firewall

Basic Internet Explorer troubleshooting

Dave Farquhar Software , , ,

I did a little moonlighting this past weekend fixing Internet Explorer for somebody. It’s been several years since I’ve used that web browser regularly, but if someone pays me to fix IE, then I fix IE.

The problem was that after he paid someone else to fix his spyware problems, IE quit displaying SSL (secure) sites. So much for online banking and bill paying.

So here are some simple things to try if IE breaks and switching to an alternative browser like Opera or Mozilla isn’t an option.My guess is he got trigger happy with disabling stuff. IE was about as secure as it was going to get, but it was no longer useful as a web browser either. It was kind of like taking the tires off your car to keep it from getting in a wreck. The "Cannot display this page" page gave some troubleshooting information. It didn’t help. I searched Google for information. There were some suggestions of things to enable. It didn’t help.

So I figured I’d just download IE6 and see if running the installation program would give me an option to do a repair install. No dice. The installation program couldn’t access the Internet to phone home to Microsoft.

Two words: Personal firewall. I went looking. I found two. I uninstalled one. No dice. I uninstalled the second one and enabled Microsoft’s built-in firewall. It still couldn’t call home. This was weird.

As a last resort, I went into Tools, Internet Options, and cleared the browser cache and the history and everything else you could clear. And then I stepped through each tab, resetting the defaults everywhere I could.

In all honesty, I couldn’t see what difference there was between the defaults and the settings he had after I’d followed all those suggestions I found online. But after I reset the defaults, his browser was displaying SSL pages again.

All I can think of was that there may have been some hidden setting or settings in the Registry that got wiped out when I reset the defaults.

Then I went back and tightened things down a bit more–stuff like ActiveX controls and the like.

It’s always best to start with the simplest known configuration that works, then secure it one step at a time. That was definitely the case here.

Easy and secure remote Linux/Unix file transfers with SCP

Dave Farquhar Linux , , , , , , , , , , ,

Sometimes you need to transfer files between Linux boxes, or between a Linux box and some other box, and setting up Samba or some other form of network file system may not be practical (maybe you only need to transfer a couple of files, or maybe it’s just a one-time thing) or possible (maybe there’s a firewall involved).
Well, you should already have SSH installed on your Linux boxes so you can remotely log in and administer them. On Debian, apt-get install ssh sshd. If you’re running distro based on Red Hat or UnitedLinux, you may have a little investigative work to do. (I’d help you, but I haven’t run anything but Debian for 2 or 3 years.)

The cool thing about SSH is that it not only does remote login, but it will also do remote file transfer. And unlike FTP, you don’t have to stumble around with a clumsy interface.

If you want to transfer files from a Windows box, just install PuTTY. I just downloaded the 240K PSCP.EXE file and copied it into my Windows directory. That way I don’t have to mess with paths, and it’s always available. Make sure you’re downloading the right version for your CPU. The Windows NT Alpha version won’t run on your Intel/AMD/VIA CPU. Incidentally, Putty.exe is a very good Telnet/SSH client and a must-have if you’re ever connecting remotely to Unix/Linux machines from Windows.

SSH includes a command called SCP. SCP works almost like the standard Unix CP command. All you to do access a remote file is append a username, followed by the @ sign, and the IP address of the remote server. SCP will then prompt you for a password.

Let’s say I want to move a file from my Linux workstation to my webserver:

scp logo.jpg root@192.168.1.2:/var/www/images

SCP will prompt me for my password. After I enter it, it’ll copy the file, including a nice progress bar and an ETA.

On a Windows machine with PuTTY installed, simply substitute the command pscp for scp.

I can copy the other way too:

scp root@192.168.1.2:/var/www/index.php .

This command will grab a file from my webserver and drop it in the current working directory.

To speed up the transfers, add the -C switch, which turns on compression.

SCP is more secure than any other means of file transfer, it’s probably easier (since you already need SSH anyway), and since it’ll do data compression, it’s probably faster too.

When will we take security seriously?

Dave Farquhar net.culture , , , ,

Overheard today at work:
“Hackers don’t usually work during the day, or on weekends…”

I guess by that same logic, I could say that I ran file servers with all ports exposed on the public Internet for years and never got hacked (just don’t mention that those years started in 1996 and ended in 1998).

It’s sad that there are people who still don’t take security seriously. The attitude I heard 10 years ago–“What? Do they want to look at the GIFs and JPEGs on my hard drive? If they can get in, they can have ’em!”–pervades today. Nobody’s interested in your GIFs and JPEGs because you don’t have anything that hasn’t been posted on Usenet’s alt.binaries groups a dozen times, but they want your high-speed connection. It doesn’t matter anymore how insignificant you are. If your computer is online, they want it.

I’m quickly reaching the point where I believe it’s socially irresponsible to have anything faster than a 56K dialup connection and not have a hardware-based firewall sitting between you and the Internet. I bought a couple of the low-end Network Everywhere-brand (made by Linksys) 4-port cable/DSL routers a year ago. I paid $50 apiece for them. That’s what you’ll pay for a shrink-wrapped “Internet Security” software package, but it’s more effective and it doesn’t slow your computer down. Even a one-computer household should have one.

As far as antivirus software goes, Grisoft offers antivirus software free for home use. Yes, it slows your computer down. If you don’t like that, run Linux. Grisoft’s AVG is free, effective, and easy to use. And it stamps outgoing e-mail, assuring your friends that your mail has been scanned. That’s comforting in these days.

Hopefully the typical computer user will soon outgrow the teenage it-can’t-happen-to-me mindset.

But I won’t hold my breath. Since hackers only work on weekdays, problems can only happen when I’m at work and my home PC is off, right?

That wasn’t the Sunday I had planned

Dave Farquhar Personal , , ,

I was hoping that by now I would be upgraded to WordPress, the successor to the b2 blogging program that I use, and that I would have a running DietLinux box on some system, and that I’d be coming back to you with some cool tricks you can do with a Knoppix CD.
I’m 0 for 3.

WordPress is up and running inside my firewall, and there are some nice things about it, but if I move, I lose some stuff. Such as? Most of the code I had Steve write for me won’t run under WordPress. No recent comments, no scoring whatsoever, and searching gives you the posts, rather than links to the posts, which could be deadly if you searched for the word “the.”

Seeing the entries right away when you do a search or hit a category link is fine on blogs that don’t have a lot of entries, but when I have 1,200+ of them, that’s bad. It’s better to return titles with links to the entries.

What do I gain? The ability to make entries and not publish them just yet. The ability to close entries to comments. Movable Type-compatible pingbacks and trackbacks. In a future version, multiple categories per post. That’s all worth a lot.

So I’ll move. Not just this weekend, sadly.

A big chunk of the day went to fixing Gatermann’s web server. The nice thing about Linux is you never have to reboot it. (If you run Debian, you can even upgrade across versions without having to reboot.) The bad thing about Linux is that since you never have to reboot it, if you power it down, you really don’t have much way of knowing if the system’s going to come back up. After jumping through way too many hoops, we got the thing booted with a rescue disk, and when I looked at it, I couldn’t figure out how the system ever booted the first time. For one thing, I couldn’t find a kernel. Obviously at some point in this system’s life, something went horribly, horribly wrong.

Nothing we could think of would repair it, so we ended up archiving all the important stuff like /etc, then wiped and reinstalled. I’m sure if we’d persisted, we could have brought it back to life, but from the time he got here to the time I started reinstalling, three CDs had played on my stereo. I can install Debian in 15 minutes on a fast system, and 35 minutes on a slowpoke.

Don’t get me wrong, I’m not mad or upset or anything. I’m a little disappointed that I wasn’t able to fix it in 10 minutes though. But then I remember that two of those CDs that played during that timeframe were by The Cure. If two hours straight of The Cure doesn’t make you feel a a little down on yourself, nothing will.

But I’ll have to give Bob and his revolving door of bandmates credit for making me think about it. There was a time when I would have given almost anything to be the biggest Unix guru in St. Louis. That’s over. These days system wizardry is a means to an end. It pays me enough money to give me a house in a middle-class neighborhood, and a car that’s practical yet draws looks, and leaves enough left over to do nice things for people. Although the job can be demanding, I have more free time than Dad ever had. I mean, I found out this morning that three of my friends have started a band and I got to hear a very early mix of their CD. I can get excited, because I’ve got enough time to at the very least go see them. And if they need someone to write some propaganda for them, I can do that.

After dinner, I re-tackled the WordPress project, but that part of my brain’s just fried. I had to laugh at a question Steve asked me in e-mail. He asked why weekends take more out of him than the workweek. I know the answer to that one. Since we’re low-tier aristocrats, we’ve always got stuff that needs to be done. And the stuff around the house can very easily be more draining than the stuff we do for 40 hours a week. And when the workweek gets to be too much, you just call up a friend and take a long lunch–make up the time at the end of the day after everyone else has left and the office is quiet–and talk about home ownership and other low-tier aristocratic things to get your mind off work.

So as much as I’d love to go find some vexing question and solve it and then turn it over to Google to direct people with the question to my answer, I just don’t have it in me. Not today. And thinking about work to try to escape the drains of low-tier aristocracy seems, well, sick.

A Peter Gabriel CD and a book would be really good right about now.

This is priceless

Dave Farquhar General ,

I don’t normally do this–wait, I’m doing two things I don’t normally do, namely, post to my blog at work and link to someone else’s blog without writing anything containing a hint of originality–but you’ve got to read Charlie’s entry for today.
And in typical blogger fashion, I’m going to point out that he forgot something. Or maybe I just know a way to infuriate him that nobody else has discovered yet. Or maybe it just infuriates me.

  • Every time the latest spyware-laden, blinky, annoying, whiz-bang novelty app you downloaded from the Internet doesn’t work, walk up to the first IT person you find and say, “You changed the firewall, didn’t you?”

    • Confessions of a SQL 7 junkie

    Dave Farquhar Servers and Networking , ,

    My name is Dave, and I’m a Microsoft junkie. So are the people I hang out with every day at work. We’re all junkies. We’re addicted to the glamor drug of Microsoft SQL Server 7.
    I’m still trying to recover from the nightmare that is Microsoft SQL Server.

    You see, I have a problem. My employer and most of its clients rely heavily on SQL Server. SQL Server is a touchy beast. We have some servers running completely unpatched SQL Server 7, for fear of breaking a client’s application. No, I absolutely will not tell you who my employer is or who those clients are.

    That makes us, in Microsoft’s eyes, socialism-loving pinko Commies, since we won’t migrate to SQL 2000. Unfortunately, SQL 2000 isn’t completely compatible with SQL 7. So we’re forced into being pinko Commies.

    Part of the reason SQL Slammer hit was because of the touchiness of the service packs and hotfixes, and part of it was the difficulty in installing them. The hotfix that would prevent SQL Slammer requires you to manually copy over 20 files, mercifully spread out over only two directories. But it takes time and it’s easy to make a mistake. So Microsoft released a SQL 2000 patch with a nice, graphical installer. But the pinko Commies like me who still use SQL 7 have to manually copy files.

    Now, SQL 7 isn’t vulnerable to SQL Slammer, but it has plenty of security flaws of its own. And there’s one thing that history has taught us about viruses. Every time a new virus hits, a game of one-upmanship ensues. Similar viruses incorporating new twists appear quickly. And eventually a virus combining a multitude of techniques using known exploits appears. A SQL Slammer derivative that hits SQL 7 in one way or another is only a question of time.

    Someone asked me why we can’t just leave everything unpatched and beef up security. The problem is that while our firewall is fine and it protects us from the outside, it doesn’t do anything for us on the inside. So the instant some vendor or contractor comes in and plugs an infected laptop into our network–and it’s a question of when, not if–we’re sunk. Can we take measures to keep anyone from plugging outside machines into our network? Yes. We can maintain a list of MAC addresses for inside equipment and configure our servers not to give IP addresses to anything else. But that’s obstructive. The accounting department is already supremely annoyed with us because we have a firewall at all. Getting more oppressive when there’s even just one other option isn’t a good move. People in the United States love freedom and they get annoyed when it’s taken away, even in cases that are completely justifiable like an employer blocking access to porn sites. But in a society where sysadmins have to explain that an employer’s property rights trump any given individual’s right to use work equipment for the purpose of seeing Pamela Anderson naked, one must be picky about what battles one chooses to fight.

    In a moment of frustration, after unsuccessfully patching one server and breaking it to the point where SQL wouldn’t run at all anymore, I pointed out how one can apply any and every security patch available for Debian Linux at any instant it comes out with two commands and the total downtime could be measured in seconds, if not fractions of a second. And the likelihood of breaking something is very slight because the Debian security people are anal-retentive about backward compatibility. The person listening didn’t like that statement. There’s a lot more software available for Windows, he said. I wondered aloud, later, what the benefit of building an enterprise on something so fragile would be. Jesus’ parable of building a house on rock rather than on sand came to mind. I didn’t bring it up. I wasn’t sure it would be welcome.

    But I think I’ll keep on fighting that battle. Keeping up on Microsoft security patches is becoming a full-time job. I don’t know if we can afford a full-time employee who does nothing but read Microsoft security bulletins and regression-test patches to make sure they can be safely deployed. I also don’t know who would want that job. But we are quickly reaching the point where we are powerless and our lives are becoming unmanageable.

    Such is the life of the sysadmin. It’s a little bit of a rush to come into crisis situations, and a lot of my clients know that when they see me, there’s something major going on because they only see me a couple of times a year. In the relatively glamor-less life of a sysadmin, those times are about as glamorous as it gets. And for a time, it can be fun. But when the hours get long and not everyone’s eager to cooperate, it gets pretty draining.

    The worm that’s not a worm

    Dave Farquhar Windows , , , , , ,

    I got mail at work today. The subject:
    David you have an e-card from Alex.

    Well, about the only person I know who calls me David is my mom. And I don’t know anybody named Alex. And why would a guy be sending me an e-card? Not wanting to explore that possibility any further, I disregarded it.

    Then I remembered reading about something like that somewhere, so I went back and looked at it.

    Short story: A really sleazy e-card company is sending out e-mail containing nothing but an URL at friendgreetings.com, which sends down ActiveX controls and installs some spyware that, among other things, sends bogus cards to everyone in your Outlook address book. That’s where I got that e-card message from. I was in this guy’s address book, for whatever reason. (Turns out he’s the webmaster at work. Funny how the webmaster and the hostmaster can go for long periods of time and never meet, eh?)

    Officially, this isn’t a virus or a worm because it’s a company doing this crap, rather than a bored loser who lives in his parents’ basement and you have to click on an EULA (which most people do blindly anyway) for it to activate. I fail to see the difference, but I guess I’m weird that way.

    I originally wrote that the anti-virus makers didn’t consider this a worm, but Symantec seems to have relented. You can get a removal tool at Symantec’s site.

    If you want to protect yourself pre-emptively, locate your hosts file (in C:\winnt\system32\drivers\etc on NT/2000/XP; I’m wanting to say it’s in C:\Windows\System on Win9x; on most Unix systems it’s in /etc, not that it matters since this not-a-worm runs on Windows) and add the following entry:

    127.0.0.1 www.friendgreetings.com

    More cleanly, you can ask your network admins really nicely if they can block friendgreetings.com at the firewall or DNS level.

    If you have inadvertently unleashed this monster, first, close Outlook immediately. Normally, I’d advise getting right with everyone else before cleaning things up, but since there’s the risk of making things worse if you do it that way, clean house, then start apologizing.

    Next, download the removal tool.

    If you want to be really safe, go into the control panel and remove anything that appears to have anything to do with friendgreetings.com. Next, I’d go to www.cognitronix.com and download Active Xcavator and remove anything having to do with friendgreetings.com. Next, I’d head over to LavaSoft and download Ad-Aware and let it shoot anything that moves.

    Next, apologize profusely to the guy who runs your mail server (ours got clogged up for hours processing all the mail from not-our-friendgreetings.com) and to everyone in your address book. I can’t offer you any advice on the best way to do that. Except I’d use something other than Outlook to do it. Head over to TinyApps.org to find yourself a small freeware mail client. Assuming you’re not on an Exchange server, I’d suggest pulling the network plug before firing up Outlook again to get those e-mail addresses.

    Meanwhile, it would do no good whatsoever if everyone who’s gotten one of these annoying e-cards (whether they opened it or not) opened a command prompt and typed ping -t www.friendgreetings.com and left it running indefinitely. No good whatsoever. It’s still a distributed denial of service attack if all of the participants participate voluntarily and independently. Right?

    A semi-easy firewall

    Dave Farquhar Linux , , , , , , , ,

    A single-floppy firewall mini-distribution can be a quick and easy way to save yourself some money if you’ve got an old PC in a closet not doing anything, assuming you stumble across a combination of hardware that works right.
    If you don’t stumble across a combination of hardware that works together, you can just as easily spend a weekend and accomplish nothing but uttering strings of four-letter words in combinations never before heard by mankind.

    In case you came here looking for hardware that works, here are a few hints. A 10-megabit PCI NE2000 clone in combination with virtually any 10/100 PCI card ought to work fabulously. A pair of 10/100 PCI cards based on the RealTek 8139 chipset, which includes the majority of today’s inexpensive cards, probably will not. If you’re buying new stuff and want ease of use, get a 3Com card and a cheapie. If you want cheap and a little inconvenience, get a Netgear FA311 or 312 and a Realtek 8139-based card, such as a D-Link DFE-530+ or a Linksys. You’ll have to hunt down and install the natsemi.o module to get the Netgear working; most other inexpensive cards on the market will work with the rtl8139.o driver.

    Freesco doesn’t supply a driver for the Intel EtherExpress Pro series out of the box. If you’ve got an EEpro, you can make it work by downloading the module and copying it to the floppy, but don’t rush out to buy one. And yes, the 3Com and Intel chipsets are high-performance chipsets, especially compared to the 8139, but remember, routers are machines that pull packets out of a 1.5-megabit pipe (if you’re lucky) and shove packets down an even smaller pipe. In this application, a $40 big-brand card doesn’t give you any advantage over a no-name card that costs $6 at Newegg.com

    While these firewalls will technically work fine even on a 386sx/16, trying to make them work with ISA cards can be a long, difficult road. Used Pentium-75s are dirt cheap (and Pentium-60s and 66s are even cheaper, when you can find them) and they’re a lot less trouble because PCI cards don’t require you to rejumper them or hunt down a plug-and-play configuration disk to find out its IRQ and address. I’ve had the best luck with Pentiums that used an Intel Triton chipset or newer (the 430FX, HX, VX, or TX). I’ve tried a couple of boards that had a SiS chipset of 1995 vintage or so, and I could get one network card or the other working, but not both. I don’t want to generalize and say that based on two isolated incidents that all Taiwanese chipsets are junk for this application–for all I know, the problem could have been the BIOS on those boards–but I’ve done this on a handful of Triton-series boards and done well on all of them, and on two SiS boards and failed. Your mileage will probably vary.

    How much memory do you need? 16 megs is sheer luxury.

    Once you put all this together, the question becomes whether you use a floppy distribution or a full-blown distribution. If you want peace and quiet and cheap, the answer is pretty easy–use a floppy and pull out whatever hard drive was in there.

    A full-out distribution like Red Hat or Debian will give you more versatility. You can run meaningful Web and FTP servers if you want (and your ISP allows it). You can run a caching nameserver to speed up your Web browsing. If you feel adventurous, you can even install the Squid caching proxy and speed up your browsing even more (but either use a SCSI drive or put in a bunch of extra memory and run Squid’s cache out of a ramdisk–Squid’s performance on IDE is, to put it mildly, terrible).

    I’m having a hard time finding the documentation on how to set up a second network interface quickly. I believe it involves the file /etc/interfaces and the files /etc/sysconfig/ifconfig.eth0 and .eth1, but I don’t have a Linux box handy to investigate at the moment.

    Anyway, I like Debian for this application (of course) because I can easily fit a minimal Debian on a 100-meg hard drive.

    Once you get your network cards all working and talking to each other, you can build your firewall using this online tool. I just copy it, then Telnet into my Linux box using PuTTY, fire up a text editor, and right-click in the window to paste.

    If you want versatility and quiet and don’t mind spending some cash, pick up a CompactFlash-to-IDE adapter and a CompactFlash card of suitable size. Don’t create a swapfile on the CF card–you’ll quickly burn it up that way. Your system will recognize it as a small IDE drive, giving you silent and reliable solid-state storage on the cheap.

    Disguising a Linux box for the big, bad world

    Dave Farquhar Linux ,

    I had to put a Linux server out all alone in the big, bad world today. Before I turned it loose, I did a few things to give it a fighting chance out there.
    The biggest thing I did was make the machine volunteer as little information as possible. Here’s how.
    Read more

    Pretentious Pontifications: Meet R. Collins Farquhar IV

    Dave Farquhar General , , , , , ,

    Hello. David’s taking a day off. I’m sure I need no introduction. I am R. Collins Farquhar IV. After writing all the good parts of David’s book and not getting any credit whatsoever, I’ve spent the last couple of years working as a playwright, trying to follow in the footsteps of my slightly more famous ancestor, George Farquhar. It went OK. My ideal job, though, would allow me to sit on the floor all day and pontificate, and people, wowed by my vast intellect, would pay me.
    I’m still waiting for the phone to ring. Something is very wrong with this world.

    But a good friend did pass me an invitation last night. He’s a French nobleman, the closest thing I’ve found to being worthy of my company. His name is something along the lines of Jacques Luc Pepe “Ham’n’Cheese” Croissant Crepe de Raunche. He’s not quite worthy of my company, which is why I never bother to remember his proper name completely. He gets annoyed when I just call him Raunche. He gets even more annoyed when I call him Steve.

    Raunche invited me to the new home he just finished building. “Will you be joining me for cigars and old cognac tonight?” he wrote me. “But of course,” I wrote back. And I offered to provide the music. In typical French fashion, he declined. Rudely.

    I was going to fly in my private jet, but Raunche is in the habit of letting his dogs roam free on it. I didn’t want to dirty up my plane, so I drove. Well, actually, I was driven. I couldn’t help but notice he lives off a road called Bentley Park. It’s very appropriate, what with a Bentley being a car for a man who can’t quite handle a Rolls. I told him that upon my arrival, after he greeted me in a gruff voice.

    He said he’s already got one.

    Vivaldi was playing in the background. How cliche. I told him that too. He said something about taunting me a second time.

    I’m still wondering if I went to the right place, because there were no cigars and no old cognac. No new cognac either, for that matter. All he had was Girl Scout cookies and chocolate soy milk. And Vivaldi. He didn’t even have the decency to play it on a tube receiver. It’s impossible to hear music the way it was meant to be heard on transistor equipment. But he insisted on playing it on — get this — a COMPUTER.

    Was I wondering whether I went to the right house? Strike that thought. Playing Vivaldi on a computer is just like Raunche. He’s always more interested in trying to show off his computer skills than he is in doing things right.

    So we sat around and talked about what he needed for his firewall. David fancies himself the computer expert in the family, but his intellect is no match for mine. He can’t possibly know as much as I know. He doesn’t even know as much as Raunche. So Raunche and I laid out some plans, and I tried not to think about David being out and about, doing middle-class things:

    Intel D850MV motherboard (dual processor)
    (2) 2.2 GHz Intel Pentium 4 CPUs
    4 GB RDRAM
    Adaptec 39160 dual-channel Ultra160 SCSI controller
    (2) Seagate Cheetah X15 36LP 36-GB hard drives
    Pioneer DVD-305S SCSI DVD-ROM drive
    1 Quantum DLT 8000 40/80 GB tape drive
    Asus V8200 GeForce3 video card
    Intel Pro/1000 XT Gigabit Ethernet adapter
    Microsoft humpback keyboard
    5-button Microsoft Intellimouse Explorer optical mouse

    Raunche and I argued about the specs for a long time. I wanted Fibre Channel hard drives, but Raunche didn’t like that idea. Finally I relented. This isn’t going to be a serious computer, after all. It’s just going to be a firewall and a router. Raunche asked about GeForce4 cards, but they’re still a little bit hard to find. I wouldn’t put anything less than a GeForce3 in a server-class machine, but I’m not too interested in waiting for a GeForce4. People say we never get anything done and just sit around pontificating too much already.

    Raunche said the board would only take 2 GB of memory, but that’s nonsense. I read somewhere recently that Linux will run in as little as 4 MB of memory. Obviously that was a typo and they meant to say GB. So if Linux requires a minimum of 4 GB of memory, we should get 4 GB of memory. Obviously if we build a computer so that it will run Linux well, it will also run Windows well. That’s just common sense. Still, computer hardware has gotten so cheap, he’ll be able to build himself a nice simple little firewall for around $10,000.

    I really wish Intel would go back to making memory and high-end video chipsets and cards, and I wish they would get into the SCSI controller business. There are two hardware companies I trust: Intel and Microsoft. Raunche agrees.

    With our plans laid out, Raunche bid me adieu late in the night. I’d have liked to have stayed and debated longer, but the upper crust need their sleep.

    As I left, I thought it was rather nice of me to drive in rather than flying in. That way I wouldn’t awaken his neighbors by taking off in a jet late at night. Not that they care, I’m sure. One must make provisions to live in such close proximity to the upper crust.

    In fact, I’m sure some of the neighbors were disappointed not to get the chance to see my plane. I’ll have to get on to Raunche about having his runway cleaned.