jp.jpg (13389 bytes)

CHAOS MANOR MAIL

Mail 205 May 13 - 19, 2002

 

HOME

VIEW

MAIL

Columns

BOOK Reviews

read book now

emailblimp.gif (23130 bytes)mailto:jerryp@jerrypournelle.com

CLICK ON THE BLIMP TO SEND MAIL TO ME

 

LAST WEEK                          Current Mail                           NEXT WEEK

  The current page will always have the name currentmail.html and may be bookmarked. For previous weeks, go to the MAIL HOME PAGE.

FOR THE CURRENT VIEW PAGE CLICK HERE

If you are not paying for this place, click here...

Highlights this week:

  •  
  •  
  •  
  •  

IF YOU SEND MAIL it may be published; if you want it private SAY SO AT THE TOP of the mail. I try to respect confidences, but there is only me, and this is Chaos Manor. If you want a mail address other than the one from which you sent the mail to appear, PUT THAT AT THE END OF THE LETTER as a signature. In general, put the name you want at the end of the letter: if you put no address there none will be posted, but I do want some kind of name, or explicitly to say (name withheld).

Note that if you don't put a name in the bottom of the letter I have to get one from the header. This takes time I don't have, and may end up with a name and address you didn't want on the letter. Do us both a favor: sign your letters to me with the name and address (or no address) as you want them posted.

I try to answer mail, but mostly I can't get to all of it. I read it all, although not always the instant it comes in. I do have books to write too...  I am reminded of H. P. Lovecraft who slowly starved to death while answering fan mail. 

Day-by-day...
Monday -- Tuesday -- Wednesday -- Thursday -- Friday -- Saturday -- Sunday
 
atomz search

Search: type in string and press return.

 

or the freefind search

 
   Search this site or the web        powered by FreeFind
 
  Site search Web search

read book now

Boiler Plate:

If you want to PAY FOR THIS PLACE I keep the latest information HERE.  MY THANKS to all of you who sent money.  Some of you went to a lot of trouble to send money from overseas. Thank you! There are also some new payment methods. I am preparing a special (electronic) mailing to all those who paid: there will be a couple of these. I have thought about a subscriber section of the page. LET ME KNOW your thoughts.
.

If you subscribed:

atom.gif (1053 bytes) CLICK HERE for a Special Request.

If you didn't and haven't, why not?

If this seems a lot about paying think of it as the Subscription Drive Nag. You'll see more.

Search: type in string and press return.

 

line6.gif (917 bytes)

read book now
This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

read book now

TOP

Monday  May 13, 2002

On Anti-Gravity

http://tventura.hypermart.net 

interesting website, NASA is doing a study on this effect, here's a clip from an email from David Jedynak discussing the ideas...

best, Mike Donahue

email follows: >>>>I've actually dug into this stuff a bit. It's the same phenomena as the NASA patent for Asymmetrical Capacitor Thrust. The are a number of people trying (successfully) to reproduce the experiments, but many of them are kitchen table or garage type things. There is *something* going on (be it corona or interaction with B fields or something), but it probably is not "anti-gravity". The big problem is that ACT is fully observed and has been for many years, but no satisfactory explanation has been put forth.

My general feeling about the thing is that, when it comes to physics research, there are many bigger fish to fry, so this doesn't really get attention. On the engineering side, the thrust levels are so small that, again, being a useless phenomena, not much energy is put into characterization of it. However, with microthrust technologies now proven useful (the Deep Space 1 Xenon Ion Propulsion System and the recent recovery of a "failed" geo-sat orbit transition using a similar XIPS), microthrust research and development of ACT may have some benefit.

The lead person on this table top research, Jean Naudin, doesn't strike me as a very good scientist or engineer, but he is well-intended. He has tried to be "scientific" but he's not taking anywhere enough data on the parameters he does vary, and is not varying parameters that would provide some good data on other axes. It's a neat problem, and the ACT, if scalable, may have some good applications (hence the NASA patent), but lots more research and experimentation needs to be done in a good manner.

If I had the time and resource, I'd be all over this, just for the fun of figuring it out from taking lots of data. The first two things I would try would be (to check for corona and B field) are doing the experiment in a chamber at vacuum as well as other gases (like Gaseous Nitrogen) and then trying the thing at different orientations to the Earth's magnetic field. One big chunk of test stand that I haven't seen yet is just that, a real test stand. None of this rotating or lifting junk, but a fixed mount engine test stand with some force meters. The data so far is not very clear on things like polarity reversals (in case it is an conservation of momentum issue with high velocity electron collisions into a dielectric, or whatever). Naudin has messed with pulsed DC and AC, but again, he just doesn't seem to have the right combination of tenacity, imagination, lab experience, and discipline to really push his experiments to a useful level.

*snip* I really don't like the characterization of this as lunatic fringe. Agreed, some of the people appear quite crazy (start reading the lifter pages), but that doesn't mean that the phenomena should be dismissed. Inexperienced and misguided, like early attempts at fixed-wing powered flight (10-planed monstrosities collapsing under mechanical stress), is a good characterization of the current research. I'm actually glad some money (so the article says) is ear-marked for some basic research. Depending on how ACT works and the physics behind it, I could see a whole new parameter to worry about (and thus improve on) in PCB layouts and general electrical engineering design.

>>>>end transmission

I keep hearing about this but I know little. Thanks.

Roland finds new stuff on railguns

http://www.upi.com/view.cfm?StoryID=12052002-105108-1155r  

And and interesting story

http://www.spamresource.com/nadine/default.htm 

--------------------------------- Roland Dobbins <mordant@gothik.org> // 

Thanks. I still don't understand how Roland manages to be a father, an engineer and trouble shooter, and read everything he does. Have the Clone Wars already started and we don't know?

And  a formal statement of an idea that has been around for a while, this from Robert Racansky

[For those o wondering and/or care what this is about, read the ref at the bottom of this e-mail, or go to http://volokh.blogspot.com/2002_05_05_volokh_archive.html#76219243  ]

THE SUNSET AMENDMENT

1. All laws made by the federal government shall expire 25 years after they go into effect. Laws that are currently part of the United States Code shall expire 25 years after this amendment goes into effect. Nothing in this amendment shall prohibit the Congress from passing an expired law.

2. All executive orders made by a president of the United States shall be in effect only while that president is in office. Nothing in this amendment shall prohibit the succeeding president from issuing an identical executive order.

3. All regulations made by any agency of the executive branch shall be in effect only while the president is in office. Regulations that are currently part of the Code of Federal Regulations shall expire 25 years after this amendment goes into effect.

4. Nothing in this amendment shall apply to the United States Constitution, including amendments.

The idea behind this is 1) it is currently easier to make laws than unmake them, 2) even bad laws are rarely repealed, and 3) even good laws outlive their usefulness.

The Sunset Amendment would allow/force future politicians to evaluate the effectiveness and costs of existing legislation based on 25 years of experience (or 4 to 8 years for regulations and executive orders). In theory, "good" laws will more likely to be re-enacted, while "bad" laws will be limited in the amount of damage they can do.

I read somewhere (I think it was Dave Kopel piece on the BATF) that the Code of Federal Regulations (CFR) -- rules made by unelected bureaucrats -- is 4 times as thick as the United States Code (USC) -- the laws passed by the elected representatives of Congress. This is a bad thing.

The 25 year number is purely arbitrary, and I'm sure some lawyer could do a better job of writing the text.

------------------------------------------------------------------------------

ref:

http://volokh.blogspot.com/2002_05_05_volokh_archive.html#76219243 

It has always made sense to have Sunset provisions in laws. It is not in the interests of lawyers to do so, and the US Congress seems to be a wholly owned subsidiary of the Trial Lawyers Association. We have build an Empire run by lawyers. But then so did the Romans.

From Robbie Walker

I don't normally send out links to people but THIS may just be the weirdest thing I've ever accidentally discovered on the internet. Note: This is not X-Rated or anything like that, it's just WEIRD!

http://www.pixyland.org/peterpan/index.html 

Weird it is. 

And from Dan Spisak

Some of the newer audio CDs coming out in the market have anti-ripping technology, notably:

Celine Dion - A New Day Has Come Soundtrack for Episode II: Attack of the Clones

I'm sure there will be others to follow I might have missed here.

In any case, the anti-ripping protection on these CDs makes it so that it could potentially damage a CD-ROM drives firmware, or simply crash a users PC or Mac. Also, these CD's are not actual CDs in the sense that they violate the Redbook standard, yet rely on stupid audio cd players to function still. They are not allowed to use the Compact Disc "CD" logo on the cases.

Turns out there is an easy, low-tech way to defeat these anti-ripping mechanisms. Use a sharpie market to black out the outer edge of the disc that is the anti-tipping track of the disc like so:

http://translate.google.com/translate?u=http%3A%2
F%2Fwww.chip.de%2Fpraxis_wissen%2Fpraxis_wissen_8725919.html
&langpair=de%7Cen&hl=en&ie=UTF8&oe=
UTF8&safe=off&prev=%2Flanguage_tools
 

This is a joke press release I found on Slashdot but I think it gets the point across of just how absurd this is:

I'm going to start stockpiling sharpies immediately.

-Dan S.

And See Below

----------------

HOLLYWOOD, CALIFORNIA - May 13, 2002 - RIAA TEAMS UP WITH MPAA TO URGE BAN OF "SHARPIE" STYLE MARKERS.

Local busineses were shocked today when all 2.5 million office supply stores were simultaneously served with a cease and desist order from the RIAA and MPAA banning the sale of any type of felt tip marker. Lobbyists for the media industry successfully bribed and/or threatened a number of local politician, who in turn passed legislation banning the manufacture, sale, or possession of any device on grounds that it violates the Digital Millenium Copyright Act.

"This is a great day for freedom in this country", stated I. P. Freely, chairman of the House Committee On Media Graft and Campaign Finance. "No longer will reckless hoodlums and terrorist be able to hold our great media industries down! Already these 'media terrorists' have been implicated in causing a downturn in music sales, a deepening of the U.S. recession, balding, impotence, and dandruff. These terrorists are a threat to the very foundation of this nation. Have I said terrorist enough yet? Terrorist terrorist terrorist!"

A small group of bewildered secretaries and office workers were rounded up by jackbooted thugs and herded into "terrorist containment vehicles" (which resemble black vans) as they went into office supply stores in downtown L.A. to buy Sharpies. "Obviously these media terrorists were bent on destroying Sony Music with these devices", said one S.W.A.T. team captain as he twirled a Sharpie in front of cameras. "Don't worry folks", he said, "you're safe now."

When interviewed on the street, many people expressed delight at the actions of the MPAA and RIAA.

"I'm so glad that these hideous terr'rist folks have been rounded up", says Eva Beaver. "Who knows what they might've blown up with their terror weapons. Next it could be planes slamming into buildings!"

Opposition to this new law is expected to be light, say prominent Washington lawmakers. Naysayers will be rounded up and shot on sight, further adding to the desire to keep people from pirating music and movies with felt tip pens.

Spokesmen for Sanford, the company that manufactures the Fully Automatic Terrorist Media Stealing Assault Weapon (formerly known as a Sharpie Marker) could not be reached following a disastrous fire and explosion at every single one of their manufacturing plants.

I already have plenty of them...

 

 

 

TOP

CURRENT VIEW 

This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

read book now

TOP

Tuesday,  May 14, 2002

Joel Rosenberg on Your Tax Dollars At Work:

from: http://sfgate.com/cgi-bin/article.cgi?f=/c/a/2002/05/10/BA122563.DTL 

"The university has been lax about oversight before. Last February, the campus admitted that a student-run male sexuality class -- in which some students visited a strip club -- could have used more supervision."

Heh. Double heh.

On the Microsoft / Softimage thing, which I also put in VIEW

Jerry

An interesting reference in The Register to Microsoft's conviction for software piracy.

http://www.theregister.co.uk/content/7/25227.html 

Regards

From Bob Thompson

I've read the details about it somewhere, but I forget them. As best I can remember, Microsoft had some sort of license, but the company that licensed the software to Microsoft got bought out by another company (or the original licensor sold their software to another company), and the second company successfully sued Microsoft for using their product without permission. Or something like that. At any rate, IIRC, it's not a clean-cut example of intentional piracy, but more a licensing dispute. This was, incidentally, the piracy that Nunez referred to in his rebuttal of Microsoft Peru's letter to him disputing the benefits of Peru's proposed law requiring government agencies to use OSS.

As far as I know, Microsoft hasn't actually stolen anything since the STAC compression algorithm, unless you count the BSD TCP stack.

And Eric Pobirs replies with his usual good sense:

More specifically, SoftImage had a licensing deal going and decided to push for more favorable conditions and control of the source code for the functions involved. Syn'x charges that SoftImage took liberties when they chose not to capitulate. This was going on in the background MS was acquiring SoftImage. MS auditors did not apparently think it was a significant issue and if Syn'x were not a French company it likely would not have been a problem.

But Syn'x or its remnants were a French company, suing a non-French company in a French court. Some observers suggested this carried as much or more weight than any actual evidence of malfeasance. Certainly no MS employees were directly involved. The name was only invoked because the parent company was vastly better known than the company actually at issue.

This might not be a bad approach to take in other areas. Rather than just refer to Bin Laden or the hijackers perhaps it should always be 'Saudi Osama Bin Laden' and 'mostly Saudi hijackers.'

The use of the BSD stack can hardly be called theft. How can you steal something freely given. The big complaint on the part of the OSS fanatics is that the Windows splash screen doesn't include 'featuring the BSD TCP/IP stack' in 144 point type.

After reading that letter from the Peruvian politician I was more than a little suspicious of where its content originated. The rhetoric appeared to have been directly lifted from a familiar group of axe grinders. But surely they aren't trying to influence politicians. Only big bad money grubbers like MS would do something like that.

And from Dan and Bob:

You forget that Microsoft used the Gnu Zlib compression library in its operating systems. The reason this is know is because there was a security flaw found in the zlib library that could have allowed a system to have its security compromised (this is a Unix/Linux system I am talking about here). It took Microsoft over a month to issue its own fixes of the problem whereas the various Linux vendors had their patches issued within a day or two of the security weakness being discovered.

-Dan S.

Oh, yeah. I had forgotten that. Does that mean that the Microsoft products that use zlib (more than just their OS's, as I recall--wasn't Office also in that group?) are now Open Source?

-- Robert Bruce Thompson

I wish they were! A guy can hope. But in any case I was slightly incorrect in that the zlib library was not a Gnu Open Source item. Here is the information pertaining to the incident:

http://news.com.com/2100-1001-860328.html 

http://slashdot.org/article.pl?sid=02/03/14/2125221&mode=thread 

I just use the darn library so much I had assumed it was an open source item. My mistake.

-Dan S.

And Eric adds

More detail here, which also casts doubt on the BSD claims.

http://news.com.com/2100-1001-860328.html 

The authors used a license that was intended to be friendly to developers of proprietary products. They were more concerned with propagating a standard rather than a political stance. It has been adopted as part of the GNU compiler libraries but that is not the version used by MS.

 

Which should be enough on that subject. Thanks!

 

On ClearType

Hi Jerry,

I was able to install ClearType on my Windows 2000 system at the office without a hitch.

One interesting thing did pop up, however. I am testing out the new Mozilla open source browser (version RC1). I was reading your column with the Mozilla browser and linked to the Microsoft page. I was unable to install ClearType, until I switched to Internet Explorer.

Just thought you should know.

Thanks,

Mark Coleman Arlington, MA

Not astonishing...

And on CD PLAYER and copy protection Dan Spisak says

Turns out the CD's corrupting CD-ROM drive firmware was a myth. The cds still do cause the drives to not eject them under normal circumstances and potentially lockup your machine. There is also a site that seems to be tracking which CDs are copy protected or might be:

http://www.fatchucks.com/z3.cd.html

Of course what is utterly ridiculous is that if you have a CD player with an optical output (Toslink or Coaxial fiber) you can play the CD and record the output via the optical output for pretty darn near perfect quality recording to use to rip to an MP3.

I hate the record companies, this is madness.

-Dan 

Madness indeed

TOP

CURRENT VIEW 

 

This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

read book now

TOP

Wednesday, May 15, 2002

Begin with an important letter forwarded by Tracy Walters:

On 26 April, 2002, BGen Mattis (Commander, TF 58, Operation Enduring Freedom) addressed the Ground Dinner sponsored by PP&O for GCE Advocacy.

 

A variety of interesting comments from BGen Mattis, in no particular order:

 

* KC130 is aircraft that made it all happen

* Marine pilots landed where and when others wouldn't

* If we had V-22, they could have gone straight to Kandahar and toppled it 30 days earlier

* SeaBees are MAGNIFICENT! There are no better military engineers--they have unheralded initiative and innovation

* Dust was truly unbelievable

* Common bond w/ SF was desire to engage enemy relentlessly; made for effective on-site partnership based on a handshake, even if macro organizational relationship remains complex

* Sea-Basing was key; also all landing was night ops only to reduce vulnerability (political as much as any) and ARG withdrew OTH each morning

* Marine Corps Intelligence Agency (MCIA) responsiveness and products via reachback were outstanding: route Rhino to Kandahar across hellish terrain in 12 hrs; Tora Bora LZ study right on target in ~4 hours

* Intel is getting so good that risk of having so much info that can't process it

* CSS gave the operation legs. Huge impact from a few CSS Marines headcount tightly managed). CSS was definitely his focus, as MEU, etc. could take care of the tactics as long as the order and intent were right. Despite distances and other myriad challenges, tactics were never constrained by CSS.

* Time for non-aviators to call for CAS.

* Left arty on the boat. Air filled gap nicely. Would have needed Expeditionary Fire Spt System (EFSS) if had a more capable enemy.

* Relationship with JFACC was key; needed to be face-to-face in order to build trust then get what you need. Can't do that through ATOs and VTCs (the latter the curse of today).

* Need UAV at all levels. It will always be so valuable that your higher wants it. Need for Co Comdr and all the way up. Need to be small and capable, but sufficiently expendable that losing one or two is no big deal.

* Lack of a sniper night scope created strategic impact.

* JTF Enabler Package (C2 - theater comms package for JTF) very good.

* Thinks USMC should go inside the tier I force -- not to try to duplicate, but to establish liaison and get entry to a world that is relevant to tier II, MEU(SOC), etc.

* Questioned on whether getting rid of ANGLICO a good idea -- can't have enough liaison folks or enough teams that can employ broad spectrum of supporting arms.

* Don't enter caves. Seal them by blowing them up. Need a way to find all outlets, so can blow all of them up.

* Had only "inch by inch" mine clearing capability until Norwegian flail arrived. Need to fix that. Dogs?

* The other countries were sending the best of the best. Highly capable coalition forces (the 1st world imports).

* Aussie got order from BGen Mattis then had permission to execute from Prime Minister in 2 1/2 hours. Need to have that kind of responsiveness in NCA / can't say that.

* "Go after them until they fear us more than they hate us."

* Guidance to operators was that Taliban's first contacts with us should make them not want a second contact.

* Advice to junior officers: never say that you own a piece of Afghanistan.

Thanks!

From WinXP news:

Watch Out for the JDBGMGR.EXE Hoax

Axel Ramirez Flores wrote in asking about an email he got warning him that a file named jdbgmrg.exe is a virus and that he should delete it immediately! This is a hoax email and you should ignore it and not forward it to anyone else. The jdbgmgr.exe file is part of the Microsoft Java Runtime engine. You can probably get away with deleting the file without anything bad happening. But if you notice problems after deleting this file, you should download the Microsoft Virtual Machine and install it again. For more info on the hoax, check out: http://www.winxpnews.com/rd/rd.cfm?id=020514SE-Viruses_Hoaxes 

To download the MS Virtual Machine, head on over to: http://www.winxpnews.com/rd/rd.cfm?id=020514SE-Virtual_Machine

Tracy Walters

Thanks.

Then we have political rhetoric of a grand kind:

By HEATHER MALLICK

Saturday, May 11, 2002 - Print Edition, Page F3

Most heaved a sigh of relief to see the French fascist Jean-Marie Le Pen lose to the oily Jacques Chirac by taking only 17.8 per cent of the vote. Me, I was cackling away to myself for an entirely different reason: Another of my crackpot demographic theories confirmed!

Given that virtually every eligible French voter dragged himself out of his torpor for the second round, to either save the Republic or destroy it, we now have a quantification, an actual number, stating what percentage of the French population are complete brain-cramped, violent, racist guillotine-fan scum.

In other words, 5.9 million French voters are complete sh--heads.

I am not sure that needs comment.

 

TOP

CURRENT VIEW 

 

This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

read book now

TOP

Thursday, May 16, 2002

Last Sunday night I saw Turkish flags go up in Midtown Manhattan. This Saturday the Janissary Mehter military band (billed as "world's first military band") marches in the Turkish-American day parade (12:30 pm Madison Av / 47th St to United Nations). Guess I'll go see some Janissaries!

A net search turns up this: http://www.worldmilitarybands.com/13th%20century.htm 

-Erik Olsen

Wow. 

There is now evidence that an asteriod impact 200 million years ago started the Dinosaur age!

http://www.space.com/scienceastronomy/planetearth/jersey_dinosaurs_020516-1. html

God giveth and God taketh away.

Charles Butler

And wow again!

Dear Doctor Pournelle,

I thought you might appreciate the following. It is long (grab a coffee first), but very satisfying.

http://www.scamorama.com/threebucks.html 

If you are too busy the final exchange gets the point across.

Cheers

Tom Ayerst

Long and more trouble than I would go to, but gratifying...

Mr. Pournelle,

I thought you and other readers might appreciate this rather insightful article from the Weekly Standard's website that makes a case for the Empire in the Star Wars Universe.

http://www.weeklystandard.com/Content/
Public/Articles/000/000/001/248ipzbt.asp
 

Best regards, Mark W. Slover

I commented on this over in View.

Dr. Pournelle, Bruce Schneier's latest crypto-gram ( http://www.counterpane.com/crypto-gram-0205.html ) has the news that fingerprint scaners, of the sort that are being proposed for positive ID checks in supermarkets (where your fingerprint is linked to your credit card) and banks (where your fingerprint is linked to your savings account), as well as for computer logons, can be fooled 80% of the time with $10 of supplies from the local supermarket. http://www.counterpane.com/crypto-gram-0205.html#5 

Kit Case

Uh-oh. 

 

 

TOP

 

CURRENT VIEW 

 

This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

read book now

TOP

Friday, May 17, 2002

From Anonymous

I've got the scoop on the fabricated data of Dr. Jan Hendrik Schon, Lucent's golden boy and father of the organic laser, the organic superconductor, and (most recently) the molecular transistor. Schon is a fraud, and his downfall is going to be as big a story as his rise.

This is going to be in all the major papers later this week - I thought you might be interested in being ahead of the curve.

Here's the link: http://capitalist.blogspot.com/2002
_05_01_capitalist_archive.html#8509547
6 

I know no more about this.

I drive a General Motors car, made in Ontario, Canada. My brother used to drive a General Motors car, made in California.

The only reason that I am willing to drive a GM car is that my Metro is really a Suzuki at heart. My brother wasn't as vehement about his, but of all his cars he has ever owned, he owned the Chev Nova that was really a Toyota Corolla in disguise longer than any other.

Once you own the entire market, you stop trying. Until someone from outside your empire walks up and gives you a gentle shove. My owning the domestic market, GM raised a generation who wouldn't be caught dead in a Cadillac (gotta be a BMW or Mercedes or Lexus or Jag or Infiniti or anything but domestic), or who wouldn't be caught dead in a Chev (unless it's a rebranded Suzuki or Toyota). Charlie Wilson set his company up to become a dealership brand for cars my generation is willing to buy.

Honda didn't have economies of scale. The central planning commissars in his country didn't want him to make cars. But the gaps left by the snoozing behemoths of America let him wander in anyways.

So I agree with you. I consider myself to be an example of what happens when GM owns the domestic market for too long.

G. Goss

Thanks. Precisely what I meant.

 

TOP

CURRENT VIEW 

 

This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

read book now

TOP

Saturday, May 18, 2002

Dear Jerry,

A lot of news is either amusing in a head-shaking way, or depressing in a cynical way. This news article was different. I first skimmed it, reread it more slowly, thought about it a bit, and then decided it was worth forwarding to you.

http://www.cnn.com/2002/US/05/17/ret.seal.death/index.html 

It pretty much speaks for itself. But I am reminded of Robert Heinlein's words on patriotism to the Naval Academy at Annapolis: "The Republic will always need heroes."

For all its temptations to sloth or empire, America still has heroes. And I'm both sad and proud.

--Erich Schwarz

Thanks. And we shall always need heroes.

And three from Roland

The Billion Dollar Woman

http://www.cnn.com/2002/WORLD/europe/05/17/art.theft/index.html  -- 

Everything old is new again

http://seattlepi.nwsource.com/local/70823_dirigibles17.shtml  

Silly Title, good commonsense methodology

http://www.antionline.com/hacker-profiling/ 

Roland Dobbins

I still don't see how he has the time to read all this stuff, but it sure makes my life easier.

And a lesson courtesy Bill Clardy courtesy Joanne Dow:

http://www.w2knews.com/?id=348 

A tale of telephone hacking by people with Arabic accents.... --8<-- Postmortem: How Sunbelt Got Hacked

It's just one of these things. You talk about security for years, you warn people once a week, protect your domains with many layers, and then some hacker walks right into your own open back door. [grin] At the end of this cautionary tale I will tell you what to do to prevent it in your own organization.

Here is how this whole thing went down, it's not as bad as it could be, and our domains were never compromised. But it is egg on our face! Someone hacked into our phone system. It's called phreaking, and has been done for decades. Lucky for us he was just talking to people instead of using it to (try to) break into other systems.

How it started? Last Thursday one of our Reps found she could not use her voice mail box anymore. It was forwarded to some strange number. The Admin in charge frowned, reset it, and things worked again. Then last Friday, it happened again, and with not just one but with a few mailboxes. Now we really started looking!

What the hacker did not know is that we have an advanced phone system that really is just software. The whole system is a W2K server in a special frame with 20 expansion slots. Each slot holds a card for 8 extensions. The software is powerful and allows you to reconfig anything on the fly instead of having to call your PBX vendor all the time if you move a few staff to new spots. The brand is Altigen.

We started to look in the Altigen console, and found a few mailboxes that were forwarded to far away countries. When we started to trace these down, it turned out they were Pakistan, Saudi-Arabia, Kuwait and the Philippines. Anyone that has followed the news recently can draw their own preliminary conclusions. So did we.

Since we can see everything in real-time coming in and out of the system, it was clear that a hacker had compromised a few mailboxes and was using these to break into other companies' systems as well and create a chain of compromised PBX-es. In some cases we were the end of that chain, so we knew the final destination. The hacker was fairly smart in trying to hide their trail by dialing in, dialing out, and then dialing in again and use another mailbox.

However, since we could see and change things in real time, we took him off the voice T1, and rerouted him to a copper trunk which we could tap. And sure enough a both American and Arabic speaking male voice was busy making calls, through several other companies systems that he already "owned". So while he was happily tapping away, we recorded what he was doing and called the FBI.

They actually are in a building 5 minutes from here so shortly they were over and listening in. And since Altigen dumps all the data into a SQL database, we were able to give them both the voice recordings and a detailed track of all the calls, their origination and destination points and duration. They were happy we could provide them with all the data immediately burned on a CD so they could start their analysis, using Excel.

The FBI agents told us that phone system hacking is happening thousands of times every day! And we had to shamefacedly admit that the password used for the compromised mailbox turned out to be the same as the extension. OUCH! The hacker simply cracked these mailboxes using this very simple trick. DUH. And me scoffing at the New York Times for using the last four digits of someone's social security number as their default passwords...[grumble]

Luckily for us, the hacker never got into our W2K domains, and never used it for actual computer cracking, but a simple trick like this can cause damage in many other ways. Especially if one deals with a bit more sophisticated criminal elements. So we compiled all the evidence necessary and turned it over to the FBI Computer Crime Special Agents.

We then shut the hacker down, and changed all mailbox passwords to something a bit more sophisticated. We also shut down all international calling ability for mailboxes that did not need it, which was about 95%, and made some other configuration changes in the Altigen console which I'll not go into. And to the hacker, if you read this, you were caught. Expect a tap on your shoulder any minute now.

Lesson learned: USE STRONG PASSWORDS FOR THE PHONE SYSTEMS AS WELL. Monitor your phone system logs for unusual activity and out of normal range events or durations, just like you would your networks and set red flags. You could dump that stuff into a flat file and use a tool like ELM to ping you when things are out of the ordinary.

Warm regards, Stu 

--8<--

{^_^}

Which I think need no commentary.

And from Bo Leuf about my virus mailing:

Jerry -- My sympathies. Some of the more recent (klez) virus worms have the nasty behavior of forging real-seeming return address and other header information based on what they can find on the victim's harddisk -- random extracts from address book, html pages, cache, anything that looks like a valid e-mail address. So it's not "someone" -- it's automated. With your wide readership and correspondence, that means a high risk that your address will be faked. I've seen a few of these as well, with my own "return address", but it takes more than a casual glance at the header to see that the return information is bogus.

/ Bo

On 16 May 2002 at 22:02, Jerry Pournelle wrote:

> What's happening is that someone is faking my return address and > sending email with virus attachments.

The bottom line is that mail is being returned to me as bounced because of a virus attached, but I did not send that mail; meaning that some of it may have got through. I never do mail attachments to a general mailing: if you get something unexpected from me with an attachment don't open the attachment. If I send you an attachment, you'll know it, and not by some general statement.

 

 

 

 

 

r

TOP

 

CURRENT VIEW 

This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

read book now

TOP

Sunday, May 19, 2002

Went to an X Files Party. See review in view.

 

 

  TOP

CURRENT VIEW

 

birdline.gif (1428 bytes)