steve gibson

Best public DNS – finding the best for you

Dave Farquhar Servers and Networking , , , , , , , ,
Best public DNS – finding the best for you

If your Internet connection is slow, it almost always helps if you optimize your DNS. But there’s more to the best public DNS than just speed. I’ll tell you how to find the fastest DNS, but using a DNS that offers improved security gives your computer protection beyond what your antivirus and firewall provide.

Sometimes it’s enough, and it’s definitely cheaper than buying a new router. Even if you do get a new router, using fast DNS helps. Here’s how to find the best public DNS to use, to improve your speed and your security.

Read more

It was a high-stakes game, and I won.

Dave Farquhar General , , , , , , , ,

Who’s to say where the wind will take you
Who’s to know what it is will break you
I don’t know where the wind will blow
Who’s to know when the time has come around
I don’t wanna see you cry
I know that this is not goodbye
–U2, Kite

When I last left you, I was denying it was time to say goodbye to the data on a friend’s hard drive. I’d found some information on the Internet that promised to get her data back, but I hadn’t done it yet. As often is the case with the Internet, the instructions I found online for doing the job were close. They were not quite right, but they brought me close enough that I was able to make it work.

Removing Form.A from a FAT32 drive is difficult. I was able to verify its presence using the free-for-private-use F-Prot, but F-Prot wouldn’t remove it, Usenet reports to the contrary.

One word of warning: Do as I say, not as I do. The first thing I should have done was make a bit-for-bit backup copy of the drive. I didn’t do that right away. Norton Ghost will work, though it’s not exactly a bit-for-bit copy. A better approach is to get a mini-distribution of Linux and use the standard Unix dd command to make a backup copy. (For example: dd /dev/hda1 /dev/hda2 bs=1024k) Once you have a copy of the drive, work from the copy! If you don’t know how to do all this, do not attempt recovery yourself. It’s much too easy to mess up your drive beyond any hope of recovering your data. This information is presented for informational and entertainment purposes only. I make no representation whatsoever that this will work for you. For all I know it’ll install Gator on your computer and leave the dome light on in your car and erase all your VHS tapes.

I downloaded a utility called ivinit.exe from www.invircible.com (don’t e-mail me if their Web site is down; I could only get to their site about one time out of four myself). It’s a very limited utility; I’d chained the drive off another drive for recovery purposes but ivinit will only work on the primary partition on your C drive. So I disabled the primary drive. Ivinit found it and warned me that the MBR and its mirror didn’t match. I restored the MBR from its mirror, then rebooted. I re-enabled my primary drive, let it boot, and tried to access the drive. I got the invalid media type error again. I ran FDISK, which told me I had a single FAT32 partition. That was a good sign.

So I ran MBRWORK.exe, deleted the MBR and EMBR and told it to recover my partitions. It found a single FAT32 partition. Excellent. I rebooted, tried to read drive C, and… Yeah. Invalid media type paid me another unwelcome visit.

I ran the real-mode version of Norton Disk Doctor from a recent copy of Norton Utilities. You have to be very careful with Norton Disk Doctor; never run it unless you’re positive the version you have knows about FAT32. Otherwise, you’re setting your hard drive up for a train wreck. NDD wasn’t too happy. It wanted to scavenge and rebuild the partition table, and it didn’t offer me a chance to make a backup copy. I never let a low-level utility do anything that it won’t let me undo. I aborted.

At this point I wised up. I put an Intel 10/100 network card in the PC I was using to recover the data, plugged into my network, grabbed my magic network boot disk, and connected up to the big Windows 2000 computer I use for editing video. I ran Norton Ghost and told it to make an image of the disk. To my amazement, it found a single 3.8-gig FAT32 partition and started running through filenames!

Like I said, Ghost doesn’t normally do a bit-for-bit copy; it stores enough information to recreate a valid copy of your partition. If your partition isn’t quite valid, that means you don’t get an exact copy. The upside of that is that Ghost can be a useful data recovery tool, assuming it can make sense of your partition. And fortunately, it looks like it’ll make sense of partitions that Windows itself doesn’t want to touch.

Theoretically, I could have restored the data by just making an image with Ghost, then restoring the image immediately afterward.

Norton Disk Doctor revived the partition, and it revived it more quickly than a Ghost restore would have. Then I ran into another pitfall–everything in the root directory appeared OK, and most subdirectories one level deep were fine, but anything nested gave sector not found errors. Norton Disk Doctor offered to fix that stuff, but I had a gut feeling that I shouldn’t go that route. Any time there’s the possibility of bad sectors, I want SpinRite.

As soon as I ran SpinRite, it reminded me of why I should bring it into the game as quickly as possible. It reported that the drive’s CMOS parameters appeared incorrect and it was hesitant to continue. That’s good–incorrect CMOS parameters can cause the problems I was seeing. And trying to repair the drive with messed up CMOS parameters will lead to nothing good–something that Steve Gibson is certainly aware of, and something that Symantec may not necessarily care about. In this case, the parameters were wrong because I put the drive in another system and it defaulted to a different addressing method. Whenever you’re doing data recovery and you want to move the drive, you need to be sure you get addressing straight or you’ll do a whole lot more harm than good.

After I corrected the CMOS, a simple DIR /W /S ran through the entire drive with no complaints. Norton Disk Doctor found no filesystem errors or low-level errors. SpinRite doesn’t do anything about filesystem errors, which is why I went back to NDD–use NDD when you suspect filesystem problems, but always always turn surface-scan-type stuff over to SpinRite. And there’s no harm in running SpinRite first–it’ll alert you to problems that NDD might not notice.

Along the way I learned a whole lot more than I ever wanted to know about boot-sector viruses. AntiCMOS and Form were able to coexist together nicely, and on just about any computer purchased new between 1992 and 1996, they’d just happily infect any disk you used and you’d probably never be the wiser. With the release of Windows 95B and FAT32, Form became destructive. (Why should Microsoft test new filesystems for compatibility with old viruses?) Wendy told me the problem appeared after she left an old disk in the computer before she booted it up. I suspect their old computer picked up the virus at some point, and since it wasn’t destructive under DOS and Windows 3.1, they never noticed. The computer just happily infected disks. Boot sector viruses flourished in the early 90s, as everyone needed a boot disk to play Doom or other tricky DOS games, so people traded boot disks like recipes. As often as not, those boot disks carried viruses.

When I went to put the drive back in, the dreaded “Operating system not found” paid me a visit. I hadn’t wanted to try to boot off the drive while it was in another PC for obvious reasons. So I did the standard drill. First up: fdisk /mbr. Strikeout. Second: sys c:. Strikeout. Finally, God reached down with His two-by-four and smacked me upside the head to knock some sense into me. I ran plain old fdisk and found the problem–no active partition. So I set the partition to active, and boom. The system booted up and was its old self again. It seems like I always make that mistake.

Data recovery is definitely a trade or a skill, not a science or process.

It’s Monday. Have a day.

Dave Farquhar General ,

There’s a band called The Happy Mondays. Whoever came up with that name is sick. And yes, I know I’m a curmudgeon.
I had too much stuff to think about this weekend, very little of it involving me, and talking about most of it here is totally inappropriate. A bunch of different things culminated into me starting to write a long diatribe about discerning God’s will. The problem with it is, there are books of the Bible shorter than what I’ve written, and all I’ve said is a couple of ways not to do it.

The other thing I did yesterday was to get the data recovered off that laptop hard drive I was working on Saturday. After a 14-hour SpinRite session, the drive was readable again under both Win98 and Linux. The drive is still slow and headed for early retirement, but now it’s a whole lot more sound than it was and it looks like it’ll be our decision when the drive retires, not the drive’s decision. I don’t know everything that SpinRite does and I know even less about how it works, but in this case SpinRite didn’t claim to have done anything at all but suddenly, after running it, a hard drive that had been all but unusable is readable again. At $89 for a single license, SpinRite is expensive, but I don’t know how I ever got along without it.

I wish Steve Gibson would quit being the Don Quixote of Internet security and get back to what he does better than anyone else. Not many people in business environments format their hard drives FAT anymore, and SpinRite does nothing for NTFS drives. How about a SpinRite 6.0 that supports NTFS, Steve?

Windows XP has much greater implications for Steve Gibson than just raw sockets. It brings with it the consumerization of NTFS, which means his bread-and-butter product is going to be mostly obsolete. I format all of my drives FAT, partly so that SpinRite remains an option for me, but Gibson can’t count on everyone doing that.

SPAM from Macromedia regarding Flash; Neatgear NICs; Crash course

Dave Farquhar General , , , , , , , , , , , ,

MAILBAG:
From: “bsprowl”
Subject: Spam ?? from Macromedia regarding Flash

I keep getting offers to down load Macromedia’s Flash. These aren’t e-mail type spam; a window pops up and asks if you want to download it.

I have find it very annoying to get these regularly. I have searched on it and find it will cost $399.00 plus tax and shipping for this web authoring tool after the trail period runs out.

Well duh, that’s expensive and I don’t want to write using it; I use Arachnophia (sp?) which is freeware, saving over $400 for the small bit of web development that I do.

There are also some security issues that I don’t want to deal with (although how a glorified text editor can cause security problems seems insane, the FAQs lead me to believe that it can happen.)

But why do I keep getting offers to download it from so many sites. The latest is weather.com, who you would think would not have ads of this type. And the ad pops up several times as I open the radar map and every time I refresh the map it pops up two or three more times.

I have tried to see if this spam is somehow tied to my computer and have used some of Steve Gibson’s tools ( grc.com ) and updated my virus definitions, etc., to eliminate or reduce it if it is hidden or my system. I found nothing.

Any suggestions?

Bob
~~~~~
I know exactly what’s going on. (My site isn’t bugging you about that, is it? If it is, Vinny and Guido will be knocking on a couple of people’s doors because off the top of my head I can’t think of anything I hate more than Flash and my site’s not *supposed* to be using it….) There’s nothing wrong with your computer. You’re getting that question because so many sites use Flash; and most sites, if they detect you don’t have the free Flash plug-in, offer to let you download it. You’d be downloading the free unlimited-use plug-in rather than some trial version of the $399 package.

But Flash animations are annoying (and mostly used by really blinky and obnoxious ads) so I don’t like installing it. I also don’t like the stupid dialog boxes (or sites that install it without asking permission, as some do). When a site offers to install Flash, I add it to the Restricted Sites zone (Tools, Internet Options, Security, then click Restricted Sites, then click Sites, then add, say, www.weather.com to the list). That shuts ’em up, unless they also use ActiveX, in which case IE will pop up a dialog box saying the page may not render properly. But at least they’ll quit bugging you about Flash.
~~~~~~~~~~
From: “Bob”
Subject: Re[2]: Spam ?? from Macromedia regarding Flash

Hello Dave,

Oh. Now I feel stupid for bothering you.

I never noticed Flash or Macromedia before this. I don’t really want to install it but I would like the weather maps to update automatically and also to show the past several hours.

I guess I’ll do a backup to CDW and then install it. I don’t have a lot on my system, the C: drive only has about 590 MB so it will fit on a single CD. Then if it’s a problem I can just go back to the original system.

I really am wasting that drive but then none of mine are full. I don’t download music, that’s why I have my stereo; I don’t even have a speaker plugged into my computer.

I don’t play DVDs; that’s what the VCR is for (although I haven’t used it more than once since I brought it; I don’t even know were the nearest video rental place is located.)

A year or two ago I tried to install the latest release of the Asteroids game which I though might be fun but after downloading half a dozen files from several sites (I need something called Direct X) it won’t run and neither would anything else. I tried it on several of my systems from an old 486 with DOS 6 and Window 3.11 to a system with a PII 450 and Windows 2K. I’ve never gotten a game more complex that Mahjongg to run on anything besides my old Atari, so it must be me.

I spend a lot of time reading and I like paperbacks so I don’t download books either. I do have a database of all of the books I’ve read in the last five plus years. And that is linked to my Palm so I no longer buy a book I have already read.

I find your sight to be most useful concerning computer technology and read it everyday. While most of the other daynoter’s are interesting, they are not nearly as useful. I really don’t care what they ate, etc.

Thanks again,

Bob
~~~~~
No problem, I’m sure you aren’t the first to have that question, and I’m sure others are asking, “How do I keep this #&%$ website from telling me to download Flash?” If not today, someday someone will want the answer to that question.

Most recent games do require DirectX, which you can download from here. If the DirectX version is too old, games will complain. The safest way to get a game running, if you’re willing to invest the time, is to build up a system, install Windows clean, then install the current version of DirectX, then install the game. That may be more trouble than you’re willing to go to.

I chuckled as I read the rest of your mail. About two years ago, a box of stuff showed up in my boss’s cube. Nobody knows where it came from. There was some ancient computer stuff, and there was some REALLY ancient computer stuff. One of them was a CompuServe manual, and I could tell from the logo and the hairstyles and tie widths that this thing was from 1984 at the very latest. I flipped through it and chuckled at the words that suggested 1200 baud was something new, and when my boss walked in, I held it up and said, “Now this is a relic from a time when computers were computers, and not washing machines and stereos and VCRs and TVs and fax machines and toasters.”

“You sound bitter.”

“No, just practical.”

I remember my Amiga’s simple elegance. Yes, it invented multimedia, but it knew what it was, and that was a computer, and it did a good job of being one. And I miss that.

And thanks for your compliments of the site. I try to be useful, and entertaining, and compelling. I don’t always succeed, but enough people come back that I guess I succeed often enough. I know Pournelle’s a better writer than I am, and both he and Thompson have a much deeper depth of knowledge than I do (they’ve also had more time to accumulate it). So I do the best I can, and try to make it as easy as possible here for people to find the stuff they do like.

Thanks for writing.
~~~~~~~~~~
From: “Steve DeLassus”
Subject: Neatgear NICs

OK, what’s the difference betwen a Netgear FA310 and an FA311? At the price mwave is hawking them, I am ready to pick up 3…
~~~~~
The FA310 uses the classic DEC Tulip chipset near and dear to all Linux
distros’ hearts. The FA311 uses a NatSemi chipset that only very recent
distros know what to do with. The FA311 should be fine with Windows boxes,
and it’s supposed to be fine with Mandrake 8.
~~~~~~~~~~
From: “Gordon Pullar”
Subject: Re Crash Course

Hi, I have just read your article in this months “Computer shopper” I am having trouble re-formatting my hard drive (which previously had WIN98SE on it and worked well!) I used FDISK( Got from WIN98 then WIN98SE.) to create a Primary DOS partition,using the whole disk,6.4 Gig. After that I reformated it, it now freezes at writing the FAT table,that’s if I get that far,4 times out of 5 using a boot disk,(I have tried several from differnet PC’s) It gets as far as “verifying pool data” and then freezes.I have checked the HDD drive out with Seagates own diagnostic software and all is OK.(Funny it always boots OK with the seagate software “Seatools”) Changed the IDE cable to the hard drive.I have flashed the BIOS with the latest version.

Is there anything else I could be missing??

Giga-byte GA 5AX motherboard
AMD K6 2 500 Mhz CPU
256 Mb pc100 Ram
Seagate 6.4 Gig ST36451A
HDD Generic video card

Regards

Gordon Pullar
~~~~~
First thing I’d do would be to try to get it to boot off a floppy, then type FDISK /MBR. Both of the problems you’re describing sound like a corrupted MBR, and I don’t think partitioning the drive will zero that out for you. If that doesn’t work, try zeroing out the entire MBR with the MBRwork utility (www.terabyteunlimited.com).

Failing that, I’d try using SeaTools to either low-level format or zero out the drive. Usually after doing that, a finicky drive will work just fine.

No, this is still the old server.

Dave Farquhar General , ,

The new server works, but I got sidetracked last night. I had to take care of a weird work problem, and I ran out to a bookstore where the girls who work there seem to have this competition to see who can be the nicest, and then I came back home and had a long phone conversation with an old friend I hadn’t talked to in a couple of years. Between all that and trying to make some sense of Steve Gibson’s latest discoveries and trying to figure out what he wants and whether I agree with him, my server just kept chugging along.
I need to make my homebrew spam filter too. I’m thinking I’ll press a 486 into that duty, at least initially. I’m out of good PCs to experiment on. Once I get it working, if it’s slow, I’ll get some parts and build something better to block the onslaught of spam.

Oh, speaking of spam, for those of you who have Web pages… If you obscure certain characters in your e-mail address–sub in the raw ASCII code for the at sign and the period and one or two letters–most spam bots can’t harvest it. I need to do that for my pages. I’ve also found some cool-sounding traps for spam bots, including one that tries to dynamically figure out the spambot’s IP address, then feeds it accounts like abuse@owner.com and postmaster@owner.com. If they work, I’ll most certainly toss them your way.

We can’t give hackers anything else to work with

Dave Farquhar General , , , , , , , , , , , ,

Thanks to David Huff for pointing this link out to me (the good Dr. Keyboard also passed it along). Steve Gibson was hacked last month, and he wasn’t very happy about it. So he set out to learn everything he could about l337 h4x0rs (elite hacker wannabes–script kiddies). What he found out bothers me a lot.
Kids these days. Let me tell you…

In my day, 13-year-old truants (those who had computers and modems) used their modems to dial 800 numbers over and over again long into the night, looking for internal-use-only numbers. Armed with a list, they then dialed every possible keycode combination looking for PINs. Then they’d use that information to call long-distance on the telco’s dime. They’d call BBSs, where they’d swap the previous night’s findings for more codez, cardz (credit card numbers), warez (pirated software), or porn.

I never did those things but I knew a lot of people who did. They’d drop off the face of the earth on a moment’s notice, and rumors would go around about FBI busts, computer equipment being confiscated, kids being hauled off to juvenile detention center… And some of them never came back. Some of them cleaned up. Others, who knows? I heard a rumor about one of them running away to Las Vegas after he got out. And some just got hold of their old contacts and went right back to business. One of my friends cleaned up–the huge phone bill he got was enough of a reality check that he stopped. Whether it was a moral reason or just fear of getting caught again, I don’t know. I knew another who got busted repeatedly, and he’d call me up and brag about how his line was tapped, throwing in the occasional snide remark to whoever else might have been listening. I remember our last conversation. He sent me some code (all of the guys I knew were at least semi-competent 6502 assembly language programmers) and we talked music. I’d been fascinated by that subculture, though I never did anything myself–I just talked to these guys (partly out of fear of getting caught, partly because I did want to have some semblence of a life, partly because I didn’t want to kiss up to a bunch of losers until I’d managed to prove I was elite enough), but at that point I was 16, I’d published once, and I realized as the conversation ended that my fascination with it was ending also. It was 1991. The scene was dying. No, it was dead and pathetic. These “elites” had become the butt of jokes–they were risking arrest so they could call Finland for free and pirate Grover’s Magic Numbers, for Pete’s sake! I guess I was growing up. And I never talked to him again. (I don’t even remember this guy’s real first name anymore–only his handle.)

I guess if I’m going to be totally honest, the only thing that’s really changed are the stakes. I want to say my generation wasn’t that bad… But I don’t know.

Essentially, some guy going by “Wicked” had zombies running on 474 Windows PCs. Some of “Wicked’s” buddies took issue with Gibson talking about script kiddies–they thought he was talking about them–so they told “Wicked” to take him down. And he did. And he bragged about it.


"we will just keep comin at you, u cant stop us 'script kiddies' because we are
better than you, plain and simple."

Now, when someone annoys me, I find out what I can about the guy. At 26, I do it to try to get some understanding. At 13 I didn’t necessarily have that motivation, but I did at least have some basic respect. And anyone claiming to be better than Steve Gibson… Gimme a break! That’s like walking up to Michael Jordan and saying you’re better on the basketball court, or walking up to Mark McGwire and saying you can hit a baseball further, or walking up to Colin Powell and telling him you can beat him in a war. And anyone who’s ever written a line of assembly language code and read any of Steve Gibson’s stuff knows it. And it’s not like the guy’s exactly living in obscurity.

Well, Gibson was diplomatic with this punk. And his reasoning and his respect softened him. He called the attacks off. Then they suddenly started again, and Gibson got this message:


is there another way i can reach you that is secure, (i just ddosed you, i aint stupid, im betting first chance ud tracert me and call fbi) you seem like an interesting person to talk to

Say what? You want to talk to someone, so you blow away every other line of communication and ask if you can talk? Now I can just picture this punk once he gets up the nerve to go talk to a girl. He knocks on the door, and the first words out of his mouth are, “I just tesla coiled your phone line so you couldn’t call the cops, but…” Then he’d toss some Kmart pickup line every girl’s heard a million times her way, and hopefully she’d smack him and run to the neighbors’ and call the cops.

For some reason people get hacked off when you do something malicious to them.

Well, Gibson reverse-engineered some Windows zombies and followed them into a l33t IRC channel where he had another interesting conversation. I won’t spoil the rest of it.

Now, I admit when I was 13, I was a mess. I was insecure, and I had trouble adjusting. My voice was cracking, my skin was oily, and I was clumsy and gawky. And I didn’t like anyone I knew when I was 13, because I was the class punching bag. Part of it was probably because I was an outsider. This was a small town, and I wasn’t born there, which was a strike against me. If you got all your schooling there you were still OK. I came in the third grade, so strike two. And I didn’t want to be a hick, so strike three. I liked computers, and in 1987 that was anything but cool, especially in a small town. And everyone thought I was gay, because I didn’t hit on girls and I didn’t have a huge porn collection–and there aren’t many worse things to be in southern Missouri, because it’s still a really bigoted place (and since girls made me stammer, it’s not like I could have proven I was straight anyway). And I had goals in life besides getting the two or three prettiest girls in the class in bed. (Yes, this was 7th grade.) So I guess I was oh-for-two with two big strikeouts. And since I was five feet tall and about 90 pounds, if that (I’m 5’9″, 140 now, and I was scrawnier then than I am now) I couldn’t exactly defend myself either. So I was an easy target with nothing to like about me.

I guess “Wicked” sees Steve Gibson as a five-foot, 90-pound outsider with a really big mouth, so he’s gonna go pick on him. Then he’s gonna go hit on the 13-year-old girl who looks 18, and he thinks taking down grc.com is going to make her swoon and tell him to take her to bed and lose her forever. But since she has a life, she doesn’t give a rat’s ass about whether grc.com is up or down, so hopefully she’ll smack him but I doubt it.

Yeah, I want to say the solution is to make things like they were in 1987 but bullies are bullies, whether it’s 2001 or 1987 or 1967. AD or BC, for that matter.

I want to say that accountability to a higher being will solve everything and make kids behave, but I know it won’t. That grade-school experience I just described to you, with 13-year-olds making South Park look tame and trying to get in girls’ pants? You know where that happened? A Lutheran grade school. Introducing the kids to God won’t fix it. Establishing a theocracy won’t fix it. In college I wrote a half-serious editorial, after a pair of 6-year-olds in Chicago murdered a four-year-old by dropping him out of a 20th-story window after he refused to steal candy for them, where I advocated the death penalty for all ages–maybe then parents would keep an eye on their kids, I reasoned. But I know that won’t fix anything either.

Steve Gibson doesn’t offer any answers. He’s not a social engineer. He’s a programmer–probably the best and most socially responsible programmer alive right now. And what Gibson wants is for Microsoft to cripple the TCP/IP code in Windows XP, so the zombies these script kiddies use don’t gain the ability to spoof come October.

Frankly, I wish such a castrated TCP/IP stack, with raw sockets capability removed, were available for Linux. My Linux boxes are a minimal threat, being behind a firewall and only having a single port exposed, but I’d cripple them just to limit their usefulness to a script kiddie just in case.

Why? Screw standards compliance. The standard for mail servers used to be to allow them to be wide open so anyone could use one, just in case their mail server was down. It was all about being a good neighbor. Then spammers trampled that good faith, so open relays are now the exception, not the rule.

Maybe there’s some legitimate use for raw sockets. I don’t know. But I know nothing I use needs them. So why can’t I run a stripped-down TCP/IP on all my boxes, so that in the event that I do get compromised, my PCs’ usefulness is limited?

If software companies want to provide a full, standards-compliant, exploitable TCP/IP stack for esotetic purposes that need them, fine. Do it. But don’t install it by default. Make it a conscious decision on the part of the systems administrator.

Let’s just get one myth out of the way. The Internet isn’t going to change the world. So when the world does stupid things, the Internet’s just going to have to change instead.

01/31/2001

Dave Farquhar General , , , , , , , ,

Mailbag:

Music, HD, Linux modem

Sick. Something you’ll (hopefully) never see: DefragCam. I can blame one of my twisted coworkers for that idea.

A sad referrer showed up in my logs yesterday. It was a search request, from Hotbot, on the string, “I’ve never had a girlfriend.” I’m pretty sure that phrase appears as part of a sentence in Are we talking about more than just sunsets? but as part of a phrase. I seem to remember writing, “I’ve never had a girlfriend outside the winter months,” or something like that. I have no way of knowing where that request came from. Probably a bored, lonely teenager. More people have never had a girlfriend than anyone’s willing to admit. Including a majority of teenagers.

It’s only a problem if you let it be one. Unfortunately a lot of people do, and that makes them vulnerable to all sorts of scum, like advertisers and fringe religious fanatics and seedy individuals, all promising things they can’t or won’t deliver.

Not that I’m much of an advice-giver (unless you’ve got a slow computer, then I’m pretty good), but the best suggestion I’ve got is to find something you’re good at. Lose yourself in that. If you’re not good at anything, find something you enjoy and lose yourself in it. You’ll get good at it. That alleviates the boredom, and it builds confidence, which makes you good at other things. Does it make girls notice you? Only indirectly. But it’s better to be a winner who only occasionally has girlfriends (and remember, ideally you should only be in a successful relationship once anyway) than to be a loser who always has a girl.

I hate to sound callous, but given the choice between having a book published to my name, or having any of my ex-girlfriends back, I’d choose the book. I wouldn’t even hesitate. When I find a girl who’s cooler than writing magazine articles, and she thinks I’m pretty cool too, then I’ll know it’s time to settle down.

I guess that’s the other good thing about losing yourself in other interests. If a girl starts hanging around who’s more interesting than those things, great. If she’s not, that’s your subconscious mind’s way of telling you to keep looking.

A new way to benchmark. Finally, there’s a multitasking-oriented benchmark, available from www.csaresearch.com . Keep an eye on these guys. I didn’t use any benchmarks in Optimizing Windows, because they don’t reflect real-world performance and they generally test your hardware, not the operating system as it stands on your machine. This benchmark uses new methods that try to take multitasking into account, so it will do a better job of reflecting how a system feels. It was like I was telling my sister yesterday. If I put two computers in front of her, she doesn’t care which one puts up better numbers. She knows which one’s faster. But with a lot of the benchmarks today, the faster machine doesn’t put up the best numbers. Or a PC might put up numbers that appear to kill another, but when you sit down to use the two, you can’t tell a difference.

Time for a review. I’ve been so critical of reviews lately I decided to try my hand at writing one myself, to see if I’ve still got what it takes.

Linksys Etherfast Cable/DSL Router

Broadband Internet connections are increasingly common, and it’s hard for a single PC to use up all the available bandwidth. Plus, more and more homes have multiple PCs, and it’s a shame to spend $50 a month for Internet access and limit its use to a single PC. A number of third-party programs for sharing an Internet connection exist, and recenolution. These devices are about the size of a hub, plug into your cable/DSL modem, have a built-in firewall, and include one or more ports. You can plug your PCs into these ports and/or plug in a hub or switch so you can support a larger number of PCs. Another advantage of a standalone router is additional security against hackers. A Unix box can be very secure, but if a hacker does get into it, he can do a lot of unpleasant things, to you or to someone else (but make it look like you’re the one doing it). A hacker can’t do much to a router besides mess up its configuration. You can reset it and reconfigure it in five minutes. So the security of one of these devices is very tough to beat.

One of the most popular standalone cable/DSL routers is the Linksys BEFSR41, also known simply as the EtherFast Cable/DSL Router. It’s widely available for around $150. The best price I could find on it was $131. I tested the 4-port version. A 1-port and 8-port version is also available. The 1-port version is less expensive but requires a separate hub or switch. If you already have one of those, you can save some money, but the 4- or 8-port version is ideal since it includes a built-in switch. I have an 8-port dual 10/100 hub; the Linksys router therefore gives me three additional higher-speed network ports, since switches are faster than hubs. Most people will probably want the 4- or 8-port version, because it’s easy to get spoiled really quickly by a 100-megabit switched Ethernet LAN.

Configuration is wickedly easy. Plug it into your cable/DSL modem, plug a computer into it, turn all of it on, configure the PC for DHCP if it isn’t already, then open a Web browser and go to http://192.168.1.1 . Feed it the factory password (which is undoubtedly documented all over the Web, but I won’t document it here as well), then make the changes you need. Most people won’t have to do any configuration other than changing the configuration password. If you want to put it on a different subnet, do it, then run winipcfg, push the release all button, then the renew all button, reconnect to the router, and make other changes if need be.

Administration is easy too. Just connect to the router via its Web interface, and click on the Status tab. You instantly get your network status. If your ISP drops your connection, hit the Release, then the Renew button. From the DHCP tab, you can tell the router how many clients to support. You can go to the advanced tab to configure port forwarding or a DMZ if you want such a thing–most of us won’t.

The only thing I had difficulty doing was upgrading the firmware from the browser interface. The router must not have liked the version of IE I was using. However, nothing stops you from downloading and running the firmware upgrade directly–as long as you’ve got a Windows box handy. Mac and Linux users may have problems there. Firmware updates seem to come every couple of months.

The firewall built into the router is unable to pass Steve Gibson’s LeakTest, but all hardware routers have this weakness–it’s virtually impossible for a hardware router to tell the difference between innocent traffic and malicious traffic caused by a Trojan Horse. However, the router passes ShieldsUp! ( www.grc.com ) with flying colors.

The speed of the connection is certainly acceptable; with me running a caching nameserver on the Linux box it replaced that machine should be able to outperform any standalone router any time. Of course this is purely subjective; the speed of the Internet changes constantly. Nothing stops me from running a caching nameserver behind this router, which will help performance significantly. Local network performance on the built-in 10/100 switch is outstanding.

Appearance-wise, it’s a solid product, made of two-tone blue and black plastic but it’s not cheap plastic. Styling is modern but tasteful–no wild colors or translucent parts. It has indicator lights up front, a reset switch up front, and ports in the back. It also has built-in legs, so presumably it’s stackable with other Linksys hardware (I don’t have any Linksys switches or hubs, so I can’t check that).

The only flaw I can really find with this router is that the MAC address can’t be changed. Some ISPs authenticate against the card’s MAC address, which allows them to control how you connect to them. It also prevents you from using this type of device. Some competing routers allow you to change their MAC address, so they can spoof that card and get around the limitation.

I read of problems using it with services that use PPPoE (PPP over Ethernet). My service doesn’t, so I can’t test this. Buyer beware.

I was disappointed that the 45-page manual didn’t have an index, but it had a lot of nice information in it, such as pinouts for Ethernet cables. It’s written in clear, plain and straightforward English. Manuals of this length and quality are rare these days.

I think it’s a decent product, but for my purposes I want something else. I don’t want something so easy to reset to factory defaults and configure. Why? It’s getting corporate use, and I want it to be complex enough to scare people away. I want the user interface of an HP LaserJet printer control panel. It’s a pain to configure, so therefore end-users don’t mess with it. I’m not sure if I’ll find such a beast, but you bet I’ll look for it.

Mailbag:

Music, HD, Linux modem

01/19/2001

Dave Farquhar General , , , ,

Software of the day: SecurePC, from www.citadel.com . I spent most of yesterday evaluating it. The biggest thing it does that system policies won’t do is prevent the installation of software–in other words, it makes NT live up to the hype it’s had forever. I tried installing about 20 or so programs, using different methods to try to get around it, and I couldn’t. The setup programs either gave bogus error messages, told me installing software had been disabled, died outright, or crashed. In one instance, the setup program started, asked some questions, then told me installing software had been disabled. Nice.

The only things it won’t block are standalone programs, such as Steve Gibson’s self-contained gems, that don’t require any installation. But I’m not so concerned about those. For one, they’re rare. For two, they usually don’t conflict with anything because they don’t venture outside themselves. Their only danger is that they might be virus-infected, but that’s why we install always-on virus protection and push virus definitions.

The goal is to be able to set up PCs for use in the field, get them working right, then lock them down so as to keep people from breaking them by installing AOL and Webshots and every piece of beta software under the sun and break it.

SecurePC will do a few things system policies will as well, and its user interface is much nicer than Microsoft’s Poledit. Poledit will allow finer control of the control panels, so SecurePC doesn’t totally replace it, but the combination of the two will let you really lock a machine down. And frankly, even Windows 95 is pretty reliable as long as it’s running on good hardware and the user doesn’t mess with it.

But SecurePC is obviously targeting companies used to paying someone $100 an hour or more to fix PCs, because it runs $99. A 10-pack of the network version is $550. That’s a bargain for a company, but this would be incredibly useful in public computer labs in schools, libraries and churches, who frequently can’t afford that. It’s a shame. Hey, if it were priced lower I’ll bet some people would even buy it for home use. I have one friend who could really use it–it’d keep his 20-year-old brother from messing up his PC.

Tyrannical Security. This kind of software is a draconian measure, but what people all too often forget is that when a PC is sitting on a desk at work, it ceases to be a PC. It’s a CC–corporate computer, not personal computer. It’s a corporate asset, set up the way the corporation dictates. If the corporation says no screen savers, no Webshots, no stupid Yahoo news ticker, no RealAudio, then that’s law. Problem is, that’s impossible to enforce with the tools that come with Windows. But a third-party product to enforce them is a Godsend. Computer toys eat memory and CPU cycles, slowing it down and thus hurting productivity, and many of these toys are so poorly written as to make Microsoft look like a model of stability. Personally, I can’t wait for the day when Real Networks goes out of business. So these programs go in, break stuff, and then there’s lost productivity while waiting for the tech to arrive, then still more while an overworked tech tries to fix it. If we were to buy 1,000 copies of some security program that works and roll it out to everyone on our network, I’d be willing to bet it would pay for itself in three months.

The number of the day: 146. I use the Al Gore method of taking IQ tests. I keep taking them over and over again until I like the results. They say the 135-145 range looks like a genius to most people; the 145-165 range is a true genius. I’m accused of being a genius frequently enough that I’m probably at least a 135.

So since I climbed 22 points in a day, I can assume I’ll climb another 22 points today if I take another one, which will put me at 168–high genius level. Then I can take another one tomorrow, gain another 22 points, and apply for Mensa membership.

Or I can forget about it and get on with life. I think I like that idea better.

Supplements help ailing wrists

Dave Farquhar Health , ,

Wednesday, 6/14/00
Supplement attacks… The alfalfa continues to help (my right arm is better, in some regards, than it’s been since I popped my elbow trying to throw fastballs in the lower 90s some 10 years ago). Time to ship a big bottle of this stuff to Jose Rosado, to see if it can help his ailing left shoulder so he can come back and help the Royals’ atrocious pitching.

I also added a trio of fatty acids, after Chris Ward-Johnson suggested them. Two of them come from fish oil, the source of the third I can’t remember offhand, but they made sense, since they’re all used not only for inflammation, but also for heart health (since my dad died at 51 of a heart attack, I watch that) and for healthy skin. If something helps three conditions I have, it sounds reasonable that I should take it–by my logic, that sounds like a good indication of a deficiency. I know more about DEC VAX mainframes than I know about these supplements, but I’m learning.

And my chiropractor is impressed with my progress.

When’s comeback time? Hard to say. The new book has to take priority once I’m physically capable of typing in large quantities again. I’ll probably use my small-quantity typing energies to resume editing. Expect me to be more of an Occasionalnoter than a Daynoter for a good while.

Read this if you have an Iomega drive of any sort. More reports of Jaz/Zip problems here. Whether Steve Gibson’s TIP will help is hard to say. But at any rate, I’ve entrusted data to an Iomega product for the last time… Count on it.

‘Scuse me while I go pawn my Zip drive and disks.