Home » Daynotes Home » Week of 20 January 2003

Photograph of Robert Bruce Thompson Daynotes Journal

Week of 20 January 2003

Latest Update : Saturday, 25 January 2003 14:28 -0500

Click Here to Subscribe Buy PC Hardware in a Nutshell, 2nd Edition: [Amazon] [Barnes & Noble] [Bookpool] Visit Barbara's Journal Page

Monday, 20 January 2003

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]

8:13 - Barbara just left to take her Trooper out to the mechanic for an oil change and other minor stuff. As soon as I finish and publish this, I'll head out to pick her up. So this'll be short.

The domain transfer for ttgnet.com from PairNIC to GoDaddy succeeded last night. Now we're in a race to see if GoDaddy asks Joker.com to transfer fritchman.com, fritchman.net, and fritchman.org before the damned Joker.com 10-day window closes. Fortunately, I won't be out any money even if it fails. GoDaddy guarantees that transfers will succeed or your money back. We'll see.

By popular request, I'm going back to weekly topics on the messageboard. There are usually only three or four pages per week, so I figured I'd streamline things by going to a monthly topic. I've had zero favorable comments on that change, and a couple of complaints, so I've decided to go back to weekly. Now if only I can remember to create the new topic every week.



Tuesday, 21 January 2003

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]

10:03 - The saying around here is that if you don't like the weather just wait five minutes. Yesterday was sunny with a high temperature in the upper 60's (20° C). Today we have cold rain, with snow expected this afternoon or evening.

Barbara's three domains, fritchman.com/net/org, are now officially transferred to GoDaddy.com, and just in the nick of time. Joker.com's stupid 10-day window expired at about 13:00 our time today, and I just got the confirmations from GoDaddy that the transfers had succeeded at 06:30 this morning. Talk about cutting it close. If GoDaddy.com had waited just a few more hours, Joker.com would have refused the transfers, despite the fact that the owner and administrator (Barbara) of those three domains had approved their transfer. Joker.com has a sanctimonious message about protecting its users from unauthorized transfers, but it seems to me that their real motivation is to make it as hard as possible to get your domain away from them. Joker.com definitely goes on my Not Recommended list.

I'm just finishing up the DVD Drives chapter, having learned quite a bit about using DVD writers under Linux. The good news is they work. The bad news is that it takes some effort to get them working. DVD writers are becoming mainstream, although they aren't there yet, and I suspect Red Hat 9.0 and the other next Linux releases will support DVD writers out of the box. We'll see.

My conclusions, by the way, are that I still recommend DVD-RAM drives for dedicated data use, such as backing up or archiving data. They're slow, and the media costs a bit more, but they are extremely reliable. For general-purpose use, it seems to me that the current Sony DVD+RW drive is the best bet. A lot of people have reported problems with Philips DVD writers, and I wouldn't even consider an HP DVD writer.

Mozilla seems to be crashing on me a lot more than it used to. It just did it again a short while ago. I composed a reply to an email, clicked Send, and Mozilla GPF'd on me. That's particularly aggravating because when one part of Mozilla dies, it takes down the whole Mozilla process. That kills all the Mozilla browser windows I have open, losing the sites I was keeping up for reference.

10:49 - I can't remember if I wrote about it here in my journal or on a private mailing list, but a year or so ago, I predicted that when the US forces struck Iraq, the Iraqis would find that all of their electronic stuff had stopped working. Everything from military communications equipment to cell phones to televisions to GPS units to the electronic ignitions in their vehicles. Now I see that Time has an article about America's Ultra-Secret Weapon. If I lived in Iraq and had a cardiac pacemaker, I'd be very, very afraid.

What I can't figure out about the Iraq situation is why everyone is pretending that a US attack may not happen. Surely it's been clear for a year or more to everyone that Mr. Bush is going to attack Iraq no matter what Iraq or the UN says or does. He'd rather attack Iraq with the blessing of the UN, but he'll do it either way. How can anyone doubt that, and how can the news stories continue to pretend that whether the US invades Iraq is in any question?

I would really hate to be an Iraqi now. A decade ago, Desert Storm was probably the most lop-sided war in all history. This one will be more lop-sided still. The Iraqis will find themselves at a greater relative disadvantage than Africans armed with spears and leather shields faced during their 19th century battles against British troops armed with breech-loading rifles and Maxim machine guns. In fact, the Iraqis might be better off armed with spears for all the good their current weapons will do them. At least their spears would still work.

This will be a walkover. Most of the US casualties will result from political decisions rather than military ones, although no one in authority will admit that. I hope our commanders in the field will be given broad discretion. If it comes down to trading additional collateral damage and Iraqi civilian casualties against even one otherwise unnecessary US casualty, I know which I'd choose. I hope our military commanders have the discretion to make that choice. If in doubt, flatten a threat rather than risk even one of our soldiers. If a building or a city stands in the way, don't send our kids in to check it out. Reduce it to rubble and get on with the job.

I do expect one difference between this war and Desert Storm. Saddam Hussein knows he's fighting for his life this time, and he's as aware as anyone else that he can't win. Like Hitler, I expect Saddam to attempt to take everything with him. An Islamic Gotterdammerung. A Twilight of the Gods indeed. If Saddam has Scuds remaining, which he likely does, and if he has chemical or biological warheads for them, as he likely does, I expect him to use those weapons. It might seem that the logical target for those weapons would be US troop concentrations, but I think Saddam is smart enough to realize that he's unlikely to do much damage to well-protected troops. Instead, I think he's likely to launch on Israel in the hope of killing as many Jews as he can and in the expectation that Israel will respond, drawing the rest of the Islamic states into the war.

Although I don't have any classified information on the subject, I very strongly suspect that Israel is in a much better position this time to protect themselves against ballistic missile attack. Last time, they depended on Patriot missile batteries. With some software changes, those Patriot batteries did a pretty good job against ballistic missiles, although they were never designed for that role. This time I suspect the Israelis have a lot more than a few Patriot batteries waiting. They must know that a ballistic missile attack is likely, and that this time they can't afford to allow even one warhead to detonate on Israeli territory.



Wednesday, 22 January 2003

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]

10:27 - The updated DVD Drives chapter is now available for subscribers to download from the Subscribers' Page. I've added a fair amount of Linux stuff, and made some significant changes to the DVD writers portion.

If you're not a subscriber and you'd like to be, visit this page.

Arrrghhh. Most of the time when I get emails pointing out errors in PC Hardware in a Nutshell, they're not errors at all. This time, the error is real, although not substantive:

-------- Original Message --------
Subject: PC Hardware in a Nutshell small editing error
Date: Tue Jan 14 07:15:22 2003
From: Ken Kennedy
To: booktech@oreilly.com

Dear Barbara and Robert,

I am enjoying your book very much as I work my way through it whilst sitting in the smallest room in the house. Although there is much in it that is beyond me, I am hoping it will inspire me to assemble my next machine. Certainly, it will help me be a better informed consumer if I decide to upgrade or buy new in the future.

Here is a (very) small error I found on page 206 of "PC Hardware in a Nutshell, Second Edition".

"from hanger queens" should read, "from hangar queens".

The term "hangar queen" comes from aviation where a "hangar queen" is an aircraft that rarely flies because it always has problems, and is usually in for repair, or because it has been "cannibalized" for spare parts. Of course the correct spelling for the large buildings with full width doors that house aircraft is "HANGAR", not "HANGER"! Kindly chastize your editor, who was asleep at the switch on this one.

To complete the aviation analogy, perhaps the phrase should read, "try to cannibalize compatible SIMMs from hangar queens, etc."

Ken Kennedy
London, ON

Yikes! I confess that until this moment I never realized that the words were spelled differently. The irony is that my editor actually queried me about this phrase in the original manuscript. I explained what a "hanger queen" was, never realizing that I'd spelled it wrong, and told him that I thought it was pretty much self-explanatory in context.

I've corrected the error in the manuscript for the third edition, which I'm working on now.

Thanks for the kind words about the book, and good luck in building your system.



Thursday, 23 January 2003

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]

9:05 - We awoke this morning to find about 3" (7.5 cm) of snow on the ground. Our indoor/outdoor thermometer claimed it was about 20° F (-7° C), but the local television stations and the Weather Channel were reporting 12° F (-11° C). Cold for around here, no matter which was right. Our low tonight is supposed to be 9° F (-13° C).

The roads aren't in very good shape, so Barbara decided to take the day off. I called my mother to let her know we wouldn't be over today. Today is a very good day to stay inside. Barbara will spend some time outdoors with the dogs. I hope she keeps Kerry indoors. He just turned 15 years old, which is about 100 years old in people years, and these low temperatures are dangerous for him.

The New York Times has an interesting article called Master Key Copying Revealed, which reports on the results of research at AT&T. Starting with only a lock and its key, a supply of blank keys, and a file, one can produce a master key that unlocks all locks keyed to that master. Apparently this is news to the security community, although it's been well-known to locksmiths for many years. Heck, I knew about it at least 20 years ago, so it can't have been much of a secret. (And, no, I won't tell you how to do it, although anyone who reads this journal and has a basic understanding of how keying and master-keying work should be able to figure it out.)

Speaking of gaping security holes, Roland Dobbins reports a new, serious, and widespread security hole that affects all browsers. You can read about it here. The best solution is to use a non-Microsoft browser and to make sure that all scripting-capable features are disabled, including VBscript, ActiveX, Java, JavaScript, Flash, RealAudio, and so on. Don't just disable them. Remove them entirely from your system.

The root cause of all these vulnerabilities is the extension of web browsing to include unnecessary features. All a web browser really needs to do is render HTML and images. All of the client-side scripting bells and whistles are not only useless, they're dangerous, as experience has shown. Clueless webmasters who design sites that require such abominations as Flash or scripting are responsible for perpetuating the problem.

The answer is to avoid such sites. When I arrive at a site that displays only a prompt to download the Flash plug-in, I leave skid marks hitting the back button. If everyone else would remove Flash and scripting support from their browsers and avoid such sites, things would improve quickly.

10:08 - Another take on the cross-site scripting vulnerability.

-------- Original Message --------
Subject: alternate viewpoints on XST
Date: Thu, 23 Jan 2003 09:57:28 -0500
From: Greg Lincoln
To: Robert Bruce Thompson <thompson@ttgnet.com>

It seems that two posters at bugtraq (all who had replied to the threads announcing the problem when I looked, so one could say ALL the posters I suppose) feel that this XST thing is mostly just hype. WhiteHat Security seems to be hawking a product to protect against this, which is always a bad sign.


Notable quote from the above: "The bottom line: Why do you even need to steal the user's authentication token if you have full access to get their browser to submit requests and the ability to grab the contents of the results? And having access to those two things is exactly what this whitepaper is assuming. Yes, there is a small incremental exposure to being able to take the authentication token away with you and use it yourself but that is marginal compared to the exposure from the holes being assumed to be there before the new TRACE issue can be exploited."


If I read the below right, this may only effect IE6SP1.


Notable quotes:

"What we end up with from WhiteHat Security is a way to circumvent the HttpOnly cookie feature in IE6SP1, nothing else. In itself, worthy of a note in a roundup of browser problems or a comment in a reply to the posting announcing the HttpOnly feature on Bugtraq - but hardly a whitepaper, pressrelease and blurbs such as comparing this to Code Red and Nimda or calling this a flaw in all web servers worldwide. This is simply not "a new class of web-app-sec attack" or a flaw in TRACE, as hyped by WhiteHat Security.

System administrators should most definitely not waste their precious time on implementing the silly workarounds suggested, such as disabling TRACE/TRACK requests. The one, and only, impact the discovery from WhiteHat Security has is that it re-enables cookie reading from JS despite if you had already cared to specifically alter your webapplication to accomodate this."

Greg Lincoln
Muse Root

Thanks. I had the same impression of the interests of the company that reported the problem. Frankly, I don't worry too much about the security hole of the week. I have my browsers locked up pretty tight, and don't have such things as Flash installed on my systems. I seldom use IE, but if I do I've already physically deleted cscript.exe and wscript.exe and disabled all scripting, so any malicious script is likely to starve to death on my systems.



Friday, 24 January 2003

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]

11:06 - It was to reach a low last night of 4º F (-16º C), with a wind chill of -15º F (-26º C). As it turned out, it only got down to about 12º F (-11º C), although the wind chill was still pretty hideous. We'd invited our friends Paul and Mary over for dinner tonight, and Paul called this morning to finalize arrangements. As it turns out, they lost power last night, so things got a mite chilly for them. Fortunately, power was restored by 11:00 p.m., so they didn't have to find somewhere else to sleep. I told Paul that if they lost power again they were more than welcome to sleep in our downstairs apartment.

After we lost power for several days some years ago, I became a believer in the belt-and-suspenders school of preparation. We have gas logs in the upstairs fireplace, a wood burning fireplace downstairs, and a stand-by generator. One way or another, we plan to stay warm during power failures.

I get regular mailings from Microsoft, but I don't pay much attention to them. This morning, one of my readers forwarded the latest from Bill Gates. I was struck by one particular statement:

Secure by Default: In the past, a product feature was typically enabled by default if there was any possibility that a customer might want to use it.

Which begs the question: If there's no possibility that a customer might want to use a feature, why is the feature there in the first place? Or is this just Microsoft's roundabout way of saying, "In the past, we enabled all features by default"?

Perhaps I'm cynical, but I still think Microsoft benefits from the security-hole-of-the-week. It drives both paid software upgrades and free upgrades that allow Microsoft to slipstream nasty stuff into patches and service packs. Microsoft users find themselves on the horns of a dilemma. If they want to patch the security holes, they have no choice but to install patches that include new nastiness from Microsoft, both in terms of more Draconian license terms and additional software functionality such as DRM (Digital Restrictions Management) features that favor Microsoft, the RIAA, and the MPAA at the expense of users.

That's the main reason that I've opted out of the Microsoft upgrade merry-go-round and will eventually transition to Linux. I've had it with having to agree to harsher and harsher licenses with each service pack or patch, with having DRM features I don't want added against my will, with software that "phones home", and so on. This is MY computer, damn it, not Microsoft's, not the RIAA's, and not the MPAA's. I say what goes on it and what doesn't. Microsoft, the RIAA, and the MPAA can keep their goddamned, stinking, greedy mitts off my equipment.

I saw a news report yesterday that said the music industry is near collapse. Good, I say. Couldn't happen to a more deserving bunch of bastards. Perhaps things will now return to the way they should be. Musicians will make their living by touring, performing, and selling tie-ins, as the Grateful Dead started doing many years ago. The record-company fatcats will have to find honest jobs.

I'll still buy CDs, but only directly from the artists, and I hope that most people will do the same. The music industry disappearing would be good for almost everyone. The only losers are the industry fatcats and the over-hyped, grossly overpaid "stars" they tout. Mid-list artists will finally be able to make a living, and those of us who just listen to music will have a lot more choices.

I just finished the DVD chapter Wednesday and sent it off to my editor. In it, I concluded that the best bet for a general-purpose DVD writer was a hybrid DVD±RW drive, mainly because it's not yet clear whether DVD-R/RW or DVD+R/RW is going to win the battle for market share. It'd be nice to have a drive that could use either sort of disc. 

But I have to ask myself the question: "Is it possible that Plextor knows more than I do about optical drives?" Phrased that way, it sounds stupid. Of course they do. Plextor knows more about optical drives than I can ever hope to know. And Plextor has finally announced the first Plextor DVD writer, albeit one that is available only in Europe for now. That drive is a DVD+R/RW model, without DVD-R/RW support. I have enough respect for Plextor to believe that they would not introduce a drive that supported only one standard unless that standard had won the battle. If Plextor had any doubts, I'm sure they would have introduced a hybrid drive instead. The fact that they have come down solidly for DVD+RW tells me that DVD-RW has lost the war.

I thought RoadRunner had died last night. I wasn't able to get to any web sites or my mail server. So I went into my office and looked at the cable modem, which was lit up normally. I power reset it anyway, and it came back up normally. Eventually I concluded that the most likely culprit was my Internet gateway box, a Mandrake 9.0 system. I switched the KVM over to it and got no video signal. I ended up power resetting it, after which everything started working again. 

I'm not entirely sure if the problem was hardware or software. It's a Duron box with a Gigabyte motherboard, and is the only production system in the place that uses a VIA chipset. Given how I feel about VIA chipsets, I suppose it's surprising that I trusted that box to run my gateway. But it was the only convenient box at the time I needed one quick to build the Linux gateway, so that's what I used.

14:27 - I just posted a new recommended Basic System configuration on HardwareGuys.com. My goal was to configure the best possible system on a $600 budget, and I think I did a pretty good job if I do say so myself.

17:18 - I just posted a new recommended Mainstream AMD System configuration on HardwareGuys.com.

17:51 - I just posted a new recommended Mainstream Intel System configuration on HardwareGuys.com. It looks remarkably like the Mainstream AMD System configuration, except for motherboard and processor.



Saturday, 25 January 2003

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]

10:28 - The first hint I had that anything was going on was this message:

-------- Original Message --------
Subject: UDP port 1434 worm
Date: 25 Jan 2003 04:18:44 -0800
From: Roland Dobbins
To: jerryp@jerrypournelle.com, thompson@ttgnet.com, tom@syroidmanor.com

I've been busy dealing with this - bottom line is, block all UDP port 1434 inbound/outbound. This worm seems to be trying to exploit some buffer overflows in certain versions of Microsoft SQL Server, but it's very aggressive in its scanning, extremely virulent.

Roland Dobbins

I did a bit of checking around, and this has the potential to be a bad one. Some people are already comparing it to CodeRed, although that may turn out to be an exaggeration. Still, it's cause for concern. Servers all over the Internet are getting hammered, and some have gone down. The Inquirer posted a story saying it had taken down their server for a while, and there are several popular sites I've been unable to get to. Whether that's because of general Internet congestion caused by this worm or the servers themselves have been swamped, I don't know. But do take Roland's advice.

I forwarded Roland's message to Brian Bilbrey and Greg Lincoln on the better-safe-than-sorry theory. Brian tells me that rocket, the server this site runs on, is getting hammered, but hasn't been compromised. He also added that my own Linux gateway box, which he configured, is safe against this attack. It's a measure of my confidence in Brian that it never even occurred to me that my Linux box was open to this attack.

I did walk into my office just now, and saw that my cable modem is blinking like crazy. Obviously, it's getting hammered, but the good news is that ISPs are already moving to block these attacks. Perhaps this new worm will be strangled before it infects too many systems. We can hope.

14:28 - The worm has a name, actually several. It's being called Sapphire, SQL Hammer, SQL Slammer, and (my personal favorite) Bill's Tapeworm. It's attacking unpatched SQL server boxes, although why any SQL Server boxes remain (a) unpatched, and (b) open to the Internet I don't know. Well, I kind of understand them being unpatched. See this story. Apparently, there's no automatic patch mechanism for SQL Server. The article mentions something about two guys having to work for an hour to patch one server. 

When I got back from visiting my mother this morning, the answering machine was blinking. It was a message from Brian Bilbrey. He and Greg Lincoln wanted to get into my Linux gateway box, but didn't remember the root password. My box was secure from the current exploit, but Brian wanted to check it out and update a few things. While we talking, he mentioned that we should probably re-build it using a viable distribution. Right now, it's running Mandrake, and the last thing I want is a system running a distribution from a company that may not be around much longer. We'll probably change it over to RedHat, Gentoo, or something else.



Sunday, 26 January 2003

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]




Copyright © 1998, 1999, 2000, 2001, 2002, 2003, 2004 by Robert Bruce Thompson. All Rights Reserved.