jp.jpg (13389 bytes)

CHAOS MANOR MAIL

A SELECTION

MAIL 118 September 11 - 17, 2000

 

read book now

HOME

VIEW

MAIL

Columns

BOOK Reviews

emailblimp.gif (23130 bytes)mailto:jerryp@jerrypournelle.com

CLICK ON THE BLIMP TO SEND MAIL TO ME

  The current page will always have the name currentmail.html and may be bookmarked. For previous weeks, go to the MAIL HOME PAGE.

FOR THE CURRENT VIEW PAGE CLICK HERE

If you are not paying for this place, click here...

IF YOU SEND MAIL it may be published; if you want it private SAY SO AT THE TOP of the mail. I try to respect confidences, but there is only me, and this is Chaos Manor. If you want a mail address other than the one from which you sent the mail to appear, PUT THAT AT THE END OF THE LETTER as a signature.

I try to answer mail, but mostly I can't get to all of it. I read it all, although not always the instant it comes in. I do have books to write too...  I am reminded of H. P. Lovecraft who slowly starved to death while answering fan mail. 

Day-by-day...
Monday -- Tuesday -- Wednesday -- Thursday -- Friday -- Saturday -- Sunday
 
atomz search

Search: type in string and press return.

 

or the freefind search

 
   Search this site or the web        powered by FreeFind
 
  Site search Web search


Boiler Plate:

If you want to PAY FOR THIS there are problems, but I keep the latest HERE. I'm trying. MY THANKS to all of you who sent money.  Some of you went to a lot of trouble to send money from overseas. Thank you! There are also some new payment methods. I am preparing a special (electronic) mailing to all those who paid: there will be a couple of these. I am also toying with the notion of a subscriber section of the page. LET ME KNOW your thoughts.
.

If you subscribed:

atom.gif (1053 bytes) CLICK HERE for a Special Request.

If you didn't and haven't, why not?

If this seems a lot about paying think of it as the Subscription Drive Nag. You'll see more.

Highlights this week:

Search: type in string and press return.

 

LAST WEEK                             NEXT WEEK

line6.gif (917 bytes)

 
This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

TOP

Monday  September 11, 2000

Tons of mail collected. Short shrift again...

Dear Mr. Pournelle,

I have long been a reader of your various writings, and I am pleased to be able to offer some information which may be of interest regarding serial mice under Windows 2000, which you discuss in your latest BYTE column. To quote your column, "...it became apparent that Microsoft does not include serial mouse support in Windows 2000! The only way to get a serial mouse to work is to install Microsoft's Intellipoint 3.1 software with the mouse plugged in and active...". This has not been my experience; I am still fairly new to Windows 2000 but in the course of my work and home "learning-the-hard-way" (which includes literally hundreds of Windows 95 / 98 installs, and now approximately 40 Windows 2000 installs on a variety of desktops and laptops) I can confidently tell you that Windows 2000 DOES support serial mice. Not too long ago I installed Windows 2000 on my old home PC, which is a P133 with 64MB of RAM, upgraded in bits and pieces from my original Commodore-brand 486. I was curious to see how Windows 2000 Professional would perform on this old machine, which is at the bottom end of Microsoft's recommended standard. Now, while it took me a little while to get the Diamond Stealth II S220 video card running properly using NT drivers, I never gave the mouse a second thought - Windows 2000 detected and supported my old MS serial mouse during installation, with no tweaking required whatsoever.

Yours,

Laurence McLaughlin

Apparently this is all true and the problem is with SONY laptops and Windows 2000. We are still looking into this.

Jerry,

I also have been dealing with a Sony laptop... Their stupidity gets worse...

I have the PCG-XG29K which comes with Win2K pre-installed... Since I have been in the business for over 13 years I always scratch and re-load my machines when I buy them. SO I tried the same with this one and found some serious gotcha's. First Win2K has no idea what to do with the video or sound driver... I thought no problem I'll just download from the net... Wrong. Sony will not publish individual drivers on their support page and if you go to the manufacturers home page you can't find it either. Also the "Application restore CD's" will only work with the "System" restore cd's... Which of course lays down things they want they want them...Fat32 and 2 logical drives. After several hours of gyration I finally broke down and called Sony Tech support. Where I was promptly told they do not condone this action... And it will violate my warranty... When asked why they did this I was told that it will keep their support costs down... Needless to say I have fixed the laptop the old fashioned way... I put their image back down and then proceeded to remove all those crappy apps... and also I then converted to NTFS... I'm finally at the point where it works beautifully and I no longer have those cycle stealing apps loading in the background. Time to make an image so I can restore to this way again without spending 8 hours doing it.

Good Luck with Larry's Sony....

Nick Hayes

Alas. Had we known. We'd have got Niven a Compaq. Ah well.

And Russel Kay says:

Ken Davidson asked about a PDA with keyboard for writing in strange places. I too like the NEC 780, but if he truly wants wordprocessing primarily, I'd strongly suggest he look at the Psion 5; Incredibly large, useful keyboard for a tiny machine. Screen is adequate, and it has a bunch of other PDA functions. It's neither PalmOS or WinCE, but nicely done.

The key board is still a bit small for me but many love it.

HI Jerry!!

About Direct CD.... It works fine with my win2000, but be sure to have version 3,01 or later. The only problem I have is that I have to disable the drive in Device Manger in order to put my computer on standby otherwise it will lock up win2000.

Another big problem that concerns Adaptec and the new Windows Media Player 7 is that if you install the Adaptec plug in that comes with the Media Player 7 at the the same time that you have Direct CD or Easy CD Creator installed, you will loose access to your CD drives. Check Adaptecs and Media Plyer 7 homepages for more details.

Thanks for a great column. :-)

Greetings from Copenhagen, Denmark ---------------------------------------------------

E-mail: henrik@riborg.com 

I have given up on Direct CD which doesn't accomplish anything I need anyway; CD-RW as if it were a disk drive is a technology whose time went by before anyone noticed it. For me anyway. I use NERO BURNING ROM to burn CDROMS and the heck with the rest. If I want R/W I use DVD-RAM.

Dear Dr. Pournelle:

A question I have about the whole e-book issue is why the cost structure is so bizzare. I recognize that older texts would have to be keyed in. However, I assume that any book or maganzine produced in the last 10-15 years at least is already in electronic form. The marginal costs of refomatting for e-books or CD-ROM for that matter (porting over and proofing) cannot be that great. It is my understanding that the publisher sells to distributors, etc. for between 40% to 50% of cover price. Beyond that, my knowledge gets less certain, but that the actual cost of production per book or maganzine is between 5% to 10% of the cover price.

I know that a publisher may not want to undercut hard and paperback sales with lower priced e-books, but I think that the situtation could be similar to shareware. I might download a reasonably priced e-book in the airport to take my mind off the travel agent who booked me on United, like it and then buy the hardback when (if) I get home. Or more likley, if I live in Bucksnort, Tennesee and see a book that I want to read, but not enough to drive an hour and a half one way to the nearest large bookstore, or wait 3-5 days for bn.com or Amazon.com to delever it , since I well may not have the time to read it later or even the inclination to pay $30+ for a book I may not like once I get into it.

Even if its never practical to do first run e-books, publishers are missing a bet about using the e-book format to keep otherwise out of print titles alive. For example, on penutpress.com I discovered the other volumes of a SF series long out of print that I had never been able to find. While I till think the price is a little high, its in the range of reason. Production and "storage" costs are nill and almost every sale is pure profit for all concerned.

Of course, the area that I really think would benefit from E-books are schools; primary, secondary and beyond. I understand that the average cost of a law text is $50 to $80.00 per class. Medical books are even more (student doctors get more color pictures than lawyers). Even figuring in the cost of a reader (I envision somthing like the handheld slate sized computers that allow for pen imput) It would be cheaper in the long run than spending $500-$800 per semester for books that may not even be resellable in a year because of the pace of technical change. It will certainly be lighter than carrying a lot of books around.

Rick Cartwright

Good points. I address some of this issue in upcoming columns. Thanks.


Jerry, I see there's Yet Another Security Hole been found in Outlook. I'm not surprised. First, all the e133t hax0r dudz are focusing on it, simply because so many people use it. Second, I've no reason to think Microsoft is going to make much, if any, effort to plug it. Considering that the Lovebug used the same vulnerability Mellissa used a year earlier, even though Outlook had been "upgraded" in the mean time, there's little hope of their doing anything about it. Of course, the script kiddies will exploit it because all they know is how to use things better people have discovered; they don't have the ability to fine things like this on their own.

There is, of course, a simple way to avoid this problem: don't use Outlook. Use some other program, written by people that test their products correctly and patch bugs in a timely manner. At work I use Eudora. When everybody else was panicing over the Lovebug, I was laughing at them. Being techs, they should have known how insecure Outlook is and avoided it, but they took the path of least resistance and used what was preinstalled rather than taking the time to get good email client. The way I look at it, anybody that doesn't abandon Outlook as fast as they can has no reason left to complain; we've all had more than enough warning. 

--- Joe Zeff The Guy With the Sideburns 

If you can't play with words, what good are they? http://home.earthlink.net/~sidebrnz

You have a point. I use OUTLOOK because of the rules, but I got bit by Melissa, too.

 

 

TOP

 

This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

TOP

Tuesday, September 12, 2000

More short shrift I fear.

Outlook and Outlook Express are inexcusably insecure and I strongly recommend that my customers not use them. I recommend Pegasus, Netscape Messenger (not the greatest email software, but "good enough" form most people, including me) or Eudora. However, a few insist on using Outlook, so I have tried to reduce the risk. Shortly after the Melissa worm came out, I saw a recommendation somewhere to disable VBS by changing the file association in explorer to notepad.exe. Since I have never seen a legitimate use for VBS in most of my customers' operations, I have done this. I knew it was helping when I got a call from a customer asking why he got a bunch of gibberish (which was the VBS code for the Lovebug worm) in notepad when he clicked on a file attachment.

Rick Samuels

Good advice and I have changed that association. Opening in Notepad is safe in general because it is too stupid to run macros. Which in this case is an advantage.

Dear Dr. Pournelle,

Rick Cartwright wrote:

>>> >>> Of course, the area that I really think would benefit from E-books are schools; primary, secondary and beyond. I understand that the average cost of a law text is $50 to $80.00 per class. Medical books are even more (student doctors get more color pictures than lawyers). Even figuring in the cost of a reader (I envision somthing like the handheld slate sized computers that allow for pen imput) It would be cheaper in the long run than spending $500-$800 per semester for books that may not even be resellable in a year because of the pace of technical change. It will certainly be lighter than carrying a lot of books around. <<< <<<

It would appear that if Vital Source Technologies (http://www.vitalviewer.com) get their way, students will still be paying heavily for electronic books, with the added burden that they will be time-limited and therefore unsellable, not to mention unreadable by the original purchaser should s/he wish to refer back to them later.

Leaving aside the paranoia of the Slashdot crowd, this does seem to raise an awful lot of questions over the future of publishing. We may prefer paper books; but what if a work is only available in an electronic, pay-per-view, time-limited format? The opportunities for historical revisionism alone are troubling.

Regards,

Harry Payne

Yes. Things will sort out. I have much about this in the September column (not up yet, just finished it).

Dear Jerry:

In your byte.com column this week, you mentioned Larry Niven’s problems with his switch box and a non-standard PS/2 mouseport. You said that you had no experience with a USB switchbox. I have been using one for about six months now and can tell you that they do work. There are some upsides and downsides.

Upsides:

You have a 4 port USB hub that is switched along with the video. You can attach any USB device such as a keyboard, mouse, zip drive, modem etc. You can even attach another hub for more devices. You can leave a regular keyboard and mouse hooked up so that the computer is not confused on boot up.

Downsides:

You have to wait 10-20 seconds when switching computers for the new computer to recognize the USB devices. If you have W2K and a drive (i.e. zip drive) attached to the USB KVM, W2K will issue a warning about not shutting down the drive prior to removal. (At least this happens to my ThinkPad 380XD when the USB Zip drive is removed.) Win98 does not mind.

All in all, I would say that the USB Keyboard-Video-Mouse switch is Good Enough.

Larry Bayern Bavaria9@home.com

I would go mad with a 10 second delay. Fortunately the ICS-124 CPU Switch I have doesn't seem to care about red-eye mice and works fine with them.

Dear Jerry

I thought you might be interested in this technet article I just got from Microsoft.

Fatal Exception Error Is Displayed in the Vredir.vxd File on Windows 95 and Windows 98 Client Computers

----------------------------------------- The information in this article applies to:

Microsoft Windows 95 Microsoft Windows 98 Microsoft Windows 98 Second Edition

-------------------------------------------------

SYMPTOMS In Windows 95 or Windows 98, when you attempt to access a shared CD-RW disc over the network, you receive a fatal exception message in the Vredir.vxd file. Occasionally, you may be able to successfully access the share, but you may receive a fatal exception error message shortly after you gain access.

CAUSE This behavior can occur because Adaptec DirectCD versions 2.0, 2.0a/s, 2.5a, and 2.5d, that are often bundled with the HP CD-Writer, write volume labels in Microsoft Windows NT in such a way that Windows 95-based and Windows 98-based client computers cannot read them properly. This error does not occur with Windows NT clients.

This behavior has not been reproduced with commercial CD-ROMs or with closed CD-R discs.

RESOLUTION This behavior has been resolved in Adaptec DirectCD version 3.0 and later.

MORE INFORMATION The third-party products discussed in this article are manufactured by vendors independent of Microsoft; we make no warranty, implied or otherwise, regarding these products' performance or reliability.

Additional query words:

Keywords : kberrmsg win95 win98 win98se Version : WINDOWS:; Win2000:95 Platform : WINDOWS Win2000 Issue type : kbprb Technology :

Dean Peters

Thanks.


 

 

>Subject: FW: CNAP CHANGE OF COMMAND SPEECH// > > >> All, >> Thought you might enjoy a recent change of command speech by ADM >Nathman. He's the incoming 3-star Commander Naval Air Forces Pacific. Short,sweet and to the point...printed in its entirety below. No hello's, no thank you's. Stood up, gave the speech, sat back down, then released it via naval message to all PacFleet. The speech was given the day after VP Al Gore said all was well in the military, and was printed the next day in the San Diego paper. >> >> -----Original Message----- >

>> >> ADMINISTRATIVE MESSAGE >> >> ROUTINE >> >> R 241430Z AUG 00 ZYB PSN 684360E27 >> >> FM COMNAVAIRPAC SAN DIEGO CA//N00// >> >> TO AIG 308 >> >> UNCLAS file://N05000// >> >> MSGID/GENADMIN/COMNAVAIRPAC// >> >> SUBJ/CNAP CHANGE OF COMMAND SPEECH// >> >> RMKS/1. MY INTENT WITH THIS MESSAGE IS TO FORWARD THE CNAP >> CHANGE OF COMMAND SPEECH BY VADM NATHMAN SO THAT ALL THE >> LEADERSHIP HAS A COPY. I'VE EDITED OUT THE PERSONAL WELCOMES >> TO PROVIDE YOU THE CORE THEME. W/R HAEFNER >> >> 2. QUOTE: MY SPEECH SHOULD BE AND WILL BE SHORT. THERE ARE >> TWO FUNDAMENTAL ISSUES WE SHOULD UNDERSTAND - DEMAND AND VALUE. >> LET ME EXPLAIN... >> THIS NATION, ITS PRESIDENT AND ITS CITIZENS, DEMAND GLOBAL >> STABILITY-DEMAND A WORLD INCLINED TO DEMOCRATIC IDEALS AND >> COUNTRIES THAT WILL PROTECT THE RIGHTS OF THEIR CITIZENS. THERE >> IS A VALID NEED FOR A GLOBAL ECONOMY, ONE THAT THE UNITED STATES >> INTENDS TO LEAD. THERE'S A NEED FOR CONSTRAINED OIL PRICING. >> THERE'S A NEED FOR A COMMUNITY OF NATIONS THAT CAN DEAL EFFECTIVELY >> WITH ROGUE STATES AND BULLIES - THIS IS WHAT THE U.S. NAVY DOES. >> THE VALUE OF THE NAVAL SERVICE IS ITS WILLINGNESS TO DO ITS >> DUTY TO MEET THE NATION'S DEMANDS. WE WILL BE ASKED, NO ORDERED, >> TO TRAIN, DEPLOY AND ENGAGE. WE ENGAGE DIPLOMATICALLY WITH OUR >> FORWARD PRESENCE AND, IF NECESSARY, IN COMBAT TO SUSTAIN THOSE >> DEMANDS. IS IT NOT RIGHT THEN THAT OUR MEN AND WOMEN HAVE DEMANDS >> TOO? ISN'T IT RIGHT THAT THE PILOTS AND AIRCREW WE SEND DAILY INTO >> HARM'S WAY HAVE MODERN AND CAPABLE AIRCRAFT. ISN'T IT RIGHT THAT >> OUR YOUNG MEN AND WOMEN EXPECT TO WORK IN EFFICIENT, CLEAN, CONNECTED >> AND EVEN NEW HANGERS AND WORK SPACES. ISN'T IT RIGHT THAT MY NAVAL >> AIR FORCE BE SUSTAINED AT LEVELS WHICH SUPPORT OUR OPERATIONS AND >> TEMPO. ISN'T IT RIGHT THAT OUR SAILORS AND THEIR FAMILIES ARE PAID >> ENOUGH TO LIVE IN DIGNITY. TO ME, THE FACT IS THAT WE HAVE REACHED >> SUCH A LOW LEVEL OF FUNDING IT WILL SOON BE IMPOSSIBLE TO MEET THE >> EXPECTATIONS OF THIS NATION IN EXECUTING OUR OPERATIONAL TASKS AND >> COMPLETING THE MISSION. THERE IS A FUNDAMENTAL DISCONNECT BETWEEN >> THE VALUE WE PROVIDE AND THE WILLINGNESS OF THE RICHEST NATION ON >> EARTH TO PAY FOR ITS DEMANDS.IT IS OBVIOUS-THE NAVAL SERVICE IS >> UNDERVALUED. THIS IS THE CHALLENGE-IT MUST BE RESOLVED. UNQUOTE.//

I don't think I should comment here.

TO SKIP TO THE END OF THIS CLICK HERE

From: Stephen M. St. Onge saintonge@hotmail.com 

Subject: Republic and Empire, part two: SDI references

Dear Jerry:

Here's the second set of references concerning "Republic and Empire." These are on the subset of the problem concerned with Missile Defenses. I'll have the third and hopefully last set REAL SOON NOW, on general "Republic and Empire" topics.

A question and a comment.

The question: What's a Thoth missile? Thor I know (it's described in Footfall, after all), but the only references I can find to Thoth in web searches are concerned with the Egyptian mythology and some computer game.

The comment: In preparing this list, I noticed the statement that The Strategy of Technology was denounced by name in the Soviet military press. God, what an honor.

The list: The first part is special reports, debates, and alt mail, grouped more or less by subject. The second is regular View and Mail citations, arranged chronologically. A one line descriptor is after each. Some are only indirectly related to the subject of missile defense, but I errred on the side of inclusion (and if anyone thinks they see something that's not here that should be, write me).

http://www.jerrypournelle.com/sot/sot_1.htm  Text of The Strategy of Technology, passim; much on missile defense

http://www.jerrypournelle.com/slowchange/SPACECOVER.html 

space report pages home page; much on getting into space cheaply and reliably

http://www.jerrypournelle.com/debates/secondrev.html 

http://wwwjerrypournelle.com/debates/respond2rv.html 

Essay, The Second Computer Revolution, and responses to same

http://www.jerrypournelle.com/debates/nasa-sdi.html 

Spinrad in Le Monde, in re SDI, NASA, Reagan, with discussion and replies

http://www.jerrypournelle.com/alt.mail/altmail1.html 

Letter from Jim Dodd

http://www.jerrypournelle.com/alt.mail/altmail5.html#China 

Is this treason? section

http://www.jerrypournelle.com/alt.mail/sdi.html 

dialogue on SDI

http://www.jerrypournelle.com/reports/jerryp/taiwan.html 

Taiwan and the Two Chinas, Intellectual Capital Essay

http://www.jerrypournelle.com/reports/jerryp/rotary.html 

Rotary Rocket Rollout

http://www.jerrypournelle.com/reports/special/Sponable1.html 

Jess Sponable on "The Next Century of Flight"

http://www.jerrypournelle.com/reports/special/sdi1.html 

Trent Telenko’s essay on missile defense

http://www.jerrypournelle.com/ancient/mail1.htm 

letter from Jim Jacobus

http://www.jerrypournelle.com/archives/archivesview/view6.html 

How Jerry won the Cold War

http://www.jerrypournelle.com/archives/archivesview/view30.html#disquisition 

http://www.jerrypournelle.com/archives/archivesview/view40.html 

http://www.jerrypournelle.com/archives/archivesview/view60.html#disquisition 

On Stefan Possony and the Seventy Years War

http://www.jerrypournelle.com/archives/archivesmail/mail31.html 

letter from Donald W. McArthur on Vannevar Bush

http://www.jerrypournelle.com/archives/archivesmail/mail53.html 

Space Access Society Paper

http://www.jerrypournelle.com/archives/archivesmail/mail58.html 

letter from Chris Pierik, re to Spinrad article and to Space Access Society

http://www.jerrypournelle.com/archives/archivesmail/mail59.html 

letter from georgebrown@worldnet.att.net

http://www.jerrypournelle.com/archives/archivesview/view61.html 

comment on end of Cold War as heard at the Hollywood Bowl

http://www.jerrypournelle.com/archives/archivesmail/mail76.html 

Refererence site: Acronym Finder Webmaster 

http://www.AcronymFinder.com/ 

http://www.jerrypournelle.com/mail/mail87.html 

letter from Ray Van De Walker on China’s strategy of Technology,

http://www.jerrypournelle.com/mail/mail91.html#grenade 

Letter from Trent Telenko, HOLY NUCLEAR HAND GRENADE OF ANTIOCH

http://www.jerrypournelle.com/view/view92.html 

Possony’s birthday, and two comments on website article by Robert Parry slandering Reagan; Parry site attempts to plant cookies on your machine

http://www.jerrypournelle.com/mail/mail96.html 

letter from Trent Telenko

http://www.jerrypournelle.com/view/view100.html 

A Bit About Strategic Defense

http://www.jerrypournelle.com/mail/mail100.html#SDI 

letter from Dafydd ab Hugh

http://www.jerrypournelle.com/view/view102.html 

book, "Way Out There in the Blue" by Frances Fitzgerald, a purported history of the Strategic Defense Initiative.

http://www.jerrypournelle.com/mail/mail102.html 

letter from John Hendrickx

http://www.jerrypournelle.com/mail/mail104.html 

letter from St. Onge

http://www.jerrypournelle.com/mail/mail106.html 

Trent Telenko’s essay on missile defense, letter from George Laiacona

http://www.jerrypournelle.com/mail/mail107.html 

letter from St. Onge

http://www.jerrypournelle.com/mail/mail110.html 

letters from Jeff G. Newell, Dafydd ab Hugh

http://www.jerrypournelle.com/science/cochran.html 

discussion between Carol Iannone Greg Cochran

Best, Stephen

Thanks. I will copy this to the appropriate page as well. Thoth was a code word for a kind of missile developed and proposed by the Boeing Company in about 1962. I was on the proposal team.


THE SONY SITUATION

Dr.Pournelle,

I work as a support tech for Mobility Electronics, makers of port replicators and docking stations.

Recently we began to get reports from users who when attempting to install one of our universal port replicators ,in any O/S on the PCG sub-series of Sony Vaio notebooks, were unable to get the serial ports to function at all.

The problem was traced to a lack of legacy port support on the new Vaio PCG series notebooks. Currently Sony is working on a fix for this, but as yet there is no ETA for a patch.

From what you describe this may be a related issue to your serial mouse concern.

Regards, Rev Chris Boatright Tualitan, OR.

p.s. Just picked up Storms of Victory and thus far it is a great read. Funny thing is it has a library book card inside (used bookstore) that has a book title "The City of Fire" by. Grace Livingston Lutz (1865-1947). Of course you see the obvious similarity to a current project of yours. I got a bemused chuckle out of it.

Thanks. I guess we leaped to the wrong conclusion, although the information Sony gave us helped mislead us. For the record, my ICS-124 CPU Switch handles Microsofe Optital Mice (redeyes) on the PS/2 port splendidly. I suspect they supply some extra power but I don't know;  I just know it works. I'm going to try one at Niven's next chance I get.

 

 

TOP

 

This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

TOP

Wednesday, September 15, 2000

Dear Dr. Pournelle:

I would have written this directly to Mr. Payne but his e-mail address was not included in his post. West Publications is already time limiting access to case reporters on CD-ROM. If you don't keep up your subscription, you quit getting CDs and the ones you have expire. This would not sound so bad except that they charge the exact same amount for hard back books. To the best of my knowledge, the ink does not disappear if you choose to quit subscribing to those books. Further, there is an up front fee of about $2,000.00 to get the books or the CDs. When I first purchased the system, it was explained that I was buying the CDs to keep. At that time it made a certain amount of twisted sense. Now good manners prevents me from expressing how I feel, except the closest analogy would involve a visit to the proctologist.

The web pages submitted by Mr.. Payne could not help but make me feel that the current direction of electronic publishing is going to do nothing but widen the "digital divide". Prior to reading Mr.. Payne's post I was of the opinion that time would bridge the alleged "divide". Those who did not wish to learn about computers would move on. Prices would fall to the point that computers, new and used, would be in the reach of all who wished to purchase them and Internet access would just be part of the phone or cable bill. Now I wonder. We as a society are pushing to make hardware affordable and accessible. What good is cheap hardware and an inexpensive Net connection if you can't afford access to the information to fill the pipe?

Rick Cartwright

Unfortunately it is policies like that which threaten us all, or at least all of us who live on intellectual property. By undermining any feeling of moral obligation in a generation that hasn't enough of that to begin with, they aim a bunch of very intelligent people at the problem of how to get around those fees. I not think it will take years to develop ways.

 

 

 

 


Virus Profile

W32/QAZ.worm is a Low risk Trojan
· McAfee.com Clinic Members, click Here < http://www.mcafee.com/myapps/clinic/protect/ov_activeshield.asp > to update ActiveShield.
· Click Here < http://www.mcafee.com/myapps/clinic/protect/ov_scan.asp > to perform a VirusScan Online.
· Click Here < http://download.mcafee.com/updates/updates.asp > to download the latest dat files for (Retail) McAfee VirusScan.

Virus Name
W32/QAZ.worm

Date Added
8/10/00 10:39:11 AM

Virus Characteristics
This is an Internet worm that also acts as a backdoor. When running, it listens on TCP port 7597 for instructions from a client component. This worm also communicates with the IP address 202.106.185.107 which is physically located somewhere in Asia.

When this trojan is executed, it modifies the registry with this key value:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
StartIE=C:\WINDOWS\notepad.exe qazwsx.hsq

After the next reboot the worm renames NOTEPAD.EXE in the Windows folder to NOTE.COM and then copies itself to the Windows folder as NOTEPAD.EXE.

When ever the user runs NOTEPAD, the worm is executed and this then runs NOTE.COM.

The worm can use network connections to spread to other machines that allow access to their Windows folders and copies itself as "NOTEPAD.EXE".

One major significance is the real NOTEPAD.EXE is 52Kb while this worm is 120,320 bytes.

 

 

Send This Virus Information To A Friend? < /sendMail.asp?VIRUS_ID=pe98775&;NEW=YES&; >

 

Indications Of Infection
Existence of "NOTE.COM" and newly created "NOTEPAD.EXE" of 120,320 bytes. Data packet traffic on TCP port 7597.

Method Of Infection
This trojan will directly install to the local system if run. It modifies the registry to load at next Windows startup.

This trojan is also Network-aware in that it tries to locate systems using NETBios by "browsing" the network for targets with a shared drive, where the Windows folder is available, and NOTEPAD.EXE exists in that folder.

Removal Instructions
Script,Batch,Macro and non memory-resident:
Use specified engine and DAT files for detection and removal.

PE,Trojan,Internet Worm and memory resident:
Use specified engine and DAT files for detection. To remove, boot to MS-DOS mode or use an emergency boot diskette and use the command line scanner such as "SCANPM C: /CLEAN /ALL"

AVERT Recommended Updates:
Note1- Microsoft has released an update for

* Outlook to protect against "Malformed E-mail MIME Header" vulnerability at this link < http://www.microsoft.com/technet/security/bulletin/MS00-043.asp >

* Outlook as an email attachment security update < http://officeupdate.microsoft.com/2000/downloadDetails/Out2ksec.htm >

* Exchange 5.5 as a post SP3 Information Store Patch 5.5.2652.42 < http://www.microsoft.com/downloads/release.asp?ReleaseID=20910 > - this patch corrects detection issues with GroupShield

For a list of attachments blocked by the Outlook patch and a general FAQ, visit this link < http://officeupdate.microsoft.com/2000/articles/Out2ksecFAQ.htm >.
Additionally, Network Administrators can configure this update using an available tool - visit this link for more information < http://support.microsoft.com/support/kb/articles/Q263/2/97.asp >.

Note2- It is very common for macro viruses to disable options within Office applications for example in Word, the macro protection warning commonly is disabled. After cleaning macro viruses, ensure that your previously set options are again enabled.

Virus Information

    Discovery Date:                  8/7/00                           

    Origin:                                Unknown                       

    Length:                              120,320 bytes                

    Type:                                  Trojan                           

    SubType:                            Internet Worm               

    Risk Assessment:               Low                               

Aliases
Qaz.Trojan, QAZ.worm, TROJ_QAZ.A, Trojan/Notepad, W32.HLLW.Qaz.A

 

 

Clark E. Myers
e-mail at:
ClarkEMyers@msn.com
I wouldn't Spam filter you!

 


I think it's a Solaris 2.6 box running the Andrew File System (AFS),
ftp, and SMTP. It's probably been compromised; since it's running AFS,
there's the possibility that other machines sharing filesystems on said
AFS tree may be compromised.

Someone needs to get hold of Mr. Sun Ying and let him know that he's
been owned.

-----

Interesting ports on (202.106.185.107):

(The 1520 ports scanned but not shown below are in state: closed)

Port State Service Owner
21/tcp open ftp
25/tcp open smtp
7000/tcp open afs3-fileserver

Remote OS guesses: Solaris 2.6 - 2.7, Solaris 2.6 - 2.7 with
tcp_strong_iss=0, Solaris 2.6 - 2.7 with tcp_strong_iss=2, Solaris 7

-----

bash-2.02$ whois -h whois.apnic.net 202.106.185.107

% Rights restricted by copyright. See
http://www.apnic.net/db/dbcopyright.html

inetnum: 202.106.0.0 - 202.106.255.255
netname: CHINANET-BJ
descr: CHINANET Beijing province network
descr: Data Communication Division
descr: China Telecom
country: CN
admin-c: CH93-AP
tech-c: SY21-AP
mnt-by: MAINT-CHINANET
mnt-lower: MAINT-CHINANET-BJ
changed: hostmaster@ns.chinanet.cn.net 20000101
source: APNIC

person: Chinanet Hostmaster
address: A12,Xin-Jie-Kou-Wai Street
phone: +86-10-62370437
fax-no: +86-10-62053995
country: CN
e-mail: hostmaster@ns.chinanet.cn.net
nic-hdl: CH93-AP
mnt-by: MAINT-CHINANET
changed: hostmaster@ns.chinanet.cn.net 20000101
source: APNIC

person: sun ying
address: Beijing Telecommunication Administration
address: TaiPingHu DongLi 18, Xicheng District
address: Beijing 100031
phone: +86-10-66198941
fax-no: +86-10-68511003
country: CN
e-mail: suny@publicf.bta.net.cn
nic-hdl: SY21-AP
mnt-by: MAINT-CHINANET-BJ
changed: suny@publicf.bta.net.cn 19980824
source: APNIC


Roland Dobbins <rdobbins@netmore.net> /


Dr. Pournelle,

One addition to my last missive. I had noticed a number of attacks on my computer of the network.vbs virus. I had been infected by it many months ago and thought I had "cured" it per the instructions from Symantec's virus center. But then the network.vbs attacks came, and Norton Antivirus was catching it and deleting the files. The attacks came while I was online on my 56k modem, so I assumed someone had found a way to insert the network.vbs virus over the connection. Maybe the QAZ worm was the way they were doing it. The world is getting darker.

Perhaps.

TOP

 

 

 

This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

read book now

TOP

Thursday, September 14, 2000

I found the following particularly interesting. It's not often that a major corporate CEO drops their guard and allows the pure greed to peek thru. I would have expected Mr. Kirshbaum to mutter something about protecting the intelectual property of his writers.

This is part of an article in the current US News and World Report titled "The Empire Strikes Back". I guess we should take some hope from the title; IIRC in the movies, the Empire was defeated by teddy bears...

Entire article is at:

http://www.usnews.com/usnews/issue/000918/digital.htm 

=======================

"The idea isn't merely to prevent wholesale copying ` la Napster. Many publishing and entertainment-industry executives see electronic enforcement as a way to redress old grievances about activities they have been largely unable to control up to now. A typical book, for example -- the old-fashioned kind -- finds its way to five or six readers beyond the original purchaser, according to Laurence Kirshbaum, CEO of Time Warner's trade-publishing arm. 'One of the attractions of electronic publishing,' he says, is the ability to 'cut down on this pass-along.'"

===== rdfrost@yahoo.com http://www.rdfrost.com

As you say, naked greed. And he didn't even mention libraries. Yet in Mr. Heinlein's day, libraries were the primary purchasers of hardbound books. Naked greed indeed.


Dr. Pournelle,

A team of attorney's has just filed suit against the American Psychiatric Association and Novartiis, manufacturer of Ritalin. The suit alleges that the two parties conspired to invent a disease (ADHD) in order to inflate Ritalin revenues. Damages sought could run into the billions. <IRONY>I assume consumers will be given coupons for medications of their choice.</IRONY>

The reason QAZ is e-mailing China is to inform them of the IP address of your infected computer(s). The virus leaves a port open. I'm assuming the point is to get netbus or Back Orifice onto your machine. At a later date. If it isn't already there.

Don McArthur http://www.mcarthurweb.com

**************************************
"Do not be too timid and
squeamish about your actions.
All life is an experiment."
Ralph Waldo Emerson
**************************************

I managed to get a Ph.D. in psychology without ever hearing of ADHD or being told that uppers were the proper way to teach boys to control themselves. Interesting. The QAZ is going to have a bit of trouble getting past my Netwinder to do anything interesting.  But it sure was annoying.

I have the horrible feeling that your irony is not irony, and what will happen is that the lawyers will get rich and the drug companies will get to pass out free samples as expiation of their horrible crimes. It seems to be the way of the world.


Dear Sir,

Thanks in advance for your help. I have been assigned a new computer and have this problem. In the system tray, and icon of a folded paper airplane appears every several seconds and when mouse is placed over icon it says "Discovering Devices". When this function is running, the computer freezes and resumes when icon disappears. I cannot close function from system tray or find a way to disable it. Help. (Win98). Use this inquiry as you like.

Regards,

Tom Abbot

I have not a clue but I suspect a reader may.


> As viruses go, this one was less harmful than most -- to me, anyway.

Well, yes and no. The problem is that this Trojan isn't designed to do any immediate harm. It apparently just serves as an enabler. I understand that it has three functions, UPLOAD to transfer a file from God knows where to your system, EXECUTE to run that file, and TERMINATE to shut down the Trojan. And it sends your IP address to some mailbox in China, so they then have everything they need to access your system and they know where your system can be reached.

I can think of a lot of nastiness that could be performed using just those functions. Of course, you're behind a firewall, so the worst that happens is that they get the public IP address of the firewall, which is accessible anyway, or that they get your 192.168 private addresses that are behind the firewall, which they (in theory) can't do anything with. I say "in theory" because my friend John Mikol, who has skills comparable to those of Mr. Dobbins, reports that he watched external inbound and outbound traffic to his boss's machine, and those packets were using private IP addresses and going through an industrial-strength firewall as though it wasn't there. I don't know how this can be (and I write books about TCP/IP) because the border router at the company, as well as every intermediate router, should have been discarding any packet with a private IP address. But John says he watched it happen, and I believe him.

 -- Robert Bruce Thompson thompson@ttgnet.com  http://www.ttgnet.com 

I doubt they got anything from me. I don't know why I am a target. But I can think of systems they might want to infect...

Good morning, Just a thought, and I'm sure you've already thought of this, but, just a few days ago on your site, it was mentioned that one of the ways to slow down the VB script virus(s) was to associate all .vbs with --- NOTEPAD. Now this trojan is showing up, maybe as a future way around that fix? Keep up the good work, I enjoy your site daily, and learn something new most days.

Terry Lavely

Yes I thought of that, Ironic.


Jerry, if you still have any contacts left at Microsoft, can you ask why they have removed Personal Web Server from Windows ME? It appears that they would prefer you use Apache, since their own web server doesn't work!?!

In reference, see Knowledge Base Q266897.

Incidentally, Windows ME came to me on a new Dell laptop, and so far, I find it relatively slow. Startup and shutdown is better, but just opening the web browser causes the hard drive to churn and a several second delay before anything happens. And I've told it to display a blank home page and not to 'phone home' to check for updates. Strange.

- Robert Morgan

It's a good question. I'll see if I can find out.


On the one hand there is surely over-diagnosis and over-treatment. One expert in the field tells me this is because Federal funding follows the diagnosis rather than the problem.

On the other hand there is a real problem. I have 2 nieces - girls - on Ritalin. The girls are happier on Ritalin and their father, my brother Richard H. Myers finds Ritalin a valuable treatment for his own daughters. Rick is a psycho-pharmaco-geneticist a researcher who studies the effect of drugs on the brains of people with inherited disorders - with an early career emphasis on Huntington's Chorea - on the faculty at Boston University Medical School with a practice at Mass General and has also been certified to teach K-12 as well as special education. He taught special education for a while to work his way through school. He currently runs 2 Sun 450's. Today it takes him about a week of machine time to get answers to genetic questions it wasn't worth asking last year so the knowledge base is growing. There is a terribly real problem here and it is not just active boys.

On the gripping hand, just as our society no longer has a place for the blue collar middle class so our society has no place for the boy whose greatest skills may be personally walking point in Indian country instead of sitting and staring at a CRT.

Maybe the ADHD could be trained as an Air Traffic Controller in a virtual reality world where the ATC stands 60,000 feet high and herds airplanes watching a lot of traffic at once with strong artificial intelligence to translate ATC gestures and directions into control inputs and directions to pilots. It takes all kinds and there really should be a place for all kinds.

Clark Myers

I make no doubt that there are children helped by Ritalin just as there are some real cases of neurological dyslexia. I also know that we drug about 20% of the boy in some schools now, and this is criminally absurd.

Kids LIKE Ritalin. It's FUN for many of them. Why wouldn't they? Uppers must have some attractions or there would not be so much use of speed and other such. Kids are also clever, and if they LIKE something they can often figure out ways to get you to give them more of it. Hardly surprising, orangutans can manage that.

We didn't have the reading problems we had until people were paid to find good reasons why teachers weren't teaching kids to read: then a huge spate of  'diagnostic tools' emerged. 


Jerry,

Robert Thompson is correct that private IP addresses (10.whatever and 192.168.whatever) should not route across border and internet routers.

However, I know from experience that a lot of routers don't actually reject those packets at all. My network admin first noticed this when trying to set up a VPN over the internet--packets for 10.x that were supposed to come to us instead went to the internet, where they crossed 9 different routers on several different backbones before the 10th kicked it out.

For that matter, a tracert from my machine to 10.1.2.3 actually gets to a router with a 10.x address somewhere in home.net. (13 hops total--and not one router had a problem with it).

-Jon Dowell

Now that is interesting. Thanks.

Routers on the Internet do not automatically drop packets bearing source addresses in the network 10.0.0.0 and 192.168.0.0 private address space, since these are legitimate addresses in private networks. Internet routers can use filters to drop packets with those addresses, but those filters impose a performance penalty in the routers, and so are not popular with managers whose routers are often running at high CPU-utilization rates.

When I set up the Internet connection at a large corporation, I specified the "edge" routers to have lots of CPU resources so that I could drop those kinds of packets and others. Firewalls, of course, will drop those kinds of packets, but firewalls are normally behind at least one router, and router filtering is desireable to prevent attacks on the router itself.

Thanks for the warning about the notepad virus! Good work!

-- Cheers! - Lindy Lindy@arcanamavens.com

"When values are sufficient, Laws are unnecessary. When values are insufficient, Laws are unenforceable." - Barry Asmus

--

Dr Pournelle, 

Earlier today(Thursday), you suggested that you may have over-reacted to the virus infection you had discovered yesterday.

I disagree very strongly; you did not overreact. You had a real virus, and you were very correct in warning any who may have received your emails that it may have been inadvertently distributed to them. Thank you.

The people who create these 'programs' (I hesitate to give such a respectable name to either the object that they release on the public, nor to those cretins) think in their mind that they are doing something like 'graffiti', but the damage and cost of prevention they are effectively creating is enormous. To even compare it to graffiti is an incredible insult to graffiti artists. I would more likely compare them to arsonists instead of artists. (Here in Canada, Arson is one of the seven federal crimes, up there with murder and manslaughter)

The only time I had admonished some of my friends for sending virus warnings were when they were distributing false warning messages, and even then, only gently. I did not really tell them to stop sending the information (just to tell where to determine where it was true.

To tell the truth, your virus warnings (including Melissa last year) were the only 'live' warnings I have received about viruses. Even so, I would rather receive fifty false warnings and one true one.

I commend you for your timely warning. I appreciate it immensely.

Keep up the good work, It is appreciated.

Best regards, William S. (Bill) Wilkinson Montreal Quebec Canada.

 

TOP

 

 

 

This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

TOP

Friday, September 15, 2000

You can use this if you don't identify the source -

I was reflecting on your comments about Wen Ho Lee. I work for a government R&;D agency (not the DOE) and have an appreciation for his type of person. He seems to be a typical dedicated researcher, one of these guys who works 14 hours a day for straight salary. I know a lot of them. He probably makes about $80,000 per year but does the work of two people, thus making his EFFECTIVE hourly rate equivalent to $40,000 per year, which is less than new graduates are getting. No doubt he was taking his work home for more analysis - it happens all the time. Because of other sloppiness in his organization he has been singled out as a scapegoat. Morally the Wen Ho Lee affair is the equivalent of bombing a foreign country to distract everyone from a certain chief executive's open zipper. (Has this ever happened?)

Contrast this with the latest information on national security, about which I just learned: it seems that the French are now the biggest threat to national security. Who would have thought it? The inventors of brie and sauterne have targeted the US advanced technology for penetration. Security organizations throughout the US government are on extra alert, watching French citizens extra carefully, and export control officers in various agencies are not allowing our technology to flow to the French. The last time that the French were a serious threat, their national leader was a little guy with a short arm and a big ego. ("Your mother is a hamster, and your father smells like elderberries...") We are in threatcon BOZO now.

Of course at the same time, our deepest secret atomic installations are being toured by Chinese defense experts whose jobs involve defeating those same technologies. What a wonderful and mysterious world we live in!

Name withheld on request. (And I've erased the original message.) Regarding the French, some satellite temperature control technology we had was too sensitive for us to share with the French. So they bought the company and moved it, entirely with all the personnel, to France. We now do not have access to that technology as they deem it too sensitive to let the Americans have access. I wish I were making this up.

The Lee case demonstrates just how pervasive the general incompetence has spread through the government. The remedy to such imbecility is local control where you can turn the rascals out sometimes. What we have is civil service, guaranteed protection for our new aristocratic class. Particularly in "law enforcement" (the BATF and and others of that ilk ROUTINELY break not only their own regulations, but laws).

"But they meant well," pleads the Chief Executive who has taken an oath to see that the laws are faithfully enforced. Sorry to run on like this. I used to know and work with some very competent people in the FBI. But then I used to work with some very competent people in NASA. And I make no doubt there are few left, struggling along trying to do important jobs and passing up opportunities to go elsewhere for more money and respect while imbeciles are promoted above them for not making waves. It's the old story of "civil service" and it has almost nothing to do with which branch of the Democratic Republican Party is elected.


Jerry.

Again you entertain import tarriffs as if they are a useful weapon, but only as if the US is entitled to use them wisely. Anyone else doing so is obviously at fault and should be punished. What arrogance! (and _you_ complain about the US Govt for the same thing on other matters!)

So you would have no problem with (completely random country) New Zealand introducing import tarriffs on US goods, for some "reason" when, for example, USA exports 10 goods to NZ and imports only 1.... and the economies of both countries are strong.

You really make a mockery of the principles of free trade. By extension, you could also of course introduce import tarriffs inter-state in the USA, or inter-city, or inter-block......for whatever reason!

David J Burbage Blue Legend Software tel : +44 1628 410571 fax: +44 1628 770892 email: dave@blueleg.co.uk web: http://www.blueleg.co.uk

Well let's see: under the circumstances with the words you choose, I think Dr. Pournelle is more appropriate and sounds a lot better. If I call someone an arrogant fool I generally use a more formal means of address.  But then arrogant fools do that sort of thing.

Second, I always thought I was a citizen of the United States of America, and I have no obligation to bail others out of their folly. I deeply resent the $2,000/citizen we send Israel as non-military foreign aid so that we can prop up their socialist economy. I see no reason to make great sacrifices for other nations -- as a nation. As charity it is different. Build a man a fire and he is warm for a day. Set him on fire and he is warm for life.

Third, I can personally recall when Britain wasn't all that sorry that the US had a strong internal industrial establishment not subject to battle damage or sea interception. I recall that well. It was 1941 with Lend Lease, and after December 1941 there was this little thing called the Battle of the Atlantic, which was, I was told then, rather important to the survival of the Empire on which the Sun Never Set. By the way, thanks for the US Virgin Islands. Pity you didn't hand us the Bahamas while you were at it.

The United States Constitution leaves interstate commerce and particularly interstate tariff policy to the Congress. Not to the House of Lords or of the King In Parliament, and I believe all that was pretty well settled at Benningron, Saratoga, King's Mountain, Cowpens, and Yorktown, or did I misread my history books? (And to my British friends, no, I am not really quite like this all the time, only when provoked.)

And OF COURSE I "make a mockery of free trade". Or at least I fail to treat the phrase as a sacred cow. My wife's Irish relatives can tell stories of how Britain was perfectly willing to sacrifice Irish people to the holy principles of Free Trade. As for me, I understand the value of "free trade" to the production of economic goods, and I understand the value of high economic production to human happiness.  But in my arrogant folly, I do question whether the maximization of economic production is always the best policy for everyone at every time. At the least all this concentration on matters economic produces political problems: in Burke's phrase "Whirl is King, Things are in the saddle and ride mankind." 

Now perhaps Burke was an idiot. He was after all Irish. But perhaps not, and perhaps some weight ought to be given things other than economic production.

And economies don't happen in a total vacuum. The goal of Hitler was the destruction of Detroit: Hitler's downfall was a Sherman tank an hour and a Liberty ship a day, from industrial capabilities that couldn't be intercepted by submarines, nor from overseas trade that could be disrupted. At the least are we not permitted to take national security into account?

Your view is that I should be willing to beggar my neighbors in favor of others I have never met. Mine is that I support several orphans overseas through the Catholic Near East Welfare fund, and I'll look to means of both keeping my neighbor's job safe and finding ways to keep the price of Jockey shorts down. Perhaps I can't do both. But if my joke about trade warfare makes me an arrogant fool, then so be it. And it was a joke, you know. But perhaps it didn't translate well?


Jerry,

I can think of at least one reason why Chinese intelligence would want to gain access to your network: The Strategy of Technology. Your authorship qualifies you uniquely. The Chinese are known to be considering asymmetric attacks against the United States, and clearly want the role as hegemon.

Chinese intelligence is also known to follow a strategy of intelligence gathering by continuous "ant attacks" where they exploit their tremendous resource of all those hands and minds each one bringing one fact.

Put their capability together with the demonstrated incompetence of the FBI at the National Labs, and bingo. Notice I don't say our FBI, they clearly are not an American institution anymore.

jim dodd

jimdodd@tcubed.net

I have no access to classified materials and have not since the Reagan Administration; and anything I know is long out of date. I operate from published sources only now. And if I have inferences or hints of something I think ought to be kept secret, I would sooner broadcast it on Techweb than keep it on my disks or discuss it on the telephone.

 

 


We have several letters on this:

 

On Monday, Tom Abbot wondered what the heck the "paper airplane icon" in his System Tray was doing and how to get rid of it.

It's his HP JetAdmin software, and it's trolling for printers.

Really, only admin type people want this software and are willing to put up with its excentricities.

I'd suggest that he either:

a) Go to the Control Panel and remove it entirely. If his printer driver disappears too, then go the www.hp.com website and download the printer driver only.

b) Use a previous "highly recommended" piece of third party software, ("Startup Manager (?)") to go through Win98 and let him disable JetAdmin and whatever else he's inherited.

For what it's worth, I used to use Lotus Notes and HP JetAdmin and they fought like Kilkenney cats. Lots of mysterious blue screens in Win9x until I got rid of one or the other.

Andrew Colbeck 


Now much adoo about Internet Routing

Jerry, While I do not disagree with any of your correspondents that private IP addresses (10., 172. and 192.) do leak on to the Internet, according to RFC1918 they should not: Because private addresses have no global meaning, routing information about private networks shall not be propagated on inter-enterprise links, and packets with private source or destination addresses should not be forwarded across such links. Routers in networks not using private address space, especially those of Internet service providers, are expected to be configured to reject (filter out) routing information about private networks. If such a router receives such information the rejection shall not be treated as a routing protocol error.

http://www.cis.ohio-state.edu/htbin/rfc/rfc1918.html

Steven Healey

And more strongly:

> Routers on the Internet do not automatically drop packets bearing source addresses in the network 10.0.0.0 and 192.168.0.0 private address space, since these are legitimate addresses in private networks.

Eh? That doesn't make sense. If you're talking about Big-I Internet, then the whole purpose of private addresses is that they can't transit the Internet. That's why private address blocks were set aside in the first place. By definition, a private network uses addresses from the 10/8, 172.16/12, or192.168/16 block and, also by definition, is not part of the Internet. Packets with private source or destination IP addresses should be discarded by any backbone router or border router. If a router does not do so (and I don't doubt that many are misconfigured for the reason you state) it is by definition misconfigured. See RFC1918, which says in part:

Because private addresses have no global meaning, routing information about private networks shall not be propagated on inter-enterprise links, and packets with private source or destination addresses should not be forwarded across such links. Routers in networks not using private address space, especially those of Internet service providers, are expected to be configured to reject (filter out) routing information about private networks. If such a router receives such information the rejection shall not be treated as a routing protocol error.

Incidentally, in case you're not familiar with RFC's "shall not" is IETF-speak for something that is forbidden and should not is something that's discouraged. What the shall/should nots mean here is that you shouldn't put private packets on your link to your service provider, but if you do the service provider will filter them (and you'll probably get a nastygram about it.). Anyone who runs a publicly-visible router that doesn't discard 10/8, 172.16/12, and 192.168/16 packets is simply violating the rules of the road. --

 Robert Bruce Thompson thompson@ttgnet.com http://www.ttgnet.com

And from Roland:

Indeed, some ISPs and private networks are run by people who very sloppily allow RFC1918 addresses to be routed through their networks. If an attacker is seriously targeting someone, he can try and find adjacent networks which a) route RFC1918 addresses, b) allow source-routed packets, and c) form a path between the target and himself.

Some people set up firewalls in rather a haphazard manner. They disallow -any- connection made from the outside world to the private network, but allow -any- connection to be made from the internal network to the outside world. In such a case, a crafty individual could write his trojan so that it initiates the connection from the private network, thus rendering the firewall moot. That's one of the weaknesses of simple IP masquerading, in that there's no proxy 'plug' in place which allows active scanning of network traffic, and automatic shunning if Bad Things are happening over any given connection.

Your [the Chaos Manor] firewall is set up to allow only specific protocols, such as http, SMTP, POP, and so on, in specific directions. An attacker can of course write his self-initiating backdoor program to use a well-known port such as TCP port 80 (used for http); however, he'd have to crack a box which wasn't already running an httpd on port 80 (obviously, he doesn't want to use his own box), else when it stopped serving Web pages the sysadmin of said cracked box would eventually notice that it isn't serving Web pages. And so on.

There are ways around even that, of course; he could crack a box with an httpd on port 80, then add his own cgi scripts to do things when his backdoor client made a connection. Again, this would generally indicate a very specifically-targeted attack, however.

If someone's after you that badly, you have problems which are beyond the reach of mere technology to solve.

Network infrastructure alone (firewall, proxies, router ACLs, etc.) cannot provide adequate security for network-connected machines. Host-based security, which requires knowledge and skill and effort, is key to keeping the bad guys out. For Windows users, this means getting all the Microsoft security updates, running (and keeping current) virus-scanning utilities, etc. For *NIX users, it means a whole lot more.

C'est la vie. If we can't stand the heat, we ought to get out of the kitchen.

 Roland Dobbins <mordant@gothik.org> 

Indeed. Post office mail can be opened. Telephones can be tapped. By good guys and bad guys (and sometimes it's not clear who is which...)

I agree with all of that, with one exception. I'm not entirely sure that whoever is running this thing does care if he uses his own box. In fact, I'm not at all sure that this isn't an effort by the Chinese government. I expect us to come under increasing attacks of this sort. Maybe this isn't one. Maybe there won't be one next week or next month or even next year. But I expect that sooner rather than later we'll see organized government-backed attacks on our networks.

If I were running such an effort for the Chinese government, I'd make lots of trials, and I'd make sure that all of them could be attributed to individual crackers so that I could deplore their actions (and probably execute some poor scapegoat). I think we'll see baby-steps before we see a full-blown attack, and I dread to think what form that real attack may take.

But when you think about it, China Telecom (or whatever it's called) is a monopoly. They know who that email box belongs to. Sure, a kid in Sweden or Canada or the US could pull off something like this and perhaps cover his traces pretty well if he were smart enough (but that includes surreptitiously tapping into some innocent party's phone line and doing your dialup connection that way--most people don't realize that on modern CO switches all local calls are logged just like long-distance calls). But somehow I doubt that a Chinese kid has quite that freedom of action.

Between this problem and the Chinese utter disregard for copyright laws (they have all kinds of copyrighted stuff posted on public servers) there are many who advocate simply cutting off the Chinese entirely (based on the source address of IP packets) at the backbones. That argument actually has some things in its favor.

-- Robert Bruce Thompson thompson@ttgnet.com http://www.ttgnet.com

TOP

 

 

This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

TOP

Saturday, September 16, 2000

I've often wondered about how difficult it would be to re-create a technological civilization from scratch, given only knowledge. To that end, I've long thought about the idea of a kind of "summer camp" for engineers and historical recreationists. This would be a retreat or workshop, in which individuals would attempt to re-construct some piece of modern technology (such as an IC engine, or a radio, or a printing press, or perhaps just something simple like paper) using only raw materials. Of course, this would involve building the tools to build the tools, and so on.

My name for this undertaking is "Re-boot Camp".

Participants would of bring enough food, clothing and shelter to keep themselves comfortable during the workshop (or perhaps shelter would be provided), but would not be allowed to use imported high-tech items in the actual fabrication processes. I suppose perhaps a few, minimal, basic tools would be allowed, but I would want to keep the experiment as pure as possible. Perhaps the organizers could supply an initial tool set which conformed to some known historical period, such as early bronze age.

In order to minimize the potential ecological impacts, this would probably best take place in a quarry or strip mine. Also, since most of the easily-available ores have already been mined out, I would simulate the availability of raw materials by placing piles of raw ore, logs, clays, coal, and other unprocessed raw materials at approximately half-mile (or longer) intervals throughout the site. It would be up to the participants to fashion suitable transports. (Whether the raw materials would include things like draft animals is an interesting point.)

This could be done as a short workshop (say, a week), a series of weekends, or a continuous process where each summer the participants pick up where they left off.

I've also wondered: Would the re-creationists necessarily have to go through the same developmental path as was done historically, or could shortcuts be made? Moreover, would the technology created in the workshop be superior in some respects to its historical counterpart, because of hindsight and the lack of legacy restrictions?

Talin (Talin@ACM.org)          "I am life's flame. Respect my name.
 www.sylvantech.com/~talin        My fire is red, my heart is gold.
 www.hackertourist.com/talin     Thy dreams can be...believe in me,
                                                      If you will let my wings unfold..."
                           -- Heather Alexander


 

 

 

 

 

 

TOP

 

 

 
This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

read book now

TOP

Sunday, September 17

I took the day off.

 

 

  TOP

 

 

birdline.gif (1428 bytes)