Is the Windows firewall safe enough?

Is the Windows Firewall safe enough? I wish more people would ask that question rather than make assumptions.

I wish I had a nickel for every time I’ve heard an unsubstantiated statement like “Windows firewall is junk.” I went looking, and the best I could find was this, an editorial that said it doesn’t do enough to address outbound connections, particularly on a program-by-program basis.

OK, point taken. But “enough” is a moving target.

Read more

Why my ramdisk techniques don’t work with XP

I got a question today in a roundabout way asking about ramdisks in Windows, specifically, where to find my instructions for loading Win98 into a ramdisk, and how to do the same in XP.
I haven’t thought about any of this kind of stuff for more than two years. It seems like two lifetimes.

The original instructions appeared in my book, Optimizing Windows (now in the half-price bin at Amazon.com), and instructions to use DriveSpace to compress the disk appear here. You can get the freeware xmsdisk utility this trick requires from simtel.

These techniques absolutely do not work with Windows NT4, 2000, or XP. Despite the similar name, Windows NT/2000/XP are very different operating systems than Windows 9x. Believe it or not, they’re much more closely related to IBM’s OS/2 than they are to Windows 98. Since there is no DOS laying underneath it all, there’s no easy way to do the trickery that the bootable ramdisk tricks use. What these two tricks do is literally intercept the boot process, copy Windows into the ramdisk, then continue booting.

There’s a $99 piece of software called SuperSpeed that gives the NT-based operating systems this capability. I haven’t used it. I imagine it works using the same principle, hooking into the boot process and moving stuff around before booting continues.

The downside, no matter what OS you use, is the boot time. XP boots in seconds, and my book talks about the trickery necessary to get 95 and 98 to boot in 30 seconds or less. But any time you’re moving a few hundred megs or–yikes–a gig or two of data off a disk into a ramdisk, the boot process is going to end up taking minutes instead.

Is it worth it? For some people, yes. It’s nice to have applications load instantly. A lot of things aren’t CPU intensive. You spend more time waiting for your productivity apps to load than you do waiting for them to do anything. Web browsing and e-mail are generally more bandwidth- and disk-intensive than they are CPU-intensive (although CSS seems determined to change that).

But a lot of games aren’t especially disk-intensive, with the possible exception of when they’re loading a new level. So loading the flavor-of-the-week FPS game into a ramdisk isn’t going to speed it up very much.

Of course, XP is far, far more stable than 98. Windows 9x’s lack of stability absolutely drives me up the wall, and for that matter, I don’t think 2000 or XP are as stable as they should be. Given the choice between XP or 98 in a ramdisk, I’d go for XP, with or without speedup utilities.

I’ve made my choice. As I write, I’m sitting in front of a laptop running 2000 (it’s VPNed into work so I can keep an eye on tape backup jobs) and a desktop PC running Linux. I have a 400 MHz Celeron with Windows 98 on it, but it’s the last Win9x box I have (I think I had 4 at one point when I was writing the aforementioned book). Sometimes I use it to play Baseball Mogul and Railroad Tycoon. Right now it doesn’t even have a keyboard or monitor connected to it.

I guess in a way it feels like hypocrisy, but I wrote the first couple of chapters of that book with a word processor running in Red Hat Linux 5.2 (much to my editor’s chagrin), so I started down that path a long, long time ago.

Sam’s Club offers $299 Red Hat Linux boxes

I just read today that Sam’s Club is about to start offering 1.1 GHz Duron PCs running Red Hat Linux for $299.
The machines are beefier than Wal-Mart’s $199 Microtel PCs running Lindows and Lycoris. The machines don’t exactly compete with one another; the 800 MHz Microtel boxes are good enough for word processing and e-mail, and Lindows and Lycoris target users with simple needs. Red Hat targets people with a little more familiarity with PCs, as does AMD. Sam’s is also offering a $399 version with a 2 GHz AMD Athlon XP.

The machines are built by a Kansas outfit called CPUbuilders. The systems utilize a SiS chipset with integrated video. They use PC133 memory and not the newer, faster DDR memory. The 1.1 GHz model comes with 128 megs of RAM and a 20-gig drive; the 2 GHz model has 256 megs and a 60-gig drive. Both have standard amenities like Ethernet, modem, sound, and a CD-ROM drive. The budget model lacks a floppy drive, while the more expensive model has one.

They both appear to be solid, but basic, configurations. It’ll be interesting to see how successful they are in the marketplace.

Trolling the web for nothing in particular

Yes, Brian, baseball will soon return. I hate the things Major League Baseball does (Bob Costas once likened choosing sides between the players and the owners to choosing sides between Iran and Iraq), but we’ve chosen to stay together for the kids. I’m sure everyone who cares (and some who don’t) can guess what I think of Bud Selig, but I’ll tell you anyway, soon enough.
In the meantime, I look like ArsTechnica today. Oh well. I don’t do this very often.

Blogging. Wired News had its take on the phenomenon, and threw out some interesting stats.


In January alone, at least 41,000 people created new blogs using Blogger, and that number is always increasing, [Blogger founder Evan] Williams said. Some have put the total number of weblogs at more than 500,000.

Alongside the boom, however, there have recently been a few faint signs of backlash. As increasing hordes take on the task of trying to keep new sites looking nice, sounding original and free from banalities, more hordes just seem to fail.

Blog critic Dave Linabury offered a recipe for success:


“It really can take a lot of time,” he said. “I spend two hours a day on my weblog. Many people don’t realize this, they think it’s a quick way to get popular. And after awhile they get really discouraged and say, ‘he got 2,300 hits today, I got four.’ The bulk of people out there get less than two dozen hits.”

“I don’t want to be elitist,” Linabury added, “but all these people out there with popular weblogs, they’ve been doing it longer and they stick to their guns.”

I can attest to that. The people who get more traffic than I get almost all have been doing this longer. But I can tell you one thing: It’s never enough. Back when I was getting 80 visits a day I wanted 150. When I was getting 150 visits a day, I wanted 250. Now that I get about 500 visits a day, I’m awfully distressed to see people are getting 2,300. And by the time I reach 2,300, I’m sure there will be people getting 5,000 or even 10,000. (Note that visits are the number of unique visitors; hits are the number of files served up. Hit count is deceptive. I get 500 visits per day but closer to 1,000 or even 1,500 hits per day, due to people visiting, reading comments, and then often reading something from a previous week. And if they do a search, that’s at least two additional hits.)

Link

Another feather in Internet Explorer’s cap. To my knowledge, no new security vulnerabilities have been reported in Internet Explorer this week, but the newest security patch, released last week, contains a bug that can cause a VBscript directive that previously worked to crash the browser.

Microsoft says Webmasters need to modify their pages not to use the directive.

That’s nice (I don’t use VBscript on this site) but there are embedded devices, such as HP’s JetDirect card, that use the directive. So early adopters of this patch may find themselves unable to do their jobs.

Better webmaster recommendation: Don’t use VBscript or ActiveX or other Microsoft-owned languages in your Web pages at all. Better end-user recommendation: Use Mozilla or a derivative instead of Internet Explorer.

Link

Recompiling Debian for your hardware. This thread comes up every so often, and with the popularity of Linux From Scratch and Gentoo, the appeal of a compiled-from-scratch Debian is undeniable. But does the small speed improvement offset the increased difficulty and time in upgrading?

The consensus seems to be that recompiling gzip, bzip2, and gnupg with aggressive options makes sense, as does recompiling your kernel. Recompiling XFree86 may also make some sense. But expending time and energy in the perfectly optimized versions of ls and more is foolhardy. (Especially seeing as speed demons can just get assembly language versions of them from www.linuxassembly.org.)

Link

A Guide to Debian. This is a guide, still incomplete, that gives a number of tips for someone who’s just installed Debian. The tips are applicable to other many other Linux (and even Unix) flavors as well.

Link

Spam. A coworker walked into my cube today and asked me how he could keep web robots from harvesting e-mail addresses from his web site. I found myself referring once again to the definitive piece on the subject, from Brett Glass (who gets my nomination for the greatest computer columnist of all time, for what that’s worth).

Link

The RULE project. A project has emerged to bring Red Hat Linux back to its roots, and allow it to run on older, less-powerful hardware.

From their site:


This install option is meant to benefit primarily two classes of users:

* GNU/Linux newbies who cannot afford modern computers, but still need, to get started more easily, an up to date, well documented distribution.
* System administrators and power users who have no interest in eye candy, and want to run updated software on whatever hardware is available, to minimize costs, or just because it feels like the right thing to do.

I love their FAQ. Check this out:


1.0 Hardware is so cheap today, why bother?

1. This is a very limited and egoistic attitude. Eigthy per cent of the world population still has to work many months or years to afford a computer that can run decently the majority of modern, apparently “Free” software.
2. Many people who could afford a new computer every two years rightly prefer to buy something else, like vacations, for example…. Hardware should be changed only when it breaks, or when the user’s needs increase a lot (for example when one starts to do video editing). Not because “Free” Software requires more and more expensive hardware every year.

These guys have the right idea. I can only hope their work will influence other Linux distributions as well.

Link

Linux uptime. (Sure, a little original content.) When I was rearranging things months ago, I unplugged the keyboard and monitor from my webserver, then I never got around to plugging them back in because I didn’t have to do anything with it.

The other day, I had occasion to plug a keyboard and mouse back into it. I went in, did what I wanted to do, then out of curiosity I typed the uptime command. 255 days, it told me. In other words, I haven’t rebooted since last May, which, as I recall, was about when I put the machine into production.

Optimizing a Linux box in-place

Here’s the Linux bit I promised yesterday. I wrote it much earlier, so I might as well throw it out there.
Our test firewall at work is an old Pentium-200 running Red Hat Linux and a commercial firewall app. (No, I won’t disclose which one. Security, you know.) It’s a bit slow. A P200 is severe overkill for the firewall built into the Linux kernel (Steve DeLassus and I made a firewall out of the first PC he ever bought, a 486SX/20 of 1992 vintage, which, save the loss of the original power supply in an electrical storm, has never required any service), but this commercial package does a lot more than the simple firewalls built into Unixish kernels do.

It had 72 megs of RAM in it and swapped mercilessly. Its speed seemed to be OK once it was booted, but seeing as this is a testbed, it tends to get rebooted an awful lot. I needed to do something for it.

So I trekked into the PC graveyard to see what I could dig up. I found a Compaq 386DX/20. I left that alone. That’ll be useful if I ever need to pillage a pair of Compaq drive rails, which has happened before. Unfortunately those rails are worth more than the rest of the computer. I also spotted a Mac SE. That’ll be handy if I ever need a doorstop. Then I found a Pentium-75 and another Pentium of unknown speed. I opened them up. The 75 had a pair of 16-meg sticks. I opened up the unknown Pentium and looked inside. Ugh. Socket 4. That meant it was a Pentium-60, or, at best, a Pentium-66. It had a pair of 8-meg sticks.

I pulled the memory sticks out of the 75. The 60 didn’t have anything usable in it, save a pair of hard drives, both 540 megs, one a Quantum and the other a Seagate. I took the Seagate because it was easier to unbolt. I don’t have any way of knowing at this late date which of those drives was the better performer, and it probably doesn’t make much difference anymore.

The idea was to add some memory, and put in a second hard drive dedicated to virtual memory. Since the likelihood of the machine needing to read data from a drive and simultaneously hit virtual memory was fairly high, I wanted the virtual memory on its own drive. Furthermore, Linux’s partition-read
mechanism isn’t terribly efficient. This doesn’t matter for SCSI drives, which re-order I/O events, but for IDE drives it matters a lot. So getting the swap partition onto a dedicated drive was likely to improve performance a fair bit. (If this were a production system, it would probably have a SCSI
drive in it.)

So I swapped in the 16s for the 4s and found an empty bay to hold the 540, which I put on the second IDE channel as master (another performance trick), and booted Linux. The next trick is to use your favorite disk partitioning tool (I like cfdisk, but I can navigate plain old fdisk) to blow away whatever partition is on the new drive (this one was /dev/hdc) and create a single partition. I just made it the size of the drive, since 2.4 can deal with large swap partitions and Linux is smart enough to use whatever virtual memory it needs, not just automatically use all it has available. Then I set
it to type 82. Linux can do swapfiles, but a filesystemless dedicated swap partition gives better performance.

Next, I edited /etc/fstab. I found an entry for the swap partition pointing at /dev/hda2. I changed that to /dev/hdc1. That means I now have a small swap partition just sitting on the first drive unused, but that’s not a big deal to me. The system’s not using the disk space it has. While I was there, I noticed the CD-ROM drive was pointing at /dev/cdrom. I asked Charlie, our Unix/Linux guru, if Red Hat had some intelligence I didn’t know about. He said /dev/cdrom was just a symlink. I changed the entry to read /dev/hdd, which is where the CD-ROM drive ended up after my shuffle. Better to just code things directly than try to track symlinks, in my estimation.

Next, I issued the command mkswap /dev/hdc1 to initialize the swap partition. Then I rebooted and listened.

Indeed, during boot, the second drive was getting activity. I logged in and ran top, then hit shift-M to have a look at memory usage. The firewalling software was eating up a lot. But swap usage was down.

I decided to try cutting memory usage down a little more. I loaded /etc/inittab into vi. Red Hat by default gives you six virtual consoles. This machine has little need for more than two. Pulling the extras saves you a couple of megs. Near the end of the file you’ll see several lines that look something like this:

1:2345:respawn:/sbin/mingetty 38400 tty1

I commented out the last four of those. Hit the i key to put vi in insert mode, scroll down to those lines, add a # to the beginning of them, then hit ESC, then hit ZZ (shift-Z twice) to rapidly save the file, no questions asked. (I know, vi ain’t friendly, but it’s there.)

Then I had a look at /etc/rc3.d to see what daemons were running. I found apmd, sendmail, and gpm running. That was a waste of a couple megs, not to mention a possible security risk. I vaguely remember all three of them having had security issues in the past, and sendmail is one of those programs that should never be running unless you need it. Yes, this machine’s just practice, but Hall of Fame catcher Johnny Bench found that if he got sloppy and just let wild pitches go while he was warming up pitchers, he wasn’t as sharp at blocking potential wild pitches during the game when
it counted. So he worked just as hard during practice as he did during the game. Now he’s considered the greatest catcher of all time.

So I applied the Johnny Bench principle and disabled them with the following command sequence:

mv /etc/rc3.d/S26apmd /etc/rc3.d/K26apmd
mv /etc/rc3.d/S80sendmail /etc/rc3.d/K80sendmail
mv /etc/rc3.d/S85gpm /etc/rc3.d/K85gpm

I rebooted to find memory usage down by about 4 megs and the system booted a little faster. It was also more secure.

Total downtime: About 45 minutes.

That was time well spent. I may end up having to just bite the bullet and get some memory, but the system will perform better with these changes no matter how much memory is in it. And, more importantly, performing this exercise made me notice something I hadn’t noticed before. It let me tighten up security.

Had I blindly just ordered some memory to put in the system, or a new PC, like some people unfortunately advocate, I wouldn’t have necessarily noticed that as quickly.


Speaking of Linux, I did finally get Apache, PHP, and MySQL all talking together on my church’s 486. I used phpWeblog, which is an awfully nice package. Pages load in an acceptable two seconds. I notice the machine is paging, so a little more memory will probably help that. It’s amazing that people are throwing away Pentium-class machines when even a 486 has enough power to be a decent intranet server.

Not everyone’s so fortunate as you and me. Give ’em to someone who can use them if you don’t want them.

It’s the best of times, it’s the worst of times…

I hate arguing with women. When guys fight, they fight hard, and they don’t always fight fair, but when the fight’s over, it’s pretty much over. You settle it. Maybe you seethe for a little bit. But eventually, assuming you both still can walk, you can go to hockey games together almost like it never happened.
I’ve found myself in an argument. It’s not like an argument with a guy. Every time I think it’s over, it flares back up. It’s like fighting the hydra. (I don’t know if this is characteristic of arguments with women in general; I generally don’t seek out that experience.)

I found one solution though: Don’t open my inbox.

That worked for me once. After 8 months, she finally quit e-mailing me.

Found on a mailing list. I’m assuming this guy mistyped this:

“I need hell with my installation.”

Some smart aleck responded before I did. “Usually you get that with installation whether you want it or not. Now someone’s demanding it. Newbies, these days.”

I was going to say that if you ran Windows, you’d get that free of charge. (That’s the only thing Microsoft gives you for free!)

A cool phone call. My phone rings at work. Outside call. Don’t tell me she somehow got my number at work… I pick up. “This is Dave.”

“Dave, it’s Todd.”

Ah, my boss. Good thing I picked up, eh?

“You busy?”

When it’s your boss, there is absolutely no right answer to that question. One of my classmates in college told me something worth remembering, though: The truth’s always a lot easier to remember than a lie.

“We can’t come to the phone right now. Please leave a message at the beep.”

Nope. Too late for that.

“Not really,” I say, hoping I won’t regret it. Either he’s gathering data for my personal review, or he’s about to ask me to install Mac OS X on a Blue Dalmation iMac with 32 megs of RAM (speaking of wanting hell with installation…)

Actually he asks me for something pretty cool. He asks if I was up to learning some firewalling software. (No, I won’t tell you which one. And no, I won’t tell you who I work for. That’s like saying, “Hey, l337 h4xx0r5! You can’t get me!)

But I will tell you the IP address. It’s 127.0.0.1. If you can crack that address, you deserve whatever you can get. (No comments from the Peanut Gallery.)

So I hit the books. Thanks to this duty, I get another Linux box. I’ve got a Power Mac running Debian already, which runs scripts that are impossible on NT. It monitors the LAN and reformats some reports and e-mails them to my boss and co-workers at 6 every morning. But the management software runs under NT 4, Red Hat Linux, or Solaris. None of that’ll run on a PowerPC-based machine. So I lay claim to an old system that I happen to know has an Asus motherboard in it, along with 72 megs of RAM. I’ll have fun tweaking that system out. An Asus mobo, a Pentium-class CPU, and a Tulip network card. That’s not the makings of a rockin’ good weekend, but it’ll make for a reliable light-use workstation.

While the management software runs under Red Hat, some of the infrastructure is BSD-based. So I get to learn some BSD while I’m at it. As long as BSD is sane about /proc and /var/log, I’ll be in good shape. But I heard LSD was invented at Berkeley, so I may have a little learning to do… Maybe listening to some Beatles records while administering those systems would help.

What on earth is going on?

AOL-Time Warner in talks to buy Red Hat? I found this this morning. It’s intriguing, but I can’t decide if a buyout would be a good thing or a bad thing. After all, Netscape was in decline when AOL bought it. It nosedived afterward. Obviously, the problem was twofold. When AOL acquired Netscape, they didn’t acquire all of its mindshare. Some of the most talented people got fed up and left. You can take Jim Barksdale or you can leave him. The loss of Marc Andreesen and Jamie Zawinski, though, was substantial.
The second problem was that AOL wasn’t serious about competing. They bought a browser technology and basically sat on it. Netscape 4.x was fundamentally flawed, as even Zawinski acknowledges, although I would argue it was no more fundamentally flawed than IE 4.x. The Gecko engine, on which Netscape 6.x is based, is solid technology, even though it took longer to get to market than anyone had hoped. Although Netscape 6.x won’t bowl anyone over, other browsers based on the technology, such as Galeon, are absolutely fantastic. But AOL chose to release a half-hearted browser with the Netscape name on it and continued to use the IE engine in its flagship product even after the favorable agreement with Microsoft that prompted AOL to do so in the first place expired.

That begs the question of what AOL would do with Red Hat if it owned it. Red Hat is still the big-name player in the Linux field, but Red Hat is concentrating on the server market. You can still buy Red Hat at retail, but on the desktop, Red Hat is arguably #3 in popularity now behind France’s Mandrake and Germany’s SuSE. Red Hat is the only Linux company that’s making money, but that’s largely by selling consulting. That’s not AOL’s core business. At this point, AOL is more of a media company than a technology company. Software just gives AOL more outlets to sell its media content. Consulting doesn’t do that.

The best possible scenario for a Red Hat buyout would be for AOL to, as Microsoft puts it, “eat its own dog food,” that is, rip out the infrastructure it bought from other companies and replace it with the technology it just developed or acquired. Since AOL is largely powered by Sun servers, it wouldn’t be terribly difficult to migrate the infrastructure to Red Hat running on Intel. Then AOL could give a big boost to its newly-acquired services division by saying, “We did it and we can help you do it too.” They can also cite Amazon’s recent successes in moving its infrastructure to Red Hat Linux. There is precedence for that; after AOL bought Time Warner, the entire company started using AOL for e-mail, a move widely questioned by anyone who’s used anything other than AOL for mail.

Of course, it would be expected that AOL would port its online service to Linux, which would create the truly odd couple of the computing field. AOL, meet sed and awk. Red Hat would certainly lose its purity and much of its credibility among the Linux die-hards. AOL would bank on making up the loss by gaining users closer to the mainstream. AOL could potentially put some Linux on its corporate desktops, but being a media company, an all-out migration to Linux everywhere within is very far-fetched.

To really make this work, AOL would either have to enter the hardware business and sell PCs at retail using its newly acquired Red Hat distribution and newly ported AOL for Linux and possibly an AOL-branded office suite based on OpenOffice, or it would have to partner with a hardware company. Partnering with a big name seems unlikely–a Compaq or an HP or an IBM wouldn’t do it for fear of retaliation from Microsoft. Sun has never expressed any interest in entering the retail computer business, and even though Sun loves to take opportunities to harm Microsoft, Sun probably wouldn’t cooperate with AOL if AOL replaced its Sun infrastructure with Red Hat Linux. Struggling eMachines might be the best bet, since it’s strictly a consumer brand, has a large presence, but hasn’t consistently turned a profit. But AOL could just as easily follow eMachines’ example, buying and re-branding low-end Far East clones and selling them at retail as loss-leaders, taking advantage of its lack of need for Windows (which accounts for roughly $75 of the cost of a retail PC) and making its profit off new subscribers to its dialup and broadband customers. A $349 PC sold at retail with a flashy GUI, decent productivity software and AOL is all the computer many consumers need.

The advantage to this scenario for everyone else is that AOL would probably dump more development into either the KDE or GNOME projects in order to give itself more and higher-quality software to offer. The official trees can either take these changes or leave them. Undoubtedly, some of the changes would be awful, and the official trees would opt to leave them. But with its 18 years’ worth of experience developing GUIs, some of the changes would likely be a good thing as well.

The more likely scenario: AOL will buy out Red Hat, not have a clue what to do with it, and Red Hat Linux will languish just like Netscape.

The even more likely scenario: AOL will come to its senses, realize that Red Hat Linux has nothing to do with its core business, and the two companies will go their separate ways.

Optimizing Linux. Part 1 of who-knows-what

Optimizing Linux. I found this link yesterday. Its main thrust is troubleshooting nVidia 3D acceleration, but it also provides some generally useful tweakage. For example:
cat /proc/interrupts

Tells you what cards are using what interrupts.

lspci -v

Tells you what PCI cards you have and what latencies they’re using.

setpci -v -s [id from lspci] latency_timer=##

Changes the latency of a card. Higher latency means higher bandwidth, and vice-versa. In this case, latency means the device is a bus hog–once it gets the bus, it’s less likely to let go of it. I issued this command on my Web server to give my network card free reign (this is more important on local fileservers, obviously–my DSL connection is more than slow enough to keep my Ethernet card from being overwhelmed):

setpci -v -s 00:0f.0 latency_timer=ff

Add that command to /etc/rc.d/rc.local if you want it to stick.

Linux will let you tweak the living daylights out of it.

And yes, there’s a ton more. Check out this: Optimizing and Securing Red Hat Linux 6.1 and 6.2. I just turned off last-access attribute updating on my Web server to improve performance with the command chattr -R +A /var/www. That’s a trick I’ve been using on NT boxes for a long time.

Baseball. I’m frustrated. The Royals let the Twins trade promising lefty Mark Redmon to the Tigers for Todd Jones. Why didn’t the Royals dangle Roberto Hernandez in the Twins’ face? Hernandez would have fetched Redmon and a borderline prospect, saved some salary, and, let’s face it, we’re in last place with Hernandez, so what happens if we deal him? It’s not like we can sink any further.

Meanwhile, the hot rumor is that Rey Sanchez will be traded to the Dodgers for Alex Cora, a young, slick-fielding shortstop who can’t hit. Waitaminute. We just traded half the franchise away for Neifi Perez, an enthusiastic, youngish shortstop who can’t hit outside of Coors Field and is overrated defensively and makes 3 and a half mil a year. What’s up with that?

Moral dilemma: Since the Royals don’t seem to care about their present or their future at the moment, is rooting for Oakland (featuring ex-Royals Jermaine Dye and Johnny Damon and Jeremy Giambi) and Boston (featuring ex-Royals Jose Offerman and Chris Stynes and Hippolito Pichardo and the last link to that glorious 1985 season, Bret Saberhagen) to make the playoffs like cheating on your wife?

01/18/2001

A red-hatted worm. Wow. You sure don’t hear about this often.  There’s a worm that exploits a weakness in Red Hat Linux 6.2 and 7.0. Coined the Ramen worm, it defaces Web pages with a tribute to Ramen noodles. This is the first of these that I’ve heard of, and I’ll say it’s an example of why multiple distributions are a good thing. Other distributions aren’t vulnerable to this, so the spread slows. Hardening Red Hat against this isn’t hard–head to securityfocus.com, which anyone who administers Linux boxes for a living needs to be reading anyway. Exploits and fixes are generally documented and fixed long before anything can take advantage of them.

The number of the day is… 114. That’s my IQ, at least according to the 10-minute test I took yesterday in between phone calls while two of my coworkers were arguing about the validity of IQ tests. I popped up, announced my score, fueled the debate and then left. I was feeling vindictive I guess.

Generally, as I understand it, 100 is average. If you’re in the 130s, you’re gifted. I’ve been around some 170s and I keep up with them with no problems. I knew a 190 once. She gave me some problems, partly because I couldn’t understand her when she started spouting off in Latin. Solo hablo ingles y un poco espanol–un muy poco espanol. And I think another part of the problem was I found her boring, too refined.

What’d my coworkers have to say about my score? One of them used me to dismiss all validity of IQ tests–no way that guy’s a 114! His problem-solving ability is too good, and that memory, and and and… Well, slightly above-average people generally don’t write their first book and publish it before their 25th birthday. The coworker arguing in favor of IQ tests blamed my score on environment and poor preparation. I admit, my preparation was awful–I took it on spur of the moment, didn’t check any answers, took a 20-minute test in 10, took a couple of phone calls while I was doing it… So I was hardly scientific.

But what do we mean when we call someone “smart,” anyway?

Good memory? My dad sure had a great memory. I have a pretty good one too. I can probably tell you the starting lineup of every Kansas City Royals team from 1980 to last season. (I’ll spare you). And obscure computer information… don’t get me started. But nobody has a memory as good as a computer. Some would say the only thing dumber than a computer is a toaster, but I wonder, because my toaster sure works a whole lot better than my computer does most of the time.

Intelligence? Intelligence is the ability to reason and analyze. Some people do this really well. Others don’t. Most people who’ve watched me work say I have good troubleshooting and analysis skills, though I often score poorly on tests that measure that. Yet when I took the ACT, I did everything wrong. I went out with my girlfriend the night before. I stayed up late. I decided to come home and study afterward. Then I went in and scored a 30 or 31 on my first try. For those unfamiliar with the ACT, a score of 30 gives you an automatic scholarship from the state of Missouri at any state university. I think 36 is the highest possible score. A score of 26 gets you automatic admission at most state universities. As I recall, I scored in the 98th percentile in social studies, 99th in English, low 80-something in math and high 80-something in science. (Just call me Mr. Humanities.)

Common sense? I guess this is ability to deal with the real world. I’ve run into people who are seriously deficient here. That girl I knew with a 190… She had virtually none. She was always finding herself in situations she couldn’t think her way out of. Some people call this “street smart,” and I think that’s a good description of it. Common sense isn’t as common as it should be.

Wisdom? I think wisdom’s the most important of the bunch. It’s the ability to use what you’ve got. I scored very poorly on one proficiency test that measured my ability to analyze. My biggest beef was that it was heavily slanted towards the mathematically minded, and I don’t have that inclination–my math numbers were what dragged down my ACT score the most–and the last time I had to juggle numbers a lot was in 1994. One time when someone used that score against me, I retorted, “Yeah, so I don’t have as much as some of those guys. At least I know how to use what little I’ve got, and they certainly don’t!” Is it possible that my intelligence and common sense are only slightly above average, and that I use memory and wisdom to compensate? Maybe.

I know someone who doesn’t think she’s smart. And maybe she lacks in one of those areas. I don’t know. What I do know is she knows how to get things done. And I’ve never felt any need to talk down to her. When we’ve talked, I’ve always had the sense she’s understood what I’m talking about–and we’ve talked some pretty heavy subjects at times. Remember my line of work.

When I think smart, I think of those guys I know who had 170-plus IQs and pontificated a lot. She doesn’t do that. But when I think dumb, she doesn’t come to mind either. My former neighbor who believed every conspiracy theory out there and who believed The X-Files is a documentary does. He also tended to overuse profanity and thought very highly of his own intelligence.

I think it was a Supreme Court justice who once said he couldn’t define the word obscene, but he knew it when he saw it. I think the same goes for intelligence. It’s hard to define and even harder to measure, but we know it when we see it.

Windows keyboard tricks

Those promised keyboard tricks. To get a Windows key, download the Kernel Toys. The keyboard applet, which works under 95 and 98, allows you to remap the caps lock, control, or alt keys to a Windows key. You can also remap the caps lock key to control or alt if you want. 

To assign My Computer to a hotkey, create a new shortcut with the following command line:
explorer.exe /n,/e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}

Next, click on the shortcut key and hit a key (I suggest “m” or “c”) and that’ll give you instant two-pane access to My Computer any time you hit ctrl-alt and that key.

If you want single-pane access (I don’t think it’s as useful, but hey), use this command line instead:
explorer.exe /n,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}

I finally fixed my firewall. I souped up the firewall a while back, then it never worked again. (I guess that’s the ultimate in security, eh? No one can hack in if you’re offline.) I forgot which ethernet card was outgoing and which was pointing inward, to my LAN. Finally, I tried stopping and restarting PMFirewall, which printed my network configuration. When both NICs were assigned to the address 192.168.0.1, I knew I was in trouble. With that tip-off, fixing it took just a matter of minutes.

Speaking of Linux, a speed tip. If you’re running Red Hat Linux as a NAT/IP masquerade gateway to share an Internet connection, do yourself a favor and install the BIND and caching-nameserver RPMs, then set your first DNS entry on your other PCs to your gateway’s IP address. This will make your proxy server look up DNS addresses for you and store them, reducing network traffic slightly but noticeably. The overhead is minimal; I’ve got Steve DeLassus running IP masquerade and caching nameserver on a 486SX/20 and it’s more than up to the task. For a small home network, a 386SX/16 has enough horsepower as long as it meets your distribution’s minimum memory requirements. I’d be more comfortable with a 50 MHz or faster 486 for a small office, but that’s as much due to expected age and reliability as it is to CPU requirements.

If you’re running a close derivative of Red Hat (Mandrake is certainly close enough, and I believe even Caldera and TurboLinux are as well), go ahead and download Red Hat’s caching nameserver RPM. It’s just a couple of short text files, but it’s easier to download and install an RPM than it is to key them in.