THE VIEW FROM CHAOS MANOR View 87 February 7 - 13, 2000 Refresh/Reload Early and Often! |
|
For
Current Mail click here.
This is a day book. It's not all that well edited. I try to keep this up daily, but sometimes I can't. I'll keep trying. See also the monthly COMPUTING AT CHAOS MANOR column, 4,000 - 7,000 words, depending. (Older columns here.) For more on what this place is about, please go to the VIEW PAGE. If you are not paying for this place, click here... For Previous Weeks of the View, SEE VIEW HOME PAGE Search: type in string and press return.
|
|
For an index
of previous pages of view, see VIEWDEX. See also the New Order page, which tries to make order of chaos. These will be useful. For the rest, see What is this place? for some details on where you have got to.
If you subscribed: If you didn't and haven't, why not? For the BYTE story, click here.
Highlights this week:
|
This week: | Monday
February 7, 2000
Column deadline day. More when I get that filed... So of course pair.com picks today to have incredibly bad service, mail not getting through. Etc. Or perhaps it is Earthlink? Whatever it is, it's as if glue had been poured onto the connections. Let's experiment. (See below; the problem was systemwide.) Well, I cannot ping ANYTHING. So I have powered cycled the modem, and the Netwinder is redialing. Let's see if any of that helps. Earthlink email is working. Pair email is slow. Pair access to my web site is impossible. Not much question as to what is happening I guess. It must be that darned critical need detector. Why not? More: we had problems both at pair.com and in the routing to there. Apparently there are storms on the net today... Anyway the problems are intermittent but do go away once in a while. Critical need detection. It's not Earthlink, and most of it is not Pair; most of it seems to be in routing from here to there. As the net gets more and more traffic I expect more and more of this sort of thing. Alas. And as we get dependent on it... I wrote this following for the column before I knew what caused the problem, but it doesn't belong there: Something is terribly wrong with the Internet. Earthlink.net blames Pair.com, and vice versa, and both blame some other services out there. I wouldn’t know. BIX works, Earthlink mail works, but when I try to get mail from Pair.com my account is rejected. This may be net congestion, but I don’t see how. The worst of it is that after a while it affects Outlook, and I have to reinstall that; apparently Outlook 2000 doesn’t like being rejected and does things to itself. A "repair" installation fixes the problems with Outlook, but that leaves the original problems intact. This has not been a good day, and it makes clear just how much we have become dependent on Internet access. It also makes it clear that you need multiple net access systems, since there’s a fundamental law of nature: your connection will blow up at the time you need it most. We have known about those critical need detectors in computers since CP/M days. Now they are built into Internet access systems… Later: I found out what happened. There was some bad net congestion. Apparently things were slow enough that my attempts to log on to my own site timed out; Outlook took that as a password rejection. I sent mail to pair.com. They assumed there was something wrong with the password and CHANGED MY PASSWORD. Then they sent the new password to me at jerrypournelle.com, which is to say, on a mail account I could access ONLY WITH THE NEW PASSWORD. That comedy of errors consumed about 6 hours, gave me indigestion, and caused me no end of pain. I have sent them mail inviting their comments on changing a password then sending the new password to an account that can no longer be accessed until you get the mail with the new password only you can't get that mail without the password... I haven't had an answer to that one yet. All is well that ends well I guess. A 9000 word column, about the longest I ever did, is now in Tokyo, Istanbul, and various other places, and shortly will be at BYTE.COM. And I am for bed... (BUT READ ON: the real explanation follows.)
|
This week: | Tuesday, February
8, 2000
OK: I now know what happened yesterday. The full story doesn't reflect greatly to my credit, but so be it. It began apparently with a coordinated attack on Yahoo.com for reasons not yet clear. My guess is amusement, and an experiment to see what could happen, but I don't know. Doubtless someone will tell me. Usually people do, because I have never blown a source in my life, and living in California I even have the law on my side: California's journalist shield laws are pretty good. Anyway, a group apparently decided to see what they could do. This is where I come in. The 7th is column deadline day for me, and this weekend, due to the birth of Catherine Elizabeth to my son Phillip and his wife Patty I was way behind, not only on writing -- I write fast, and while 9,000 words is a lot for a day it's nowhere near beyond me -- but also on research. There were things I needed to do, and some of them had to be done on the net. Mondays are also the days on which I add new pages to this site. The old currentview and currentmail become numbered view and mail pages, the View and Mail "home pages" are updated, and new currentview and currentmail pages are created. Monday morning I sat down to do all that; it usually takes about an hour. That would leave me plenty of time to get the column done by dinnertime. Hah. I renamed the old currentview and currentmail pages (letting FrontPage fix all the links those name changes would break; it does that well, one reason I use FrontPage 2000) and created the new pages with short messages to the effect that this is column day and there wouldn't be much. All was well until I set FrontPage to PUBLISH. Even then it all began well: but apparently right in the middle of that came the initial slowdown of the net, possibly due to the attack on Yahoo. The result was a message "The server unexpectedly shut down." Well, thought I. I tried again. This time I could not log on to the server. First lesson: error messages are what the programmer thought might be happening, and do not always have any relationship to what is happening. I was getting messages to the effect that my password was rejected. What was really happening was that the net was so slow that the login process took too long. Worse: the shutdown happened AFTER the pair site erased my index.html page but BEFORE the new one got uploaded: www.jerrypournelle.com now showed no page at all. Panic message to pair.cm of course. Call to Bob Thompson, who's in North Carolina. He was able to access my web site just fine. Sounds like net traffic problems, possibly Earthlink, and local to the West Coast, we concluded. Then he couldn't access the site. This was due to the west coast problems overwhelming the whole net and propagating to the East Coast, but we didn't know that, and erroneously concluded that PAIR.COM was having server problems. Note that he could access own site also at PAIR. But of course this one gets more traffic than his. Bob was able to upload a new index page and some of the mail page stuff so this site was no longer crippled. And at that point email failed: I could get Earthlink email, but all attempts to get mail from jerrypournelle.com were rejected. Password rejected. Now I could reach neither site nor email at pair. At that point I had a panic attack. Column time. Much email due. Many lines of inquiry out, and replies needed. And my site is dead and worse my main email address is dead. At this point I made a major mistake: I sent PAIR.COM a second panic message describing my symptoms: and I sent it from my normal Outlook accounts, which means that the return address on that message was from me at jerrypournelle.com, although I included in the body of the message that replies should be sent to me AT EARTHLINK.NET rather than to jerrypournelle.com. And, intermittently, I was able to log on to the jerrypournelle mail site, then the password would be rejected again. I thought this a server problem. It wasn't. It was a net problem. I sent messages to friends at Earthlink. They reported there was nothing wrong with Earthlink, but there were problems on the net; just what problems they didn't know. Pair looked at their own site and concluded that nothing was wrong. And a Pair technician, thinking my password had been scrambled changed the password and sent me a message to that effect. THAT MESSAGE GOT THROUGH because it was sent to Earthlink.net. Thompson and I concluded that the problem must have been that they changed the password, and that was why I could not log on to my site, and he used that new password to change the password back to what it had been. That worked. We got, for a few minutes, full access to jerrypournelle.com and about 25 messages downloaded. Then the progressive collapse of the entire net hit, and once again I could not access my mail or my site with any password. I sent a message to Pair, once again using the Outlook account that uses jerrypournelle.com as the return address. And at 1300 my time Pair once again changed the password (I had not asked them to; they concluded it was scrambled by Outlook, and I could have told them that was not the case because ws_ftp was having the same problem) -- and sent the net password to me at jerrypournelle.com, that is, to an account that could now be accessed only through that password. And promptly began to ignore my increasingly panicked messages that I wasn't getting my mail. And of course Thompson couldn't access my mail or my site either, because he did not have the new password. This went on for four hours. I then realized that all my messages to Pair (all of which with few exceptions had a return address to jerrypournelle.com but contained in the body of the message the earthlink.net and ibm mail addresses I keep) would have the jerrypournelle.com return address so I would not be seeing automatic replies. Could they be sending real as well as automatic replies to me at jerrypournelle.com, not having cottoned on to the fact that they'd changed the password so I could not access the account? Of course they could be. They were. Probably compounded by a shift change so the new duty officers wouldn't be familiar with what had gone before. I went into Outlook and changed the default to the Earthlink account so that return addresses would be to me at Earthlink. I also described the symptoms, that from 1300 my time on I was unable to access anything, and that Thompson on the other side of the country couldn't either, and therefore this must be a Pair.com server problem. At that point someone at pair changed my password once again, but this time sent the new password to me at earthlink.net. I fed that new password to my mail and site access accounts, and lo! all was well, because by now it was about 7:30 PM my time and all the problems with the net itself were long over. Some 95 mail messages downloaded including the last stuff I needed to finish the column. I finished the column and sent it to Istanbul and Tokyo and points north south east and west, published my site, and went to bed. There are lessons to be learned here, and not just by me. There's not a lot of fault to be found. Lesson one: have more than one access method to the net; this is for diagnosis as much as for reliability. We didn't know if the problem was Earthlink, Pair, or the net itself, and with the tools available to a normal user you can't find out. Neither did the troubleshooters at Earthlink and at Pair although at Earthlink at least they did some traces and concluded there was net-wide difficulty. Lesson Two: error messages are not reliable information. Your password may be rejected for reasons having nothing to do with your password or the server that hosts the account. Lesson Three: the critical need detector in the net works fine. None of this would have been much of a problem if this were not Column Day. A better way to say this is, Don't Panic: it seldom does any good, and often it spooks the people trying to help you (such as the troops at Pair.com) and that can generate a self-propagating chain of errors. Let me conclude by saying that Pair and Earthlink have some things to learn from this, but they are not obvious lessons, and I am in no way berating them for not already having learned them. Attacks on the net that cause such long delays that logins to passworded accounts fail are not going to happen every day. It's no criticism that they didn't have the right contingency plans. And all is well that ends well... I saw 60 Minutes Sunday night and had considerable sympathy for the CIA analyst who claimed to have been fired capriciously. Now comes this: 2158: AP. An agency memo said a Jewish attorney who says the CIA fired him because of anti-Semitism within the agency failed two lie-detector tests about whether he gave or sold US secrets "to an Israeli national." Adam Ciralsky, 28, of Milwaukee, joined the spy agency in December 1996 as a contract employee in the Office of General Counsel. By the following October, Ciralsky had been placed on unpaid leave. His top-secret security clearance was revoked in July 1998, and he was fired in late 1999. Ciralsky was airing his complaints against the agency Sunday night on CBS' "60 Minutes." The agency said it acted against Ciralsky because he did not fully reveal a relationship with two people holding dual US- Israeli citizenship, both employees of Israeli defense firms with possible ties to Israeli intelligence. Bill Harlow, CIA public affairs director, disputed Ciralsky's allegations of anti-Semitism. He said the allegations had been reviewed by the agency's inspector general, by several congressional panels and by a citizens' review group. The memorandum about Ciralsky's case, first reported by The Washington Post, was written by Alan Wade, the CIA's associate deputy director for security. The memo said Ciralsky failed two polygraph examinations. The questions he was asked, Wade wrote, were about "deliberately compromising US government classified information to an Israeli national, accepting compensation from an Israeli national in exchange for US government classified information, and deliberately concealing from the US government a relationship with an Israeli national." The CIA's Harlow refused to discuss the memo. He said the agency had been willing to publicly discuss details of Ciralsky's case, but that his lawyers had blocked them from doing so by invoking the Privacy Act.
|
This week: |
Wednesday,
February 9, 2000 Stay tuned: I'll have a piece about the attack on the internet up on BYTE (where I get paid to write) shortly. Meanwhile, one good site to look at is www.washington.edu/People/dad which can get you started on backgrounds. The real problem is that if you have a Linux box connected to a high speed line -- T1 or T3 for certain, but even a good DSL will do -- and you have done nothing about security, you may be part of the problem. Your system is vulnerable to being used to relay not only Spam but these Denial of Service (DOS) attacks.
The government's last attempt to monitor the Internet was heavy handed and you'd have hated it. Now with these attacks on big business there will be a panic, and bad legislation and bad administrative authority is likely to be given to people who have a lot of motives, protection of the net being only one of them. Responsible citizens of the net have responsibilities. Connecting a vulnerable box directly to the net is not responsible. Stay tuned for more. It is now pretty clear to me that the best way to get lots of Spam is to send mail to the Direct Mail Association asking to "opt out" of all of their publisher lists. You will then start getting A LOT OF Spam with, at the bottom, "opt out" instructions. In other words, this supposedly reputable place has, by intent or inadvertence, given your name to spammers. This is an organization that deserves little consideration or respect or courtesy and is on very shaky ethical grounds to begin with. Their "opt out" service generates more of what you wanted to opt out of (I sent them instructions from an account I never use, and which never before got Spam; now I get a LOT there, most with the words "opt out" in it. I think the diagnosis is positive here.) The government will eventually shut those people down, but in doing it will do great harm to the rest of us. It's the same with the DOS attacks: the government's remedy is likely to be a very drastic cure. Sometimes, by the way, drastic cures are needed: plague needs to be quarantined. When I was a kid, if a farm animal got anthrax they shot it on the spot, burned it where it fell, used mules and a slip-shovel to dig a hole, and tipped the well-burned carcass into the hole with quicklime. You didn't have any choice in the matter: the state agriculture and health people showed up with a sheriff's deputy. It was drastic, but it prevented the spread.
|
This week: |
Thursday,
February 10, 2000 A long article about the DoS attacks and netizen responsibilities should be up at www.byte.com Real Soon Now. I finished it about 5 AM. (The question asked here has been answered but I leave this up as instructive.) Does anyone know how to use the HISTORY list in Internet Explorer? It's there, I can see it, I can highlight items in it, but blowed if I can find a way to DO anything with those URL's, like get IE 5 to go to one of those web sites. Clicking on them does nothing. I can't drag them. I don't seem able to put them in the favorites list. All I can do is look at them and tediously retype the URL. I know this isn't the way IE 5 was intended to work, but I find nothing in HELP or in the Microsoft Press book on IE 5. Once again the wretched, awful. thoughtless, arrogantly stupid, and abysmal documentation of a fairly good program ends me up furious at the program, its designers, its implementers, their ancestors, and their progeny. Their dogs probably have fleas, too. Later: Well, it's clear enough once you know it. The generic titles under history are treated as FOLDERS: you have to go down inside that, even if the "folder" has a legal URL name, and there is one of identical name inside it. It's the one inside it that will send you to the site. Simple. Works. But why the devil didn't they put anything at all about that in the help files? Examples would help...
We will probably be going down to help out with the grandchild starting tomorrow, so I may or may not have very much up after this evening.
|
This week: |
Friday,
February 11, 2000 Off to do grandparent duty. Back the weekend. My bit about the DoS attacks ought to be up at BYTE.COM Real Soon Now.
|
This week: | Saturday,
Steve Gibson's web site is sgr.com go there to see if you are vulnerable to the DoS banditti
|
This week: | Sunday,
February 13 2000 Good Grief. Charles Shultz is dead, and the last original Peanuts was published this morning. The weekend was eaten by the new grandchild. Can't say I'm sorry.
|