Home » Daynotes Home » Week of 18 August 2003

Photograph of Robert Bruce Thompson Daynotes Journal

Week of 18 August 2003

Latest Update : Sunday, 24 August 2003 09:17 -0400


Click Here to Subscribe Buy PC Hardware in a Nutshell, 3rd Edition: [Amazon] [Barnes & Noble] [Bookpool] Visit Barbara's Journal Page

Monday, 18 August 2003

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]


10:07 - I'm back. Not hitting on all cylinders, but I am back. I'd actually intended to continue posting last week, but I decided to take the week off. Anything I'd written you probably wouldn't have wanted to read anyway.

I was thinking about what to do as a memorial to my mother and father, and I decided to name a double star after them. Now, the International Astronomical Union will tell you that only they are entitled to name astronomical objects, but they're full of it. Historically, the person who discovers something is entitled to name it, a right that is still generally recognized today. If the discover chooses not to name his discovery, it's up to the first person who cares enough to give it a name.

There are a lot of double stars out there. In fact, double and multiple stars are more common than single stars, although it may take a serious telescope to show the companion to what appears to be a single star. Most doubles have no names, or perhaps only the primary is named. The vast majority of double stars have only catalog designations.

I had several criteria in choosing a double star to name for my parents. First, I wanted one that would never set at our latitude of about 36° N. In other words, a circumpolar star system, one located near Polaris. Second, I wanted a reasonably bright pair, but not so bright as to have drawn too much attention. There are millions of very dim doubles out there. Our 10" scope can see down to about 14th magnitude, but I wanted a pair that required no more than a binocular to view. Third, and perhaps most difficult, I wanted a pair that were closely matched in brightness. There are millions of pairs with a large difference in magnitude. The primary might be 4.5 and the secondary 12.3, or whatever. But I wanted a pair that were much closer in magnitude, ideally within half a magnitude. Finally, I wanted a stable pair with a reasonable separation, which is to say a pair that is separated far enough to be easily split and that maintains a consistent separation.

I found such a pair. Its catalog designation is STF1694. It's located in the constellation Camelopardalis, about 7° from Polaris, which means it never sets in most of the Northern Hemisphere. The primary is visual magnitude 5.29, and the secondary 5.74, which means they are very close to the same brightness, and are just at the limit of naked-eye visibility on a very dark, clear night. It's also a very stable pair. In 1820, the separation was 22.0 arcseconds, with a position angle of 328°. (The position angle, or PA, is the bearing of the companion relative to the primary, in this case 328° or about NNW). In 1997, the separation was 21.5 arcseconds, and the PA 329°. Until now, no one had cared enough about this pair to give them an official name. I do, and so I've named them. Here's a starchart that shows exactly where they are.

lft-wet-double-star.gif (29916 bytes)

As of now, the primary and companion stars in the double star cataloged as STF1694 have official names. The primary is William Ewing Thompson and the companion is Lenore Agnes Fulkerson Thompson. And so they will remain, forever. I plan to call them "Mom and Dad" for short.

Back when all the to-do started about civilians getting smallpox inoculations, Jerry Pournelle and I were speculating about our own resistance. Jerry had had one inoculation at age 6, before he started school, about 64 years ago, and a second when he joined the army and was sent to Korea 50 years ago. I had had an inoculation 44 years ago, before I started elementary school.

At the time, everyone was saying that inoculations given so many years ago had worn off and would confer no immunity. Jerry and I agreed that that was stupid. Surely we would be better off than someone who had never been inoculated, even if our immunity was limited. After all, a child who catches a viral disease is ordinarily subsequently immune for life from that disease. Why shouldn't a smallpox inoculation confer similar lifetime immunity? Antibodies is antibodies.

As it turns out, it appears that the "experts" were wrong and we were right. The newspapers and on-line news sources are now reporting that a smallpox inoculation does confer long-term, perhaps permanent, immunity. I don't recall when routine smallpox inoculations ceased, but I believe it was in the early 1970's. If so, anyone 40 years old or older should rest easier the next time the news media starts blathering on about the dangers of a smallpox epidemic being loosed by terrorists.

 

[Top]


Tuesday, 19 August 2003

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]


10:43 - I need to do something about my main file server, which is running NT 4 Server. Alas, NT4 is now EOL as far as Microsoft is concerned, so the choice comes down to installing Windows 2000 Server, which I have; a later version of Windows Server, which I could get simply by requesting it; or Linux. Guess which one I've decided to install. Yep, Linux it is. As far as I can see, Windows Server buys me absolutely nothing. Linux running Samba can do anything that needs to be done, and can do it on a lot less hardware than Windows Server would require.

If anyone knows of particularly good Samba tutorials, configuration guides, etc., please let me know. I think my goal is to set up the Linux server to look pretty much like an NT4 Server file server. That is, it will be the PDC for the local Microsoft Networking domain, and will serve files to Windows and Linux clients.

Windows 2000 Service Pack 4, which I have installed on my den system, appears to have a significant problem. At least, I think it's SP4 causing the problem. Periodically, for no apparent reason, the CPU utilization peaks at close to 100%, preventing anything from working until the problem goes away. The problem may last anything from a few seconds to several minutes. Actually, it may last indefinitely under some circumstances, because the longest I've left the system hung before doing a power reset is about five minutes.

When this happens, even Task Manager takes forever to come up, which made it kind of hard to figure out what was going on. I finally did nail it, though. Services.exe grabs 99% of the processor and won't give it up. I have no idea why it does this. My usual solution when a process goes zombie on me is to kill the process, but that's obviously not a solution for services.exe.

Last night, I was just finishing a game of FreeCell. I moved the last card to win the game, and the cards started moving up to the top stacks. It got as far as the sevens and then froze up. I immediately fired up Task Manager, and found for about the tenth time in the last few days that services.exe was using 99% of the processor. I sat there watching it for thirty seconds or so, and the system finally came back to life, with services.exe dropping way down in CPU utilization. There was nothing special going on, just FreeCell.exe and the usual background services. All of those run on my other Windows 2000 systems with no such symptoms, and none of those other systems are running SP4, so I conclude that it's very likely that SP4 is causing the problem.

I'm afraid the solution may be to revert to an earlier SP, assuming that's even possible.

11:05 - Here's an excellent candidate for the next Darwin Awards. According to Jerry Pournelle, one of Larry Niven's Laws is:

"Do not throw shit at an armed man. Do not stand next to someone who is throwing shit at an armed man."

So, this moron reporter, who to make matters worse is of Palestinian origin and appearance, is working in a war zone. He points a shoulder-mounted television camera at a US tank. One of the tank crew, understandably nervous about RPGs, shoots the dumb son of a bitch. And people are outraged.

Give me a break. That tank crew member did exactly what he should have done, and in doing so did the gene pool a favor. Alas, according to news reports, this moron reporter had already succeeded in passing along his defective genes to a new generation.

According to reports, the US military offered their condolences and called the shooting a mistake, which is much more than they should have done. A more appropriate response would have been something like, "We're sorry we wasted ammunition on that dumb son of a bitch."

11:36 - SoBig.F has started to proliferate again big-time. I'm not sure what triggered it, but there is definitely a flood of SoBig.F messages on the Internet today. I was just reading an Inquirer article about it. When I finished reading the article, I checked my mail and found nearly a dozen SoBig-related messages that had come in in the last half hour or so. Half of them were SoBig.F-infected messages. The rest were warning messages from moron mail servers, telling me that I'd sent them an infected message. Of course, I hadn't. I really wish mail servers wouldn't return messages to the forged "From:" address. At least most of them were simple text messages of a kilobyte or two. One truly moronic mail server sent me a 100+ KB warning message that included the infected attachment. Duh.

11:41 - It's worse than I thought. I just checked my logs, and SoBig.F-infected messages are arriving here at a rate of 25 per hour. That's ridiculous. What set this thing off again?

12:40 - I just sent the following message to subscribers:

A new variant of the SoBig worm, SoBig.F@mm, is flooding the Internet. For details, see:

<http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html>

This worm appears to be particularly virulent. My main email account alone is now receiving infected messages at the rate of more than 100 per hour, up from 25 per hour an hour ago. This thing is spreading very fast.

And it's getting worse. My main email account is now receiving SoBig.F messages at the instantaneous rate of about 200/hour, up from 100/hour half an hour ago, and 25/hour an hour ago.

Update your AV sigs. Symantec has updated sigs for SoBig.F, and I presume that the other AV vendors will soon do the same, if they haven't already.

14:00 - If I were the Marine who had just married this woman, I think I'd tell my lawyer to get me an annulment, no matter what it cost.

14:35 - I see that Microsoft has announced pricing and availability for Office 2003. As usual, they've priced it literally an order of magnitude higher than what it's actually worth. I'm wondering if there's anyone, anywhere on the face of the planet who actually needs Office 2003. I doubt it. From Microsoft's viewpoint, of course, this is an excellent upgrade. It will generate a lot of revenue for them, and will perpetuate their proprietary Office format lock-ins.

I've heard it said that Microsoft enjoys 80% gross margins on Office. I'd be shocked if it were really that low. I think something on the close order of 95% is more likely, given the amount of work involved to produce Office and the number of units it sells. At the volume they sell, it can't possible cost more than $5 or so to produce a retail box, and of course most units of Office don't include that expensive $0.25 CD and the couple dollars in packaging and pamphlets that the retail box uses.

I hope Office 2003 falls flat on its face, not because I wish Microsoft ill, but because I wish proprietary data formats ill. Microsoft is making much of their adoption of XML in Office 2003, but of course they're using a Microsoft-flavored XML. Microsoft can't help embracing and extending. It's what they do. But anyone who wants a standards-compliant XML-based office suite need look no further than the free OpenOffice.org.

14:56 - Processes tend to be permanent, continuing to be used long after anyone remembers why they were designed that way in the first place, and even when it makes sense to alter them to reflect new realities. Today, Jerry Pournelle says:

I am printing out Burning Tower in Courier Double Spaced 12 point so that it will look like a typewriter did it, and sending it to the publisher. Progress in the publishing industry...

Which reminds me of a law firm for whom I once did some consulting. They were faced with a disaster, because the company that printed their invoice forms had discontinued the six-part form they had been using, and now offered at most a five-part form. I was holding one of their six-part forms, and the conversation went something like this:

Them: "Oh, woe is me. We'll have to re-design our entire billing process because now we'll have only five copies of each invoice rather than six."

Me: "What do you do with the six copies?"

Them: "The original, white copy and the blue copy go to the client. The client keeps the white copy and returns the blue copy with their payment. We file the green copy in the client file, the pink copy in the matter file, and return the aqua copy to the billing attorney for his invoice file."

Me: "What do you do with the canary copy?"

Them: "Oh, we throw that away."

Sometimes it's very hard to keep a straight face.

[Top]


Wednesday, 20 August 2003

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]


9:58 - I am still covered up in mail. I am embarrassed to say that I have messages from new subscribers that I haven't had time to process yet. I appreciate your patience, and I'll try to get caught up. I'm still working on the backlog that started to build up late last month when my mother went into the hospital. I hope to have the entire backlog cleared in the next week or so.

Yesterday didn't help any. I was getting so many SoBig.F messages that at times spam messages began to look rare. The SoBig.F plague peaked for me at around 200 messages per hour. That's actual infected messages. In addition to those, I was getting probably another 200 messages per hour from mail servers bouncing messages they thought were from me.

Things settled down a bit yesterday afternoon and evening. When I checked my mail at about 7:30 this morning, I had received 140+ new SoBig.F messages on all accounts since about midnight, so the rate had dropped off to about 20 per hour. Of course, I had another 100+ delivery error messages as well.

What's really interesting is that about half the SoBig.F messages I've received had no attachment. It was clear that they were in fact SoBig.F messages by the subject lines and body text, but the attachment was missing. That's not happening at rocket, roadrunner, or my other mail servers, so I can only conclude that many outbound mail servers are stripping the attachment.

Here's irony, Microsoft style. Over on the HardwareGuys.com messageboard, one of my readers posted a link to this page. Apparently, services.exe jumping to 100% CPU utilization is a known problem. Here's the irony: In that article, Microsoft says:

"Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Microsoft Windows 2000 Service Pack 4."

I'd never experienced that problem on any of my Windows 2000 systems until I installed SP4. Way to go, Microsoft. It now appears I have a decision to make. Option 1, I can install SP4. Hmmm. That's probably not going to work, given that SP4 is causing the problem. Option 2, I can call Microsoft to get a hotfix, which they provide only upon request. Heck, if the person I talk to agrees that the problem isn't my fault, they may not even charge my credit card. I don't think so. Option 3, uninstalling SP4, was a non-starter. As it turned out, I'd apparently told SP4 setup not to save the old data, so I can't revert. There is, of course, Option 3A, stripping the drive down to bare metal and re-installing Windows 2000, but that doesn't seem reasonable. Right now, I'm inclined to choose Option 4, which is to upgrade that system to Red Hat Linux 9.

I like this guy. The BSA Gestapo showed up at his business. He hadn't done anything much wrong, but ended up paying many thousands of dollars in fines and legal fees. Worse still, the BSA made his company a poster child. Mr. Ball decided he was mad as hell and wasn't going to take it any more. So he banned Microsoft software from his business and converted to OSS. Take a moment to read this article. This guy speaks plainly and blows away all the FUD that Microsoft works so hard to propagate about the difficulties and costs of using OSS in a typical small business. He sounds like a man I'd like to know.

And speaking of Gestapo, it appears that, for the first time, SCO is getting ready to take legal action against a Linux end user. They haven't announced the name of the company that is their intended victim, but it occurs to me that the Mafia uses Linux, too. Hmmmm. Wouldn't that be nice... I can just see Darl McBride waking up one morning and finding a horse head in bed with him. I really, really hope that SCO picks on the wrong company. I don't doubt that IBM and Red Hat will weigh in with legal and financial aid for whatever company SCO picks on. The advantages to them in discovery alone would be too great to miss that opportunity. I'm almost inclined to send SCO a nyah-nyah letter.

Obnoxious Microsoft EULA department: Yesterday, in addition to the MSBlast and anti-MSBlast worms and SoBig.F, the Internet was flooded with messages from Microsoft to their IM users. I didn't get any, because I don't use IM of any sort, but many people I know got literally dozens of copies of the same message. The Inquirer took the time to read the new EULA for Microsoft's IM, and posted some fascinating excerpts.

Basically, anyone who accepts the new IM EULA agrees that Microsoft may force them to upgrade to a new version at any time, even if they're happy with the old version. Also, Microsoft reserves the right to charge for any new version. Isn't that the way heroin pushers work? Offer people free samples until they're hooked,  and then charge the hell out of them. Yet another reason to avoid Microsoft and its EULAs.

10:47 - I just finished off another 2-litre Coke, and that reminds of a habit I have. Barbara must find it very annoying, but she's been a good sport about it. Not all of the time, but sometimes when I empty a 2- or 3-litre Coke, I rinse it out, fill it with tap water, and store it. I won't be comfortable until I have at least a kilolitre of stored water.

I'm sure that sounds bizarre to many of my readers, but anyone who lives in Cleveland or Detroit can probably appreciate my actions. Many people there had no water at all, because there was no electricity to run the pumps, or the water coming out of their taps was unsafe to drink. This time, the problems were of short duration, a couple days to a week, but there's no guarantee they'll be short-term next time. In our case, for example, a tornado or inland hurricane could wreak havoc with our water treatment facilities. If severe damage occurred, it might be a month or more before full service was restored.

A reasonable amount to store is one gallon per day per person, or roughly 25 litres/week. That covers drinking, cooking, and minimal sanitation and personal cleanliness. Beyond that, I'd like to have additional water stored to help friends and neighbors, and it would also be nice to be able to flush the toilets occasionally. On that basis, and planning for a month without water service, a kilolitre seems a reasonable goal.

Storing the water is simplicity itself. All you need do is rinse the empty soda bottle thoroughly and fill it with tap water. Tap water is chlorinated sufficiently to make it unnecessary to add chlorine bleach or another disinfectant. If you want to be really thorough, you can run each bottle through a quick final rinse in a pan filled with bleach diluted 1:10 or 1:20 with water. If you're really concerned about stuff growing in your stored water, you can add a couple drops of bleach to each bottle before you cap it. I generally remove the label and use a Sharpie to date the bottle.

Having a good supply of water and a reasonable stock of nonperishable foods can make the difference between continuing to live reasonably comfortably during an emergency and having to evacuate or do without. Don't forget dog food.

12:31 - Here's a puzzler. I just took a 2-litre bottle of water and five pounds of pipe tobacco downstairs to store. On my way back upstairs, I found Barbara's keys lying on the stairs. Hmmm. She's at work. I know she's at work because she emailed me from there. My own keys are in my pocket. So obviously Barbara must have used her spare set. But why did she leave her regular keys lying on the stairs? Hmmm.

Actually, losing car keys is almost a secondary sex characteristic. I'll bet that I could ask twenty non-sex-specific yes/no questions, perhaps as few as ten, and know with a very high degree of certainty whether the person answering those questions is a man or a woman. One of those questions would be, "Have you lost your car keys in the last six months?"

Not that women are genetically more likely to lose things. I think the reason for the difference is that men's clothing has pockets, lots of pockets, and women's clothing generally doesn't. Do clothing designers think women don't need to carry things?

Perhaps I will come up with that list of questions. Off the top of my head:

1. "Do you like or dislike Maria Muldaur's Midnight at the Oasis?"

2. "If you come upon a parking place that's five feet longer than your car, could you parallel park in it without damaging any of the three cars?"

3. "By natural inclination, would you separate whites and coloreds when doing the laundry?"

4. "Does your spouse or significant other snore?"

None of those is definitive in itself, of course. I know men who are laundry wizards, and women who can parallel park after barely slowing down. The fourth question is a pretty good one. Most women have a recurring dream that their spouses/SOs snore, and aren't shy about announcing it in public. Most men, conversely, wouldn't think of accusing their spouses/SOs of snoring, at least in public. They realize that they have to sleep sometime.

The first question is probably the closest to definitive. I've never met a man who wouldn't listen to Maria Muldaur's voice singing Midnight at the Oasis, and I've met few women who don't gag upon hearing it. Conversely, most women can at least tolerate Barry Manilow, while most men feel a strong urge to vomit when one of his songs comes on the radio.

Which reminds me of the time that Marcia Bilbrey solicited my advice. She wanted to buy a birthday or Christmas gift for hubby Brian, and I had her nearly convinced that he had a secret passion for Barry Manilow. I even pointed Marcia to an Amazon.com link for a multi-CD edition of his greatest hits. Alas, she smelled a rat, and asked Brian before she ordered it.

 

[Top]


Thursday, 21 August 2003

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]


10:26 - What a mess. It occurred to me yesterday that, although the SoBig.F attack is an inconvenience for those of us with fast pipes, for dial-up users it's a DoS attack. At its peak, I was receiving more than 200 SoBig.F messages per hour, or about 20 MB worth. On a dial-up, that means the messages would be arriving faster than they could be downloaded.

Jerry Pournelle ran into a similar problem last night. He's away from home for a couple of days, and has only a dial-up link. He emailed me after midnight this morning to ask me to please clean up his mailbox for him, because he couldn't connect to it and download his mail. When I checked his mailbox, I found out why. He had 550+ new mail messages. Of those 250+ were SoBig.F messages, each of 100K or thereabouts. Another 150 or so were bounce messages from moron mailservers. By the time I got through deleting all the garbage, Jerry's mailbox was down to about 125 messages, and many of those were spam. But at least they were small spams.

At least the storm appears to be mostly over. When I checked Jerry's mailbox exactly an hour later, I found "only" five more SoBig.F messages. When I checked my own overnight mail, I had just over 300 messages, of which 54 were SoBig.F. So it appears the rate is down to five/hour or thereabouts. That's bad, but not nearly as bad as it had been. It appears that SoBig is being enhanced with each subsequent release. I dread seeing SoBig.G.

In law there is the concept of an attractive nuisance. For example, say I build a swimming pool and don't fence it. A child falls in and drowns. Under the attractive nuisance concept, I will be liable. The child's parents will sue me, and they will win. And rightly so, because any reasonable person could have foreseen the danger of an unfenced swimming pool.

It seems to me that Microsoft Windows and particularly Microsoft Outlook could reasonably be considered attractive nuisances. Certainly by this time any reasonable person recognizes that Windows and Outlook are malware magnets, and that the malware exploits nurtured by Microsoft software have incalculable but high costs to all of us. I am not blaming Microsoft for SoBig.F and the other malware exploits that we suffer from on what seems a weekly basis. That blame belongs with the people who write these viruses and worms. But I think it is not unreasonable to consider Microsoft guilty of contributory negligence.

Note that I don't hold the infected users responsible, any more than I'd blame the child who fell into the swimming pool. From a computer security standpoint, the vast majority of users are children, and it's unreasonable to expect much of them. This is no slam on users. I know many brilliant people who are quite likely to fall prey to viruses and worms. They're not stupid. They're not irresponsible. They're not gullible. They're simply ordinary people when it comes to using a computer. When their plumbing leaks, they call a plumber. When their car has problems, they take it to a mechanic. When they need medical help, they visit a physician. So it might at first seem that if their computer has a problem, they should call on a computer expert.

The problem with that is that computer experts aren't any cheaper than plumbers, mechanics, or physicians. Most people call upon a plumber, mechanic, or physician infrequently, both because the need is infrequent and because the cost is high. But with computer viruses and worms, the need is frequent, and ultimately that is Microsoft's fault. The steps Microsoft has taken, such as Windows Update, are the equivalent of merely putting a Band-Aid on a severed artery.

Ultimately, the problem is that Microsoft software itself is inherently insecure, in two senses. First, in a design sense, Microsoft software is so full of holes that it is probably impossible to secure it adequately. Second, and inexcusably, Microsoft knowingly includes program components and uses default configurations that increase easy-of-use and features at the expense of security. Granted, for the last year or so Microsoft has been attempting half-heartedly to address the second problem, but they have gone nowhere near far enough.

Given the evidence that has been in plain sight for years now, it seems to me that any reasonable person would agree that Microsoft is responsible and should be held responsible for the plague of viruses and worms, on the basis of contributory negligence. A cynical person might argue that Microsoft has intentionally allowed this situation to develop because it drives paid upgrades.

It seems to me that Microsoft should be held accountable, but I'm not sure how best to go about holding their feet to the fire. A class-action lawsuit might cause them some pain, but all we'd get out of it would be some coupons, with the lawyers getting all the actual money. It might be better for thousands of us to go downtown and file papers in small claims court, claiming whatever the maximum allowable damages are for that jurisdiction. I am not a lawyer, and I have no idea how to go about doing this, or even if it is possible. Certainly, Microsoft would argue that their license agreements specify the required venue for suits, but I'm pretty sure that doesn't apply to actions filed in small claims court. Certainly, it shouldn't be difficult for many of us to establish to a judge's satisfaction that we have incurred very real losses as a result of these worms and viruses, and that Microsoft's negligence has contributed substantially to those losses.

I'm just musing here, but as I watch each new worm appear, nothing ever changes. And I don't think anything ever will change until Microsoft is forced to stop selling software with defects that encourage these depredations.

As for me, it doesn't really matter except that each new outbreak costs me time. I'm not at risk for infection, because I don't use Outlook or Internet Explorer, and because my private network is behind a Linux router that's locked down tightly. But if I were an average Windows user, I'd be pissed.

11:22 - I sent the following to subscribers a while ago:

Microsoft says there are still more critical flaws in Internet Explorer.

See <this link> for the story, and <this link> for the patch.

Oh, yeah. Microsoft also says there are critical flaws in Windows. See <this link>. This is an update on the MS02-040 bulletin from a year or so ago. If I understand things correctly, it turns out the MS02-040 patch didn't work, because Microsoft didn't understand what the real problem was. They've now patched that patch, and say the problem is fixed, This Time For Sure.

Barring extraordinary circumstances, I'm no longer going to post Microsoft-related security warnings or send mail to subscribers about them. Suffice it to say that if you're running Windows, Internet Explorer, or Outlook, you're sitting on a ticking bomb.

When Microsoft announced their security initiative, I sent them several suggestions for slogans for their campaign, including:

"Insecure by Design"
"Security: We've heard of it."
"Unarmed and Scared Shitless"

For some reason, they decided not to use any of my suggestions, despite the fact that I explicitly GPL'd them to avoid any question of IP concerns.

I don't worry about the Microsoft-security-hole-of-the-week, because my systems are locked down. I suggest you do the same, although I realize that's often not possible if you're working in a corporate environment. Still, if that's the case, it's IT's problem, not yours.

For your personal systems, I strongly recommend that you abandon Internet Explorer and Outlook entirely. Don't just think about it. Do it now. Run parallel if you must, but set yourself a goal to retire Outlook and IE as soon as you possibly can.

I have found Mozilla to be a superior browser, enough so that I wouldn't go back to using IE even if it were completely secure. IE simply doesn't have the convenience features of Mozilla. Microsoft has not really upgraded IE in any significant way since IE 4.0 was released several years ago.

I have been using Mozilla Mail almost exclusively for a year now, and although it lacks a few features present in Outlook, it also has several very nice features that are missing even in the latest version of Outlook. On balance, I consider the two about equal in terms of overall features and usability. One very large advantage of Mozilla Mail is that it stores mail in an industry-standard format rather than the monolithic binary .PST files that Outlook uses. I can't imagine any Outlook user being unhappy with the features and performance of Mozilla Mail, although it may take a while to get used to.

I always hate new software, but that's just human nature. One likes what one knows, and dislikes new things. But, although I hated Mozilla Browser and Mozilla Mail for a few days when I first started using them, I now find that I like them very much. When I sporadically fire up Outlook or IE nowadays, I find that I hate them and can't wait to get back to Mozilla. I think you'll find the same to be true.

 

[Top]


Friday, 22 August 2003

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]


9:49 - Nearly everyone seems to assume, if they think about it all, that the recent worm attacks are just more of the same thing we've been experiencing for years now. I'm not so sure. I think there's a good chance that worms like MSBlast and SoBig originated in Red China, or North Korea, or perhaps an Islamic Bat Cave. We may be under attack in the First Internet War and not even be aware of it. It's easy to assume that what has been true in the past is also true now, but such assumptions may be dangerous.

It is also dangerous to assume, as many do, that the admittedly poor programming of these worms is evidence that they were created by a script kiddie teenager rather than by a hostile government. It is quite possible that these errors have been intentional, and are part of testing susceptibility, vectors, propagation speeds, and so forth. They may also be simple errors, of course, but that does not negate the possibility that the errors were made by, say, a North Korean government programmer rather than by a teenaged Westerner. Just as it is a mistake to judge an enemy based on your perception of his intentions rather than by his capabilities, or to assume that your enemy is stupid, it is a mistake to attribute perfection to an enemy.

I think the time has come to examine seriously the desirability of filtering IP traffic based on geographic netblocks. All traffic should be filtered at our border routers to discard packets that originate outside an acceptable group of countries, say the US, Canada, Mexico, Great Britain, Israel, Australia, Scandinavia, and a few other countries that have traditionally been allies, or at least that are not hostile toward the US. Obviously, taking such action would not protect us completely, any more than a border can be secured absolutely, but I think we would be better off with such traffic blocked than with it allowed to pass freely.

The question to ask is what benefit do we in the US gain from allowing Internet traffic to and from other countries unimpeded access to hosts in the US? Even if we did this blocking on a limited basis, discarding packets from the worst offenders and potential offenders, say Red China, North Korean, the Islamic countries, and Cuba, would anyone in the US care? Would they even be aware that traffic was being blocked? Probably not.

If we did this, those countries would be the net losers. When was the last time you bought something from a Red Chinese e-commerce site or looked something up on a North Korean web site? Let's face it, third-world countries in general and these enemy countries in particular don't put much on-line that we care about. The information flow is overwhelmingly one-way. Allowing them access to our Internet benefits them and is potentially very dangerous for us. At the very least, denying them access to our backbone and hosts hurts them without significantly hurting us.

I think it's time to isolate our Internet from these hostile nations.

12:53 - We're going to attempt to view the Martian moons, Deimos (terror) and Phobos (fear). These are among the most challenging objects for an amateur telescope. Even with Mars closer than it's been since the days when Neanderthals walked the planet, the Martian moons are tiny objects. Phobos, the larger of the two, subtends about 0.08 arcseconds. Deimos is about half that size, at about 0.04 arcseconds. Roughly speaking one arcsecond subtends an object the size of a dime a mile away. That means that viewing Deimos requires being able to see an object the size of the period at the end of this sentence when it is a mile away.

As challenging as their tiny size is, it's the lesser of our problems. Much worse is the disparity in brightness. Mars is about magnitude -2.9, while the Martian moons are about magnitude 11.5. A difference of five magnitudes corresponds to a brightness difference of 100 times. In other words, if two objects differ in magnitude by 15, they differ in brightness by 1,000,000. That means the Martian moons are on the close order of 1,000,000 times dimmer than Mars itself. Although Phobos is larger and brighter than Deimos, it is also located much nearer Mars, which makes it even harder to resolve than Deimos.

Imagine standing a mile away from an automobile with only one headlight, which is pointed at you and turned on bright. Your task, should you decide to accept it, is to detect the light of a lightning bug located one foot from the car headlight. That's Deimos. Phobos is harder still.

Although the Martian moons have been detected in reasonable small telescopes (I believe 6" or 8" is the smallest), having any sort of reasonable chance requires the largest scope possible (we'll use the 17.5" Dob Steve Childers just finished building), very clear, dark skies, and excellent atmospheric stability. It also requires very clean optics, because even the slightest smudge can cause blooming of Mars' brilliance.

Paul Jones and I are each going to convert one of our eyepieces to an occulting eyepiece, which is a fancy term for a standard eyepiece with an opaque bar across the field stop. A telescope eyepiece is really just a very precise magnifying glass. The telescope itself brings the image to focus at a point that corresponds to its focal length. Telescopes are designed to put that focal point inside the focuser mechanism. Focusing a scope consists of bringing the focal plane of the eyepiece to exactly the focal point of the telescope.

The field stop of an eyepiece is simply a washer with a central hole of greater or lesser size. In fact, widefield eyepieces may use the barrel of the eyepiece itself as the field stop. The problem is that eyepieces use different optical designs. For some, the field stop is exposed near the bottom of the barrel. For others, the field stop is actually located between optical elements. We need an eyepiece that has an accessible field stop, because we'll use a thin piece of blackened foil or electrical tape to put a bar across the circular field of view. We can then point the scope so that Mars itself is behind the opaque bar. If we're lucky, and if the eyepiece is clean and its coatings are adequate to prevent blooming, that bar will completely block out the light of Mars, allowing us to locate the two moons.

Even at best, though, they may not be obvious. They're both very dim in an absolute sense, let alone a relative sense. They are also located close to Mars and so have very short orbital periods. We need to know exactly when each of the moons is at maximum separation from Mars, and map those times to times when Mars is high in our sky (and out of the turbulence and muck at lower elevations). We also need to calculate things like true field of view, so that we know exactly where the moon should be in our field of view. Otherwise, it may be there and we won't notice it.

This is going to be fun. We probably won't succeed, but just trying will be worth the effort.

13:45 - Here's what I think. When all of the dust settles in the SCO brouhaha, SCO will have lost utterly. They will have been destroyed as a company, and their officers will face criminal charges. Darl McBride will walk away from it, though. He'll plead not guilty by reason of insanity, and his lawyer will be able to convince a jury that McBride is in fact psychotic. Here's yet more evidence. McBride attacks the very heart of OSS, kicking over the mother of all hornet's nests, and then claims that all of the responses to SCO's outrageous claims are coordinated by IBM. Eric S. Raymond, for example, is merely a lackey of IBM, paid by them to attack SCO. The same goes for the FSF and the hundreds of newspapers, magazines, and other publications that have published anti-SCO articles. All of them are in the pay of IBM. All of them.

This guy makes Baghdad Bob look credible. As Buffy would say, he doesn't use Earth Logic. At first I thought McBride had been infected with rabies. Really. He showed all the signs. Mental confusion, foaming at the mouth, attacking much bigger dogs, and so on. But now I'm convinced that he's actually suffering from a paranoid psychosis. Talk about a persecution complex. Everyone is out to get him. There's a gigantic plot that no one except him can see. IBM is directing its thousands of puppets to make trouble for SCO, who is entirely blameless in all of this. McBride must be psychotic. What other explanation is there for his behavior and statements?

13:56 - Damn. Would you believe I almost forgot to send IBM a bill for that last piece?

14:58 - My apologies to the reader, who wishes to remain anonymous, who happened to be taking a swig of Coke as he read my last entry. Blew it out through his nose, he did.

And Roland Dobbins sends the following important warnings:

-------- Original Message --------
Subject: SoBig DoS coming
Date: Fri, 22 Aug 2003 10:49:23 -0700
From: Roland Dobbins
To: Jerry Pournelle, Robert Bruce Thompson

http://www.f-secure.com/news/items/news_2003082200.shtml

And

-------- Original Message --------
Subject: Fwd: Sobig.f surprise attack today
Date: Fri, 22 Aug 2003 11:25:45 -0700
From: Roland Dobbins
To: Jerry Pournelle, Robert Bruce Thompson

Everyone should block all traffic to/from these IPs ASAP.

Begin forwarded message:

From: "Todd Mitchell - lists" <lists@ciphin.com>
Date: Fri Aug 22, 2003 11:13:27 AM US/Pacific
To: <jdawson@flexpop.net>, <nanog@merit.edu>
Subject: RE: Sobig.f surprise attack today

Computers infected with the Sobig.F worm are programmed to automatically download an executable of unknown function from a hard-coded list of servers at 19:00 UTC (3:00pm EDT) X-Force is recommending wholesale outbound filtering of the following IP addresses:

67.73.21.6
68.38.159.161
67.9.241.67
66.131.207.81
65.177.240.194
65.93.81.59
65.95.193.138
65.92.186.145
63.250.82.87
65.92.80.218
61.38.187.59
24.210.182.156
24.202.91.43
24.206.75.137
24.197.143.132
12.158.102.205
24.33.66.38
218.147.164.29
12.232.104.221
68.50.208.96

The request method uses UDP port 8998. X-Force also recommends that this port be filtered outbound.

 

 

[Top]


Saturday, 23 August 2003

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]


9:02 - We were hoping to go observing last night, but the weather curse struck again. We are hoping to go observing tonight, which was to be clear, but it appears the weather curse may be about to strike again. I wish we lived on Luna. Clear skies all day long every day and all night long every night. No light pollution. Well, there's Sol, but it wouldn't have any effect on observing because there's no atmosphere to scatter its light. The air is a bit thin, of course, but then even on Terra serious observers often set up where supplemental oxygen is required.

I did see a star last night while we were walking the dogs. I couldn't tell which one it was, though, because I had no reference. That's the interesting thing about going up to the lodge at Fancy Gap. Newbie observers are often confused because there are too many stars visible. It's difficult for them to find familiar constellations because they're not used to seeing so many stars.

 

[Top]


Sunday, 24 August 2003

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]


9:17 - We did head up to Bullington last night to observe, but it was a washout (figuratively and literally). It is a measure of our desperation that we decided to go up despite the fact that the Clear Sky Clock was indicating the worst possible conditions. Heavy cloud cover, rotten transparency, and unsteady seeing. But the Weather Channel and the Weather Underground both claimed it would be clear later in the evening, so we decided to head up.

We left about 19:35 under fairly heavy cloud. As we drove up US 52 toward Bullington, the cloudiness increased and we drove into a thunderstorm with moderately heavy rains. Refusing to be discouraged, we arrived at Bullington just after 20:00, and found ourselves sitting in the midst of a thunderstorm for the next half hour or so. About 20:40, Steve and Sean Childers showed up. By that time, the rain had pretty much stopped, but we were socked in with heavy clouds. We decided to stick around for a while to see if things would clear up, but the clouds weren't even moving. Barbara did see one star through a gap in the clouds, but she didn't log it because we couldn't tell which one it was.

At 21:20, we finally gave up and headed for home. As we got to our exit on US 52, the heavy rain started. For the next ten minutes or so, we crept along through a torrential downpour. I'd estimate it was coming down at a 6" to 8" per hour rate. It was raining so hard that the windshield wipers running at their fastest couldn't keep the windshield clear enough to see through.

So much for our observing trip. Tonight, of course, is supposed to be clear. But Barbara gets up at 06:00 on work days, so there's not much point to going out tonight. If Steve Childers has his big Dob set up at home tonight, we may head over to see what we can see from his driveway. But otherwise it looks like we'll just have to hope for the best for next weekend.

I'm really hoping for clear weather this fall and winter. Since we did the Messier Marathon the night of 1/2 April, we've been out exactly three times, once in May and twice in June. Three times in four-and-a-half months. Two summers ago, we were averaging two or three observing sessions a week. Of course, we were also in the midst of an extreme drought.

As the days get shorter and daylight saving time gives way to standard time, we'll be able to go out during the week. At the height of summer, it doesn't get fully dark until after 10:30 p.m. at this latitude. Even now, it's past 9:30 p.m. before we can observe. As winter approaches, it will begin getting dark earlier. We'll be able to eat an early dinner, head up to Bullington, get two or three hours of observing in, and still get home in time to get to bed at a reasonable hour. I can't wait.

 

[Top]


Copyright © 1998, 1999, 2000, 2001, 2002, 2003, 2004 by Robert Bruce Thompson. All Rights Reserved.