photo-rbt.jpg (2942 bytes)

Daynotes Journal

Week of 12/7/98

Friday, July 05, 2002

Email Robert

TTG Home

Robert Home

Daynotes Home

Last Week

Next Week








A (mostly) daily journal of the trials, tribulations, and random observations of Robert Bruce Thompson, a writer of computer books.

Monday, December 7, 1998

There wasn't much I felt like reading last night, so I started checking the TV section. The History Channel had some stuff that looked interesting, so I turned it on. The first was an episode of their history of the gun series, this one about the Thompson Gun. John Taliaferro Thompson, the gun's inventor, is a distant relative of mine, so I decided to check it out.

They actually did a pretty good job on this episode, although they greatly overemphasized the extent to which gangsters adopted the gun. That was more Hollywood myth than reality. Certainly, some gangsters used the gun, but it was by no means as common as this episode and the gangster movies would have you believe. Most gangsters chose shotguns for serious work. When they wanted an automatic weapon, they tended to use the Browning Automatic Rifle (BAR). That was a known quantity from WWI, while the Thompson Gun was a new-fangled gadget.

And rightly so. I've put quite a few rounds through a 1928-A1 model. The Thompson Gun is great fun to shoot, but it wouldn't be my first choice of weapon. Regardless of what the movies show, the Thompson is controllable only when firing short bursts, even when the Cutts compensator is installed to reduce muzzle climb. The buttstock is below the line of the barrel, which means that recoil wrenches the gun up and to right as you fire it. I was able to hold 3 or 4 round bursts on a standard FBI target at 50 yards, but bursts longer than that simply waste ammunition. The drum magazines were another weak point. No matter how careful you are to keep them clean and load them properly, they jam. The military recognized this, and the M1 and M1A1 models used during WWII used only 20- and 30-round stick magazines.

Submachine guns generally are not a particularly effective class of weapon. Twenty years or so ago, I participated in an ad hoc experiment to test the effectiveness of an SMG against a riot gun. My friend used his SMG, a MAC10 in .45 ACP with the Sionics suppressor, and I used my Hi Standard 10B riot gun, with the Garth Choate magazine extension installed, giving it an eight round capacity. He started with a 30 round magazine of .45 ACP, loaded to its maximum reliable capacity of 28 rounds. I started with eight rounds of 12 ga. magnum #4 buckshot, roughly the equivalent amount of lead to 24 of his rounds.

We each had eight targets to "kill" and started together on a signal. When the smoke cleared, he'd "killed" four of his eight targets, disabled two more, and left two standing. I'd shredded all eight of mine. If that'd been a real fight, he almost certainly would have been dead, whereas I'd have had a reasonable chance of surviving. The moral is, if you ever have to defend yourself, pick up a shotgun. As Jeff Cooper says, firepower means hitting what you're aiming at, not peppering the landscape with misses.

* * * * *

I'd better get back to work on the book. I want to have at two more chapters submitted before Christmas, and that's going to be pushing it.

* * * * *

I've decided to dispense with the separate book of the week page, and just embed my mini-reviews in my journal. I have too much to do already, and creating separate pages for each book is too much work. The book of the week this week is Dinosaur Cat: A "Big Mike" Mystery by Garrison Allen. Barbara brought me this one, and I'll admit I moved it to the bottom of the stack because it didn't look like something I'd like. I like mysteries, but the cover art on this one turned me off. Now I'm sorry I waited, and I've asked Barbara to bring me any others in the series that she has. Although this book has gotten mixed reviews, including a pretty bad one from Kirkus (whose reviews I normally respect), I enjoyed the book. If P.G. Wodehouse had written mysteries, this is the kind of mystery he'd have written. Allen populates this book with a diverse assortment of eccentric characters, but it's a serious mystery nonetheless. Check out the reviews on Amazon. I recommend this book.

* * * * *

And the following mail from David Davenport:

I have recently purchased and read your "Windows NT TCP/IP Network Administration" text. This book was extremely valuable during my recent establishment of a WinNT remote access server. My question for you is this: How can one capture RAS PPP packet traces? It doesn't seem to be possible with Network Monitor. I would greatly appreciate any assistance you might provide and look forward to your response.

To the best of my knowledge, you can't do that, although I haven't tried lately. I remember trying to do that years ago, and I couldn't get NM to capture packets for anything other than a "real" network card. Craig, any ideas short of using sniffer hardware? I'll also post your question on the web site to see if anyone else has a workaround.

If anyone else has encountered this problem and figured out a workaround, I'd appreciate hearing about it.

Tuesday, December 8, 1998

It continues to be quite warm around here for December. We have an indoor/outdoor min/max thermometer in the kitchen, and yesterday it made it up to 81 degrees. It's expected to hit nearly 80 today as well.

I got a fair amount done on my chapter yesterday, and also spent some time on the phone with vendors trying to sweet-talk them out of evaluation units. It takes more work to get hardware evals than software evals, and I don't understand why that should be. Certainly, the actual cost of hardware evals is higher, but if I ran a hardware company I'd be falling all over myself to send out eval units to authors.

Companies pay thousands to put space ads for their products in computer magazines, and yet no one I know is seriously influenced by those ads. Certainly, ads are useful to announce new products, or whatever, but who's going to believe all the nice things that an ad says about its own product? A book, on the other hand, is an unbiased source of information. No author I know is going to recommend a video card or a hard drive simply because he got a free sample. Pournelle used to joke about the bribe of the month, but the truth is that nothing was ever recommended in his column unless it was worth recommending.

We ask for eval units simply because we can't afford to buy examples of each product we want to look at. Like other authors, I often buy products that I can't get evals of, and I've frequently recommended the product that I had to pay for rather than the competing product that I got a free example of. Still, I can't buy everything, and I'd think that a hardware company would want to make sure that I at least had an opportunity to look at their product.

* * * * *

I get mail periodically from people who are looking for guidance about setting up their own web sites. I'm no expert on web sites, but I have learned quite a bit in the process of setting up my own and running it for the last 6 or 8 months. If you want to set up your own web site, here's my advice about how to get started:

  1. Pick up a copy of Peter Kent's Poor Richard's Web Site: Geek-Free, Commonsense Advice on Building a Low-Cost Web
    . This book tells you everything you need to know about getting a site set up.
  2. Sign up with a web hosting service. Running your own web server is a losing proposition. For $25 a month or so, you get your site hosted by professionals. You get things like multiple redundant T3 lines, high-end Sun servers, and so on. Stuff you couldn't provide yourself. There are a lot of web hosting services out there, with prices that range from $5 a month on up. I found the array of choices bewildering, so I took a shortcut. Peter Kent is a friend of mine, so I just asked him who he used and signed up with them. The company we both use is called BigBiz., and I've been very pleased with them. If you sign up with them, please tell them I sent you. I get two weeks of free service out of the deal, which translates to $12.50. Every little bit helps.
  3. Get a copy of Microsoft FrontPage and use it to manage your site.


Back to work on the book...

Wednesday, December 9, 1998

And still one more thing you can do with that PalmPilot you get for Christmas. The following message was posted to the Computer Book Publishing mailing list, which is run by my agency, StudioB Productions:

Using Palm Pilots to Steal Cars

This week the U.K.'s New Scientist reports that computer journalist Lars Sorensen has discovered a technique for using the infrared port on the new generation of Palm Pilots to break into cars with infrared remote keyless entry systems. The Palm Pilot apparently has software that records the infrared signals from TV and video remote controls, so that you can turn your PDA into a universal remote for all your home entertainment gadgets. According to New Scientist, Sorensen successfully used the same system and software to record the infrared signal from a friend's car remote, enabling him to enter the car and disable its alarm.

Salon's Janelle Brown followed up the story stateside, and secured this less-than-reassuring quote from Palm PR manager Elizabeth Cardinale: "We aren't responsible for third-party applications, though we think it's unfortunate that our product is being used for an illegal use. [But] there might be a good thing that will come of this. Say someone wanted to have the key to their car code stored in their Palm Pilot, just in case they forget their keys."

Neither Brown nor New Scientist reporter Duncan Graham-Rowe reported any auto theft by PDA, but can it be far behind?

Palmtop Plunder

Palm Pilot-Assisted Auto theft

I've been told that no U.S. model vehicle uses IR for remote keyless entry systems. They apparently all use RF, with a "code rotator" mechanism to prevent code grabbers from compromising them. Still, those articles seem a bit over the top. It's unlikely that you could grab the entire sequence from IR backscatter, and I can't believe many people would honor a stranger's request to point their IR remote at the stranger's PalmPilot.

* * * * *

And this email from Bill Costa in New Hampshire, in response to an article that I originally wrote about Windows NT Workstation Backup for Windows NT Magazine. They rejected it (the first and only time as an author that I've ever had anything rejected), so I posted it to my site and sent a copy to Pournelle:

Just a quick note to say thanks for making your article available via the Internet. I get Windows NT Magazine and this article is as good as anything I've seen there. Who knows why they rejected it.

Thanks for the kind words. That was the first (and only) magazine article I've ever done. I like doing books much better. I don't know why they rejected it either. It may have had something to do with the fact that the original editor left and another arrived while I was writing the article. New Hampshire. Now there's another place I'd like to live. I admire your state motto.

* * * * *

Another data point in the war against cookies. For those who are unfamiliar with them, cookies are one mechanism that can be used to overcome some of the problems associated with the fact that HTTP servers are stateless. Stateless means that every interaction between a client and server is completely independent of other interactions that have occurred between them. The server doesn't keep track of past interactions with the client, even though they may have occurred only a fraction of a second earlier. In other words, no session exists.

For example, if you hit to look for a book, no persistent session is established. Instead, each page and other element you request is delivered to you independently of all other elements served to you during your browser session. The web server has no idea that subsequent requests are related to the original request. It simply delivers individual pages to you as you request them. That makes it hard for the server to do useful things like storing your account information, keeping track of the items in your shopping basket, etc. The kind of things you'd like it to do to improve your browsing experience..

One way the web server can get around this problem is to send your browser a cookie, which is simply a small data file that your browser stores on your local hard disk. In addition to sending you cookies, the web server can also read cookies that it sent to you earlier. For example, when you add a book to your shopping basket, that item is stored in a cookie on your hard drive, allowing the web server to keep an updated list of the current contents of your shopping basket. This is a good and valid use of cookies, as is the use of cookies to store your username and password for sites that require a login. There's a darker side to cookies, however.

Many people think that cookies are no security threat because cookies can only be read by the domain that created them in the first place. That's true as far as it goes, but it doesn't go far enough. A web page can be designed to redirect incoming requests transparently to a different web page, which may reside on that site on on a remote site that uses a different domain name. For example, entering the URL causes the browser to retrieve and display the main AltaVista page. However, that page redirects your browser to a site in the domain, which records your unintentional visit. Although you never explicitly told your browser to connect to any site in the domain, this redirection allows to take control of your browser (unknown to you) and write its own cookie to your hard disk. If you subsequently visit a different web site that also has an arrangement with, the server can read the cookie it wrote during your earlier session and use that information to keep track of where you've been.

In theory--and often in practice--these unauthorized cookies are an aid to tracking ad delivery. But they open the door to abuses of your privacy. Because companies like DoubleClick, Imgis/AdForce, and MatchLogic keep track of which web sites you visit, the potential exists for them to build a profile of your browsing habits. I don't want some faceless company keeping track of what I do on the web, and you probably don't either. Unfortunately, they make it very hard to avoid.

Until recently, both Internet Explorer and Netscape Navigator gave you only three choices about cookies. The default choice, Accept All Cookies, leaves you wide open to cookie abuse. Reject All Cookies keeps you safe from the invasive actions of DoubleClick and their like, but also prevents you from using "good" cookies for their original purpose. The third choice warns you each time a cookie is served to you and allows you to decide individually whether or not to accept each cookie. The problem with that one is that a single web page can deliver many cookies. I have IE setup with the Warn option, and one web page I hit delivered almost 30 cookies. Choosing that option makes the web browser unusable.

There are third-party browser add-ons like CookieCrusher that take a rational approach by allowing you to allow or disallow cookies by domain. Using one of these products, for example, you could allow all cookies except those that originate from DoubleClick, Imgis/AdForce, or MatchLogic. This is the kind of functionality that should be built into IE and Navigator, but isn't, probably because Microsoft and Netscape are implicitly or explicitly in league with those companies.

So when I installed Netscape Navigator 4.05 some time ago, I was pleased to see a new option for handling cookies. The check box is labeled, Accept only cookies that get sent back to the originating server, which sounded exactly what I was looking for. I don't mind accepting cookies from the sites I visit intentionally. It's those stealth cookies delivered by redirection that upset me. So I was heartened to see this new option in Navigator. The trouble is, it doesn't work the way it's supposed to. I don't know if that's because it was never intended to, because it has bugs, or because MatchLogic and other companies have come up with crafty ways to get around it.

What I do know is that I kept a close eye on my cookie file for quite a while after I installed Navigator 4.05, and it appeared to be working as expected. That now turns out not to be the case. I hit my agent's web site last night, and was shocked to see that it's now delivering cookies, including "bad" cookies. I emailed my agent, who told me that he wasn't aware that was going on and that he'd put a stop to it. But getting those cookies from his site motivated me to go out and look at my Netscape cookie file. I wasn't pleased at what I found. Below are some excerpts from it:

# Netscape HTTP Cookie File
# This is a generated file! Do not edit.    FALSE    /    FALSE     1893455946    FALSE    /    FALSE     942189081    TRUE    /    FALSE     1070371689    TRUE    /    FALSE     1182140350

I particularly like the gratuitous warning not to edit the file. It's a standard text file, and you can delete anything you please from it. Apparently, they want to dissuade people from deleting "bad" cookies. I greatly resent the way that Microsoft and Netscape appear to actively cooperate with these companies. In fact, I think what all of them are doing is probably illegal under existing law. When I visit a web site, it could be argued that I am implicitly giving that site permission to write its own cookie to my hard disk. But nothing I have done grants permission to these other companies--whose sites I have not voluntarily chosen to visit--to abuse my computer and my hard disk by storing information that is for their own benefit. They are in essence stealing resources from me, and I suspect they could be charged under existing anti-hacking laws if anyone cared to make a point of it. For their defective cookie management mechanisms, Microsoft and Netscape should be charged as accessories before and after the fact.

Thursday, December 10, 1998

The following mail from Robert Morgan about cable modems and DHCP:

Well, my cable modem was installed yesterday and it's damn impressive. I downloaded Netscape Communicator 4.5 directly from my service provider at better than 300 k/s. This morning I downloaded three things at the same time from across the net at 50 k/s each.

Yep, that's certainly better than the 2.5 to 3 KB/s I get via dialup. Congratulations. I'm envious.

The installer had me disconnect my pc from my hub, and plugged the modem (a Motorola Cybersurfr Wave) directly in to my pc. Later, I plugged the modem into the crossover port on my hub and my pc worked fine. Other pc's were assigned an ip through the cable modem's DHCP server, but wouldn't see the internet. I suspect that they limit traffic back through the modem to the first machine connected. Have you ever heard of this feature? I suppose I'll install a second network card in my linux box, connect the modem to it, and then use ip masquerading the same way I used to with my ppp connection.

I'm not sure whether you mean there's literally a DHCP server built into the cable modem, or DHCP was delivered via a server at the central office. If the former, and if the cable modem has NAT functionality, you may be able to reconfigure it to provide private addresses behind the cable modem. If the latter, they're probably restricting you to one IP address, although I'm surprised that the DHCP server would even assign addresses to your other machines. Are the addresses assigned to your other machines private or public IP addresses?

If you have a WinNT or Win9x box, I'd suggest you download the WinGate proxy server and install it on the machine connected to the cable modem. You can then configure your other machines for proxy access.

Plugging the modem onto my lan also broke my internal tcp/ip network. My machines are all in the range. If I let one get a new IP from the service provider's DHCP server, then that one sees the internet but no longer sees the internal network. I can't figure out the right routing commands to see my network, and I'm not even sure if it's possible without putting the modem onto a second NIC and using proxy or ip masquerading.Oh well. I'll figure it all out with the time I save not waiting for the internet to download!

Yes, the IP address and netmask that the service provider's DHCP server assigns to the Ethernet card in that one machine puts it on a different IP network from the rest of your physical network. Depending on what OS you're running on the connected machine, you could probably assign multiple IP addresses to one card, but with Ethernet cards at $15 to $35, it'd be cleaner just to install a second card to connect to the rest of your network. Assign that second card a 192.168.100.x address, create a static route, and install WinGate on that machine. That machine talks to the cable modem on the public IP network address and to the rest of your network on the private IP address. I've never tried WinGate other than LAN-> dialup, but it should also work fine LAN->LAN.

I don't know why service providers go out of their way to make things harder. I guess they figure they can restrict the service to one PC nearly all of the time and so just don't worry about what'll happen when a customer knows what he's doing. I'll post this on the site and ask anyone who's actually done a workaround for this to respond.

As it turns out, I got mail from Robert telling me that he now has things under control and plans to use Linux to implement IP Masquerading, which should solve the problem.

* * * * *

And here's a mouse cleaning tip. While I was reformatting my cookie rant to send to Pournelle, my mouse started acting jerky. I keep a bottle of isopropyl rubbing alcohol, some cotton balls, and some Q-Tips on my credenza. When I opened the mouse, I found that I was out of both cotton balls and Q-Tips. Rather than getting up and going into the bathroom to get more, I decided to try using a pipe cleaner. As it happens, I have some of those rough pipe cleaners. They're like a regular pipe cleaners, but have stiffer bristles interspersed with the regular ones--kind of like a regular pipe cleaner with nubs.

I've always had a problem getting the mouse rollers completely clean. The junk in there tends to get wrapped around the rollers, forming a tight knot that's almost impossible to get off with a Q-Tip. Sometimes I actually have to resort to scraping the roller gently with the tip of my Swiss Army knife. The rough pipe cleaner takes care of that problem. The nubs actually grab the stuff wrapped around the rollers and pull it loose. They're not rough enough to abrade the rollers, either. You can get the rough pipe cleaners at most tobacco shops and some drugstores.

* * * * *

And this follow up from Robert Morgan:

Reports on your web site of my success getting my network back up with the cable modem in place may have been premature. If I turn off everything, then plug the cable modem into any machine other than the first one I used, it will get a DHCP ip address, but the other end refuses to send me any packets. I ping, I see a TD light go on, but I never get an RD light back. Perhaps they're remembering the physical network address of the first machine and won't talk to anyone else? Or maybe they're just remembering the first IP address assigned to me. I tried to make linux request the number my Win98 box was using but it wouldn't. Arrggh.

This means that I can't get my linux server to use the cable modem. So I have to put a second NIC in the Win98 box that does work with the cable modem. But my Win 98 workstation is loaded to the gills - no room for another NIC. Arrggh. Do you know if it's possible in Win98 to assign two ip's to one NIC? Arrggh. And I just tried putting in a Diamond Monster MX300 in my Win98 box and damned if I can make Win98 load the drivers for it. Argggh. Windows 3.11 for Workgroups here I come.

P.S. In not really related news, /. is reporting that our fine Canadian government will start collecting royalties on blank audio media to the tune of $0.50 / 15 minutes of digital audio. One cd = 75 minutes or $2.50. A blank cd costs me $1.69. 150% price increase. Think I'll buy a thousand before January, when it begins. What happens when they realize I've got 50 cd's worth of .mp3's on a couple gigs of hard drive?

Yep, it sounds like they're taking strong measures to prevent anyone from connecting more than one machine to the network. From what you've said, it's not clear to me exactly what they're doing. My guess is that it's based on MAC address rather than IP address, though. One easy way to check would be to determine the IP address on the machine that works properly, disconnect it, connect another machine, and use static addressing to give it the same IP address and other IP configuration information that works on the first machine.

If that doesn't work, it's a pretty safe assumption that they've married your account to the MAC address on the first machine. You could verify that by removing the Ethernet card from the machine that works and installing it in your Linux box. If your Linux box then connects, you can probably assume that the problem is MAC based.

Another possibility would be to kill your DHCP configuration. In Windows NT, you can use the command IPCONFIG /RELEASE to do that. I'm not sure what the equivalent is in Win98, but there should be one. If all of that fails, you could try calling their tech support and telling them that you've just upgraded your Ethernet card and now your link doesn't work any more. When they kill it on their end, just connect your Linux box to the cable modem and see what happens.

As far as the tax on media, I'm sorry to hear that. If the computer industry spent as much on lobbyists as the music industry does, we wouldn't have that problem.

Friday, December 11, 1998

The cable modem discussion has been generating quite a bit of mail. I've been replying to many of them privately, but posting some of the more interesting ones. Apparently, what you get when you install a cable modem varies quite a bit depending on your provider. The first message is from my friend John Mikol, who has a cable modem through King Cable/Online South. I mailed him Robert Morgan's message about DHCP weirdities, and asked if he'd had any similar problems. He had this to say:

The only problem I had was a few weeks of spotty service due to a bad AMP on a pole between me and the head-end. I wouldn't be surprised if there was a DHCP server in the cable modem, but I would assume that it was proxying to a central DHCP server. OLS charges per IP address, so I set up a Linux box to NAT, proxy, DHCP, DNS, SMTP, etc. It works great. I patched to kernel to include PPTP NAT and it works great (although it can only handle one client at time)

King Cable issues a static IP address to each customer, and apparently allows you to buy additional ones. I'm not sure why anyone would do that for a home network, but it's nice that they offer the option. But then I got the following mail from Jerry Mah. It appears that his provider, Shaw Cable, goes to the other extreme. They don't provide a static IP address at all, and try to charge you a monthly fee for each additional computer you connect. I agree with Jerry that that sounds ridiculous

I'm really enjoying your discussion on cable modems, considering the fact that I just recently hooked up for service with one.

My ISP (Shaw Cable Modem, using a Motorola Cybersurfer) charges an additional $10/month for each additional machine that you throw onto the network (you pay for the hub, they just let you have a machine name in which to pull the DHCP off of their server). I thought that this was sort of an absurd amount considering the fact that I wasn't able to pull in any more bandwidth, and that they weren't offering me anything in return for the $10. I then considered setting up a proxy server so that I wouldn't need the extra $10/month.

Note: The DHCP was also bizarre in that I needed to install some special script that their CD provided. Setting up NT with a normal DHCP set up did not seem to work properly.

The solution that seemed to be the easiest was a product called WinProxy. I initially attempted to hook up some other proxy products, but nothing else was quite as simple to try out. I'm currently attempting to set up some more sophisticated proxy products, but WinProxy is working in an pinch.

One question that I have is a problem that I have never seen before... In an attempt to install some ATI video drivers on a Compaq computer, NT gave us the message that we did not have administrator permission? on that machine to install the drivers. Yet checking the account, we were indeed logged in as the administrator. Any thoughts?

As far as the ATI drivers, I don't know any reason why they should return that message. If you're logged on as a user with administrative privileges but not as the actual account Administrator, you might try doing that. If you're logged on literally as "Administrator" already, the only thing I can think of (and this is truly unlikely) is that you're working in a domain environment and the account "Administrator" is a member of the Domain Admins group but not of the Administrators group on the local machine. Maybe someone else has other ideas about this.

As far as the proxy server, WinProxy is indeed a good product. Another product you should look at is WinGate. It's what I use here.

* * * * *

And speaking of here, "here" needs a name. Chaos Manor, while appropriate, is already taken. So what I need is a short memorable name for this place, preferably one that won't be seen as too derivative of Pournelle's Chaos Manor. All nominations gratefully accepted.

* * * * *

My tirade on cookies is generating a fair amount of mail. Here's one from Nat Fairbanks:

I'm not a fan of cookies myself, but you missed an important point in your message about cookies. The advertiser's web server is the one sending you the cookie, and thus fits the criteria of "Accept only cookies that get sent back to the originating server."

Well, no, I didn't miss anything. I think I was pretty clear that it was the advertiser's web server that was actually sending the cookie. By definition, a cookie can only be accessed by the originating server, or by one in its domain. So, logically, Netscape phrased the description for that option button pretty poorly. If taken literally, it would describe exactly the same option as the "Accept all cookies" option button immediately above it. Any reasonable person would believe that selecting "Accept only cookies that get sent back to the originating server" would disable cookies that originated on a domain other than the one at which they had explicitly pointed their web browser. Otherwise there's no point to having that option button.

Your example mentioned, take a look at the source for that page. You should notice at least a few lines like this.

<img src="

sponsor-button/homepage_text2;sz=6x6;ad=159074" alt="Click Here"

width=6 height=6 border=0>Find today's best travel bargains!</a><br>

That tells your browser to request an image from doubleclick. Your browser looks for any cookies, send them along with the request for the image. Then their web server responds with an image, and possibly another cookie. It all relates to the stateless connection. That allows a web page to be created from components scattered across the web.

So has very little to do with sending you that cookie. Yes, their web page told your browser to go get something from another server, but that's a very basic action, needed to keep the web working.

No, AltaVista has everything to do with sending me that cookie. They put the code on that page that causes that cookie to be retrieved from a foreign domain. And retrieving cookies from foreign domains is in no way required to keep the web working.

So what can you do about it? You mentioned several products, but there are many simple ways to control cookies besides the ones you mentioned. My favorite is just to set the cookie file to be unwriteable (very easy to do on a Unix based system). Your browser will still accept and respond with cookies, but they no longer last from session to session. Each time you restart your browser, all the old cookies disappear. That makes the string of connections that cookies create much shorter, and still allows you to use cookies for shopping cart style applications.

Making the cookie file unreadable works with Navigator as you describe, but IE uses individual cookie files and there is no way I've found to stop it from writing those cookies. Even making the directory itself read-only doesn't work. But all of this begs the question: why should I have to go to extra effort and disable some of the useful capabilities of my browser just to prevent some company from engaging in nefarious activities that are against my interests? Accessing my computer and writing a file to my hard disk without my knowledge or consent is already illegal. Why should they be allowed to get away with it?

Another way to deal with cookies is to specify a bad IP address in your hosts file. Put and the rest in that file with the loopback IP, and you won't see anymore ads or cookies. You can also just shut off image loading, and your browser won't load the images from the advertiser, and again, no cookies.

Well, yes, there are numerous ways to get around cookies, but the point is that all of them require effort that I shouldn't have to make, and most of them reduce the capabilities of the browser. By taking actions to eliminate "bad" cookies, I also crimp the ability of my browser to work with "good" cookies. There's no excuse for allowing this to continue.

* * * * *

And still more on cookies, this from Paul S R Chisholm:

I'm in violent agreement with you, and then some.

Turns out one (drastic!) way to turn off a lot of cookies is to turn off images. A lot of banner ads are graphics from third party sites; the graphics have the cookies. (One way Netscape is better than IE: Netscape lets you load all the images for a page with a single click. IE only lets you load images one at a time, or reload after you change your preferences.) I'd presumed Netscape's "Accept only cookies ..." message was aimed at image cookies. I think I get fewer, but still some.

Good points. And in fact I used to keep images turned off in my browsers, not so much to avoid cookies as to make pages load faster. But that's no longer a viable choice. Many web sites today are unusable with images turned off. Nearly all web sites used to offer a text-only option, but that's becoming much less common. And why should we have to forego an important browsing capability just to help avoid cookies? As far as the Navigator "Accept only cookies.." option, my experience is the same as yours. Fewer "bad" cookies, but still some.

IE 3 had a Cookies folder in the Windows directory, full of .txt files you could look at (the name of the file was the name of the host the cookie was for) or delete. IE 4 appears to have the same folder, but with some binary files.

Yes. IE3 puts cookies in my \WINNT\Cookies folder. That folder is still present with IE4, but it now puts cookies in the \WINNT\Profiles\<username>\Cookies folder. They appear to be in the same format there, though. Microsoft's relationship with cookie vendors carries through even here. When you delete one, instead of getting the usual confirmation warning, you get words to the effect of "The file you are about to delete is a Cookie! ...". I guess they use the exclamation point as a way to convince novice users that there's something particularly dangerous about deleting a cookie.

IE 3 would let you know, "You have received a "cookie" (Internet information stored on your computer) from host.dom ... The contents are: ..."

IE 4 tells you: "In order to provide a more personalized browsing experience, will you allow this Web site to put information on your computer? If you click Yes, the Web site will save a file on your computer. If you click No, the current Web page may not display correctly." You have to click "More Info" to see who the cookie is from! Naturally, "cookies" (by that name or any other) are not mentioned in the IE 4 online help.

The thing about "may not display correctly" is yet another red herring designed to convince novice users that Cookies are mandatory. Yet more evidence that they're in bed with the cookie producers. I think it's also significant that IE conceals the source of the cookie. You get the options Yes, No, and More Info. If you want to see where the cookie is from, you have to click More Info for each cookie. They obviously want you to accept cookies without knowing who's sending them. Otherwise, why not simply display the additional information by default, or at least allow you to make the expanded display the default rather than having to click More Info each time?

I'm willing to let some sites send cookies, even to LinkExchange or such; the sites offer free content for ads, and I want to support them. I'd like to clean up my cookies from time to time, and there are some folks (Imgis, DoubleClick, and MatchLogic) I don't ever want to give cookies to. Feh. --PSRC

I don't think about it that way. I put LinkExchange in with the other "bad" cookie sources. I despise ads in any form, whether they be on TV or a web site. I'll pay for TV programs without ads, and I'd happily pay for web content I wanted. What we're sadly lacking at the moment is a micro-money mechanism. Pournelle's talked a lot about Digital's MilliCent, and that would be a good mechanism if it became widely implemented. I don't see that happening any time soon, however. It has the fatal flaw of being proprietary in a world where Internet standards rule. What we really need is for the IETF to do RFPs for micro-money. If an open micro-money standard existed, I think you'd see the use of micro-money explode overnight. That would also cause web content to flower.

* * * * *

FedEx just showed up with a copy of Red Hat Linux 5.2 and a copy of the Red Hat Linux Variety Pack. Red Hat Linux Powertools is backordered, but I expect to get it in the next week or two. These folks are fast. I emailed my contact at Red Hat at about 5:00 Wednesday afternoon to request a copy of 5.2 and here it is already.

* * * * *

And I'd better get back to work. Barbara is off today, and we have several errands to run. Not least among them is getting our cell phones reprogrammed for the new area code. That has to be done by 12/31 or they'll stop working. Then I have to install some software for her and do a bunch of other stuff in her office. And I need to do my network backup. This day will be consumed by locusts.

* * * * *

Friday Afternoon: We never did get out to run the errands. I had to climb up on the roof to blow out the gutters for the lats time this year. While I was up there, I put the plastic bag covers on the cyclone ventilators. Then the main drain started fountaining again. I thought (hoped) that the problem was temporary, but apparently not. Fortunately, I'd duct taped a trash bag over the drain pipe for the washing machine (where all the stuff fountains from) to prevent it from splashing all over the washing machine and dryer. The water still ran all over the floor, but at least it didn't spray all over the washer, dryer, tables, and so forth as it did the first time.

So we moved everything out of the basement and called the rooter folks. They showed up a couple hours later and drilled out the main drain. After that, we washed down the basement and put everything back. Not a nice way to spend the day.

And mail has been coming in fast and furious....

* * * * *

More on cookies from Nat Fairbanks:

Hmmmm. After checking out the cookie spec more closely it appears I misunderstood the spec. I thought (to use an example from that could set a cookie for, causing yourserver to get the information from the cookie next time you visited.

Now that I realize this, yes Netscape made a useless option and deserves to be criticized for it. The rest of my email was pretty much based on this assumption, so it crumbled pretty quickly. I guess I shouldn't open my mouth unless I really know what I'm talking about. :-) Thanks for clarifying!

Yes, but see what Chris Fullerton of Netscape has to say.

* * * * *

And still more mail on the cookie issue, this one from Chris Fullerton of Netscape:

I have a couple of issues with your article on cookies.First, let me get the standard disclaimer out of the way: these opinions are mine, and have nothing to do with Netscape. I'm not involved with any of the ad services either.

Point 1: Cookies are not 'files' that get sent to the browser - they are just bits of information that get stored in a cookie file. This is a distinction that I think needs to be clear. (I think IE keeps each cookie in it's own file, but that's not the way Netscape does it). There are two types of cookies - one type that gets written to the cookie file (a 'permanent' cookie that has an expiration date) and a temporary one that goes away when the browser is closed down. The temporary ones never make it into the cookie file - they're stored in memory.

You're right on all points, of course. I was using the term file loosely. Netscape does indeed store cookie data within one file and IE as separate cookie files. As far as persistent versus non-persistent cookies, the non-persistent ones are useless to the tracking companies, as they could only track your visits within one browser session.

Point 2: Ad services do not 'redirect' the browser to another site - they just reference something that lives on another site. Ad services *never* "take control" of your browser - in fact, no site does this.

I was using the term "redirect" to mean that HTML code on the site that I explicitly visit causes my browser to retrieve data from another site entirely. I call that redirection. If that's not the correct term technically, I apologize. As far as taking control of my browser, I consider sending code that causes my browser without my knowledge or permission to write data to my hard drive to be taking control of it.

Now, a couple of other things:

I did a bit of checking with the cookie settings, and here's what I think is happening when you have 'only send back to originating server' checked. As far as I can tell, this works as advertised - when browsing, if you have this option checked, you don't get cookies from the ad sites. The problem shows up when people send you html pages via email. Because there isn't an 'originating server', it seems to make a request for the images in the page, and that allows the ad server cookies to get set.

Well, no, that can't be the cause. I say that because I've seen this behavior occur on a computer that doesn't have a mail client installed. It sits behind a proxy server, and POP and SMTP aren't configured on that client. I've also watched it occur on another computer that does have an email client installed. In this case, the mailer wasn't opened, and my cookie file had no "bad" cookies on it. I visited many sites during that browser session, so I can't say for sure which site did it, but I ended up with a cookie in my Netscape cookie file afterwards. I know that that couldn't have been caused by mail, either, because my POP server happened to be down all that afternoon.

As I mentioned, Netscape's "Accept only cookies that get sent back to the originating server" seems to work most of the time, so I'm willing to concede that Netscape is at least attempting to address the situation. I've had several other people tell me basically the same thing--that this option keeps most but not all bad cookies off their hard drives. If I had to guess, I'd say that and other similar companies have come up with a way around this restriction.

There are a couple of workarounds for this. First, do what I do when reading your HTML mail - turn off images. That will prevent these cookies from getting set. Another option is to change the permissions on your cookie file to read-only - I haven't tested this, but it should prevent it from getting updated. You could also create some sort of start-up script that would keep a copy of your 'approved' cookie file, and overwrite the existing cookie file before starting up the browser - that way, any unwanted cookies that get saved there during your session will get wiped out next time you start up.

Yes, but again, the point is why should I have to do this? I have not given, Imgis/AdForce, or any of those companies permission to write cookie data to my hard disk. They are doing this for their own benefit, without my permission, and against my wishes. What you are suggesting is equivalent to letting a burglar go free and blaming the homeowner for not installing better locks.

While these things are annoying, keep in mind that as long as content is free, content producers need to have a way to make money from their content and they do this by selling ads.

They're free to sell all the ads they want. I'll even look at one once in a great while. But what they aren't free to do is hijack my hard drive for their own nefarious purposes. What they perceive as their own need gives them no claim whatsoever on my resources.

* * * * *

And more from Paul S R Chisholm about micro money and advertising:

I guess I only disagree with you on two points: I think the "micropayment" problem is not lack of a standard, but too many standards. They've been around for about three years. Yes, they're ad hoc. Since the problem is a financial one, not a technical one, I think it's reasonable to look to the financial community for an answer. (I have a *great* deal of respect for IETF and ITU-T, as you might guess from my return address.-) We need to get past the Betamax/VHS wars ... again. (*sigh*) I've been expecting for a couple of years that a consensus would emerge.

Well, I don't think we're in disagreement here at all. What you call "too many standards" I call a lack of a standard. When I think of standards, I tend to think of IETF first, because this is after all intimately related to the Internet. As far as looking to the financial community, I don't think that's likely to be workable. There are too many economic and regulatory disincentives. To the extent that they're looking at micro-money at all, each bank will attempt to establish its own "standard" for competitive reasons. At least until and if one proprietary standard becomes widely accepted, the incentive is for each bank to go its own way and grab as many users as possible.

Microsoft could probably establish a real standard by sheer main force, but I don't think they'll be likely to attempt that, particularly given their current problems with the Justice Department. Perhaps they'll use their clout to establish a truly open standard. That'd be the best of both worlds, and it may happen. Although Microsoft bashers deny it, Microsoft has done many things for the benefit of the general user community without consideration for their own bottom line. Perhaps they'll do it again.

Pay TV vs. commercial TV vs. TV funded some other way entirely (e.g., PBS); pay sites vs commercial sites vs sites funded some other way entirely. We all have our preferences. There's room for all. Sometimes the content we'll want will be paid for in a way we don't like. Unfortunately, it will rarely be available multiple ways, letting us pick. (LOST IN SPACE may be on pay-per-view, or HBO, or the SciFi Channel ... but not the same week.) The current cookie situation, though, is more intrusive than "mere advertising." --PSRC

Well, I'm not sure we disagree here, either. But if there's anything that all of this technology is about, it's about increasing personal choice. You can see that now in many ways. Various companies provide "free" email to people willing to suffer through ads while reading their mail and have an ad attached to each of their outgoing messages. Instead of being limited to what your local bookstore stocks, you can get anything you want from or You can shop in your pajamas when the stores are all closed.

Ultimately, what all of this is doing is increasing the number of choices that people have available. I think that trend will continue and accelerate. VCRs were all about choice. People bought them so that they could watch what they wanted when they wanted. Once the datacom infrastructure grows to the necessary level and IPv6 gets deployed, we may see an end to broadcasting in the traditional sense. You'll order what you want when you want it and have it delivered on demand.

The realities of distribution have introduced friction in various respects, and e-distribution is eliminating a lot of that friction. For example, albums and later CDs were created as a distribution "bundle." There was no convenient way using traditional distribution to sell songs individually. The technology is starting to change that. You can now buy individual songs rather than an entire CD. That's going to have a Darwinian effect that will be all to the good. Right now, the weak stuff is carried by the strong, because they're bundled. Once they're unbundled, everything will have to survive on its own merit. When you buy a magazine, you pay for the bad articles with the good. When you buy individual articles, bad articles don't get bought.

But the flip side of that is that mass-market considerations become much less important. Good things can survive without having a huge potential base of buyers. Before the web, you wouldn't be reading this column, because no one would have published it and I wouldn't be writing it. The web gives anyone willing to devote the time it takes and a few dollars a month the equivalent of their own printing press. So niche efforts can survive with the web as they never could before.

P.S.: Why do you add a "Reply-To:" field in your e-mail messages? It only has your address, so naive replies lose your name. Without a Reply-To:, replies will be sent to the address in your From: field, which should be just fine.

That's a hard one to answer. I have an immensely complex mail environment, with multiple domains, POP servers, SMTP servers, Proxy servers, autoforwards, etc. The short answer is that I need a Reply-to: address to make sure I get all my mail where I want it. I hadn't thought about putting my full name in there with the address, though. I'll give that a shot, assuming I can figure out a format that Outlook and some of my other mail related software won't choke on.

* * * * *

And more from Robert Morgan on cable modems:

Winipcfg pops up a dialog box which has a button to release the DHCP lease.I've tried it. Didn't help. Just tried ipconfig at the command line. Same command-line options as NT. Same result as with winipcfg (which I conclude is a front end to ipconfig).

I can't think why the service provider does this. I won't be using any more bandwidth with more pc's connected. Says something about our industry when O'Reilly releases a series called Product X Annoyances. As a long-timer in the industry it's actually embarassing to explain why pc's remain so hard to use.

Well, you actually are going to use more bandwidth with more than one machine connected. The total bandwidth available to you remains the same, but the amount you actually consume is likely to increase as you add machines to your network.

The cable modem company is taking the same approach that the phone company does when they charge more for a business line than a residential line. It's the same phone line, but (in theory, at least) the business line will be used more heavily. They charge more heavily still for trunk lines, which again are just ordinary phone lines. But the usage differs. If the average residential line is in use 5% of the time, the average 1FB business line may be in use 15% and the average trunk 85%. So they charge different amounts for the same physical pair of wires, depending on the use you put it to.

In some respects, this is justified. At least to the extent that you're consuming additional resources. I wouldn't like it either, but they do have a point. I think that $10/month per additional machine is pretty outrageous though. Something like a buck or two--as many people have to pay for each additional cable TV outlet, for which they are not consuming additional resources--might be reasonable.

I'd just put it behind a proxy server and be done with it.

* * * * *

And Chris Fullerton of Netscape responds to my response:

Well, there is a redirect command as part of the HTTP protocol (you ask for a URL, and the server returns a 302 - location moved & a new URL - the browser will then automatically request that new URL).

It sounds to me like the issue you have is with the sites that employ 3rd party adserving - since they're the ones that are sending you content that's causing this behavior. The browser is just doing what it's supposed to do.

Okay. I'll withdraw the term "redirect" and replace it with the cumbersome but more accurate phrase "sneakily and without your permission retrieve from another site content that you did not ask for and do not want", or SAWYPRFASCTYDNAFADNW. No, come to think of it, I'll just keep saying redirect.

One other thing that I didn't check, but that might be doing this: sites that use frames. If there's a site that puts the ad into a frame, then that probably wouldn't trigger the warning.

Now there's a real possibility. I've never much liked frames anyway, so that would give me a rational reason for disliking them.

I don't think it's quite that drastic :) Again, netscape does give you the basic tools to foil these sounds to me like you'd like the tools to be better. Here's my answer to that: you have 3 choices. Buy a better tool that solves your problem, write the code for one and submit it to, or create a product & sell it.

Well, what you're not taking into account is that I'm functioning as a critic here, not as an author. As all authors know, authors create and critics criticize, usually unjustly. Heinlein reserves a special place in hell for critics, but I kind of enjoy turning the tables once in a while. But, yes, I would like the tools to be better. Persistent cookies delivered by foreign domains are a security/privacy threat. When such a threat is discovered, both Netscape and Microsoft usually fall all over themselves to plug the gap. Why haven't they done so in this case?

I do admit that there's a big difference here between Microsoft and Netscape. Microsoft appears to do everything they can to force these nasty cookies on users. Netscape at least tries to address the problem. So, no, I'm not really saying this is Netscape's fault except to the extent that they with Microsoft were the company responsible for popularizing cookies in the first place. The last time I looked, Opera didn't support cookies at all. I'm not sure how they handle stuff like shopping baskets and automating logons to password-protected sites, but I may check out their browser. In the meantime, I've shifted to using Netscape Navigator as my primary browser. I prefer IE in many respects, but their cookie handling has driven me away from them. Nowadays, I use IE only for such things as checking my own web site to see how it looks in IE or visiting the Microsoft site. For everything else, I use Navigator.

True - but you're in the minority. Most people are willing to pay the price in order to get the content free. (and really - the price of the resources that they're using is pretty negligible. It's the privacy issues that seems to be the real issues here - I think you'd still complain - and rightly so - if there was another way to track your actions without using cookies. At least with cookies, you have the ultimate control - you're always free to delete them!)

Well, I may be in the minority in the sense that many users aren't aware that their privacy is being raped. But the issue is that companies like DoubleClick, Imgis/Adforce, and have no right to assume that they can put stuff on my hard drive without my permission. And you're right, I'd complain if they had a cookie-free method of tracking my web usage. What these people are doing amounts to virtual stalking, and something needs to be done to put a stop to it. Much as I hate spam, at least spammers are up-front about their obnoxious activities. What these people are doing is behind the scenes and all the worse for that.

* * * * *

And the following from Bret Musser regarding cable modems:

Hopefully I can clear up the cable modem confusion. First, about multiple computers on the same modem. Many modems, in particular the Motorola Cybersurfr, will accept multiple computers IF they are configured for it. Naturally, the modems are configured by the @Home service (or whoever else is running the cable modem system). The modem regulates the number of computers by accepting the first "N" MAC addresses it finds. For the Motorola, N<=3, I believe. The cable modem itself does NOT have a DHCP server inside of it. The DHCP server resides on the ISP's servers (e.g. @Home).

Yes, that all makes sense. However, I do know that some such devices do literally have DHCP servers built into them. For example, my friend Steve Tucker just installed a 3Com ISDN router, which has a DHCP Server built right in. You manage it with a web browser. I was assuming that cable modems might have the same functionality, but I'll take your word for it that they don't. Or at least I will until someone mails me and swears that his cable modem does have its own DHCP Server. Things change fast.

You can certainly set up a box with two ethernet cards and run a firewall. Your internal network can simply be a private address (e.g. 192.168.1.*) and you can have as many machines as your budget allows. The firewall is then attached to the cable modem and, if set up correctly, the outside world should never know how many computers you have on the other side of the firewall. There is plenty of software available to do this: many people just run Linux, which supports this out-of-the-box, others run Wingate (for Win95) and others run IPNetRouter (?) for the Mac.

Right. That's exactly what I recommended that Robert Morgan do. He's running Linux, so he shouldn't have much problem getting along with just one IP address.

For the person looking to get his Linux box running, the easiest solution may be to simply reset the cable modem (if it is a Motorola, there is a little button on the back of the modem). Resetting the modem makes it search for a new MAC address; make sure the Linux box is running and not the Windows box, otherwise you won't know which machine will be "discovered" first by the modem. He should also be running dhcpd on his machine, version 0.70 or higher.

Thanks. That's a very useful piece of information. I'll forward your message to Robert Morgan in case he misses seeing it on my web site.

With regard to the person complaining about the $10 charge per month for the second IP address, what he is buying is the second IP address and the ability to use 2 computers at once without having to mess around with WinGate, IP masquerading and whatnot. Yyou can also do more things with the second IP address than you can with IP masquerading; running IP masq and a firewall limits the activities of the second computer.

Yep. I do think that $10 a month is a bit much, though. What they're obviously trying to do is restrict bandwidth usage, and I can kind of see their point. Most of the people who read this are a lot more sophisticated than the average home user, so getting around these things isn't much of a problem. But I've got to think that cable companies who attempt to restrict home users are making a mistake. When it comes right down to it, what's the difference between having one PC connected to the cable modem and having two or three connected? There may be a slight increase in traffic, but probably not much. And there's really no way to say that one home that has only one PC connected will generate less traffic than another home that has two or three.

Saturday, December 12, 1998

Yesterday I started playing around with MP3, which seems to be the coming thing in audio. I don't know a thing about it, so I decided it was time to learn. MP3 is a lossy compression technology that allows digital audio data to be compressed to a small fraction of its original size while still maintaining near-CD quality. A typical 600 MB audio CD turns into about 60 MB of MP3 data. With hard disk space rapidly approaching one cent per MB, that means I could store a complete audio CD on about a dollar's worth of hard disk space.

I got started on this because of the main drain backing up. Taking care of that meant I never did get out to get our cell phones reprogrammed for our new area code. While doing that, I'd intended to stop at Computer and Software Outlet, which is near GTE Wireless, to pick up a CD audio cable, which Barbara's computer doesn't have. Right now she's using her portable CD player to feed the second input on her computer speakers. I figured that if I can get MP3 working I could just copy a dozen or two of her favorite CDs up to her hard drive and store them as MP3.

I'll have more on this once I actually get things working and have a moment to jot down my notes about it.

* * * * *

My mailbox was loaded again this morning. I'm posting maybe 25% of the mail I'm getting, and even at that it's taking way too much time. I need to come up with a more streamlined way to do it. Perhaps I should go to separate mail page. I'm posting the first letter because it mentions something that's been concerning me:

From Jim Stephens:

I've sent you several messages and you've never posted any of them but you post several messages from other people. Are they your friends or something?

No, with a couple of exceptions, I don't even know the people whose messages are being posted here. I often get mail from half a dozen or more people on the same topic, often making pretty much the same point. When that happens, I usually end up posting the first one I receive. Sometimes, I'll check my mail in the morning and find a batch of messages all on one topic. When that happens, I post the one I think did the best job of covering the topic at hand. Also, some of these messages are ongoing exchanges. In those cases, I do try to post followup messages from the person who originally started the exchange.

* * * * *

And the following from Chuck Waggoner:

I REALLY enjoy your website, and have been content to read quietly--until today. You are far more optimistic than I about the future of user friendliness regarding web content and privacy issues.

I don't know that I'm more optimistic, but I do think we should fight privacy abuses. And it's people like us who have to do it. The vast majority of Internet users don't even know that cookies exist, let alone what's being done with them. Most of them would be very upset to learn that their movements were being tracked without their knowledge or permission by faceless companies. But as long as browser vendors continue to make "Accept all cookies" the default, the average user is unlikely to realize what's going on, let alone do anything about it. Most browser users don't even change the default start page, let alone check advanced options.

These days, I pay close to 10 bucks for a movie, and can't even inconveniently--forget conveniently--avoid the commercials that are now projected right up there on the big screen before the feature begins. It costs me nearly $3.50 to rent a movie, and again, I pay to see commercials, which are at the least, also inconvenient to avoid. How about cable TV--ours is about $40 a month (without any premium channels); remove the local channels, and the great majority of what's left plays far more commercials than the network and local stations (ever try the Weather Channel?). Don't forget public radio/television--they get our tax dollars, and then--at the usual times of our favorite programs--there they are, begging for more.

Yep. I'm as outraged as you are. We don't have children, so we don't buy many video tapes. When friends of ours let us borrow a tape that my mother wanted to watch, I was shocked to see that this tape for which they'd paid $20 or more had eight minutes of commercials before the opening credits. That's foul. And I agree about public television. Barbara and I used to send them a check every year, but we've given up. The final straw was when Travellers' Insurance picked up Mystery and started running a commercial at the beginning of it. I've often wondered why books don't have ads. At some point, some clever marketing guy is going to come up with the idea of selling ad pages in the latest Tom Clancy or Anne Rice, and then we'll be lost...

If the past is even a modest sign of what's in store, not only will we be paying a service provider, but also paying the sender of our content, AND watching ads. My guess is that the amounts in question will be more on the order of bucks or mega-bucks than milli-cents.

Yes, but then there's the example of HBO, Showtime, etc. They've established that people are willing to pay for uninterrupted content. Certainly many people subscribed to these services because they ran recent movies before the networks did, but many also subscribed because the content was free of commercials.

MilliCent or something similar is critical, because it allows people to access premium content without making an expensive or long-lasting committment to a site. Paying $10 for a year's access to Pournelle's site is one thing. A lot of people will pay that, sure, but a lot more won't. MilliCent would allow him to charge five cents a day instead, and a lot more people would risk that five cents than would risk the ten dollars. The other thing MilliCent gives us is the ability for small sites to compete with large ones. Right now, advertising is starting to concentrate in the larger sites, leaving smaller ones out in the cold. MilliCent would allow smaller, more specialized sites to compete on an equal footing with the behemoths.

Point 2--beyond the invasion of our computers by unwelcome cookies, here's another one. A couple of times, I have left a web page of The New York Times open in my browser (their Quick News page). At intervals, it will call my dialup connection, update itself, and leave my connection hanging on when it's through. This, without asking, and even though I may have the browser set to 'Work Offline'.

That's truly strange. This is the first I've heard of that happening. I'm not even sure how it could happen.

After half-a-career in and around the media and advertising, my guess is that--except when severe recessions force it--user helpfulness and privacy will be near the bottom of corporate America's concerns. Again, thanks for your site.

You're probably right...

* * * * *

And this from Shawn Wallbridge:

I was just reading your site and I was curious about the DHCP server so I ran winipcfg. Here is what it said...

Host Name: cs-4102-a.wpnk1.mb.wave.home.comD
DNS Servers:
Node Type: Broadcast
IP Routing Enabled, WINS Proxy Enabled, and NetBIOS Resolution Uses DNS are all unchecked

Ethernet Adapter Information

Adapter Address: 00-A0-4B-02-C8-90
IP Address: 24.65.x.x
Subnet Mask:
Default Gateway:
DHCP Server:

I guess this means the DHCP Server is run at Shaw. BTW I have a TeraPro modem by Terayon.

I also agree with you about cookies. I hate the fact that IE makes it out to be the end of the world if you try to delete them. I did some consulting work for a company that wanted to do anything they could to track visitors. Someone had told them about cookies and they demanded that they have them on their site. Needless to say I turned down the job. Last I heard they had been kicked off their ISP for sending Spam.

Yep, the DHCP server is at Shaw. The one item I find particularly interesting in your list is the subnet mask. That 254 means that they're using nine bits for the host address (/23 in CIDR parlance), which means each subnet has 512 addresses. Apparently, they think each cable segment can support 500 users, which seems a bit much to me.

* * * * *

And this from the Boatright Family about Opera and cookies:

from the opera help screen (3.51)

Enable Referer logging

Do you want Opera to send information refering to the page from where the document or picture was requested? If you enable this option, web servers can store information about the site that you last visited before you jumped to the current one. This allows webmasters to analyse how people find their way to his website. DISABLE this option if you don't want to reveal this information.

Enable Cookie Logging

Cookies allow the server to store information on your disk. Many scripts have started to use this and will not work without it.

Thanks. It appears that Opera also supports cookies now. I guess there's no fighting it. I do think it's interesting that Opera allows you to disable Referrer Logging. As far as I know, neither IE nor Navigator even gives you this option. As far as Cookie Logging, given the good things I've heard about Opera, I'm kind of surprised that they don't have better cookie filtering built-in.

Sunday, December 13, 1998

Barbara and I spent yesterday evening with our friends the Tuckers listening to it rain. It poured from dinner time through the night. My guess is that we probably had six inches or more of rain, although we don't know for sure because Barbara takes down her rain gauge when freezing weather is in prospect. At any rate, the drought should be over. Winston-Salem gets its domestic water supply from the Yadkin River and so never has to worry about drought. But our sister city, Greensboro, thirty miles to the east, depends on reservoirs, and was beginning to panic. They'll be very relieved to get this rain.

Today is devoted to chores around the house, so I'd better get started on the laundry.

* * * * *

And more on the Opera web browser from Rick Boatright:

Remember a couple of things about Opera that become important about issues like cookie filtering. Opera is designed as a lean mean browsing machine, and they are still ageting that magic 1 meg download. Opera still fits on a single floppy disk. I do not think that every utility function _NEEDS_ to be in the program itself, and external cookie control gives me (and others) the ability to tweak what we want to tweak. While opera isn't open source, it is small, fast, and the best browser I have _ever used_.

Yep. That's a good point, and I wasn't really criticizing Opera. As I mentioned, I've heard good things about Opera. In fact, I don't think I've ever heard anyone have anything bad to say about it.

But then Bo Leuf has this to say:

Hm, yes, and when I looked, the cookies.dat file format is proprietary binary as well, so you can't inspect/modify it like the flat text cookie files in Netscape and IE. I'm querying their support about this and will report any answers.

Hmm. Well, if that's the case, I don't think I'll be using Opera. At the very least, I want the ability to delete bad cookies while keeping the good ones. I'll be interested in hearing what their tech support has to say.

* * * * *

And Robert Morgan has this advice about MP3:

Two things you need to get for MP3: for the best player, $10.00 for the best cd-ripper /mp3 encoder, $29.95

I've looked at just about all of them and these two products rise to the top. You'll also need a pretty good cdrom to do the ripping. I'm using a Toshiba SCSI that works beautifully. My HP7200 cd rewritable also works well. $25. ide cdroms tend not to work.

Thanks for the advice. The WinAmp page was probably the first one I hit when I started looking for stuff. Several people have told me that it's the default standard MP3 player, and I'll probably check it out. I also found the XingTech page early on, and its products looked impressive. However, since I'm just playing around, at least for now, I decided to see what kind of freeware was out there.

For ripping (which you know but some may not is the process by which audio data is extracted from the source audio CD), I'm using a product called CDCopy. It's shareware, but not crippled. For MP3 encoding, I'm using BladeEnc, a freeware product. Although it's a Win32 program, it uses a text-mode interface that looks like DOS. There are any number of graphical front ends available for it, though.

You're certainly right that the CD drive has a major effect on ripping, although I've not had any problems with the two IDE drives I've tried. On my main Pentium II workstation, I used a Teac 24x IDE CD drive. It ripped an hour's worth of CD music in about 15 minutes, yielding about 4x performance. Just to see how much hardware affected speed, I tried ripping the same CD on my Dell 200 MHz Pentium system. The IDE CD drive in it is at least 8X, and I think perhaps more. It ripped an hour's worth of CD music in about an hour, yielding 1x performance. I suspect anything slower would have caused problems.

* * * * *

And Roger G. Smith has been checking out how my latest book is doing on

Just for grins --:

Lingo in a Nutshell , publ'd November 10, 1998, Amazon sales rank: 8,075 (no real competition)

Windows NT TCP/IP Network Administration, publ'd October 1998, Amazon sale rank, 3,110 (no real competition, but a Gazillion NT books competing for mindshare and $$$)

Yes, as you know, the rankings are an ongoing source of debate on the Computer Book Publishing mailing list. No one can figure out exactly how they're arrived at, what period they cover, etc. Windows NT TCP/IP Network Administration first appeared on the rankings a month or so before it actually hit the bookstores. I check its ranking frequently, and I've seen it as high as 159 and as low as 8,xxx, although it seems to spend most of its time between about 500 and 1,500. That's actually pretty good, and should translate into reasonable sales.

At least I think it should. As I said, no one can figure out exactly what the numbers mean, except that it's better to have a relatively low ranking number than a high one. O'Reilly sends out royalty statements quarterly, about 45 days after the end of the quarter, so I won't have any real sales numbers until about mid-February.


Coming Soon (I hope)


Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004 by Robert Bruce Thompson. All Rights Reserved.