jp.jpg (13389 bytes)

THE VIEW FROM CHAOS MANOR

View 249 March 17 - 23, 2003

read book now

HOME

VIEW

MAIL

Columns

BOOK Reviews

 

  For Current Mail click here.

FOR BOOKS OF THE MONTH 1994-Present Click HERE

Last Week's View                     Next Week's View

emailblimp.gif (23130 bytes)

Highlights this week:

 

This is a day book. It's not all that well edited. I try to keep this up daily, but sometimes I can't. I'll keep trying. See also the monthly COMPUTING AT CHAOS MANOR column, 4,000 - 7,000 words, depending.  (Older columns here.) For more on what this page is about, please go to the VIEW PAGE. If you have never read the explanatory material on that page, please do so. If  you got here through a link that didn't take you to the front page of this site, click here for a better explanation of what we're trying to do here.

If you are not paying for this place, click here...

Day-by-day...
Monday -- Tuesday -- Wednesday -- Thursday -- Friday -- Saturday -- Sunday

For Previous Weeks of the View, SEE VIEW HOME PAGE

Search: type in string and press return.

read book now

 

If you have no idea what you are doing here, see  the What is this place?, which tries to make order of chaos. 

If you intend to send MAIL to me, see the INSTRUCTIONS.

 

Boiler Plate:

If you want to PAY FOR THIS there are problems, but I keep the latest HERE. I'm trying. MY THANKS to all of you who sent money.  Some of you went to a lot of trouble to send money from overseas. Thank you! There are also some new payment methods. I am preparing a special (electronic) mailing to all those who paid: there will be a couple of these. I am also toying with the notion of a subscriber section of the page. LET ME KNOW your thoughts.
.

If you subscribed:

atom.gif (1053 bytes) CLICK HERE for a Special Request.

If you didn't and haven't, why not?

If this seems a lot about paying think of it as the Subscription Drive Nag. You'll see more.

For the BYTE story, click here.

 

For Current Mail click here.

 

 The freefind search remains:

 

   Search this site or the web        powered by FreeFind
 
  Site search Web search

 

 

 

line6.gif (917 bytes)

This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

read book now

TOP

Monday  March 17, 2003 

St Patrick's Day

President's speech. Alert Status Orange

We have two alerts from Roland:

NOTE: There's a LOT of security stuff here. It's important. It's also long. 

Subject: New IIS exploits coming? ( priority one)

 I've been given permission to repost this information without
attribution (it is from a source I consider to be reliable and clueful)
- obviously, the number of sites using IIS makes this a priority:

>
>> Information gathered from a variety of sources indicate that the
>> potential  exists for a significant increase in IIS hacking attempts
>> within the  foreseeable future. In this regard, we are currently
>> recommending that,  where possible, IIS servers install URLScan from
>> Microsoft.
>>
>> URLScan will limit the length of HTTP requests to the IIS server,
>> breaking malicious code.
>>
>> URLScan is available from Microsoft's Web site:
>>
>> http://www.microsoft.com/technet/security/tools/tools/urlscan.asp
>>
>> We recommend the following base settings:
>>
>> MaxUrl:  1024
>> MaxQueryString: 1024
>>
>> Obviously, if either URLs or queries for your site need to be
>> larger, you can adjust the values, though we recommend trying to
>> limit this to under 2k (2048 bytes) wherever possible.
>>
>> Alternately, you may wish to explore using the
>> MaxClientRequestBuffer  registry key to limit the size of a request.
>> This key is documented at:
>>
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;260694
>>
>> Please note that this controls the buffer size of *all* data into an
>> IIS  server, and so may affect things like Outlook Web Access (OWA,)
>> and file  uploads.  By default IIS 5 sets it at 128Kb. While it's
>> likely that most  production servers should have this value set
>> lower, we expect that it  will only be useful as a protection
>> mechanism is the size of the buffer is  less than 2k[1].
>>
>>
>> [1] It may actually help for most current malcode if it's under 4k,
>> but  generically, 2k is a much better threshold for protection.
>


---------------------------------------------------------
Roland Dobbins <rdobbins@cisco.com

AND

Subject: Fwd: Samba exploit, fix ( priority one)

 Begin forwarded message:


>
> http://samba.org/samba/whatsnew/samba-2.2.8.html
>
>
> ---------------------------------------------------------
> Roland Dobbins

Subject: Bibrog-B virus/worm/semi-trojan

Please post ASAP - note that we're starting to see multi-vector/multi-function methods used . . .

http://www.sophos.com/virusinfo/
analyses/w32bibrogb.html

 Roland Dobbins

Another warning I seem to have missed.


There was considerable mail over the weekend. Some important.


"We Want our country back," shouted the California Democratic Party convention over the weekend. Heh. This to the candidates for Democratic nomination to the Presidency. And these are the people whose votes are needed for the nomination. They booed all mention of the military, of course.

This is bad for Democratic prospects, or so I would think.

And we have another warning:

Subject: Pandemic ( priority one)

http://www.americanscientist.org/
articles/03articles/Webster.html

Roland Dobbins

I am not trying to be an alarmist, but this is something else to worry about.


And we have:

http://www.nytimes.com/2003/03/15/opinion/15EWAL.html 

THE NEW YORK TIMES

The New York Times March 15, 2003 Get Out of the Way By THOMAS H. B. EWALD

Calling themselves "human shields," groups of Westerners, including some Americans, are volunteering to encamp at potential bombing targets throughout Iraq in what they say is an effort to protect the people of Iraq if there is a war. What they're really doing is putting themselves and others in danger for a dubious cause.

During the Persian Gulf war, I too was a human shield - though not by choice. I was held hostage by the Iraqi secret police at a possible military target near Baghdad, and the point wasn't to protect Iraqis, but the Iraqi war machine. <snip>


ANOTHER ALERT from Roland:

Subject: Re: CERT Advisory CA-2003-09 Buffer Overflow in Microsoft IIS 5.0 

 

Please post ASAP, thanks!

On Monday, March 17, 2003, at 02:24 PM, Roland Dobbins wrote:

> Begin forwarded message:
>>
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>>
>> CERT Advisory CA-2003-09 Buffer Overflow in Microsoft IIS 5.0
>>
>>    Original issue date: March 17, 2003
>>    Last revised: --
>>    Source: CERT/CC
>>
>>    A complete revision history is at the end of this file.
>>
>> Systems Affected
>>
>>      * Systems running Microsoft Windows 2000 with IIS 5.0 enabled
>>
>> Overview
>>
>>    A buffer overflow vulnerability exists in Microsoft IIS 5.0 
>> running on
>>    Microsoft Windows 2000. IIS 5.0 is installed and running by 
>> default on
>>    Microsoft  Windows 2000 systems. This vulnerability may allow a 
>> remote
>>    attacker to run arbitrary code on the victim machine.
>>
>>    An  exploit  is  publicly  available  for  this  vulnerability,  
>> which
>>    increases the urgency that system administrators apply a patch.
>>
>> I. Description
>>
>>    IIS  5.0 includes support for WebDAV, which allows users to 
>> manipulate
>>    files   stored   on   a   web  server  (RFC2518).  A  buffer  
>> overflow
>>    vulnerability  exists  in ntdll.dll (a portion of code utilized by 
>> the
>>    IIS  WebDAV  component).  By sending a specially crafted request 
>> to an
>>    IIS  5.0  server, an attacker may be able to execute arbitrary 
>> code in
>>    the  Local  System  security  context, essentially giving the 
>> attacker
>>    compete control of the system.
>>
>>    Microsoft   has   issued   the   following   bulletin  regarding  
>> this
>>    vulnerability:
>>
>> http://www.microsoft.com/technet/treeview/default.asp?url=/technet/
>> sec urity/bulletin/ms03-007.asp
>>
>>    This  vulnerability  has been assigned the identifier 
>> CAN-2003-0109 by
>>    the Common Vulnerabilities and Exposures (CVE) group:
>>
>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0109
>>
>> II. Impact
>>
>>    Any  attacker  who can reach a vulnerable web server can gain 
>> complete
>>    control  of  the system and execute arbitrary code in the Local 
>> System
>>    security  context.  Note  that  this may be significantly more 
>> serious
>>    than a simple "web defacement."
>>
>> III. Solution
>>
>> Apply a patch from your vendor
>>
>>    A patch is available from Microsoft at
>>
>> http://microsoft.com/downloads/details.aspx?FamilyId=C9A38D45-5145-
>> 4844-B62E-C69D32AC929B&displaylang=en
>>
>> Disable vulnerable service
>>
>>    Until  a  patch  can  be  applied,  you  may  wish  to disable 
>> IIS. To
>>    determine if IIS is running, Microsoft recommends the following:
>>
>> Go  to  Start  |  Settings  |  Control  Panel | Administrative Tools 
>> | Services.
>>
>>    If the World Wide Web Publishing service is listed then IIS
>>    is installed
>>
>>    To  disable  IIS,  run  the  IIS lockdown tool. This tool is 
>> available
>>    here:
>>
>> http://www.microsoft.com/downloads/release.asp?ReleaseID=43955
>>
>>    If  you  cannot  disable  IIS, consider using the IIS lockdown 
>> tool to
>>    disable  WebDAV (removing WebDAV can be specified when running the 
>> IIS
>>    lockdown tool). Alternatively, you can disable WebDAV by following 
>> the
>>    instructions located in Microsoft's Knowledgebase Article 241520, 
>> "How
>>    to Disable WebDAV for IIS 5.0":
>>
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;241520
>>
>> Restrict buffer size
>>
>>    If  you  cannot  use  either  IIS  lockdown  tool or URLScan, 
>> consider
>>    restricting the size of the buffer IIS utilizes to process 
>> requests by
>>    using  Microsoft's URL Buffer Size Registry Tool. This tool can be 
>> run
>>    against  a  local  or  remote Windows 2000 system running Windows 
>> 2000
>>    Service Pack 2 or Service Pack 3. The tool, instructions on how to 
>> use
>>    it,  and  instructions on how to manually make changes to the 
>> registry
>>    are available here:
>>
>> URL Buffer Size Registry Tool - 
>> http://go.microsoft.com/fwlink/?LinkId=14875
>>
>> Microsoft Knowledge Base Article 816930 - 
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;816930
>>
>> Microsoft Knowledge Base Article 260694 - 
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;260694
>>
>>    You  may  also wish to use URLScan, which will block web requests 
>> that
>>    attempt  to  exploit  this vulnerability. Information about 
>> URLScan is
>>    available at:
>>
>> http://support.microsoft.com/default.aspx?scid=kb;[LN];326444
>>
>> Appendix A. Vendor Information
>>
>>    This  appendix  contains information provided by vendors. When 
>> vendors
>>    report  new  information,  this section is updated and the changes 
>> are
>>    noted  in  the  revision  history. If a vendor is not listed 
>> below, we
>>    have not received their comments.
>>
>> Microsoft Corporation
>>
>>      Please see Microsoft Security Bulletin MS03-007.
>>      _________________________________________________________________
>>
>>    Author: Ian A. Finlay
>>    
>> ______________________________________________________________________
>>
>>    This document is available from:
>>    http://www.cert.org/advisories/CA-2003-09.html
>>    
>> ______________________________________________________________________
>>
>> CERT/CC Contact Information
>>
>>    Email: cert@cert.org
>>           Phone: +1 412-268-7090 (24-hour hotline)
>>           Fax: +1 412-268-6989
>>           Postal address:
>>           CERT Coordination Center
>>           Software Engineering Institute
>>           Carnegie Mellon University
>>           Pittsburgh PA 15213-3890
>>           U.S.A.
>>
>>    CERT/CC   personnel   answer  the  hotline  08:00-17:00  
>> EST(GMT-5)  /
>>    EDT(GMT-4)  Monday  through  Friday;  they are on call for 
>> emergencies
>>    during other hours, on U.S. holidays, and on weekends.
>>
>> Using encryption
>>
>>    We  strongly  urge you to encrypt sensitive information sent by 
>> email.
>>    Our public PGP key is available from
>>    http://www.cert.org/CERT_PGP.key
>>
>>    If  you  prefer  to  use  DES,  please  call the CERT hotline for 
>> more
>>    information.
>>
>> Getting security information
>>
>>    CERT  publications  and  other security information are available 
>> from
>>    our web site
>>    http://www.cert.org/
>>
>>    To  subscribe  to  the CERT mailing list for advisories and 
>> bulletins,
>>    send  email  to majordomo@cert.org. Please include in the body of 
>> your
>>    message
>>
>>    subscribe cert-advisory
>>
>>    *  "CERT"  and  "CERT  Coordination Center" are registered in the 
>> U.S.
>>    Patent and Trademark Office.
>>    
>> ______________________________________________________________________
>>
>>    NO WARRANTY
>>    Any  material furnished by Carnegie Mellon University and the 
>> Software
>>    Engineering  Institute  is  furnished  on  an  "as is" basis. 
>> Carnegie
>>    Mellon University makes no warranties of any kind, either 
>> expressed or
>>    implied  as  to  any matter including, but not limited to, 
>> warranty of
>>    fitness  for  a  particular purpose or merchantability, 
>> exclusivity or
>>    results  obtained from use of the material. Carnegie Mellon 
>> University
>>    does  not  make  any warranty of any kind with respect to freedom 
>> from
>>    patent, trademark, or copyright infringement.
>>      _________________________________________________________________
>>
>>    Conditions for use, disclaimers, and sponsorship information
>>
>>    Copyright 2003 Carnegie Mellon University.
>>

==== AND ONE MORE ============

http://news.com.com/2100-1002-992920.html 

http://www.microsoft.com/technet/treeview/
default.asp?url=/technet/security/bulletin/ms03-007.asp
 

 

Begin forwarded message:

> From: "Douglas R. Wilson" 

> Date: Mon Mar 17, 2003 2:02:06 PM US/Pacific

> To: Focus-MS 

> Subject: Microsoft Security Advisory MS 03-007

>

> I developed this for my work environment -- however, I

> believe that it isn't proprietary, and am forwarding it to

> the list for comment and/or informative values. Hopefully

> there are no glaring errors.

>

> Please realize that any information contained in here

> should be verified and tested independently before you

> apply the process to any environment you are responsible

> for. I take no responsibility for any modifications anyone

> makes to their system based on what I put down here.

>

> --

>

> I have done some research today, as many people have asked

> the "are my web servers vulnerable/need to be patched, et

> al" question in response to the latest MSFT advisory (MS

> 03-007). It's likely that most servers that can be patched

> should be, BUT only after testing, as this may be a much

> more impactual problem than first realized, as well as all

> the other innate problems inherent with rolling patches out

> on production systems.

>

>

>

> Microsoft has handled this somewhat differently than a

> standard bulletin, and the conjecture on that could easily

> be a separate discussion. Initially, however, it points to

> the fact that this vulnerability is with ALL Windows 2000

> servers, period, and they have come out with this patch at

> this time because IIS servers are actively being

> compromised already, before the bulletin was released, to

> deal with an active attack vector. This implies that they

> may have rushed the patch out the door, and that the

> problems may involve a lot more parts of windows . . .

>

> Points to consider:

>

> · This may not be something that is an immediate

> threat to a lot of the servers if you only consider the IIS

> attack vector, if they have been deployed with the IIS

> lockdown tool in most configurations. CERTAIN

> CONFIGURATIONS OF THE IIS LOCKDOWN TOOL DO LEAVE WEBDAV

> ENABLED -- other methods should be employed there. There is

> a list of these profiles that I have found at the end of

> this.

>

> · The servers in question may have other things

> impacted by the patch, as a core system dll is what is

> being replaced by this hotfix.

>

> · The servers in question may not be able to be

> rebooted right away in keeping with SLA?s/production

> schedules.

>

>

>

> This is an issue with a core dll, ntdll.dll, which (I

> believe) is currently being addressed because an exploit

> exists that can be injected using IIS as its attack vector.

>

> MSFT recommends the IIS lockdown tool as one specific

> solution. However, some people are not sure they have

> applied the tool properly, and some people have made

> modifications and/or installed other applications since

> then (like Cold Fusion) that may add/modify application

> mappings, and thus change settings done by the IISLockdown

> tool.

>

> I have derived one result from my research as a way to

> detect one form of "protection" from the exploit. This only

> addresses nailing down the IIS based attack vector, and

> only on certain boxes. However, the only true way to know

> for sure is if you have the exploit tool, and try using it,

> and it fails.

>

>

> WebDAV requests are processed in the httpext.dll. This is

> NOT the dll that the buffer overflow exists in, but it is

> the dll that initially would handle WebDAV requests, and it

> is that dll which the IISLockdown tool "locks down."

>

>

> So, if a windows 2000 server is running IIS 5.0, and it has

> had either:

>

> · Service Pack 3 for windows 2000 installed, or

>

> · Service Pack 2 and MS02-018: April 2002

> Cumulative Patch for Internet Information Services

> installed, or later cumulative patches installed,

>

>

>

> The following test can be used:

>

>

> If the C:\winnt\system32\inetsrv\httpext.dll file has ACL?s

> on it such that anonymous web context accounts cannot

> execute it, the server in question is very likely not

> vulnerable to this exploit. (Obviously, if you start

> considering the concept of NT Authentication, and various

> user accounts accessing the httpext.dll, the scope varies).

>

>

>

> Older versions of the lockdown tool will simply deny the

> Everyone Group?s permissions to execute -? as long as the

> anonymous users haven?t been put in any privileged group,

> this is fine. Newer versions of the lockdown tool will

> create specific groups for web users, and then specifically

> deny permissions on these files.

>

>

>

> The reason the service pack level is important is before

> MS02-018, some WebDAV requests could get around the

> httpext.dll, due to another issue, which is patched in

> either MS02-018 or SP3.

>

>

>

> There may be some way of scripting up a tool that will

> check for the above parameters on servers, to do quick spot

> checking, if someone has not already developed a

> vulnerability testing tool. As I said before, however, the

> only true way to make sure is to attempt the exploit, and

> have it fail.

>

> IIS Lockdown 2.1 Profiles that leave WebDAV enabled:

>

> Small Business Server 2000

> Exchange 2000 (OWA, PF, IM, SMTP, NNTP)

> Share Point Portal Server

> BizTalk Server 2000

> Commerce Server 2000

>

>

> Initial public release as pertains to Windows 2000:

> http://www.microsoft.com/security/security_bulletins/ms03-007.asp 

>

>

>

> The full bulletin, as pertains to IIS:

>

> http://www.microsoft.com/technet/treeview/?url=/technet/security/ 

> bulletin/MS03-007.asp

>

>

>

> Article on WebDAV getting around httpext.dll in earlier

> versions:

>

> http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B307934 

>

>

>

> IIS Lockdown Tool 2.1

>

> http://download.microsoft.com/download/iis50/
Utility/2.1/NT45XP/EN-US/iislockd.exe
 

>

> --

>

> Douglas R. Wilson

>

> dallendoug@dallenhome.org

>

> --

>

> "the biologist will tell you that progress is the result of

> mutations. mutations are another word for freaks. for god's

> sake let's have a little more freakish behavior- not less .

> . .

> Maybe 90 per cent of the freaks will just be freaks,

> ludicrous and pathetic and getting nowhere but into

> trouble. . .

> Eliminate them, however- bully them into conformity- and

> nobody in america will ever be really young any more and

> we'll be left standing in the dead center of nowhere."

>

> -- Tennessee Williams

>

> ----------------------------------------------------------------------

> ALERT: How a Hacker Uses SQL Injection to Steal Your SQL Data!

> It's as simple as placing additional SQL commands into a Web Form input

> box giving hackers complete access to all your backend systems!

> http://www.spidynamics.com/mktg/sqlinjection33 

>

 

 


 


The President has spoken and the ultimatum has been delivered. We would really look like idiots if we didn't go through with it now; and this President won't do that.

If you would have peace be thou then prepared for war. We seem prepared enough. Alert Level ORANGE

 

TOP

Current Mail

This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

read book now

TOP

Tuesday, March 18, 2003

The countdown continues. I see that Robert Scheer has his usual column in the LA Times. It must be wonderful to be so correct all the time.

And yet another warning thanks to Douglas Colbary:

W32/Ducktest.worm is a Network propagating virus that McAfee is rating a Low risk, however we have encountered one infection within AT&T. Detailed information on W32\Ducktest.worm can be found at http://vil.nai.com/vil/content/v_100149.htm .

>

> If you begin seeing a large number of print jobs from a particular computer being directed to printers without user intervention, then there is a strong possibility that the computer may be infected with this virus.


Bob Thompson has his views:

From my journal page this morning.

_____

I was extremely disappointed, although not surprised, at Mr. Bush's statement last night. It is difficult to imagine a less war-like declaration of war. I'd hoped (but not expected) to hear something like this:

1. There are a lot of Iraqis we don't like. Here is a list of them. Deliver their heads to us within 24 hours.

2. You are occupying oil fields that belong to us. You have wired them with explosives. Remove those explosives and walk away from those oil fields now, leaving them undamaged. For each oil well you damage or destroy, we will obliterate one of your cities.

3. Lay down your arms immediately and walk away from them. Any Iraqi national caught with arms will be shot out of hand, whether or not he has surrendered. If anyone fires on US forces, we will destroy the entire area from which he fired on us.

4. Any building or site that displays an Iraqi or Islamic flag will be fired upon. Any building or site that does not display a white flag may be fired upon. All mosques and other Islamic religious sites will be destroyed, and all Islamic religious leaders will be shot. Anyone who conceals or otherwise aids Islamic religious leaders will be shot.

5. We will accept surrender of Iraqi military forces and civilians until the first time someone surrendering abuses our graciousness by setting off a suicide bomb or otherwise harming US troops. If that occurs, we will no longer accept surrender by any Iraqi, soldier or civilian. We will simply obliterate anything and anyone in our way.

6. If your forces use chemical or biological weapons against us once, we will nuke Baghdad into molten, radioactive glass as a final warning. If your forces use chemical or biological weapons against us a second time, we will nuke every population center in Iraq, down to the smallest village.

7. Any Iraqi who wishes to surrender on these terms may do so, but must demonstrate his sincerity by eating a ham sandwich and pissing on a copy of the Koran.

-- Robert Bruce Thompson thompson@ttgnet.com http://www.ttgnet.com/thisweek.html http://forums.ttgnet.com/ikonboard.cgi

Which is very manly, and would get a lot of people killed. Not just their people. Ours. One must build golden bridges for the enemy. You burn your own boats, your own bridges behind you as Houston did at San Jacinto, but you don't burn those the enemy might use to run away. Battles are won on the field but wars are won in the pursuit, and if the other guy has no place to run, he won't; and some will fight.

Collective responsibility is also a dangerous policy, on both moral and practical grounds. "Kill all the gooks" is a pretty good way to stiffen the resolve of some gooks to sell their lives as dearly as possible. 

The above is a pretty good formula for making it absolutely certain that the US will not only rule by force, but be ruled by force since a large number of citizens will reject the legitimacy of any government that does that sort of thing. It would be the end of the Republic forever, of course, but it would be a lot more than that. It would be a transition from Republic to Dominate without any period of Principate. Neither Augustus nor Aurelius would have employed such policies.

Of course people who say such things don't really mean them, and faced with the decision to drop a nuclear weapon on an unarmed city in retaliation for what a dictator over whom they had not control did to forces a long way from the village, one suspects the order would not be given. The question is, is it a good notion to talk that way? Or might someone take you seriously?

I prefer to build golden bridges for my enemies; and of course silver bullets are often the cheapest kind of ammunition...


Thanks to Mr. St. Onge, the book reviews page is up to date through the February, 2003 column.


Does anyone play Dark Age of Camelot? I didn't log on for some time, and now when I try I am told I cannot connect to the Update Server. Is there something I need to do?  Is there any way to contact the people who run the game? Must I reinstall? Etc.


I seem to have won this although I am not sure why.

 

 

 

Current Mail

TOP

 

This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

read book now

TOP

Wednesday, March 19, 2003

Subject: Linux kernel/ptrace local root exploit (priority one).

This is a local root exploit (not directly exploitable remotely) - please post ASAP, thanks (don't know why this isn't getting more publicity in the usual places)!

http://marc.theaimsgroup.com/?l=linux-kernel&m=104791735604202&w=2

 Roland Dobbins

Thanks.

Some readers have been critical of my posting Mr. Thompson's remarks, and at least one seems unhappy that my response was "weak". If that means I didn't get all twitterpated with moral horror, I am unsure as to what to say.

Anyone who has read much of my work will understand that I am hardly an advocate of indiscriminate slaughter, and that I tend to the Thomist view of Just War (and for that matter I tend to the Thomistic view of nearly everything). I see no point in bringing up moral arguments when there are perfectly good rational arguments. It is not that moral arguments are not important, but reason is often more than sufficient and requires less agreement on premises.

Which, when I think of it, is itself a Thomistic view. Doubtless a product of my early training at the hands of the Christian Brothers. Thank you Brother Ignatius Vincent...


For an analysis of what's going on by someone influential, see

http://www.nwc.navy.mil/newrulesets/ThePentagonsNewMap.htm 

 

 

 

 

 

 

TOP

Current Mail

 

 

This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

read book now

TOP

Thursday, March 20, 2003

WAR

Well, it has started.

http://www.kolumbus.fi/pertti.k.mustonen/time_to_bomb.swf 

http://www.confound.com/games/squoosh_terrorist.php (apparently this has now been taken over by a porn site. It happens often.)

Yes, I know, it's irreverent. 

But then Senator Byrd is even more so. My God, what appalling ignorance; and demonstrated on the Senate floor. Ye gods.

I was not in favor of this war, because I am not in favor of foreign entanglements and continuing dependence on others for vital resources. But clearly my views did not prevail. So be it. We are at war, and the only way to end it lies through Baghdad.

Following courtesy of my sometime partner, Steve Stirling:

"Ah, Mary, pierced with sorrow,
 Remember, reach and save
 The soul that comes tomorrow
 Before the God that gave!
 Since each was born of woman
 For each at utter need --
 True comrade and true foeman --
 Madonna, intercede!"

Of course there are other views.

Puke for Peace

According to the news reports, protestors in San Francisco have been taking emetics and vomiting in protest of the war. Some others have been defecating in the streets.

And Iraq's major port has already fallen. The war continues.

Turkey has suddenly discovered they have a problem. Now they get neither the aid package or the spoils. The US could choose between the Kurds and the Turks as allies. The Turks chose for us. It may not have been the wisest choice they could make.


  Subject: Evolution hole ( priority one).

Please post ASAP, thanks!

http://www.securityfocus.com/advisories/5134

Roland Dobbins

 

 

TOP

Current Mail

 

 

This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

read book now

TOP

Friday, March 21, 2003

Springtime for Saddam

Another security threat:

<http://www.microsoft.com/technet/treeview/?url=
/technet/security/bulletin/MS03-008.asp


The Democratic National Committee sent emails asking for defense of Daschle's attack on the President. "Bush is preparing to reap a political windfall..."

Casualties to this moment: US 6, UK 12.  RIP.


Does anyone know what that large tower in the background in the Live From Baghdad might be? It is seen in some of the shots with the burning ministry palace. My first guess was a water tower, but it looks a bit like an airport tower. I don't know Baghdad.

I don't know Baghdad either, but am guessing the Saddam Tower, used for communications. (There's also a restaurant on top.)

You can probably confirm from the diagrams at http://www.skyscraperpage.com/diagrams/?c588 

There's a story about the Saddam Tower at http://www.thestar.com/NASApp/cs/ContentServer?
pagename=thestar/Layout/Article_Type1
&call_pageid=971358637177&c=Article&cid=1035779260536
 

Regards, Vince Perricelli

Thanks!


Campbell Brown is not usually so flighty. Must be lack of sleep that caused her to ask if the President was watching the news on TV, twice, both time to get the answer that the President has other sources...

(Roberta said that yesterday Campbell had a bad hair day. Today it was a bad brain day...)

No one is in charge in Iraq. They're on their own. Expect to see whole regiments surrender, in good order, with their commanders. 


They are surrendering to anything that looks American. "Man I been in the country for two hours and I have a truckload of prisoners..." And trying to surrender to a Humvee full of journalists. That's desperation.

 

 

 

TOP

Current Mail

 

This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

read book now

TOP

Saturday, March 22, 2003

On to Baghdad: the next is the big battle at the Gap. Will we have to fight our way in, or will silver bullets do the job? Crossing the rivers will cost lives.

 

Iraq claims there are no US troops in Iraq, we have lost a bunch of tanks, and the American mercenaries have kidnapped civilians and are displaying them as POW's. No Iraqi's have surrendered.

The Iraqi UN ambassador denounces the war and is concerned about his people. He is determined to remain at his post in New York.


There is a good summary from FPRI of the diplomatic efforts leading up to the war  in Reports.

 

 

 

 

TOP

Current Mail

 

This week:

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday

read book now

TOP

Sunday, March 23, 2003

I have mail wondering why I am not making more comments on the war. Simply put, what can I say? The news comes out faster than we can comprehend, and nothing we say will make much difference. We can look for long term implications, but even there one needs to be sure that what is heard is true.

The Turks have made their choices, and the implications there will echo for a decade.

And:

We knew it would happen from the start. War live and on TV: and the exploitation of POW's. Last time we did not hunt down and hang those who mistreated American prisoners. And American dead. This time will be different.

It helps if you're fighting Arabs. But don't get captured.

If your officer's dead and the sergeants look white,
Remember it's ruin to run from a fight:
So take open order, lie down, and sit tight,
       And wait for supports like a soldier,
              Wait, wait, wait like a soldier...

When you're wounded and left on Afghanistan's plains,
And the women come out to cut up what remains,
Just roll to your rifle and blow out your brains,
      An' go to your Gawd like a solider.

No battle plan survives contact with the enemy. We have lost more troops to our own weapons than to this enemy: which says a lot about the capabilities of the enemy.

Clausewitz said it: In war everything is very simple, but the simplest things are very difficult. It's called friction. Every family trying to get four kids into the car and get somewhere on time understands: imagine that multiplied by tens of thousands, and everyone is armed and scared of burglars. The simplest things are very difficult. Weapons are fired when they shouldn't be. And it's all reported live on television.

And so are the demonstrations.


It now appears that at least some of the American dead shown on Iraqi television were shot in the head: executed, after which an Iraqi coroner grins from ear to ear as he displays a corpse.

His image is on record now. There is no place on Earth that he will ever be safe.

And they are showing American POW's on television. Having stolen a young woman's shoes.

 

http://www.earthstation1.com/pgs/history/
dos-BattleHymnOfTheRepublicAmericanMemorial
ServiceNationalCathedral010914.mp3.html

Now it's personal.

I had a link that would take you to a series of pictures of dead Americans, who appear to have been executed:

http://airspot.mediaorgy.com/aljazeera/ 

Note that they appear to have been shot in the head. Executed. Do not go to this link if you are likely to be offended by direct evidence of what the Iraqis have been doing over the years. 

The link seems now to have been converted to a pornography site. I don't have the new link. If anyone has a link to the original pictures, you can send it to me. I understand that linking to such pictures upsets many people, me among them; but sometimes the evidence needs to be shown.

The pictures show a tow truck pulling a water tank: which was apparently the vehicle these troops were in when they took a wrong turn, and ended up in enemy territory. Some were captured, in Iraq's greatest victory in years, and shown on Arab TV. Some were simply shot in the head. I haven't put up those pictures here; I don't want anyone to encounter them without warning. And the link seems to be gone for newcomers but it still exists for me. I have saved the pictures, but I am not sure what to do with them. They're quite disturbing.

 

My comment to that was:

 

http://www.earthstation1.com/pgs/history/
dos-BattleHymnOfTheRepublicAmericanMemorial
ServiceNationalCathedral010914.mp3.html

US Marine officer says "Is this the way the game is to be played now?"

France, Russia, and Turkey

Russia: we have been finding Russian military equipment in Iraq. Merchants of death: at least one Russian company is selling GPS jammers to Iraq. As of last week.


And

http://www.space.com/scienceastronomy
/sun_output_030320.html
 

looks into solar output.


Someone has protested that we have "shown Iraqi prisoners on TV" and thus are in violation of the Geneva conventions.

Not precisely the case. We have not shown interrogations, or interviews, or anything designed to humiliate people; and they have been part of normal newscasts. What the Iraqis have been doing is a bit different; not unexpected, of course. Not unexpected.

And overall it has been an amazing day: half a country has fallen with fewer than 100 casualties on our side. The sharpest battles result in traffic accident numbers. We will see how long that can continue.

 

 

 

 

 

  TOP

      Current View                                                         Current Mail

Entire Site Copyright 1998, 1999, 2000, 2001, 2002, 2003 by Jerry E. Pournelle. All rights reserved.

birdline.gif (1428 bytes)