Home Daynotes Home Week of 27 January 2003

Photograph of Robert Bruce Thompson Daynotes Journal

Week of 27 January 2003

Latest Update : Saturday, 01 February 2003 10:57 -0500


Click Here to Subscribe Buy PC Hardware in a Nutshell, 2nd Edition: [Amazon] [Barnes & Noble] [Bookpool] Visit Barbara's Journal Page

Monday, 27 January 2003

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]


9:50 - Heads-down writing again this week. I have several chapters in progress and want to get at least a couple finished up and off to my editor. That means my posts here will likely be sporadic and short.

 

[Top]


Tuesday, 28 January 2003

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]


9:47 - Still churning away on chapters, with not much else to report. I should have two or three more chapters posted on the Subscribers' page by the end of this week or early next.

 

[Top]


Wednesday, 29 January 2003

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]


7:56 - Someone forwarded me this, with the note "Read it all". At first I took it for a spam...

IMMEDIATE ATTENTION NEEDED:

HIGHLY CONFIDENTIAL

FROM: GEORGE WALKER BUSH

DEAR SIR / MADAM,

I AM GEORGE WALKER BUSH, SON OF THE FORMER PRESIDENT OF THE UNITED STATES OF AMERICA GEORGE HERBERT WALKER BUSH, AND CURRENTLY SERVING AS PRESIDENT OF THE UNITED STATES OF AMERICA. THIS LETTER MIGHT SURPRISE YOU BECAUSE WE HAVE NOT MET NEITHER IN PERSON NOR BY CORRESPONDENCE. I CAME TO KNOW OF YOU IN MY SEARCH FOR A RELIABLE AND REPUTABLE PERSON TO HANDLE A VERY CONFIDENTIAL BUSINESS TRANSACTION, WHICH INVOLVES THE TRANSFER OF A HUGE SUM OF MONEY TO AN ACCOUNT REQUIRING MAXIMUM CONFIDENCE.

I AM WRITING YOU IN ABSOLUTE CONFIDENCE PRIMARILY TO SEEK YOUR ASSISTANCE IN ACQUIRING OIL FUNDS THAT ARE PRESENTLY TRAPPED IN THE REPUBLIC OF IRAQ. MY PARTNERS AND I SOLICIT YOUR ASSISTANCE IN COMPLETING A TRANSACTION BEGUN BY MY FATHER, WHO HAS LONG BEEN ACTIVELY ENGAGED IN THE EXTRACTION OF PETROLEUM IN THE UNITED STATES OF AMERICA, AND BRAVELY SERVED HIS COUNTRY AS DIRECTOR OF THE UNITED STATES CENTRAL INTELLIGENCE AGENCY.

IN THE DECADE OF THE NINETEEN-EIGHTIES, MY FATHER, THEN VICE-PRESIDENT OF THE UNITED STATES OF AMERICA, SOUGHT TO WORK WITH THE GOOD OFFICES OF THE PRESIDENT OF THE REPUBLIC OF IRAQ TO REGAIN LOST OIL REVENUE SOURCES IN THE NEIGHBORING ISLAMIC REPUBLIC OF IRAN. THIS UNSUCCESSFUL VENTURE WAS SOON FOLLOWED BY A FALLING OUT WITH HIS IRAQI PARTNER, WHO SOUGHT TO ACQUIRE ADDITIONAL OIL REVENUE SOURCES IN THE NEIGHBORING EMIRATE OF KUWAIT, A WHOLLY-OWNED U.S.-BRITISH SUBSIDIARY.

MY FATHER RE-SECURED THE PETROLEUM ASSETS OF KUWAIT IN 1991 AT A COST OF SIXTY-ONE BILLION U.S. DOLLARS ($61,000,000,000). OUT OF THAT COST.

THIRTY-SIX BILLION DOLLARS ($36,000,000,000) WERE SUPPLIED BY HIS PARTNERS IN THE KINGDOM OF SAUDI ARABIA AND OTHER PERSIAN GULF MONARCHIES, AND SIXTEEN BILLION DOLLARS ($16,000,000,000) BY GERMAN AND JAPANESE PARTNERS.

BUT MY FATHER'S FORMER IRAQI BUSINESS PARTNER REMAINED IN CONTROL OF THE REPUBLIC OF IRAQ AND ITS PETROLEUM RESERVES.

MY FAMILY IS CALLING FOR YOUR URGENT ASSISTANCE IN FUNDING THE REMOVAL OF THE PRESIDENT OF THE REPUBLIC OF IRAQ AND ACQUIRING THE PETROLEUM ASSETS OF HIS COUNTRY, AS COMPENSATION FOR THE COSTS OF REMOVING HIM FROM POWER.

UNFORTUNATELY, OUR PARTNERS FROM 1991 ARE NOT WILLING TO SHOULDER THE BURDEN OF THIS NEW VENTURE, WHICH IN ITS UPCOMING PHASE MAY COST THE SUM OF 100 BILLION TO 200 BILLION DOLLARS ($100,000,000,000 - $200,000,000,000), BOTH IN THE INITIAL ACQUISITION AND IN LONG-TERM MANAGEMENT.

WITHOUT THE FUNDS FROM OUR 1991 PARTNERS, WE WOULD NOT BE ABLE TO ACQUIRE THE OIL REVENUE TRAPPED WITHIN IRAQ. THAT IS WHY MY FAMILY AND OUR COLLEAGUES ARE URGENTLY SEEKING YOUR GRACIOUS ASSISTANCE. OUR DISTINGUISHED COLLEAGUES IN THIS BUSINESS TRANSACTION INCLUDE THE SITTING VICE-PRESIDENT OF THE UNITED STATES OF AMERICA, RICHARD CHENEY, WHO IS AN ORIGINAL PARTNER IN THE IRAQ VENTURE AND FORMER HEAD OF THE ALLIBURTON OIL COMPANY, AND CONDOLEEZA RICE, WHOSE PROFESSIONAL DEDICATION TO THE VENTURE WAS DEMONSTRATED IN THE NAMING OF A CHEVRON OIL TANKER AFTER HER.

I WOULD BESEECH YOU TO TRANSFER A SUM EQUALING TEN TO TWENTY-FIVE PERCENT (10-25 %) OF YOUR YEARLY INCOME TO OUR ACCOUNT TO AID IN THIS IMPORTANT VENTURE. THE INTERNAL REVENUE SERVICE OF THE UNITED STATES OF AMERICA WILL FUNCTION AS OUR TRUSTED INTERMEDIARY. I PROPOSE THAT YOU MAKE THIS TRANSFER BEFORE THE FIFTEENTH (15TH) OF THE MONTH OF APRIL.

I KNOW THAT A TRANSACTION OF THIS MAGNITUDE WOULD MAKE ANYONE APPREHENSIVE AND WORRIED. BUT I AM ASSURING YOU THAT ALL WILL BE WELL AT THE END OF THE DAY. A BOLD STEP TAKEN SHALL NOT BE REGRETTED, I ASSURE YOU. PLEASE DO BE INFORMED THAT THIS BUSINESS TRANSACTION IS 100% LEGAL. IF YOU DO NOT WISH TO CO-OPERATE IN THIS TRANSACTION, PLEASE CONTACT OUR INTERMEDIARY REPRESENTATIVES TO FURTHER DISCUSS THE MATTER.

I PRAY THAT YOU UNDERSTAND OUR PLIGHT. MY FAMILY AND OUR COLLEAGUES WILL BE FOREVER GRATEFUL. PLEASE REPLY IN STRICT CONFIDENCE TO THE CONTACT NUMBERS BELOW.

SINCERELY WITH WARM REGARDS,

GEORGE WALKER BUSH

Switchboard: 202.456.1414
Comments: 202.456.1111
Fax: 202.456.2461
Email: president@whitehouse.gov

 

[Top]


Thursday, 30 January 2003

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]


10:52 - Still churning away on chapters, with not much else to report. Thanks to everyone for bearing with me...

 

[Top]


Friday, 31 January 2003

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]


11:15 - The updated Hard Disk Interfaces chapter is up on the subscriber page. If you're not a subscriber and want to be, click here.

I'm a member of the Dorothy-L mailing list, which is frequented by mystery authors and mystery readers. One of the authors, a woman, posted a question to the list. She's trying to write a male character and

"... I may be way off in the way I'm writing this guy (it's in first person, too). He's not a womanizer (I've actually made him a little uncomfortable with women). He has a problem with his weight, which may seem like a female issue. Maybe it's not? Maybe I'm "womanizing" the poor guy. I don't know; any guys care to field this one? Can a man be concerned about his weight? ..."

To which I responded:

As I once said to my wife, it's almost a secondary-sex characteristic. A person is unable to fit into a pair of pants. If it's a man, he says, "These pants are too small". If it's a woman, she says, "I'm too fat".

A woman judges herself using the world around her as a yardstick. A man judges the world around him using himself as a yardstick. For example, I am about 6'4" tall and weigh 240 pounds (give or take 20 pounds). I consider anyone smaller than me "small" and anyone larger than me "large". Someone about my size is "normal" or "average" (and, yes, I know that if you want to get technical I'm actually much larger than average, but I still consider my own size normal or average).

That, incidentally, is the reason nearly any man when describing the size of his wife or girlfriend to a female sales clerk says, "she's about your size". We're not trying to be funny. We really do consider all women to be "small" and therefore of about the same size.

Can a man be concerned about his weight? I suppose it's remotely possible, although very unlikely. If a guy goes to the doctor after a heart attack and the doctor tells him he'd better lose 50 pounds or he's going to drop dead, the guy might think about dieting. But probably only think about it. Barring jockeys, boxers, and other men for whom their weight is significant for some external reason, I can't imagine that most men even know what they weigh.

There were several responses on-list, but the more interesting ones were off-list. A couple of people said they found my response amusing. For example, one said:

I just read your post aloud to my husband, and we're both still howling. Much as I hate to believe there are massive differences in thinking between men and women, you've really captured a great one. My husband describes me to people as "short"--I am actually pretty tall (5'8 3/4"), but in his world, anyone under 6'3" is short. He once described a woman with whom he works as "about your height." I met her, and she barely scrapes 5'3".

That's the curse of my life. When I'm totally serious, people think I'm kidding, and when I'm kidding people think I'm totally serious. It does have advantages when playing cards for money, though. What surprised me was that a couple of people, one a man and one a woman, were offended. They claimed I was sexist. I didn't think so, but then being a man I use myself as a yardstick, and my self-image is that I'm not sexist. So there.

This from Mark Huth:

-------- Original Message --------
Subject: Running and ducking and hiding
Date: Thu, 30 Jan 2003 14:05:57 -0800
From: Mark Huth
To: thompson@ttgnet.com

Hey Bob,

I dare you to put these on your web site!! (grin)

http://www.langa.com/newsletters/2003/2003-01-13.htm#4

and

http://www.informationweek.com/story/IWK20030124S0013

My IS guy, the AIX guru...has said similar sorts of things to me for the last couple of years. To wit, you want a secure OS, disconnect it from the Internet and don't let anyone else use your computer. Obviously a vast oversimplification, but with more than a grain of truth.

What do I believe? I don't think our systems are secure and we backup like mad and run redundant systems and do off site storage and have security audits done....Do I think I'm secure....not in the least? Scares the daylights out of me.

-------- Original Message --------
Subject: follow on to last message
Date: Thu, 30 Jan 2003 14:14:31 -0800
From: Mark Huth

To: thompson@ttgnet.com

Of note, my AIX buddy doesn't think AIX is secure either...he's well aware of the security problems in AIX. He works for hours a week to keep his 25 or so clients up to date, running updated systems with all patches applied. We didn't get hit by the MS-SQL worm, because he'd applied the patches. Of note, he'd not installed them on his personal systems, but got lucky and had the system running that off line when the deluge began.

My own opinion is that Fred Langa is full of it. He's comparing apples to oranges in several respects. First, although technically "Linux" is only the kernel of the GNU/Linux operating system, I think it's fair to use the word Linux to encompass the kernel plus the GNU utilities. What's not fair is to compare basic Windows against Linux plus the thousands of separate applications that come on a set of "Linux" distro CDs. If Langa wanted to be fair, he could compare the full Red Hat 8.0 Linux distro against, say, Windows XP plus the 2,000 most popular Windows applications.

Most of the security flaws Langa counts against "Linux" are in fact security flaws in unrelated applications that just happen to come with the CDs. If my Linux CDs come with half a dozen web server applications, a dozen mail server applications, a dozen email clients, half a dozen full office suites, and so on, why should flaws in any of those count against Linux? If you compare the core operating systems directly, say Windows XP Professional versus Red Hat 8.0, you'll find that the Linux OS has many fewer security holes, that those holes are much less serious and more difficult to exploit, and that the holes are patched very quickly, typically hours or days for Linux versus weeks or months for Windows. In terms of relative security, I'd say that if Linux corresponds to Fort Knox, Windows corresponds to a kid's piggy bank.

But it's not just security holes that are the issue. More important is the typical defaults for the operating systems. Linux is typically pretty secure by default (although there are exceptions, such as one famous Linux distro I won't name that by default configures the sole user with root permissions and no password), whereas Windows by default is pretty much wide open. I run Windows on many of my production systems, and I'm not in the least concerned about anyone breaking in or a virus/worm nailing me. I use a firewall, configure Windows to be as secure as it is capable of being (which is to say not very), and run mostly applications like Mozilla that are reasonably secure compared to such Microsoft applications as Internet Explorer and Outlook. I don't even bother to run anti-virus software routinely, because any email virus that arrives here starves to death before it can do anything nasty.

I have no doubt that a top-notch cracker could break into my systems and wreak havoc. But why should he? He won't gain much, if anything, and his efforts are better spent elsewhere. What's important is that the script kiddies and cracker wannabees can't compromise my systems. There are many thousands of them out there, but who cares? They can't hurt me. The only ones I have to worry about are the really skilled guys, and there aren't many of them. So I don't spend much time worrying about security, and I don't think others should either. Get a decent firewall, properly configured, get your OS and applications reasonably well secured, update them regularly as security patches are released, and do frequent backups, sure. But otherwise I don't see any point to worrying too much about security.

 

[Top]


Saturday, 1 February 2003

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]


10:48 - I saw an article on CNN Tech about a website that was soliciting votes for a Patron Saint of the Internet. I visited that site, only to find that it was in Italian. What's truly strange is that I could pretty much understand it. Not perfectly, of course, but well enough to get the meaning of what I was looking at. I guess that's because I grew up with a lot of Italian friends, many of whose grandparents and parents spoke Italian at home, and because I took Latin in school. What's odd is that I'd have expected to have about the same level of comprehension of written Italian as I do of other Romance languages like French or Spanish, but for some reason I did much better with Italian.

I've been exchanging private mail with several people about Linux versus Windows security vulnerabilities. Most agree with me, some think I don't go far enough, but at least one thinks Langa has a point. My own position is unchanged. Windows is inherently insecure (as Microsoft executives have themselves admitted) and Linux is inherently very secure. Not as secure as some other operating systems that were specifically designed to be hardened against crackers, but secure enough (if properly configured) to be Good Enough for all but the most stringent security requirements.

Would I run a standard Linux box as my border router/firewall? Sure. I do that now. It's locked down a lot tighter than, say, a standard Linux desktop or server system would be, but it's a standard Linux box nonetheless. Even my older gateway system, a Windows NT 4 Workstation box running WinGate, was sufficiently secure for me to be completely comfortable with it. Roland Dobbins, who is no fan of Windows, once tested that NT4 box and concluded that it was "pretty secure for a Windows box", or words to that effect. Coming from Mr. Dobbins, I took that as a ringing endorsement. And my current Linux firewall is probably an order of magnitude more secure than the old NT4 box. Brian Bilbrey and Greg Lincoln have hammered it, and conclude that it's locked up pretty tight. That's good enough for me. Roland, Brian, Greg, et alia are part of a group I think of as "guys I wouldn't want to have mad at me". If they're satisfied, so am I.

Does that mean I'm secure in an absolute sense? Of course not. The only way to be secure in an absolute sense is to disconnect your network from the Internet, and even that leaves physical security as a concern. No computer anywhere is secure in an absolute sense. The computers buried in the basements of the NSA, not connected to anything, and protected by tiers of guards with automatic weapons are not secure in an absolute sense. But they're pretty damned secure. My boxes aren't as secure as that, but they're still damned secure.

The question is how secure you need to be and how much time, effort, money, and inconvenience you're willing to devote to reaching that level of security. It's analogous to your home. Do you have deadbolt locks? Probably. But chances are they're QuikSets or something similar. As it happens, given enough time, I can pick a QuikSet deadbolt. That means your home isn't secure against me. So perhaps you should replace the QuikSet deadbolts with Medeco locks.  I can't pick those. (Well, actually, I've never tried to pick a Medeco lock, but I'm pretty sure I wouldn't be able to.) But Medeco locks are very expensive. They're also inconvenient, because when you want a spare key you can't just run down to the hardware store and have a copy made. If you install Medeco locks, you'll secure your home against me, but at a significant price in both money and convenience. Is it worth it?

To decide that, you have to decide the threat level, the value of what you're protecting, and the trade-offs in money and other costs. When it comes to securing your home, I'm a step above the equivalent of the script kiddies, but a step below the truly skilled crackers (locksmiths). You have to decide what the likelihood is that I (or a locksmith) is going to decide to break into your home. Most people would agree that it's not very likely. There are millions of potential break-in targets, and not all that many locksmiths. There are even fewer dishonest locksmiths. By installing the QuikSet deadbolts, you've protected yourself against the script kiddies. Unless you have a fortune in jewels at home (and it's public knowledge that you have it), it's probably not worth the effort to replace your QuikSet locks.

That's why I have QuikSet deadbolts on my home rather than Medeco locks, and that's why I don't worry too much about the security of my home network.

This from Bo Leuf:

-------- Original Message --------
Subject: security comparisons
Date: Fri, 31 Jan 2003 19:19:52 -0000
From: Bo Leuf
To: Robert Bruce Thompson

On Windows vs Linux security holes, the constant Linux-bashing seems pretty pathetic to anyone who knows a modicum of what's going on. It's a "big lie" to discredit, and unfortunately many otherwise knowledgeable people seem to be tricked by it.

Last autumn, I was at the RSA Security Conference in Paris. One of the tracks there was devoted to Hackers and Security Threats. Especially interesting was Hacking Live! (Stuart Mc Clure), and all but one of the demonstrated exploits concerned Windows. This was hardly by accident, and gave me very practical insights.

As Stuart noted (and vividly demonstrated), most Windows (IIS, SQL, service) exploits are essentially one-click captures of a target system -- lock, stock and kernel -- any script kiddie with a few learned keystrokes and a script from somewhere can perform them almost quicker than you can register the moves. Or run through a whole menu of them in just a few minutes, looking for an unapplied patch.

By contrast, a Linux exploit of a documented unpatched hole typically takes at least several minutes of expert fiddling, several different tools, a couple of "kit" uploads, and usually requires fairly precise knowledge of what you're doing. Even then it rarely compromises the entire machine. I found previous reading of the Honeypot Project revealing, describing the "problems" trying to exploit a Linux box.

Good firewalling is essential for an Internet-connected Windows box. A Linux box *is* a firewall, if properly configured. I agree with your assessment of risks for the average user.

/ Bo

10:57 - Just as I published the entry above, I checked my mail and was horrified to read a message about the Shuttle disaster. Losing one was catastrophic. Losing a second probably means the end of the STS program. There's speculation about sabotage, of course, by my guess is that it will turn out to be something more mundane. Mostly likely, a failure of the tiles that allowed the heat of re-entry to destroy the integrity of the airframe. My thoughts are with the families of the astronauts who died this morning.

 

[Top]


Sunday, 2 February 2003

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]


 

 

[Top]


Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004 by Robert Bruce Thompson. All Rights Reserved.