Home » Daynotes Home » Week of 13 September 2004

Photograph of Robert Bruce Thompson Daynotes Journal

Week of 13 September 2004

Latest Update: Saturday, 18 September 2004 11:50 -0400

Click Here to Subscribe Buy PC Hardware in a Nutshell, 3rd Edition:
Buy Building the Perfect PC:
[Amazon] [Barnes & Noble] [Bookpool]
[Amazon] [Barnes & Noble] [Bookpool]
Visit Barbara's Journal Page

Monday, 13 September 2004

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]
{Five Years Ago Today]

08:40 - Frustrating day yesterday. When Barbara got back from playing golf, we attempted to install the new CD receiver and speakers in her truck. The speakers went in without a problem, but when I removed the dashboard and started to install the CD receiver, I found that Crutchfield's "easy-install" kit required soldering a dozen pairs of wires together. I only had enough slack for the truck end of the wires to extend an inch or so out of the dash opening, so I didn't want to attempt to solder them there. We were heading over to Barbara's sister's house for dinner and to work on their PC, so we decided to stop by Lowes on the way and pick up some butt-splice crimp connectors. I thought I had some of those around, but couldn't find them.

We got the crimp-on connectors and got to Frances' house by about 3:00 p.m. I backed up their data, mostly mail and bookmarks, and pulled the current hard drive from their system. I replaced the original 5,400 RPM Western Digital drive with a 7,200 RPM 160 GB Maxtor and installed Xandros. That went smoothly, until Xandros prompted me to create an Internet connection. Huh? I'd never seen that particular wizard, but I figured maybe it was because I use a router at home whereas their system is connected directly to the cable modem, using ZoneAlarm to protect it.

I followed the wizard until it blew up, telling me there was no connection. I finally looked at the cable modem, only to find that the Cable light was out. Frances called Time-Warner to tell them their Internet connection was down, and they scheduled a visit from a repairman for this morning. That pretty much meant an end to what I could do with their system. I set up their mail accounts for them blind, telling them that they'd have to enter their passwords the first time they checked mail, after the cable modem was back up.

We had a nice dinner, and then headed home. As soon as we arrived, we went to work on Barbara's truck. As I tugged gently on the wiring harness, trying to get another inch or two of slack, it suddenly slid out a good six inches. As it turned out, there was an in-line connector that'd been caught on the back edge of the mounting tray. Once that was free, I had several extra inches to work with. In fact, I was able to disconnect the in-line connector, meaning I could take it into the downstairs guest suite and work comfortably with a lamp. So, I crimped the dozen wires from the adapter Crutchfield had provided onto the wires on the short cable segment I'd pulled from the truck.

I should have realized what I was doing wrong when I noticed that the two cable segments I was holding were identical. The same adapter on one end, and the same dozen wires with the same colors. After I finished crimping the two together, I belatedly opened the CD receiver box, only to find yet another cable segment with bare wires on one end and a plastic connector on the other. That connector mated to the CD receiver, and was completely different than the identical connectors on the cable segments I'd just crimped together. Oops.

To make a long story short, the two cable segments I'd crimped together looked identical because they were identical. The one I'd pulled from the truck was the older equivalent of the adapter Crutchfield had provided the last time I'd installed a radio for Barbara. Duh.

No harm done, except that the little container of butt-splice connectors I'd bought had 22 splices. I'd used thirteen, twelve to connect the wires, and one I'd wasted. That left me with nine, three short of what I needed. Then I realized that I really needed only eight, because Barbara didn't want her rear speakers connected. I was about to start over, but I was mentally and physically whacked, so I decided to wait until I was rested. I put Barbara's dashboard back on, and she drove to work this morning with a hole in her dash.

Heads-down writing all week, so updates will be sporadic. We also supposedly have Ivan the Terrible headed our way later in the week.

09:30 - Someone asked me what I thought about the forged Bush memos. I'm not a forensic document examiner, but it was clear to me at first glance that these memos had been forged, and incompetently so. No question about it. About the only thing they got right to conceal the forgery was using generational degradation by photocopying photocopies.

Those forged memos were done on a computer, and anyone who says otherwise is either ignorant or disingenuous. I picked up instantly on the superscripted "th" and the kerning. There were proportional typefaces available back then, but they weren't kerned, and the technology to do that didn't arrive for many years after those memos were supposedly typed. Also, these documents were clearly printed originally on 8.5" wide paper, and I seem to remember that the military at that time used smaller sheets, something like 7.9" X 10.4".

There are numerous other minor points, such as the suspicious space before the "th", which are a pretty good indication that these forgeries were done with a modern version of Microsoft Word. Try typing "111th" followed by a space in Word and you'll see what I mean. As soon as you press the spacebar, the "th" is superscripted automatically if Word is using default settings. But if you insert a space between "111" and "th", the "th" is not superscripted. It's likely that the person who typed these forgeries wasn't an expert in Word and didn't realize he could turn off the superscripting in the autocorrect dialog.

But the real question is who forged the memos and what knowledge the Kerry campaign had of the attempt. I suppose it's remotely possible that this crime was committed without the knowledge of the Kerry campaign, but I think it unlikely. (I am assuming that forging official government documents is in fact a crime, although IANAL). It seems to me that the next step should be for the FBI to get involved. They need to have a heart-to-heart chat with the person who handed over these forgeries to CBS News and work their way back the trail to find the person or people who were responsible. My guess is that the trail would lead deep into the Kerry campaign, although it's likely that Mr. Kerry himself was unaware of the crime, if only for plausible deniability.

Mr. Kerry is plainly terrified that the Swift Boat Veterans' campaign has succeeded and that he'll lose the election because of it. These forgeries are a pretty transparent attempt to put the ball back in Mr. Bush's court. If my assumption is correct, that forging and uttering official government documents is a federal offense, the FBI should be all over this one, not just because of the forgeries, but because they represent a criminal attempt to influence the outcome of an election.


Tuesday, 14 September 2004

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]
{Five Years Ago Today]

08:47 - Linux terrifies Microsoft. Linux is eating Microsoft's lunch in server space, and beginning to make serious inroads on the desktop. But Linux isn't the only OSS software that keeps Microsoft awake at night. Windows is only half of Microsoft's cash cow. The other half is MS Office, and that's threatened by OpenOffice.org.

Here's an interesting article from Groklaw that lists the provisions in their recent play-nice agreement that relate to OOo. Basically, Sun and Microsoft agree not to sue each other or either's authorized licensees for any patent infringements that occurred prior to their agreement, except that Microsoft reserves the right to sue anyone other than Sun who distributes OpenOffice.org. Hmmm. I wonder what Microsoft is thinking. They can't be planning to shut down OOo with patent suits, can they?

This is one more example of why the idea of software patents is fatally flawed. Formerly, software was protected by copyright, which is as it should be. The expression was protected, but not the idea. With software patents, we end up with absurdities like Amazon's one-click patent or Microsoft's attempt to patent the idea of using the tab key to move between fields. The real effect of software patents is to allow well-funded corporations like Microsoft to eliminate competition and keep software prices artificially high.

Jack Messman, CEO of Novell, said yesterday that Microsoft has "sucked $60 billion" out of the industry by using various methods to keep the price of their software artificially high. Software patents had little to do with that in the past. Most of it was a result of bundling, differential pricing, Licensing 6, and so on. But Microsoft has recently started going after software patents in a big way, so the reasonable assumption is that Microsoft plans to use these software patents to kill OSS as one means to sustain their artificially inflated software prices. This needs to be stopped.



Wednesday, 15 September 2004

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]
{Five Years Ago Today]

08:17 - I was ill yesterday and didn't get much done. That leaves me with a backlog of stuff to get done today, so I'd better get to work on it.

This from Jim Cooley:

-------- Original Message --------
Subject: Taxation and representation
Date:    Tue, 14 Sep 2004 21:17:00 -0400
From:    James Cooley
To:      Robert Bruce Thompson


I think you've mentioned your views on who should vote before, but I've forgotten them. I rarely make comments on a blog, but when I saw the question below I responded off the top of my hat and remembered you'd said something similar.

I'm curious how closely our views correspond.


As I've said before, if we must have voting, I think it's a good idea to restrict the franchise as tightly as possible. I'm in favor of literacy tests, poll taxes, means tests, and other measures that are designed to weed out casual, ignorant, and stupid would-be voters. I also think the qualifications should differ according to the type of election.

For example, for a local election, for which local property taxes always support the decisions made by those being elected, I think only those who own the property to be taxed should be permitted to vote. I'd make that a simple test. Only those who own or co-own with a spouse the property where they reside and will consequently be paying property taxes directly should be entitled to vote in that election. As to free-and-clear ownership, that's a matter for discussion. I'd certainly consider someone who was in the first year of paying off a mortgage on his home to be better qualified to vote for candidates who set local property taxes than someone who lives in an apartment.

A better method might be to weight each vote according to the property taxes paid. For example, if I'd paid $3,500 last year in local property taxes, my vote is weighted at 3,500 units. Someone who paid twice as much has his voted weighted twice as heavily, and someone who paid half as much has his vote weighted half as heavily. Someone who paid no direct property taxes, including apartment dwellers, has his vote weighted at zero. The old saw says that responsibility and authority should be commensurate, and this would accomplish exactly that.

For statewide offices, the weight of a particular vote should be proportional to taxes collected at the state level, including state income taxes, sales taxes, and so on. Taxes like sales taxes that are not paid in one chunk could be fixed statutorially by income level. The same thing could be done at the federal level, based on federal income taxes paid.

Or, if all of that is too complicated, we could simplify by using a means test that requires a specified level of net assets as a requirement to vote. For example, we could set the bar at some reasonable level, say, $50,000 net assets, and allow only those who could prove they had at least $50,000 in net assets to vote in any election.

11:28 - I just got email from someone who says that Linspire (formerly known as Lindows) is now offering a free download of Linspire 4.5. To get the free copy, select the Digital Download Only version of Linspire for $49.95 and then apply the coupon code "deviant9" on the following page. I haven't tried this, but I figured I'd pass it along for anyone who's interested.


Thursday, 16 September 2004

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]
{Five Years Ago Today]

11:33 - Three critical vulnerabilities in Mozilla, Firefox, and Thunderbird were announced yesterday, along with seven other less important flaws. All of those flaws are fixed by the most recent releases of the Mozilla programs, which were available for download at the same time the flaws were announced.

Interestingly, all of these flaws were uncovered as a result of Mozilla's new bounty program, which pays a nominal $500 bounty to anyone who uncovers and reports a security hole. As is usually true for Open Source Software, the fix followed quickly on the heels of the vulnerability report.

If you're running Mozilla, Firefox, or Thunderbird, download and install the latest versions now. No known exploits of these flaws exist, but now that they've been made public it probably won't be long before someone attempts to exploit them. If you're running Mozilla under Windows, you can just download the installer .exe and install it per the directions provided. If you're running Mozilla under Xandros, you can download the tarball and install it per the directions that Ron Morse posted on the messageboard.

Speaking of Mozilla, it appears to be making huge gains at the expense of Internet Explorer. John Dvorak said the other day that more than 50% of the visitors to his blog were using some form of Mozilla. That motivated me to check my own server logs, which tell me that about 40% of my visitors are running some form of Mozilla. I also checked Pournelle's logs, and found that 2/3 of his visitors were using IE. The remaining third, with the exception of a few Mac users, were using some form of Mozilla.

This really bodes ill for Internet Explorer. Certainly, the people who read Dvorak, Pournelle, and me are much more technically inclined than the average user, but if our logs show 33%, 40%, even 50%+ Mozilla usage, that is also predictive of a huge uptake of Mozilla among general users. It seems to me that IE has already lost the battle for mind share among knowledgeable users, and those knowledgeable users are also opinion leaders.

Until recently, IE had a 95%+ market share. Its decline is already apparent in server logs everywhere, and that decline is accelerating. I expect to see IE market share drop into the 85% to 90% range by year end and into the sub-70% range by year end 2005. All of that is assuming just the usual ongoing plague of viruses/Trojans/worms and IE exploits. If another major epidemic hits, that decline will be accelerated further. And don't forget that Microsoft has left users of pre-XP Windows versions high and dry. There are tens of millions of Windows systems out there for which no patches are available for known vulnerabilities. Those myriad systems are ripe for trouble.

Microsoft supporters will doubtlessly point to yesterday's announcement of Mozilla flaws as evidence that IE is no worse than Mozilla in terms of security. But they miss the point entirely. Mozilla actively hunts down bugs and eradicates them quickly. Microsoft allows known bugs to exist unpatched, sometimes literally for months.

If I'm running Mozilla on Windows 2000, all I need do is download and install the latest Mozilla version and I'm protected against all known security holes. If I'm running IE on Windows 2000 or earlier, I'm out of luck. Microsoft hasn't seen fit to patch known severe flaws in IE running on Windows 2000 and has no plans to do so, ever.

The only solution Microsoft offers is for you to upgrade to Windows XP, which of course you have to pay for. That's simply unacceptable. Microsoft should fix the security holes that exist in IE running on Windows 2000 and provide that fix free of charge. If they can't fix the security holes in Windows 2000, they should provide free upgrades to Windows XP for all licensed Windows 2000 users. Knowing that a severe security hole exists and refusing to fix it without charging for the fix is simply unconscionable.

My advice, regardless of whether you're running an older version of Mozilla or IE, is to upgrade to the latest version of Mozilla.

15:01 - The RIAA is evil, certainly, but I can't believe even they would be stupid enough to swallow this bait. If this supposed leaked document is for real, Microsoft has proposed including their own proprietary CD lock-down standard in Shorthorn, but requires the music industry to sign on to this proposal on almost no notice. As much as the RIAA would love to have a reliable CD lock-down standard, they must realize they'd be handing the keys to the kingdom to Microsoft if they accept this proposal.

Even if all of the RIAA members were favorably inclined to the proposal, I can't imagine that a consensus could be reached by next Monday, which is the supposed Microsoft deadline. And I can't imagine that all (or any) RIAA members will be favorably inclined. In effect, Microsoft is saying "trust us", and I have to think that the RIAA will not be inclined to take something on trust that is so important to them.


Friday, 17 September 2004

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]
{Five Years Ago Today]

08:35 - Someone sent me this...

Amongst all the other items on my to-do list is building a Linux server. Or perhaps I should say installing Linux on a server that I've already built. For the time being, we're using messier, my former primary desktop system, as an ad hoc server. Messier runs Windows 2000 Professional, and would be a quite capable Linux server. It has only a P4/1.7 processor, but it does have 512 MB of RAM and a SCSI tape drive. Perhaps I'll simply pull the hard drive, install a couple of ATA drives that I can mirror, and have done with it.

I seem to be doing a lot of that lately, pulling hard drives, that is. I pulled Barbara's Windows 2000 drive before I installed Xandros for her. I pulled Barbara's sister's Windows XP hard drive before I installed Xandros for them. And now this one. I'm ending up with quite a collection of hard drives on the shelf.

At any rate, I've been thinking about which Linux distro to install on a server box. My first inclination was to install SuSE, but the more I think about it the more I think I'll install Xandros on the server. That may seem an odd choice, but bear with me.

First, this will be a simple file/print server, so Xandros in its default configuration could do the job quite well. I don't need to run DNS, DHCP, a web server, a mail server, or any many other servers I might have thought about running on this box.

Second, Xandros is as good at connecting with Windows clients as is Windows itself. Sometimes better. My first thought was that I didn't care about connecting Windows clients, because there wouldn't be any. Then I realized that wasn't true. I'll certainly want our Windows 2000 notebook to be able to connect to the network, and I'll always have several Windows test-bed systems running. So Windows connectivity is important, and I don't know of another Linux distribution that makes Windows connectivity transparent as Xandros does.

Furthermore, if I ever do want to run a web or mail server or any of those other services that Xandros doesn't supply in its default configuration, it's no big deal. Xandros is, after all, based on Debian, so there won't be any problem adding services if I decide to do that later.

So, on balance, I think Xandros is the right choice of Linux distro for our small server. The one fly in the ointment is that Xandros isn't set up to support RAID, but that may be fixable. We'll have to see.


Saturday, 18 September 2004

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]
{Five Years Ago Today]

11:50 - So now it's been revealed that one can open a Kryptonite bicycle lock with the plastic tube from a Bic pen. According to the news reports, this is a major revelation. I confess that it was a surprise to me that cylindrical locks were still vulnerable to such an exploit.

I never tried to open a Kryptonite lock, but about 35 years an old retired locksmith taught me how to pick locks. One of the tricks he taught me was that some cylindrical locks, like those using in vending machines, could be opened with a stiff piece of plastic tubing of the proper diameter and thickness. He used clear thick-wall laboratory tubing, of which he had a selection of sizes, but the concept is the same. I have to believe he wasn't the only one who knew that trick, so I was very surprised that such locks hadn't been improved in the last 35 years.

Now that this information is public, Kryptonite and other bicycle locks that use the vulnerable mechanism are clearly worthless for securing a bicycle. The company's response is interesting. They posted a notice on their website that they'd have full details of a mitigation program posted next Wednesday, but it seems that the essentials of that program are that they'll supply upgrade fixes to anyone who purchased one of the affected locks within the last two years and offer significant rebates to those who have a model older than two years.

Obviously, that's not ideal. They should replace any affected lock regardless of its age, because the design itself was defective. I suspect that they're treading a fine line between making things right for customers and driving their own company into bankruptcy. At least one smaller company also supplied defective locks, and they announced that they're not sure yet what action they'll take. The only real fix in many cases will be to replace the lock entirely, but doing that would drive companies into bankruptcy.

But at least they're trying to make it right for customers, even at the expense of beggaring the company. Contrast this with the behavior of Microsoft regarding the known hideous vulnerabilities in IE under Windows 2000. Microsoft has announced that they can't and won't fix the IE security flaws under Windows 2000, and the only alternative they offer is for Windows 2000 users to pay for an upgrade to Windows XP. It seems to me that the least Microsoft could do is offer a free XP upgrade to Windows 2000 users, which would cost them a lot less proportionately than these lock companies are willing to pay to fix their screw-ups. But Microsoft never has cared about their customers, as their actions have repeatedly shown.

(And, no, I never took advantage of what I'd been taught to raid vending machines or commit other criminal acts. Well, I do admit that in high school my best friend David Silvis and I did sometimes remove the combination padlocks from lockers and sell them back to the owners. I'll bet it'd still take me less than 30 seconds to open a typical combination padlock.)


Sunday, 19 September 2004

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]
{Five Years Ago Today]



Copyright © 1998, 1999, 2000, 2001, 2002, 2003, 2004 by Robert Bruce Thompson. All Rights Reserved.