A (mostly) daily journal of the
trials, tribulations, and random observations of Robert Bruce Thompson, a
writer of computer books.
December 7, 1998
There wasn't much I felt like reading last night, so I started checking
the TV section. The History Channel had some stuff that looked
interesting, so I turned it on. The first was an episode of their history
of the gun series, this one about the Thompson Gun. John Taliaferro
Thompson, the gun's inventor, is a distant relative of mine, so I decided
to check it out.
They actually did a pretty good job on this episode, although they
greatly overemphasized the extent to which gangsters adopted the gun. That
was more Hollywood myth than reality. Certainly, some gangsters used the
gun, but it was by no means as common as this episode and the gangster
movies would have you believe. Most gangsters chose shotguns for serious
work. When they wanted an automatic weapon, they tended to use the
Browning Automatic Rifle (BAR). That was a known quantity from WWI, while
the Thompson Gun was a new-fangled gadget.
And rightly so. I've put quite a few rounds through a 1928-A1 model.
The Thompson Gun is great fun to shoot, but it wouldn't be my first choice
of weapon. Regardless of what the movies show, the Thompson is
controllable only when firing short bursts, even when the Cutts
compensator is installed to reduce muzzle climb. The buttstock is below
the line of the barrel, which means that recoil wrenches the gun up and to
right as you fire it. I was able to hold 3 or 4 round bursts on a standard
FBI target at 50 yards, but bursts longer than that simply waste
ammunition. The drum magazines were another weak point. No matter how
careful you are to keep them clean and load them properly, they jam. The
military recognized this, and the M1 and M1A1 models used during WWII used
only 20- and 30-round stick magazines.
Submachine guns generally are not a particularly effective class of
weapon. Twenty years or so ago, I participated in an ad hoc
experiment to test the effectiveness of an SMG against a riot gun. My
friend used his SMG, a MAC10 in .45 ACP with the Sionics suppressor, and I
used my Hi Standard 10B riot gun, with the Garth Choate magazine extension
installed, giving it an eight round capacity. He started with a 30 round
magazine of .45 ACP, loaded to its maximum reliable capacity of 28 rounds.
I started with eight rounds of 12 ga. magnum #4 buckshot, roughly the
equivalent amount of lead to 24 of his rounds.
We each had eight targets to "kill" and started together on a
signal. When the smoke cleared, he'd "killed" four of his eight
targets, disabled two more, and left two standing. I'd shredded all eight
of mine. If that'd been a real fight, he almost certainly would have been
dead, whereas I'd have had a reasonable chance of surviving. The moral is,
if you ever have to defend yourself, pick up a shotgun. As Jeff Cooper
says, firepower means hitting what you're aiming at, not peppering the
landscape with misses.
* * * * *
I'd better get back to work on the book. I want to have at
two more chapters submitted before Christmas, and that's going to be
* * * * *
I've decided to dispense with the separate book of the
week page, and just embed my mini-reviews in my journal. I have too much
to do already, and creating separate pages for each book is too much work.
The book of the week this week is Dinosaur
Cat: A "Big Mike" Mystery by Garrison Allen. Barbara
brought me this one, and I'll admit I moved it to the bottom of the stack
because it didn't look like something I'd like. I like mysteries, but the
cover art on this one turned me off. Now I'm sorry I waited, and I've
asked Barbara to bring me any others in the series that she has. Although
this book has gotten mixed reviews, including a pretty bad one from Kirkus
(whose reviews I normally respect), I enjoyed the book. If P.G. Wodehouse
had written mysteries, this is the kind of mystery he'd have written.
Allen populates this book with a diverse assortment of eccentric
characters, but it's a serious mystery nonetheless. Check out the reviews
on Amazon. I recommend this book.
* * * * *
And the following mail from David Davenport:
I have recently purchased and read your
"Windows NT TCP/IP Network Administration" text. This book was
extremely valuable during my recent establishment of a WinNT remote
access server. My question for you is this: How can one capture RAS PPP
packet traces? It doesn't seem to be possible with Network Monitor. I
would greatly appreciate any assistance you might provide and look
forward to your response.
To the best of my knowledge, you can't do that, although I
haven't tried lately. I remember trying to do that years ago, and I
couldn't get NM to capture packets for anything other than a
"real" network card. Craig, any ideas short of using sniffer
hardware? I'll also post your question on the web site to see if anyone
else has a workaround.
If anyone else has encountered this problem and figured
out a workaround, I'd appreciate hearing about it.
December 8, 1998
It continues to be quite warm around here for December. We have an
indoor/outdoor min/max thermometer in the kitchen, and yesterday it made
it up to 81 degrees. It's expected to hit nearly 80 today as well.
I got a fair amount done on my chapter yesterday, and also spent some
time on the phone with vendors trying to sweet-talk them out of evaluation
units. It takes more work to get hardware evals than software evals, and I
don't understand why that should be. Certainly, the actual cost of
hardware evals is higher, but if I ran a hardware company I'd be falling
all over myself to send out eval units to authors.
Companies pay thousands to put space ads for their products in computer
magazines, and yet no one I know is seriously influenced by those ads.
Certainly, ads are useful to announce new products, or whatever, but who's
going to believe all the nice things that an ad says about its own
product? A book, on the other hand, is an unbiased source of information.
No author I know is going to recommend a video card or a hard drive simply
because he got a free sample. Pournelle used to joke about the bribe of
the month, but the truth is that nothing was ever recommended in his
column unless it was worth recommending.
We ask for eval units simply because we can't afford to buy examples of
each product we want to look at. Like other authors, I often buy products
that I can't get evals of, and I've frequently recommended the product
that I had to pay for rather than the competing product that I got a free
example of. Still, I can't buy everything, and I'd think that a hardware
company would want to make sure that I at least had an opportunity to look
at their product.
* * * * *
I get mail periodically from people who are looking for guidance about
setting up their own web sites. I'm no expert on web sites, but I have
learned quite a bit in the process of setting up my own and running it for
the last 6 or 8 months. If you want to set up your own web site, here's my
advice about how to get started:
- Pick up a copy of Peter Kent's Poor
Richard's Web Site: Geek-Free, Commonsense Advice on Building a
Site. This book tells you everything you need to know about
getting a site set up.
- Sign up with a web hosting service. Running your own web server is a
losing proposition. For $25 a month or so, you get your site hosted by
professionals. You get things like multiple redundant T3 lines,
high-end Sun servers, and so on. Stuff you couldn't provide yourself.
There are a lot of web hosting services out there, with prices that
range from $5 a month on up. I found the array of choices bewildering,
so I took a shortcut. Peter Kent is a friend of mine, so I just asked
him who he used and signed up with them. The company we both use is
and I've been very pleased with them. If you sign up with them, please
tell them I sent you. I get two weeks of free service out of the deal,
which translates to $12.50. Every little bit helps.
- Get a copy of Microsoft FrontPage and use it to manage your site.
Back to work on the book...
December 9, 1998
And still one more thing you can do with that PalmPilot you get for
Christmas. The following message was posted to the Computer Book
Publishing mailing list, which is run by my agency, StudioB Productions:
Using Palm Pilots to Steal Cars
This week the U.K.'s New Scientist reports that computer journalist
Lars Sorensen has discovered a technique for using the infrared port on
the new generation of Palm Pilots to break into cars with infrared
remote keyless entry systems. The Palm Pilot apparently has software
that records the infrared signals from TV and video remote controls, so
that you can turn your PDA into a universal remote for all your home
entertainment gadgets. According to New Scientist, Sorensen successfully
used the same system and software to record the infrared signal from a
friend's car remote, enabling him to enter the car and disable its
Salon's Janelle Brown followed up the story stateside, and secured
this less-than-reassuring quote from Palm PR manager Elizabeth
Cardinale: "We aren't responsible for third-party applications,
though we think it's unfortunate that our product is being used for an
illegal use. [But] there might be a good thing that will come of this.
Say someone wanted to have the key to their car code stored in their
Palm Pilot, just in case they forget their keys."
Neither Brown nor New Scientist reporter Duncan Graham-Rowe reported
any auto theft by PDA, but can it be far behind?
Palm Pilot-Assisted Auto theft
I've been told that no U.S. model vehicle uses IR for
remote keyless entry systems. They apparently all use RF, with a
"code rotator" mechanism to prevent code grabbers from
compromising them. Still, those articles seem a bit over the top. It's
unlikely that you could grab the entire sequence from IR backscatter, and
I can't believe many people would honor a stranger's request to point
their IR remote at the stranger's PalmPilot.
* * * * *
And this email from Bill Costa in New Hampshire, in
response to an article that I originally wrote about Windows
NT Workstation Backup for Windows NT Magazine. They rejected it
(the first and only time as an author that I've ever had anything
rejected), so I posted it to my site and sent a copy to Pournelle:
Just a quick note to say thanks for making
your article available via the Internet. I get Windows NT Magazine and
this article is as good as anything I've seen there. Who knows why they
Thanks for the kind words. That was the first (and only)
magazine article I've ever done. I like doing books much better. I don't
know why they rejected it either. It may have had something to do with the
fact that the original editor left and another arrived while I was writing
the article. New Hampshire. Now there's another place I'd like to live. I
admire your state motto.
* * * * *
Another data point in the war against cookies. For those
who are unfamiliar with them, cookies are one mechanism that can be used
to overcome some of the problems associated with the fact that HTTP
servers are stateless. Stateless means that every interaction between a
client and server is completely independent of other interactions that
have occurred between them. The server doesn't keep track of past
interactions with the client, even though they may have occurred only a
fraction of a second earlier. In other words, no session exists.
For example, if you hit Amazon.com to look for a book, no
persistent session is established. Instead, each page and other element
you request is delivered to you independently of all other elements served
to you during your browser session. The web server has no idea that
subsequent requests are related to the original request. It simply
delivers individual pages to you as you request them. That makes it hard
for the server to do useful things like storing your account information,
keeping track of the items in your shopping basket, etc. The kind of
things you'd like it to do to improve your browsing experience..
One way the web server can get around this problem is to
send your browser a cookie, which is simply a small data file that your
browser stores on your local hard disk. In addition to sending you
cookies, the web server can also read cookies that it sent to you earlier.
For example, when you add a book to your shopping basket, that item is
stored in a cookie on your hard drive, allowing the web server to keep an
updated list of the current contents of your shopping basket. This is a
username and password for sites that require a login. There's a darker
side to cookies, however.
Many people think that cookies are no security threat
first place. That's true as far as it goes, but it doesn't go far enough.
A web page can be designed to redirect incoming requests transparently to
a different web page, which may reside on that site on on a remote site
that uses a different domain name. For example, entering the URL http://www.altavista.com
causes the browser to retrieve and display the main AltaVista page.
However, that page redirects your browser to a site in the doubleclick.net
domain, which records your unintentional visit. Although you never
explicitly told your browser to connect to any site in the doubleclick.net
domain, this redirection allows doubleclick.net to take control of your
browser (unknown to you) and write its own doubleclick.net cookie to your
hard disk. If you subsequently visit a different web site that also has an
arrangement with doubleclick.net, the doubleclick.net server can read the
cookie it wrote during your earlier session and use that information to
keep track of where you've been.
In theory--and often in practice--these unauthorized
cookies are an aid to tracking ad delivery. But they open the door to
abuses of your privacy. Because companies like DoubleClick,
Imgis/AdForce, and MatchLogic
keep track of which web sites you visit, the potential exists for them to
build a profile of your browsing habits. I don't want some faceless
company keeping track of what I do on the web, and you probably don't
either. Unfortunately, they make it very hard to avoid.
Until recently, both Internet Explorer and Netscape
Navigator gave you only three choices about cookies. The default choice,
Accept All Cookies, leaves you wide open to cookie abuse. Reject All
Cookies keeps you safe from the invasive actions of DoubleClick and their
like, but also prevents you from using "good" cookies for their
original purpose. The third choice warns you each time a cookie is served
to you and allows you to decide individually whether or not to accept each
cookie. The problem with that one is that a single web page can deliver
many cookies. I have IE setup with the Warn option, and one web page I hit
delivered almost 30 cookies. Choosing that option makes the web browser
There are third-party browser add-ons like CookieCrusher
that take a rational approach by allowing you to allow or disallow cookies
by domain. Using one of these products, for example, you could allow all
cookies except those that originate from DoubleClick, Imgis/AdForce, or
MatchLogic. This is the kind of functionality that should be built into IE
and Navigator, but isn't, probably because Microsoft and Netscape are
implicitly or explicitly in league with those companies.
So when I installed Netscape Navigator 4.05 some time ago,
I was pleased to see a new option for handling cookies. The check box is
labeled, Accept only cookies that get sent back to the originating
server, which sounded exactly what I was looking for. I don't mind
accepting cookies from the sites I visit intentionally. It's those stealth
cookies delivered by redirection that upset me. So I was heartened to see
this new option in Navigator. The trouble is, it doesn't work the way it's
supposed to. I don't know if that's because it was never intended to,
because it has bugs, or because MatchLogic and other companies have come
up with crafty ways to get around it.
What I do know is that I kept a close eye on my cookie
file for quite a while after I installed Navigator 4.05, and it appeared
to be working as expected. That now turns out not to be the case. I hit my
agent's web site last
night, and was shocked to see that it's now delivering cookies, including
"bad" cookies. I emailed my agent, who told me that he wasn't
aware that was going on and that he'd put a stop to it. But getting those
cookies from his site motivated me to go out and look at my Netscape
cookie file. I wasn't pleased at what I found. Below are some excerpts
# Netscape HTTP
# This is a generated file! Do not edit.
/ FALSE 1893455946
/ FALSE 942189081
.imgis.com TRUE /
/ FALSE 1182140350
I particularly like the gratuitous warning not to edit the
file. It's a standard text file, and you can delete anything you please
from it. Apparently, they want to dissuade people from deleting
"bad" cookies. I greatly resent the way that Microsoft and
Netscape appear to actively cooperate with these companies. In fact, I
think what all of them are doing is probably illegal under existing law.
When I visit a web site, it could be argued that I am implicitly giving
that site permission to write its own cookie to my hard disk. But nothing
I have done grants permission to these other companies--whose sites I have
not voluntarily chosen to visit--to abuse my computer and my hard disk by
storing information that is for their own benefit. They are in essence
stealing resources from me, and I suspect they could be charged under
existing anti-hacking laws if anyone cared to make a point of it. For
their defective cookie management mechanisms, Microsoft and Netscape
should be charged as accessories before and after the fact.
December 10, 1998
The following mail from Robert Morgan about cable modems and DHCP:
Well, my cable modem was installed yesterday
and it's damn impressive. I downloaded Netscape Communicator 4.5
directly from my service provider at better than 300 k/s. This morning I
downloaded three things at the same time from across the net at 50 k/s
Yep, that's certainly better than the 2.5 to 3 KB/s I get
via dialup. Congratulations. I'm envious.
The installer had me disconnect my pc from
my hub, and plugged the modem (a Motorola Cybersurfr Wave) directly in
to my pc. Later, I plugged the modem into the crossover port on my hub
and my pc worked fine. Other pc's were assigned an ip through the cable
modem's DHCP server, but wouldn't see the internet. I suspect that they
limit traffic back through the modem to the first machine connected.
Have you ever heard of this feature? I suppose I'll install a second
network card in my linux box, connect the modem to it, and then use ip
masquerading the same way I used to with my ppp connection.
I'm not sure whether you mean there's literally a DHCP
server built into the cable modem, or DHCP was delivered via a server at
the central office. If the former, and if the cable modem has NAT
functionality, you may be able to reconfigure it to provide private
addresses behind the cable modem. If the latter, they're probably
restricting you to one IP address, although I'm surprised that the DHCP
server would even assign addresses to your other machines. Are the
addresses assigned to your other machines private or public IP addresses?
If you have a WinNT or Win9x box, I'd suggest you download
the WinGate proxy server and install it on the machine connected to the
cable modem. You can then configure your other machines for proxy access.
Plugging the modem onto my lan also broke my
internal tcp/ip network. My machines are all in the 192.168.100.0 range.
If I let one get a new IP from the service provider's DHCP server, then
that one sees the internet but no longer sees the internal network. I
can't figure out the right routing commands to see my 192.168.100.0
network, and I'm not even sure if it's possible without putting the
modem onto a second NIC and using proxy or ip masquerading.Oh well. I'll
figure it all out with the time I save not waiting for the internet to
Yes, the IP address and netmask that the service provider's
DHCP server assigns to the Ethernet card in that one machine puts it on a
different IP network from the rest of your physical network. Depending on
what OS you're running on the connected machine, you could probably assign
multiple IP addresses to one card, but with Ethernet cards at $15 to $35,
it'd be cleaner just to install a second card to connect to the rest of
your network. Assign that second card a 192.168.100.x address, create a
static route, and install WinGate on that machine. That machine talks to
the cable modem on the public IP network address and to the rest of your
network on the private IP address. I've never tried WinGate other than
LAN-> dialup, but it should also work fine LAN->LAN.
I don't know why service providers go out of their way to
make things harder. I guess they figure they can restrict the service to
one PC nearly all of the time and so just don't worry about what'll happen
when a customer knows what he's doing. I'll post this on the site and ask
anyone who's actually done a workaround for this to respond.
As it turns out, I got mail from Robert telling me that he
now has things under control and plans to use Linux to implement IP
Masquerading, which should solve the problem.
* * * * *
And here's a mouse cleaning tip. While I was reformatting
my cookie rant to send to Pournelle, my mouse started acting jerky. I keep
a bottle of isopropyl rubbing alcohol, some cotton balls, and some Q-Tips
on my credenza. When I opened the mouse, I found that I was out of both
cotton balls and Q-Tips. Rather than getting up and going into the
bathroom to get more, I decided to try using a pipe cleaner. As it
happens, I have some of those rough pipe cleaners. They're like a regular
pipe cleaners, but have stiffer bristles interspersed with the regular
ones--kind of like a regular pipe cleaner with nubs.
I've always had a problem getting the mouse rollers
completely clean. The junk in there tends to get wrapped around the
rollers, forming a tight knot that's almost impossible to get off with a
Q-Tip. Sometimes I actually have to resort to scraping the roller gently
with the tip of my Swiss Army knife. The rough pipe cleaner takes care of
that problem. The nubs actually grab the stuff wrapped around the rollers
and pull it loose. They're not rough enough to abrade the rollers, either.
You can get the rough pipe cleaners at most tobacco shops and some
* * * * *
And this follow up from Robert Morgan:
Reports on your web site of my success
getting my network back up with the cable modem in place may have been
premature. If I turn off everything, then plug the cable modem into any
machine other than the first one I used, it will get a DHCP ip address,
but the other end refuses to send me any packets. I ping, I see a TD
light go on, but I never get an RD light back. Perhaps they're
remembering the physical network address of the first machine and won't
talk to anyone else? Or maybe they're just remembering the first IP
address assigned to me. I tried to make linux request the number my
Win98 box was using but it wouldn't. Arrggh.
This means that I can't get my linux server
to use the cable modem. So I have to put a second NIC in the Win98 box
that does work with the cable modem. But my Win 98 workstation is loaded
to the gills - no room for another NIC. Arrggh. Do you know if it's
possible in Win98 to assign two ip's to one NIC? Arrggh. And I just
tried putting in a Diamond Monster MX300 in my Win98 box and damned if I
can make Win98 load the drivers for it. Argggh. Windows 3.11 for
Workgroups here I come.
P.S. In not really related news, /. is
reporting that our fine Canadian government will start collecting
royalties on blank audio media to the tune of $0.50 / 15 minutes of
digital audio. One cd = 75 minutes or $2.50. A blank cd costs me $1.69.
150% price increase. Think I'll buy a thousand before January, when it
begins. What happens when they realize I've got 50 cd's worth of .mp3's
on a couple gigs of hard drive?
Yep, it sounds like they're taking strong measures to
prevent anyone from connecting more than one machine to the network. From
what you've said, it's not clear to me exactly what they're doing. My
guess is that it's based on MAC address rather than IP address, though.
One easy way to check would be to determine the IP address on the machine
that works properly, disconnect it, connect another machine, and use
static addressing to give it the same IP address and other IP
configuration information that works on the first machine.
If that doesn't work, it's a pretty safe assumption that
they've married your account to the MAC address on the first machine. You
could verify that by removing the Ethernet card from the machine that
works and installing it in your Linux box. If your Linux box then
connects, you can probably assume that the problem is MAC based.
Another possibility would be to kill your DHCP
configuration. In Windows NT, you can use the command IPCONFIG /RELEASE to
do that. I'm not sure what the equivalent is in Win98, but there should be
one. If all of that fails, you could try calling their tech support and
telling them that you've just upgraded your Ethernet card and now your
link doesn't work any more. When they kill it on their end, just connect
your Linux box to the cable modem and see what happens.
As far as the tax on media, I'm sorry to hear that. If the
computer industry spent as much on lobbyists as the music industry does,
we wouldn't have that problem.
December 11, 1998
The cable modem discussion has been generating quite a bit of mail.
I've been replying to many of them privately, but posting some of the more
interesting ones. Apparently, what you get when you install a cable modem
varies quite a bit depending on your provider. The first message is from
my friend John Mikol, who has a cable modem through King Cable/Online
South. I mailed him Robert Morgan's message about DHCP weirdities, and
asked if he'd had any similar problems. He had this to say:
The only problem I had was a few weeks of
spotty service due to a bad AMP on a pole between me and the head-end. I
wouldn't be surprised if there was a DHCP server in the cable modem, but
I would assume that it was proxying to a central DHCP server. OLS
charges per IP address, so I set up a Linux box to NAT, proxy, DHCP,
DNS, SMTP, etc. It works great. I patched to kernel to include PPTP NAT
and it works great (although it can only handle one client at time)
King Cable issues a static IP address to each customer, and apparently
allows you to buy additional ones. I'm not sure why anyone would do that
for a home network, but it's nice that they offer the option. But then I
got the following mail from Jerry Mah. It appears that his provider, Shaw
Cable, goes to the other extreme. They don't provide a static IP address
at all, and try to charge you a monthly fee for each additional computer
you connect. I agree with Jerry that that sounds ridiculous
I'm really enjoying your discussion on cable
modems, considering the fact that I just recently hooked up for service
My ISP (Shaw Cable Modem, using a Motorola
Cybersurfer) charges an additional $10/month for each additional machine
that you throw onto the network (you pay for the hub, they just let you
have a machine name in which to pull the DHCP off of their server). I
thought that this was sort of an absurd amount considering the fact that
I wasn't able to pull in any more bandwidth, and that they weren't
offering me anything in return for the $10. I then considered setting up
a proxy server so that I wouldn't need the extra $10/month.
Note: The DHCP was also bizarre in that I
needed to install some special script that their CD provided. Setting up
NT with a normal DHCP set up did not seem to work properly.
The solution that seemed to be the easiest
was a product called WinProxy. I initially attempted to hook up some
other proxy products, but nothing else was quite as simple to try out.
I'm currently attempting to set up some more sophisticated proxy
products, but WinProxy is working in an pinch.
One question that I have is a problem that I
have never seen before... In an attempt to install some ATI video
drivers on a Compaq computer, NT gave us the message that we did not
have administrator permission? on that machine to install the drivers.
Yet checking the account, we were indeed logged in as the administrator.
As far as the ATI drivers, I don't know any reason why they
should return that message. If you're logged on as a user with
administrative privileges but not as the actual account Administrator, you
might try doing that. If you're logged on literally as
"Administrator" already, the only thing I can think of (and this
is truly unlikely) is that you're working in a domain environment and the
account "Administrator" is a member of the Domain Admins group
but not of the Administrators group on the local machine. Maybe someone
else has other ideas about this.
As far as the proxy server, WinProxy is indeed a good
product. Another product you should look at is WinGate.
It's what I use here.
* * * * *
And speaking of here, "here" needs a name. Chaos Manor, while
appropriate, is already taken. So what I need is a short memorable name
for this place, preferably one that won't be seen as too derivative of
Pournelle's Chaos Manor. All nominations gratefully accepted.
* * * * *
My tirade on cookies is generating a fair amount of mail.
Here's one from Nat Fairbanks:
I'm not a fan of cookies myself, but you
missed an important point in your message about cookies. The
advertiser's web server is the one sending you the cookie, and thus fits
the criteria of "Accept only cookies that get sent back to the
Well, no, I didn't miss anything. I think I was pretty
clear that it was the advertiser's web server that was actually sending
the cookie. By definition, a cookie can only be accessed by the
originating server, or by one in its domain. So, logically, Netscape
phrased the description for that option button pretty poorly. If taken
literally, it would describe exactly the same option as the "Accept
all cookies" option button immediately above it. Any reasonable
person would believe that selecting "Accept only cookies that get
sent back to the originating server" would disable cookies that
originated on a domain other than the one at which they had explicitly
pointed their web browser. Otherwise there's no point to having that
Your example mentioned www.altavista.com,
take a look at the source for that page. You should notice at least a
few lines like this.
width=6 height=6 border=0>Find today's
best travel bargains!</a><br>
That tells your browser to request an image
from doubleclick. Your browser looks for any doubleclick.net cookies,
send them along with the request for the image. Then their web server
responds with an image, and possibly another cookie. It all relates to
the stateless connection. That allows a web page to be created from
components scattered across the web.
So www.altavista.com has very little to do
with sending you that cookie. Yes, their web page told your browser to
go get something from another server, but that's a very basic action,
needed to keep the web working.
No, AltaVista has everything to do with sending me that
cookie. They put the code on that page that causes that cookie to be
retrieved from a foreign domain. And retrieving cookies from foreign
domains is in no way required to keep the web working.
So what can you do about it? You mentioned
several products, but there are many simple ways to control cookies
besides the ones you mentioned. My favorite is just to set the cookie
file to be unwriteable (very easy to do on a Unix based system). Your
browser will still accept and respond with cookies, but they no longer
last from session to session. Each time you restart your browser, all
the old cookies disappear. That makes the string of connections that
shopping cart style applications.
Making the cookie file unreadable works with Navigator as
you describe, but IE uses individual cookie files and there is no way I've
found to stop it from writing those cookies. Even making the directory
itself read-only doesn't work. But all of this begs the question: why
should I have to go to extra effort and disable some of the useful
capabilities of my browser just to prevent some company from engaging in
nefarious activities that are against my interests? Accessing my computer
and writing a file to my hard disk without my knowledge or consent is
already illegal. Why should they be allowed to get away with it?
Another way to deal with cookies is to
specify a bad IP address in your hosts file. Put ad.doubleclick.net and
the rest in that file with the loopback IP, and you won't see anymore
ads or cookies. You can also just shut off image loading, and your
browser won't load the images from the advertiser, and again, no
Well, yes, there are numerous ways to get around cookies,
but the point is that all of them require effort that I shouldn't have to
make, and most of them reduce the capabilities of the browser. By taking
actions to eliminate "bad" cookies, I also crimp the ability of
my browser to work with "good" cookies. There's no excuse for
allowing this to continue.
* * * * *
And still more on cookies, this from Paul S R Chisholm:
I'm in violent agreement with you, and then
Turns out one (drastic!) way to turn off a
lot of cookies is to turn off images. A lot of banner ads are graphics
from third party sites; the graphics have the cookies. (One way Netscape
is better than IE: Netscape lets you load all the images for a page with
a single click. IE only lets you load images one at a time, or reload
after you change your preferences.) I'd presumed Netscape's "Accept
only cookies ..." message was aimed at image cookies. I think I get
fewer, but still some.
Good points. And in fact I used to keep images turned off
in my browsers, not so much to avoid cookies as to make pages load faster.
But that's no longer a viable choice. Many web sites today are unusable
with images turned off. Nearly all web sites used to offer a text-only
option, but that's becoming much less common. And why should we have to
forego an important browsing capability just to help avoid cookies? As far
as the Navigator "Accept only cookies.." option, my experience
is the same as yours. Fewer "bad" cookies, but still some.
IE 3 had a Cookies folder in the Windows
directory, full of .txt files you could look at (the name of the file
was the name of the host the cookie was for) or delete. IE 4 appears to
have the same folder, but with some binary files.
Yes. IE3 puts cookies in my \WINNT\Cookies folder. That
folder is still present with IE4, but it now puts cookies in the
\WINNT\Profiles\<username>\Cookies folder. They appear to be in the
same format there, though. Microsoft's relationship with cookie vendors
carries through even here. When you delete one, instead of getting the
usual confirmation warning, you get words to the effect of "The file
you are about to delete is a Cookie! ...". I guess they use the
exclamation point as a way to convince novice users that there's something
particularly dangerous about deleting a cookie.
IE 3 would let you know, "You have
received a "cookie" (Internet information stored on your
computer) from host.dom ... The contents are: ..."
IE 4 tells you: "In order to provide a
more personalized browsing experience, will you allow this Web site to
put information on your computer? If you click Yes, the Web site will
save a file on your computer. If you click No, the current Web page may
not display correctly." You have to click "More Info" to
see who the cookie is from! Naturally, "cookies" (by that name
or any other) are not mentioned in the IE 4 online help.
The thing about "may not display correctly" is
yet another red herring designed to convince novice users that Cookies are
mandatory. Yet more evidence that they're in bed with the cookie
producers. I think it's also significant that IE conceals the source of
the cookie. You get the options Yes, No, and More Info. If you want to see
where the cookie is from, you have to click More Info for each cookie.
They obviously want you to accept cookies without knowing who's sending
them. Otherwise, why not simply display the additional information by
default, or at least allow you to make the expanded display the default
rather than having to click More Info each time?
I'm willing to let some sites send cookies,
even to LinkExchange or such; the sites offer free content for ads, and
I want to support them. I'd like to clean up my cookies from time to
time, and there are some folks (Imgis, DoubleClick, and MatchLogic) I
don't ever want to give cookies to. Feh. --PSRC
I don't think about it that way. I put LinkExchange in with
the other "bad" cookie sources. I despise ads in any form,
whether they be on TV or a web site. I'll pay for TV programs without ads,
and I'd happily pay for web content I wanted. What we're sadly lacking at
the moment is a micro-money mechanism. Pournelle's talked a lot about
Digital's MilliCent, and that would be a good mechanism if it became
widely implemented. I don't see that happening any time soon, however. It
has the fatal flaw of being proprietary in a world where Internet
standards rule. What we really need is for the IETF to do RFPs for
micro-money. If an open micro-money standard existed, I think you'd see
the use of micro-money explode overnight. That would also cause web
content to flower.
* * * * *
FedEx just showed up with a copy of Red
Hat Linux 5.2 and a copy of the Red Hat Linux Variety Pack. Red Hat
Linux Powertools is backordered, but I expect to get it in the next week
or two. These folks are fast. I emailed my contact at Red Hat at about
5:00 Wednesday afternoon to request a copy of 5.2 and here it is already.
* * * * *
And I'd better get back to work. Barbara is off today, and
we have several errands to run. Not least among them is getting our cell
phones reprogrammed for the new area code. That has to be done by 12/31 or
they'll stop working. Then I have to install some software for her and do
a bunch of other stuff in her office. And I need to do my network backup.
This day will be consumed by locusts.
* * * * *
Friday Afternoon: We
never did get out to run the errands. I had to climb up on the roof to
blow out the gutters for the lats time this year. While I was up there, I
put the plastic bag covers on the cyclone ventilators. Then the main drain
started fountaining again. I thought (hoped) that the problem was
temporary, but apparently not. Fortunately, I'd duct taped a trash bag
over the drain pipe for the washing machine (where all the stuff fountains
from) to prevent it from splashing all over the washing machine and dryer.
The water still ran all over the floor, but at least it didn't spray all
over the washer, dryer, tables, and so forth as it did the first time.
So we moved everything out of the basement and called the
rooter folks. They showed up a couple hours later and drilled out the main
drain. After that, we washed down the basement and put everything back.
Not a nice way to spend the day.
And mail has been coming in fast and furious....
* * * * *
More on cookies from Nat Fairbanks:
Hmmmm. After checking out the cookie spec
more closely it appears I misunderstood the spec. I thought (to use an
example from cookiecentral.com) that myserver.com could set a cookie for
yourserver.com, causing yourserver to get the information from the
cookie next time you visited.
Now that I realize this, yes Netscape made a
useless option and deserves to be criticized for it. The rest of my
email was pretty much based on this assumption, so it crumbled pretty
quickly. I guess I shouldn't open my mouth unless I really know what I'm
talking about. :-) Thanks for clarifying!
Yes, but see what Chris Fullerton of Netscape has to say.
* * * * *
And still more mail on the cookie issue, this one from
Chris Fullerton of Netscape:
I have a couple of issues with your article
on cookies.First, let me get the standard disclaimer out of the way:
these opinions are mine, and have nothing to do with Netscape. I'm not
involved with any of the ad services either.
Point 1: Cookies are not 'files' that get
sent to the browser - they are just bits of information that get stored
in a cookie file. This is a distinction that I think needs to be clear.
(I think IE keeps each cookie in it's own file, but that's not the way
Netscape does it). There are two types of cookies - one type that gets
written to the cookie file (a 'permanent' cookie that has an expiration
date) and a temporary one that goes away when the browser is closed
down. The temporary ones never make it into the cookie file - they're
stored in memory.
You're right on all points, of course. I was using the term
file loosely. Netscape does indeed store cookie data within one file and
IE as separate cookie files. As far as persistent versus non-persistent
cookies, the non-persistent ones are useless to the tracking companies, as
they could only track your visits within one browser session.
Point 2: Ad services do not 'redirect' the
browser to another site - they just reference something that lives on
another site. Ad services *never* "take control" of your
browser - in fact, no site does this.
I was using the term "redirect" to mean that HTML
code on the site that I explicitly visit causes my browser to retrieve
data from another site entirely. I call that redirection. If that's not
the correct term technically, I apologize. As far as taking control of my
browser, I consider sending code that causes my browser without my
knowledge or permission to write data to my hard drive to be taking
control of it.
Now, a couple of other things:
I did a bit of checking with the cookie
settings, and here's what I think is happening when you have 'only send
back to originating server' checked. As far as I can tell, this works as
advertised - when browsing, if you have this option checked, you don't
get cookies from the ad sites. The problem shows up when people send you
html pages via email. Because there isn't an 'originating server', it
seems to make a request for the images in the page, and that allows the
ad server cookies to get set.
Well, no, that can't be the cause. I say that because I've
seen this behavior occur on a computer that doesn't have a mail client
installed. It sits behind a proxy server, and POP and SMTP aren't
configured on that client. I've also watched it occur on another computer
that does have an email client installed. In this case, the mailer wasn't
opened, and my cookie file had no "bad" cookies on it. I visited
many sites during that browser session, so I can't say for sure which site
did it, but I ended up with a preferences.com cookie in my Netscape cookie
file afterwards. I know that that couldn't have been caused by mail,
either, because my POP server happened to be down all that afternoon.
As I mentioned, Netscape's "Accept only cookies that
get sent back to the originating server" seems to work most of the
time, so I'm willing to concede that Netscape is at least attempting to
address the situation. I've had several other people tell me basically the
same thing--that this option keeps most but not all bad cookies off their
hard drives. If I had to guess, I'd say that preferences.com and other
similar companies have come up with a way around this restriction.
There are a couple of workarounds for this.
First, do what I do when reading your HTML mail - turn off images. That
will prevent these cookies from getting set. Another option is to change
the permissions on your cookie file to read-only - I haven't tested
this, but it should prevent it from getting updated. You could also
create some sort of start-up script that would keep a copy of your
'approved' cookie file, and overwrite the existing cookie file before
starting up the browser - that way, any unwanted cookies that get saved
there during your session will get wiped out next time you start up.
Yes, but again, the point is why should I have to do this?
I have not given doubleclick.net, Imgis/AdForce, Preferences.com or any of
those companies permission to write cookie data to my hard disk. They are
doing this for their own benefit, without my permission, and against my
wishes. What you are suggesting is equivalent to letting a burglar go free
and blaming the homeowner for not installing better locks.
While these things are annoying, keep in
mind that as long as content is free, content producers need to have a
way to make money from their content and they do this by selling ads.
They're free to sell all the ads they want. I'll even look
at one once in a great while. But what they aren't free to do is hijack my
hard drive for their own nefarious purposes. What they perceive as their
own need gives them no claim whatsoever on my resources.
* * * * *
And more from Paul S R Chisholm about micro money and advertising:
I guess I only disagree with you on two
points: I think the "micropayment" problem is not lack of a
standard, but too many standards. They've been around for about three
years. Yes, they're ad hoc. Since the problem is a financial one, not a
technical one, I think it's reasonable to look to the financial
community for an answer. (I have a *great* deal of respect for IETF and
ITU-T, as you might guess from my return address.-) We need to get past
the Betamax/VHS wars ... again. (*sigh*) I've been expecting for a
couple of years that a consensus would emerge.
Well, I don't think we're in disagreement here at all. What
you call "too many standards" I call a lack of a standard. When
I think of standards, I tend to think of IETF first, because this is after
all intimately related to the Internet. As far as looking to the financial
community, I don't think that's likely to be workable. There are too many
economic and regulatory disincentives. To the extent that they're looking
at micro-money at all, each bank will attempt to establish its own
"standard" for competitive reasons. At least until and if one
proprietary standard becomes widely accepted, the incentive is for each
bank to go its own way and grab as many users as possible.
Microsoft could probably establish a real standard by sheer
main force, but I don't think they'll be likely to attempt that,
particularly given their current problems with the Justice Department.
Perhaps they'll use their clout to establish a truly open standard. That'd
be the best of both worlds, and it may happen. Although Microsoft bashers
deny it, Microsoft has done many things for the benefit of the general
user community without consideration for their own bottom line. Perhaps
they'll do it again.
Pay TV vs. commercial TV vs. TV funded some
other way entirely (e.g., PBS); pay sites vs commercial sites vs sites
funded some other way entirely. We all have our preferences. There's
room for all. Sometimes the content we'll want will be paid for in a way
we don't like. Unfortunately, it will rarely be available multiple ways,
letting us pick. (LOST IN SPACE may be on pay-per-view, or HBO, or the
SciFi Channel ... but not the same week.) The current cookie situation,
though, is more intrusive than "mere advertising." --PSRC
Well, I'm not sure we disagree here, either. But if there's
anything that all of this technology is about, it's about increasing
personal choice. You can see that now in many ways. Various companies
provide "free" email to people willing to suffer through ads
while reading their mail and have an ad attached to each of their outgoing
messages. Instead of being limited to what your local bookstore stocks,
you can get anything you want from Amazon.com or BarnesandNoble.com. You
can shop in your pajamas when the stores are all closed.
Ultimately, what all of this is doing is increasing the
number of choices that people have available. I think that trend will
continue and accelerate. VCRs were all about choice. People bought them so
that they could watch what they wanted when they wanted. Once the datacom
infrastructure grows to the necessary level and IPv6 gets deployed, we may
see an end to broadcasting in the traditional sense. You'll order what you
want when you want it and have it delivered on demand.
The realities of distribution have introduced friction in
various respects, and e-distribution is eliminating a lot of that
friction. For example, albums and later CDs were created as a distribution
"bundle." There was no convenient way using traditional
distribution to sell songs individually. The technology is starting to
change that. You can now buy individual songs rather than an entire CD.
That's going to have a Darwinian effect that will be all to the good.
Right now, the weak stuff is carried by the strong, because they're
bundled. Once they're unbundled, everything will have to survive on its
own merit. When you buy a magazine, you pay for the bad articles with the
good. When you buy individual articles, bad articles don't get bought.
But the flip side of that is that mass-market
considerations become much less important. Good things can survive without
having a huge potential base of buyers. Before the web, you wouldn't be
reading this column, because no one would have published it and I wouldn't
be writing it. The web gives anyone willing to devote the time it takes
and a few dollars a month the equivalent of their own printing press. So
niche efforts can survive with the web as they never could before.
P.S.: Why do you add a "Reply-To:"
field in your e-mail messages? It only has your address, so naive
replies lose your name. Without a Reply-To:, replies will be sent to the
address in your From: field, which should be just fine.
That's a hard one to answer. I have an immensely complex
mail environment, with multiple domains, POP servers, SMTP servers, Proxy
servers, autoforwards, etc. The short answer is that I need a Reply-to:
address to make sure I get all my mail where I want it. I hadn't thought
about putting my full name in there with the address, though. I'll give
that a shot, assuming I can figure out a format that Outlook and some of
my other mail related software won't choke on.
* * * * *
And more from Robert Morgan on cable modems:
Winipcfg pops up a dialog box which has a
button to release the DHCP lease.I've tried it. Didn't help. Just tried
ipconfig at the command line. Same command-line options as NT. Same
result as with winipcfg (which I conclude is a front end to ipconfig).
I can't think why the service provider does
this. I won't be using any more bandwidth with more pc's connected. Says
something about our industry when O'Reilly releases a series called
Product X Annoyances. As a long-timer in the industry it's actually
embarassing to explain why pc's remain so hard to use.
Well, you actually are going to use more bandwidth with
more than one machine connected. The total bandwidth available to you
remains the same, but the amount you actually consume is likely to
increase as you add machines to your network.
The cable modem company is taking the same approach that
the phone company does when they charge more for a business line than a
residential line. It's the same phone line, but (in theory, at least) the
business line will be used more heavily. They charge more heavily still
for trunk lines, which again are just ordinary phone lines. But the usage
differs. If the average residential line is in use 5% of the time, the
average 1FB business line may be in use 15% and the average trunk 85%. So
they charge different amounts for the same physical pair of wires,
depending on the use you put it to.
In some respects, this is justified. At least to the extent
that you're consuming additional resources. I wouldn't like it either, but
they do have a point. I think that $10/month per additional machine is
pretty outrageous though. Something like a buck or two--as many people
have to pay for each additional cable TV outlet, for which they are not
consuming additional resources--might be reasonable.
I'd just put it behind a proxy server and be done with it.
* * * * *
And Chris Fullerton of Netscape responds to my response:
Well, there is a redirect command as part of
the HTTP protocol (you ask for a URL, and the server returns a 302 -
location moved & a new URL - the browser will then automatically
request that new URL).
It sounds to me like the issue you have is
with the sites that employ 3rd party adserving - since they're the ones
that are sending you content that's causing this behavior. The browser
is just doing what it's supposed to do.
Okay. I'll withdraw the term "redirect" and
replace it with the cumbersome but more accurate phrase "sneakily and
without your permission retrieve from another site content that you did
not ask for and do not want", or SAWYPRFASCTYDNAFADNW. No, come to
think of it, I'll just keep saying redirect.
One other thing that I didn't check, but
that might be doing this: sites that use frames. If there's a site that
puts the ad into a frame, then that probably wouldn't trigger the
Now there's a real possibility. I've never much liked
frames anyway, so that would give me a rational reason for disliking them.
I don't think it's quite that drastic :)
Again, netscape does give you the basic tools to foil these cookies...it
sounds to me like you'd like the tools to be better. Here's my answer to
that: you have 3 choices. Buy a better tool that solves your problem,
write the code for one and submit it to mozilla.org, or create a product
& sell it.
Well, what you're not taking into account is that I'm
functioning as a critic here, not as an author. As all authors know,
authors create and critics criticize, usually unjustly. Heinlein reserves
a special place in hell for critics, but I kind of enjoy turning the
tables once in a while. But, yes, I would like the tools to be better.
Persistent cookies delivered by foreign domains are a security/privacy
threat. When such a threat is discovered, both Netscape and Microsoft
usually fall all over themselves to plug the gap. Why haven't they done so
in this case?
I do admit that there's a big difference here between
Microsoft and Netscape. Microsoft appears to do everything they can to
force these nasty cookies on users. Netscape at least tries to address the
problem. So, no, I'm not really saying this is Netscape's fault except to
the extent that they with Microsoft were the company responsible for
popularizing cookies in the first place. The last time I looked, Opera
didn't support cookies at all. I'm not sure how they handle stuff like
shopping baskets and automating logons to password-protected sites, but I
may check out their browser. In the meantime, I've shifted to using
Netscape Navigator as my primary browser. I prefer IE in many respects,
but their cookie handling has driven me away from them. Nowadays, I use IE
only for such things as checking my own web site to see how it looks in IE
or visiting the Microsoft site. For everything else, I use Navigator.
True - but you're in the minority. Most
people are willing to pay the price in order to get the content free.
(and really - the price of the resources that they're using is pretty
negligible. It's the privacy issues that seems to be the real issues
here - I think you'd still complain - and rightly so - if there was
another way to track your actions without using cookies. At least with
cookies, you have the ultimate control - you're always free to delete
Well, I may be in the minority in the sense that many users
aren't aware that their privacy is being raped. But the issue is that
companies like DoubleClick, Imgis/Adforce, and Preferences.com have no
right to assume that they can put stuff on my hard drive without my
permission. And you're right, I'd complain if they had a cookie-free
method of tracking my web usage. What these people are doing amounts to
virtual stalking, and something needs to be done to put a stop to it. Much
as I hate spam, at least spammers are up-front about their obnoxious
activities. What these people are doing is behind the scenes and all the
worse for that.
* * * * *
And the following from Bret Musser regarding cable modems:
Hopefully I can clear up the cable modem
confusion. First, about multiple computers on the same modem. Many
modems, in particular the Motorola Cybersurfr, will accept multiple
computers IF they are configured for it. Naturally, the modems are
configured by the @Home service (or whoever else is running the cable
modem system). The modem regulates the number of computers by accepting
the first "N" MAC addresses it finds. For the Motorola,
N<=3, I believe. The cable modem itself does NOT have a DHCP server
inside of it. The DHCP server resides on the ISP's servers (e.g. @Home).
Yes, that all makes sense. However, I do know that some
such devices do literally have DHCP servers built into them. For example,
my friend Steve Tucker just installed a 3Com ISDN router, which has a DHCP
Server built right in. You manage it with a web browser. I was assuming
that cable modems might have the same functionality, but I'll take your
word for it that they don't. Or at least I will until someone mails me and
swears that his cable modem does have its own DHCP Server. Things change
You can certainly set up a box with two
ethernet cards and run a firewall. Your internal network can simply be a
private address (e.g. 192.168.1.*) and you can have as many machines as
your budget allows. The firewall is then attached to the cable modem
and, if set up correctly, the outside world should never know how many
computers you have on the other side of the firewall. There is plenty of
software available to do this: many people just run Linux, which
supports this out-of-the-box, others run Wingate (for Win95) and others
run IPNetRouter (?) for the Mac.
Right. That's exactly what I recommended that Robert Morgan
do. He's running Linux, so he shouldn't have much problem getting along
with just one IP address.
For the person looking to get his Linux box
running, the easiest solution may be to simply reset the cable modem (if
it is a Motorola, there is a little button on the back of the modem).
Resetting the modem makes it search for a new MAC address; make sure the
Linux box is running and not the Windows box, otherwise you won't know
which machine will be "discovered" first by the modem. He
should also be running dhcpd on his machine, version 0.70 or higher.
Thanks. That's a very useful piece of information. I'll
forward your message to Robert Morgan in case he misses seeing it on my
With regard to the person complaining about
the $10 charge per month for the second IP address, what he is buying is
the second IP address and the ability to use 2 computers at once without
having to mess around with WinGate, IP masquerading and whatnot. Yyou
can also do more things with the second IP address than you can with IP
masquerading; running IP masq and a firewall limits the activities of
the second computer.
Yep. I do think that $10 a month is a bit much, though.
What they're obviously trying to do is restrict bandwidth usage, and I can
kind of see their point. Most of the people who read this are a lot more
sophisticated than the average home user, so getting around these things
isn't much of a problem. But I've got to think that cable companies who
attempt to restrict home users are making a mistake. When it comes right
down to it, what's the difference between having one PC connected to the
cable modem and having two or three connected? There may be a slight
increase in traffic, but probably not much. And there's really no way to
say that one home that has only one PC connected will generate less
traffic than another home that has two or three.
December 12, 1998
Yesterday I started playing around with MP3, which seems to be the
coming thing in audio. I don't know a thing about it, so I decided it was
time to learn. MP3 is a lossy compression technology that allows digital
audio data to be compressed to a small fraction of its original size while
still maintaining near-CD quality. A typical 600 MB audio CD turns into
about 60 MB of MP3 data. With hard disk space rapidly approaching one cent
per MB, that means I could store a complete audio CD on about a dollar's
worth of hard disk space.
I got started on this because of the main drain backing up. Taking care
of that meant I never did get out to get our cell phones reprogrammed for
our new area code. While doing that, I'd intended to stop at Computer and
Software Outlet, which is near GTE Wireless, to pick up a CD audio cable,
which Barbara's computer doesn't have. Right now she's using her portable
CD player to feed the second input on her computer speakers. I figured
that if I can get MP3 working I could just copy a dozen or two of her
favorite CDs up to her hard drive and store them as MP3.
I'll have more on this once I actually get things working and have a
moment to jot down my notes about it.
* * * * *
My mailbox was loaded again this morning. I'm posting maybe 25% of the
mail I'm getting, and even at that it's taking way too much time. I need
to come up with a more streamlined way to do it. Perhaps I should go to
separate mail page. I'm posting the first letter because it mentions
something that's been concerning me:
From Jim Stephens:
I've sent you several messages
and you've never posted any of them but you post several messages from
other people. Are they your friends or something?
No, with a couple of exceptions, I don't even
know the people whose messages are being posted here. I often get mail
from half a dozen or more people on the same topic, often making pretty
much the same point. When that happens, I usually end up posting the first
one I receive. Sometimes, I'll check my mail in the morning and find a
batch of messages all on one topic. When that happens, I post the one I
think did the best job of covering the topic at hand. Also, some of these
messages are ongoing exchanges. In those cases, I do try to post followup
messages from the person who originally started the exchange.
* * * * *
And the following from Chuck Waggoner:
I REALLY enjoy your website, and have been
content to read quietly--until today. You are far more optimistic than I
about the future of user friendliness regarding web content and privacy
I don't know that I'm more optimistic, but I do think we
should fight privacy abuses. And it's people like us who have to do it.
The vast majority of Internet users don't even know that cookies exist,
let alone what's being done with them. Most of them would be very upset to
learn that their movements were being tracked without their knowledge or
permission by faceless companies. But as long as browser vendors continue
to make "Accept all cookies" the default, the average user is
unlikely to realize what's going on, let alone do anything about it. Most
browser users don't even change the default start page, let alone check
These days, I pay close to 10 bucks for a
movie, and can't even inconveniently--forget conveniently--avoid the
commercials that are now projected right up there on the big screen
before the feature begins. It costs me nearly $3.50 to rent a movie, and
again, I pay to see commercials, which are at the least, also
inconvenient to avoid. How about cable TV--ours is about $40 a month
(without any premium channels); remove the local channels, and the great
majority of what's left plays far more commercials than the network and
local stations (ever try the Weather Channel?). Don't forget public
radio/television--they get our tax dollars, and then--at the usual times
of our favorite programs--there they are, begging for more.
Yep. I'm as outraged as you are. We don't have children, so
we don't buy many video tapes. When friends of ours let us borrow a tape
that my mother wanted to watch, I was shocked to see that this tape for
which they'd paid $20 or more had eight minutes of commercials before the
opening credits. That's foul. And I agree about public television. Barbara
and I used to send them a check every year, but we've given up. The final
straw was when Travellers' Insurance picked up Mystery and started running
a commercial at the beginning of it. I've often wondered why books don't
have ads. At some point, some clever marketing guy is going to come up
with the idea of selling ad pages in the latest Tom Clancy or Anne Rice,
and then we'll be lost...
If the past is even a modest sign of what's
in store, not only will we be paying a service provider, but also paying
the sender of our content, AND watching ads. My guess is that the
amounts in question will be more on the order of bucks or mega-bucks
Yes, but then there's the example of HBO, Showtime, etc.
They've established that people are willing to pay for uninterrupted
content. Certainly many people subscribed to these services because they
ran recent movies before the networks did, but many also subscribed
because the content was free of commercials.
MilliCent or something similar is critical, because it
allows people to access premium content without making an expensive or
long-lasting committment to a site. Paying $10 for a year's access to
Pournelle's site is one thing. A lot of people will pay that, sure, but a
lot more won't. MilliCent would allow him to charge five cents a day
instead, and a lot more people would risk that five cents than would risk
the ten dollars. The other thing MilliCent gives us is the ability for
small sites to compete with large ones. Right now, advertising is starting
to concentrate in the larger sites, leaving smaller ones out in the cold.
MilliCent would allow smaller, more specialized sites to compete on an
equal footing with the behemoths.
Point 2--beyond the invasion of our
computers by unwelcome cookies, here's another one. A couple of times, I
have left a web page of The New York Times open in my browser (their
Quick News page). At intervals, it will call my dialup connection,
update itself, and leave my connection hanging on when it's through.
This, without asking, and even though I may have the browser set to
That's truly strange. This is the first I've heard of that
happening. I'm not even sure how it could happen.
After half-a-career in and around the media
and advertising, my guess is that--except when severe recessions force
it--user helpfulness and privacy will be near the bottom of corporate
America's concerns. Again, thanks for your site.
You're probably right...
* * * * *
And this from Shawn Wallbridge:
I was just reading your site
and I was curious about the DHCP server so I ran winipcfg. Here is what
Host Name: cs-4102-a.wpnk1.mb.wave.home.comD
DNS Servers: 184.108.40.206
Node Type: Broadcast
IP Routing Enabled, WINS Proxy Enabled, and NetBIOS Resolution Uses DNS
are all unchecked
Ethernet Adapter Information
Adapter Address: 00-A0-4B-02-C8-90
IP Address: 24.65.x.x
Subnet Mask: 255.255.254.0
Default Gateway: 220.127.116.11
DHCP Server: 18.104.22.168
I guess this means the DHCP Server is run at Shaw. BTW I have a TeraPro
modem by Terayon.
I also agree with you about cookies. I hate the fact that IE makes it
out to be the end of the world if you try to delete them. I did some
consulting work for a company that wanted to do anything they could to
track visitors. Someone had told them about cookies and they demanded
that they have them on their site. Needless to say I turned down the
job. Last I heard they had been kicked off their ISP for sending Spam.
Yep, the DHCP server is at Shaw. The one item
I find particularly interesting in your list is the subnet mask. That 254
means that they're using nine bits for the host address (/23 in CIDR
parlance), which means each subnet has 512 addresses. Apparently, they
think each cable segment can support 500 users, which seems a bit much to
* * * * *
And this from the Boatright Family about Opera and
from the opera help screen (3.51)
Enable Referer logging
Do you want Opera to send information
refering to the page from where the document or picture was requested?
If you enable this option, web servers can store information about the
site that you last visited before you jumped to the current one. This
allows webmasters to analyse how people find their way to his website.
DISABLE this option if you don't want to reveal this information.
Enable Cookie Logging
Cookies allow the server to store
information on your disk. Many scripts have started to use this and will
not work without it.
Thanks. It appears that Opera also supports cookies now. I
guess there's no fighting it. I do think it's interesting that Opera
allows you to disable Referrer Logging. As far as I know, neither IE nor
Navigator even gives you this option. As far as Cookie Logging, given the
good things I've heard about Opera, I'm kind of surprised that they don't
have better cookie filtering built-in.
December 13, 1998
Barbara and I spent yesterday evening with our friends the Tuckers
listening to it rain. It poured from dinner time through the night. My
guess is that we probably had six inches or more of rain, although we
don't know for sure because Barbara takes down her rain gauge when
freezing weather is in prospect. At any rate, the drought should be over.
Winston-Salem gets its domestic water supply from the Yadkin River and so
never has to worry about drought. But our sister city, Greensboro, thirty
miles to the east, depends on reservoirs, and was beginning to panic.
They'll be very relieved to get this rain.
Today is devoted to chores around the house, so I'd better get started
on the laundry.
* * * * *
And more on the Opera web browser from Rick Boatright:
Remember a couple of things about Opera that
become important about issues like cookie filtering. Opera is designed
as a lean mean browsing machine, and they are still ageting that magic 1
meg download. Opera still fits on a single floppy disk. I do not think
that every utility function _NEEDS_ to be in the program itself, and
external cookie control gives me (and others) the ability to tweak what
we want to tweak. While opera isn't open source, it is small, fast, and
the best browser I have _ever used_.
Yep. That's a good point, and I wasn't really criticizing
Opera. As I mentioned, I've heard good things about Opera. In fact, I
don't think I've ever heard anyone have anything bad to say about it.
But then Bo Leuf has this to say:
Hm, yes, and when I looked, the cookies.dat
file format is proprietary binary as well, so you can't inspect/modify
it like the flat text cookie files in Netscape and IE. I'm querying
their support about this and will report any answers.
Hmm. Well, if that's the case, I don't think I'll be using
Opera. At the very least, I want the ability to delete bad cookies while
keeping the good ones. I'll be interested in hearing what their tech
support has to say.
* * * * *
And Robert Morgan has this advice about MP3:
Two things you need to get for MP3:
for the best player, $10.00
for the best cd-ripper /mp3 encoder, $29.95
I've looked at just about all of them and
these two products rise to the top. You'll also need a pretty good cdrom
to do the ripping. I'm using a Toshiba SCSI that works beautifully. My
HP7200 cd rewritable also works well. $25. ide cdroms tend not to work.
Thanks for the advice. The WinAmp page was probably the
first one I hit when I started looking for stuff. Several people have told
me that it's the default standard MP3 player, and I'll probably check it
out. I also found the XingTech page early on, and its products looked
impressive. However, since I'm just playing around, at least for now, I
decided to see what kind of freeware was out there.
For ripping (which you know but some may not is the process
by which audio data is extracted from the source audio CD), I'm using a
product called CDCopy. It's shareware, but not crippled. For MP3 encoding,
I'm using BladeEnc, a freeware product. Although it's a Win32 program, it
uses a text-mode interface that looks like DOS. There are any number of
graphical front ends available for it, though.
You're certainly right that the CD drive has a major effect
on ripping, although I've not had any problems with the two IDE drives
I've tried. On my main Pentium II workstation, I used a Teac 24x IDE CD
drive. It ripped an hour's worth of CD music in about 15 minutes, yielding
about 4x performance. Just to see how much hardware affected speed, I
tried ripping the same CD on my Dell 200 MHz Pentium system. The IDE CD
drive in it is at least 8X, and I think perhaps more. It ripped an hour's
worth of CD music in about an hour, yielding 1x performance. I suspect
anything slower would have caused problems.
* * * * *
And Roger G. Smith has been checking out how my latest
book is doing on Amazon.com:
Just for grins --:
Lingo in a Nutshell , publ'd November 10,
1998, Amazon sales rank: 8,075 (no real competition)
NT TCP/IP Network Administration, publ'd October 1998, Amazon sale
rank, 3,110 (no real competition, but a Gazillion NT books competing for
mindshare and $$$)
Yes, as you know, the Amazon.com rankings are an ongoing
source of debate on the Computer Book Publishing mailing list. No one can
figure out exactly how they're arrived at, what period they cover, etc.
Windows NT TCP/IP Network Administration first appeared on the Amazon.com
rankings a month or so before it actually hit the bookstores. I check its
ranking frequently, and I've seen it as high as 159 and as low as 8,xxx,
although it seems to spend most of its time between about 500 and 1,500.
That's actually pretty good, and should translate into reasonable sales.
At least I think it should. As I said, no one can figure
out exactly what the numbers mean, except that it's better to have a
relatively low ranking number than a high one. O'Reilly sends out royalty
statements quarterly, about 45 days after the end of the quarter, so I
won't have any real sales numbers until about mid-February.
Coming Soon (I hope)