jp.jpg (13389 bytes)

CHAOS MANOR MAIL

Mail 206 May 20 - 26, 2002 

 

HOME

VIEW

MAIL

Columns

BOOK Reviews

read book now

emailblimp.gif (23130 bytes)mailto:jerryp@jerrypournelle.com

CLICK ON THE BLIMP TO SEND MAIL TO ME

 

LAST WEEK                          Current Mail                           NEXT WEEK

  The current page will always have the name currentmail.html and may be bookmarked. For previous weeks, go to the MAIL HOME PAGE.

FOR THE CURRENT VIEW PAGE CLICK HERE

If you are not paying for this place, click here...

Highlights this week:

IF YOU SEND MAIL it may be published; if you want it private SAY SO AT THE TOP of the mail. I try to respect confidences, but there is only me, and this is Chaos Manor. If you want a mail address other than the one from which you sent the mail to appear, PUT THAT AT THE END OF THE LETTER as a signature. In general, put the name you want at the end of the letter: if you put no address there none will be posted, but I do want some kind of name, or explicitly to say (name withheld).

Note that if you don't put a name in the bottom of the letter I have to get one from the header. This takes time I don't have, and may end up with a name and address you didn't want on the letter. Do us both a favor: sign your letters to me with the name and address (or no address) as you want them posted.

I try to answer mail, but mostly I can't get to all of it. I read it all, although not always the instant it comes in. I do have books to write too...  I am reminded of H. P. Lovecraft who slowly starved to death while answering fan mail. 

Day-by-day...
Monday -- Tuesday -- Wednesday -- Thursday -- Friday -- Saturday -- Sunday
 
atomz search

Search: type in string and press return.

 

or the freefind search

 
   Search this site or the web        powered by FreeFind
 
  Site search Web search

read book now

Boiler Plate:

If you want to PAY FOR THIS PLACE I keep the latest information HERE.  MY THANKS to all of you who sent money.  Some of you went to a lot of trouble to send money from overseas. Thank you! There are also some new payment methods. I am preparing a special (electronic) mailing to all those who paid: there will be a couple of these. I have thought about a subscriber section of the page. LET ME KNOW your thoughts.
.

If you subscribed:

atom.gif (1053 bytes) CLICK HERE for a Special Request.

If you didn't and haven't, why not?

If this seems a lot about paying think of it as the Subscription Drive Nag. You'll see more.

Search: type in string and press return.

 

line6.gif (917 bytes)

read book now
This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

read book now

TOP

Monday  May 20, 2002

From Rod McFadden:

Subject: The Edge of England's Sword

Quoth the maven: Quite right. Indeed, I wonder if the Britanno-American sponsoring of Russia into NATO's structure, if not membership, was implicit recognition of the new reality. NATO's second division members might get left behind as the POURNELLE-ESQUE Codominion of the US, UK and Russia takes over. If so, then British thinking is increasingly schizophrenic, unless Blair thinks he can keep one foot in each of the economic and defense camps. The recent flurry regarding the timing of the Euro referendum becomes clearer, but also more indicative of how deeply confused Blair is.

http://englandssword.blogspot.com/  <<The Edge of England's Sword.url>>

Thanks. Interesting: someone actually reads those books.

And on much the same subject:

CoDominium

Greetings Dr. Pournelle,

I have just heard a report that the Russians have turned on the oil faucet to alleviate our oil price increases, and assist our economy. Coupled with the recent warm relations between Bush and Putin this leads to some interesting speculation. Add the recent Russian introduction of a flat tax and at least one pundit saying the Russians are about to become "our closest ally" due to their status an Islamic terrorist target second only to us, begs the question.... When the referendum for joining the CoDominium comes, how would you vote? Any other thoughts?

Working hard to keep my tongue in my cheek.

SF, Jim Ross Major USMC (Retired)

Of course I invented the whole CoDominium story line in 1972 or so. It's "alternate history" now, but there are still a few things relevant...

And then we have:

Subj: Attack of the Clones: A Maneuver-Warfare Perspective

Still you do not understand the full Power of the Dark Side!

The botched assassination attempts were _meant_ to fail. Their purposes were (a) to lead Obi-Wan to the clone army, so it could get connected to the Republic side of the planned civil war, and (b) to disconnect Annakin from the Jedi Masters, and send him on an independent mission before he is really ready, so his journey to the Dark Side could proceed unimpeded.

Everything is proceeding according to Lord Sidious' plan!

And the almost-massacre of the Jedi makes perfect sense, from the standpoint of Maneuver Warfare theory.

The Jedi are masters of the "surgical" strike, of decapitation and disruption, rather than of mass-vs-mass attrition. So the Sith Lords used the classic method for defeating a maneuver-warfare master: suck him in, then cut him off, surround him and annihilate him.

Which, in this particular case, was not carried to completion, because it too was a feint: the main purpose of the exercise was to get the civil war started properly, with full Emergency Powers in the hands of the Supreme Chancellor. The attrition of the Jedi was useful, but secondary.

Do the Secessionists _know_ they are working for the Sith Lord? Does it even _matter_ whether they know, or not?

The stage is now set for Episode III: The Revenge of the Sith. (Or maybe The Triumph of the Sith?)

Rod Montgomery == monty@sprintmail.com

And who knows, perhaps Lucas and his people really are that clever...

And on a more (or less?) serious note:

Hi Jerry,

I'm a devoted fan of your books, follower of the Current View, and long-time Byte column reader. Your comments over the last year about Net bandwidth have caused me to write you this note. I worked with the Internet as a network engineer for over a decade. Although I now work from home (as a textbook author), my experience with the Net is the exact opposite of yours.

I have both a DSL and dial-up connection, and the speeds on both have either remained constant or even improved over the last year. For example, the PDF file you attempted to download from http://www.rand.org/publications/MR/MR1209/  took me only seconds to open.

I suspect you are the victim of an over-booked ISP or some kind of local bottleneck. If you haven't tried a route tracing program that identifies hop speeds from your machine to a particular Web site, I would recommend VisualWare (for a free demo, see http://www.visualware.com/visualroute/livedemo.html ). This should help you find and hopefully eliminate the problem (e.g., switching ISPs).

Naturally, I'm NOT arguing against your point that incentives are lacking to increase Internet Bandwidth. But the fact is that the Net was so over-built during the dot com bubble, it will likely be quite some time before bandwidth becomes a concern. Also, growth in usage has actually leveled off in the USA and, although overseas expansion continues, this trend seems to be having little effect on our traffic in America.

In any event, I hope your phone company puts a switch near your home so you can have DSL access!

Best wishes, don

Don Barker don@donbarker.com www.donbarker.com

Well, I can hope so. If I get DSL or cable modem I suspect many of my problems go away. The satellite has to send a zillion page requests for most pages, and that eats time to the point where the servers often time out. Gaak. And at 56K all kinds of things happen. Sigh.

And  from Roland:

Subject: The Long March

http://news.bbc.co.uk/hi/english/sci/tech/newsid_1997000/1997747.stm 

Inconstant Constants

http://news.bbc.co.uk/hi/english/sci/tech/newsid_1991000/1991223.stm 

The evil men do lives after them, the good is oft interred with their bones...

I disagreed with him on many issues, but respected his mind and work immensely:

http://www.cnn.com/2002/TECH/science/05/20/obit.gould.ap/index.html 

All of interest. I have a few words about Gould in VIEW.

 

 

Sue writes to recommend:

www.debka.com 

The site is running a three-part series titled:

How Much Do US Presidents Know about Terror? Part 3 runs tomorrow.

S.

I find Debka sometimes has material no one else has, but often one can't confirm it from any other source, either; and it's pretty clear where their sentiments lie. Still, it's worth looking at as a source for what to look for...

And Sue later sends:

Jerry-

Here's what a military friend of ours (chopper pilot) had to say about Pt. 3 of the Debka story:

I am supposed to believe that a hijacker ran a heavy airliner out of gas in order to glide to an intended point of landing offshore? Using what body of vast knowledge of airliner ditching techniques?

The airfield at Mogadishu was a couple of miles outside the city. Is it necessary to "plant an operative" inside an American helicopter squadron to tell the bad guys that helicopters are launching, or would standing on the roof of a building a mile away be sufficient to ascertain that a helicopter is taking off during the day?

Fun article to read, probably with some actual facts interspersed in there, but I wouldn't let pursuit of them cut into my movie watching free time. I think tonight we're renting Mel Gibson in "Conspiracy Theory"...

S.

Which pretty well sums it all up. DEBKA may give you some clues on things to look for, but I sure wouldn't accept them as a source.

 

 

Then we have this:

 

Sir - I know you probably get a LOT of mail so I will be very brief and give this link for you to follow up on. I apologize in advance "if" you were already aware of these items - you had never mentioned them NOR had I seen them before.

http://sillydog.org/mshidden.html 

How I discovered it, was my computer got infected by the Klez worm virus and my virus detection software could NOT repair nor delete the files where is was residing which was C:_RESTORE\TEMP which is also NOT visible with Windows Explorer (I was able to repair via a DOS bootable disk) ....... but with some research I came accross the above link.

I think not only will you find it interesting but your readers as well.

Many THANKS and I hope I haven't wasted your time with this email.

Sincerely, Terry

Now Microsoft certainly doesn't create a _RESTORE\TEMP file on 2000, and if you go to that web site it will tell you breathlessly about files that DOS can see but Internet Explorer cannot.

In Windows 98 that's sort of true: that is, if you look at your files in DOS on a Windows 98 machine, there is a folder Windows/HISTORY/HISTORYIE5/ that you simply cannot see in Windows Explorer, or at least I can't. If I do My Computer and open the C: drive, I see WINDOWS/History, and opening that gives me 1 week ago, 2 weeks ago, etc. with options for deleting some of them. HISTORYie5 simply does not exist, even though Windows Commander (which is using DOS) sees it just fine. This is interesting: is there a Microsoft Expert in the house who will explain why, no matter what I do, there is a file I can only know about if I look for it in DOS? 

The web site referenced above says that if you delete the history, it really doesn't go away. I do not find that to be true: if I delete the "three weeks ago" history in IE Explorer, a file vanishes from DOS and doesn't get restored.

The web site, which starts by admitting its anti-Microsoft stance, goes on to great lengths I don't have time to investigate today.  But none of this appears to be true for Windows 2000 and Windows XP. On the other hand, since those aren't DOS based programs, how could you know if there are really and truly hidden files?

Are you suspicious yet? then we have

Okay, this is it.

Microsoft has officially gone too far in my eyes.

In this article on eWeek:

http://www.eweek.com/article/0,
3658,s%253D701%2526a%253D26875,00.asp
 

Allchin basically states that certain parts of Windows are so insecure that if the source code was released to public it would threaten our countries national security and as such certain APIs and code will be carved out under a national security protection clause.

This just makes me sick.

If anything happens now I think the DOD needs to seriously reconsider its use of Microsoft products in any kind of wartime environment.

-Dan S.

Hoo Haw.

Any University can compromise our national security

http://research.microsoft.com/university/ntsrclicinfo.asp 

Oh and corporations can undermine it too:

http://zdnet.com.com/2100-11-527793.html?legacy=zdnn 

Oh and Austria can undermine it too!:

http://www.google.com/search?q=cache:TSJ0SxYGX4QC:
www.microsoft.com/PressPass/press/
2001/Dec01/12-03SharedSourcePR.asp+&hl=en&ie=UTF8
 

I like how this feels less and less now. Microsoft has 40 billion in cash and our government relies on their software for mission critical system in and out of war? Why the hell can't MS spend 5% of their cash reserve on opening their source to the public AND employing an army of open source programmers to help them become secure?

-Dan S.

This is getting a bit ugly. And see below.

 

 

And JoAnne Dow asks

What are the important days to Arabs, particularly terrorist Arabs?

Cheney is declaring that attacks are almost certainly coming. That led me to think of Memorial Day as a potential. However, how much is the Arab terrorist world aware of OUR holidays. 9/11 was not any US day of importance. It was important to the terrorists. It had symbolic meaning for them. What other days of that sort are on the horizon? We should be aware of them and be particularly vigilant on those days as well as our more important symbolic holidays such as the 4th of July.

{^_^}

Which is an astute question.

And JoAnne Dow asks

What are the important days to Arabs, particularly terrorist Arabs?

 

This mirrors my own thinking about what targets might be hit. Living near MacDill AFB, command site for the Afghan war, one would worry that it might be a target -- I would think one would attack the enemy's command center, just as we took out Saddam's command buildings. But this is a war of terror, so American icons are the target. The Pentagon got hit, not MacDill. The average Al Qaeda member doesn't know from Indianapolis or Charlotte or even Houston. Los Angeles, the heart of the corrupt immoral American beast, sin city, land of infidels, etc. I would think the average Middle Eastern person knows New York, LA, Disney World, and DC. Maybe Chicago -- Sears Tower, it was the world's tallest building for a while -- If residential apartments exist in the Sears Tower. But plastic explosive apparently sheds like a Persian cat, so it should be easy to spot concentrations of same in concentrated targets like landmark iconic buildings. 

Just bought a house 20 miles closer to MacDill, so screw 'em. But I may not be vacationing in Europe this fall.

Dave Gemmer 

 

TOP

CURRENT VIEW 

This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

read book now

TOP

Tuesday,  May 21, 2002

On the Microsoft Security issue, Eric urges calm

I'm very hard put to get excited over anything a Microsoft exec says in court. The case descended into parody long ago with no hope of delivering any improvement for the general public. The complaints have consistently been about the wrong things, the examples have ever been about meaningless items, and the solution sought have been wrong. Meanwhile the things that are badly wrong with the industry continue to loom overhead because nobody in the position to change things will acknowledge it.

Even if MS wasn't regarded as especially insecure I'd still be aghast at any mission critical system being dependent on those or any other COTS products. 'Security by obscurity' is iffy when the item is readily avaialble to all for determined hack attacks that are merely impeded not stopped by a lack of documentation. The obscurity approach could have value when a mission critical system doesn't expose anything to the world that is available commercially for prolonged study.

Dan, there is a bit of a contradiction there. Opening the source and then paying people to work on it loses much of the purpose of letting the code out. Hiring a ton of additional programmers is not the solution for anything except royalty checks for the author of 'The Mythical Man Month.' No amount of money can overcome the biggest obstacle to achieving a secure base at MS, which is the pain of transition. Ultimately the only way this is going to work is by breaking a lot of compatibility with existing code and published software. If it was just a matter of throwing a couple billion bucks at the problem and vastly improving their standing in the industry's regard I don't think they'd hesitate to do so. But what is threatened here is more than a bit of cash reserve, the threat goes against a much more important asset: the mountain of software that keeps the vast majority of the world on Windows.

This is one of the places the monopoly accusation falls apart. MS legitimately fears losing that advantage because other companies are waiting to take advantage of such an opportunity. If they truly had the world under their thumb there would be nothing to fear. They need to learn the lesson of Apple's self-inflicted wound, Copeland. They spent years and wasted many resources in a doomed attempt to fix all of aging Mac OS's shortcomings instead of biting the bullet and starting from scratch. Imagine how stronger Apple could be if the equivalent of OS X shipped a couple years earlier.

That painful break must be made at MS. They might as well take advantage of the opportunity and roll out a bunch of planned stuff that would have to be brought in incrementally in the normal course of things.

Eric Pobirs

But Bob Thompson says:

It seems to me that what's significant about all this is not any technical issue, but rather the simple fact that a senior Microsoft executive testified under oath that from a security standpoint Windows is broken and cannot be fixed.

Regardless of the truth or technical merits of Allchin's testimony, he has in effect stated officially and under oath that Windows cannot be trusted. So what now should be the position of those in a fiduciary role in organizations that use Windows and have a legal responsibility to maintain their data securely? For example, what happens if your doctor's records are hacked? If a lawsuit is brought for wrongful release of your private records, how can the doctor defend himself? In the past, his attorney could argue that he'd taken reasonable and prudent precautions to prevent the release of your records. With Allchin's testimony now public record, your attorney could argue, probably successfully, that by continuing to use a known-defective product your doctor had recklessly endangered the privacy of your data.

In Risk Management, the first principle is that if you know about a problem, you have to at least attempt to fix it. If someone is injured because of something you knew about and didn't fix, you're in bad legal trouble. For example, we had our main sewer line replaced last year. The city utilities division had to make a curb cut to install the new line, and a few weeks ago Barbara noticed that the concrete curb and gutter they'd poured had sunk several inches. She called the city, and they sent someone out. I mentioned to the guy that we were concerned because the previous night I'd noticed a woman walking her dog had tripped and nearly fallen on the sunken gutter. "Well," he said, "now that you've pointed that out to me, I have to put up an orange cone to warn people until we get it fixed. Otherwise, we could be sued."

It's the same situation with Windows and Allchin's announcement. Now everyone knows that Windows has a sunken gutter and that the maker of the product admits the existence of the problem, so the next person to trip over it could sue because we were aware of that and did nothing to fix the problem. It seems to me that if I were a corporate Risk Manager, I'd be writing a memo this morning recommending that all of my company's sensitive data immediately be relocated to a more secure operating system.

-- Robert Bruce Thompson thompson@ttgnet.com http://www.ttgnet.com <http://www.ttgnet.com>

And Dan Spisak comments:

I realize I am the somewhat paranoid, Microsoft distrusting, Linux loving guy around here. I have no problems whatsoever with that. You say I shouldn't get overly excited at anything an MS exec says in court. I fully acknowledge the fact that the MS trial is a complete farcical and very likely not going to do much of anything to help the end user and consumer. However, even acknowledging that you still have an MS exec saying under oath that they feel their source code can't be opened up to public review in the trial because they feel it would compromise our national security at home and in Afghanistan! This is under oath! This is either a true statement or Jim Allchin is asking someone to kindly sue him for perjury. If, by some bizarre chance, our government is using an MS Windows product in a battlefield environment then this is a big problem. I, as a taxpaying customer have issues with my government using an insecure product in such a demanding application that its relied upon in a wartime environment. If this statement he made under oath is a true one I would really like to know the details that backup that kind of statement. I wonder if a Freedom of Information Act request would be able to get supporting data to back that claim up if I could just figure out how I would go about doing a request specific enough to get what I am looking for.

My ideas regarding MS spending some of its cash reserve to hire open source programmers to go over its code and do a review & cleanup of it was a bit rash I will admit. You claim that MS can't do any amount of code rewrite to fix it's problems, it needs to dump its entire old codebase and start new like Apple did? However your analysis of what Apple did and what MS should do is a bit off. MS already tried dumping its codebase, it was called Cairo I seem to recall. Apple did mild improvements and updates to its OS 8.X and OS 9.X even while they had OS X out in the wild I seem to recall. Plus, OS X is a BSD-like Unix OS based off the Mach kernel from Jobs days of NeXT and as such isn't really a 100% from the ground up rewrite. Instead what Apple did was take some technologies that had already proven themselves and put a consistent, useable, friendly GUI ontop of that. OS X kicks ass because its the Mac GUI with a Unix BSD-like backend powering it. This gives Apple a codebase that has been through millions of man-hours of code testing, running, review, and deployment in the real world. This is completely different from when MS did Cairo, unless I am to believe that NT was based off of VMS loosely (I forget where I had heard that one from).

So in essence your suggesting MS start over with a "new" OS that in reality is a consistent GUI ontop of a proven OS technology framework like say...UNIX? Hell, I'd buy that where do I sign up? :)

And if Allchin is right about MS source code being public as a threat to our National Security then how come you can get access to it if you are a University, large corporation, or Austria....yet they (MS) can't give it to the court? And if they are serious about this national security spin of theirs then how the hell are they able to get away with letting their source get into so many hands? Do all those people have a security clearance?

I'm just looking for rational explanations and answers to what seems to me the biggest load of BS I've run across in a long time.

-Dan S.

And:

Dan Spisak comments:

"This is completely different from when MS did Cairo, unless I am to believe that NT was based off of VMS loosely (I forget where I had heard that one from)."

According to the book "Showstopper!!" by Zachary Pascal, Dave Cutler from DEC who was a principle architect for the VMS operating system, was brought in to Microsoft to head up the NT ("Cairo") effort. He saw it as an opportunity to bring a secure, mainframe style OS to the masses. He didn't even want a GUI until it was forced on him by the surprising success of Windows. In any case, I would think we can safely call NT, and any operating system beyond sticks and stones, a derivative work to some degree. I am not sure "Starting from Scratch" would yield security in any case, just as starting car designs from scratch does not lead to a better car, but probably one with greater potential at the cost of short term problems and bugs.

 

Marlin Roberts

Clearwater Research, Inc.

Which is not the end of the story. But I point out that long ago, everyone knew that UNIX could be hacked; depending on the version. there were back doors left in UNIX by its academic tinkerers, some long forgotten.

And Peter Glaskowsky has an important comment below.

I suppose it was inevitable:

Subject: And On The Gripping Hand:

I was curious about the origin of this expression, "on the gripping hand," and so I did a google search on the phrase. Not that I failed to get the gist of it, but for me it is a seldom read phrase, and, well, I'm curious. Look what at the reference I found!

I guess you know by now you're very widely read. Strong in the force, eh?

on the gripping hand

on the gripping hand In the progression that starts "On theone hand..." and continues "On the other hand..." mainstream English may add "on the third hand..." even though most people don't have three hands. Among hackers, it is just as likely to be "on the gripping hand". This metaphor supplied the title of Larry Niven & Jerry Pournelle's 1993 SF novel "The Gripping Hand" which involved a species of hostile aliens with three arms (the same species, in fact, referenced in juggling eggs). As with TANSTAAFL and con, this usage one of the naturalized imports from SF fandom frequently observed among hackers.

The Jargon Dictionary - http://info.astrian.net/jargon/terms/o/on_the_gripping_hand.html

Edward

Which proves that The Jargon Dictionary doesn't always know what it is talking about. The metaphor was Larry Niven's, from Motie physiology: they have two manipulating hands on the right side of their body, and on the left they have a strong and well developed hand.

TANSTAAFL was my father's, transmitted from me to Robert Heinlein and used by him, as acknowledged in letters both to me and to reviewers. Ah well.


May 21, 2002

I had two experiences of direct contact with Gould over the years. In one case, I wrote to point out to him that his comments on the Irish famine in the 19th century were based on second hand sources and did not reflect an accurate picture of what happened there. To my surprise, he wrote back and acknowledged my point without too much debate. I had done a fair amount of my doctoral work in this area, so he seemed willing to cede my point on a topic where he really knew little.

The second encounter was years later and had to do with a gratuitous remark he made about accountants when he was writing about Lavoisier!! Yes, Gould could and often did make the strangest connections, some of which were revealing and thought-provoking but some of which were silly. In the case I am referring to, he let his Marxist heritage slip out with a snide remark about the profit motives of accountants. I called him on it, remarking in the process that I had encountered just as many if not more evil and manipulative folks in the halls of academia as I had in my life as a commercial executive. He wrote back and somewhat defensively conceded my point about wickedness and greed being ubiquitous, but then denied that he had meant what he said or about as much.

Gould was really what in the nineteenth century would have been called a natural historian. In those days, figures like Darwin, Lyell, Wallace, Spenser, and so forth were public figures whose views were part of the mainstream intellectual debate. Today, we have too few of this kind. In this respect, he served his greatest role as a gadfly for creationists and other benighted ideologues who would impose their views on public institutions. I recall his visit here to Memphis about ten years ago where a goodly part of his public presentation was taken up with refuting the "representatives of the 16th century" in the audience. But ironically, Gould could be just as obsessive and unresponsive to the facts when it came to sociobiology and the role of genetics in shaping human behavior and capabilities.

In this case, I agree that the good the man did will live after him, while his foibles and very human shortcomings will most likely be forgotten.

Bob Sweeney Memphis, TN

The current trend seems to be to recall the evil. But we will see.

Now for GOOD NEWS!

It looks like they found the reclusive Nigerian wanting to send you money!!!!!

http://zdnet.com.com/2100-1105-918960.html 

Allan Mason BA MpA Financial Analyst

And then we have

Dear Dr. Pournelle,

Transportation Secretary Norman Mineta does not want pilots arming tnemselves to protect their own aircraft. He prefers that armed Air Marshals do the job. This kind of decision reminds me that Attorney General Janet Reno authorized the group of armed thugs that ended up cooking a church congregation in Texas. As I recall the news, the people that trained Reno's Keystone Cops also trained the Air Marshals. I guess Mineta feels he cannot decide who will pilot aircraft, and cannot stand the loss of control. I prefer armed pilots anytime. Besides, they will be on every flight which is more than the air marshals can promise. Mineta can leave any time.

regards,

William L. Jones wljones@dallas.net

Which needs no comment. The pilots want to be armed. The government doesn't want them to be. As usual, we obey Caesar.

Peter Glaskowsky on the Windows question:

It sounds to me as if Allchin is referring to faults in the definition or actual implementation of protocols and APIs embodied in Microsoft code-- not coding faults per se. My thinking is that coding faults could be corrected before the code is released, but protocol and API problems have to be preserved to support interoperability with existing systems.

For example, Microsoft may have designed the Message Queuing protocols to assume that the security validation for one message applies to subsequent messages from the same nominal source, even when there's no guarantee that all the messages came from the same source. Or there could be some sequence of operations built into a Microsoft security API that could be analyzed to reveal information about passwords, if the source code for the operations could be analyzed to explain the significance of intermediate results that are visible on a network.

In these examples, Microsoft may not be able to fix the underlying problems without replacing code on every Windows machine on Earth-- possibly every operating system and every application that uses the affected protocol or API. Microsoft may believe that this solution represents a greater effective cost than simply living with the risk that someone will figure out how to exploit the vulnerability.

They may even be right.

There's an even more sinister interpretation suggested by my colleague Kevin Krewell here at Microprocessor Report-- that the source code might reveal back doors Microsoft has installed in these functions to facilitate remote monitoring by Microsoft or the US government. A government connection would provide a much stronger justification for withholding the source code-- and explain why the government isn't trying particularly hard to persuade Microsoft to release the source code. It would even explain why the government is willing to continue using Windows in many government agencies despite the existence of security flaws: if the government controls those "flaws," it has little to fear from them. I don't really agree with this interpretation, because it's more complex than necessary to explain the facts, but it struck me as entirely possible and worth mentioning here.

Whichever explanation is true-- and especially if they're both true-- if there's a stronger reason to prohibit the use of Windows software for mission-critical applications in systems exposed to the outside world, I haven't heard it. Windows in physically secure networks may be okay, depending on the risks involved, but I'd insist on OpenBSD or some equivalent open-source OS for anything subject to covert attack.

. png

Which gives us a lot to think about. 

Eric Pobirs comments:

This appears to match my opinion on the subject. Spending money on producing patches is not discouraged in Redmond but breaking stuff in a way that compromises market value is anathema.

Given just a few clues there is a standing army out there that will eventually detect every possible avenue of attack. They can either take a massive hit by avoiding the issue until there is no other option or they can minimize the bleeding by getting the needed replacements ready and figuring out how to deploy while generating the smallest possible mob of angry villagers with pitchforks and torches.

"You say he's superhumanly powerful and subject to unpredictable bouts of homicidal rage. Hmmm, yes, we've had a few reports on this and the techs are documenting the problem now. We expect to have a patch available for download very soon. In the meantime be careful with open flame and try not to make any sudden movements. Thank you for calling, buh-bye."

I kind of doubt Krewell's theory if only on the basis that the case has dragged on way too long if there strong incentive during the previous administration for Windows Everywhere (c) as an intel gathering asset. Not to mention that standing army of scrutinizers. Remember the foofarah when the key labeled NSA was discovered a few years ago? I would think that sent a lot of guys on a quest to find evidence for a partnership.

 

 

More from Eric on the operating system question

http://www.theinquirer.net/21050206.htm 

By sheer coincidence this appeared today. Some of his complaint are just whining though. Many of his desires can be achieved if enough people are willing to pay the price for things like large amounts of SSD space to accomodate instant on in a full blown desktop OS. If MRAM scales up well we in a few years see portable that are never rebooted unless absolutely necessary because they can go instantly into and out of a zero power condition while maintaining the state of memory. The memory would also have the admirable quality of only requiring power when it is addressed, not for refressh.

Currently the price and capacity of MRAM isn't up to the task but the companies involved know this would be a huge seller if they can hit their goals.

Arron Rouse longs for the Amiga and the Z88. I liked the Z88 a good bit -- they photographed me holding one in the White House and used that in their ads (for which I didn't get paid, of course; I agreed because I liked the machine) and I like the Amiga. There was also the Atari which attempted a GUI but which had to nerf the menu system because of Apple lawsuits, but even so could have improved the breed.

So it goes.

But I do agree, the security problems make it important that we think again about what we are doing...

I will probably copy all these threads to a special page; it seems we have much more to learn.

g

 

TOP

CURRENT VIEW 

 

This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

read book now

TOP

Wednesday, May 22, 2002

From a correspondent:

Eventually history is going to say rather harsh things about Gould and Lewontin. I was trying to find quotes from them about Marxism and just found this from an article by EO Wilson:

http://www.lrainc.com/swtaboo/taboos/wilson01.html  Excerpt: What was correct political thinking? That has been made clear by Lewontin during the debate and afterward. "There is nothing in Marx, Lenin, or Mao," he wrote with his fellow Marxist Richard Levins, "that is or can be in contradiction with a particular set of phenomena in the objective world." True science, in other words, must be defined intrinsically to be forever separate from political thought. Ideology can then be constructed as a mental process insulated from science.

The good that men do...

 

 

TOP

CURRENT VIEW 

 

This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

read book now

TOP

Thursday, May 23, 2002

I would certainly agree that your average terrorist will not be more than vaguely aware of American holidays, but your average terrorist is going to be of the brainwashed, poor, illiterate variety. The Planners of these acts of terrorism have a strong idea of how America functions and are quite likely to use holiday events "parades" as mass casualty targets of opportunity. The chief terrorists are well aware that THEIR holidays don't have an impact on or lives, so why, with one exception, shouldn't they plan their bombing schedule around our events? The exception to this rule would be the month of September, in which seemingly every Jihad Jonnie remembers the Jordanian purge of the PLO and decides to remind the world. I think this year I'll avoid the July 4th Parades. 

Ben Blatt

Also

Jerry,

The WallStreet Journal today (5/21/02) has an opinion piece by James Woolsey, former CIA head ('93 to '95). He says foreign intel is not likely to help us discern the next attack target because the terrorists can plan their attack here.

He also nominates a talent team to ferret out the next one, and includes Tom Clancy for his ficiton about flying a fueled 747 into a joint session of Congress.

Since your readers are capable of a wide range of analysis, do you suppose we could jointly define the next target?

I expect the terrorists will stay away from military targets, but will attack something that represents America. I am thinking TV, and wondering how much security CNN has?

Jim Dodd LCDR, USN (Ret.) San Diego

And if that isn't enough

From Debka:

"Underlining US bioterrorism fears, the UN’s World Health Organization earlier this week reversed a long-standing order to destroy the world’s smallpox virus stocks by the end of the year, to allow the manufacture of vaccines and develop treatment for the deadly disease.

"The world organization, which seems to be stuck in a pre-9/11 time warp, did not reveal that it was effectively rubber-stamping the secret manufacture of millions of batches of smallpox vaccine by dozens of pharmaceutical factories worldwide. It is being done in readiness for a biological terrorist attack, against which the US government has ordered 500 million doses. Wednesday, May 22, the House passed a $4.4 billion bill to strengthen the nation’s bioterrorism preparedness by stockpiling vaccines and boosting imported food inspections."

And here's the site that supports this claim. The decision was made on May 18th.

http://www.who.int/emc/diseases/smallpox/

Sue

Another thing to worry about. But then we always worried about the pox, and I am not at all sure that we should have entirely discontinued the vaccinations. Wait a couple of generations to be sure...

And then we have

I recall you mentioning going on an expedition to Guatemala with Russell Seitz way back when to look for the ancient jade source.

Well, he's found it. Here's the url:

http://www.iht.com/articles/58656.htm

Henry Vanderbilt

It happens that I was Associate Director of the Peabody expedition back in the 1970's, and there is more than one tale to tell of that one. But we didn't find the stuff. Russell kept at it, and now he has. 

Also from Henry Vanderbilt, on the annual space access conference which I missed this year,

Hi, Jerry - glad you got back from your trip OK. This year's Space Access conference went well - as usual, lots of speakers with interesting things to say, and attendance was up significantly from last year rather than flat or slightly off as I'd expected post 9/11. We must be doing something right. Me, I'm not yet done with my writeup (lots of deferred maintenance getting undeferred) but here are a couple of other people's angles on the event:

http://www.hobbyspace.com/AAdmin/archive/RLV/SAS-2002-Review.html 

http://www.space.com/missionlaunches/marericks_020510.html  (yes, "mavericks" is misspelled in the url - we just cut-n-pastes 'em!)

The short version of my report: Don't count on NASA Space Launch Initiative. They talk a good game on meeting US commercial and military needs as well as flying NASA's missions, and they're putting on a show of exploring a wide range of options - but they've already made up their minds they want to build a great honking unwieldy two-stage "Shuttle II" straight out of their 1970 playbook - no more likely to get the rest of us into space than Shuttle. The giveaway is where they're spending most of their money: On million-pound thrust throttleable LOX-kerosene engines, and on 600,000-pound thrust throttleable LOX-hydrogen engines. There's not much except a Shuttle II that combination is useful for; they're way oversized for practical commercial or military vehicles. Maybe SLI is hoping nobody will notice?

The good news is, investment may for the moment still be hard to come by, but the entrepreneurial startup spacelaunch companies are moving forward, generally with sensible one-step-at-a-time approaches - most at this point are looking at relatively low-cost, quick-development reusable suborbital rocketships, most with an eye on the potential adventure-tourist market as a way to get their foot in the door.

And the good news here is, NASA seems to have spent a little money sensibly: They just had some consultants commission a Zogby poll of rich (>$250K a year income) Americans, and the answer is, yes Virginia there is a space tourism market - a big one.

http://story.news.yahoo.com/news?tmpl=story&cid=585
&ncid=753&e=7&u=/nm/20020521/sc_nm/space_poll_dc_1
 

Almost a million Americans make more than $250K a year. Run the Zogby numbers conservatively, assume not all of them really meant it, assume prices will drop after the initial "early adopter" premium, and the poll still indicates a market in the billions for suborbital adventure rides, and in the tens to hundreds of billions for orbital tourist hotel stays - and that's just the US market.

There's now officially money to be made, lots of it - we just might get our radically cheaper space access sooner than we expected.

Henry Vanderbilt

The price of a Contestoga wagon with tam, rifles, plow, supplies, seeds, etc., at Independence Missouri for the jumpoff to the Oregon Trail was about $100,000 in today's dollars. One may assume that space settlers will be able to bring similar amounts to the table...

In a different vein

I followed a link on your web page and found this. 

" The New Indian Killer A Hollywood leftist tries to ban Native American mascots.

By David Yeagley

I thought the Indians wars were over, and we Indians could catch our breath, realizing a small number of us had actually been spared. Alas, a new political initiative threatens the final eradication of the American Indian. "

 http://www.taemag.com/hotflash.htm 

Tom Weaver --

But you're not politically correct! Jackie Goldberg is the most politically correct person in California...

Niven and Barnes had better ask for royalties on this one. Dream Park is advancing. Check out:

http://wearables.unisa.edu.au/projects.php 

for their efforts at "Augmented Reality Quake".

David P.

Plus four parry...

And we have a couple of interesting links from Roland:

http://mars-sim.sourceforge.net/ 

http://www.wired.com/news/digiwood/0,1412,52700,00.html 

And then from Bob Thompson another warning:

Microsoft announced yet another critical Windows vulnerability yesterday. This one is another "take-me-I'm-yours" flaw that allows an attacker to gain absolute control of the computer. It affects Windows NT 4 and Windows 2000. Full details and a patch are available at http://www.microsoft.com/technet/
treeview/default.asp?url=/technet/security/bulletin/ms02-024.asp
  

If you're running Windows NT 4 or Windows 2000, this is definitely one you want to fix.

-- Robert Bruce Thompson thompson@ttgnet.com http://www.ttgnet.com <http://www.ttgnet.com>

From Jim Warren:

 Have things really come to THIS?! 

http://www.coincidencedesign.com/ 

Which is in fact an interesting web site. It purports to help you meet the girl of your dreams, by doing research on her habits and arranging coincidental meetings, object matrimony. Expensive and results not guaranteed.

But, we later learn from Jim Warren

Just to follow up ... from a friend. --jim

> > Have thing really come to THIS?! http://www.coincidencedesign.com/  > >OK, I'll tell you: it's a put-on. But a quite well done one! > > http://www.snopes2.com/inboxer/hoaxes/stalker.htm   > http://alternet.org/story.html?StoryID=12236  

Which is actually disappointing. I know a couple of people who might have paid the price for the service...

 

 

TOP

 

CURRENT VIEW 

 

This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

read book now

TOP

Friday, May 24, 2002

 

 

Busy. Busy. E3 then Niven

 

 

TOP

CURRENT VIEW 

 

This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

read book now

TOP

Saturday, May 25, 2002

Begin with a tale

Hello Jerry,

I have been reading your column for years. I am also very fond of the SF books you have writen with Larry Niven. Below is something that happened to me a couple of days ago that I think you may want to share with your other readers.

Greetings

Cosimo Stufano.

My registry was corrupt. Of course I did not know it at first. I only knew that partway loading through windows there was a blue screen with some error message on it. Before I could read anything the screen went blank again and the computer rebooted. And so on endlessly. How to find out what was happennig? Booting form the CD to the recovery console and running chkdsk produced no errors. Booting form the hard disk even in safe mode or with command prompt only resulted in the unredable blue screens and the auto-reboot. Then I got an idea: my digital camera. After several tries, I finally got a picture of the vanishing blue screen. Now after booting Linux I could finally look at the error in the face:

STOP: c0000218 {Registry File Failure} The registry cannot load the hive (file) \SYSTEMROOT\System32\Config\SOFTWARE or its log or alternate

A search of Microsoft KB produced article (Q307545):

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q307545 

which explains how to do a manual System Restore and allowed me to get my computer is up again, having only lost the changes made in the last week (including the last patch of internet explorer). Why cant Microsoft make Windows stop after a BSOD to allow reading the message?

I had and am having much the same problem; see the upcoming column. Thanks!

Dear Dr. Pournelle,

Apologies if you've already seen the following reference. In light of recent discussions regarding the alleged insecurity of Microsoft Windows in critical defense applications, I thought you might find the following an interesting counterpoint. Not happy enough with bad-mouthing open-source software in the general computing world, it seems that Microsoft is actively campaigning to have the Pentagon prohibit use of open-source systems.

"Open-Source Fight Flares At Pentagon Microsoft Lobbies Hard Against Free Software"

http://www.washingtonpost.com/
wp-dyn/articles/A60050-2002May22.html
 

Well worth reading, and thanks!

Roland on Grand Theft Identity:

http://www.sacbee.com/content/news/
story/2873199p-3687577c.html
 

Ugh.

Also from Roland, a Memorial Day lesson:

http://www.nationalreview.com/hanson/hanson052402.asp 

Thanks.

Ed Hume sends the following cheerful reference:

Supernova poised to go off near Earth

From http://www.newscientist.com/news/news.jsp?id=ns99992311 

10:30 23 May 02

Exclusive from New Scientist Print Edition

A student at Harvard University has stumbled across the terrifying spectacle of a star in our galactic backyard that is on the brink of exploding in a supernova. It is so close that if it were to blow up before moving away from us, it could wipe out life on Earth.

Fortunately we may have a million  years or so.

And don't miss this one:

I sent you this several weeks ago but I think you were in the midst of back to back trips and got lost.

There is a excellent space simulator similar in spirit to Microsoft Space Simulator. It sports both modern graphics and customizable space craft. You can create your rockets through text based config file or through an extensive DLL Api.

You can find the site at http://www.orbitersim.com 

I have built add-ons simulating the Gemini and Mercury spacecrafts at http://www.alltel.net/~estar/orbiter.html .

I also wonder if you have the statistics on the DC/X and/or know somebody with a 3DS model of the rocket. I am planning to write an add-on based off of it in the near future.

Thank You

Rob Conley

Thanks. Having worked on Mercury and Gemini I find that fascinating...

From Rom Holsinger

http://www.freerepublic.com/focus/
news/687834/posts?page=78#78
 

 

"Flights were continuing but delays were reported."

Okay, I think I'm beginning to understand our airport security system,
 but let me just run through some hypothetical scenarios to make sure:

Incident                                                                                         Response
 Grandma carries knitting needles into waiting area        Evacuate terminal 
Guy runs up the down escalator                                           Evacuate terminal 
Somebody spills a packet of Sweet'n'Low                            Evacuate terminal

 Turbanned gunman screams "Allahu akhbar!"
 and opens fire with shotgun                                                 Flights continue. 
                                                                                                     Business as usual.

That about sum it up?

78 posted on 5/22/02 5:18 PM Pacific by Fabozz

http://www.theneworleanschannel.com/no/
news/neworleansnews/stories
/neworleansnews-147542920020522-160502.html
 

Hurrah for Panetta and logic. Hurrah. Hurrah.

 

 

 

TOP

 

CURRENT VIEW 

This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

read book now

TOP

Sunday,

 

Lakers Game

 

  TOP

CURRENT VIEW

 

birdline.gif (1428 bytes)