree, New Order. I think it’s Morrissey I object to, because I really enjoyed Johnny Marr’s guitar work with Electronic and with The The. Morrissey’s veganism (or is he just a militant vegetarian?) and asexuality just weirds me out, I guess.
~~~~~~~~~~
From: “Jeff Hurchalla”
Subject: cheap nic

Hi Dave, Don’t know if you’ve already caught this, but I got a linksys 10/100 nic at Best Buy for $5 after rebate ($10 regular) on Thrusday 4/26. I can’t say how long it’ll last, but at that kind of price I thought you and your readers might like to hear about it. The card is suppoosed to support 95/98/me/2000, possibly NT and macOS, and also has unsupported drivers for linux. On another note, I’m having the most horrendous time setting up networking in win98 imaginable. I used to work in Tcp/ip programming so of course it feels like it shouldnt be anywhere near this hard to do.. but that wasn’t using anything microsoft. Well enough complaining, as fun as it is 🙂 Do you have any suggestions for a web page to look at that goes in depth? I want to connect win98 computer to another win98, I’m using a linksys card in one and an NDC card in the other. The one with the linksys also has a Dlink card connected to a cable modem. I’ve attempted to set up internet connection sharing on the computer with 2 cards(it is 98se), but right now I can’t get either computer to see the other one. They are in the same workgroup. The ICS computer appears to have assigned 192.168.0.1 to the linksys(home) tcp/ip adapter, and the other nic in that computer is connected to the cable modem and working fine. For the other computer, I’ve set windows to automatically assign an IP address. Well if you’ve got any quick suggestions or places for me to look, let me know – I wouldn’t want you to waste time on it – I can do that for both of us quite easily! Take care, Jeff
~~~~~
Easy solution. Don’t set it to obtain an IP address automatically. Give the other (non-ICS) PC an address in the 192.168.0.x range yourself, with subnet mask of 255.255.255.0 and gateway of 192.168.0.1, then open a command prompt and try to ping the other one. If that works, specify your DNS addresses, then try pinging yahoo.com. I’m betting both will work, as will file and printer sharing if you turn that on (but be sure to unbind the Microsoft client from your Dlink card).

Unless you’ve got a DHCP server somewhere on the network, Windows will assign it a goofy address (in the 64.x.x.x range if I remember right–it’s some range that makes absolutely no sense) and you won’t see anything.

As for the NIC, that’s a nice price but I really don’t like to use Linksys cards. The Netgear card selling at CompUSA for $10 this week is a better card. I can confirm that Linux readily recognizes the Linksys, but the failure rate is higher than I like to see. Thanks for the tip though.
~~~~~~~~~~
From: “Al Hedstrom”
Subject: The Move

Dave –

I also want to move my stuff, but I’ll move it to a host and probably use something like Coffee Cup. One question: How are you moving all your archives? Page by page?

Al Hedstrom
~~~~~
Yep, I think that’s the way I’m going to have to do it. I’m looking into alternatives but right now I don’t see any. I’m going to set up a test server and play around with it. I haven’t downloaded my Manila site yet; it may be possible to extract the stuff. That’d be nice. If I can extract the text I can probably wrap the template around it and fake out Greymatter, but I haven’t really looked into it the way I should. Maybe next weekend.
~~~~~~~~~~
From: Mike Barkman
Subject: DMA problem

Hi Dave —

A small problem: I’m hurriedly converting my spare box for my son-in-law, as his second office machine has carked.

It has a Gigabyte GA5AA m/b with the ALi chipset and 100 MHz bus. The processor is AMD K6-II-350 and 64 MB of SDram. I’ve transferred his two drives over — Seagate medallists, one 6 GB and the other 8 GB. I cleaned off the c: partition and reinstalled Win98SE and his working software.

Problem: I enabled DMA for each drive and the CDRom; but it won’t stick — reboot and the checkmark has vanished.

Any ideas? I was transferring files over my network, and the speed was dead slow — that’s what tipped me off.

Cheers /Mike
~~~~~
Sounds like you don’t have the proper drivers for your ALi chipset. Download those from your Gigabyte’s site and install them, and chances are that’ll clear up the DMA issue.

04/26/2001

Ugh. I’m dead tired. Why does it seem like I’m busier now than I was when I was dating or when I was writing a book? It doesn’t make any sense. I wanted to talk about something other than computers today, but I’m beat as I write this (10 pm Wednesday night), so I’m taking the lazy route.

Umm, I do have this. Most of the Daynoters have already mentioned it. I don’t know all the details of Kaycee’s story, but if I’ve got the details right, she’s come back from being clinically dead twice, and she beat cancer last year. Now her liver is failing and there’s nothing the doctors can do.

We said a prayer for her in church last night. I can’t claim to know God’s plan for her (I’m clueless about God’s plan for me, let alone for anyone else), but obviously He wanted to keep her around a while longer for some reason. If He’s through with her here, or nearly so, nothing can stop it. But if He’s not…

Don’t write off Kaycee just yet.

We’d all do well to follow her lead. Look what Kaycee’s doing now. She’s got at least a little time left. She’s making the very most of it. We’d all do well to appreciate and make the most of what we have.

Hmm. On to much less important stuff.

Asus reports they’re selling more P4 motherboards now. Don’t fall into that trap. Don’t buy one. Planned obsolescence. Intel’s changing the socket again later this year, so you’ll hit a dead-end on upgradability. Besides, the P4’s just a lousy performer. Give Intel a year to sort the thing out, and don’t fund them in the meantime. Intel needs to learn that they can’t just ship lousy product and people will buy it just because it says Intel on it.

Meanwhile, reader David Huff sent me this:  An AMD Duron-750 for 38 lousy bucks. Astounding. The retail box version with a fan and 3-year-warranty is $50. T he same place has an FIC AZ11 motherboard for $65, so you can be in a Duron-750 for $120 or so considering CPU fan and shipping costs. (I checked; shipping is $10.50.) Red Hill doesn’t like the AZ11’s BIOS, but at that price, whaddya want? Red Hill also doesn’t like the lack of ISA slots, but unless you have a nice ISA modem, that probably won’t bother you. (Put your ISA modem in another computer, get Freesco, network ’em together, and share your net connection.)

AMD will cut prices Monday or Tuesday, but I can’t imagine they’ll have anything in the $38 price range. I’m about 98% ready to bite on this one.

Tiny assembly language Windows utilities

Tiny utilities. While I was debating whether to go buy a copy of Extreme Power Tools, I thought I remembered seeing a couple of programs similar to what they offer. So I went hunting and found other stuff, of course.

People tend to get annoyed if you just link to their files, so I linked to the pages that contain links to the files. Some of these pages get pretty heavy, so use your browser’s search function if you have trouble locating the file. Also, there are a few files on one of these pages that can be misused, such as buffer exploits and a program to reveal hidden passwords in dialog boxes. Whether they were intended to be misused, or to demonstrate insecurity, I’m not sure. That said, there are some other utilities on these pages that didn’t seem too useful to me, but they may be useful to you. I don’t want to throw out the baby with the bathwater, so here are a couple of dozen free utilities, linked using proper netiquette.

The listed file sizes are the size of the executable, not the download. The downloads are larger because they include additional files, usually source code.

Files from http://titiasm.cjb.net :

Memory Info. Want to know how much memory your system is using? Here ya go. This is faster than running Norton SysInfo or Microsoft System Monitor. 5.5K.

EdPad. Assembly language Notepad clone. Unfortunately it lacks search/replace. See TheGun for a closer NotePad replacement. 16K.

Resolver. A tiny utility to match Website URLs to IP addresses, and vice-versa. 4.5K.

Files from http://spiff.tripnet.se/~iczelion/source.html :

MP3play. A minimalist MP3 player. Also capable of playing WAV. MID, RMI, AIF, AU, and SND files. Supports playlists. Hint: Right-click in the program window to access its features. 10K.

Also includes miniMP3, a 3.5K player that just plays a single file you specify.

WordEdit. An RTF word processor/help file editor in assembler. Aside from being able to read Word 6 documents, it would make a fabulous WordPad replacement. Includes multiple-level undo and redo, font and color support. Major features missing from a full-blown word processor: spelling/grammar and print preview. Delete the included file splash.dll to eliminate the splash screen and long boot delay. 112K.

FileMan. A graphical two-pane file manager, like Norton Commander. 87K.

Clipboard. Intended mostly as a demo program, but it’s useful beyond its original design. Intended use: Put it in your Sendto folder and you can send file paths to the clipboard from a right-click on the file. Nice. But additionally, having a large object on the clipboard can slow down your system. Some programs ask when you exit if you want to clear it. Others don’t. This program pastes the command-line parameter you feed it to the clipboard, so a shortcut to this program that passes a single-character argument effectively clears your clipboard. Neat, huh? 2.5K.

EWCalc. A scientific calculator. Additionally, it’ll do decimal/hex/octal/binary conversion. 30.5K.

PlayCD. A simple CD player. 7.5K.

QuickBar. A lean replacement for the MS Office toolbar. 20K.

HTTP Downloader. Feed it an url, and it downloads a file through HTTP, like Unix wget. 20.5K.

TheGun. A slightly enhanced replacement for Notepad. Edits large files, includes Ctrl-A hotkey for select all, and includes search/replace. Source not included. 6K.

QuickEdit. A more full-featured editor, includes HTML-to-text conversion and strips carriage returns. Download includes TheGun and a quick-and-dirty textfile viewer. Source not included. 27K.

Files from http://www.rbthomas.freeserve.co.uk/:

Screen savers. I hate screen savers, as everyone knows. Normally I use blank screen. This package includes a 6.5K 32-bit assembly language replacement for blank screen. (Microsoft’s blanker is 16-bit!) The others in the package prove that even when written in assembly, graphics-heavy screen savers eat up far too much CPU time.

RWave. Records and plays back WAV files. A suitable replacement for Sound Recorder. 5.5K.

Timer. This program isn’t a substitute for a common utility, but it’s useful for me. I’ve never gotten around to getting a timer for my kitchen. Now I can let my computer do the job. If your apartment’s as small as mine, or if you have a computer in your kitchen (why? Never mind. I don’t want to know.) yours can too. 31.5K.

More for less, but who wants it? And David Huff reports the P4 prices will plummet today. I thought I mentioned that, but maybe not. The 1.7 GHz model will launch at the insane price of $350 (Intel had planned to launch it at $700 or so). Margins? We don’t need no stinkin’ margins! Intel’s definitely running scared.

Enough of that. Time to take a hint from Frank. What else is there in life? I realized one night last week that I hadn’t gone record shopping in a long time, so I hit the local used shop. The pickings were a bit more sparse than usual, but I’d written down a couple of longshots to look for and I found them, along with a couple of surprises. First I found Starfish, by The Church, which features the track “Under the Milky Way,” a mainstay of ’80s radio and compilations. That’s probably the standout track, but for a band usually considered a one-hit wonder, it’s a really good album.

The other big surprise was Look Sharp!, which was Joe Jackson’s 1979 debut. I was surprised to find it’s mostly a guitar-bass-drum album. Jackson’s a piano player–and a darn good one. Jackson’s piano appears, but he’s rarely playing the lead instrument. The tracks that everyone remembers (“Is She Really Going Out With Him?” and the title track) are definitely the best parts of this album, but it was a strong effort. I can see where his following came from. But it was weird hearing him do what amounts to punk rock with a dose of literacy.

The first longshot was an album I’ve been looking for used for years: Doolittle by The Pixies. The Pixies are very much an acquired taste, but I acquired it. How to describe them? Dark, usually. Weird, always. This was generally regarded as their best album.

And the last longshot was Oyster by Heather Nova. Who? Yeah, I know. I once saw her mentioned in the same context as Aimee Mann and Dot Allison, so I kept an eye out. I think the comparison to those two is a bit shallow. Yes, the three of them are all blonde, female, and write their own songs, and both Nova and Allison play guitar (so does Mann, but she’s mostly a bass player). I recognized “Walk This World” as a song that got a fair bit of airtime on alternative radio about five years ago. Like Allison, her lyrics can get a bit suggestive sometimes, though there are plenty of people who get more so. Compared to Madonna, they’re both tame. But comparing them to an MTV-manufactured pop star is heresy, so I’ll stop now. The variety of styles Nova dabbles in on the album surprised me. Some tracks are dreamy and atmospheric reminiscent of Allison’s band One Dove, but right in the middle of the album is some pure hard rock in the form of a song called “Maybe an Angel.” Somehow that song avoids being over the top like a lot of hard rock does, and it’s far and away the best song on the album. And I’ve thought about those Allison-Mann-Nova comparisons. She’s dreamy and atmospheric like Allison, and often introspective like Mann, so maybe that’s the basis. At any rate, I’ll be keeping an eye on her, and not just because she has a really cool name.