Daynotes Journal Week of 6 October 2003 Latest Update : Sunday, 12 October 2003 08:41 -0400

Monday, 6 October 2003

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]

9:34 - The last few days have been the weekend from Hell. Our oldest dog, Kerry, is nearly 16 years old, which is about 100 in people years. Unfortunately, he's either becoming incontinent or getting confused about where to go. Yesterday, Barbara and I had him out in the front yard, and he was desperately trying to hold it until he could get back indoors. Friday afternoon was the worst, though. We often keep Kerry penned in the foyer because otherwise he thrashes around constantly, which for some reason terrifies Duncan.

About 4:00 p.m. Friday, I took all three dogs out for a bathroom break. After walking around with them for ten minutes or so, I brought them back in. About 4:15, I got up to get a Coke and smelled something in the foyer. It was a disaster area. I hosed down the foyer rugs and took then downstairs and put them in the washer, for the third time in three days. Then I started to clean up the remaining mess with toilet paper, as I usually do, but that was hopeless. So I escalated to paper towels and ammonia, which didn't do much better. Eventually, I got out the bucket and mop and ended up mopping the foyer twice to get it clean.

Unfortunately, during all this I also managed to hurt my back. When I first noticed the problem in the foyer, I tried to lift Kerry to his feet without stepping in anything. I was twisted in a very awkward position, and when I lifted him up I think I sprained one of the muscles in my back. Fortunately, aspirin seems to work, and I'm not hurting much.

Then Saturday I went over to Barbara's sister's house to set up the new PC that Frances and her husband had just received and connect it to Roadrunner. It's their first PC, so they wanted to get it set up properly to start with. It's an HP Pavilion with an Athlon 2000+ processor, 512 MB of memory, and a nice 17" flat-panel display.

I'd originally suggested they get a baby router, but they'd already busted their budget on the PC itself, so I suggested we install ZoneAlarm instead. I picked ZoneAlarm rather than one of the more configurable software firewalls because I wanted something that would just work without requiring them to do much. I got the PC unboxed and connected with no problem, installed ZoneAlarm, and connected the PC to their cable modem.

The first thing I saw was a ZoneAlarm alert saying that BackWeb-137903 was attempting to connect to the Internet. That didn't sound good, and for a moment I thought that their system had been infected almost instantly when I connected it to the cable modem. The truth was much stranger. Their new system had malware installed on it before I even set it up. HP did that intentionally, believe it or not. I installed SpyBot Search & Destroy, updated it, and told it to scan the hard drive. In addition to the BackWeb Trojan, it also found Comet Cursors and other Malware, put there by HP. After I got all that junk cleaned up, I installed Grisoft's AVG, updated it to current, and ran a virus scan. No viruses were detected.

Then came the fun of using Microsoft's automatic update service to bring the system up to current on patches and service packs. When I connected to Windows Update, it told me there were dozens of critical updates needed, along with a dozen Windows XP updates and three driver updates. Just downloading all of those and getting them installed took several hours. I had to sit there the whole time, because periodically ZoneAlarm would pop up a warning dialog to ask if it was okay for some application to access the Internet. The applications were part of the updated Microsoft stuff. I wasn't about to turn off ZoneAlarm and let their system sit for an hour or more connected naked to the Internet, so I had to sit there waiting for ZoneAlarm alerts.

Finally, all of that completed and I was able to start installing applications. I installed Mozilla 1.4, WebWasher, OpenOffice.org (the system came with only WordPerfect), Irfanview, and other apps. With Mozilla installed, it was time to get their mail configured. The moron Roadrunner installer hadn't left their account name or password anywhere, so I had to spend 15 minutes or so on the phone with Time-Warner Cable and Roadrunner to get a username and password. That really annoyed me, because I'd spoken by phone to the installer while he was there and specifically asked him to make sure to leave that information for them. Once I got that information, it took only a few minutes to get their email setup and tested.

Then came the part I dreaded. Frances and Al had bought an HP OfficeJet hydra--printer/scanner/copier/fax device. I hate those things on general principle, and I particularly hate HP models. As far as I know, HP LaserJets are still okay, but I swore off ever buying another HP printer or scanner after my horrendous experiences with the $400 HP 6200C scanner I bought several years ago and never was able to get working.

This OfficeJet 6110 fulfilled my expectations in spades. I disabled the AV software and started the installation, following their directions exactly. Everything proceeded normally right up to the point where I was supposed to connect the printer so it could be recognized. It wasn't recognized. Instead, I got a cute little image of the OfficeJet on one side, the PC on the other, with a cable with a big red X in the middle of it. I shut everything down, checked all the connections, restarted the system, uninstalled the driver software, rebooted, and tried the installation again. Same problem. I tried plugging the USB cable into a different port, re-did the uninstall and re-install from scratch. Same problem. After four abortive attempts, it was 8:00 p.m. and I was exhausted.

Yesterday, Barbara went over to her sister's house after she finished playing golf. She and her sister called HP tech support and spent literally hours on the phone with them. They couldn't make it work either. Near the end of that session, Barbara called me and told me the HP technician was telling them that there was a problem with the chipset in the computer. Huh? I told her to ask the guy to call me.

A couple minutes later the phone rang, and I was talking to some guy in India. He told me that "the Intel USB controller is missing from the chipset." I explained to him that this system was an AMD Athlon processor running on a VIA-based motherboard, so it wasn't surprising that there was no "Intel USB controller". From his lofty position of great technical expertise, he told me that I shouldn't question his technical assertions. His suggestion was that we return the OfficeJet to the retailer and get a replacement, so I thanked him and hung up.

I called Barbara back and told her to tell Frances to return the OfficeJet for a refund rather than replacement, and that I'd talk to them about what they should get instead. Frances didn't want to do that, because she wanted the PC and printer to be matched in appearance. I told Barbara to tell Frances that I expected a replacement OfficeJet to have the same problem, and that if she insisted on getting one I couldn't guarantee to make it work. I have no idea what they'll decide to do.

And today I have a dentist appointment.

11:22 - After working hard to protect Barbara's sister's new PC against viruses and worms, I read this article in The Register this morning. The guy makes some excellent points. The plague of Windows viruses and worms is often blamed on the ubiquity of Windows. I've made similar comments myself. There's some validity to that statement, but, as this author makes clear, not a lot. Windows is inherently insecure and Linux is inherently much more secure. The article is worth the time to read it.

15:21 - Back from the dentist. I survived. 

With regard to my problems with the HP hydra, Ron Morse posted the following installation procedure over on the messageboard:

I get the same result when I try to install my Photosmart 1215 printer and Scanjet 4550 in XP using HP's directions.

This is what I do to get them working. Note the following procedure differs from HP's instructions.

Make sure the latest VIA USB drivers for your chipset are installed.

Download the latest drivers from HP's support site.

Expand/unzip/copy (depending on their form) the HP drivers to a scratch directory. Not necessary to extract .CAB files but they need to be in the scratch directory (for the printer this results in about 265 files).

power off

connect the device on both ends, power it up.

Power the PC on. If XP detects new devices during IPL click cancel. You may have to do this multiple times. You want XP to be fully loaded before installing the devices.

From the XP desktop, disable AVG and tell Zone Alarm to block all internet traffic. If Zone Alarm is not installed, disconnect the internet cable. YOU DO NOT WANT THE HP INSTALL ROUTINE TO TRY AND ACCESS THE NET.

Expand the device tree in Device manager, you should see a number of entries for the hydra, indicating errors. Find the printer, right click, select update driver, select let me choose which files. Browse to the AUTORUN.INF file in the scratch directory. Click OK

All hell will break loose. Select OK anytime it asks you a question. This should install the drivers for all the devices enumerated in the AUTORUN.INF file. If it asks to reboot when done, do so. If it doesn't ask you to reboot when done, do it anyway.

check device manager for errors (should be clean).

enable AVG and reset Zone Alarm

This method works for me without fail...even over a network.

[Top]

Tuesday, 7 October 2003

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]

10:39 - The polls have just opened in California, where it appears that Arnold Schwarzenegger is almost certain to become the next governor. In general, the media has done everything possible to hurt Mr. Schwarzenegger's candidacy. They have given major play to unsubstantiated claims of sexual harassment, and to the ridiculous claims that Mr. Schwarzenegger is a closet Nazi who admires Adolph Hitler. At the same time, they have largely ignored Mr. Bustamante's unapologetic support for a racist Hispanic radical group and credible allegations of Mr. Davis's foul-mouthed private ravings and physical abuse of his office staff. Despite all of that, it appears that Mr. Schwarzenegger is likely to be elected by a large margin.

I don't envy him the job. I think he's going to find that entrenched special interests and populist laws will make governing impossible. California may be too badly broken to be fixed, at least in any fashion that is acceptable to the voters. Mr. Schwarzenegger is, after all, only one man. He's saddled with the mistakes made by and the obligations assumed by the Davis administration, and he's not likely to have a cooperative legislature. I am reminded of that old joke: First Prize - one week in Cleveland. Second Prize - Two weeks in Cleveland. (No flames, please. I used to live in Cleveland, where, speaking of flames, the Cuyahoga river once caught fire.) Mr. Schwarzenegger may yet regret winning this election.

My impression of Mr. Schwarzenegger is that he is an honest and honorable man. I don't agree with him on many of the issues, but I don't doubt that he will attempt to do what he's promised. I'm just not sure that his honesty and honor will suffice.

Ron Morse points out over on the messageboard that he didn't realize I was going to post his comments about bringing up the HP hydra. I apologize to him for posting it without asking permission. Ordinarily, if I have any doubt, I ask before posting. In this case, he'd already posted his comments publicly on the messageboard, so I neglected to ask. Ron points out that his comments were specific to my situation, and not to be taken as general advice. You can read more of what he has to say on the messageboard in this week's topic.

I hate it when this happens. Some time ago, I'd posted a favorable comment about LaserMonks. But Richard Micko sends the following, with an attached copy of the spam he received from LaserMonks.:

-------- Original Message --------
Subject: FYI. regarding lasermonks.com
Date: Fri, 3 Oct 2003 16:18:37 -0400
From: Richard Micko
To: 'Robert Bruce Thompson'

You have recommended them on your webpage. I thought you'd be interested in this spam or uce, which I received today. I have not purchased from them before, so a 'prior relationship' does not exist. A cursory search of 'opm network' and 'flaview.com' results in spam problems.

Have a great weekend,

Rich

Arrrghhh. I hate it when that happens. I'd be willing to bet that the monks don't even realize they're doing anything wrong. Or least they didn't until they started this spam campaign and started getting nastygrams from people they'd spammed. I've noticed a certain selective blindness among many businessmen. They all know spam is bad. They all get lots of spam in their inboxes, and they hate it just like the rest of us do. But they don't consider their spam to be spam. It's important to them and therefore must be important to everyone.

I'd be willing to bet that this all started when LaserMonks themselves received a spam, something like "Promote your business inexpensively with bulk email". They probably thought, "Everyone would buy our stuff if they knew about it, and here's a cheap way to get the message out." Like many businessmen, they didn't stop to think that what they were about to start sending was spam. One man's useful marketing message is another man's spam. Or, one man's Mede is another man's Persian. Or, one man's fish is another man's poisson. (With apologies to George S. Kaufman, Oscar Wilde, and H. L. Mencken.)

And this from Dr. Mark Huth on the Linux vs. Windows viruses link I posted yesterday.

-------- Original Message --------
Subject: security linux and microsoft in the Register.
Date: Mon, 6 Oct 2003 13:58:23 -0700
From: Mark Huth
To: Robert Bruce Thompson

Bob,

Like most things, this whole Linux/Windows thing is complex.

I'd agree with everything the article author has said (perhaps without the same undercurrent of religious fervor), however, the fact remains that the Windows world provides huge advantages that the Linux world doesn't provide and no amount of wishful thinking can make that go away. It is also true that Windows can be made to function in a secure fashion. Put windows boxes behind secure firewalls, virus scan, maintain patches and one has a pretty good, pretty secure, pretty stable platform. Look at my environment, your working environment, and that of millions of others running Windows. Would Linux or OS X be better than Windows if it had the same market penetration? Sure, but it doesn't. Is it as easy to setup Linux on an individuals machine, does it provide the same workgroup integration, etc. Answer, alas, is no. Can I run my business on it? Not now, and not for the foreseeable future. Is it as cost effective as Windows? I don't know, but if the pieces don't exist to run in my environment...the cost doesn't much matter.

My point...well the article writer is looking at a tiny piece of a much bigger picture and is looking much the easier part of the picture. I'd suggest that Gates et al. didn't see the future clearly and made some bad choices in one area, but saw the future far more clearly than anyone else in many other areas.

Microsoft, for all its warts, has clearly improved my workplace. We do run our business on Microsoft products, we employ a bunch of people, we make technology decisions based on what works...not what I'd personally like to see work. Religious discussions are fun, but for better or worse Microsoft is doing an ok job of putting bread on my table and that of my employees.

I'm hopeful that the next 5 years will bring improvement in both the Linux and in the Microsoft products. I would make my life easier and probably expand your target market for your books as well!

Warm regards.

You make several good points. That Windows is inherently insecure is not in doubt. Even Microsoft has admitted that publicly. That Linux is inherently more secure than Windows is also not in doubt, although Microsoft would bite their collective tongues off before admitting that.

All of that said, I don't regard viruses and worms as a big problem for me personally. Like you, I have firewalls, virus scanners, and so on out the wazoo. The likelihood of one of us falling victim to a virus or worm is pretty small. But we are not normal users. I continue to use Windows 2000 for now, because for me it has the best combination of features, software support, and so on. I'm willing to put up with the virus/worm threat because I can contain it, albeit at an unfortunately high price in terms of time, effort, and frustration.

I've watched Linux grow and mature over the last few years, and I don't doubt that it will eventually become a serious competitor to desktop Windows. As you say, for many that day has not yet arrived, but it is coming. I think a lot of people think of desktop Linux as being X years in the future, but it's not really quantifiable that way. For some, desktop Linux is here now. For others, it's on the very near horizon. For still others, it's a long way off. Application and data format compatibility remains the overwhelmingly important issue. Most of the usability concerns have been addressed and things continue to improve on that front. Linux will arrive for the desktop in fits and starts, as more and more large companies begin to adopt it. There is a critical mass issue. I'm not sure where the critical mass occurs, but I've seen credible estimates of 10% of desktops. Once Linux reaches that critical mass, it will be unstoppable, because everyone will rush to support it with their applications.

My guess is that for you desktop Linux may be three to five years away. For me, it's a lot closer.

12:01 - More from Dr. Huth:

-------- Original Message --------
Subject: RE: security linux and microsoft in the Register.
Date: Tue, 7 Oct 2003 08:12:45 -0700
From: Mark Huth
To: Robert Bruce Thompson

Bob,

I'd like to believe that what you say is true. However, I've some doubts. Software development time being what it is for complex software, I don't see the medical applications we need being available in the 3-5 year time frame. That would mean that many of the larger firms should be starting now...and none of the firms we've discussed this with have told us of any plans to move their software over to Linux. Further, one needs to interweave the applications into an "environment". As a crude example, my electronic medical record needs to talk to my cath lab software, to my echo machines, it needs to talk to my scheduler, needs to talk to my billing system, needs to be web enabled, allow portable devices, etc. Those interconnections require structure, years of fine tuning and dare I say it...corporate relationships. While a collection of open source programmers may generate a fine product, do they do the legwork to connect their software to the software that I need? My market is huge, but smaller than the word processing market by multiple orders of magnitude. I suspect that similar industries require similar levels of interconnection. I don't think that it is simply a matter of putting up a word processor or spreadsheet and saying "World, here it is!" (Although, that it taking a horridly long time to happen in the Linux world...and yes I've got a copy of Open Office).

I, personally, think that it is more likely that Microsoft will begin to show improvement in security. As we both know it isn't very difficult to protect MS software from most threats. Granted one needs to hide it behind "other" software...firewalls, virus scanners, but one would need to do some of that no matter which OS one uses. I'd never put anything that had sensitive data on the net without protection. I suspect that Microsoft will begin to show improvement in the next couple of years

Then, is cost an issue? Well, from a business standpoint, is the cost of Microsoft products an issue? Well, we are running a mix of NT 4.0 server, windows 2000 server, Office 98 and 2000, with Windows 98, 2000, and XP on the desktop, (I believe you remember that we also run AIX and Linux). The cost of these Windows products just isn't an issue. Would free be better? Sure, but Linux isn't really free.

I think you're confusing operating systems and applications. I have certainly never suggested that commercial software won't be used on Linux systems, or that open source developers would fill all software needs. IBM, Oracle, and other large companies, as well as thousands of ISVs, have ported their high-dollar applications to Linux, and I expect that trend to continue. Ask any vendor of server applications and they'll tell you that there is great demand for Linux versions of their apps. Certainly the horizontal applications like databases have been the first to be ported, both because the market for Linux versions is larger than it is for vertical applications and because many of those vertical applications require horizontal applications like Oracle to function.

Linux is a better application server OS than is Windows Server. That fact, as well as customer demand, has caused many software companies to make their software available for Linux. I don't know the medical software business, but I'd be surprised if Linux didn't start making some serious inroad there as well. Not just for the lower cost and superior functionality of Linux, but because security is not the problem on Linux servers that it is on Windows servers, and data security is certainly a major issue in the medical profession. I'd expect most medical software developers to soon begin producing Linux versions of their Windows Server applications, and eventually to phase out support for Windows in favor of Linux.

In purely technical and economic terms, Linux is unstoppable. The only prayer Microsoft has is to continue doing what they've been doing, which is to attempt to use the legal system to block Linux.

[Top]

Wednesday, 8 October 2003

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]

9:38 - Governor Schwarzenegger finds himself in the same situation that our oldest Border Collie, Kerry, was in the time he charged a UPS truck, bit it in the tire, and brought it to a halt. Now that he's caught it, what's he going to do with it?

A lot depends on whether he cares about being re-elected in three years. If he does, he'll have to work within the existing political framework. With the Democrats already talking about recalling Schwarzenegger, he's obviously not going to get much co-operation from the legislature, and he can count on ferocious opposition from entrenched special interests. That means California will spend the next three years in political deadlock. Conversely, if Mr. Schwarzenegger doesn't care about being re-elected--and why should he?--he can get a lot done by using executive orders to slash his way through political opposition. Many, perhaps most, of those executive orders will be the subject of court battles, but by the time the courts settle them they will have had their intended effect anyway.

So, the question is whether Mr. Schwarzenegger will behave as a typical politician or as the Terminator. I'm betting on the latter, and hoping that's what happens.

More on Linux from Dr. Huth:

-------- Original Message --------
Subject: RE: security linux and microsoft in the Register.
Date: Tue, 7 Oct 2003 22:46:54 -0700
From: Mark Huth
To: Robert Bruce Thompson

Bob,

Again, thanks for the note and I don't want to get into a beard pulling contest with you, especially over something which will work out in some fashion in the future.

That said, let me natter. I'm not so naive that I don't understand the difference between operating systems and applications. As you know, I did device driver development in assembly language as a contract programmer for Hewlett Packard eons ago and have worked with 5 large medical software companies in database development over the years. I'm in the process of working with a number of web developers to try and get a freely available medical database running in a cross platform environment right now in conjunction with the ACC and with Johnson and Johnsons research arm. So, I do get it...a bit anyway.

But, OS's provide the environment for software development (as you understand far better than I). Indeed, much of the bitching about MS is that outside developers don't have the same access to the OS that MS developers have. That environment...the fact that the OS supports an excellent word processor, the fact that my programming environment can access my plotting and graphing program, that my groupware will allow me to detail tasks to others, that I can use something like Access to do a quick and dirty mock up of a project to be converted into a more advance database are all part of the environment provided by the OS and applications in concert. If I need to find a different program to do my scanning or faxing or PIM...I want a selection. (As a more specific example, we've done a working, tested database in Access in our project...with the idea that it will be converted into a more sophisticated database has met with enormous praise from almost all the high end developers with whom we are working). The fact that you still work in Windows 2000, given your enormous level of sophistication, suggests that the OS is doing something right for you at this point.

Will that change? You are very optimistic, I'm much less so. The fact that database developers support Linux is great and I hope to see great things as time passes. Time is passing and I'll remind that you wrote similar things a couple of years ago...things are better now in Linuxland, but we ain't there yet. Lots of things have to happen for Linux to be very successful and reach a critical mass. Many of the niches that are filled in the Windows environment remain to be filled in the Linux world. Meantime, MS isn't sitting idle...for better or worse.

Finally, I can't address non-medical developers. What I was addressing in my note below was that...In the last 6 months I've seen a fairly large subset of the development efforts of a number of the biggest medical software developers in existance...Siemens, GE, and Phillips for example and I didn't see any development for Linux based medical products. The lead time is long for this type of software development...in the 3-5 year range. I did see that all of them were developing in and for Windows. Will that change? I don't know.

I've voted for Linux with hard dollars. I've recently added to my personal collection of *nix "stuff" by adding a Powerbook G4. That added to a linux server, a linux workstation, and assorted other things running *nix...all bought an paid for...I own 2 registered copies of RedHat and one of Suse. I, personally, want to see Linux survive and thrive, but I want to do it in a market filled with excellent, easy to use software. I want more than what I have now in my software world, I want to do less work to get it all to work...I'm happy to pay for it. Will Linux deliver....sure hope so, but I'm not holding my breath.

Mark Huth

"In democracy its your vote that counts.; In feudalism its your count that votes." Mogens Jallberg

I didn't know you had a beard.

Of course I realize that you know the difference between operating systems and applications, but my point was that it's easy to confuse the issues. Most vertical-market ISVs are OS-neutral, in the sense that they're willing to put their applications on whatever operating system(s) their customers demand. Of course, that may or may not be easy. If the application uses something cross-platform like Oracle as a back-end, it's relatively easy to port the application to a different OS. If it depends on Microsoft hooks, it's much harder. Apparently, most medical software falls in the latter category, or it'd be available for Linux already.

As far as the progress of Linux, I think we'd both agree that it's come an awfully long way in the last couple of years. Typically, prognosticators are overly optimistic in the short run and overly pessimistic in the long run. I think that's what's going on here. I've been overly optimistic about the short-term prospects for penetration of Linux in various niches, but I think you're being overly pessimistic in the long term.

Here's one that ended up buried in my junk mail folder for a month before I discovered it yesterday. If you're using an Intel D865GBF motherboard, it's worth reading.

-------- Original Message --------
Subject: D865GBF Motherboard Errata
Date: Sun, 7 Sep 2003 06:22:59 -0700
From: James Cooley
To: 'Robert Bruce Thompson'

Robert,

Ran across this regarding Intel's D865GBF boards and thought you might be interested.

<ftp://ftp.download.intel.com/design/motherbd/bf/C4159703.pdf> (Somehow, it works with my FTP client; but not IE or Netscape 2.02... go figure)

Dated 8/12/2003

Errata:

1. Pinout on Front Panel Audio connector incorrect, Q.V.

2. NOTE The Enhanced mode IDE/Serial ATA BIOS option requires support for resources up to a maximum six devices, and has been tested with Windows 2000 and Windows XP. This BIOS option should be set to Legacy mode when used with operating systems that support a maximum of two IDE channels (four devices).

Regards,

Jim

Thanks. I hadn't encountered that. Barbara uses a D865GBF motherboard in her primary system, and it's in an Antec Sonata case with front-panel audio connectors, but I hadn't bothered to hook them up. As to the other, I'd hope most of my readers are using Windows 2000/XP or Linux by now.

13:57 - I've been looking at the California election results on CNN. If I recall the original election numbers correctly, nearly a million more people voted to remove Gray Davis from office than voted to put him there in the first place, and Schwarzenegger actually received more votes to replace Davis than Davis received when he was elected to the office. That's an extraordinary result no matter how you look at it.

It looks to me as though California taxpayers voted to reclaim their state and their government from the special interests and tax consumers. The question now becomes whether or not Mr. Schwarzenegger will be able to follow through. I suspect he will, although it may be a bloody fight.

14:24 - And, in what is presumably the definitive word on Linux versus Windows, Mark Huth writes:

-------- Original Message --------
Subject: RE: security linux and microsoft in the Register.
Date: Wed, 8 Oct 2003 11:06:41 -0700
From: Mark Huth
To: Robert Bruce Thompson

Actually, I do have a beard...grin. Had it for greater than 20 years.

I've had mine for 32 years now, except for one day. I stopped shaving the day I left for college and haven't done it since, with one exception. In 1981, I was going in for an interview for a job I really wanted. My father convinced me to shave for the interview. I didn't want to, but I finally took his advice. When I sat down with the president of the company, I immediately noticed that his face had an odd fur-like growth. Could it be? Yes, he had a beard. He hired me, and that's the last time I shaved.

I went in to a job interview some years later with a big-name software company. As I sat down with the interviewer, his first words were, "The beard has to go." So it left.

[Top]

Thursday, 9 October 2003

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]

-------- Original Message --------
Subject: fellas, I think this has real merit. Take a look
Date: Wed, 8 Oct 2003 15:17:55 -0700
From: Mark Huth
To: Jerry Pournelle, Robert Bruce Thompson

I think this has real merit

http://www.pfir.org/tripoli-overview

Mark Huth
mhuthATcoldswim.com

"In democracy its your vote that counts.; In feudalism its your count that votes." Mogens Jallberg

[Top]

Friday, 10 October 2003

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]

[Top]

Saturday, 11 October 2003

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]

-------- Original Message --------
Subject: Fwd: Bad news on RPC DCOM vulnerability
Date: Sat, 11 Oct 2003 15:33:48 -0400
From: Robert Bruce Thompson
To: Subscribers

I just received the following from Roland Dobbins on a critical Windows security vulnerability that the MS03-039 patch does not fix.

If you are running Windows 2000 or Windows XP, you need to be aware of this issue and take action to protect against this vulnerability. Note that earlier versions of Windows may also be vulnerable, although Microsoft does not comment on that.

-------- Original Message --------
Subject: Fwd: Bad news on RPC DCOM vulnerability
Date: Sat, 11 Oct 2003 11:56:15 -0700
From: Roland Dobbins
To: Jerry Pournelle, Robert Bruce Thompson

Begin forwarded message:

> From: "VigilantMinds Security Operations Center" > <soc.rpc@vigilantminds.com> > Date: Fri Oct 10, 2003 11:08:12 PM US/Pacific > To: <bugtraq@securityfocus.com> > Subject: RE: Bad news on RPC DCOM vulnerability > > Security Community, > > The following information references a serious security threat to you > or > your organization if the proper measures have not been taken to prevent > its destructive intent. > > Description of Issue > -------------------- > VigilantMinds has successfully validated the claims regarding the > latest > Microsoft Remote Procedure Call (RPC) vulnerability. Specifically, > VigilantMinds has validated that hosts running fully patched versions > of > the following Microsoft operating systems REMAIN subject to denial of > service attacks and possible remote exploitation: > > * Microsoft Windows XP Professional > * Microsoft Windows XP Home > * Microsoft Windows 2000 Workstation > > Although it has not been verified at this time, other versions of > Microsoft Windows are also suspected to be subject to this > vulnerability. > > As with the prior RPC vulnerability (MS03-039), these attacks can occur > on TCP ports 135, 139, 445 and 593; and UDP ports 135, 137, 138 and > 445. > > > Remediation Actions > ------------------- > VigilantMinds has notified CERT/CC and informed the vendor of this > issue. As of this posting, no vendor patch is yet available. > > As a temporary solution, VigilantMinds suggests that firewall rules be > placed on all affected ports for any exposed systems. All external > connectivity (including VPN) should be firewalled actively for > unnecessary incoming RPC activity. > > A Snort signature that will detect traffic patterns associated with > this > attack is below. Note that current Snort signatures may also identify > this attack. > > > Further References > ------------------ > > A Snort signature for this and other versions of the Microsoft RPC > vulnerability: > > alert TCP any any -> any 135 (msg:"RPC Vulnerability - bind > initiation";sid:1; rev:1; content:"|05 00 0B 03 10 00 00 00 48 00 00 00 > 7F 00 00 00 D0 16 D0 16 00 00 00 00 01 00 00 00 01 00 01 00 a0 01 00 00 > 00 00 00 00 C0 00 00 00 00 00 00 46 00 00 00 00 04 5D 88 8A EB 1C C9 11 > 9F E8 08 00 2B10 48 60 02 00 00 00|"; > flow:to_server,established;classtype:attempted-admin;) > > > > ******************************************** > Security Operations Center > VigilantMinds Inc. > > email: soc.rpc@vigilantminds.com > Office 412-661-5700 > Fax 412-661-5684 > ******************************************** > > This e-mail and any files transmitted with it may contain confidential > and/or proprietary information. Any use, distribution, copying or > disclosure by another person is strictly prohibited. It is intended > solely for the use of the individual or entity who is the intended > recipient. Unauthorized use of this information is prohibited. > > ******************************************** > > > -----Original Message----- > From: 3APA3A [mailto:3APA3A@SECURITY.NNOV.RU] > Posted At: Friday, October 10, 2003 10:49 AM > Posted To: Full Disclosure > Conversation: [Full-Disclosure] Bad news on RPC DCOM vulnerability > Subject: [Full-Disclosure] Bad news on RPC DCOM vulnerability > > > Dear bugtraq@securityfocus.com, > > There are few bad news on RPC DCOM vulnerability: > > 1. Universal exploit for MS03-039 exists in-the-wild, PINK FLOYD > is > again actual. 2. It was reported by exploit author (and confirmed), > Windows XP SP1 with all security fixes installed still vulnerable > to > variant of the same bug. Windows 2000/2003 was not tested. For a while > only DoS exploit exists, but code execution is probably possible. > Technical details are sent to Microsoft, waiting for confirmation. > > Dear ISPs. Please instruct you customers to use personal fireWALL > in > Windows XP. > > -- > http://www.security.nnov.ru > /\_/\ > { , . } |\ > +--oQQo->{ ^ }<-----+ \ > | ZARAZA U 3APA3A } > +-------------o66o--+ / > |/ > You know my name - look up my number (The Beatles) > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >

-------- Original Message --------
Subject: Fwd: Bad news on RPC DCOM vulnerability - Part Two
Date: Sat, 11 Oct 2003 15:35:31 -0400
From: Robert Bruce Thompson
To: Subscribers

And here's a follow-on message.

Don't ignore this problem. It's critical.

-------- Original Message --------
Subject: Fwd: Bad news on RPC DCOM vulnerability
Date: Sat, 11 Oct 2003 12:02:48 -0700
From: Roland Dobbins
To: Jerry Pournelle, Robert Bruce Thompson

Begin forwarded message:

> From: K-OTiK Security <Special-Alerts@k-otik.com> > Date: Fri Oct 10, 2003 2:51:22 PM US/Pacific > To: bugtraq@securityfocus.com > Subject: Re: Bad news on RPC DCOM vulnerability > > as confirmed by 3APA3A and security labs, it seems that the public > exploit *works* even if the patch MS03-039 is *installed* > > This is a highly critical vulnerability - users MUST block vulnerable > ports ! > > Regards. > > K-OTik Staff /\\/ http://wwww.k-otik.com > > > >> From: 3APA3A <3APA3A@SECURITY.NNOV.RU> >> >> Dear bugtraq@securityfocus.com, >> >> There are few bad news on RPC DCOM vulnerability: >> >> 1. Universal exploit for MS03-039 exists in-the-wild, PINK FLOYD >> is >> again actual. >> 2. It was reported by exploit author (and confirmed), Windows XP >> SP1 >> with all security fixes installed still vulnerable to variant of >> the >> same bug. Windows 2000/2003 was not tested. For a while only DoS >> exploit >> exists, but code execution is probably possible. Technical details >> are >> sent to Microsoft, waiting for confirmation. >> >> Dear ISPs. Please instruct you customers to use personal fireWALL >> in >> Windows XP. > >

[Top]

Sunday, 12 October 2003

[Last Week] [Monday] [Tuesday] [Wednesday] [Thursday] [Friday] [Saturday] [Sunday] [Next Week]
[Daynotes Journal Forums] [HardwareGuys.com Forums] [TechnoMayhem.com Forums]

[Top]

Copyright © 1998, 1999, 2000, 2001, 2002, 2003, 2004 by Robert Bruce Thompson. All Rights Reserved.