Home Daynotes Home Week of 3 March 2003

Photograph of Robert Bruce Thompson Daynotes Journal

Week of 3 March 2003

Latest Update : Sunday, 09 March 2003 11:28 -0500


Click Here to Subscribe Buy PC Hardware in a Nutshell, 2nd Edition: [Amazon] [Barnes & Noble] [Bookpool] Visit Barbara's Journal Page

Monday, 3 March 2003

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]


10:28 - I'm still digging out from under the accumulation of stuff that arrived last week and over the weekend. I finally have my inbox cleared out, but my to-do list is still looking pretty bad. Posts will be sparse and sporadic this week. There were some messages worth posting:

This from David Magda about DVD+R/+RW.

-------- Original Message --------
Subject: DVD formats: MS and Apple
Date: Tue, 25 Feb 2003 15:48:35 -0500
From: David Magda
To: thompson@ttgnet.com

Saw this over at Ars Technica, thought you'd be interested given your recent comments:

"Microsoft Joins DVD+RW Alliance"

There's also this:

"DVD-R Only?"

Apples have Sony's 'everything' drive but currently only officially support the -R stuff. It's unknown whether the +R/+RW stuff has been disable in hardware or software.

Interesting, if true. I can't imagine why Apple would suppress +R/+RW support, unless they have some arrangement with Pioneer or the DVD Forum that requires them to push only formats supported by the DVD Forum.

More from Allan Nelson about running Linux on the ASUS A7N8X.

-------- Original Message --------
Subject: Fw: Best a7n8x links
Date: Wed, 26 Feb 2003 21:05:20 -0600
From: Allan Nelson
To: Robert Bruce Thompson

These links are better still on the a7n8x deluxe board and getting it working on Linux. The first is highly detailed.

http://attila.stevens-tech.edu/~dkopko/a7n8x.txt

http://homepage.mac.com/mpeters/A7N8X/

Thanks! I have an A7N8X Deluxe, and I may play around installing Linux on it. If I understand correctly, the next releases of Linux are likely to eliminate most or all of the issues with this motherboard. It's a very nice motherboard, so I'm looking forward to that.

The following message, from a reader who prefers to remain anonymous, points out a major problem with the DVD copying software sold by 321 Studios.

-------- Original Message --------
Subject: your latest article ...
Date: Sun, 02 Mar 2003 18:52:14 -0800
From: (removed)
To: Dan Gillmore

Hi Dan !! 7 pm Sunday, 02-March-2003

"Senator seeks full copyright disclosures" by Dan Gillmor:

Really good article, about "full disclosure". The exact same thing just bit me last month. I had bought a copy of "DVD Copy Plus" which is published by "321 Studios", for $50 at my local CompUSA store. This software allows you to copy DVDs onto CD-Rs. I was tempted to also buy a copy of their sequel/companion package: "DVD X Copy" (retails for $100), which allows one to copy DVDs -- but fortunately I didn't because I don't have a DVD-burner yet.

But when I tried to use the DVD Copy Plus software after installing it, I found out that it was necessary for me to "register" it before I could use it -- i.e., an "activation" code was required before it would even work.

Now if I give them my real name and address, etc., and the MPAA decides to get a court order for 321 Studios to release to them the database of information for all of their customers -- like the RIAA did with Verizon over one of their customers downloading MP3 files -- then I'm in big trouble. And good luck trying to defend my innocence and "fair use" rights against the music/movie industry, with their deep pockets full of lots of money.

And as you mention in your article, "good luck" trying to return the software and get my $50 back. There was nothing on the package to indicate that registering was necessary to be able to use the enclosed software, no disclosure of any kind. So I obviously had to open it and try to use it before I became aware of the problem.

So I'm out my $50, and have no reasonable way to ever use this software without registering and placing myself in jeopardy -- unless someone comes out with a "crack" that I can anonymously download off the Internet. Obviously I'll never buy another product from 321 Studios again, EVER !! I've since bought a similar product from one of their competitors, which doesn't require registration.

Now, before you assume that I'm just another "pirate" who steals content and doesn't want to have to pay for my software and my entertainment -- please let me explain. I frequently buy movies and music and will take those items with me when visiting friends and family to enjoy with their company. But if I take the "original" along with me, and it gets lost or damaged, then I have to buy it again. Consequently I usually take a "copy" with me and leave my original at home where it's safe. When you think about it, I'm actually doing the publishers a favor by "advertising" their products whenever I listen/watch them with others. Frequently a friend or relative will then go out and buy their own copy of something that I've let them sample for free. But if a music CD, movie, or software should get damaged, and the warranty period has expired, good luck getting it replaced from the company -- they'll just tell you to go out and buy it again.

Now I do admire 321 Studios for resisting the MPAA's efforts to eliminate the ability to make backup copies of one's purchased products, and that's one of the reasons why I bought *their* program. But by their requiring a user to register, they've made it even more risky to safeguard one's collection. There's even times that I've wondered if maybe 321 Studios is a wholly owned subsidiary of the movie industry, or a vehicle for the MPAA to identify people who make legitimate (as well as people who make illegitimate) copies of their products. How can they not realize this fact ?? I guess the average consumer just doesn't even think about or realize the jeopardy they're placing themselves ?? Have you heard any more about that Verizon customer whom the RIAA wants to identify ??? I can sympathize with him only too well. I also downloaded a few dozen MP3 files back when Napster was still in operation, but only songs that I already had on CDs which I'd purchased legitimately. Then when I found a good ripping program, I started doing them myself. Think that the RIAA would care that I had already purchased those songs, and that they wouldn't have loved to harass me and maybe even go after me ??

Here's the website for 321 Studios privacy policy:

http://www.321studios.com/privacy.htm

I'm hoping that you'll write another article about the problem I've experienced and shared with you. Please respect my privacy if you do decide to write about this incident, and thanks again for all the really great articles you write that help to keep all of us consumers informed of our rights.

I should point out that when I receive a message like this, I delete it after reading it, so if I am ever subpoenaed I would not be able to disclose the sender. In theory, of course, I enjoy the extra protections afforded journalists to protect their sources, but deleting such messages from my records provides additional protection. Not that I think the MPAA is likely to subpoena me, but better safe than sorry.

10:46 - The Register posted an interesting article this morning, Getting Red Hat Network support for free just got harder. I gave up on Red Hat's free update service long ago. I have my primary desktop Linux system registered with Red Hat, and it is supposedly eligible for free updates. It's not worked out that way, though. The first couple of times I fired it up, everything proceeded normally. The third or fourth time I tried it, the Red Hat server told me that I wasn't authorized to use the service. After that, I think it worked once or twice, but it eventually started returning a "cannot connect to server" error message, so I finally gave up.

Fortunately, there's a better alternative. I installed Ximian Red Carpet, which is available in free and paid versions. Even the free version does what I need to do, which is keep Red Hat 8.0 and Evolution updated.

12:42 - Roland Dobbins asked me to post this as soon as possible. It just came in, so I haven't looked at it, but when Roland says something is urgent it generally is.

-------- Original Message --------
Subject: Critical sendmail vuln, fix
Date: Mon, 3 Mar 2003 09:30:26 -0800
From: Roland Dobbins
To: jerryp@jerrypournelle.com
CC: thompson@ttgnet.com

Please post ASAP:

https://gtoc.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950

http://www.sendmail.org/8.12.8.html

 

[Top]


Tuesday, 4 March 2003

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]


8:19 - I have managed to kill my Red Hat 8.0 Linux box deader than the proverbial doornail. It all started when I was doing some screenshots of Linux keyboard configuration utilities. That went fine, and I saved the images to my home directory. Then I attempted to move those image files to my data directory over on theodore, my NT4 Server box. I have a directory called share in my home directory, and share has two subdirectories called theodore_c and messier_c. When I opened a window for theodore_c, everything appear normal, but there were no contents. So I opened a window for messier_c. Same thing. I'd already copied the image files to the clipboard, so I tried pasting them in messier_c. They pasted in fine. I was able to change into and out of that directory and to view the files. The problem was, the files weren't actually pasted into the Samba share. That is, I couldn't see them on messier.

After fiddling around for a while, I decided to reboot the Linux box. Big mistake. The boot process started out normally enough, but then Kudzu popped up. That's very strange, considering that I haven't changed/added/deleted any hardware, and Kudzu didn't appear the last time I booted the Linux box. Kudzu was sitting there waiting for a keypress, so I pressed the space bar. No response. I pressed Enter without any response. Finally Kudzu timed out and I got a log-in screen. When I attempted to type my username, I found that Linux wasn't accepting any keyboard input. Nor mouse input, come to that.

As I was sitting staring at the screen, it went black and returned to a text-mode login prompt. I hoped it would then take keyboard input, but that was not to be. After messing around with the system a bit longer, I finally decided that a system that won't accept keyboard or mouse input is pretty well borked, so I shut it down by turning it off. I wonder if the situation is salvageable, perhaps by doing something while the system is still booting in text mode. If not, I'll just blow away the current installation and re-install Red Hat 8.0.

10:43 - My Linux box is back up and running, apparently without damage. When I got back from visiting my mother, I fired caldwell back up. During text-mode boot, I told it to do an fsck. After that completed, the system booted normally, and I was able to log in. My shares worked normally again, and I was able to copy the screenshot files I'd made on caldwell over to my Windows server box. Hooray for Linux. A Windows box that had been that badly borked would probably have needed a complete re-install to fix.

While I was waiting for the fsck to complete, I read this article, twice. Thanks to Roland Dobbins for sending me the URL. There's not a lot new in the article, and I don't agree completely with everything the author says, but it's definitely worth your time to read. Reading it made me all the more determined to migrate to Linux. It's interesting. When I read anti-Microsoft/pro-Linux propaganda, I feel more compelled to transition to Linux. When I read pro-Microsoft/anti-Linux propaganda, I feel more compelled to transition to Linux.

I think of myself as neutral. I'm not anti- or pro-Microsoft, and I'm not anti- or pro-Linux. For me, an OS is not a religious issue. It's simply a tool that allows me to get my work done. As with any complex choice, there are factors favoring each alternative. Until now, I have continued to use Microsoft operating systems and applications because the advantages of doing so--my familiarity with them, the quality of the applications available, and so on--outweighed the well-known disadvantages. That balance is beginning to shift decisively, though.

Much of the criticism of Microsoft centers on the security flaws inherent in Microsoft operating systems and applications. Those aren't a big deal for me. The last time (and only time) I was ever infected by a Microsoft virus was when Jerry Pournelle got nailed by Melissa and I opened an email with an attachment that had apparently come from him. Since then, I've not been affected by any of the hundreds of hole-of-the-week problems with Microsoft software. I have my systems locked up pretty tightly, run a lot of non-Microsoft applications, and am behind a pretty tight firewall. So security is not one of my major concerns.

What concerns me is what I've written about in the past. Microsoft is between a rock and a hard place because their business model requires ever-increasing revenues and profits in a flat or declining market. The only way for them to maintain and increase the monies flowing to them is to mine their existing customer base. That means Microsoft has to extract more dollars each year from each of us, just to stay even. Licensing 6.0 is the beginning, and the end inevitably will be software rental, not just for corporations but for individuals. I'm not willing to give Microsoft a blank check, but if Microsoft is to survive they have no alternative to demanding that blank check.

Despite common wisdom, Windows is not Microsoft's main weapon. Their chokehold on the computing public is primarily Microsoft Office, and, to a lesser extent, other Windows applications. And it's not even the applications themselves, but their file formats. If the DoJ had really wanted to take Microsoft down a few notches, the way to have done it would have been to ensure that Microsoft file formats were open and standardized. The proliferation of OpenOffice.org is a much greater danger to Microsoft than the proliferation of Linux. If OpenOffice.org file formats become a widely-accepted standard, Microsoft will feel the pain. Accordingly, I'm giving as high a priority for my own transition to file formats as to operating system and applications. One day soon, someone will send me a .doc file attachment, and I'll respond, "I'm sorry. I don't accept proprietary document formats. Please re-send your file in a standard format."

When the day comes that Microsoft is forced by popular demand to support import/export of OOo formats, Microsoft is toast. Count on it.

 

[Top]


Wednesday, 5 March 2003

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]


9:41 - I was talking to one of my vendor contacts yesterday. He said he was covered up at the moment and due in a meeting in a couple minutes, and asked if I could call him back Thursday morning at 9:30 his time. No problem, says I. Back when I was still using Outlook, I'd simply have created a calendar entry, set an alarm, and thought no more about it. But I'm not running Outlook.

So I decided to go over to the Mozilla site and see what progress they'd made on Calendar. I clicked on the link to install the latest version, and nothing happened. Ah, I'd forgotten to go into Preferences and enable software installation. I did that, clicked on the link again, and the latest version of the Calendar module downloaded and installed. After exiting Mozilla completely and restarting it, I fired up Calendar. The good news is that it didn't immediately crash my system, as it had done in the past.

I entered an event for Thursday morning and set an alarm. Then I got to thinking that it might be a good idea to test the alarm function, so I created a test event that was to start half an hour later than the current time, set an alarm to go off 15 minutes before the event started, and sat back to wait for the alarm. Nothing happened. Nothing I do will make Mozilla Calendar pop an alarm up.

Fortunately, my memory is pretty good.

 

[Top]


Thursday, 6 March 2003

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]


There's another PayPal scam making the rounds. This one comes via email and asks you to provide details of your PayPal account and bank account. If you receive such a message, verify its validity with PayPal directly before you take any action.

10:10 - I'll allow this message from Brian Bilbrey to represent many others...

-------- Original Message --------
Subject: Remember
Date: Thu, 6 Mar 2003 09:52:12 -0500
From: Brian Bilbrey
To: thompson@ttgnet.com

To call you vendor back at 0930 his time this morning.

<grin>

I'll bet you get a hundred of these reminders via email this morning.

Indeed. Thanks.

I have in fact solved my PIM problem. Yesterday, I archived all of the mail in the Outlook PST file and just started using Outlook for its Calendar/Task functions. The only problem with that is that Outlook alerts only if it's running. Since I'm not using Outlook for mail, I had to come up with some way to remember to run Outlook routinely. I took the low-tech route by modifying the positions of my desktop icons, as shown below. Crude and ugly, but it works.

Barbara is excited because she got email from Rhys Bowen last night. Rhys, along with Donna Andrews and Lyn Hamilton, is planning a tour this spring, and asked if Barbara would like to set up a signing session for them here in Winston-Salem. Rhys and Donna are two of Barbara's (and my) favorite mystery authors, with whom we correspond regularly. We're less familiar with Lyn Hamilton's work, although I did like those of her novels that I've read. We've never met any of these ladies, so we're both looking forward to converting yet more Internet-only friends to traditional friends. Barbara has already started organizing things

 

[Top]


Friday, 7 March 2003

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]


10:42 - What if they gave a war and nobody noticed? It appears that may be happening in Iraq right now, where US aircraft are now flying nearly 1,000 sorties per day. The bad guys are shooting at our warplanes, and we're shooting back and blowing up their stuff. Sounds like a war to me.

Actually, this is just preliminary sparring from our point of view. We want to force the bad guys to keep their heads down, to prevent them from moving weapons within range of our forces, and to keep them guessing about whether any particular influx of warplanes is the balloon going up. We can't achieve strategic surprise, obviously, but we're doing everything possible to maintain tactical surprise. We can practice as long as we wish, and not go into overdrive mode until shortly before the actual event kicks off. The Iraqis don't have that luxury. They have to be at 100% readiness all the time, because the real deal could start at any moment. Keeping them at a fever pitch is doubtlessly part of our plan, because it's impossible to maintain 100% readiness for long periods. People tire, equipment needs downtime, and so on.

And although we're just sparring at the moment, it's a walkover of the Iraqis. We counter everything they do. When they shoot at us, they don't hurt us, but our return fire kills them. When they attempt to move AAA or missile launchers into position, they are destroyed almost immediately. That should tell the Iraqis something. Right now, the US war machine is running at idle, barely turning over. When we put the pedal to the metal, when our initial time-on-target barrage finally does arrive, they won't know what hit them.

I still expect the land campaign to kick off during the next new moon, which is 1 April. That means the air campaign may kick off anytime between now and then. We can probably do what needs done with the air campaign in only a few days, but nothing succeeds like excess. Go Team. Kick Ass.

 

[Top]


Saturday, 8 March 2003

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]


16:16 - Not good. When I got up this morning, as usual I checked my email on the den system. I use SSL for POPping mail, and Mozilla popped up a request to accept a certificate from localhost@localdomain. That was strange, but I decided to take a chance and accept it temporarily. Mozilla then tried to retrieve my mail, but returned a PASS error. Next, I telnet'd over to mail.ttgnet.com and tried to log in. The system refused my password. Hmmm. If nothing else, that password is toast.

So next I tried to call up my web page, and got the following error message:

Not Found
The requested URL /thisweek.html was not found on this server.
Apache/1.3.27 Server at r00t.bounced.us Port 80

Hmmm. I really don't like that "r00t" part. I tried several other web sites hosted on rocket (the server my site runs on), including Jerry Pournelle's, Brian Bilbrey's, LinuxMuse, and so on. Most of them returned the error message above, but a couple took me to a RackShack introduction page, "Welcome to your new web site". Double hmmmm.

At that point, I thought about calling Brian Bilbrey, but it was 7:30 on a Saturday morning, and I really didn't think the problem justified getting him out of bed. Just after 9:00, Brian called me to say they were aware of the problem and trying to figure out what had happened. Around 9:45, he called back to say that one of the other boxes on the same subnet as rocket had been cracked, and the co-location company had simply taken the entire subnet down.

They had rocket back up by then. After talking with Brian about it, I decided I'd better change my passwords. For security purposes, I change my primary password on a rigid schedule. My current main password was due to be replaced in May anyway, since I'd started using it in May of 1993. I kind of hated to retire it early, but it seemed wise to do so.

I wrote the above at about 9:45 this morning. Since then, we've been down again for an extended period, from about 6:50 a.m. ET until about 13:00 ET. Then more time was occupied with changing passwords. Then, the morons at RackShack plugged the bad box back in, thereby killing our sites again, and again causing me to send my password to the bad box, which is owned by a German moron. And I am pissed. Not at Brian and Greg, who as much as I are victims of the German moron and the RackShack morons. It's the morons that are at fault here, and by their moronity they have cost Brian, Greg, Jerry Pournelle, and me a lot of time and aggravation. I told Brian that the four of us should all send invoices for our time to RackShack. Just what I needed. An entire day shot when I had other stuff I really needed to get done. Jesus Christ.

More details on Brian's page.

16:25 - Oh, yeah, I forgot to mention. If you sent me mail any time from about 6:50 a.m ET this morning until about 1:00 p.m. ET, it's gone, gone, gone. The moron who used rocket's IP address had an SMTP server running on it, which of course told remote SMTP servers that there was no such account. We were down so long because of RackShack's moronic policy that said they couldn't disconnect the rogue box, even though it was screwing up rocket, until they'd contacted the owner. Under their own AUP, they were fully entitled to pull the plug on that box, and should have. 

So then, this afternoon, another RackShack moron comes dum-dee-dumming down the aisle, notices that Bad Box is unplugged, and plugs it in again. I hope this time they took a sledgehammer to it. And of course, the moron plugging in the box meant that we lost yet more email permanently, and that my new password was compromised. Jesus. If this were a rational world, RackShack would have to pay me a lot of money for what they've done to me today. I hate them.

[Top]


Sunday, 9 March 2003

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]


11:28 - Brian Bilbrey says he can't summon up the level of feeling I have against RackShack. I'm not sure why. Their level of incompetence is stupefying, and their policies are nothing short of incredible. See this thread for details. Here's what happened:

1. Another customer mis-entered an IP address on his box. That IP address in fact belonged to rocket, the server my sites are running on. That should never have been allowed to happen. There are technical measures that can and should have been taken to prevent it.

2. Having failed to implement those technical measures, RackShack refuses to unplug the offending box, with the excuse that they have to give the moron who misconfigured it a chance to fix his mistake. The fact that his error is causing us problems is of no concern to RackShack, who is more concerned about the offender than about his innocent victims.

3. Those of us on rocket lost all service from about 6:50 in the morning until 1:00 in the afternoon. Mail sent to us was refused, because it actually ended up being directed to the offending box. Not only did we lose mail, but RackShack's incompetence made it possible that mailing lists to which we were subscribed would automatically unsubscribe us, meaning we all had to take our time to verify the status of all our mailing lists and resubscribe to any that had dropped us.

4. Because of RackShack's incompetence, we sent our passwords to the offending box. Now, I'm not particularly concerned about sending a clear text password to an SMTP or POP server, because that's one of billions of clear text logins traveling over the wire every hour. But when we're talking an endpoint, it's different. I have no way of knowing that my login information wasn't logged on the offending server. So I had to waste yet more time changing passwords. That enraged me. But it was only the start.

5. RackShack unplugged the offending server, and we were able to get to our server again. I changed my passwords, and then those morons plugged the offending server back in, causing me to send my new password to the offending server, where it may again have been logged. So I need to waste more time changing passwords yet again. RackShack doesn't care about any of this. According to them, we should suffer a complete outage for up to 12 hours while the offending moron is given a chance to fix his mistake. Well, screw the offending moron, I say. I don't want to punish the guy necessarily, but I do want him to be held responsible for his own mistake. Instead, we were made to suffer to avoid any inconvenience to the offending moron.

This is all unfortunately a commonplace thing nowadays. In a rational society, people who screw up should pay the price. In our society, people who screw up usually don't pay for it. Their victims pay for it. And that simply sucks. I have wasted the better part of a day because of RackShack's incompetence and stupid policies. What should they have done?

1. Implement technical measures to prevent this from happening. Roland Dobbins communicated to Brian and Greg a detailed list of what needed to be done and how to do it. Roland was surprised that it hadn't been done already, because leaving it undone exposed us not just to the problem we in fact experienced, but to potential security exploits.

2. Allowing that RackShack had not done what they should have done technically to protect us, at the very least they should have unplugged the offending box instantly. Under the terms of their own AUP, they had the right to do so.

3. Having unplugged the box, they should have restarted it off-line, fdisked the drive down to bare metal, and re-installed their default configuration, using the proper IP address (the one they'd assigned to it). They should then have reconnected the box, and only then told the offender that he could re-load his content on that box. They should also have sent the offender a bill for the time required to fix his mistake.

4. At the very least, RackShack should have instantly sent a cringing apology to those of us innocent victims who were affected by their incompetence. Money would have been better.

Pournelle called me while all this was going on and asked me if we should relocate our domains back to pair Networks. At the time, I wasn't aware of just how badly RackShack was handling the situation, so I told Pournelle that it could have happened to anyone and that we should stay where we are. Having seen the details now, I think perhaps I'll change my advice to Jerry. Having Greg and Brian running the server for us is a huge advantage. But having that server at RackShack is a huge disadvantage, at least until and unless they fix their policies and procedures. Greg and Brian are great, but there's only so much they can do given RackShack's control of the network to which rocket connects.

 

[Top]


Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004 by Robert Bruce Thompson. All Rights Reserved.