Dr. Jerry Pournelle

Email Me


Why not subscribe now?

Chaos Manor Subscribe Now



Useful Link(s)...

JerryPournelle.com


Hosting by
  Bluehost


Powered by Apache

Computing At Chaos Manor: September 18, 2006

The User's Column, September, 2006
Column 314, part 3
Jerry Pournelle jerryp@jerrypournelle.com
www.jerrypournelle.com
Copyright 2006 Jerry E. Pournelle, Ph.D.

Continued from last week.

Warning

There is a Zero Day exploit of Internet Explorer loose in the wild. The exploit has been publicized by Sunbelt. The Microsoft Bulletin is here. You don't have to read either of those bulletins, but it is important that you protect yourself.

Zero Day means that this exploit was discovered by bad guys, and was out before the good guys knew it existed. Most threats are discovered by tiger teams who pound on operating systems and browsers - mostly on Windows - until something breaks, then tell the systems people - usually Microsoft - how the exploit works. They do this for bragging rights, or in the hopes of grant money, and sometimes for immediate financial reward although that latter isn't generally publicized. The public usually isn't told. The notion is to release the exploit details and the remedy at the same time. As soon as the remedy is made public, it can and will be reverse engineered to discover how to write programs that take advantage of the vulnerability, and shortly after that cases appear in the wild. The time between release of the information and appearance of the exploit in the wild has fallen from 120 days to 90 days to a couple of weeks. This time it was zero. It's already loose.

There is no simple fix for this latest exploit. Microsoft releases its OS updates on the Second Tuesday of each month, which means that nothing is due until the 10th of October. By that time this exploit could be everywhere: I know of three places that offer to sell Zero Day Web Attack Kits, and I haven't been looking for them. These script kits allow almost anyone to set up traps on web sites. (See this link on the Information Week site) Visit the wrong web site, and your Windows system may be zombified: turned into a willing instrument of the exploiter, his to use as expedient. Do I have your attention now?

Don't panic. Your system probably hasn't been compromised. So far most of the trapped web sites have been in dark places, particularly pornography sites. If you routinely visit such places and have done so in the past couple of days, you ought to be worried; most of us won't have that problem. However, it's only a question of time before the bad guys manage to embed their attack code in more mainstream web sites. Any web site that can be hacked - and alas there are quite a few of them - is eligible. So: don't panic, but do something, now.

First, stop using Internet Explorer until Microsoft has issued the proper patches to fix this new exploit. Use Firefox or Opera, and if there is something you must do that requires Internet Explorer, be very careful where you go. Do not use an unpatched IE to surf the net!

The web is abuzz with discussions of other remedies including hacking your registry to disable the affected dll. If you do that, there are programs that won't work, so you hack your registry at your own risk.

My advice is to avoid using Internet Explorer until Microsoft sends out a patch, and set your preview pane in Outlook to Plain Text. That way you won't be taken to any unexpected web pages by spam.

Fare Thee Well, Ms. Dunn

If I had put the recent developments at HP in a novel, no one would have believed a word of it. First, having come in from Barclays Global Investors as spokesperson for the money people, Patricia Dunn levered Carly Fiorina out of her position as CEO of Hewlett-Packard, and became the Chairman of the Board. Mark Hurd was brought in to be the CEO. HP's long slide down was ended. It looked as if HP was on its way back up.

Then came the leaks to the Wall Street Journal and CNET and other publications. Clearly, they came from inside the Board. Ms. Dunn and most of the Board members wanted the leaks stopped, and no wonder. Leaking inside dope is one way to manipulate a company's stock prices. It's a high stakes game.

Reportedly Dunn took on the task with some enthusiasm. Rather than rely on HP's internal security people, she hired a Boston company, Security Outsourcing Solutions, Inc., and sent them on a mission: find out who is the leak. There seems to be no dispute about what happened next: SOS, Inc., began to gather information about both board members and reporters. It got their social security numbers and other data, and used that to get their phone records by impersonating the people they were investigating. The media seem to like the euphemism "pretexting", but to me it's indistinguishable from impersonation; in any event they got telephone records of HP board members and also members of the press. It's still not clear how many journalists were favored with this attention.

It got fancier. Board members and journalists were followed. There were concocted phony stories to be leaked to the press, with a twist: the email leaks had attachments that would phone home if the message were forwarded. There was even a plan to infiltrate newsrooms by planting investigators; nothing seems to have come of that, but who knows? Maybe there are imposters in the San Francisco offices of CNET and the Wall Street Journal right now.

Now there are lawsuits. The Attorney General of California sees blood in the water and a boost for his ambitions and is circling with his Grand Jury. Ms. Dunn resigns, first as Chairman of the Board, then as a member of the board. It's soap opera time. My sources inside HP tell me there's a general panic.

HP still makes the best laser printers on the market, but it's sure not the company Dave Packard built.

Vista

I have installed Vista on my main working machine, an AMD LAN Party system formerly known as Satine. In her Vista capacity she has become Roxanne. I'm writing this in Word 2007 in Vista.

I installed 32-bit Vista Ultimate; I'm preparing another machine for 64-bit Vista, but Satine in Windows XP was a production system. Now that she has become Ultimate Vista Roxanne she is still a main machine, and I didn't want to add 64-bitness as an additional stress.

So far it's OK. The text looks all right, and World of Warcraft seems to be running. Installing Vista will move all your old "Program Files" program files off to a folder called Old Windows/Program Files, but World of Warcraft plays from its own root level folder, and that folder is intact. I started WOW in Vista with the same command I had used in XP, and I have noticed no differences.

Roxanne and Satine have a second hard drive, and that drive is unchanged. Norton Windows Commander works; after I copied the NC folder from Old Windows/Program Files to Windows/Program Files, I had to bring in a bunch of elderly dll files and install them in the Windows/System32 folder, but that was no problem.

It took a while to figure out how to set things up for file sharing across my network, but it wasn't that difficult. Under XP if I tried to access a file on another system, it would prompt me for the proper user name and password to access that; in Vista I have to log in as an administrator for the whole network. Why that is an improvement in security is not clear to me. There's probably another way of doing things. I haven't spent much time reading up on how to use Vista.

It's purely subjective but I don't think the text looks as good in Word 2007 under Vista as it did in XP. I know I don't like the border colors: that is, the big solid borders on each side of the white page are black in Vista. They were a much more pleasant shade of blue in XP. Doubtless I'll learn how to change that, but so far it has eluded me, and HELP is, as expected, useless. Of course that's not Vista's fault.

I had no difficulty installing Firefox and extensions, and that works well.

All in all, the change to Vista has not been too unpleasant. I'm sure I will learn how to use the many tools and features over time. I already like the gadgets bar over on the right side of the screen. They make good use of the HP wide screen monitor. I'm now looking for a good solar clock gadget. There certainly has to be one. I've found gadgets for nearly everything else including local traffic maps.

Word 2007 under Vista
Word 2007 and the Windows Gadgets in Vista. [View larger]

I do have two specific complaints about Vista. First, it's my practice to write these columns and other material on the main writing machine - in this case, Roxanne, which runs Vista. When it is time to send out the columns for comment and then for posting, or send my latest work to Niven, I use Alexis, the main communications system. Alexis has Roxanne's C drive mapped as X:\; I send mail to those who should be getting the column and attach the document using the network to bring it in from the X: drive. When the writing machine was running Windows XP this would be nearly instantaneous. Now it takes 30 to 40 seconds. I have no explanation for the delay. It's the same network, and accessing the same hardware, the only difference being that Satine (XP) has become Roxanne (Vista).

Second, when Vista goes to sleep, you must enter your password to wake it up; that's the default. I presume I can disable that "feature". Worse, though, after a few hours Vista appears to go into hibernation, although it doesn't tell me it has done that. Waking it up takes nearly a full minute. When I tried to change the sleep settings, I switched Control Panel from the new incomprehensible arrangement to "Classic". That sent Windows Explorer into neverland, and I had to invoke Task Manager to get rid of it. I'm a bit nervous about trying again.

I can live with it, but I do not think Vista Release Candidate 1 is ready for prime time. Fortunately nothing else crashed, but when Windows Explorer crashes while doing simple tasks, it's never a good sign.

Linux

I have a box ready for Xandros Linux. It will be installed with a good KVM switch so that it shares the mouse, keyboard, and big HP wide screen video monitor with the Vista system. Presuming I can network them properly - and I'm sure I can - I'll be able to alternate work on the two systems.

Neither the present Vista system nor the new Linux system use Intel dual chips. The price/performance mix is unstable, with Intel putting out Pentium D chips at fire sale prices, while the new Core 2 Duo chips and motherboards are hard to get. When things settle in I build a new Intel based dual processor, and by the time I put that together I'll know better what operating system to put on it. Meanwhile, I'm still looking forward to a new Intel Mac. I love all the choices that are now available.

If you want benchmarks and scientific comparisons of Vista and Linux and Intel Mac systems you'll need to find another columnist. What I can do is use systems for actual work and report on how well I like them. Our hardware has run way ahead of our software, and benchmarks don't make much sense unless you're doing heavy duty video editing. I don't expect Linux, Vista, or Windows XP to differ much in speed, nor do I expect very noticeable differences in perceived speeds. They will differ in aesthetic satisfactions - what Microsoft likes to call the user experience; as for instance, the long delays in bringing in attachments by networking from Vista to XP systems. That is a very negative user experience.

Stay tuned.

Winding Down

The computer book of the month is CSS, The Missing Manual, from O'Reilly. CSS, or Cascading Style Sheets, are a relatively new feature of web design that makes controlling the appearance of web pages - for both designers and viewers - simpler to manage.

My personal web site, http://www.jerrypournelle.com, has always been constructed with Microsoft FrontPage, which, until Office 2003, was an integral part of Microsoft Office. While we have had our frustrations with FrontPage, it has always served me well. What I see in the FrontPage editor is very like (and usually identical to) what you see when you connect to the site with a browser. From time to time people tell me that FrontPage is a primitive tool that produces ghastly HTML code, and I ought to throw it out in favor of some more modern system.

I have never been able to figure out what good that would do me. My web site loads fast enough, and when I test it using a variety of web browsers it always looks all right to me. One may complain about the way the site is organized, and once in a while I get hate mail about how ugly it all is, but that's a matter of design. I never claimed to be an artist. The text is readable and my photos can be viewed, and that's about all I ever expected.

There will be no FrontPage 2007. Instead, Microsoft is introducing Expressions, a web design system that looks far more complex than anything I need. I'll have to look at it and I will probably review it, but so far my heart isn't in it. I have enough trouble writing essays and editing mail and generally creating content for my two web sites; I don't have much creative energy left over for remaking the site appearance or providing the user with a rich compelling interactive experience. If that's what people want I am sure there are places to get it, but these sites aren't going to do it.

My advisors see the coming demise of FrontPage as an opportunity for me to cut loose from WYSIWYG web site creation tools and go to something more modern. The something more modern always seems to involve Cascading Style Sheets.

I have been hearing about Cascading Style Sheets for several years now. I have a collection of books on the subject, and every now and then I try delving into them with a view toward learning how to use them - and also learning why I should bother. So far I haven't had much success at either task.

Comes now a new O'Reilly work, CSS The Missing Manual, by David Sawyer McFarland. Like just about all of the Missing Manual series, this book is well edited, and covers the subject rather thoroughly. It assumes that you know what HTML is and that you may have written some HTML code, but it doesn't assume that you are a programmer. It is about as good a general introduction to the subject as anything I have found, and if you are curious about CSS and what all the shouting is about, this is the place to go.

It still hasn't told me why I want to abandon FrontPage and WYSIWYG web site creation tools, but I make no doubt that I will soon have plenty of mail explaining all that. Meanwhile, if you are curious about CSS, or if you know about CSS and need a convenient handbook explaining the many things you can use CSS to do, you'll want this book. Recommended.

The book of the month is Jared Diamond, Collapse, appropriately from Viking Press. I say appropriately because this is the story of the collapse of several civilizations, one of them being the Viking expansion to Iceland, Greenland, and North America. Diamond also looks at Chaco Canyon and the Anasazi, the Mayan Civilization, Easter Island, and other civilizations that rose high and fell suddenly. After examining a number of historical cases, he turns to modern societies.

Whether the principles Diamond has deduced from previous collapses are sound and universal for the cases covered is arguable; but their application to modern technological societies is more controversial. Technology really does change things. On the other hand, Jane Jacobs has shown us that Dark Ages, in which we not only have forgotten how we used to do certain things, but have forgotten that we could do them at all, can still happen. Take, for example, the education establishment, which is entirely unaware that at one time there were essentially no children who had been through four years of schooling and remained unable to read. Illiteracy used to be confined to the unschooled.

In any event, Diamond's book makes for fascinating reading.

The second book of the month is The Galleys at Lepanto, by Jack Beeching. I fear the book has been around long enough to be out of print: I was inspired to read it again after we went to the Los Angeles Opera company's really excellent Don Carlos. The key personality in the opera is Philip the Second, son of the Emperor Charles V - and half brother of the illegitimate Don John of Austria, whom Chesterton called "The last knight of Europe" (follow this link for more). The Galleys of Lepanto ends with Don John's decisive victory in the battle of Lepanto which ended Turkish ambitions for the conquest of Europe. The book is also a biography of Don John of Austria and the story of Europe during the Reformation and the last serious threat to Christian domination of Europe. Charles V learned that if Europe, Protestant and Catholic, could not work together, all would be lost to the Turks and their Janissaries. It is a lesson worth remembering.

The movie of the month is Talledega Nights. I warn you that this is a movie I thought I would have paid money not to have to see. My wife insisted that we go as a distraction to the headache attacks I have been experiencing. For the first five minutes of the film it was all I could do to keep myself from walking out. Then I realized that this was an improbable comedy of manners and one of the funniest movies I have ever seen. I will not attempt to describe it to you or explain why it is funny. I will merely say that I enjoyed it immensely and I will be surprised if you don't.

To the extent that there was a game this month, it was World of Warcraft yet again. It works fine under Vista Ultimate. That game is a serious time trap.